[Owasp-ireland] Flawd: A WAF evasion challenge

Sean O Briain cairdenetwork at gmail.com
Mon Jul 18 11:03:37 EDT 2011

Hi guys,

I asked Fabio for permission prior to posting this on the mailing list.

I'm currently coding a WAF evasion test-bed, to allow people to practice
common waf evasion techniques when attempting to implement SQL Injection.
It's currently still in beta, so there is yet no install script as such -
but I have included a readme file which should take you through the install
procedure effortlessly. It's still a work in progress, so keep that in

You can download the script from here: *
http://seanobriain.com/code/flawd.zip *(PHP/MySQL required)

There are 4 different levels, varying in difficultly from easy to difficult.
The first level is designed for beginners to simply become familiar with SQL
Injection. The later levels implement common filtering techniques at varying

Any feedback is welcome.


Seán "peann" Ó Briain

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. If you are not the intended recipient you are
notified that disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ireland/attachments/20110718/4ad62109/attachment.html 

More information about the Owasp-ireland mailing list