-2

I am trying to bypass a waf, and which keyword can be used to replace FROM in SQL?

neuro
  • 14,948
  • 3
  • 36
  • 59
Nick
  • 26
  • 3
  • 1
    If there would be a replacement keyword for FROM, it would be banned too. It's a security system, they are well aware of SQL syntax I think :-) – Ferit Jan 05 '16 at 05:23

1 Answers1

3

FROM keyword specifies from which DB object (table, view, function etc) you want to fetch data and so there is no such replacement present.

So the simple and straight answer is NO

Rahul
  • 76,197
  • 13
  • 71
  • 125
  • Thanks,another question, keyword "From" is banned. I have tried Base64 Encode,URL Encode,HexEncode,And DO NOT WORK! But "fro$m" or "f$rom" is ok. So,is there any character i can use to insert into "from",and the DBMS(MS SQL Server) can still recognize it ! – Nick Jan 08 '16 at 01:08
  • @Nick, not sure what you are trying to achieve but again the answer is *NO*. Those are security holes and you can't bypass them by any means. If you try to insert a different character in between likewise you are saying, you are assured to get a compilation error. – Rahul Jan 08 '16 at 04:46
  • Thanks Again.I am trying to bypass a web application firewall .The WAF will give a warning when it detects any SQL syntax in the URL.So I am trying to find any possible changing or encode can be used for SQL syntax and after changing or encode the DBMS can still execute successfully. – Nick Jan 08 '16 at 06:19