Bài liên quan
Today I am going to show you how to bypass Web Application Firewalls ( WAF ). I will demonstrate from the Simpliest and most Basic Techniques to the Most Advanced ones!
NOTE: If you don’t know SQL Injection, read this first…
What is WAF?
WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections!
Let’s Begin!
How to know if there is a Web Application Firewall?
This is pretty simple! When you try to enter a command used for SQL Injections (usually the “UNION SELECT” command), you get an 403 Error (and the website says “Forbidden” or “Not Acceptable”).
Example:
Example:
Basic/Simple Methods:
First, of course, we need to know the Basic Methods to bypass WAF…
1) Comments:
You can use comments to bypass WAF:
You can use comments to bypass WAF:
However, most WAF identify this method so they still show a “Forbidden” Error…
2) Change the Case of the Letters:
You can also change the Case of the Command:
You can also change the Case of the Command:
However, as before, this trick is also detected by most WAF!
3) Combine the previous Methods:
What you can also do is to combine the previous two methods:
What you can also do is to combine the previous two methods:
This method is not detectable by many Web Application Firewalls!
4) Replaced Keywords:
Some Firewalls remove the “UNION SELECT” Statement when it is found in the URL… We can do this to exploit this function:
4) Replaced Keywords:
Some Firewalls remove the “UNION SELECT” Statement when it is found in the URL… We can do this to exploit this function:
This method doesn’t work on ALL Firewalls, as only some of them remove the “UNION” and the “SELECT” commands when they are detected!
5) Inline Comments:
Some firewalls get bypassed by Inserting Inline Comments between the “Union” and the “Select” Commands:
5) Inline Comments:
Some firewalls get bypassed by Inserting Inline Comments between the “Union” and the “Select” Commands:
I believe that these are the most basic Methods to WAF Bypassing! Let’s move on more advanced ones…
Advanced Methods:
Now that you have learned about Basic WAF Bypassing, I think it is good to understand more advanced Methods!
1) Buffer Overflow / Firewall Crash:
Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow!
Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow!
2) Replace Characters with their HEX Values:
We can replace some characters with their HEX (URL-Encoded) Values.
Example:
We can replace some characters with their HEX (URL-Encoded) Values.
Example:
Text to Hex Encoder (Choose the “Hex Encoded for URL” result!):http://www.swingnote.com/tools/texttohex.php
3) Use other Variables or Commands instead of the common ones for SQLi:
Apart from the “UNION SELECT” other commands might be blocked.
Common Commands Blocked:
Apart from the “UNION SELECT” other commands might be blocked.
Common Commands Blocked:
4) Misc Exploitable Functions:
Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!):
Example:
Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!):
Example:
[+] In addition to the previous example, some other bypasses might be:
Video Tutorial on WAF Bypassing:
(This tutorial was originally created by Akatzbreaker for Hackforums.net. The original Post is here… )
Post a Comment