Paid Advertising is
ha.ckers sla.cking
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Sqli Injection Bypass
Posted by: veer
Date: August 08, 2014 06:24AM

Hello ...

i have just a doubt please help

suppose we have 11 dynamic pages in a website like as

index.php?id=1 ( page ok )
index.php?id=2 ( page ok )
index.php?id=3 ( page ok )
index.php?id=4 ( page ok )
index.php?id=5 ( page ok )
index.php?id=6 ( page ok )
index.php?id=7 ( page ok )
index.php?id=8 ( page ok )
index.php?id=9 ( page ok )
index.php?id=10 ( page ok )
index.php?id=11 ( page ok )
index.php?id=12 ( Blank page no out put instantly )

security enabled : Mod_Security & comment escaped
mode security bypassed with /*!UNIunionON*/ ALL /*!SEselectLECT*/ but now the page shows same redirecting at single page suppose it 11th page
how can i bypass this security ?

i think injection is Time based Blind
Can i bypass such injections ??

Options: ReplyQuote
Re: Sqli Injection Bypass
Posted by: firestorm
Date: August 10, 2014 04:26AM

Time based blind.. Maybe.
Tell me abt the hosting company or website. I am enlisting bypass methods for different hosting providers and wirewalls. It can be a simple case of multiple firewalls and maybe you got throught mod sec and now you are facing the second firewall. if you find anything interesting mail me : syed[at]syedafzal[dot]in
All the best.

Options: ReplyQuote

Sorry, only registered users may post in this forum.