From fac863c3efc96282cbb238e20bfa70fb217e1659 Mon Sep 17 00:00:00 2001 From: noamiscool Date: Thu, 8 Dec 2022 23:13:37 +0000 Subject: [PATCH] added a link for WAF evasion technique blog --- tamper/json_waf_bypass_mysql.py | 4 ++++ tamper/json_waf_bypass_postgres.py | 4 ++++ tamper/json_waf_bypass_sqlite.py | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/tamper/json_waf_bypass_mysql.py b/tamper/json_waf_bypass_mysql.py index e0fcca576..24fef8131 100644 --- a/tamper/json_waf_bypass_mysql.py +++ b/tamper/json_waf_bypass_mysql.py @@ -95,6 +95,10 @@ def generate_random_payload(): def tamper(payload, **kwargs): """ + This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel + WAF bypass, read our blog: + https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf + Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022 https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774 diff --git a/tamper/json_waf_bypass_postgres.py b/tamper/json_waf_bypass_postgres.py index 7db3a5c17..0a735fe3f 100644 --- a/tamper/json_waf_bypass_postgres.py +++ b/tamper/json_waf_bypass_postgres.py @@ -140,6 +140,10 @@ def generate_random_payload(): def tamper(payload, **kwargs): """ + This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel + WAF bypass, read our blog: + https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf + Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022 https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774 diff --git a/tamper/json_waf_bypass_sqlite.py b/tamper/json_waf_bypass_sqlite.py index f36265cd0..ffbab5895 100644 --- a/tamper/json_waf_bypass_sqlite.py +++ b/tamper/json_waf_bypass_sqlite.py @@ -112,6 +112,10 @@ def generate_random_payload(): def tamper(payload, **kwargs): """ + This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel + WAF bypass, read our blog: + https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf + Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022 https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774