Advance SQL-Injection bypass WAF
hello …..ninja hatori is back again by sharing a tutorial about tricks about SQL-Injection again, yeah, as you know that SQL injection is a type of hacking action on computer security where an attacker can get access to the database in the system. Now surely you have ever been when you wanted to take table_name on the website but it was blocked because information_schema got a full block or waff, it was very annoying right ?
Okay, maybe you often use a payload that you get from the internet, but sometimes you don’t know when the time is right in using the payload.
Case 1: This is the most commonly used technique which is when we cannot inject because the system blocks queries such as orders by, group by, union select etc, Bypass: use the payload inserted with character / ** / or the like
Case 2: Teknik Berikutnya disebut dengan Buffer Overflow yaitu teknik menyisipkan payload agar firewall terjadi crash dan akhirnya payload tereksekusi.
Case 3: This technique is used by encoding the payload into hexa or other forms to trick Firewall.
Case 4: This is the stupid way taught by Xinject by changing the payload using uppercase and lowercase letters. because the firewall only blocks query queries specifically.
Case 5: Null char bypass. null char is a letter character that cannot be read by the system, making the system ignore the character.
Case 6: This technique is called a bypass parameter, used to trick the firewall using parameters that are vulnerability.
Case 7: Bypass Union Select using 1111,2222,3333.