EvilZone
Hacking and Security => Hacking and Security => : pl4f0rd December 24, 2014, 01:53:30 PM
-
Hi guys, I came across this application which is using a WAF on certain strings and has some preg_match and preg_replace functions.
Anyway I have managed to get some results although very simple, instead of the usual ' or 1=1 -- i am using the following (1)or(1)=(1) which returns 5 pictures, when i change it to (1)or(1)=(2) then I just get the one picture.
How can i increases on this and start to gather database information? So im struggling to construct and order by or union.
Thanks
-
Well it's seems that the WAF is searching for numbers(what for god sake ?!?), you said that you are stick with the "order by" command well did you try [ order by (10)-- ] and [union select (1), (2), version(),(4) ....(9)--].