/d/hacking icon


8,682 subscribers

Everything related to hacking, opsec, and programming. Malware, phishing, DDoS, coding, research and news.

Bypassing WAF for SQL injection

by /u/devnu11 · 1 votes · 1 month ago

I will keep it short, My University websites and services they run are mostly shitty.So I am planning to help them structure it, so that I could also learn something by doing the work and most importantly I could spend my time learning something rather than sitting in a class full of boredom. I just could not tolerate it. But for that I need to prove them, someone could exploit it rather than pointing the vulnerability.I tried but I could not exploit anything related to my University. I did a login bypass for a website that my university hired, but it is out of scope.I play beginner level ctf's and I find too hard exploit something in real.I am still learning and I like to spend my time in a productive way.The website they use for viewing grades is vulnerable to SQL injection, but I think there is some kind of WAF dropping my requests, if I try to do it.I spent enumerating every websites related to my University last week and found frontend for accesing Mysql using PhpMyadmin and otherthings like info.php displaying server configuration. I cracked my University Wifi and I could get access to a user level system(running windows 10 pro) in other network.I am not a kid who is trying to change grade in the servers, it will not be useful as they maintain manual records and I don't give shit about grades either. I am more interested learning and solving problems, so please help a brother out here. I know it's not okay to ask someone to do my homework, but I need help. Just point me where to look or explain MO for this kind of projects. I don't hit and run,I will do my best for community.

Comments (0)