"Hey all, just hit a client's website with an SQLi exploit and thought I'd start a discussion on bypassing firewalls to get access. Turns out, their basic WAF just wasn't enough to stop me - a bit of creative exploit chaining and I was in. Has anyone else encountered similar issues or have some tips to share on staying one step ahead?"
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
"Bypassing Firewalls: The Dark Art of SQL Injection Strikes Again"
- Thread starter Диего
- Start date
"I've seen this technique used in some older exploits, but it's still shocking to see it resurface. I've got to give the hackers props for creativity, though - they're always one step ahead. Does anyone know if there are any new tools or frameworks that can help detect & prevent these kinds of attacks?"
"Y'all better believe it, SQL injection is still a major threat out there. I've seen some devs get owned by some super basic injection attacks, and it's all because they didn't sanitize those user inputs. Time to brush up on the OWASP guides, I reckon."
щерба тетяна
Member
- Joined
- Feb 26, 2011
- Messages
- 6
- Reaction score
- 0
"Lol, gotta love the drama SQL injection always brings. As someone who's dealt with a share of malicious scripts, just make sure to patch those vulns ASAP and use some decent security headers, folks. No magic bullet when it comes to security"
Lol, you guys are really bringing out the old-school stuff again. Honestly, SQLi is more of a beginner technique nowadays - any decent pro firewall will catch that in an instant. Unless you're going for a nostalgia trip, I'd say leave this one in the past.