sql-inj to bypass akamai

[thegovenor]

during my research I found a payload that used to bypass akamai in order to achieve sql injection: 'XOR(if(now()=sysdate(),sleep(5*5),0))OR'
However, it has been fixed by akamai waf of course and it blocks it.
Can you please share any resources that will help me craft my own payload against Microsoft Access db that is protected by Akamai ?

 

[zLeak3r]

I remember, I did bypass this Akamai with some changing the payload. I don't remember what was my bypass payload.

Try this and if not works, change the parts.
XOR(1)=XOR(SELECT CASE WHEN (1*5!=3) THEN 1 ELSE 2 END)
XOR(SELECT 1/1 CASE WHEN ('1'*5<>3) THEN 1 END)
--

I saw it's MS Access dbms, I suggest you try something that specified to ms access dbms.

 

[russianprince48]

easiest way is to find backend ip

 

[thegovenor]

I remember, I did bypass this Akamai with some changing the payload. I don't remember what was my bypass payload.

Try this and if not works, change the parts.
XOR(1)=XOR(SELECT CASE WHEN (1*5!=3) THEN 1 ELSE 2 END)
XOR(SELECT 1/1 CASE WHEN ('1'*5<>3) THEN 1 END)
--

I saw it's MS Access dbms, I suggest you try something that specified to ms access dbms.

Thank you!