Ваши вопросы по уязвимостям.

Discussion in 'Уязвимости' started by +, 27 Apr 2015.

  1. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    993
    Likes Received:
    1,289
    Reputations:
    43
    подробней пиши
     
  2. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,440
    Likes Received:
    753
    Reputations:
    834
    вытаскивать по одному символу через функцию mid() или substring(), а если конкретней пример, то я бы переделал конструкцию запроса
     
    _________________________
  3. man474019

    man474019 Member

    Joined:
    31 Jul 2015
    Messages:
    237
    Likes Received:
    63
    Reputations:
    1
    hi @BabaDook and @winstrool , thanks for reply

    it's my error-based sql vector, but it cuts one or some symbols in md5 hash in response
    vector:
    Code:
    https://www.site.com/1'*updatexml(1,concat(0x3A,(select(group_concat(pass))from(mdb.login))),1)*'/services/test
    how to resolve the vector to get full 32 symbol md5 hash ?
     
  4. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    993
    Likes Received:
    1,289
    Reputations:
    43
    Я бы убрал бы груп контакт, действитель, еррор вектор не выводит в один запрос длинные пароли, надо использовать функцию
    substring(1,10) дальше substring(11,21) итд
     
  5. man474019

    man474019 Member

    Joined:
    31 Jul 2015
    Messages:
    237
    Likes Received:
    63
    Reputations:
    1
    and can u show me in your variant working vector ?
     
  6. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    993
    Likes Received:
    1,289
    Reputations:
    43
    man474019 likes this.
  7. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    405
    Likes Received:
    37
    Reputations:
    1
    Если есть XSS куках что можно сделать ?
     
  8. LexProm

    LexProm New Member

    Joined:
    Wednesday
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Ничего , разве что как-то заставить юзера прописать руками туда твой скрипт
     
  9. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    143
    Likes Received:
    29
    Reputations:
    1
    да, зарепортить на hackerone
    обычно в нормальных программах это стоит 1000+ уе
     
  10. Gorbachev

    Gorbachev Member

    Joined:
    23 Mar 2017
    Messages:
    204
    Likes Received:
    94
    Reputations:
    42
    Запросят обоснование вектора атаки, а с ним тяжело...
     
  11. man474019

    man474019 Member

    Joined:
    31 Jul 2015
    Messages:
    237
    Likes Received:
    63
    Reputations:
    1
    When web server often downs from many requests, what mechanism you advice for sqlmap using ?
    I used --time-sec=15, but no result
    Thanks

    sqlmap response
    P.S there is no WAF/IPS/IDS
     
  12. winstrool

    winstrool ~~*MasterBlind*~~

    Joined:
    6 Mar 2007
    Messages:
    1,440
    Likes Received:
    753
    Reputations:
    834
    --thread=1 ?
     
    _________________________
  13. man474019

    man474019 Member

    Joined:
    31 Jul 2015
    Messages:
    237
    Likes Received:
    63
    Reputations:
    1
    #2673 man474019, 16 May 2019 at 12:54 PM
    Last edited: 16 May 2019 at 1:38 PM
  14. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    993
    Likes Received:
    1,289
    Reputations:
    43
    С чего вы взяли что должен быть результат. Кроме того что сайт русский, или что-то с кодировкой я не вижу ничего.
     
Loading...