I'm testing for vulnerabilities for a specific site using sqlmap. However, the site has a cloudflare firewall which blocks queries including for example *, ANY or OR. I sort of found a bypass while searching for people who've bypassed it. They basically used different characters for the same output so that the query wouldn't get filtered through the firewall. Does anyone have a .xml file with such payloads or knows a way of bypassing it. Or is my only hope manual testing the payloads.
Asked
Active
Viewed 358 times
0
nonetype
- 1
- 1
-
Your question is too generic. We need more details. – mentallurg Jan 19 '22 at 20:09
-
Since you are mentioning SQLmap, are you using the [`--tamper`](https://github.com/sqlmapproject/sqlmap/wiki/Usage#tamper-injection-data) option ? – Kate Jan 20 '22 at 00:18
1 Answers
1
Every time someone publishes common bypasses those bypasses will be blocked, you would need to find your own bypasses to make it viable long term, which usually means writing your own code to mangle sqlmap payloads or doing manual testing. If you're doing this as a pentest and not bugbounty the normal approach is to ask the vendor to give you direct access to the website so you don't have to deal with their WAF, otherwise the result of the pentest is going to be a measurement of their WAFs efficiency rather than an assessment of their web security posture. Unfortunately SQL injection require certain keywords which makes WAFs somewhat effective at blocking it. If you're looking for more information on bypassing defensive solutions I recently gave a talk on it: https://www.youtube.com/watch?v=v9l3RbV9lW8
wireghoul
- 5,745
- 2
- 17
- 26