21Mar
Getting around a WAF’s restrictions for SQLi
I have this payload: AND SELECT SUBSTR(table_name,1,1) FROM information_schema.tables > 'A'
but a WAF restricts table_name
and information_schema
keywords and gives a not acceptable
message.
Is there is a way to get around this and retrieve table names?
note : already tried table name bruteforcing.