mmmm Is it what I guess, there is a rabbit hole ?!
Type your comment> @oldirtykush said:
@drxxx you get this?
Unfortunately not Yet … I’m in loop … from its rate I guess it easy and there is something obvious I cant see
no rabbit holes. just read the code and see if there is a way to bypass the protection.
Type your comment> @daverules said:
no rabbit holes. just read the code and see if there is a way to bypass the protection.
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Hi, any hint? “unset” is the right path or I have to study in deep classic waf bypass techniques? Thanks:)
@J4c said:
Hi, any hint? “unset” is the right path or I have to study in deep classic waf bypass techniques? Thanks:)
There is a risk of overthinking on this one. You can try various things, see if you can get a different response to different requests then, if there is, you can use a tool (s****p) to automate it.
I found it was very, very, very, very slow though. There may be faster approaches.
Type your comment> @daverules said:
no rabbit holes. just read the code and see if there is a way to bypass the protection.
Thank you a lot, it was so obvious as I said
@J4c said:
Hi, any hint? “unset” is the right path or I have to study in deep classic waf bypass techniques? Thanks:)
No … take it as simple as … do not overthinking as @TazWake said, overthinking killed my yesterday … even I found that I have all thing in my hands.
so… slow… i didn’t have to do this in ages ?
good challenge learned a lot
I’m trying to 2 days… I know that it’s waf bypass, but really I’m too lost someone give me a light?!!
And, I also know that there function waf() block some characters, so I my attempts were something like, //!comand//!comand
Hey, also stuck on this one. But a bit further ahead of WillBar I think.
I understand the code, and what gets given to the php functions from the request.
@WillBar : notice that the WAF function returns a : json_decode($s) . and then what gets passed to the query function is not the original value of the request …
what I’m struggling is what to send as a value of the attribute of the object I’m posting. tried s****p to try to get something going , but no luck… possibly not using it right. Any hints?
Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Type your comment> @nOnOs said:
Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Hi, I have solved it after I notice what to do if I didn’t get any response from the server … what sql injection technique I need to use
Type your comment> @Drxxx said:
Type your comment> @nOnOs said:
Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Hi, I have solved it after I notice what to do if I didn’t get any response from the server … what sql injection technique I need to use
Hmmm, interesting, but a doubt, how do I know if Waf is blocking my diversion attempts?
Type your comment> @WillBar said:
Type your comment> @Drxxx said:
Type your comment> @nOnOs said:
Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Hi, I have solved it after I notice what to do if I didn’t get any response from the server … what sql injection technique I need to use
Hmmm, interesting, but a doubt, how do I know if Waf is blocking my diversion attempts?
As simple as … Just read the source code