Вы сказали WAF?ModSecurity? -- Не смешите)

Discussion in 'Этичный хакинг или пентестинг' started by Mister_Bert0ni, 16 May 2015.

  1. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    190
    Reputations:
    57
    Первоисточиник указал одним постом выше.
     
    #21 Mister_Bert0ni, 18 Mar 2016
    Last edited: 18 Mar 2016
  2. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    я про доки MySQL говорил
     
    _________________________
  3. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    190
    Reputations:
    57
    А какие ж тут доки?Строковое представление символов в MySQL запросе с помощью escape символа.
    Подробнее можно тут почитать:
    Code:
    http://www.mysql.ru/docs/man/String_syntax.html
     
  4. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    829
    Likes Received:
    815
    Reputations:
    90
    по поводу information_schema 9.e.tables = information_schema.tables

    заметил что и такой запрос отрабатывает(пробел между именем бд и таблицей), mysql 5.6

    Code:
    root@000> select 777 from information_schema .tables limit 1;
    +-----+
    | 777 |
    +-----+
    | 777 |
    +-----+
    1 row in set (0.03 sec)
    
     
    _________________________
  5. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    я вот об этом. нигде не расписано, что это и откуда
     
    _________________________
  6. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    да, там много вариантов, НО КРУТО ЗНАТЬ ЧТО ЭТО ТАКОЕ
     
    _________________________
    Mister_Bert0ni and t0ma5 like this.
  7. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    829
    Likes Received:
    815
    Reputations:
    90
    да признаюсь я не понимаю лексикона мускула)
    ходят слухи что уже никто его толком не знает
     
    _________________________
  8. grimnir

    grimnir Members of Antichat

    Joined:
    23 Apr 2012
    Messages:
    1,114
    Likes Received:
    830
    Reputations:
    231
    подниму тему т.к актуально. Автор обходит Sucuri PL 3 ,CF тариф PRO. Полезно как вектор для размышления
    https://www.secjuice.com/web-application-firewall-waf-evasion/
    https://medium.com/secjuice/waf-evasion-techniques-718026d693d8
    https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0
    Bypass a WAF by Positive Technologyhttps://www.ptsecurity.com/upload/corporate/ww-en/download/PT-devteev-CC-WAF-ENG.pdf
     
    _________________________
  9. cat1vo

    cat1vo Level 8

    Joined:
    12 Aug 2009
    Messages:
    375
    Likes Received:
    343
    Reputations:
    99
  10. eminlayer7788

    eminlayer7788 Member

    Joined:
    31 Jul 2015
    Messages:
    202
    Likes Received:
    78
    Reputations:
    8
    dooble likes this.
  11. eminlayer7788

    eminlayer7788 Member

    Joined:
    31 Jul 2015
    Messages:
    202
    Likes Received:
    78
    Reputations:
    8
  12. eminlayer7788

    eminlayer7788 Member

    Joined:
    31 Jul 2015
    Messages:
    202
    Likes Received:
    78
    Reputations:
    8