sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-26 07:59:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added generic JSON WAF bypass

Browse Source
This commit is contained in:
noamiscool 2022-12-13 10:38:00 +00:00
parent fac863c3ef
commit dd240375e3
4 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS.md
View File

@ -789,6 +789,9 @@ x, <deep_freeze(at)mail.ru>
zhouhx, <zhouhx(at)knownsec.com> zhouhx, <zhouhx(at)knownsec.com>
* for contributing a minor patch * for contributing a minor patch
Noam Moshe Claroty Team82
* for contributing WAF scripts json_waf_bypass_postgres.py, json_waf_bypass_sqlite.py, json_waf_bypass_mysql.py
# Organizations # Organizations
Black Hat team, <info(at)blackhat.com> Black Hat team, <info(at)blackhat.com>

10
tamper/json_waf_bypass_mysql.py
View File

@ -95,13 +95,8 @@ def generate_random_payload():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel
WAF bypass, read our blog:
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022 Bypasses generic WAFs using JSON SQL Syntax.
https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
For more details about JSON in MySQL - https://dev.mysql.com/doc/refman/5.7/en/json-function-reference.html For more details about JSON in MySQL - https://dev.mysql.com/doc/refman/5.7/en/json-function-reference.html
Tested against: Tested against:
@ -111,6 +106,9 @@ def tamper(payload, **kwargs):
python3 sqlmap.py <TARGET> --tamper json_waf_bypass_mysql.py python3 sqlmap.py <TARGET> --tamper json_waf_bypass_mysql.py
Notes: Notes:
* References:
* https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
* https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
* Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments * Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments
* JSON techniques were tested againts the following WAF vendors: * JSON techniques were tested againts the following WAF vendors:
* Amazon AWS ELB * Amazon AWS ELB

12
tamper/json_waf_bypass_postgres.py
View File

@ -140,12 +140,8 @@ def generate_random_payload():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel
WAF bypass, read our blog: Bypasses generic WAFs using JSON SQL Syntax.
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022
https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
For more details about JSON in PostgreSQL - https://www.postgresql.org/docs/9.3/functions-json.html For more details about JSON in PostgreSQL - https://www.postgresql.org/docs/9.3/functions-json.html
@ -156,6 +152,10 @@ def tamper(payload, **kwargs):
python3 sqlmap.py <TARGET> --tamper json_waf_bypass_postgres.py python3 sqlmap.py <TARGET> --tamper json_waf_bypass_postgres.py
Notes: Notes:
* References:
* https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
* https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
* Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments * Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments
* JSON techniques were tested againts the following WAF vendors: * JSON techniques were tested againts the following WAF vendors:
* Amazon AWS ELB * Amazon AWS ELB

10
tamper/json_waf_bypass_sqlite.py
View File

@ -112,12 +112,8 @@ def generate_random_payload():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel
WAF bypass, read our blog:
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022 Bypasses generic WAFs using JSON SQL Syntax.
https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
For more details about JSON in SQLite - https://www.sqlite.org/json1.html For more details about JSON in SQLite - https://www.sqlite.org/json1.html
@ -128,6 +124,10 @@ def tamper(payload, **kwargs):
python3 sqlmap.py <TARGET> --tamper json_waf_bypass_sqlite.py python3 sqlmap.py <TARGET> --tamper json_waf_bypass_sqlite.py
Notes: Notes:
* References:
* https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
* https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
* Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments * Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments
* JSON techniques were tested againts the following WAF vendors: * JSON techniques were tested againts the following WAF vendors:
* Amazon AWS ELB * Amazon AWS ELB