EvilZone

Community => General discussion => : p3ng October 30, 2014, 10:11:16 AM

: passby WAF for help
: p3ng October 30, 2014, 10:11:16 AM

A website with boring WAF, can't be injection

anyone interested?
URL:
http://dikee.net/textview.asp?id=663%OA

add %OA can passby one

: Re: passby WAF for help
: Nortcele October 30, 2014, 12:29:09 PM

Is there a reason why?

Besides messing with China...

: Re: passby WAF for help
: 2d8 October 30, 2014, 01:06:09 PM

Most of WAFs are based on signatures, so there are plenty of ways to modify request and bypass them.
e.g.:

:

/?id=1+union+select+1,2,3/* => /?id=1+un/**/ion+sel/**/ect+1,2,3--
/?id=1;select+1,2,3+from+users+where+id=1-- => /?id=1;select+1&id=2,3+from+users+where+id=1--

: Re: passby WAF for help
: p3ng October 30, 2014, 01:18:20 PM

I had tried mang methods,the method u provied isn't available

such as /*!sElecT*/,