 
Join Date: Aug 2013
Posts: 567
 |
Bypassing SQLiRFILFI and XSS filters
Okay, so most of you who have hacked a bit sure have noticed that sometimes you get 406 not acceptable... That means they got a filter that looks for hack attepts, this can be done in a php script, packet sniffer, apache, everywhere...
Anyway, the trick to bypass these is upercase-lovercase, becouse A is not the same as a... A filter might detect words like union, select, all, 1,2,3 in a url or form post... But what about UnIoN? Exactly, if the developer of the filter have not fixed so it compares after both sides have been lovercased or uppercased the site is still vuln.. This goes for xss,rfi,lfi,sql etc etc etc xss; <script>awdawdwd RFI; HtTP://wWw LFI; ../../../EtC/PaSsWd <- lfi is a bit tricky to bypass becouse of the ../ SQL; UnIoN AlL SeLeCt 1 , 2 , 3 , 4 Not mine tutorial credits to original author "Volume" |
|
|
 |
«
Previous Thread
|
Next Thread
»
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| XSS 101 | Cartographer | Tutorials | 0 | 08-31-2013 04:53 PM |
| Xss - faq | Cartographer | Статьи | 0 | 08-25-2013 09:38 AM |
| Предназначение XSS атак | Cartographer | Статьи | 0 | 08-22-2013 08:52 PM |