Re: [sqlmap-users] How to avoid union filter?
Brought to you by:
inquisb
From: Ignacio H. <nac...@gm...> - 2010-04-22 16:21:53
|
Some times you can bypass some bad implemented IDS/WAF who looks for specific words like "union", "select" or "from" like David sais in other ways, for example: http://www.site.com/vuln.php?id=323/**/union/**/all/**/select/**/... (replacing spaces by /**/) or: http://www.site.com/vuln.php?id=323 UnIoN aLl SeLeCt... (randomly uppercase/lowercase key words, some ids/waf only looks for "union" or "UNION" but not for "UnIoN") Also i think the sqlmap developpers are working on more sophisticated bypass techniques. 2010/4/22 David Guimaraes <sk...@gm...> > What type of filter is used? It removes certain words and executes the > query, or simply does not run anything at all? > > I've came across a filter that removed certain words of parameters passed > by users, such as UNION, SELECT, DROP, ALTER, UPDATE, and comments like "--" > or "/*". > > To get around, I used this: > > http://www.site.com/vuln.php?id=323 UN--ION A--LL SELE--CT 1,2,3 FRO--M > table > > The query was filtered 1x and resulted in the following expression: > > http://www.site.com/vuln.php?id=323 UNION ALL SELECT 1,2,3 FROM table > > > Hope this help. =) > > > On Thu, Apr 22, 2010 at 2:01 PM, Pagera <pag...@gm...> wrote: > >> hello >> >> is there anyway to avoid server filter ? like filtering union or select >> in the URL? >> >> coz sqlmap seems doesnt work when there is a filtering >> >> thankx >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > David Gomes Guimarães > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |