Hello,
which is the best tamper to bypass this kind of firewall?
KONA Security Solutions (Akamai Technologies)
I'm searching on G, but nothing.
Thanks
Currently none. It is based on ModSecurity and there are no usable tamper scripts for effectively bypass it. You should assess the target manually
This topic is closed, but for those that come afterwards, I recently received this error when pen-testing a site with the KONA Security Solutions WAF.
I haven't been able to enumerate the database names, but using the --common-names switch, I was able to see some of the tables present on the current database.
Sorry, --common-tables and/or --common-columns
Hey @TNierman
Would you elaborate.
I found a Kona firewall which allow the following query and showing blind sqli exisit, but blocking = sign and some other function to extract information.
email=admin'+AND+1=1 -- true (customize page)
email=admin'+AND+1=0 -- normal page
email=admin'+OR+1=1 -- true (customize page)
email=admin'+OR+1=0 -- normal page
email=admin'+HAVING+1=1 -- true (customize page)
email=admin'+OR+1=0 -- normal page
Most helpful comment
Sorry, --common-tables and/or --common-columns