- Joined
- 11 yrs. 6 mth. 27 days
- Messages
- 5,381
- Reaction score
- 18,380
- Age
- 45
- Wallet
- 11,590$
- [email protected]
well all know what is WAF (web application firewall) which is used to help block out certian attack queries,
we spend days and days hacking websites mostly with SQLI and sometimes we get across some nasty filters.
so im asking you, wouldnt be more fun to try to make your OWN WAF and try to chellange yourself (and hopefully learn how to master the art of making better filters or also learn how to evade them?)
so i have with me PHP script that i made at work to experiment with WAF on my local server
so this is what the script looks like
Posted Image
what happen when we add single quote?
Posted Image
now lets try some SQL Injection
Posted Image
this is the part where you have to experiment using preg_match (this is the real shit that act as WAF)
Posted Image
you might wana have :-
- local server (with apache, PHP, any SQL server but MySQL is preferred) - just download XAMP if you're on windows
- something to experiment your SQLI attacks on (which why i made the script)
- some simple database (i got a dummy countries sql file that you can import to your local server and get records from)
we spend days and days hacking websites mostly with SQLI and sometimes we get across some nasty filters.
so im asking you, wouldnt be more fun to try to make your OWN WAF and try to chellange yourself (and hopefully learn how to master the art of making better filters or also learn how to evade them?)
so i have with me PHP script that i made at work to experiment with WAF on my local server
so this is what the script looks like
Posted Image
what happen when we add single quote?
Posted Image
now lets try some SQL Injection
Posted Image
this is the part where you have to experiment using preg_match (this is the real shit that act as WAF)
Posted Image
you might wana have :-
- local server (with apache, PHP, any SQL server but MySQL is preferred) - just download XAMP if you're on windows
- something to experiment your SQLI attacks on (which why i made the script)
- some simple database (i got a dummy countries sql file that you can import to your local server and get records from)
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding