tag:blogger.com,1999:blog-4984553587728477254.post3246445745162391052..comments2023-04-10T03:25:30.651-07:00Comments on Regalado (In) Security: Bypassing WAF via HTTP Parameter PollutionDanuxhttp://www.blogger.com/profile/06729243424924753220noreply@blogger.comBlogger26125tag:blogger.com,1999:blog-4984553587728477254.post-92070327323125908432013-08-18T23:30:47.530-07:002013-08-18T23:30:47.530-07:00very good guide to starting a blog on blogger!
e...very good guide to starting a blog on blogger! <br /> extraordinary explanation ... <br />Thank you very much!<br /> Really this is Very Wonderful blogs & greaat theme......Really Great job!......<br /><br /><br /><a href="http://www.imagetyperz.com/" rel="nofollow"> decaptcha </a><br /><br />decaptcherhttp://imagetyperz.com/noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-32209246523565850062013-08-14T23:56:32.191-07:002013-08-14T23:56:32.191-07:00Wonderful blog... great theme and excellent captch...Wonderful blog... great theme and excellent captchas...<br /><br /><br /><a href="http://www.imagetyperz.com/" rel="nofollow"> captcha solver </a><br />Aniroojhttp://www.imagetyperz.comnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-4445869346248628832013-08-13T06:16:09.408-07:002013-08-13T06:16:09.408-07:00wow!!!
the great blog.the technique of bypassing W...wow!!!<br />the great blog.the technique of bypassing WAF via HTTP parameter is very useful.<br />thanks for sharing the info.<br /><br /><a href="http://www.imagetyperz.com/kill-by-captcha.htm" rel="nofollow">Kill Captcha</a>Anonymoushttps://www.blogger.com/profile/11929395207827564282noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-41931368248657102502013-08-01T23:45:53.283-07:002013-08-01T23:45:53.283-07:00superb.......................its so nice blog........superb.......................its so nice blog.......................................and very very informative........................<br /><br /><a href="http://www.imagetyperz.com/captcha_bypass.htm/" rel="nofollow">captcha bypass service</a>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-35305319860525940392013-07-25T23:10:48.825-07:002013-07-25T23:10:48.825-07:00Wow! ver superb blog!.... and excellent colour the...Wow! ver superb blog!.... and excellent colour theme..... I really useful our captchas WAF via HTTP Parameter information....<br /><br /><br /><a href="http://imagetyperz.com/" rel="nofollow"> captcha solver </a> Arjun sanjaihttp://imagetyperz.com/noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-85067292301880175822013-06-02T22:38:54.628-07:002013-06-02T22:38:54.628-07:00Heya¡my very first comment on your site. ,I have ...Heya¡my very first comment on your site. ,I have been reading your blog for a while and thought I would completely pop in and drop a friendly note. . It is great <br /><br />stuff indeed. I also wanted to ask..is there a way to subscribe to your site via email?<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://www.imagetyperz.com" rel="nofollow">De Bypass</a> suriyasaravana1881@gmail.comhttps://www.blogger.com/profile/01092306503634875610noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-74511596383523021182013-01-05T03:53:31.535-08:002013-01-05T03:53:31.535-08:00went through a lot of this, good post, also to add...went through a lot of this, good post, also to add this is also referred as HTTP Parameter Contamination or HPC.Anonymoushttps://www.blogger.com/profile/09362446916816915963noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-50805628414079224822012-11-26T00:03:24.105-08:002012-11-26T00:03:24.105-08:00Hi, unfortunately I cannot test the site mentioned...Hi, unfortunately I cannot test the site mentioned, but as recommendation, the first step from your end is to fingerprint the WAF and focus your bypass techniques based on that. Since the application is a PHP one, you can duplicate the GET/POST/Cookies parameters as explained in this blog to try to bypass the filter but every Pentest has different security controls (IPS, WAF, etc) in place that you need to identify/play with. Hope this helps.Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-28567803665549865262012-11-24T13:33:43.300-08:002012-11-24T13:33:43.300-08:00Hey Bro I am tring to do the exact thing you descr...Hey Bro I am tring to do the exact thing you described but nothing is happening........here is the link.<br />http://www.cja.org/article.php?id=435<br />can you help me with this..........Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-81194775714830812792012-11-07T13:22:52.951-08:002012-11-07T13:22:52.951-08:00Good post. Did you finger print the WAF? What was ...Good post. Did you finger print the WAF? What was the vendor?