A method that I discovered today in MySQL documentation struck me with its simplicity and the fact that I haven’t noticed it before. Let me describe this method of bypassing WAF.
MySQL servers allow one to use comments of the following type:
/*!sql-code*/ and /*!12345sql-code*/
As can be noticed, SQL code will be executed from the comment in both cases! The latter construction means that \”sql-code\” should be executed only if the DBMS version is later than the given value.
Here is a simple example:
$query = \”SELECT name FROM table where id = \”.$_GET[id];
Well, one more method to our arsenal 🙂