07.05.2023
10 min
3363
SQLMap is a powerful tool for automating the discovery and exploitation of vulnerabilities in databases using SQL. In this article, we will look at WAF bypass methods, and also briefly describe the main scripts that help in the testing process.
Inserts a BETWEEN operator into a query to change its appearance and bypass standard filtering signatures.
Encodes the entire SQL query into Base64 format, which allows you to hide its true structure from security systems.
Changes UNION ALL to UNION, which allows you to bypass filters aimed at detecting combined queries.
Replaces spaces in SQL comments to bypass filters, used to avoid WAF detection by changing the standard query structure.
Changes the character case in SQL queries to random, which helps to bypass syntax-oriented filtering systems.
Replaces recursive queries with non-recursive counterparts, which allows you to hide the complex logic of SQL queries from security filters.
Encodes SQL query characters into numeric representations, making it difficult for security filters to parse the query.
Changes the “=” operator to “LIKE”, which helps avoid injection detection while maintaining the correctness of the query.
Appends a null byte to the end of the query to bypass SQL syntax checking systems.
Replaces whitespace with the “#” character to avoid whitespace filtering in SQL queries.
Doubles character encoding in requests, making injection more difficult to detect.
Removes commas from LIMIT queries, changing their structure to avoid filtering.
Adds unnecessary keywords to queries, increasing their complexity and hiding the true essence.
Changes the query structure to bypass ModSecurity rules by filtering queries based on database versions.
Encodes requests into the extra long UTF-8 format, which helps bypass filtering at the encoding level.
Adds versions to keywords in a query, making it harder for filters to parse.
Changes SQL queries to non-recursive versions, which can help avoid detection of complex queries by security systems.
Replaces spaces with dashes, which changes the structure of the query and helps avoid detection.
Replaces spaces in SQL queries with comments to bypass filters that check for spaces in queries.
Disclaimer: This article is prepared solely for the purpose of raising awareness and protection against cyber threats. All information is provided for legal and ethical use to help users and companies protect their systems and data from potential attacks. The use of this knowledge should only take place within the legal framework for the purpose of increasing security.
