Pages: [1]

Author Topic: Blind SQL with WAF  (Read 449 times)

0 Members and 1 Guest are viewing this topic.

Offline pl4f0rd

  • Serf
  • *
  • Posts: 20
  • Cookies: -1
    • View Profile
    • Hacking With Backtrack
Blind SQL with WAF
« on: December 24, 2014, 01:53:30 pm »
Hi guys, I came across this application which is using a WAF on certain strings and has some preg_match and preg_replace functions.

Anyway I have managed to get some results although very simple, instead of the usual ' or 1=1 -- i am using the following (1)or(1)=(1) which returns 5 pictures, when i change it to (1)or(1)=(2) then I just get the one picture.

How can i increases on this and start to gather database information?  So im struggling to construct and order by or union.

Thanks
Report to moderator   Logged
The greatest lesson in life is to know that even fools are right sometimes

Offline HexEngineer

  • /dev/null
  • *
  • Posts: 12
  • Cookies: 0
    • View Profile
Re: Blind SQL with WAF
« Reply #1 on: January 03, 2015, 08:24:57 pm »
Well it's seems that the WAF is searching for numbers(what for god sake ?!?), you said that you are stick with the "order by" command well did you try [ order by (10)-- ] and [union select (1), (2), version(),(4) ....(9)--].
Report to moderator   Logged
Pages: [1]