| SQL injection - Archaelogical Institute of America | # |
| Další příklad na SQL inj. Ale má to drobný háček, je to MySQL verze 4.0.25-log
[link]
(odpovědět) | | DragonBehemont | 213.194.252.* | 20.1.2009 20:24 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| ta stara verze MySQL bude asi tim, ze je to archeologicky institut =)
(odpovědět) | Emkei |  |  |  | 20.1.2009 21:04 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| Vypadá to tak... akorát se přiznák, že mě nenapadá nějaký jednoduchý způsob, jak se tam dostat, když tato verze nepodporuje information_schema ... leda se pokusit uhádnout názvy tabulek a sloupců.
(odpovědět) | |
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| ještě menší pokus, ale vyšel :-)
[link]
(odpovědět) | |
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| napr.:
meno: kmullen
heslo: naccu
:)
(odpovědět) | | biguard | 195.49.190.* | 21.1.2009 9:17 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| A na to si prisel jak?? to by me vazne zajimalo... leda...
(odpovědět) | |
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| tabulka: user,
stlpec: username,password,email
(odpovědět) | | bitguard | 67.159.56.* | 21.1.2009 11:45 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| Jo, to je fajn, akorát, jak jsi přišel na strukturu databaze? To jsi to ciste hadal a nebo je nejaky zpusob i pro databaze, ktere maji starsi verzi MySQL?
(odpovědět) | |
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| jo a je to slackware 9.0, takze to dava slusny predpoklad, ze prvy, kto sa tam dostane cez ssh, moze ziskat roota cez vmsplice exploit. samozrejme pokial to nie je opatchovane... :D
(odpovědět) | | bitguard | 67.159.56.* | 21.1.2009 9:26 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| takze oprava, bezi tam jadro Linux 2.6.24.5-grsec :D
(odpovědět) | | bitguard | 67.159.47.* | 21.1.2009 9:30 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| Databases:
advunl
aeroic
afactor
aia
aim2
amatones
amvaircr
amyworld
andrewst
artxpres
atlasc
avatar
awipf
baldu
bfavre
bgbc
bglover
bicklaw
bigbig2
blue_owl
bmoody
books2
build1
cargo1
carril
centuryd
cerp
chiro1
coin
conklins
contemp
counsell
coven
creators
dano1
davem
debmoses
deeran
delessio
democlub
denicola
diffaud
dinamael
djhobby
djrock
dprime
duncan1
duncan2
dvd
eadavis
ebalog2
ecn
efaqs
elinweb
em3sys
emccom
eri
ewertdot
festive1
freedma
freedomp
freeman1
geneer
gngorg
goettsch
govindam
gravier
greatsex
gregory
(odpovědět) | | xaxaxa | 193.200.150.* | 21.1.2009 14:19 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| grjammin
grsm
haebc
hamlet
handylab
hawk357
hedbangr
hei01
hemion
homespun
honoring
iclab
imagesco
imarvel
in8id
jazna
jbm
jdacaree
jesserem
jgphotos
jhalder
jmgii
johnr
jrand
kesign
kiffmeme
kjips
lbacaorg
lbrader
lbrspec
lmike01
mabus2
mandell
marypat
mathias
matilipr
meklaw
mhollin1
milmark
miniq
mlaredo
mochel
monitor1
mornitro
mrusoff
mslash
mysql
naam
newdawn
nextgen
ngineboy
obd-2
otg
paulumz
pbiondo
pict2tv
plaza02
pmassll
pph
premier1
premier5
prisk
prolaw
ptuckfie
pway123
qclogic
quinthar
report
rficklin
robertsd
rockrvr
rog3
rog4
roscaf
roses9
royk2
rs
samrolfe
sarahcm
sbulloch
scge
shambha
shawn711
sheela
sitekpro
socialfi
ssilink
starchil
stilton
stjames1
strongc
suhamilt
supers
taltec
tch
tealsqua
test
theta
tinman
tvrader
umc4ime
vendynam
venture6
vgoffice
vineyrd6
weby2
wench
whitsitt
willdorf
wkunz
x
yahoo
(odpovědět) | | xaxaxa | 193.200.150.* | 21.1.2009 14:20 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| Tables:
abs2005_bu
abstracts
abstracts_2004
abstracts_2004_migrate
abstracts_2005
abstracts_2005_prelim
abstracts_2006_prelim
abstracts_2007_prelim
abstracts_2008_prelim
abstracts_archive
abstracts_archive2009
abstracts_archive_bu
abstractsubmissions2006
abstractsubmissions2006_bu
abstractsubmissions2007
abstractsubmissions2007_bu
abstractsubmissions2008
abstractsubmissions2008_bu
abstractsubmissions2009
abstractsubmissions2009_bu
abstractsubmissions2009_early
abstractsubmissions2009_final
access
adminlog
adminutil
afob04
afob2007
afob_archive
announcement
archaeologynews
attachment
avatar
backup_abstracts2003
backup_abstracts2004
backup_abstracts2005
bbcode
bibliography_categories
bibliography_refs
calendar_events
conferences
customavatar
daiapp
exhibits
exhibits03
exhibits04
exhibits05
exhibits06
