SQL Injection Columns Finder @ ISR

Iniciado por c0de.breaker, 8 Junio 2010, 00:00 AM

0 Miembros y 1 Visitante están viendo este tema.

WHK

no have problem
Citar<Script Language='javascript'>
<!--
document.write(unescape('%20%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%54%79%70%65%22%20%63%6F%6E%74%65%6E%74%3D%22%74%65%78%74%2F%68%74%6D%6C%3B%20%63%68%61%72%73%65%74%3D%55%54%46%2D%38%22%3E%0A%3C%6D%65%74%61%20%6E%61%6D%65%3D%22%6B%65%79%77%6F%72%64%73%22%20%63%6F%6E%74%65%6E%74%3D%22%49%6E%53%65%63%75%72%69%74%79%2C%20%49%53%52%2C%20%52%6F%6D%61%6E%69%61%2C%20%45%6E%67%6C%69%73%68%20%42%6F%61%72%64%2C%20%53%65%63%75%72%69%74%79%2C%20%48%61%63%6B%69%6E%67%2C%20%70%65%6E%74%65%73%74%69%6E%67%2C%20%73%6F%63%69%61%6C%20%65%6E%67%69%6E%65%65%72%69%6E%67%2C%20%63%72%61%63%6B%69%6E%67%2C%20%73%70%61%6D%2C%20%63%72%6F%73%73%20%73%69%74%65%20%73%63%72%69%70%74%69%6E%67%20%2C%20%73%71%6C%20%69%6E%6A%65%63%74%69%6F%6E%2C%20%72%65%6D%6F%74%65%20%63%6F%64%65%20%65%78%65%63%75%74%69%6F%6E%2C%20%73%65%73%69%6F%6E%20%66%69%78%61%74%69%6F%6E%2C%20%63%6F%6F%6B%69%65%20%66%6F%72%67%65%72%79%2C%20%58%53%53%2C%20%52%46%49%2C%20%52%43%45%2C%20%4C%46%49%2C%20%53%51%4C%69%2C%20%4D%79%53%51%4C%69%2C%20%4D%53%53%51%4C%69%2C%20%50%6F%73%74%47%72%65%53%51%4C%69%2C%20%4F%72%61%63%6C%65%20%49%6E%6A%65%63%74%69%6F%6E%2C%20%4C%44%41%50%20%49%6E%6A%65%63%74%69%6F%6E%2C%20%53%53%49%2C%20%46%75%6C%6C%20%44%69%73%63%6C%6F%73%75%72%65%2C%20%46%69%6C%65%20%44%69%73%63%6C%6F%73%75%72%65%2C%20%41%46%44%2C%20%41%72%62%69%74%72%61%72%79%20%46%69%6C%65%20%44%6F%77%6E%6C%6F%61%64%20%22%2F%3E%0A%3C%42%4F%44%59%20%42%47%43%4F%4C%4F%52%3D%22%62%6C%61%63%6B%22%3E%0A%3C%62%6F%64%79%20%73%74%79%6C%65%3D%22%62%61%63%6B%67%72%6F%75%6E%64%2D%69%6D%61%67%65%3A%20%75%72%6C%28%68%74%74%70%3A%2F%2F%69%31%30%30%34%2E%70%68%6F%74%6F%62%75%63%6B%65%74%2E%63%6F%6D%2F%61%6C%62%75%6D%73%2F%61%66%31%36%33%2F%69%6D%6E%75%31%31%2F%6F%70%65%6E%62%67%2E%67%69%66%29%3B%20%62%61%63%6B%67%72%6F%75%6E%64%2D%72%65%70%65%61%74%3A%20%72%65%70%65%61%74%3B%22%20%6C%69%6E%6B%3D%22%77%68%69%74%65%22%20%61%6C%69%6E%6B%3D%22%77%68%69%74%65%22%20%76%6C%69%6E%6B%3D%22%77%68%69%74%65%22%3E