diff --git a/README.md b/README.md index b5dc2cf..68a783f 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ![Main Logo](images/how-wafs-work.png 'How wafs work') -__A Concise Definition:__ A web application firewall is a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components. *(Source [PCI DSS IS 6.6](https://www.pcisecuritystandards.org/documents/information_supplement_6.6.pdf))* +__A Concise Definition:__ A web application firewall is a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components. *(Source: [PCI DSS IS 6.6](https://www.pcisecuritystandards.org/documents/information_supplement_6.6.pdf))* Feel free to [contribute](CONTRIBUTING.md). @@ -1514,7 +1514,7 @@ Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists: ### Keyword Filter Detection/Bypass -__Example__: SQL Injection +__Case__: SQL Injection ##### • Step 1: __Keywords Filtered__: `and`, `or`, `union` @@ -1578,7 +1578,7 @@ __Standard__: `` __Bypassed__: `` __Standard__: `SELECT * FROM all_tables WHERE OWNER = 'DATABASE_NAME'` -__Bypassed__: `sELecT * FrOM all_tables whERe OwNeR = 'DATABASE_NAME'` +__Bypassed__: `sELecT * FrOM all_tables whERe OWNER = 'DATABASE_NAME'` __2. URL Encoding__ - Encode normal payloads with % encoding/URL encoding. @@ -1597,7 +1597,7 @@ __3. Unicode Encoding__ - You can encode entire/part of the payload for obtaining results. __Standard__: `prompt()` -__Obfuscated__: `pro\u006dpt()` +__Obfuscated__: `\u0070r\u06f\u006dpt()` __Standard__: `../../appusers.txt` __Obfuscated__: `%C0AE%C0AE%C0AF%C0AE%C0AE%C0AFappusers.txt` @@ -1667,11 +1667,15 @@ __Obfuscated__: `