exhibits07
exhibits08
fellowships
fieldschoolapp
forum
forumpermission
grad_aps
grad_aps2008
icon
interest_groups
interest_groups_blog
interest_groups_blog_hold
jobs
lecture_abstracts
lecture_abstracts04
lecture_abstracts05
lecture_abstracts06
lecturer
lecturer03
lecturer04
lecturer05
lecturer06
lecturer07
lectures
lectures03
lectures04
lectures05
lectures06
lectures07
lectures08
lectures09
leftnavcategory
leftnavdata
members
moderator
pamc_2006
pamc_2006_bu
pamc_2007
pamc_2007_bu
pamc_2008
pamc_2008_bu
pamc_2009
pamc_2009_bu
pamc_2009_early
pamc_2009_early_bu
pamc_2009_users
pc_abstracts2004
pc_abstracts_vote2004
pc_abstracts_vote2005
poll
pollvote
post
privatemessage
profilefield
ps_institutions
publications_authors
publications_books
pubsubvention
pubsubvention2005
pubsubvention2006
pubsubvention_test
refs_category
refs_details
refs_subcategory
replacement
replacementset
schedule_2004
schedule_2005
schedule_2006
schedule_2007
schedule_2008
schedule_2009
schedule_2009a
search
searchindex
session
sessions
sessions_2004
sessions_2005
sessions_2005_pamc
sessions_2005v2
sessions_2006
sessions_2006_pamc
sessions_2006_prelim
sessions_2007
sessions_2007_bu
sessions_2007_prelim
sessions_2007_prelim_bu
sessions_2008
sessions_2008_prelim
sessions_2009
sessions_2009_prelim
sessions_2009_prelim_bu
setting
settinggroup
smilie
societies
societies_bu
societies_old
society_events
society_extra
sphider_categories
sphider_keywords
sphider_link_keyword
sphider_links
sphider_pending
sphider_query_log
sphider_site_category
sphider_sites
sphider_temp
style
subscribeforum
subscribethread
survey_2002
survey_2006
template
templateset
thread
threadrate
tour_leaders
tours
tours_test
toursnew
user
useractivation
userfield
usergroup
usertitle
webinfo
word
zen_address_book
zen_address_format
zen_admin
zen_admin_activity_log
zen_authorizenet
zen_banners
zen_banners_history
zen_categories
zen_categories_description
zen_configuration
zen_configuration_group
zen_counter
zen_counter_history
zen_countries
zen_coupon_email_track
zen_coupon_gv_customer
zen_coupon_gv_queue
zen_coupon_redeem_track
zen_coupon_restrict
zen_coupons
zen_coupons_description
zen_currencies
zen_customers
zen_customers_basket
zen_customers_basket_attributes
zen_customers_info
zen_customers_wishlist
zen_db_cache
zen_email_archive
zen_ezpages
zen_featured
zen_files_uploaded
zen_geo_zones
zen_get_terms_to_filter
zen_group_pricing
zen_languages
zen_layout_boxes
zen_manufacturers
zen_manufacturers_info
zen_media_clips
zen_media_manager
zen_media_to_products
zen_media_types
zen_meta_tags_categories_description
zen_meta_tags_products_description
zen_music_genre
zen_newsletters
zen_nochex_apc_transactions
zen_nochex_sessions
zen_orders
zen_orders_products
zen_orders_products_attributes
zen_orders_products_download
zen_orders_status
zen_orders_status_history
zen_orders_total
zen_paypal
zen_paypal_payment_status
zen_paypal_payment_status_history
zen_paypal_session
zen_paypal_testing
zen_product_music_extra
zen_product_type_layout
zen_product_types
zen_product_types_to_category
zen_products
zen_products_attributes
zen_products_attributes_download
zen_products_description
zen_products_discount_quantity
zen_products_notifications
zen_products_options
zen_products_options_types
zen_products_options_values
zen_products_options_values_to_products_opt
ions
zen_products_to_categories
zen_project_version
zen_project_version_history
zen_query_builder
zen_record_artists
zen_record_artists_info
zen_record_company
zen_record_company_info
zen_reviews
zen_reviews_description
zen_salemaker_sales
zen_sessions
zen_specials
zen_tax_class
zen_tax_rates
zen_template_select
zen_upgrade_exceptions
zen_whos_online
zen_zones
zen_zones_to_geo_zones
(odpovědět) | | xaxaxa | 193.200.150.* | 21.1.2009 14:20 |
|
|
|
| re: SQL injection - Archaelogical Institute of Ame | # |
| Columns FROM user:
userid
usergroupid
username
password
email
styleid
parentemail
coppauser
homepage
icq
aim
yahoo
signature
adminemail
showemail
invisible
usertitle
customtitle
joindate
cookieuser
daysprune
lastvisit
lastactivity
lastpost
posts
timezoneoffset
emailnotification
buddylist
ignorelist
pmfolders
receivepm
emailonpm
pmpopup
avatarid
options
birthday
maxposts
startofweek
ipaddress
referrerid
nosessionhash
inforum
(odpovědět) | | xaxaxa | 193.200.150.* | 21.1.2009 14:21 |
|
|
|
