Wednesday, May 6, 2015

[Quick Guide] C-Style comments(WAF Bypassing queries explenation)

WAf Queries explanation
















Many peoples use cheat-sheets to bypass the Web Application Firewall (WAF) and they don't know why they write /*!union*/ and not a clean union.

So here is a quick explanation: 
This "things"(/*!12345query*/) called C-style comments these allows you to execute MySQL queries in comments.




Some examples && explanations :
PHP Code:

/*!12345union*/ bla bla bla injected query... 

When we execute that, the MySQL server parses our query and it will execute only if the MySQL version is up to 1.23.45 (12345 That's the number we wrote but without the points\dots)

Let's try again to make you understand better :

PHP Code:
/*!50000union*/ bla bla bla injected query... 

It will execute only if the version is up to 5.00.00 (Again, this is the number we wrote if you notice that..50000) in most cases, the query will execute, because most of the MySQL versions is bigger then 5.00.00...it's like 5.20.35 etc.
So what is that ? Confused
PHP Code:
/*!union*/ 
That's says "if the version is up to 0, execute the query."

Let's see what you learned.
Quick quiz :
John tries to bypass the WAF, he tried :


PHP Code:

/*!65432union*/ 

403 error was not appeared, but there was MySQL error...why ?
-----------------------------------------------------------------------------------------------------------------??

TongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongue
Because our version is not up to 6.54.32 Oui
In fact, there is no MySQL version 6.54.32 dumbass Tongue
So far, the highest is 5.6(56000 \ 5.60.00)

References
http://dev.mysql.com/doc/refman/5.1/en/comments.html


Source :: HF

No comments:

Post a Comment