%0A%3C%54%49%54%4C%45%3E%20%49%53%52%20%2D%20%52%6F%6D%61%6E%69%61%6E%20%53%65%63%75%72%69%74%79%20%26%20%48%61%63%6B%69%6E%67%20%42%6F%61%72%64%20%3C%2F%54%49%54%4C%45%3E%0A%3C%62%6F%64%79%20%6F%6E%63%6F%6E%74%65%78%74%6D%65%6E%75%3D%22%72%65%74%75%72%6E%20%66%61%6C%73%65%3B%22%3E%0A%3C%44%49%56%20%61%6C%69%67%6E%3D%63%65%6E%74%65%72%3E%3C%62%72%3E%3C%53%50%41%4E%20%73%74%79%6C%65%3D%22%46%49%4C%54%45%52%3A%20%62%6C%75%72%28%61%64%64%3D%31%2C%64%69%72%65%63%74%69%6F%6E%3D%32%37%30%2C%73%74%72%65%6E%67%74%68%3D%33%30%29%3B%20%48%45%49%47%48%54%3A%20%33%30%70%78%22%3E%0A%3C%50%3E%3C%46%4F%4E%54%20%63%6C%61%73%73%3D%77%73%33%36%20%66%61%63%65%3D%57%69%6E%67%64%69%6E%67%73%20%63%6F%6C%6F%72%3D%23%63%30%63%30%63%30%20%73%69%7A%65%3D%33%3E%0A%3C%74%61%62%6C%65%20%73%74%79%6C%65%3D%22%62%6F%72%64%65%72%2D%77%69%64%74%68%3A%20%31%70%78%3B%22%20%68%65%69%67%68%74%3D%22%34%30%30%22%20%77%69%64%74%68%3D%22%36%35%25%22%20%62%67%63%6F%6C%6F%72%3D%22%23%30%30%30%30%30%30%22%20%62%6F%72%64%65%72%3D%22%31%22%20%62%6F%72%64%65%72%63%6F%6C%6F%72%3D%22%23%35%36%35%30%35%31%22%3E%0A%3C%74%62%6F%64%79%3E%3C%74%72%3E%3C%74%64%20%73%74%79%6C%65%3D%22%62%6F%72%64%65%72%2D%73%74%79%6C%65%3A%20%6E%6F%6E%65%3B%20%62%6F%72%64%65%72%2D%77%69%64%74%68%3A%20%6D%65%64%69%75%6D%3B%22%3E%0A%3C%70%20%61%6C%69%67%6E%3D%22%63%65%6E%74%65%72%22%3E%20%3C%62%72%3E%3C%69%6D%67%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%6D%67%32%35%37%2E%69%6D%61%67%65%73%68%61%63%6B%2E%75%73%2F%69%6D%67%32%35%37%2F%33%37%33%33%2F%37%37%38%32%32%36%38%37%2E%70%6E%67%22%3E%3C%62%72%3E%0A%3C%66%6F%6E%74%20%63%6F%6C%6F%72%3D%22%23%37%33%36%46%36%45%22%20%66%61%63%65%3D%22%43%6F%75%72%69%65%72%20%4E%65%77%22%20%73%74%79%6C%65%3D%22%74%65%78%74%2D%64%65%63%6F%72%61%74%69%6F%6E%3A%75%6E%64%65%72%6C%69%6E%65%22%3E%5B%69%6E%5D%53%65%63%75%72%69%74%79%2E%52%4F%20%2D%20%5B%50%48%50%5D%20%53%51%4C%20%49%6E%6A%65%63%74%69%6F%6E%20%43%6F%6C%75%6D%6E%20%46%69%6E%64%65%72%3C%2F%66%6F%6E%74%3E%3C%62%72%3E%0A%3C%62%72%3E%3C%46%4F%4E%54%20%66%61%63%65%3D%22%76%65%72%64%61%6E%61%22%20%73%69%7A%65%3D%22%32%22%20%63%6F%6C%6F%72%3D%22%23%63%30%63%30%63%30%22%3E'));
//-->
</Script>

is:

