If you have any questions, contact us:
Telegram:maintex
ICQ:1607000

  #1 Old 08-31-2013, 05:51 PM
Cartographer
 
Cartographer's Avatar
 
Join Date: Aug 2013
Posts: 511
Cartographer is on a distinguished road
Default Bypassing SQLiRFILFI and XSS filters

Okay, so most of you who have hacked a bit sure have noticed that sometimes you get 406 not acceptable... That means they got a filter that looks for hack attepts, this can be done in a php script, packet sniffer, apache, everywhere...

Anyway, the trick to bypass these is upercase-lovercase, becouse A is not the same as a...

A filter might detect words like union, select, all, 1,2,3 in a url or form post... But what about UnIoN? Exactly, if the developer of the filter have not fixed so it compares after both sides have been lovercased or uppercased the site is still vuln..

This goes for xss,rfi,lfi,sql etc etc etc

xss;
<script>awdawdwd

RFI;
HtTP://wWw

LFI;
../../../EtC/PaSsWd <- lfi is a bit tricky to bypass becouse of the ../

SQL;
UnIoN AlL SeLeCt 1 , 2 , 3 , 4

Not mine tutorial
credits to original author "Volume"
Cartographer is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
XSS 101 Cartographer Tutorials 0 08-31-2013 05:53 PM
Xss - faq Cartographer Статьи 0 08-25-2013 10:38 AM
Предназначение XSS атак Cartographer Статьи 0 08-22-2013 09:52 PM


Cybercrime forum, cybercrime site, ,fraud forum, russian fraud forum, Credit cards, carder, infraud, carders.ws, crdpro, fraudsters, darkpro, crdcrew, dumps, cvv, cc, stuff carding, legit seller, vendor, free cvv, dumps+pin, skimmer, ,shimmer, emv software, emv chip writer, free cc+cvv, valid cards, track 2, free cvv, dump pin, dumps, cvv, cc, credit cards, real carding, legit vendor, carder forum, carding tutorial, russian hackers, online cvv shop, track 101, enroll, fullz