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-24421699638823161632012-10-05T09:55:59.798-07:002012-10-05T09:55:59.798-07:00Thanks for sharing c3ret, also if interested, Ivan...Thanks for sharing c3ret, also if interested, Ivan Ristic (modsecurity author) just posted a fresh whitepaper of this topic:<br /><br />Protocol-level evasion of web application firewalls<br />http://blog.ivanristic.com/2012/07/protocol-level-evasion-of-web-application-firewalls.htmlDanuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-16427908917829566052012-10-05T02:30:29.346-07:002012-10-05T02:30:29.346-07:00You also can use HTTP Headers Pollution for web ap...You also can use HTTP Headers Pollution for web application firewall bypassing - in some cases, but mostly for bypassing security restriction measures of web server - https://c3ret.wordpress.com/2012/02/27/http-headers-pollution-server-output-pollution-2/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-82505054371023152342012-10-05T00:54:02.013-07:002012-10-05T00:54:02.013-07:00Good postGood postsatish bhttp://www.securitylearn.netnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-75225142332372325502012-10-04T10:44:45.716-07:002012-10-04T10:44:45.716-07:00It is not a modern WAF, and you are right, the mod...It is not a modern WAF, and you are right, the modern ones should protect against HPP. Keep in mind this was a challenge from CSAW where the target audience are students, so the purpose is to teach how WAF and Web attacks works.Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-36447258864344540262012-10-04T03:04:25.096-07:002012-10-04T03:04:25.096-07:00which WAF was it? modern WAFs are resilient to HPP...which WAF was it? modern WAFs are resilient to HPP...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-41314565112819006442012-10-03T22:49:25.130-07:002012-10-03T22:49:25.130-07:00Hi Shubham, definitely you can do it with any othe...Hi Shubham, definitely you can do it with any other interceptor like web proxies.Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-25801483404897274062012-10-03T22:47:56.532-07:002012-10-03T22:47:56.532-07:00Hi Digininja, no I do not know another table but I...Hi Digininja, no I do not know another table but I would recommend to develop custom scripts to test HPP Attacks based on each framework since WebInspect (at least) and possibly others do not perform this kind of test.Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-90631265572364377072012-10-03T21:31:38.658-07:002012-10-03T21:31:38.658-07:00Nice post..
JUst wanted to kno, we can also chan...Nice post.. <br /><br />JUst wanted to kno, we can also change the request from any Interceptor too? instead of using any cookie manipulating addons?Shubham Mittalhttps://www.blogger.com/profile/16532487601818259817noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-17326189088094620412012-10-03T14:26:25.427-07:002012-10-03T14:26:25.427-07:00Do you know of a table similar to the one you incl...Do you know of a table similar to the one you included which covers common WAFs? That way if you know the WAF and the platform/language then you just line up the rows to know how to bypass it.Digininjahttps://www.blogger.com/profile/18074871266223305762noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-33831323951521494092012-10-03T13:37:15.466-07:002012-10-03T13:37:15.466-07:00Hi Franklin, by changing the password, the Admin w...Hi Franklin, by changing the password, the Admin will realize his account has been hacked and will try to remove the SQLi bug to prevent more unauthorized access. But by stealing the cookie, you can always impersonate the Admin user even if he changes his password. What you can definitely do is to try to crack his password based on the encrypted one found but that would be an offline effort. My 2 cents.Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-41891953385320832232012-10-03T13:23:21.951-07:002012-10-03T13:23:21.951-07:00Instead of using the cookies i would use a passwor...Instead of using the cookies i would use a password update updating the encripted pwd of the admin user with my own.Franklinhttps://www.blogger.com/profile/11103044806359802305noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-36560742649250391252012-10-03T10:19:10.511-07:002012-10-03T10:19:10.511-07:00Hi Razor, the creator of Web 300 had a bug in his ...Hi Razor, the creator of Web 300 had a bug in his WAF filter which was allowing everyone to easily inject SQLi successfully, and therefore he patched it by Saturday which makes it more difficult to exploit. The whole explanation of this, can be found here:<br />http://isisblogs.poly.edu/2012/09/30/csaw-ctf-horseforce-writeup/<br /><br />Unfortunately I played with this challenge after the WAF filter was patched :-(Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-42732015358727013402012-10-03T10:14:01.161-07:002012-10-03T10:14:01.161-07:00nope that was an error and they later fixed it
the...nope that was an error and they later fixed it<br />the fake WAF got tripped up by the =<br /><br />i also solved it your way minus the long commentAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-3706190778103345702012-10-03T07:38:17.624-07:002012-10-03T07:38:17.624-07:00Very interesting, thanks for sharing.Very interesting, thanks for sharing.Andrea Zwirnernoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-83644195647186233282012-10-03T06:47:44.642-07:002012-10-03T06:47:44.642-07:00I'm curious if this was an intended way to sol...I'm curious if this was an intended way to solve this task, because my solution was different:<br /><br />128.238.66.217/horse.php?id=1+or+1=1/*aaaaaaaaaaaa[lots of]aaaaaaaaaaaaaa*/union+select+... Raz0rhttp://raz0r.namenoreply@blogger.com