This is a walk-through that shows how to bypass the SQL injection and cross-site scripting rules of the following Web Application Firewalls:
By seeing the process of how I broke the rules of these WAFs, you'll gain the necessary skills to evaluate the security of the rules of any WAF/IDS.
In this post you'll find 4 types of bypasses for each WAF:
- Detection phase (vectors to see if the page is vulnerable to sqli)
- Boolean-based injections
- Blind time-based injections for MySQL, PostgreSQL and MSSQL
- Exploitation phase
- UNION-based injections
- Blind boolean-based injections
Sometimes there are cross-site scripting vectors as well.
At the very end of the post, there is a pseudo-universal SQL injection bypass that works against a great number of multiple WAFs.
If you're having trouble bypassing a firewall (or want to be updated on further posts), reach me out at X @ruben_v_pina or at ruben@nzt-48.org and I'll see if I can break it.
(more…)