Posts

bipass false positive or unexploitable in sqlmap😈

Image
Many web application firewalls, or WAFs, are easily bypassed by attackers . Learn how to tell if your WAF is vulnerable and how to fix it. Feature image by Lloyd Aloysius on Unsplash.   Web Application Firewalls have become the new security solution for several businesses. Many companies often ignore the actual vulnerabilities and merely rely on the firewall for protection. Regrettably, most, if not all firewalls can be bypassed. In saying this, my post will demonstrate how to use some of SQLMap's new features to bypass WAFs/IDSs. click the paylod and see the information for waf bipass 😈😈 sqlmap -u https://www.exemple.com/endpoint?idEntity=442 -p idEntity  --technique=B --not-string='nameEntity = "";' --proxy=http://localhost:8080   I have recently had the pleasure of working on a few tamper scripts for SQLMap, which can be found in the latest development version from the subversion repository. svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlm...
Post a Comment
Read more

Blind SQL Injection on starbucks.com.gt and WAF Bypass :*

Image
 A Web Application Firewall (WAF) is a security measure designed to protect web applications from various online threats, including SQL injection, cross-site scripting (XSS), and other malicious activities. WAFs analyze incoming web traffic to detect and filter out potentially harmful requests before they reach the web application. readmre... click this paylod and see the information of waf bipass  if(now()=sysdate(),sleep(5),0) ',''),/*test*/%26%26%09sLeEp(5)%09--+   AND if((ascii(lower(substring((select user()),$i,1))))!=$s,1,benchmark(200000,md5(now()))) (sele%0bct(0)from(select(sle%0bep(5)))v)+"*/ Encoding and Obfuscation : Attackers might use encoding or obfuscation techniques to modify the payload of an attack, making it difficult for the WAF to detect the malicious content. This could involve encoding special characters or using different encoding schemes to hide the attack payload. continues... click this paylod and see the information of waf bipass +an...
Post a Comment
Read more

time based sql injection

Image
 Time-based SQL injection is a type of SQL injection attack that relies on sending SQL queries to a database and observing the resulting delay in responses to infer information about the database structure. In a time-based SQL injection attack, an attacker exploits vulnerabilities in a web application's input fields to manipulate SQL queries executed by the database. '%2b(select*from(select(sleep(5)))a)%2b'   readmore ... read ... The attacker injects malicious SQL code into the input fields, such as form fields or URL parameters, to modify the structure or behavior of the SQL query executed by the database server. By analyzing the delay in the server's response to the injected queries, the attacker can infer whether the injected SQL statement is true or false, allowing them to extract information from the database. readmore  ...   For instance, an attacker might use time-based techniques like adding time delays (such as SLEEP() or WAITFOR DELAY ) in SQL ...
Post a Comment
Read more