SQLi WAF Bypass Techniques Part 1 - Time-Based Attacks
HTML-код
- Опубликовано: 17 июн 2024
- We will explore the various methods on how you can use a Time-Based SQL injection attack on WAF hardened website. This is part 1 of SQL injection WAF bypasses. If you are interested in Union, Error, or Boolean WAF bypasses, you will see it in part 2:
• SQLi WAF Bypass Techni...
---
Patreon: ott3rly.com/patreon
Twitter: ott3rly.com/twitter
Discord: ott3rly.com/discord
Get a $200, 60-day credit for DigitalOcean: ott3rly.com/do
NordVPN: ott3rly.com/NordVPN
Domain: ott3rly.com/123-reg-co-uk
Disclaimer: This channel is strictly educational for learning about ethical hacking and penetration testing so that we can protect ourselves against real hackers. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment.
#bugbounty #ethicalhacking #infosec #cybersecurity #itsecurity - Наука
Thanks, Boss.
👌💉♥️🔥💫💥💢💯🥇👍✅️✔️🤝
Please, if possible, cover these important topics.
1. How to discover hidden subdomains of subdomains.
2. How to delete out of scope and dead Subdomains.
3. How to crawl all subdomains to discover hidden endpoints and parameters to pipe them in SQLMAP and GHAURI.
4. How to bypass WAF using SQLMAP and GHAURI.
5. How to try time based blind SQL injection 💉 using http request headers.
6. How to write custom http request headers for XOR encoded time based blind SQL injection 💉.
7. How find website origin IP ❤
Thanks, Boss, 👌💯✅️✔️🔥♥️✌️🤝✈️❤️
Best part is live waf bypass.
Share a video on live web app to look for Boolean SQLi.
Thanks for the suggestions. I will think about it ;)
Nice
This is another great video, i am really want to be your student all time ❤
Wow, thank you!
Awesome explanation with Live Practical🔥
Man you're the best
Thanks!
Good
Thanks
Let's GOOOOO!
can you show us how did you set up that WAF lab ! and thanks for the amazing video :)
Good idea, I might do this in the future.
Bro recon part 2
Next week. Be patient ;)
Bro, can you make a video about your browser extensions and their use, looks some nice extensions are there.
Not sure about separate video, but I could mention this on following live video ;)
@@Ott3rly 😎
Part2 link ? Please. Thanks 🎉❤💢💯🥇👌💉♥️✅️🔥✔️💫🤝💥❤️
Will add that to description soon
Is this a step for beginners?
Yes
Any tool for automatic temper check?
There are multiple ones on Github, but to be honest they haven't worked me that much that I would be 100% comfortable to recommend one.
Atlas. It can suggest the best tamper script to bypass specific WAF. Thanks
keep them nuggets comin' (^///^)(^///^)
Broh idor topic
I might do some CTFs in the future and explain how to hunt those ;)