Citar<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="keywords" content="InSecurity, ISR, Romania, English Board, Security, Hacking, pentesting, social engineering, cracking, spam, cross site scripting , sql injection, remote code execution, sesion fixation, cookie forgery, XSS, RFI, RCE, LFI, SQLi, MySQLi, MSSQLi, PostGreSQLi, Oracle Injection, LDAP Injection, SSI, Full Disclosure, File Disclosure, AFD, Arbitrary File Download "/>
<BODY BGCOLOR="black">
<body style="background-image: url(http://i1004.photobucket.com/albums/af163/imnu11/openbg.gif); background-repeat: repeat;" link="white" alink="white" vlink="white">
<TITLE> ISR - Romanian Security & Hacking Board </TITLE>
<body oncontextmenu="return false;">
<DIV align=center><br><SPAN style="FILTER: blur(add=1,direction=270,strength=30); HEIGHT: 30px">
<P><FONT class=ws36 face=Wingdings color=#c0c0c0 size=3>
<table style="border-width: 1px;" height="400" width="65%" bgcolor="#000000" border="1" bordercolor="#565051">
<tbody><tr><td style="border-style: none; border-width: medium;">
<p align="center"> <br><img src="http://img257.imageshack.us/img257/3733/77822687.png"><br>
<font color="#736F6E" face="Courier New" style="text-decoration:underline">[in]Security.RO - [PHP] SQL Injection Column Finder</font><br>
<br><FONT face="verdana" size="2" color="#c0c0c0">

no virus found. find a best antivirus x__x

tragantras

Cita de: c0de.breaker en  8 Junio 2010, 16:01 PM
Cita de: tragantras en  8 Junio 2010, 15:21 PM
or you may do the same in order to speak de apropiate language

I could speak in Romanian, but isn't a international language like English.
Everyone know this language.

The important thing, it's what I posted, not these things! :)

I told you this because i've got tired of spanish people pretending to be smarter speaking in a foreign language... but it's obvious that you're not spanish... so  :rolleyes:

nice job anyway :]
Colaboraciones:
1 2

Fran_Al

im use kaspersky internet security..  :rolleyes:

~ Yoya ~

Mi madre me dijo que estoy destinado a ser pobre toda la vida.
Engineering is the art of balancing the benefits and drawbacks of any approach.

OzX

#14
Molan Los dibujitos.

Hey Dude¡

@recommendations

/* $col127 = array(
    "1",   "2",   "3",   "4",   "5",   "6",   "7",   "8",   "9",   "10",
    "11",  "12",  "13",  "14",  "15",  "16",  "17",  "18",  "19",  "20",
    "21",  "22",  "23",  "24",  "25",  "26",  "27",  "28",  "29",  "30",
    "31",  "32",  "33",  "34",  "35",  "36",  "37",  "38",  "39",  "40",
    "41",  "42",  "43",  "44",  "45",  "46",  "47",  "48",  "49",  "50",
    "51",  "52",  "53",  "54",  "55",  "56",  "57",  "58",  "59",  "60",
    "61",  "62",  "63",  "64",  "65",  "66",  "67",  "68",  "69",  "70",
    "71",  "72",  "73",  "74",  "75",  "76",  "77",  "78",  "79",  "80",
    "81",  "82",  "83",  "84",  "85",  "86",  "87",  "88",  "89",  "90",
    "91",  "92",  "93",  "94",  "95",  "96",  "97",  "98",  "99",  "100",
    "101", "102", "103", "104", "105", "106", "107", "108", "109", "110",
    "111", "112", "113", "114", "115", "116", "117", "118", "119", "120",
    "121", "122", "123", "124", "125", "126", "127",
);
*/
$col127 = array_pop(array_fill(0, 1, range(1,127)));



Does not   work with multiple "querys."
ex : localhost.wow/pagina?id=32&var=32#

nice design, but inefficient. =/
T Shield Rocks¡


c u ¡