Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Type your comment> @nOnOs said:
Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Hi, I have solved it after I notice what to do if I didn’t get any response from the server … what sql injection technique I need to use 
Type your comment> @Drxxx said:
Type your comment> @nOnOs said:
Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Hi, I have solved it after I notice what to do if I didn’t get any response from the server … what sql injection technique I need to use
Hmmm, interesting, but a doubt, how do I know if Waf is blocking my diversion attempts?
Thanks @Drxxx !
A good craftsman has to know his tools first 
Type your comment> @WillBar said:
Type your comment> @Drxxx said:
Type your comment> @nOnOs said:
Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Hi, I have solved it after I notice what to do if I didn’t get any response from the server … what sql injection technique I need to use
Hmmm, interesting, but a doubt, how do I know if Waf is blocking my diversion attempts?
As simple as … Just read the source code
I understand what type of sqli is that and what tool I need to use to automate its exploitation but I’m unable to bypass the ■■■■ waf. If only ’ and ( would be excluded from regexp I’d have no problems. I must be missing something
Type your comment> @Drxxx said:
Type your comment> @WillBar said:
Type your comment> @Drxxx said:
Type your comment> @nOnOs said:
Type your comment> @Drxxx said:
That what I keep doing … I’m able to bypass the WAF but nothing return !!
Same thing on my side. I don’t see how I can get a response.
Hi, I have solved it after I notice what to do if I didn’t get any response from the server … what sql injection technique I need to use
Hmmm, interesting, but a doubt, how do I know if Waf is blocking my diversion attempts?
As simple as … Just read the source code
but all the sql characters are in this filter, I can’t ignore it with comments or using logical operations
maybe you need to think about how to bypass that maybe en**** your payload
I got a breakthrough. I make a connection with server using POST and the technique of Para***** Polu*****.
I’m in the right way?
Okay, I think I managed to bypass the WAF, but I have no clue how to proceed any further regards suitable SQL injection techniques. Maybe I just know too little about it, and the fact that the script suppresses any errors doesn´t make it better.
I just finished the challenge yesterday. You can be disguised as a proxy through a script used by a useful tool for this kind of attack
Solved.
Thank you @tn3k for the tips!
I think I can get past the bouncer by enc*** but then no answer whatever sqli load I try. Am I knocking on the right door?
Edit: s****p helps and poke around the premises.
It took me a while to get there as I am just starting out with these challenges. Special thanks to @flejz for all the help!
do i have to find a username first in order to get a proper output or what ?
Very nice challenge. I did learn not to fully trust automated tools.
The tool you would use already has a script that manipulates the payload, however, it is not recognized as encoding
Great challenge! It took me a while to get a flag but i’ve finally done it. As already mentioned in this topic, the tool you want to use for this already has a suitable script.
Finally I solved it, nice challenge. Its easy to overthink it so my suggestion to those who struggling would be to keep things simple and don’t forget that its 40 points only.
I am really stuck on this one. I Have been trying some of the tools, and just playing around with input in Burp but still cant seem to get anywhere. Any hints?